[M108 Migration] Set ContentSecurityPolicy rules to blink

1. Set CSP rules from ewk API to engine via mojo IPC after
|RenderFrameObserver::DidCreateDocumentElement| is notified.

2. Set sandbox flag on security context
when |WebDocument::SetContentSecurityPolicyUsingHeader| is invoked.

References:
https://review.tizen.org/gerrit/c/278286
https://review.tizen.org/gerrit/c/281099

Change-Id: I005b4ca61bc4c6dd1f7765eb18563889685c1a77
Signed-off-by: Bakka Uday Kiran <b.kiran@samsung.com>

diff --git a/third_party/blink/public/mojom/frame/frame.mojom b/third_party/blink/public/mojom/frame/frame.mojom
index 7a4564f..53b1b4d 100644 (file)
--- a/third_party/blink/public/mojom/frame/frame.mojom
+++ b/third_party/blink/public/mojom/frame/frame.mojom
@@ -998,6 +998,13 @@ interface LocalMainFrame {
   UpdateBrowserControlsState(cc.mojom.BrowserControlsState constraints,
                              cc.mojom.BrowserControlsState current,
                              bool animate);
+
+  // Applies CSP policies set from ewk api or wrt config.xml.
+  [EnableIf=is_efl]
+  SetContentSecurityPolicyUsingHeader(
+      string policy,
+      network.mojom.ContentSecurityPolicyType header_type,
+      url.mojom.Url base_url);
 };
 
 // Implemented in Browser, this interface defines local-main-frame-specific

diff --git a/third_party/blink/renderer/core/frame/csp/execution_context_csp_delegate.cc b/third_party/blink/renderer/core/frame/csp/execution_context_csp_delegate.cc
index 4991800..45530d6 100644 (file)
--- a/third_party/blink/renderer/core/frame/csp/execution_context_csp_delegate.cc
+++ b/third_party/blink/renderer/core/frame/csp/execution_context_csp_delegate.cc
@@ -57,6 +57,9 @@ void ExecutionContextCSPDelegate::SetSandboxFlags(
   // the Agent that is assigned for the ExecutionContext. Changing
   // an ExecutionContext's agent in the middle of an object lifecycle
   // is not permitted.
+#if BUILDFLAG(IS_TIZEN)
+  GetSecurityContext().SetSandboxFlags(mask);
+#endif
 
   // Since Workers and Worklets don't share agents (each one is unique)
   // we allow them to apply new sandbox flags on top of the current ones.

diff --git a/third_party/blink/renderer/core/frame/local_frame.cc b/third_party/blink/renderer/core/frame/local_frame.cc
index 79bb525..3bcc1b5 100644 (file)
--- a/third_party/blink/renderer/core/frame/local_frame.cc
+++ b/third_party/blink/renderer/core/frame/local_frame.cc
@@ -2752,6 +2752,21 @@ void LocalFrame::SetScaleFactor(float scale_factor) {
   GetPage()->GetVisualViewport().SetScale(scale_factor);
 }
 
+#if BUILDFLAG(IS_EFL)
+void LocalFrame::SetContentSecurityPolicyUsingHeader(
+    const String& policy,
+    network::mojom::ContentSecurityPolicyType header_type,
+    const KURL& base_url) {
+  ExecutionContext* context = GetDocument()->GetExecutionContext();
+  if (!context)
+    return;
+
+  context->GetContentSecurityPolicy()->AddPolicies(ParseContentSecurityPolicies(
+      policy, header_type,
+      network::mojom::blink::ContentSecurityPolicySource::kHTTP, base_url));
+}
+#endif
+
 void LocalFrame::ClosePageForTesting() {
   mojo_handler_->ClosePageForTesting();
 }

diff --git a/third_party/blink/renderer/core/frame/local_frame.h b/third_party/blink/renderer/core/frame/local_frame.h
index 4296d02..31a8799 100644 (file)
--- a/third_party/blink/renderer/core/frame/local_frame.h
+++ b/third_party/blink/renderer/core/frame/local_frame.h
@@ -92,6 +92,14 @@ namespace base {
 class SingleThreadTaskRunner;
 }
 
+#if BUILDFLAG(IS_EFL)
+namespace network {
+namespace mojom {
+enum class ContentSecurityPolicyType : int32_t;
+}
+}  // namespace network
+#endif
+
 namespace gfx {
 class Point;
 class Range;
@@ -708,6 +716,12 @@ class CORE_EXPORT LocalFrame final
   void SetScaleFactor(float scale);
   void ClosePageForTesting();
   void SetInitialFocus(bool reverse);
+#if BUILDFLAG(IS_EFL)
+  void SetContentSecurityPolicyUsingHeader(
+      const String& policy,
+      network::mojom::ContentSecurityPolicyType header_type,
+      const KURL& base_url);
+#endif
 
 #if BUILDFLAG(IS_MAC)
   void GetCharacterIndexAtPoint(const gfx::Point& point);

diff --git a/third_party/blink/renderer/core/frame/local_frame_mojo_handler.cc b/third_party/blink/renderer/core/frame/local_frame_mojo_handler.cc
index 4dd8501..5af0855 100644 (file)
--- a/third_party/blink/renderer/core/frame/local_frame_mojo_handler.cc
+++ b/third_party/blink/renderer/core/frame/local_frame_mojo_handler.cc
@@ -1423,6 +1423,15 @@ void LocalFrameMojoHandler::UpdateBrowserControlsState(
                                                               current, animate);
 }
 
+#if BUILDFLAG(IS_EFL)
+void LocalFrameMojoHandler::SetContentSecurityPolicyUsingHeader(
+    const String& policy,
+    network::mojom::ContentSecurityPolicyType header_type,
+    const KURL& base_url) {
+  frame_->SetContentSecurityPolicyUsingHeader(policy, header_type, base_url);
+}
+#endif
+
 void LocalFrameMojoHandler::DispatchBeforeUnload(
     bool is_reload,
     mojom::blink::LocalFrame::BeforeUnloadCallback callback) {

diff --git a/third_party/blink/renderer/core/frame/local_frame_mojo_handler.h b/third_party/blink/renderer/core/frame/local_frame_mojo_handler.h
index 64ce603..0c16199 100644 (file)
--- a/third_party/blink/renderer/core/frame/local_frame_mojo_handler.h
+++ b/third_party/blink/renderer/core/frame/local_frame_mojo_handler.h
@@ -230,6 +230,12 @@ class LocalFrameMojoHandler
   void UpdateBrowserControlsState(cc::BrowserControlsState constraints,
                                   cc::BrowserControlsState current,
                                   bool animate) override;
+#if BUILDFLAG(IS_EFL)
+  void SetContentSecurityPolicyUsingHeader(
+      const String& policy,
+      network::mojom::ContentSecurityPolicyType header_type,
+      const KURL& base_url) override;
+#endif
 
   // mojom::blink::HighPriorityLocalFrame implementation:
   void DispatchBeforeUnload(

diff --git a/tizen_src/ewk/efl_integration/common/render_messages_ewk.h b/tizen_src/ewk/efl_integration/common/render_messages_ewk.h
index ce935e3..b1c7056 100644 (file)
--- a/tizen_src/ewk/efl_integration/common/render_messages_ewk.h
+++ b/tizen_src/ewk/efl_integration/common/render_messages_ewk.h
@@ -151,13 +151,7 @@ IPC_MESSAGE_CONTROL3(EwkViewHostMsg_HitTestAsyncReply,
                     Hit_Test_Params,
                     int64_t /* request id */)
 
-IPC_MESSAGE_ROUTED2(EwkViewMsg_SetCSP,
-                    std::string, /* policy */
-                    Ewk_CSP_Header_Type /* header type */)
-
-IPC_SYNC_MESSAGE_ROUTED0_2(EwkHostMsg_GetContentSecurityPolicy,
-                           std::string, /* policy */
-                           Ewk_CSP_Header_Type /* header type */)
+IPC_MESSAGE_ROUTED0(EwkHostMsg_DidCreateDocumentElement)
 
 IPC_MESSAGE_ROUTED1(EwkHostMsg_DidPrintPagesToPdf,
                     DidPrintPagesParams /* pdf document parameters */)

diff --git a/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.cc b/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.cc
index f5f3208..860b3b6 100644 (file)
--- a/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.cc
+++ b/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.cc
@@ -233,6 +233,13 @@ void RenderFrameObserverEfl::WillSubmitForm(
   Send(new EwkHostMsg_FormSubmit(render_frame()->GetRoutingID(), url));
 }
 
+void RenderFrameObserverEfl::DidCreateDocumentElement() {
+  if (!render_frame()->IsMainFrame())
+    return;
+
+  Send(new EwkHostMsg_DidCreateDocumentElement(render_frame()->GetRoutingID()));
+}
+
 void RenderFrameObserverEfl::DidCreateScriptContext(
     v8::Local<v8::Context> context,
     int world_id) {

diff --git a/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.h b/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.h
index 9b56cb3..6a4c564 100644 (file)
--- a/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.h
+++ b/tizen_src/ewk/efl_integration/renderer/render_frame_observer_efl.h
@@ -54,6 +54,8 @@ class RenderFrameObserverEfl : public RenderFrameObserver {
                                 int world_id) override;
   void DidUpdateMainFrameLayout() override;
 
+  void DidCreateDocumentElement() override;
+
  private:
   void OnSelectPopupMenuItems(bool canceled,
                               const std::vector<int>& selected_indices);

diff --git a/tizen_src/ewk/efl_integration/web_contents_observer_efl.cc b/tizen_src/ewk/efl_integration/web_contents_observer_efl.cc
index 537b761..d9d6374 100644 (file)
--- a/tizen_src/ewk/efl_integration/web_contents_observer_efl.cc
+++ b/tizen_src/ewk/efl_integration/web_contents_observer_efl.cc
@@ -40,6 +40,21 @@ using autofill::AutofillClientEfl;
 
 namespace content {
 
+namespace {
+typedef network::mojom::ContentSecurityPolicyType SecurityPolicyType;
+
+static_assert(static_cast<int>(SecurityPolicyType::kReport) ==
+                  static_cast<int>(EWK_REPORT_ONLY),
+              "mismatching enums : EWK_REPORT_ONLY");
+static_assert(static_cast<int>(SecurityPolicyType::kEnforce) ==
+                  static_cast<int>(EWK_ENFORCE_POLICY),
+              "mismatching enums : EWK_ENFORCE_POLICY");
+
+SecurityPolicyType ToSecurityPolicyType(Ewk_CSP_Header_Type type) {
+  return static_cast<SecurityPolicyType>(type);
+}
+}  // namespace
+
 static bool IsMainFrame(RenderFrameHost* render_frame_host) {
   return !render_frame_host->GetParent();
 }
@@ -58,10 +73,11 @@ void WebContentsObserverEfl::SetContentSecurityPolicy(
     const std::string& policy,
     Ewk_CSP_Header_Type header_type) {
   if (document_created_) {
-#if !defined(EWK_BRINGUP)  // FIXME: m94 bringup
-    RenderViewHost* rvh = web_contents_.GetRenderViewHost();
-    rvh->Send(new EwkViewMsg_SetCSP(rvh->GetRoutingID(), policy, header_type));
-#endif
+    WebContentsImpl* wci = static_cast<WebContentsImpl*>(&web_contents_);
+    wci->GetPrimaryMainFrame()
+        ->GetAssociatedLocalMainFrame()
+        ->SetContentSecurityPolicyUsingHeader(
+            policy, ToSecurityPolicyType(header_type), wci->GetURL());
   } else {
     DCHECK(!pending_content_security_policy_.get());
     pending_content_security_policy_.reset(
@@ -205,8 +221,8 @@ bool WebContentsObserverEfl::OnMessageReceived(
     RenderFrameHost* render_frame_host) {
   bool handled = true;
   IPC_BEGIN_MESSAGE_MAP(WebContentsObserverEfl, message)
-    IPC_MESSAGE_HANDLER_DELAY_REPLY(EwkHostMsg_GetContentSecurityPolicy,
-                                    OnGetContentSecurityPolicy)
+    IPC_MESSAGE_HANDLER(EwkHostMsg_DidCreateDocumentElement,
+                        OnDidCreateDocumentElement)
     IPC_MESSAGE_HANDLER(EwkHostMsg_DidPrintPagesToPdf,
                         OnPrintedMetafileReceived)
     IPC_MESSAGE_HANDLER(EwkHostMsg_WrtMessage, OnWrtPluginMessage)
@@ -232,19 +248,14 @@ bool WebContentsObserverEfl::Send(IPC::Message* message) {
 #endif
 }
 
-void WebContentsObserverEfl::OnGetContentSecurityPolicy(
-    IPC::Message* reply_msg) {
+void WebContentsObserverEfl::OnDidCreateDocumentElement() {
   document_created_ = true;
-  if (!pending_content_security_policy_.get()) {
-    EwkHostMsg_GetContentSecurityPolicy::WriteReplyParams(
-        reply_msg, std::string(), EWK_DEFAULT_POLICY);
-  } else {
-    EwkHostMsg_GetContentSecurityPolicy::WriteReplyParams(
-        reply_msg, pending_content_security_policy_->policy,
-        pending_content_security_policy_->header_type);
-    pending_content_security_policy_.reset();
-  }
-  Send(reply_msg);
+  if (!pending_content_security_policy_.get())
+    return;
+
+  Ewk_CSP_Header_Type type = pending_content_security_policy_->header_type;
+  if (type == EWK_REPORT_ONLY || type == EWK_ENFORCE_POLICY)
+    SetContentSecurityPolicy(pending_content_security_policy_->policy, type);
 }
 
 void WebContentsObserverEfl::OnPrintedMetafileReceived(

diff --git a/tizen_src/ewk/efl_integration/web_contents_observer_efl.h b/tizen_src/ewk/efl_integration/web_contents_observer_efl.h
index b870fa6..95480e0 100644 (file)
--- a/tizen_src/ewk/efl_integration/web_contents_observer_efl.h
+++ b/tizen_src/ewk/efl_integration/web_contents_observer_efl.h
@@ -66,7 +66,7 @@ class WebContentsObserverEfl : public WebContentsObserver, public IPC::Sender {
                          RenderFrameHost* render_frame_host) override;
 
   // IPC message handlers:
-  void OnGetContentSecurityPolicy(IPC::Message* reply_msg);
+  void OnDidCreateDocumentElement();
   void OnPrintedMetafileReceived(const DidPrintPagesParams& params);
   void OnWrtPluginMessage(const Ewk_Wrt_Message_Data& data);
   void OnWrtPluginSyncMessage(const Ewk_Wrt_Message_Data& data,