1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
content / browser / storage_partition_impl.h [blame]
// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_BROWSER_STORAGE_PARTITION_IMPL_H_
#define CONTENT_BROWSER_STORAGE_PARTITION_IMPL_H_
#include <stdint.h>
#include <map>
#include <memory>
#include <set>
#include <string>
#include "base/containers/flat_map.h"
#include "base/dcheck_is_on.h"
#include "base/files/file_path.h"
#include "base/gtest_prod_util.h"
#include "base/memory/raw_ptr.h"
#include "base/memory/ref_counted.h"
#include "base/memory/scoped_refptr.h"
#include "base/memory/weak_ptr.h"
#include "base/observer_list.h"
#include "components/services/storage/privileged/mojom/indexed_db_client_state_checker.mojom.h"
#include "components/services/storage/public/mojom/partition.mojom.h"
#include "components/services/storage/public/mojom/storage_service.mojom-forward.h"
#include "content/browser/background_sync/background_sync_context_impl.h"
#include "content/browser/child_process_security_policy_impl.h"
#include "content/browser/content_index/content_index_context_impl.h"
#include "content/browser/dom_storage/dom_storage_context_wrapper.h"
#include "content/browser/locks/lock_manager.h"
#include "content/browser/notifications/platform_notification_context_impl.h"
#include "content/browser/service_worker/service_worker_context_wrapper.h"
#include "content/browser/worker_host/dedicated_worker_service_impl.h"
#include "content/common/content_export.h"
#include "content/public/browser/storage_partition.h"
#include "content/public/browser/storage_partition_config.h"
#include "media/media_buildflags.h"
#include "mojo/public/cpp/bindings/pending_receiver.h"
#include "mojo/public/cpp/bindings/pending_remote.h"
#include "mojo/public/cpp/bindings/receiver.h"
#include "mojo/public/cpp/bindings/receiver_set.h"
#include "mojo/public/cpp/bindings/remote.h"
#include "mojo/public/cpp/bindings/unique_receiver_set.h"
#include "net/cookies/cookie_setting_override.h"
#include "services/network/public/cpp/network_service_buildflags.h"
#include "services/network/public/mojom/cert_verifier_service_updater.mojom.h"
#include "services/network/public/mojom/network_context.mojom.h"
#include "services/network/public/mojom/network_context_client.mojom.h"
#include "storage/browser/blob/blob_url_registry.h"
#include "storage/browser/quota/quota_client_type.h"
#include "storage/browser/quota/quota_settings.h"
#include "third_party/blink/public/common/storage_key/storage_key.h"
#include "third_party/blink/public/common/tokens/tokens.h"
#include "third_party/blink/public/mojom/dom_storage/dom_storage.mojom.h"
#include "third_party/blink/public/mojom/frame/remote_frame.mojom.h"
namespace leveldb_proto {
class ProtoDatabaseProvider;
} // namespace leveldb_proto
namespace net {
class IsolationInfo;
} // namespace net
namespace network {
namespace mojom {
class SharedDictionaryAccessObserver;
} // namespace mojom
} // namespace network
namespace storage {
struct BucketClientInfo;
class SharedStorageManager;
}
namespace content {
namespace indexed_db {
class IndexedDBControlWrapper;
}
class AggregationService;
class AttributionManager;
class BackgroundFetchContext;
class BlobRegistryWrapper;
class BluetoothAllowedDevicesMap;
class BroadcastChannelService;
class BrowsingDataFilterBuilder;
class KeepAliveURLLoaderService;
class BucketManager;
class CacheStorageControlWrapper;
#if BUILDFLAG(ENABLE_LIBRARY_CDMS)
class CdmStorageDataModel;
class CdmStorageManager;
class MediaLicenseManager;
#endif // BUILDFLAG(ENABLE_LIBRARY_CDMS)
class CookieDeprecationLabelManagerImpl;
class CookieStoreManager;
class DevToolsBackgroundServicesContextImpl;
class FileSystemAccessEntryFactory;
class FileSystemAccessManagerImpl;
class FontAccessManager;
class GeneratedCodeCacheContext;
class HostZoomLevelContext;
class InterestGroupManagerImpl;
class NavigationStateKeepAlive;
class PaymentAppContextImpl;
class PrivateAggregationDataModel;
class PrivateAggregationManager;
class PrivateAggregationManagerImpl;
class PushMessagingContext;
class QuotaContext;
class ReconnectableURLLoaderFactoryForIOThreadWrapper;
class SharedStorageHeaderObserver;
class SharedStorageWorkletHostManager;
class SharedWorkerServiceImpl;
class SubresourceProxyingURLLoaderService;
class NavigationOrDocumentHandle;
class CONTENT_EXPORT StoragePartitionImpl
: public StoragePartition,
public blink::mojom::DomStorage,
public network::mojom::NetworkContextClient,
public network::mojom::URLLoaderNetworkServiceObserver {
public:
StoragePartitionImpl(const StoragePartitionImpl&) = delete;
StoragePartitionImpl& operator=(const StoragePartitionImpl&) = delete;
// It is guaranteed that storage partitions are destructed before the
// browser context starts shutting down its corresponding IO thread residents
// (e.g. resource context).
~StoragePartitionImpl() override;
// Quota managed data uses a different representation for storage types than
// StoragePartition uses. This method generates that representation.
static storage::QuotaClientTypes GenerateQuotaClientTypes(
uint32_t remove_mask);
// Forces Storage Service instances to be run in-process.
static void ForceInProcessStorageServiceForTesting();
void OverrideQuotaManagerForTesting(storage::QuotaManager* quota_manager);
void OverrideSpecialStoragePolicyForTesting(
storage::SpecialStoragePolicy* special_storage_policy);
void ShutdownBackgroundSyncContextForTesting();
void OverrideBackgroundSyncContextForTesting(
BackgroundSyncContextImpl* background_sync_context);
void OverrideSharedWorkerServiceForTesting(
std::unique_ptr<SharedWorkerServiceImpl> shared_worker_service);
void OverrideSharedStorageWorkletHostManagerForTesting(
std::unique_ptr<SharedStorageWorkletHostManager>
shared_storage_worklet_host_manager);
void OverrideSharedStorageHeaderObserverForTesting(
std::unique_ptr<SharedStorageHeaderObserver>
shared_storage_header_observer);
void OverrideAggregationServiceForTesting(
std::unique_ptr<AggregationService> aggregation_service);
void OverrideAttributionManagerForTesting(
std::unique_ptr<AttributionManager> attribution_manager);
void OverridePrivateAggregationManagerForTesting(
std::unique_ptr<PrivateAggregationManagerImpl>
private_aggregation_manager);
// StoragePartition interface.
const StoragePartitionConfig& GetConfig() const override;
const base::FilePath& GetPath() const override;
network::mojom::NetworkContext* GetNetworkContext() override;
cert_verifier::mojom::CertVerifierServiceUpdater*
GetCertVerifierServiceUpdater() override;
network::mojom::URLLoaderFactoryParamsPtr CreateURLLoaderFactoryParams();
scoped_refptr<network::SharedURLLoaderFactory>
GetURLLoaderFactoryForBrowserProcess() override;
std::unique_ptr<network::PendingSharedURLLoaderFactory>
GetURLLoaderFactoryForBrowserProcessIOThread() override;
network::mojom::CookieManager* GetCookieManagerForBrowserProcess() override;
void CreateTrustTokenQueryAnswerer(
mojo::PendingReceiver<network::mojom::TrustTokenQueryAnswerer> receiver,
const url::Origin& top_frame_origin) override;
mojo::PendingRemote<network::mojom::URLLoaderNetworkServiceObserver>
CreateURLLoaderNetworkObserverForFrame(int process_id,
int routing_id) override;
mojo::PendingRemote<network::mojom::URLLoaderNetworkServiceObserver>
CreateURLLoaderNetworkObserverForNavigationRequest(
NavigationRequest& navigation_request) override;
storage::QuotaManager* GetQuotaManager() override;
BackgroundSyncContextImpl* GetBackgroundSyncContext() override;
storage::FileSystemContext* GetFileSystemContext() override;
storage::DatabaseTracker* GetDatabaseTracker() override;
DOMStorageContextWrapper* GetDOMStorageContext() override;
storage::mojom::LocalStorageControl* GetLocalStorageControl() override;
LockManager<storage::BucketId>*
GetLockManager(); // override; TODO: Add to interface
// TODO(crbug.com/40185706): Add this method to the StoragePartition
// interface, which would also require making SharedStorageWorkletHostManager
// an interface accessible in //content/public/.
SharedStorageWorkletHostManager*
GetSharedStorageWorkletHostManager(); // override;
storage::mojom::IndexedDBControl& GetIndexedDBControl() override;
FileSystemAccessEntryFactory* GetFileSystemAccessEntryFactory() override;
storage::mojom::CacheStorageControl* GetCacheStorageControl() override;
ServiceWorkerContextWrapper* GetServiceWorkerContext() override;
DedicatedWorkerServiceImpl* GetDedicatedWorkerService() override;
SharedWorkerService* GetSharedWorkerService() override;
GeneratedCodeCacheContext* GetGeneratedCodeCacheContext() override;
DevToolsBackgroundServicesContext* GetDevToolsBackgroundServicesContext()
override;
ContentIndexContextImpl* GetContentIndexContext() override;
HostZoomMap* GetHostZoomMap() override;
HostZoomLevelContext* GetHostZoomLevelContext() override;
ZoomLevelDelegate* GetZoomLevelDelegate() override;
PlatformNotificationContextImpl* GetPlatformNotificationContext() override;
InterestGroupManager* GetInterestGroupManager() override;
BrowsingTopicsSiteDataManager* GetBrowsingTopicsSiteDataManager() override;
leveldb_proto::ProtoDatabaseProvider* GetProtoDatabaseProvider() override;
// Use outside content.
AttributionDataModel* GetAttributionDataModel() override;
PrivateAggregationDataModel* GetPrivateAggregationDataModel() override;
CookieDeprecationLabelManager* GetCookieDeprecationLabelManager() override;
#if BUILDFLAG(ENABLE_LIBRARY_CDMS)
CdmStorageDataModel* GetCdmStorageDataModel() override;
#endif // BUILDFLAG(ENABLE_LIBRARY_CDMS)
void DeleteStaleSessionOnlyCookiesAfterDelay() override;
void SetProtoDatabaseProvider(
std::unique_ptr<leveldb_proto::ProtoDatabaseProvider> proto_db_provider)
override;
leveldb_proto::ProtoDatabaseProvider* GetProtoDatabaseProviderForTesting()
override;
void ClearDataForOrigin(uint32_t remove_mask,
uint32_t quota_storage_remove_mask,
const GURL& storage_origin,
base::OnceClosure callback) override;
void ClearDataForBuckets(const blink::StorageKey& storage_key,
const std::set<std::string>& storage_buckets,
base::OnceClosure callback) override;
void ClearData(uint32_t remove_mask,
uint32_t quota_storage_remove_mask,
const blink::StorageKey& storage_key,
const base::Time begin,
const base::Time end,
base::OnceClosure callback) override;
void ClearData(uint32_t remove_mask,
uint32_t quota_storage_remove_mask,
BrowsingDataFilterBuilder* filter_builder,
StorageKeyPolicyMatcherFunction storage_key_policy_matcher,
network::mojom::CookieDeletionFilterPtr cookie_deletion_filter,
bool perform_storage_cleanup,
const base::Time begin,
const base::Time end,
base::OnceClosure callback) override;
void ClearCodeCaches(
const base::Time begin,
const base::Time end,
const base::RepeatingCallback<bool(const GURL&)>& url_matcher,
base::OnceClosure callback) override;
void Flush() override;
void ResetURLLoaderFactories() override;
void ClearBluetoothAllowedDevicesMapForTesting() override;
void AddObserver(DataRemovalObserver* observer) override;
void RemoveObserver(DataRemovalObserver* observer) override;
void FlushNetworkInterfaceForTesting() override;
void FlushCertVerifierInterfaceForTesting() override;
void WaitForDeletionTasksForTesting() override;
void WaitForCodeCacheShutdownForTesting() override;
void SetNetworkContextForTesting(
mojo::PendingRemote<network::mojom::NetworkContext>
network_context_remote) override;
void OverrideDeleteStaleSessionOnlyCookiesDelayForTesting(
const base::TimeDelta& delay) override;
// TODO(crbug.com/352651664): Consider merging to
// `FlushNetworkInterfaceForTesting()` if possible.
void FlushNetworkInterfaceOnIOThreadForTesting();
base::WeakPtr<StoragePartitionImpl> GetWeakPtr();
BackgroundFetchContext* GetBackgroundFetchContext();
PaymentAppContextImpl* GetPaymentAppContext();
BroadcastChannelService* GetBroadcastChannelService();
BluetoothAllowedDevicesMap* GetBluetoothAllowedDevicesMap();
BlobRegistryWrapper* GetBlobRegistry();
storage::BlobUrlRegistry* GetBlobUrlRegistry();
SubresourceProxyingURLLoaderService* GetSubresourceProxyingURLLoaderService();
KeepAliveURLLoaderService* GetKeepAliveURLLoaderService();
CookieStoreManager* GetCookieStoreManager();
FileSystemAccessManagerImpl* GetFileSystemAccessManager();
BucketManager* GetBucketManager();
QuotaContext* GetQuotaContext();
// Use inside content.
AttributionManager* GetAttributionManager();
void SetFontAccessManagerForTesting(
std::unique_ptr<FontAccessManager> font_access_manager);
const std::string& GetPartitionDomain() const;
AggregationService* GetAggregationService();
FontAccessManager* GetFontAccessManager();
#if BUILDFLAG(ENABLE_LIBRARY_CDMS)
MediaLicenseManager* GetMediaLicenseManager();
#endif // BUILDFLAG(ENABLE_LIBRARY_CDMS)
storage::SharedStorageManager* GetSharedStorageManager() override;
PrivateAggregationManager* GetPrivateAggregationManager();
// blink::mojom::DomStorage interface.
void OpenLocalStorage(
const blink::StorageKey& storage_key,
const blink::LocalFrameToken& local_frame_token,
mojo::PendingReceiver<blink::mojom::StorageArea> receiver) override;
void BindSessionStorageNamespace(
const std::string& namespace_id,
mojo::PendingReceiver<blink::mojom::SessionStorageNamespace> receiver)
override;
void BindSessionStorageArea(
const blink::StorageKey& storage_key,
const blink::LocalFrameToken& local_frame_token,
const std::string& namespace_id,
mojo::PendingReceiver<blink::mojom::StorageArea> receiver) override;
// network::mojom::NetworkContextClient interface.
void OnFileUploadRequested(int32_t process_id,
bool async,
const std::vector<base::FilePath>& file_paths,
const GURL& destination_url,
OnFileUploadRequestedCallback callback) override;
void OnCanSendReportingReports(
const std::vector<url::Origin>& origins,
OnCanSendReportingReportsCallback callback) override;
void OnCanSendDomainReliabilityUpload(
const url::Origin& origin,
OnCanSendDomainReliabilityUploadCallback callback) override;
#if BUILDFLAG(IS_ANDROID)
void OnGenerateHttpNegotiateAuthToken(
const std::string& server_auth_token,
bool can_delegate,
const std::string& auth_negotiate_android_account_type,
const std::string& spn,
OnGenerateHttpNegotiateAuthTokenCallback callback) override;
#endif
#if BUILDFLAG(IS_CHROMEOS)
void OnTrustAnchorUsed() override;
#endif
#if BUILDFLAG(IS_CT_SUPPORTED)
void OnCanSendSCTAuditingReport(
OnCanSendSCTAuditingReportCallback callback) override;
void OnNewSCTAuditingReportSent() override;
#endif
// network::mojom::URLLoaderNetworkServiceObserver interface.
void OnSSLCertificateError(const GURL& url,
int net_error,
const net::SSLInfo& ssl_info,
bool fatal,
OnSSLCertificateErrorCallback response) override;
void OnCertificateRequested(
const std::optional<base::UnguessableToken>& window_id,
const scoped_refptr<net::SSLCertRequestInfo>& cert_info,
mojo::PendingRemote<network::mojom::ClientCertificateResponder>
cert_responder) override;
void Clone(
mojo::PendingReceiver<network::mojom::URLLoaderNetworkServiceObserver>
listener) override;
void OnWebSocketConnectedToPrivateNetwork(
network::mojom::IPAddressSpace ip_address_space) override;
void OnAuthRequired(
const std::optional<base::UnguessableToken>& window_id,
int32_t request_id,
const GURL& url,
bool first_auth_attempt,
const net::AuthChallengeInfo& auth_info,
const scoped_refptr<net::HttpResponseHeaders>& head_headers,
mojo::PendingRemote<network::mojom::AuthChallengeResponder>
auth_challenge_responder) override;
void OnPrivateNetworkAccessPermissionRequired(
const GURL& url,
const net::IPAddress& ip_address,
const std::optional<std::string>& private_network_device_id,
const std::optional<std::string>& private_network_device_name,
OnPrivateNetworkAccessPermissionRequiredCallback callback) override;
void OnClearSiteData(
const GURL& url,
const std::string& header_value,
int load_flags,
const std::optional<net::CookiePartitionKey>& cookie_partition_key,
bool partitioned_state_allowed_only,
OnClearSiteDataCallback callback) override;
void OnLoadingStateUpdate(network::mojom::LoadInfoPtr info,
OnLoadingStateUpdateCallback callback) override;
void OnDataUseUpdate(int32_t network_traffic_annotation_id_hash,
int64_t recv_bytes,
int64_t sent_bytes) override;
void OnSharedStorageHeaderReceived(
const url::Origin& request_origin,
std::vector<network::mojom::SharedStorageOperationPtr> operations,
OnSharedStorageHeaderReceivedCallback callback) override;
SharedStorageHeaderObserver* shared_storage_header_observer() {
return shared_storage_header_observer_.get();
}
// Can return nullptr while `this` is being destroyed.
BrowserContext* browser_context() const;
// Returns the interface used to control the corresponding remote Partition in
// the Storage Service.
storage::mojom::Partition* GetStorageServicePartition();
// Exposes the shared top-level connection to the Storage Service, for tests.
static mojo::Remote<storage::mojom::StorageService>&
GetStorageServiceForTesting();
// Binds the mojo endpoint for an `IDBFactory` (which implements
// `window.indexedDB`).
void BindIndexedDB(
const storage::BucketLocator& bucket_locator,
const storage::BucketClientInfo& client_info,
mojo::PendingRemote<storage::mojom::IndexedDBClientStateChecker>
client_state_checker_remote,
mojo::PendingReceiver<blink::mojom::IDBFactory> receiver);
// Called by each renderer process to bind its global DomStorage interface.
// Returns the id of the created receiver.
mojo::ReceiverId BindDomStorage(
int process_id,
mojo::PendingReceiver<blink::mojom::DomStorage> receiver,
mojo::PendingRemote<blink::mojom::DomStorageClient> client);
// Remove a receiver created by a previous BindDomStorage() call.
void UnbindDomStorage(mojo::ReceiverId receiver_id);
auto& dom_storage_receivers_for_testing() { return dom_storage_receivers_; }
std::vector<std::string> cors_exempt_header_list() const {
return cors_exempt_header_list_;
}
// Tracks whether this StoragePartition is for guests (e.g., for a <webview>
// tag). This is needed to properly create a SiteInstance for a
// service worker or a shared worker in a guest. Typically one would use the
// script URL of the worker (e.g., "https://example.com/sw.js"), but if this
// StoragePartition is for guests, one must create the SiteInstance via
// guest-specific helpers that ensure that the worker stays in the same
// StoragePartition.
void set_is_guest() { is_guest_ = true; }
bool is_guest() const { return is_guest_; }
// We have to plumb `is_service_worker`, `process_id` and `routing_id` because
// they are plumbed to WebView via WillCreateRestrictedCookieManager, which
// makes some decision based on that.
void CreateRestrictedCookieManager(
network::mojom::RestrictedCookieManagerRole role,
const url::Origin& origin,
const net::IsolationInfo& isolation_info,
bool is_service_worker,
int process_id,
int routing_id,
net::CookieSettingOverrides cookie_setting_overrides,
mojo::PendingReceiver<network::mojom::RestrictedCookieManager> receiver,
mojo::PendingRemote<network::mojom::CookieAccessObserver>
cookie_observer);
mojo::PendingRemote<network::mojom::CookieAccessObserver>
CreateCookieAccessObserverForServiceWorker();
mojo::PendingRemote<network::mojom::TrustTokenAccessObserver>
CreateTrustTokenAccessObserverForServiceWorker();
mojo::PendingRemote<network::mojom::SharedDictionaryAccessObserver>
CreateSharedDictionaryAccessObserverForServiceWorker();
mojo::PendingRemote<network::mojom::URLLoaderNetworkServiceObserver>
CreateAuthCertObserverForServiceWorker(int process_id);
std::vector<std::string> GetCorsExemptHeaderList();
void OpenLocalStorageForProcess(
int process_id,
const blink::StorageKey& storage_key,
mojo::PendingReceiver<blink::mojom::StorageArea> receiver);
void BindSessionStorageAreaForProcess(
int process_id,
const blink::StorageKey& storage_key,
const std::string& namespace_id,
mojo::PendingReceiver<blink::mojom::StorageArea> receiver);
storage::QuotaManagerProxy* GetQuotaManagerProxy();
// Called by BrowserContextImpl prior to destruction.
void OnBrowserContextWillBeDestroyed();
// Store `receiver` and its corresponding `handle`. These will be kept alive
// as long as the remote endpoint of `receiver` is still alive on the renderer
// side. The receiver will be automatically deleted when the endpoint is
// disconnected.
void RegisterKeepAliveHandle(
mojo::PendingReceiver<blink::mojom::NavigationStateKeepAliveHandle>
receiver,
std::unique_ptr<NavigationStateKeepAlive> handle);
// Forward the call to `NetworkContext::RevokeNetworkForNonces` and save the
// nonces in `StoragePartitionImpl`. Clients should revoke network access for
// nonces using this function instead of calling
// `NetworkContext::RevokeNetworkForNonces` directly. This is because this
// function saves the nonces so that they can be restored in case of a
// `NetworkService` crash.
void RevokeNetworkForNoncesInNetworkContext(
const std::vector<base::UnguessableToken>& nonces,
network::mojom::NetworkContext::RevokeNetworkForNoncesCallback callback);
// Forward the call to `NetworkContext::ClearNonces` and remove the stored
// nonce values in `StoragePartitionImpl`. Clients should clear nonces using
// this function instead of calling `NetworkContext::ClearNonces` directly.
// This should only be called when the nonces saved by
// `RevokeNetworkForNoncesInNetworkContext` are no longer relevant.
// The nonces are cleared after a time delay, which will prevent races where
// network requests succeed while the fenced frame corresponding to the
// nonces is being destroyed.
void ClearNoncesInNetworkContextAfterDelay(
const std::vector<base::UnguessableToken>& nonces);
// Get the NavigationStateKeepAlive associated with `frame_token`. See
// `navigation_state_keep_alive_map_`.
NavigationStateKeepAlive* GetNavigationStateKeepAlive(
blink::LocalFrameToken frame_token);
// Removes the NavigationStateKeepAlive associated with `frame_token`. This
// should be called when the keep alive is destructed.
void RemoveKeepAliveHandleFromMap(blink::LocalFrameToken frame_token,
NavigationStateKeepAlive* keep_alive);
void SetClearNoncesInNetworkContextParamsForTesting(
const base::TimeDelta& delay,
base::RepeatingClosure callback);
enum class ContextType {
kRenderFrameHostContext,
kNavigationRequestContext,
kServiceWorkerContext,
};
private:
class DataDeletionHelper;
class QuotaManagedDataDeletionHelper;
class ServiceWorkerCookieAccessObserver;
class ServiceWorkerTrustTokenAccessObserver;
class ServiceWorkerSharedDictionaryAccessObserver;
struct NetworkContextOwner;
friend class BackgroundSyncManagerTest;
friend class BackgroundSyncServiceImplTestHarness;
friend class CookieStoreManagerTest;
friend class PaymentAppContentUnitTestBase;
friend class ServiceWorkerRegistrationTest;
friend class ServiceWorkerUpdateJobTest;
friend class StoragePartitionImplMap;
FRIEND_TEST_ALL_PREFIXES(StoragePartitionShaderClearTest, ClearShaderCache);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveQuotaManagedDataForeverBoth);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveQuotaManagedDataForeverOnlyTemporary);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveQuotaManagedDataForeverOnlyPersistent);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveQuotaManagedDataForeverNeither);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveQuotaManagedDataForeverSpecificOrigin);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveQuotaManagedDataForLastHour);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveQuotaManagedDataForLastWeek);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveQuotaManagedUnprotectedOrigins);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveQuotaManagedProtectedSpecificOrigin);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveQuotaManagedProtectedOrigins);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveQuotaManagedIgnoreDevTools);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest, RemoveCookieForever);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest, RemoveCookieLastHour);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveCookieWithDeleteInfo);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveUnprotectedLocalStorageForever);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveProtectedLocalStorageForever);
FRIEND_TEST_ALL_PREFIXES(StoragePartitionImplTest,
RemoveLocalStorageForLastWeek);
class URLLoaderNetworkContext {
public:
~URLLoaderNetworkContext();
// Allow copy and assign.
URLLoaderNetworkContext(const URLLoaderNetworkContext& other);
URLLoaderNetworkContext& operator=(const URLLoaderNetworkContext& other);
// Creates a URLLoaderNetworkContext for the RenderFrameHost.
static StoragePartitionImpl::URLLoaderNetworkContext
CreateForRenderFrameHost(
GlobalRenderFrameHostId global_render_frame_host_id);
// Creates a URLLoaderNetworkContext for the navigation request.
static StoragePartitionImpl::URLLoaderNetworkContext CreateForNavigation(
NavigationRequest& navigation_request);
// Used when `type` is `kRenderFrameHostContext`.
explicit URLLoaderNetworkContext(
GlobalRenderFrameHostId global_render_frame_host_id);
// Used when `type` is `kServiceWorkerContext`.
explicit URLLoaderNetworkContext(int process_id);
// Used when `type` is `kNavigationRequestContext`.
explicit URLLoaderNetworkContext(NavigationRequest& navigation_request);
// Returns true if `type` is `kNavigationRequestContext`.
bool IsNavigationRequestContext() const;
ContextType type() const { return type_; }
NavigationOrDocumentHandle* navigation_or_document() const {
return navigation_or_document_.get();
}
int process_id() const { return process_id_; }
// If `type_` is kServiceWorkerContext, returns nullptr. Otherwise returns
// the WebContents.
WebContents* GetWebContents();
// Returns true if the request is the primary main frame navigation.
bool IsPrimaryMainFrameRequest();
private:
ContextType type_;
scoped_refptr<NavigationOrDocumentHandle> navigation_or_document_;
// Only valid when `type_` is kServiceWorkerContext.
int process_id_ = content::ChildProcessHost::kInvalidUniqueID;
};
// `relative_partition_path` is the relative path under `profile_path` to the
// StoragePartition's on-disk-storage.
//
// If `in_memory` is true, the `relative_partition_path` is (ab)used as a way
// of distinguishing different in-memory partitions, but nothing is persisted
// on to disk.
//
// Initialize() must be called on the StoragePartitionImpl before using it,
// and OnBrowserContextWillBeDestroyed() must be called on it prior to
// `context` being destroyed.
static std::unique_ptr<StoragePartitionImpl> Create(
BrowserContext* context,
const StoragePartitionConfig& config,
const base::FilePath& relative_partition_path);
StoragePartitionImpl(BrowserContext* browser_context,
const StoragePartitionConfig& config,
const base::FilePath& partition_path,
const base::FilePath& relative_partition_path,
storage::SpecialStoragePolicy* special_storage_policy);
// This must be called before calling any members of the StoragePartitionImpl
// except for GetPath and browser_context().
// The purpose of the Create, Initialize sequence is that code that
// initializes members of the StoragePartitionImpl and gets a pointer to it
// can query properties of the StoragePartitionImpl (notably GetPath()).
// If `fallback_for_blob_urls` is not null, blob urls that can't be resolved
// in this storage partition will be attempted to be resolved in the fallback
// storage partition instead.
void Initialize(StoragePartitionImpl* fallback_for_blob_urls = nullptr);
// If we're running Storage Service out-of-process and it crashes, this
// re-establishes a connection and makes sure the service returns to a usable
// state.
void OnStorageServiceDisconnected();
// Clears the data specified by the `storage_key` or
// `filter_builder`/`storage_key_policy_matcher`. `storage_key` and
// `filter_builder`/`storage_key_policy_matcher` will never both be populated.
void ClearDataImpl(
uint32_t remove_mask,
uint32_t quota_storage_remove_mask,
const blink::StorageKey& storage_key,
BrowsingDataFilterBuilder* filter_builder,
StorageKeyPolicyMatcherFunction storage_key_policy_matcher,
network::mojom::CookieDeletionFilterPtr cookie_deletion_filter,
bool perform_storage_cleanup,
const base::Time begin,
const base::Time end,
base::OnceClosure callback);
void ClearDataForBucketsDone(
const blink::StorageKey& storage_key,
const std::set<std::string>& storage_buckets,
base::OnceClosure callback,
const std::vector<blink::mojom::QuotaStatusCode>& status_codes);
void DeletionHelperDone(base::OnceClosure callback);
// Function used by the quota system to ask the embedder for the
// storage configuration info.
void GetQuotaSettings(storage::OptionalQuotaSettingsCallback callback);
// Called to initialize `network_context_` when `GetNetworkContext()` is
// first called or there is an error.
void InitNetworkContext();
bool is_in_memory() { return config_.in_memory(); }
void CreateURLLoaderFactoryForBrowserProcessInternal(
mojo::PendingRemote<network::mojom::URLLoaderFactory>* out_factory);
std::optional<blink::StorageKey> CalculateStorageKey(
const url::Origin& origin,
const base::UnguessableToken* nonce);
GlobalRenderFrameHostId GetRenderFrameHostIdFromNetworkContext();
void DeleteStaleSessionOnlyCookiesAfterDelayCallback();
void ClearNoncesInNetworkContextAfterDelayCallback(
const std::vector<base::UnguessableToken>& nonces);
// Raw pointer that should always be valid. The BrowserContext owns the
// StoragePartitionImplMap which then owns StoragePartitionImpl. When the
// BrowserContext is destroyed, `this` will be destroyed too.
raw_ptr<BrowserContext, DanglingUntriaged> browser_context_;
const base::FilePath partition_path_;
// `config_` and `relative_partition_path_` are cached from
// `StoragePartitionImpl::Create()` in order to re-create `NetworkContext`.
const StoragePartitionConfig config_;
const base::FilePath relative_partition_path_;
// Until a StoragePartitionImpl is initialized using Initialize(), only
// querying its path abd BrowserContext is allowed.
bool initialized_ = false;
mojo::Remote<storage::mojom::Partition> remote_partition_;
scoped_refptr<QuotaContext> quota_context_;
scoped_refptr<storage::QuotaManager> quota_manager_;
scoped_refptr<storage::FileSystemContext> filesystem_context_;
scoped_refptr<storage::DatabaseTracker> database_tracker_;
scoped_refptr<DOMStorageContextWrapper> dom_storage_context_;
std::unique_ptr<LockManager<storage::BucketId>> lock_manager_;
std::unique_ptr<indexed_db::IndexedDBControlWrapper>
indexed_db_control_wrapper_;
std::unique_ptr<CacheStorageControlWrapper> cache_storage_control_wrapper_;
scoped_refptr<ServiceWorkerContextWrapper> service_worker_context_;
std::unique_ptr<DedicatedWorkerServiceImpl> dedicated_worker_service_;
std::unique_ptr<SharedWorkerServiceImpl> shared_worker_service_;
std::unique_ptr<PushMessagingContext> push_messaging_context_;
scoped_refptr<storage::SpecialStoragePolicy> special_storage_policy_;
std::unique_ptr<HostZoomLevelContext, BrowserThread::DeleteOnUIThread>
host_zoom_level_context_;
scoped_refptr<PlatformNotificationContextImpl> platform_notification_context_;
scoped_refptr<BackgroundFetchContext> background_fetch_context_;
scoped_refptr<BackgroundSyncContextImpl> background_sync_context_;
scoped_refptr<PaymentAppContextImpl> payment_app_context_;
std::unique_ptr<BroadcastChannelService> broadcast_channel_service_;
std::unique_ptr<BluetoothAllowedDevicesMap> bluetooth_allowed_devices_map_;
scoped_refptr<BlobRegistryWrapper> blob_registry_;
std::unique_ptr<storage::BlobUrlRegistry> blob_url_registry_;
std::unique_ptr<SubresourceProxyingURLLoaderService>
subresource_proxying_url_loader_service_;
std::unique_ptr<KeepAliveURLLoaderService> keep_alive_url_loader_service_;
std::unique_ptr<CookieStoreManager> cookie_store_manager_;
std::unique_ptr<BucketManager> bucket_manager_;
scoped_refptr<GeneratedCodeCacheContext> generated_code_cache_context_;
std::unique_ptr<DevToolsBackgroundServicesContextImpl>
devtools_background_services_context_;
scoped_refptr<FileSystemAccessManagerImpl> file_system_access_manager_;
std::unique_ptr<leveldb_proto::ProtoDatabaseProvider>
proto_database_provider_;
scoped_refptr<ContentIndexContextImpl> content_index_context_;
std::unique_ptr<AttributionManager> attribution_manager_;
std::unique_ptr<FontAccessManager> font_access_manager_;
std::unique_ptr<InterestGroupManagerImpl> interest_group_manager_;
std::unique_ptr<BrowsingTopicsSiteDataManager>
browsing_topics_site_data_manager_;
std::unique_ptr<AggregationService> aggregation_service_;
#if BUILDFLAG(ENABLE_LIBRARY_CDMS)
std::unique_ptr<CdmStorageManager> cdm_storage_manager_;
// TODO(crbug.com/40272342): Remove MediaLicenseManager once migration has
// been completed.
std::unique_ptr<MediaLicenseManager> media_license_manager_;
#endif // BUILDFLAG(ENABLE_LIBRARY_CDMS)
// Owning pointer to the SharedStorageManager for this partition.
std::unique_ptr<storage::SharedStorageManager> shared_storage_manager_;
// This needs to be declared after `shared_storage_manager_` because
// `shared_storage_worklet_host` (managed by
// `shared_storage_worklet_host_manager_`) ultimately stores a raw pointer on
// it.
std::unique_ptr<SharedStorageWorkletHostManager>
shared_storage_worklet_host_manager_;
// Owning pointer to the `SharedStorageHeaderObserver` for this partition.
std::unique_ptr<SharedStorageHeaderObserver> shared_storage_header_observer_;
std::unique_ptr<PrivateAggregationManagerImpl> private_aggregation_manager_;
std::unique_ptr<CookieDeprecationLabelManagerImpl>
cookie_deprecation_label_manager_;
// ReceiverSet for DomStorage, using the
// ChildProcessSecurityPolicyImpl::Handle as the binding context type. The
// handle can subsequently be used during interface method calls to
// enforce security checks.
using SecurityPolicyHandle = ChildProcessSecurityPolicyImpl::Handle;
mojo::ReceiverSet<blink::mojom::DomStorage,
std::unique_ptr<SecurityPolicyHandle>>
dom_storage_receivers_;
// A client interface for each receiver above.
std::map<mojo::ReceiverId, mojo::Remote<blink::mojom::DomStorageClient>>
dom_storage_clients_;
// Owns the NetworkContext used to make requests for the StoragePartition.
// Forward declared so we don't need to include network_context.mojom.h here.
std::unique_ptr<NetworkContextOwner> network_context_owner_;
mojo::Receiver<network::mojom::NetworkContextClient>
network_context_client_receiver_{this};
// Always valid/non-null after `Initialize()`.
std::unique_ptr<ReconnectableURLLoaderFactoryForIOThreadWrapper>
shared_url_loader_factory_for_browser_process_;
mojo::Remote<cert_verifier::mojom::CertVerifierServiceUpdater>
cert_verifier_service_updater_;
// URLLoaderFactory/CookieManager for use in the browser process only.
// See the method comment for
// StoragePartition::GetURLLoaderFactoryForBrowserProcess() for
// more details
mojo::Remote<network::mojom::CookieManager>
cookie_manager_for_browser_process_;
// The list of cors exempt headers that are set on `network_context_`.
// Initialized in InitNetworkContext() and never updated after then.
std::vector<std::string> cors_exempt_header_list_;
// See comments for is_guest().
bool is_guest_ = false;
// Track number of running deletion. For test use only.
int deletion_helpers_running_;
base::ObserverList<DataRemovalObserver> data_removal_observers_;
// Called when all deletions are done. For test use only.
base::OnceClosure on_deletion_helpers_done_callback_;
// A set of connections to the network service used to notify browser process
// about cookie reads and writes made by a service worker in this process.
mojo::UniqueReceiverSet<network::mojom::CookieAccessObserver>
service_worker_cookie_observers_;
// A set of connections to the network service used to notify browser process
// about Trust Token accesses made by a service worker in this process.
mojo::UniqueReceiverSet<network::mojom::TrustTokenAccessObserver>
service_worker_trust_token_observers_;
// A set of connections to the network service used to notify browser process
// about shared dictionary accesses made by a service worker in this process.
mojo::UniqueReceiverSet<network::mojom::SharedDictionaryAccessObserver>
service_worker_shared_dictionary_observers_;
mojo::ReceiverSet<network::mojom::URLLoaderNetworkServiceObserver,
URLLoaderNetworkContext>
url_loader_network_observers_;
int next_pending_trust_token_issuance_callback_key_ = 0;
// Maps frame tokens to NavigationStateKeepAlives. There is one
// NavigationStateKeepAlive per LocalFrameToken. It's possible to have
// multiple keep alives per LocalFrameToken (e.g., multiple in-flight
// navigations per RenderFrameHost), but this map will store the most recent
// NavigationStateKeepAlive.
// In the case of multiple navigations for a RenderFrameHost,
// it is assumed that they are handled in order, with the latest navigation's
// keep alive storing the state for that RenderFrameHost.
// Note: This member must be above `keep_alive_handles_receiver_set_`. During
// destruction, when NavigationStateKeepAlives get removed from the receiver
// set, they will them remove themselves from
// `navigation_state_keep_alive_map_`, so this map must still be alive when
// that happens.
using TokenNavigationStateKeepAliveMap =
std::unordered_map<blink::LocalFrameToken,
NavigationStateKeepAlive*,
blink::LocalFrameToken::Hasher>;
TokenNavigationStateKeepAliveMap navigation_state_keep_alive_map_;
// Active keepalive handles for in-flight navigations. They are retained
// on `StoragePartition` because, by design, they may need to outlive the
// `RenderFrameHostImpl` that initiated the navigation, but shouldn't be used
// in a different StoragePartition.
// Note that this set may contain in-flight navigations for different
// RenderFrameHosts, and furthermore, there may even be multiple in-flight
// navigations for a single RenderFrameHost.
// Lookups should not be done from this set. Accessing PolicyContainerHosts
// kept alive by NavigationStateKeepAlive should be done through
// PolicyContainerHost::FromFrameToken.
mojo::UniqueReceiverSet<blink::mojom::NavigationStateKeepAliveHandle>
keep_alive_handles_receiver_set_;
#if DCHECK_IS_ON()
bool on_browser_context_will_be_destroyed_called_ = false;
#endif
// A copy of the network revocation nonces in `NetworkContext`. It is used for
// restoring the network revocation states of fenced frames when there is a
// `NetworkService` crash.
std::set<base::UnguessableToken> network_revocation_nonces_;
// We need to delay deleting stale session cookies until after the cookie db
// has initialized, otherwise we will bypass lazy loading and block.
// See crbug.com/40285083 for more info.
base::TimeDelta delete_stale_session_only_cookies_delay_{base::Minutes(1)};
// We need a delay when removing fenced frame nonces from here and from the
// network service, to avoid races where a fenced frame could regain network
// access during destruction. See the comment on
// `ClearNoncesInNetworkContextAfterDelay` for more info.
base::TimeDelta clear_nonces_in_network_context_delay_{base::Minutes(1)};
// Because removing the nonces after a delay is async, we need a callback to
// execute when the task completes in order to test it.
base::RepeatingClosure clear_nonces_in_network_context_callback_for_testing_ =
base::DoNothing();
base::WeakPtrFactory<StoragePartitionImpl> weak_factory_{this};
};
} // namespace content
#endif // CONTENT_BROWSER_STORAGE_PARTITION_IMPL_H_