From: xiafeng <feng.xia@samsung.com>
Date: Thu, 16 Mar 2023 03:18:27 +0000 (+0800)
Subject: [M108 Migration][VD]Implement ewk_settings_allow_file_access_from_external_url_set
X-Git-Tag: accepted/tizen/unified/20230328.080146~3
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F68%2F289868%2F7;p=platform%2Fframework%2Fweb%2Fchromium-efl.git

[M108 Migration][VD]Implement ewk_settings_allow_file_access_from_external_url_set

Some specific case in Tizen TV, we need to enable this.
When hosted applications want to use tv device api,
load file://opt/usr/apps/pepper/webapis.js located in local.
But, they cannot access local because of security vulnerability(SOP)
Policy of webapis.js is only located in local.

Reference:
https://review.tizen.org/gerrit/282771/

Change-Id: Id7e29a72dd5571770ae196d5387d97d98eb9d326
Signed-off-by: xiafeng <feng.xia@samsung.com>
---

diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
index 6b0ee8b..0b918d6 100644
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -2966,6 +2966,11 @@ const blink::web_pref::WebPreferences WebContentsImpl::ComputeWebPreferences() {
   // GuestViews in the same StoragePartition need to find each other's frames.
   prefs.renderer_wide_named_frame_lookup = IsGuest();
 
+#if BUILDFLAG(IS_TIZEN_TV)
+  // Disallow file access from external urls by default.
+  prefs.allow_file_access_from_external_urls = false;
+#endif
+
   GetContentClient()->browser()->OverrideWebkitPrefs(this, &prefs);
   return prefs;
 }
diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc
index 242f20d..00e3526 100644
--- a/content/renderer/render_frame_impl.cc
+++ b/content/renderer/render_frame_impl.cc
@@ -3660,6 +3660,12 @@ void RenderFrameImpl::DidCommitNavigation(
   CHECK_EQ(NavigationCommitState::kWillCommit, navigation_commit_state_);
   navigation_commit_state_ = NavigationCommitState::kDidCommit;
 
+#if BUILDFLAG(IS_TIZEN_TV)
+  if (GetWebView() && GetWebView()->GetSettings()
+      ->AllowFileAccessFromExternalURLs())
+    frame_->GetDocument().GrantLoadLocalResources();
+#endif
+
   WebDocumentLoader* document_loader = frame_->GetDocumentLoader();
   DocumentState* document_state =
       DocumentState::FromDocumentLoader(document_loader);
diff --git a/third_party/blink/common/web_preferences/web_preferences_mojom_traits.cc b/third_party/blink/common/web_preferences/web_preferences_mojom_traits.cc
index 7bb384f..8359c4d 100644
--- a/third_party/blink/common/web_preferences/web_preferences_mojom_traits.cc
+++ b/third_party/blink/common/web_preferences/web_preferences_mojom_traits.cc
@@ -245,6 +245,10 @@ bool StructTraits<blink::mojom::WebPreferencesDataView,
   out->webxr_immersive_ar_allowed = data.webxr_immersive_ar_allowed();
   out->renderer_wide_named_frame_lookup =
       data.renderer_wide_named_frame_lookup();
+#if BUILDFLAG(IS_TIZEN_TV)
+  out->allow_file_access_from_external_urls =
+      data.allow_file_access_from_external_urls();
+#endif
   return true;
 }
 
diff --git a/third_party/blink/public/common/web_preferences/web_preferences.h b/third_party/blink/public/common/web_preferences/web_preferences.h
index 0b1b1e8..604d4f6 100644
--- a/third_party/blink/public/common/web_preferences/web_preferences.h
+++ b/third_party/blink/public/common/web_preferences/web_preferences.h
@@ -408,6 +408,12 @@ struct BLINK_COMMON_EXPORT WebPreferences {
   // (false). Used by StrictMimetypeCheckForWorkerScriptsEnabled policy.
   bool strict_mime_type_check_for_worker_scripts_enabled = true;
 
+#if BUILDFLAG(IS_TIZEN_TV)
+  // Hosted app need to get local access privilege when they use tv device api
+  // located in local path(file://usr/apps/pepper/webapis/webapis.js)
+  bool allow_file_access_from_external_urls = false;
+#endif
+
   // We try to keep the default values the same as the default values in
   // chrome, except for the cases where it would require lots of extra work for
   // the embedder to use the same default value.
diff --git a/third_party/blink/public/common/web_preferences/web_preferences_mojom_traits.h b/third_party/blink/public/common/web_preferences/web_preferences_mojom_traits.h
index f63111c..5fd26e0 100644
--- a/third_party/blink/public/common/web_preferences/web_preferences_mojom_traits.h
+++ b/third_party/blink/public/common/web_preferences/web_preferences_mojom_traits.h
@@ -174,6 +174,13 @@ struct BLINK_COMMON_EXPORT StructTraits<blink::mojom::WebPreferencesDataView,
     return r.allow_file_access_from_file_urls;
   }
 
+#if BUILDFLAG(IS_TIZEN_TV)
+  static bool allow_file_access_from_external_urls(
+      const blink::web_pref::WebPreferences& r) {
+    return r.allow_file_access_from_external_urls;
+  }
+#endif
+
   static bool webgl1_enabled(const blink::web_pref::WebPreferences& r) {
     return r.webgl1_enabled;
   }
diff --git a/third_party/blink/public/mojom/webpreferences/web_preferences.mojom b/third_party/blink/public/mojom/webpreferences/web_preferences.mojom
index 42ecc37..cb712bb 100644
--- a/third_party/blink/public/mojom/webpreferences/web_preferences.mojom
+++ b/third_party/blink/public/mojom/webpreferences/web_preferences.mojom
@@ -504,4 +504,7 @@ struct WebPreferences {
   bool renderer_wide_named_frame_lookup;
 
   bool strict_mime_type_check_for_worker_scripts_enabled = true;
+
+  [EnableIf=is_tizen_tv]
+  bool allow_file_access_from_external_urls;
 };
diff --git a/third_party/blink/public/web/web_document.h b/third_party/blink/public/web/web_document.h
index 3f0662c..357a8e2 100644
--- a/third_party/blink/public/web/web_document.h
+++ b/third_party/blink/public/web/web_document.h
@@ -85,6 +85,10 @@ class BLINK_EXPORT WebDocument : public WebNode {
   WebSecurityOrigin GetSecurityOrigin() const;
   bool IsSecureContext() const;
 
+#if BUILDFLAG(IS_TIZEN_TV)
+  void GrantLoadLocalResources();
+#endif
+
   WebString Encoding() const;
   WebString ContentLanguage() const;
   WebString GetReferrer() const;
diff --git a/third_party/blink/public/web/web_settings.h b/third_party/blink/public/web/web_settings.h
index 93a21b8..792df7a 100644
--- a/third_party/blink/public/web/web_settings.h
+++ b/third_party/blink/public/web/web_settings.h
@@ -285,6 +285,11 @@ class WebSettings {
   virtual bool UsesEncodingDetector() const = 0;
 #endif
 
+#if BUILDFLAG(IS_TIZEN_TV)
+  virtual bool AllowFileAccessFromExternalURLs() = 0;
+  virtual void SetAllowFileAccessFromExternalURLs(bool) = 0;
+#endif
+
 #if defined(TIZEN_ATK_SUPPORT)
   virtual void SetAccessibilityEnabled(bool) = 0;
   virtual bool GetAccessibilityEnabled() = 0;
diff --git a/third_party/blink/renderer/core/exported/web_document.cc b/third_party/blink/renderer/core/exported/web_document.cc
index 654a6b3..d46f4ea 100644
--- a/third_party/blink/renderer/core/exported/web_document.cc
+++ b/third_party/blink/renderer/core/exported/web_document.cc
@@ -71,6 +71,10 @@
 #include "third_party/blink/renderer/platform/weborigin/security_origin.h"
 #include "third_party/blink/renderer/platform/wtf/casting.h"
 
+#if BUILDFLAG(IS_TIZEN_TV)
+#include "third_party/blink/renderer/core/frame/local_dom_window.h"
+#endif
+
 namespace {
 
 static const blink::WebStyleSheetKey GenerateStyleSheetKey() {
@@ -106,6 +110,13 @@ bool WebDocument::IsSecureContext() const {
   return context && context->IsSecureContext();
 }
 
+#if BUILDFLAG(IS_TIZEN_TV)
+void WebDocument::GrantLoadLocalResources() {
+  if (Document* document = Unwrap<Document>())
+    document->domWindow()->GetMutableSecurityOrigin()->GrantLoadLocalResources();
+}
+#endif
+
 WebString WebDocument::Encoding() const {
   return ConstUnwrap<Document>()->EncodingName();
 }
diff --git a/third_party/blink/renderer/core/exported/web_settings_impl.cc b/third_party/blink/renderer/core/exported/web_settings_impl.cc
index ffe4a2c..f83cd48 100644
--- a/third_party/blink/renderer/core/exported/web_settings_impl.cc
+++ b/third_party/blink/renderer/core/exported/web_settings_impl.cc
@@ -805,6 +805,16 @@ bool WebSettingsImpl::UsesEncodingDetector() const {
 }
 #endif
 
+#if BUILDFLAG(IS_TIZEN_TV)
+void WebSettingsImpl::SetAllowFileAccessFromExternalURLs(bool allow) {
+  settings_->SetAllowFileAccessFromExternalURLs(allow);
+}
+
+bool WebSettingsImpl::AllowFileAccessFromExternalURLs() {
+  return settings_->GetAllowFileAccessFromExternalURLs();
+}
+#endif
+
 #if defined(TIZEN_ATK_SUPPORT)
 void WebSettingsImpl::SetAccessibilityEnabled(bool enabled) {
   settings_->SetAccessibilityEnabled(enabled);
diff --git a/third_party/blink/renderer/core/exported/web_settings_impl.h b/third_party/blink/renderer/core/exported/web_settings_impl.h
index 3d896b7..6a506d3 100644
--- a/third_party/blink/renderer/core/exported/web_settings_impl.h
+++ b/third_party/blink/renderer/core/exported/web_settings_impl.h
@@ -234,6 +234,11 @@ class CORE_EXPORT WebSettingsImpl final : public WebSettings {
   bool UsesEncodingDetector() const override;
 #endif
 
+#if BUILDFLAG(IS_TIZEN_TV)
+  void SetAllowFileAccessFromExternalURLs(bool) override;
+  bool AllowFileAccessFromExternalURLs() override;
+#endif
+
 #if defined(TIZEN_ATK_SUPPORT)
   void SetAccessibilityEnabled(bool) override;
   bool GetAccessibilityEnabled() override;
diff --git a/third_party/blink/renderer/core/exported/web_view_impl.cc b/third_party/blink/renderer/core/exported/web_view_impl.cc
index ef2abd1..c0ebd19 100644
--- a/third_party/blink/renderer/core/exported/web_view_impl.cc
+++ b/third_party/blink/renderer/core/exported/web_view_impl.cc
@@ -1752,6 +1752,11 @@ void WebView::ApplyWebPreferences(const web_pref::WebPreferences& prefs,
   settings->SetAccessibilityEnabled(prefs.atk_enabled);
 #endif
 
+#if BUILDFLAG(IS_TIZEN_TV)
+  settings->SetAllowFileAccessFromExternalURLs(
+      prefs.allow_file_access_from_external_urls);
+#endif
+
 #if BUILDFLAG(IS_EFL)
   settings->SetTizenVersion(prefs.tizen_version_major,
                             prefs.tizen_version_minor,
diff --git a/third_party/blink/renderer/core/frame/settings.json5 b/third_party/blink/renderer/core/frame/settings.json5
index 5331ed9..0f0a46ed 100644
--- a/third_party/blink/renderer/core/frame/settings.json5
+++ b/third_party/blink/renderer/core/frame/settings.json5
@@ -1065,5 +1065,10 @@
       initial: false,
       type: "bool"
     },
+    {
+      name: "allowFileAccessFromExternalURLs",
+      initial: false,
+      type: "bool"
+    },
   ],
 }
diff --git a/tizen_src/ewk/efl_integration/public/ewk_settings.cc b/tizen_src/ewk/efl_integration/public/ewk_settings.cc
index 0a22f8b..1ba1b66 100644
--- a/tizen_src/ewk/efl_integration/public/ewk_settings.cc
+++ b/tizen_src/ewk/efl_integration/public/ewk_settings.cc
@@ -885,8 +885,16 @@ Eina_Bool ewk_settings_ime_panel_enabled_get(const Ewk_Settings *settings)
 
 Eina_Bool ewk_settings_allow_file_access_from_external_url_set(Ewk_Settings* settings, Eina_Bool allow)
 {
-  LOG_EWK_API_MOCKUP();
+#if BUILDFLAG(IS_TIZEN_TV)
+  LOG(INFO) << "ewk_settings_allow_file_access_from_external_url_set, allow: " << (bool)allow;
+  EINA_SAFETY_ON_NULL_RETURN_VAL(settings, EINA_FALSE);
+  settings->getPreferences().allow_file_access_from_external_urls = allow;
+  ewkUpdateWebkitPreferences(settings->getEvasObject());
+  return EINA_TRUE;
+#else
+  LOG_EWK_API_MOCKUP("Only for Tizen TV");
   return EINA_FALSE;
+#endif
 }
 
 Eina_Bool ewk_settings_swipe_to_refresh_enabled_set(Ewk_Settings* settings, Eina_Bool enable)