WebView has some gotchas around cookies when compared to the rest of Chromium. This doc runs through why, and where this happens.
The CookieManager API needs to be useable before the rest of WebView is initialized. To support this, we do some internal swapping around cookie stores that you can read more about here.
Most of Chromium relies on HostContentSettingsMap to manage cookie settings/permissions. WebView does not - delegating permissions to the app developer.
WebView also allows Android app developers to configure third party cookies per WebView which conceptually on the desktop would be like configuring this per tab - this concept does not exist in Chromium.
In order to apply its own cookie settings, WebView essentially reports its various cookie settings at the time of a cookie request. This means that the rest of Chromium does not need to know about how WebView configures cookies. It does however mean that we often don't get changes to cookies for free. For example, the storage access API impacts whether or not a page may have 3PCs. We need to specifically look for this in WebView and tell the rest of Chromium if we should have 3PCs or not.
The cookie settings need to be proxied for both javascript cookies via the restricted_cookie_manager and network cookies via aw_proxying_url_loader_factory. For this reason, it is advised to have both javascript, and network cookie tests.
