Simplify SinkDocument construction for plugins forbidden by sandbox

Historically, the sandbox flags for a Document were finalized in the
Document constructor. This meant that when a PluginDocument should be
blocked by plugin sandboxing, we constructed the PluginDocument, then
immediately replaced it with a SinkDocument once we detected that we
should have blocked the PluginDocument.

Now that the sandbox flags are finalized in DocumentInit, we can
inspect them before creating the PluginDocument and instead go
straight to constructing the SinkDocument.

Bug: 1029822
Change-Id: Id859fe817cddf81f0e83b8ded53279527c86bcb0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2261094
Commit-Queue: Kentaro Hara <haraken@chromium.org>
Auto-Submit: Nate Chapin <japhet@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#781623}

third_party/blink/renderer/core/dom/document_init.cc

@@ -327,8 +327,7 @@ scoped_refptr<SecurityOrigin> DocumentInit::GetDocumentOrigin() const {
         url_, initiator_origin_.get());
   }
 
-  if ((GetSandboxFlags() & network::mojom::blink::WebSandboxFlags::kOrigin) !=
-      network::mojom::blink::WebSandboxFlags::kNone) {
+  if (IsSandboxed(network::mojom::blink::WebSandboxFlags::kOrigin)) {
     auto sandbox_origin = document_origin->DeriveNewOpaqueOrigin();
 
     // If we're supposed to inherit our security origin from our
@@ -527,6 +526,12 @@ bool DocumentInit::ShouldReuseDOMWindow() const {
       GetDocumentOrigin().get());
 }
 
+bool DocumentInit::IsSandboxed(
+    network::mojom::blink::WebSandboxFlags mask) const {
+  return (GetSandboxFlags() & mask) !=
+         network::mojom::blink::WebSandboxFlags::kNone;
+}
+
 Document* DocumentInit::CreateDocument() const {
 #if DCHECK_IS_ON()
   DCHECK(document_loader_ || execution_context_ || for_test_);
@@ -539,16 +544,9 @@ Document* DocumentInit::CreateDocument() const {
     case Type::kImage:
       return MakeGarbageCollected<ImageDocument>(*this);
     case Type::kPlugin: {
-      Document* document = MakeGarbageCollected<PluginDocument>(*this);
-      // TODO(crbug.com/1029822): Final sandbox flags are calculated during
-      // document construction, so we have to construct a PluginDocument then
-      // replace it with a SinkDocument when plugins are sanboxed. If we move
-      // final sandbox flag calcuation earlier, we could construct the
-      // SinkDocument directly.
-      if (document->IsSandboxed(
-              network::mojom::blink::WebSandboxFlags::kPlugins))
-        document = MakeGarbageCollected<SinkDocument>(*this);
-      return document;
+      if (IsSandboxed(network::mojom::blink::WebSandboxFlags::kPlugins))
+        return MakeGarbageCollected<SinkDocument>(*this);
+      return MakeGarbageCollected<PluginDocument>(*this);
     }
     case Type::kMedia:
       return MakeGarbageCollected<MediaDocument>(*this);

third_party/blink/renderer/core/dom/document_init.h

@@ -219,6 +219,8 @@ class CORE_EXPORT DocumentInit final {
   // of its owning Document.
   DocumentLoader* MasterDocumentLoader() const;
 
+  bool IsSandboxed(network::mojom::blink::WebSandboxFlags) const;
+
   static PluginData* GetPluginData(LocalFrame* frame, const KURL& url);
 
   Type type_ = Type::kUnspecified;