NetworkIsolationKeys + PAC scripts PS1: MojoHostResolverImpl.

Make MojoHostResolverImpl take a NetworkIsolationKey and pass it on to
the HostResolver. This doesn't yet have any effect in production, as
MojoHostResolverImpls are always passed empty NetworkIsolationKeys.

Bug: 1021661
Change-Id: If25447e1bb86a1a478badeb89018cc475250c313
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1904346Reviewed-by: Eric Roman <eroman@chromium.org>
Commit-Queue: Matt Menke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#714356}

services/network/mojo_host_resolver_impl.cc

@@ -13,6 +13,7 @@
 #include "net/base/host_port_pair.h"
 #include "net/base/ip_address.h"
 #include "net/base/net_errors.h"
+#include "net/base/network_isolation_key.h"
 #include "net/dns/host_resolver.h"
 #include "net/dns/public/dns_query_type.h"
 
@@ -26,6 +27,7 @@ class MojoHostResolverImpl::Job {
   Job(MojoHostResolverImpl* resolver_service,
       net::HostResolver* resolver,
       const std::string& hostname,
+      const net::NetworkIsolationKey& network_isolation_key,
       bool is_ex,
       const net::NetLogWithSource& net_log,
       mojo::PendingRemote<proxy_resolver::mojom::HostResolverRequestClient>
@@ -63,13 +65,14 @@ MojoHostResolverImpl::~MojoHostResolverImpl() {
 
 void MojoHostResolverImpl::Resolve(
     const std::string& hostname,
+    const net::NetworkIsolationKey& network_isolation_key,
     bool is_ex,
     mojo::PendingRemote<proxy_resolver::mojom::HostResolverRequestClient>
         client) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
-  pending_jobs_.emplace_front(this, resolver_, hostname, is_ex, net_log_,
-                              std::move(client));
+  pending_jobs_.emplace_front(this, resolver_, hostname, network_isolation_key,
+                              is_ex, net_log_, std::move(client));
   auto job = pending_jobs_.begin();
   job->set_iter(job);
   job->Start();
@@ -84,6 +87,7 @@ MojoHostResolverImpl::Job::Job(
     MojoHostResolverImpl* resolver_service,
     net::HostResolver* resolver,
     const std::string& hostname,
+    const net::NetworkIsolationKey& network_isolation_key,
     bool is_ex,
     const net::NetLogWithSource& net_log,
     mojo::PendingRemote<proxy_resolver::mojom::HostResolverRequestClient>
@@ -97,8 +101,9 @@ MojoHostResolverImpl::Job::Job(
   net::HostResolver::ResolveHostParameters parameters;
   if (!is_ex)
     parameters.dns_query_type = net::DnsQueryType::A;
-  request_ = resolver->CreateRequest(net::HostPortPair(hostname_, 0), net_log,
-                                     parameters);
+  request_ =
+      resolver->CreateRequest(net::HostPortPair(hostname_, 0),
+                              network_isolation_key, net_log, parameters);
 }
 
 void MojoHostResolverImpl::Job::Start() {

services/network/mojo_host_resolver_impl.h

@@ -18,6 +18,7 @@
 
 namespace net {
 class HostResolver;
+class NetworkIsolationKey;
 }  // namespace net
 
 namespace network {
@@ -40,6 +41,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) MojoHostResolverImpl {
 
   void Resolve(
       const std::string& hostname,
+      const net::NetworkIsolationKey& network_isolation_key,
       bool is_ex,
       mojo::PendingRemote<proxy_resolver::mojom::HostResolverRequestClient>
           client);

services/network/mojo_host_resolver_impl_unittest.cc

@@ -17,10 +17,13 @@
 #include "net/base/address_family.h"
 #include "net/base/ip_address.h"
 #include "net/base/net_errors.h"
+#include "net/base/network_isolation_key.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/test/gtest_util.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
+#include "url/gurl.h"
+#include "url/origin.h"
 
 using net::test::IsError;
 using net::test::IsOk;
@@ -135,8 +138,8 @@ TEST_F(MojoHostResolverImplTest, Resolve) {
       client_remote;
   TestRequestClient client(client_remote.InitWithNewPipeAndPassReceiver());
 
-  resolver_service_->Resolve("example.com", false /* is_ex */,
-                             std::move(client_remote));
+  resolver_service_->Resolve("example.com", net::NetworkIsolationKey(),
+                             false /* is_ex */, std::move(client_remote));
   client.WaitForResult();
 
   EXPECT_THAT(client.error_, IsOk());
@@ -150,8 +153,8 @@ TEST_F(MojoHostResolverImplTest, ResolveSynchronous) {
 
   mock_host_resolver_.set_synchronous_mode(true);
 
-  resolver_service_->Resolve("example.com", false /* is_ex */,
-                             std::move(client_remote));
+  resolver_service_->Resolve("example.com", net::NetworkIsolationKey(),
+                             false /* is_ex */, std::move(client_remote));
   client.WaitForResult();
 
   EXPECT_THAT(client.error_, IsOk());
@@ -168,10 +171,10 @@ TEST_F(MojoHostResolverImplTest, ResolveMultiple) {
 
   mock_host_resolver_.set_ondemand_mode(true);
 
-  resolver_service_->Resolve("example.com", false /* is_ex */,
-                             std::move(client1_remote));
-  resolver_service_->Resolve("chromium.org", false /* is_ex */,
-                             std::move(client2_remote));
+  resolver_service_->Resolve("example.com", net::NetworkIsolationKey(),
+                             false /* is_ex */, std::move(client1_remote));
+  resolver_service_->Resolve("chromium.org", net::NetworkIsolationKey(),
+                             false /* is_ex */, std::move(client2_remote));
   WaitForRequests(2);
   mock_host_resolver_.ResolveAllPending();
 
@@ -194,10 +197,10 @@ TEST_F(MojoHostResolverImplTest, ResolveDuplicate) {
 
   mock_host_resolver_.set_ondemand_mode(true);
 
-  resolver_service_->Resolve("example.com", false /* is_ex */,
-                             std::move(client1_remote));
-  resolver_service_->Resolve("example.com", false /* is_ex */,
-                             std::move(client2_remote));
+  resolver_service_->Resolve("example.com", net::NetworkIsolationKey(),
+                             false /* is_ex */, std::move(client1_remote));
+  resolver_service_->Resolve("example.com", net::NetworkIsolationKey(),
+                             false /* is_ex */, std::move(client2_remote));
   WaitForRequests(2);
   mock_host_resolver_.ResolveAllPending();
 
@@ -215,8 +218,8 @@ TEST_F(MojoHostResolverImplTest, ResolveFailure) {
       client_remote;
   TestRequestClient client(client_remote.InitWithNewPipeAndPassReceiver());
 
-  resolver_service_->Resolve("failure.fail", false /* is_ex */,
-                             std::move(client_remote));
+  resolver_service_->Resolve("failure.fail", net::NetworkIsolationKey(),
+                             false /* is_ex */, std::move(client_remote));
   client.WaitForResult();
 
   EXPECT_THAT(client.error_, IsError(net::ERR_NAME_NOT_RESOLVED));
@@ -228,14 +231,34 @@ TEST_F(MojoHostResolverImplTest, ResolveEx) {
       client_remote;
   TestRequestClient client(client_remote.InitWithNewPipeAndPassReceiver());
 
-  resolver_service_->Resolve("example.com", true /* is_ex */,
-                             std::move(client_remote));
+  resolver_service_->Resolve("example.com", net::NetworkIsolationKey(),
+                             true /* is_ex */, std::move(client_remote));
   client.WaitForResult();
 
   EXPECT_THAT(client.error_, IsOk());
   EXPECT_THAT(client.results_, testing::ElementsAre(kExampleComAddressIpv6));
 }
 
+// Makes sure that the passed in NetworkIsolationKey is passed to the
+// HostResolver.
+TEST_F(MojoHostResolverImplTest, NetworkIsolationKeyUsed) {
+  const url::Origin kOrigin = url::Origin::Create(GURL("https://foo.test/"));
+  const net::NetworkIsolationKey kNetworkIsolationKey(kOrigin, kOrigin);
+
+  mock_host_resolver_.set_ondemand_mode(true);
+
+  mojo::PendingRemote<proxy_resolver::mojom::HostResolverRequestClient>
+      client_remote;
+  TestRequestClient client(client_remote.InitWithNewPipeAndPassReceiver());
+
+  resolver_service_->Resolve("example.com", kNetworkIsolationKey,
+                             false /* is_ex */, std::move(client_remote));
+  base::RunLoop().RunUntilIdle();
+  ASSERT_EQ(1u, mock_host_resolver_.num_resolve());
+  EXPECT_EQ(kNetworkIsolationKey,
+            mock_host_resolver_.last_request_network_isolation_key());
+}
+
 TEST_F(MojoHostResolverImplTest, DestroyClient) {
   mojo::PendingRemote<proxy_resolver::mojom::HostResolverRequestClient>
       client_remote;
@@ -244,8 +267,8 @@ TEST_F(MojoHostResolverImplTest, DestroyClient) {
 
   mock_host_resolver_.set_ondemand_mode(true);
 
-  resolver_service_->Resolve("example.com", false /* is_ex */,
-                             std::move(client_remote));
+  resolver_service_->Resolve("example.com", net::NetworkIsolationKey(),
+                             false /* is_ex */, std::move(client_remote));
   WaitForRequests(1);
 
   client.reset();

services/network/proxy_resolver_factory_mojo.cc

@@ -25,6 +25,7 @@
 #include "net/base/ip_address.h"
 #include "net/base/load_states.h"
 #include "net/base/net_errors.h"
+#include "net/base/network_isolation_key.h"
 #include "net/log/net_log.h"
 #include "net/log/net_log_capture_mode.h"
 #include "net/log/net_log_event_type.h"
@@ -130,7 +131,9 @@ class ClientMixin : public ClientInterface {
           base::BindOnce(&DoMyIpAddressOnWorker, is_ex, std::move(client)));
     } else {
       // Request was for dnsResolve() or dnsResolveEx().
-      host_resolver_.Resolve(hostname, is_ex, std::move(client));
+      // TODO(mmenke): Pass in a NetworkIsolationKey().
+      host_resolver_.Resolve(hostname, net::NetworkIsolationKey(), is_ex,
+                             std::move(client));
     }
   }