Chromecast: adds CastNetworkDelegate.

This provides an interface for special handling of "whitelisted" URLs in internal code. It also denies local file access for Chromecast, except on Android (with a flag). R=lcwu@chromium.org,byungchul@chromium.org BUG=336640 Review URL: https://codereview.chromium.org/598303002 Cr-Commit-Position: refs/heads/master@{#297079}

Chromecast: adds CastNetworkDelegate.
This provides an interface for special handling of "whitelisted" URLs in internal code. It also denies local file access for Chromecast, except on Android (with a flag). R=lcwu@chromium.org,byungchul@chromium.org BUG=336640 Review URL: https://codereview.chromium.org/598303002 Cr-Commit-Position: refs/heads/master@{#297079}
dacd4f6f · gunsch · Commit bot · 72b0e113 · dacd4f6f · dacd4f6f
Commit dacd4f6f authored Sep 26, 2014 by gunsch Committed by Commit bot Sep 27, 2014
12 changed files
--- a/chromecast/chromecast.gyp
+++ b/chromecast/chromecast.gyp
@@ -226,6 +226,8 @@
        'shell/browser/cast_download_manager_delegate.h',
        'shell/browser/cast_http_user_agent_settings.cc',
        'shell/browser/cast_http_user_agent_settings.h',
+        'shell/browser/cast_network_delegate.cc',
+        'shell/browser/cast_network_delegate.h',
        'shell/browser/devtools/cast_dev_tools_delegate.cc',
        'shell/browser/devtools/cast_dev_tools_delegate.h',
        'shell/browser/devtools/remote_debugging_server.cc',
@@ -249,6 +251,7 @@
          ],
        }, {
          'sources': [
+            'shell/browser/cast_network_delegate_simple.cc',
            'shell/browser/devtools/remote_debugging_server_simple.cc',
            'shell/browser/webui/webui_cast_simple.cc',
            'shell/renderer/key_systems_cast_simple.cc',

--- a/chromecast/common/chromecast_switches.cc
+++ b/chromecast/common/chromecast_switches.cc
@@ -6,6 +6,11 @@
 namespace switches {
+#if defined(OS_ANDROID)
+// Enable file accesses for debug.
+const char kEnableLocalFileAccesses[] = "enable-local-file-accesses";
+#endif  // defined(OS_ANDROID)
 // Override the URL to which metrics logs are sent for debugging.
 const char kOverrideMetricsUploadUrl[] = "override-metrics-upload-url";

--- a/chromecast/common/chromecast_switches.h
+++ b/chromecast/common/chromecast_switches.h
@@ -9,6 +9,11 @@
 namespace switches {
+#if defined(OS_ANDROID)
+// Content-implementation switches
+extern const char kEnableLocalFileAccesses[];
+#endif  // defined(OS_ANDROID)
 // Metrics switches
 extern const char kOverrideMetricsUploadUrl[];

--- a/chromecast/service/cast_service.h
+++ b/chromecast/service/cast_service.h
@@ -21,6 +21,9 @@ class URLRequestContextGetter;
 }
 namespace chromecast {
+namespace shell {
+class CastNetworkDelegate;
+}
 class CastService {
 public:
@@ -32,7 +35,8 @@ class CastService {
  // getter doesn't do.
  static CastService* Create(
      content::BrowserContext* browser_context,
-      net::URLRequestContextGetter* request_context_getter);
+      net::URLRequestContextGetter* request_context_getter,
+      shell::CastNetworkDelegate* network_delegate);
  virtual ~CastService();

--- a/chromecast/service/cast_service_android.cc
+++ b/chromecast/service/cast_service_android.cc
@@ -11,7 +11,8 @@ namespace chromecast {
 // static
 CastService* CastService::Create(
    content::BrowserContext* browser_context,
-    net::URLRequestContextGetter* request_context_getter) {
+    net::URLRequestContextGetter* request_context_getter,
+    shell::CastNetworkDelegate* network_delegate) {
  return new CastServiceAndroid(browser_context);
 }

--- a/chromecast/service/cast_service_simple.cc
+++ b/chromecast/service/cast_service_simple.cc
@@ -72,7 +72,8 @@ class FillLayout : public aura::LayoutManager {
 // static
 CastService* CastService::Create(
    content::BrowserContext* browser_context,
-    net::URLRequestContextGetter* request_context_getter) {
+    net::URLRequestContextGetter* request_context_getter,
+    shell::CastNetworkDelegate* network_delegate) {
  return new CastServiceSimple(browser_context);
 }

--- a/chromecast/shell/browser/cast_browser_main_parts.cc
+++ b/chromecast/shell/browser/cast_browser_main_parts.cc
@@ -103,9 +103,13 @@ void CastBrowserMainParts::PreMainMessageLoopRun() {
  InitializeWebUI();
-  cast_browser_process_->SetCastService(
+  cast_browser_process_->SetCastService(CastService::Create(
-      CastService::Create(cast_browser_process_->browser_context(),
+      cast_browser_process_->browser_context(),
-                          url_request_context_factory_->GetSystemGetter()));
+      url_request_context_factory_->GetSystemGetter(),
+      url_request_context_factory_->app_network_delegate()));
+  // Initializing network delegates must happen after Cast service is created.
+  url_request_context_factory_->InitializeNetworkDelegates();
  cast_browser_process_->cast_service()->Start();
 }

--- a/chromecast/shell/browser/cast_network_delegate.cc
+++ b/chromecast/shell/browser/cast_network_delegate.cc
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#include "chromecast/shell/browser/cast_network_delegate.h"
+#include "base/command_line.h"
+#include "base/files/file_path.h"
+#include "chromecast/common/chromecast_switches.h"
+namespace chromecast {
+namespace shell {
+CastNetworkDelegate::CastNetworkDelegate() {
+  DetachFromThread();
+}
+CastNetworkDelegate::~CastNetworkDelegate() {
+}
+bool CastNetworkDelegate::OnCanAccessFile(const net::URLRequest& request,
+                                          const base::FilePath& path) const {
+#if defined(OS_ANDROID)
+  // On Chromecast, there's no reason to allow local file access.
+  if (base::CommandLine::ForCurrentProcess()->
+      HasSwitch(switches::kEnableLocalFileAccesses)) {
+    return true;
+  }
+#endif  // defined(OS_ANDROID)
+  LOG(WARNING) << "Could not access file " << path.value()
+               << ". All file accesses are forbidden.";
+  return false;
+}
+}  // namespace shell
+}  // namespace chromecast
--- a/chromecast/shell/browser/cast_network_delegate.h
+++ b/chromecast/shell/browser/cast_network_delegate.h
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#ifndef CHROMECAST_SHELL_BROWSER_CAST_NETWORK_DELEGATE_H_
+#define CHROMECAST_SHELL_BROWSER_CAST_NETWORK_DELEGATE_H_
+#include "net/base/network_delegate.h"
+namespace net {
+class X509Certificate;
+}
+namespace chromecast {
+namespace shell {
+class CastNetworkDelegate : public net::NetworkDelegate {
+ public:
+  static CastNetworkDelegate* Create();
+  static net::X509Certificate* DeviceCert();
+  CastNetworkDelegate();
+  virtual ~CastNetworkDelegate();
+  virtual void Initialize(bool use_sync_signing) = 0;
+  virtual bool IsWhitelisted(const GURL& gurl, bool for_device_auth) const = 0;
+ private:
+  // net::NetworkDelegate implementation:
+  virtual bool OnCanAccessFile(const net::URLRequest& request,
+                               const base::FilePath& path) const OVERRIDE;
+  DISALLOW_COPY_AND_ASSIGN(CastNetworkDelegate);
+};
+}  // namespace shell
+}  // namespace chromecast
+#endif  // CHROMECAST_SHELL_BROWSER_CAST_NETWORK_DELEGATE_H_
--- a/chromecast/shell/browser/cast_network_delegate_simple.cc
+++ b/chromecast/shell/browser/cast_network_delegate_simple.cc
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#include "chromecast/shell/browser/cast_network_delegate.h"
+#include "base/macros.h"
+#include "url/gurl.h"
+namespace chromecast {
+namespace shell {
+namespace {
+class CastNetworkDelegateSimple : public CastNetworkDelegate {
+ public:
+  CastNetworkDelegateSimple() {}
+ private:
+  // CastNetworkDelegate implementation:
+  virtual void Initialize(bool use_sync_signing) OVERRIDE {}
+  virtual bool IsWhitelisted(const GURL& gurl,
+                             bool for_device_auth) const OVERRIDE {
+    return false;
+  }
+  DISALLOW_COPY_AND_ASSIGN(CastNetworkDelegateSimple);
+};
+}  // namespace
+// static
+CastNetworkDelegate* CastNetworkDelegate::Create() {
+  return new CastNetworkDelegateSimple();
+}
+// static
+net::X509Certificate* CastNetworkDelegate::DeviceCert() {
+  return NULL;
+}
+}  // namespace shell
+}  // namespace chromecast
--- a/chromecast/shell/browser/url_request_context_factory.cc
+++ b/chromecast/shell/browser/url_request_context_factory.cc
@@ -10,6 +10,7 @@
 #include "base/path_service.h"
 #include "base/threading/worker_pool.h"
 #include "chromecast/shell/browser/cast_http_user_agent_settings.h"
+#include "chromecast/shell/browser/cast_network_delegate.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/cookie_store_factory.h"
@@ -133,7 +134,9 @@ class URLRequestContextFactory::MainURLRequestContextGetter
 };
 URLRequestContextFactory::URLRequestContextFactory()
-    : system_dependencies_initialized_(false),
+    : app_network_delegate_(CastNetworkDelegate::Create()),
+      system_network_delegate_(CastNetworkDelegate::Create()),
+      system_dependencies_initialized_(false),
      main_dependencies_initialized_(false),
      media_dependencies_initialized_(false) {
 }
@@ -324,6 +327,7 @@ net::URLRequestContext* URLRequestContextFactory::CreateSystemRequestContext() {
  system_context->set_job_factory(system_job_factory_.get());
  system_context->set_cookie_store(
      content::CreateCookieStore(content::CookieStoreConfig()));
+  system_context->set_network_delegate(system_network_delegate_.get());
  return system_context;
 }
@@ -396,8 +400,16 @@ net::URLRequestContext* URLRequestContextFactory::CreateMainRequestContext(
  main_context->set_http_transaction_factory(
      main_transaction_factory_.get());
  main_context->set_job_factory(main_job_factory_.get());
+  main_context->set_network_delegate(app_network_delegate_.get());
  return main_context;
 }
+void URLRequestContextFactory::InitializeNetworkDelegates() {
+  app_network_delegate_->Initialize(false);
+  LOG(INFO) << "Initialized app network delegate.";
+  system_network_delegate_->Initialize(false);
+  LOG(INFO) << "Initialized system network delegate.";
+}
 }  // namespace shell
 }  // namespace chromecast
--- a/chromecast/shell/browser/url_request_context_factory.h
+++ b/chromecast/shell/browser/url_request_context_factory.h
@@ -17,6 +17,7 @@ class URLRequestJobFactory;
 namespace chromecast {
 namespace shell {
+class CastNetworkDelegate;
 class URLRequestContextFactory {
 public:
@@ -43,6 +44,14 @@ class URLRequestContextFactory {
  net::URLRequestContextGetter* GetMainGetter();
  net::URLRequestContextGetter* GetMediaGetter();
+  CastNetworkDelegate* app_network_delegate() const {
+    return app_network_delegate_.get();
+  }
+  // Initialize the CastNetworkDelegate objects. This needs to be done
+  // after the CastService is created, but before any URL requests are made.
+  void InitializeNetworkDelegates();
 private:
  class URLRequestContextGetter;
  class MainURLRequestContextGetter;
@@ -72,6 +81,8 @@ class URLRequestContextFactory {
  scoped_refptr<net::URLRequestContextGetter> system_getter_;
  scoped_refptr<net::URLRequestContextGetter> media_getter_;
  scoped_refptr<net::URLRequestContextGetter> main_getter_;
+  scoped_ptr<CastNetworkDelegate> app_network_delegate_;
+  scoped_ptr<CastNetworkDelegate> system_network_delegate_;
  // Shared objects for all contexts.
  // The URLRequestContextStorage class is not used as owner to these objects