AW: add Safe Browsing WebUI

This adds the chrome://safe-browsing/ WebUI page to WebView. This allows WebView to hardcode URLs for testing Safe Browsing. This includes the resources for the basic chrome://safe-browsing page. As part of this, this adds WebUI to WebView for the first time. This contains 2 changes to get things running for our tests: - Changes a DCHECK_EQ in content layer. This assumption doesn't hold for single process, so it crashes tests running in single process mode. - Adds more SandboxedProcessServices for the test shell. No change is needed for the actual WebView apk, because it already has more than enough SandboxedProcessServices (20). The additional resources result in the following APK size increases for the system_webview_google_apk target: - en-US.pak: 6896 -> 6947 (+51 bytes) - resources.pak: 434005 -> 436285 (+2280 bytes) Bug: 709626 Test: run_webview_instrumentation_test_apk -f SafeBrowsingTest#testSafeBrowsingHardcodedUrls Change-Id: Ie312521b323a5ba5ec37f8c44eaa1f0427587e34 Reviewed-on: https://chromium-review.googlesource.com/576404Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Bo Liu <boliu@chromium.org> Commit-Queue: Nate Fischer <ntfschr@chromium.org> Cr-Commit-Position: refs/heads/master@{#488449}

AW: add Safe Browsing WebUI
This adds the chrome://safe-browsing/ WebUI page to WebView. This allows WebView to hardcode URLs for testing Safe Browsing. This includes the resources for the basic chrome://safe-browsing page. As part of this, this adds WebUI to WebView for the first time. This contains 2 changes to get things running for our tests: - Changes a DCHECK_EQ in content layer. This assumption doesn't hold for single process, so it crashes tests running in single process mode. - Adds more SandboxedProcessServices for the test shell. No change is needed for the actual WebView apk, because it already has more than enough SandboxedProcessServices (20). The additional resources result in the following APK size increases for the system_webview_google_apk target: - en-US.pak: 6896 -> 6947 (+51 bytes) - resources.pak: 434005 -> 436285 (+2280 bytes) Bug: 709626 Test: run_webview_instrumentation_test_apk -f SafeBrowsingTest#testSafeBrowsingHardcodedUrls Change-Id: Ie312521b323a5ba5ec37f8c44eaa1f0427587e34 Reviewed-on: https://chromium-review.googlesource.com/576404Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Bo Liu <boliu@chromium.org> Commit-Queue: Nate Fischer <ntfschr@chromium.org> Cr-Commit-Position: refs/heads/master@{#488449}
9e7a7fea · Nate Fischer · Commit Bot · 9ab17245 · 9e7a7fea · 9e7a7fea
Commit 9e7a7fea authored Jul 20, 2017 by Nate Fischer Committed by Commit Bot Jul 20, 2017
9 changed files
--- a/android_webview/BUILD.gn
+++ b/android_webview/BUILD.gn
@@ -532,6 +532,8 @@ source_set("common") {
    "browser/aw_web_contents_delegate.h",
    "browser/aw_web_contents_view_delegate.cc",
    "browser/aw_web_contents_view_delegate.h",
+    "browser/aw_web_ui_controller_factory.cc",
+    "browser/aw_web_ui_controller_factory.h",
    "browser/browser_view_renderer.cc",
    "browser/browser_view_renderer.h",
    "browser/browser_view_renderer_client.h",
@@ -709,6 +711,7 @@ source_set("common") {
    "//components/safe_browsing/common",
    "//components/safe_browsing/renderer:websocket_sb_handshake_throttle",
    "//components/safe_browsing/triggers",
+    "//components/safe_browsing/web_ui",
    "//components/safe_browsing_db:safe_browsing_db_mobile",
    "//components/spellcheck:build_features",
    "//components/supervised_user_error_page",

--- a/android_webview/browser/aw_browser_context.cc
+++ b/android_webview/browser/aw_browser_context.cc
@@ -13,6 +13,7 @@
 #include "android_webview/browser/aw_quota_manager_bridge.h"
 #include "android_webview/browser/aw_resource_context.h"
 #include "android_webview/browser/aw_safe_browsing_whitelist_manager.h"
+#include "android_webview/browser/aw_web_ui_controller_factory.h"
 #include "android_webview/browser/net/aw_url_request_context_getter.h"
 #include "android_webview/common/aw_content_client.h"
 #include "base/base_paths_android.h"
@@ -222,6 +223,9 @@ void AwBrowserContext::PreMainMessageLoopRun() {
      base::MakeUnique<safe_browsing::TriggerManager>(
          safe_browsing_ui_manager_.get());
  safe_browsing_whitelist_manager_ = CreateSafeBrowsingWhitelistManager();
+  content::WebUIControllerFactory::RegisterFactory(
+      AwWebUIControllerFactory::GetInstance());
 }
 void AwBrowserContext::OnWebRestrictionsAuthorityChanged() {

--- a/android_webview/browser/aw_web_ui_controller_factory.cc
+++ b/android_webview/browser/aw_web_ui_controller_factory.cc
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#include "android_webview/browser/aw_web_ui_controller_factory.h"
+#include "components/safe_browsing/web_ui/constants.h"
+#include "components/safe_browsing/web_ui/safe_browsing_ui.h"
+#include "content/public/browser/web_ui.h"
+using content::WebUI;
+using content::WebUIController;
+namespace {
+WebUI::TypeID kSafeBrowsingID = &kSafeBrowsingID;
+// A function for creating a new WebUI. The caller owns the return value, which
+// may be nullptr (for example, if the URL refers to an non-existent extension).
+typedef WebUIController* (*WebUIFactoryFunctionPointer)(WebUI* web_ui,
+                                                        const GURL& url);
+// Template for defining WebUIFactoryFunctionPointer.
+template <class T>
+WebUIController* NewWebUI(WebUI* web_ui, const GURL& url) {
+  return new T(web_ui);
+}
+WebUIFactoryFunctionPointer GetWebUIFactoryFunctionPointer(const GURL& url) {
+  if (url.host() == safe_browsing::kChromeUISafeBrowsingHost) {
+    return &NewWebUI<safe_browsing::SafeBrowsingUI>;
+  }
+  return nullptr;
+}
+WebUI::TypeID GetWebUITypeID(const GURL& url) {
+  if (url.host() == safe_browsing::kChromeUISafeBrowsingHost) {
+    return kSafeBrowsingID;
+  }
+  return WebUI::kNoWebUI;
+}
+}  // namespace
+namespace android_webview {
+// static
+AwWebUIControllerFactory* AwWebUIControllerFactory::GetInstance() {
+  return base::Singleton<AwWebUIControllerFactory>::get();
+}
+AwWebUIControllerFactory::AwWebUIControllerFactory() {}
+AwWebUIControllerFactory::~AwWebUIControllerFactory() {}
+WebUI::TypeID AwWebUIControllerFactory::GetWebUIType(
+    content::BrowserContext* browser_context,
+    const GURL& url) const {
+  return GetWebUITypeID(url);
+}
+bool AwWebUIControllerFactory::UseWebUIForURL(
+    content::BrowserContext* browser_context,
+    const GURL& url) const {
+  return GetWebUIType(browser_context, url) != WebUI::kNoWebUI;
+}
+bool AwWebUIControllerFactory::UseWebUIBindingsForURL(
+    content::BrowserContext* browser_context,
+    const GURL& url) const {
+  return UseWebUIForURL(browser_context, url);
+}
+WebUIController* AwWebUIControllerFactory::CreateWebUIControllerForURL(
+    WebUI* web_ui,
+    const GURL& url) const {
+  WebUIFactoryFunctionPointer function = GetWebUIFactoryFunctionPointer(url);
+  if (!function)
+    return nullptr;
+  return (*function)(web_ui, url);
+}
+}  // namespace android_webview
--- a/android_webview/browser/aw_web_ui_controller_factory.h
+++ b/android_webview/browser/aw_web_ui_controller_factory.h
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#ifndef ANDROID_WEBVIEW_BROWSER_AW_WEB_UI_CONTROLLER_FACTORY_H_
+#define ANDROID_WEBVIEW_BROWSER_AW_WEB_UI_CONTROLLER_FACTORY_H_
+#include "base/macros.h"
+#include "base/memory/singleton.h"
+#include "content/public/browser/web_ui_controller_factory.h"
+namespace android_webview {
+class AwWebUIControllerFactory : public content::WebUIControllerFactory {
+ public:
+  static AwWebUIControllerFactory* GetInstance();
+  // content::WebUIControllerFactory overrides
+  content::WebUI::TypeID GetWebUIType(content::BrowserContext* browser_context,
+                                      const GURL& url) const override;
+  bool UseWebUIForURL(content::BrowserContext* browser_context,
+                      const GURL& url) const override;
+  bool UseWebUIBindingsForURL(content::BrowserContext* browser_context,
+                              const GURL& url) const override;
+  content::WebUIController* CreateWebUIControllerForURL(
+      content::WebUI* web_ui,
+      const GURL& url) const override;
+ private:
+  friend struct base::DefaultSingletonTraits<AwWebUIControllerFactory>;
+  AwWebUIControllerFactory();
+  ~AwWebUIControllerFactory() override;
+  DISALLOW_COPY_AND_ASSIGN(AwWebUIControllerFactory);
+};
+}  // namespace android_webview
+#endif  // ANDROID_WEBVIEW_BROWSER_AW_WEB_UI_CONTROLLER_FACTORY_H_
--- a/android_webview/javatests/src/org/chromium/android_webview/test/SafeBrowsingTest.java
+++ b/android_webview/javatests/src/org/chromium/android_webview/test/SafeBrowsingTest.java
@@ -89,6 +89,10 @@ public class SafeBrowsingTest extends AwTestBase {
    private static final String INTERSTITIAL_PAGE_TITLE = "Security error";
+    // These URLs will be CTS-tested and should not be changed.
+    private static final String WEB_UI_MALWARE_URL = "chrome://safe-browsing/match?type=malware";
+    private static final String WEB_UI_PHISHING_URL = "chrome://safe-browsing/match?type=phishing";
    /**
     * A fake SafeBrowsingApiHandler which treats URLs ending in MALWARE_HTML_PATH as malicious URLs
     * that should be blocked.
@@ -853,4 +857,28 @@ public class SafeBrowsingTest extends AwTestBase {
        loadUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), responseUrl);
        assertTargetPageHasLoaded(MALWARE_PAGE_BACKGROUND_COLOR);
    }
+    @SmallTest
+    @Feature({"AndroidWebView"})
+    @CommandLineFlags.Add(AwSwitches.WEBVIEW_ENABLE_SAFEBROWSING_SUPPORT)
+    public void testSafeBrowsingHardcodedMalwareUrl() throws Throwable {
+        loadGreenPage();
+        int interstitialCount =
+                mWebContentsObserver.getAttachedInterstitialPageHelper().getCallCount();
+        loadUrlAsync(mAwContents, WEB_UI_MALWARE_URL);
+        mWebContentsObserver.getAttachedInterstitialPageHelper().waitForCallback(interstitialCount);
+        waitForInterstitialToLoad();
+    }
+    @SmallTest
+    @Feature({"AndroidWebView"})
+    @CommandLineFlags.Add(AwSwitches.WEBVIEW_ENABLE_SAFEBROWSING_SUPPORT)
+    public void testSafeBrowsingHardcodedPhishingUrl() throws Throwable {
+        loadGreenPage();
+        int interstitialCount =
+                mWebContentsObserver.getAttachedInterstitialPageHelper().getCallCount();
+        loadUrlAsync(mAwContents, WEB_UI_PHISHING_URL);
+        mWebContentsObserver.getAttachedInterstitialPageHelper().waitForCallback(interstitialCount);
+        waitForInterstitialToLoad();
+    }
 }
--- a/android_webview/test/shell/AndroidManifest.xml
+++ b/android_webview/test/shell/AndroidManifest.xml
@@ -44,12 +44,21 @@
        android:authorities="org.chromium.android_webview.test.TestContentProvider" />
    <meta-data android:name="org.chromium.content.browser.SANDBOXED_SERVICES_NAME"
               android:value="org.chromium.content.app.SandboxedProcessService"/>
+    <!-- Some tests require 3 sandboxed services -->
    <meta-data android:name="org.chromium.content.browser.NUM_SANDBOXED_SERVICES"
-               android:value="1"/>
+               android:value="3"/>
    <service android:name="org.chromium.content.app.SandboxedProcessService0"
             android:process=":sandboxed_process0"
             android:isolatedProcess="true"
             android:exported="false" />
+    <service android:name="org.chromium.content.app.SandboxedProcessService1"
+             android:process=":sandboxed_process1"
+             android:isolatedProcess="true"
+             android:exported="false" />
+    <service android:name="org.chromium.content.app.SandboxedProcessService2"
+             android:process=":sandboxed_process2"
+             android:isolatedProcess="true"
+             android:exported="false" />
    <meta-data android:name="org.chromium.content.browser.NUM_PRIVILEGED_SERVICES"
               android:value="0"/>
    <!-- See AwSecondBrowserProcessTest -->

--- a/android_webview/ui/grit_resources_whitelist.txt
+++ b/android_webview/ui/grit_resources_whitelist.txt
@@ -4,3 +4,6 @@ IDR_WEBUI_I18N_TEMPLATE_JS
 IDR_SECURITY_INTERSTITIAL_HTML
 IDR_WEBUI_CSS_TEXT_DEFAULTS
 IDR_SECURITY_INTERSTITIAL_QUIET_HTML
+IDR_SAFE_BROWSING_CSS
+IDR_SAFE_BROWSING_JS
+IDR_SAFE_BROWSING_HTML
--- a/android_webview/ui/grit_strings_whitelist.txt
+++ b/android_webview/ui/grit_strings_whitelist.txt
@@ -22,3 +22,4 @@ IDS_MALWARE_WEBVIEW_HEADING
 IDS_MALWARE_WEBVIEW_EXPLANATION_PARAGRAPH
 IDS_PHISHING_WEBVIEW_HEADING
 IDS_PHISHING_WEBVIEW_EXPLANATION_PARAGRAPH
+IDS_SB_UNDER_CONSTRUCTION
--- a/content/renderer/render_frame_impl.cc
+++ b/content/renderer/render_frame_impl.cc
@@ -6489,7 +6489,16 @@ void RenderFrameImpl::MaybeEnableMojoBindings() {
                ((enabled_bindings_ & kAllBindingsTypes) - 1),
            0);
-  DCHECK_EQ(RenderProcess::current()->GetEnabledBindings(), enabled_bindings_);
+  // In single process, multiple RenderFrames share a RenderProcess. The
+  // RenderProcess's bindings may not be the same as an individual RenderFrame's
+  // bindings. In multiprocess, such RenderFrames are enforced to be in
+  // different RenderProcesses.
+  const base::CommandLine& command_line =
+      *base::CommandLine::ForCurrentProcess();
+  if (!command_line.HasSwitch(switches::kSingleProcess)) {
+    DCHECK_EQ(RenderProcess::current()->GetEnabledBindings(),
+              enabled_bindings_);
+  }
  // If an MojoBindingsController already exists for this RenderFrameImpl, avoid
  // creating another one. It is not kept as a member, as it deletes itself when