1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
android_webview / browser / network_service / aw_proxying_restricted_cookie_manager.h [blame]
// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef ANDROID_WEBVIEW_BROWSER_NETWORK_SERVICE_AW_PROXYING_RESTRICTED_COOKIE_MANAGER_H_
#define ANDROID_WEBVIEW_BROWSER_NETWORK_SERVICE_AW_PROXYING_RESTRICTED_COOKIE_MANAGER_H_
#include <optional>
#include <string>
#include "android_webview/browser/aw_cookie_access_policy.h"
#include "base/memory/raw_ptr.h"
#include "base/memory/weak_ptr.h"
#include "content/public/browser/global_routing_id.h"
#include "mojo/public/cpp/bindings/remote.h"
#include "net/base/network_delegate.h"
#include "net/storage_access_api/status.h"
#include "services/network/public/mojom/restricted_cookie_manager.mojom.h"
class GURL;
namespace android_webview {
// A RestrictedCookieManager conditionally returns cookies from an underlying
// RestrictedCookieManager, after consulting WebView's cookie settings.
// We need to do this because Chromium typically configures this per
// BrowserContext but Android developers can set cookie permissions per WebView.
// To work around this, we need to feed down to the restricted cookie manager
// if we wish to disable 3PCs _per_ request.
class AwProxyingRestrictedCookieManager
: public network::mojom::RestrictedCookieManager {
public:
// Creates a AwProxyingRestrictedCookieManager that lives on IO thread,
// binding it to handle communications from |receiver|. The requests will be
// delegated to |underlying_rcm|. The resulting object will be owned by the
// pipe corresponding to |request| and will in turn own |underlying_rcm|.
//
// Expects to be called on the UI thread.
static void CreateAndBind(
mojo::PendingRemote<network::mojom::RestrictedCookieManager>
underlying_rcm,
bool is_service_worker,
int process_id,
int frame_id,
mojo::PendingReceiver<network::mojom::RestrictedCookieManager> receiver,
AwCookieAccessPolicy* aw_cookie_access_policy);
AwProxyingRestrictedCookieManager(const AwProxyingRestrictedCookieManager&) =
delete;
AwProxyingRestrictedCookieManager& operator=(
const AwProxyingRestrictedCookieManager&) = delete;
~AwProxyingRestrictedCookieManager() override;
// network::mojom::RestrictedCookieManager interface:
void GetAllForUrl(const GURL& url,
const net::SiteForCookies& site_for_cookies,
const url::Origin& top_frame_origin,
net::StorageAccessApiStatus storage_access_api_status,
network::mojom::CookieManagerGetOptionsPtr options,
bool is_ad_tagged,
bool force_disable_third_party_cookies,
GetAllForUrlCallback callback) override;
void SetCanonicalCookie(const net::CanonicalCookie& cookie,
const GURL& url,
const net::SiteForCookies& site_for_cookies,
const url::Origin& top_frame_origin,
net::StorageAccessApiStatus storage_access_api_status,
net::CookieInclusionStatus status,
SetCanonicalCookieCallback callback) override;
void AddChangeListener(
const GURL& url,
const net::SiteForCookies& site_for_cookies,
const url::Origin& top_frame_origin,
net::StorageAccessApiStatus storage_access_api_status,
mojo::PendingRemote<network::mojom::CookieChangeListener> listener,
AddChangeListenerCallback callback) override;
void SetCookieFromString(
const GURL& url,
const net::SiteForCookies& site_for_cookies,
const url::Origin& top_frame_origin,
net::StorageAccessApiStatus storage_access_api_status,
const std::string& cookie,
SetCookieFromStringCallback callback) override;
void GetCookiesString(const GURL& url,
const net::SiteForCookies& site_for_cookies,
const url::Origin& top_frame_origin,
net::StorageAccessApiStatus storage_access_api_status,
bool get_version_shared_memory,
bool is_ad_tagged,
bool force_disable_third_party_cookies,
GetCookiesStringCallback callback) override;
void CookiesEnabledFor(const GURL& url,
const net::SiteForCookies& site_for_cookies,
const url::Origin& top_frame_origin,
net::StorageAccessApiStatus storage_access_api_status,
CookiesEnabledForCallback callback) override;
// This one is internal.
net::NetworkDelegate::PrivacySetting AllowCookies(
const GURL& url,
const net::SiteForCookies& site_for_cookies,
net::StorageAccessApiStatus storage_access_api_status) const;
private:
AwProxyingRestrictedCookieManager(
mojo::PendingRemote<network::mojom::RestrictedCookieManager>
underlying_restricted_cookie_manager,
bool is_service_worker,
const std::optional<const content::GlobalRenderFrameHostToken>&
global_frame_token,
AwCookieAccessPolicy* cookie_access_policy);
static void CreateAndBindOnIoThread(
mojo::PendingRemote<network::mojom::RestrictedCookieManager>
underlying_rcm,
bool is_service_worker,
const std::optional<const content::GlobalRenderFrameHostToken>&
global_frame_token,
mojo::PendingReceiver<network::mojom::RestrictedCookieManager> receiver,
AwCookieAccessPolicy* cookie_access_policy);
mojo::Remote<network::mojom::RestrictedCookieManager>
underlying_restricted_cookie_manager_;
bool is_service_worker_;
std::optional<const content::GlobalRenderFrameHostToken> global_frame_token_;
raw_ref<AwCookieAccessPolicy> cookie_access_policy_;
base::WeakPtrFactory<AwProxyingRestrictedCookieManager> weak_factory_{this};
};
} // namespace android_webview
#endif // ANDROID_WEBVIEW_BROWSER_NETWORK_SERVICE_AW_PROXYING_RESTRICTED_COOKIE_MANAGER_H_