Changeset 74093 in webkit

Timestamp:

Dec 14, 2010 7:01:58 PM (13 years ago)

Author:

commit-queue@webkit.org

Message:

2010-12-14 Anton D'Auria <​adauria@apple.com>

Reviewed by Darin Adler.

Do not allow access to existing HTML5 databases in private browsing
mode ​https://bugs.webkit.org/show_bug.cgi?id=49332

Test: storage/private-browsing-noread-nowrite.html

Previously, read-only transactions and private browsing mode were
represented by the same SQLStatement and DatabaseAuthorizer states.
This patch removes the m_readOnly member variable from SQLStatement and
DatabaseAuthorizer, and replaces it with m_permissions whose bit fields
are initialized by a DatabaseAuthorizer enum Permissions (ReadWrite,
ReadOnly, NoAccess). A read-only transaction sets permissions to
ReadOnly, and if !m_database->scriptExecutionContext()->allowDatabaseAccess(),
then permissions also set to NoAccess.

• dom/Document.cpp: (WebCore::Document::allowDatabaseAccess): this method was previously called isDatabaseReadOnly. It checks if private browsing preference is set. This method is renamed because it is used to check if private browsing restricts access to databases.
• dom/Document.h:
• dom/ScriptExecutionContext.h:
• storage/AbstractDatabase.cpp: (WebCore::AbstractDatabase::setAuthorizerPermissions):
• storage/AbstractDatabase.h:
• storage/DatabaseAuthorizer.cpp: (WebCore::DatabaseAuthorizer::reset): (WebCore::DatabaseAuthorizer::createTable): (WebCore::DatabaseAuthorizer::createTempTable): (WebCore::DatabaseAuthorizer::dropTable): (WebCore::DatabaseAuthorizer::dropTempTable): (WebCore::DatabaseAuthorizer::allowAlterTable): (WebCore::DatabaseAuthorizer::createIndex): (WebCore::DatabaseAuthorizer::createTempIndex): (WebCore::DatabaseAuthorizer::dropIndex): (WebCore::DatabaseAuthorizer::dropTempIndex): (WebCore::DatabaseAuthorizer::createTrigger): (WebCore::DatabaseAuthorizer::createTempTrigger): (WebCore::DatabaseAuthorizer::dropTrigger): (WebCore::DatabaseAuthorizer::dropTempTrigger): (WebCore::DatabaseAuthorizer::createView): (WebCore::DatabaseAuthorizer::createTempView): (WebCore::DatabaseAuthorizer::dropView): (WebCore::DatabaseAuthorizer::dropTempView): (WebCore::DatabaseAuthorizer::createVTable): (WebCore::DatabaseAuthorizer::dropVTable): (WebCore::DatabaseAuthorizer::allowDelete): (WebCore::DatabaseAuthorizer::allowInsert): (WebCore::DatabaseAuthorizer::allowUpdate): (WebCore::DatabaseAuthorizer::allowRead): (WebCore::DatabaseAuthorizer::allowReindex): (WebCore::DatabaseAuthorizer::allowWrite): a new private method that checks if DatabaseAuthorizer is enabled and if it is in ReadOnly or NoAccess mode. (WebCore::DatabaseAuthorizer::setReadOnly): (WebCore::DatabaseAuthorizer::setPermissions):
• storage/DatabaseAuthorizer.h:
• storage/SQLStatement.cpp: (WebCore::SQLStatement::create): (WebCore::SQLStatement::SQLStatement): (WebCore::SQLStatement::execute):
• storage/SQLStatement.h:
• storage/SQLStatementSync.cpp: (WebCore::SQLStatementSync::SQLStatementSync): (WebCore::SQLStatementSync::execute):
• storage/SQLStatementSync.h:
• storage/SQLTransaction.cpp: (WebCore::SQLTransaction::executeSQL):
• storage/SQLTransactionSync.cpp: (WebCore::SQLTransactionSync::executeSQL):
• workers/WorkerContext.h: (WebCore::WorkerContext::allowDatabaseAccess):

Location:

trunk

Files:

• LayoutTests/storage/private-browsing-noread-nowrite-expected.txt (moved) (moved from trunk/LayoutTests/storage/private-browsing-readonly-expected.txt) (1 diff)
• LayoutTests/storage/private-browsing-noread-nowrite.html (moved) (moved from trunk/LayoutTests/storage/private-browsing-readonly.html) (2 diffs)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/dom/Document.cpp (modified) (1 diff)
• WebCore/dom/Document.h (modified) (1 diff)
• WebCore/dom/ScriptExecutionContext.h (modified) (1 diff)
• WebCore/storage/AbstractDatabase.cpp (modified) (1 diff)
• WebCore/storage/AbstractDatabase.h (modified) (1 diff)
• WebCore/storage/DatabaseAuthorizer.cpp (modified) (25 diffs)
• WebCore/storage/DatabaseAuthorizer.h (modified) (3 diffs)
• WebCore/storage/SQLStatement.cpp (modified) (2 diffs)
• WebCore/storage/SQLStatement.h (modified) (3 diffs)
• WebCore/storage/SQLStatementSync.cpp (modified) (2 diffs)
• WebCore/storage/SQLStatementSync.h (modified) (2 diffs)
• WebCore/storage/SQLTransaction.cpp (modified) (2 diffs)
• WebCore/storage/SQLTransactionSync.cpp (modified) (2 diffs)
• WebCore/workers/WorkerContext.h (modified) (1 diff)

trunk/LayoutTests/storage/private-browsing-noread-nowrite-expected.txt

@@ -10 +10 @@
 Private browsing statement 4 completed with an error
 not authorized
+Private browsing statement 5 completed with an error
+access to PrivateTest1.randomData is prohibited
 Test ended
 

trunk/LayoutTests/storage/private-browsing-noread-nowrite.html

@@ -17 +17 @@
     "DELETE FROM PrivateTest1",
     "DROP TABLE PrivateTest1",
-    "INSERT INTO PrivateTest1 VALUES ('somedata')"
+    "INSERT INTO PrivateTest1 VALUES ('somedata')",
+    "SELECT * FROM PrivateTest1"
 ];
 
@@ -89 +90 @@
     }
 
-    var database = openDatabase("PrivateBrowsingReadOnlyTest", "1.0", "Test private browsing read-only safety", 1);
+    var database = openDatabase("PrivateBrowsingNoReadNoWriteTest", "1.0", "Test private browsing no read/write safety", 1);
     database.transaction(runSetup, endTest, endTest);
 }

trunk/WebCore/ChangeLog

@@ +1 @@
+2010-12-14  Anton D'Auria  <adauria@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Do not allow access to existing HTML5 databases in private browsing
+        mode https://bugs.webkit.org/show_bug.cgi?id=49332
+
+        Test: storage/private-browsing-noread-nowrite.html
+
+        Previously, read-only transactions and private browsing mode were
+        represented by the same SQLStatement and DatabaseAuthorizer states.
+        This patch removes the m_readOnly member variable from SQLStatement and
+        DatabaseAuthorizer, and replaces it with m_permissions whose bit fields
+        are initialized by a DatabaseAuthorizer enum Permissions (ReadWrite,
+        ReadOnly, NoAccess). A read-only transaction sets permissions to
+        ReadOnly, and if !m_database->scriptExecutionContext()->allowDatabaseAccess(),
+        then permissions also set to NoAccess.
+
+        * dom/Document.cpp:
+        (WebCore::Document::allowDatabaseAccess): this method was previously
+        called isDatabaseReadOnly. It checks if private browsing preference is
+        set. This method is renamed because it is used to check if private
+        browsing restricts access to databases.
+        * dom/Document.h:
+        * dom/ScriptExecutionContext.h:
+        * storage/AbstractDatabase.cpp:
+        (WebCore::AbstractDatabase::setAuthorizerPermissions):
+        * storage/AbstractDatabase.h:
+        * storage/DatabaseAuthorizer.cpp:
+        (WebCore::DatabaseAuthorizer::reset):
+        (WebCore::DatabaseAuthorizer::createTable):
+        (WebCore::DatabaseAuthorizer::createTempTable):
+        (WebCore::DatabaseAuthorizer::dropTable):
+        (WebCore::DatabaseAuthorizer::dropTempTable):
+        (WebCore::DatabaseAuthorizer::allowAlterTable):
+        (WebCore::DatabaseAuthorizer::createIndex):
+        (WebCore::DatabaseAuthorizer::createTempIndex):
+        (WebCore::DatabaseAuthorizer::dropIndex):
+        (WebCore::DatabaseAuthorizer::dropTempIndex):
+        (WebCore::DatabaseAuthorizer::createTrigger):
+        (WebCore::DatabaseAuthorizer::createTempTrigger):
+        (WebCore::DatabaseAuthorizer::dropTrigger):
+        (WebCore::DatabaseAuthorizer::dropTempTrigger):
+        (WebCore::DatabaseAuthorizer::createView):
+        (WebCore::DatabaseAuthorizer::createTempView):
+        (WebCore::DatabaseAuthorizer::dropView):
+        (WebCore::DatabaseAuthorizer::dropTempView):
+        (WebCore::DatabaseAuthorizer::createVTable):
+        (WebCore::DatabaseAuthorizer::dropVTable):
+        (WebCore::DatabaseAuthorizer::allowDelete):
+        (WebCore::DatabaseAuthorizer::allowInsert):
+        (WebCore::DatabaseAuthorizer::allowUpdate):
+        (WebCore::DatabaseAuthorizer::allowRead):
+        (WebCore::DatabaseAuthorizer::allowReindex):
+        (WebCore::DatabaseAuthorizer::allowWrite): a new private method that
+        checks if DatabaseAuthorizer is enabled and if it is in ReadOnly or
+        NoAccess mode.
+        (WebCore::DatabaseAuthorizer::setReadOnly):
+        (WebCore::DatabaseAuthorizer::setPermissions):
+        * storage/DatabaseAuthorizer.h:
+        * storage/SQLStatement.cpp:
+        (WebCore::SQLStatement::create):
+        (WebCore::SQLStatement::SQLStatement):
+        (WebCore::SQLStatement::execute):
+        * storage/SQLStatement.h:
+        * storage/SQLStatementSync.cpp:
+        (WebCore::SQLStatementSync::SQLStatementSync):
+        (WebCore::SQLStatementSync::execute):
+        * storage/SQLStatementSync.h:
+        * storage/SQLTransaction.cpp:
+        (WebCore::SQLTransaction::executeSQL):
+        * storage/SQLTransactionSync.cpp:
+        (WebCore::SQLTransactionSync::executeSQL):
+        * workers/WorkerContext.h:
+        (WebCore::WorkerContext::allowDatabaseAccess):
+
 2010-12-02  MORITA Hajime  <morrita@google.com>
 

trunk/WebCore/dom/Document.cpp

@@ -4497 +4497 @@
 #if ENABLE(DATABASE)
 
-bool Document::isDatabaseReadOnly() const
+bool Document::allowDatabaseAccess() const
 {
     if (!page() || page()->settings()->privateBrowsingEnabled())
-        return true;
-    return false;
+        return false;
+    return true;
 }
 

trunk/WebCore/dom/Document.h

@@ -1007 +1007 @@
 
 #if ENABLE(DATABASE)
-    virtual bool isDatabaseReadOnly() const;
+    virtual bool allowDatabaseAccess() const;
     virtual void databaseExceededQuota(const String& name);
 #endif

trunk/WebCore/dom/ScriptExecutionContext.h

@@ -71 +71 @@
 
 #if ENABLE(DATABASE)
-        virtual bool isDatabaseReadOnly() const = 0;
+        virtual bool allowDatabaseAccess() const = 0;
         virtual void databaseExceededQuota(const String& name) = 0;
         DatabaseThread* databaseThread();

trunk/WebCore/storage/AbstractDatabase.cpp

@@ -433 +433 @@
 }
 
+void AbstractDatabase::setAuthorizerPermissions(int permissions)
+{
+    ASSERT(m_databaseAuthorizer);
+    m_databaseAuthorizer->setPermissions(permissions);
+}
+
 bool AbstractDatabase::lastActionChangedDatabase()
 {

trunk/WebCore/storage/AbstractDatabase.h

@@ -81 +81 @@
     void enableAuthorizer();
     void setAuthorizerReadOnly();
+    void setAuthorizerPermissions(int permissions);
     bool lastActionChangedDatabase();
     bool lastActionWasInsert();

trunk/WebCore/storage/DatabaseAuthorizer.cpp

@@ -54 +54 @@
     m_lastActionWasInsert = false;
     m_lastActionChangedDatabase = false;
-    m_readOnly = false;
+    m_permissions = ReadWriteMask;
 }
 
@@ -128 +128 @@
 int DatabaseAuthorizer::createTable(const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -140 +140 @@
     // allowed in read-only transactions or private browsing, so we might as
     // well disallow SQLITE_CREATE_TEMP_TABLE in these cases
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -148 +148 @@
 int DatabaseAuthorizer::dropTable(const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -159 +159 @@
     // allowed in read-only transactions or private browsing, so we might as
     // well disallow SQLITE_DROP_TEMP_TABLE in these cases
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -167 +167 @@
 int DatabaseAuthorizer::allowAlterTable(const String&, const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -176 +176 @@
 int DatabaseAuthorizer::createIndex(const String&, const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -188 +188 @@
     // which is not allowed in read-only transactions or private browsing,
     // so we might as well disallow SQLITE_CREATE_TEMP_INDEX in these cases
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -196 +196 @@
 int DatabaseAuthorizer::dropIndex(const String&, const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -207 +207 @@
     // not allowed in read-only transactions or private browsing, so we might
     // as well disallow SQLITE_DROP_TEMP_INDEX in these cases
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -215 +215 @@
 int DatabaseAuthorizer::createTrigger(const String&, const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -227 +227 @@
     // allowed in read-only transactions or private browsing, so we might as
     // well disallow SQLITE_CREATE_TEMP_TRIGGER in these cases
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -235 +235 @@
 int DatabaseAuthorizer::dropTrigger(const String&, const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -246 +246 @@
     // allowed in read-only transactions or private browsing, so we might as
     // well disallow SQLITE_DROP_TEMP_TRIGGER in these cases
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -254 +254 @@
 int DatabaseAuthorizer::createView(const String&)
 {
-    return (m_readOnly && m_securityEnabled ? SQLAuthDeny : SQLAuthAllow);
+    return (!allowWrite() ? SQLAuthDeny : SQLAuthAllow);
 }
 
@@ -262 +262 @@
     // allowed in read-only transactions or private browsing, so we might as
     // well disallow SQLITE_CREATE_TEMP_VIEW in these cases
-    return (m_readOnly && m_securityEnabled ? SQLAuthDeny : SQLAuthAllow);
+    return (!allowWrite() ? SQLAuthDeny : SQLAuthAllow);
 }
 
 int DatabaseAuthorizer::dropView(const String&)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -279 +279 @@
     // allowed in read-only transactions or private browsing, so we might as
     // well disallow SQLITE_DROP_TEMP_VIEW in these cases
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -288 +288 @@
 int DatabaseAuthorizer::createVTable(const String& tableName, const String& moduleName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -301 +301 @@
 int DatabaseAuthorizer::dropVTable(const String& tableName, const String& moduleName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -313 +313 @@
 int DatabaseAuthorizer::allowDelete(const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -321 +321 @@
 int DatabaseAuthorizer::allowInsert(const String& tableName)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -331 +331 @@
 int DatabaseAuthorizer::allowUpdate(const String& tableName, const String&)
 {
-    if (m_readOnly && m_securityEnabled)
+    if (!allowWrite())
         return SQLAuthDeny;
 
@@ -345 +345 @@
 int DatabaseAuthorizer::allowRead(const String& tableName, const String&)
 {
+    if (m_permissions & NoAccessMask && m_securityEnabled)
+        return SQLAuthDeny;
+    
     return denyBasedOnTableName(tableName);
 }
@@ -350 +353 @@
 int DatabaseAuthorizer::allowReindex(const String&)
 {
-    return (m_readOnly && m_securityEnabled ? SQLAuthDeny : SQLAuthAllow);
+    return (!allowWrite() ? SQLAuthDeny : SQLAuthAllow);
 }
 
@@ -391 +394 @@
 }
 
+bool DatabaseAuthorizer::allowWrite()
+{
+    return !(m_securityEnabled && (m_permissions & ReadOnlyMask || m_permissions & NoAccessMask));
+}
+
 void DatabaseAuthorizer::setReadOnly()
 {
-    m_readOnly = true;
+    m_permissions |= ReadOnlyMask;
+}
+   
+void DatabaseAuthorizer::setPermissions(int permissions)
+{
+    m_permissions = permissions;
 }
 

trunk/WebCore/storage/DatabaseAuthorizer.h

@@ -43 +43 @@
 class DatabaseAuthorizer : public ThreadSafeShared<DatabaseAuthorizer> {
 public:
+
+    enum Permissions {
+        ReadWriteMask = 0,
+        ReadOnlyMask = 1 << 1,
+        NoAccessMask = 1 << 2
+    };
+
     static PassRefPtr<DatabaseAuthorizer> create(const String& databaseInfoTableName);
 
@@ -88 +95 @@
     void enable();
     void setReadOnly();
+    void setPermissions(int permissions);
 
     void reset();
@@ -101 +109 @@
     int denyBasedOnTableName(const String&) const;
     int updateDeletesBasedOnTableName(const String&);
+    bool allowWrite();
 
+    int m_permissions;
     bool m_securityEnabled : 1;
     bool m_lastActionWasInsert : 1;
     bool m_lastActionChangedDatabase : 1;
-    bool m_readOnly : 1;
     bool m_hadDeletes : 1;
 

trunk/WebCore/storage/SQLStatement.cpp

@@ -44 +44 @@
 namespace WebCore {
 
-PassRefPtr<SQLStatement> SQLStatement::create(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, bool readOnly)
-{
-    return adoptRef(new SQLStatement(statement, arguments, callback, errorCallback, readOnly));
-}
-
-SQLStatement::SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, bool readOnly)
+PassRefPtr<SQLStatement> SQLStatement::create(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, int permissions)
+{
+    return adoptRef(new SQLStatement(statement, arguments, callback, errorCallback, permissions));
+}
+
+SQLStatement::SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, int permissions)
     : m_statement(statement.crossThreadString())
     , m_arguments(arguments)
     , m_statementCallback(callback)
     , m_statementErrorCallback(errorCallback)
-    , m_readOnly(readOnly)
+    , m_permissions(permissions)
 {
 }
@@ -70 +70 @@
         return false;
 
-    if (m_readOnly)
-        db->setAuthorizerReadOnly();
+    db->setAuthorizerPermissions(m_permissions);
 
     SQLiteDatabase* database = &db->sqliteDatabase();

trunk/WebCore/storage/SQLStatement.h

@@ -47 +47 @@
 class SQLStatement : public ThreadSafeShared<SQLStatement> {
 public:
-    static PassRefPtr<SQLStatement> create(const String&, const Vector<SQLValue>&, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, bool readOnly);
+    static PassRefPtr<SQLStatement> create(const String&, const Vector<SQLValue>&, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, int permissions);
 
     bool execute(Database*);
@@ -62 +62 @@
     SQLError* sqlError() const { return m_error.get(); }
 private:
-    SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, bool readOnly);
+    SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, int permissions);
 
     void setFailureDueToQuota();
@@ -75 +75 @@
     RefPtr<SQLResultSet> m_resultSet;
 
-    bool m_readOnly;
+    int m_permissions;
 };
 

trunk/WebCore/storage/SQLStatementSync.cpp

@@ -44 +44 @@
 namespace WebCore {
 
-SQLStatementSync::SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, bool readOnly)
+SQLStatementSync::SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, int permissions)
     : m_statement(statement)
     , m_arguments(arguments)
-    , m_readOnly(readOnly)
+    , m_permissions(permissions)
 {
     ASSERT(!m_statement.isEmpty());
@@ -54 +54 @@
 PassRefPtr<SQLResultSet> SQLStatementSync::execute(DatabaseSync* db, ExceptionCode& ec)
 {
-    if (m_readOnly)
-        db->setAuthorizerReadOnly();
+    db->setAuthorizerPermissions(m_permissions);
 
     SQLiteDatabase* database = &db->sqliteDatabase();

trunk/WebCore/storage/SQLStatementSync.h

@@ -47 +47 @@
 class SQLStatementSync {
 public:
-    SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, bool readOnly);
+    SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, int permissions);
 
     PassRefPtr<SQLResultSet> execute(DatabaseSync*, ExceptionCode&);
@@ -54 +54 @@
     String m_statement;
     Vector<SQLValue> m_arguments;
-    bool m_readOnly;
+    int m_permissions;
 };
 

trunk/WebCore/storage/SQLTransaction.cpp

@@ -33 +33 @@
 
 #include "Database.h"
+#include "DatabaseAuthorizer.h"
 #include "DatabaseThread.h"
 #include "Logging.h"
@@ -94 +95 @@
     }
 
-    bool readOnlyMode = m_readOnly;
-    if (!readOnlyMode) {
-        if (m_database->scriptExecutionContext()->isDatabaseReadOnly())
-            readOnlyMode = true;
-    }
-
-    RefPtr<SQLStatement> statement = SQLStatement::create(sqlStatement, arguments, callback, callbackError, readOnlyMode);
+    int permissions = DatabaseAuthorizer::ReadWriteMask;
+    if (!m_database->scriptExecutionContext()->allowDatabaseAccess())
+        permissions |= DatabaseAuthorizer::NoAccessMask;
+    else if (m_readOnly)
+        permissions |= DatabaseAuthorizer::ReadOnlyMask;
+
+    RefPtr<SQLStatement> statement = SQLStatement::create(sqlStatement, arguments, callback, callbackError, permissions);
 
     if (m_database->deleted())

trunk/WebCore/storage/SQLTransactionSync.cpp

@@ -34 +34 @@
 #if ENABLE(DATABASE)
 
+#include "DatabaseAuthorizer.h"
 #include "DatabaseSync.h"
 #include "PlatformString.h"
@@ -87 +88 @@
         return 0;
 
-    bool readOnlyMode = m_readOnly || m_database->scriptExecutionContext()->isDatabaseReadOnly();
-    SQLStatementSync statement(sqlStatement, arguments, readOnlyMode);
+    int permissions = DatabaseAuthorizer::ReadWriteMask;
+    if (!m_database->scriptExecutionContext()->allowDatabaseAccess())
+      permissions |= DatabaseAuthorizer::NoAccessMask;
+    else if (m_readOnly)
+      permissions |= DatabaseAuthorizer::ReadOnlyMask;
+
+    SQLStatementSync statement(sqlStatement, arguments, permissions);
 
     m_database->resetAuthorizer();

trunk/WebCore/workers/WorkerContext.h

@@ -114 +114 @@
 
         // Not implemented yet.
-        virtual bool isDatabaseReadOnly() const { return false; }
+        virtual bool allowDatabaseAccess() const { return true; }
         // Not implemented for real yet.
         virtual void databaseExceededQuota(const String&);