Chromium Code Reviews Chromium Code Reviews
Issue 3431032:
Change ChildProcessSecurityPolicy to store a list of allowed flags for... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/child_process_security_policy.h" | 5 #include "chrome/browser/child_process_security_policy.h" |
| 6 | 6 |
| 7 #include "base/file_path.h" | 7 #include "base/file_path.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/platform_file.h" | |
| 9 #include "base/stl_util-inl.h" | 10 #include "base/stl_util-inl.h" |
| 10 #include "base/string_util.h" | 11 #include "base/string_util.h" |
| 11 #include "chrome/common/bindings_policy.h" | 12 #include "chrome/common/bindings_policy.h" |
| 12 #include "chrome/common/url_constants.h" | 13 #include "chrome/common/url_constants.h" |
| 13 #include "googleurl/src/gurl.h" | 14 #include "googleurl/src/gurl.h" |
| 14 #include "net/url_request/url_request.h" | 15 #include "net/url_request/url_request.h" |
| 15 | 16 |
| 17 const int kReadFilePermissions = | |
|
darin (slow to review)
2010/09/28 06:18:27
nit: mark this as 'static'
| |
| 18 base::PLATFORM_FILE_OPEN | | |
| 19 base::PLATFORM_FILE_READ | | |
| 20 base::PLATFORM_FILE_EXCLUSIVE_READ | | |
| 21 base::PLATFORM_FILE_ASYNC; | |
| 22 | |
| 16 // The SecurityState class is used to maintain per-renderer security state | 23 // The SecurityState class is used to maintain per-renderer security state |
| 17 // information. | 24 // information. |
| 18 class ChildProcessSecurityPolicy::SecurityState { | 25 class ChildProcessSecurityPolicy::SecurityState { |
| 19 public: | 26 public: |
| 20 SecurityState() | 27 SecurityState() |
| 21 : enabled_bindings_(0), | 28 : enabled_bindings_(0), |
| 22 can_read_raw_cookies_(false) { } | 29 can_read_raw_cookies_(false) { } |
| 23 ~SecurityState() { | 30 ~SecurityState() { |
| 24 scheme_policy_.clear(); | 31 scheme_policy_.clear(); |
| 25 } | 32 } |
| 26 | 33 |
| 27 // Grant permission to request URLs with the specified scheme. | 34 // Grant permission to request URLs with the specified scheme. |
| 28 void GrantScheme(const std::string& scheme) { | 35 void GrantScheme(const std::string& scheme) { |
| 29 scheme_policy_[scheme] = true; | 36 scheme_policy_[scheme] = true; |
| 30 } | 37 } |
| 31 | 38 |
| 32 // Revoke permission to request URLs with the specified scheme. | 39 // Revoke permission to request URLs with the specified scheme. |
| 33 void RevokeScheme(const std::string& scheme) { | 40 void RevokeScheme(const std::string& scheme) { |
| 34 scheme_policy_[scheme] = false; | 41 scheme_policy_[scheme] = false; |
| 35 } | 42 } |
| 36 | 43 |
| 37 // Grant permission to upload the specified file to the web. | 44 // Grant certain permissions to a file. |
| 38 void GrantUploadFile(const FilePath& file) { | 45 void GrantPermissionsForFile(const FilePath& file, int permissions) { |
| 39 uploadable_files_.insert(file); | 46 file_permissions_[file.StripTrailingSeparators()] |= permissions; |
| 40 } | 47 } |
| 41 | 48 |
| 42 void GrantBindings(int bindings) { | 49 void GrantBindings(int bindings) { |
| 43 enabled_bindings_ |= bindings; | 50 enabled_bindings_ |= bindings; |
| 44 } | 51 } |
| 45 | 52 |
| 46 void GrantReadRawCookies() { | 53 void GrantReadRawCookies() { |
| 47 can_read_raw_cookies_ = true; | 54 can_read_raw_cookies_ = true; |
| 48 } | 55 } |
| 49 | 56 |
| 50 void RevokeReadRawCookies() { | 57 void RevokeReadRawCookies() { |
| 51 can_read_raw_cookies_ = false; | 58 can_read_raw_cookies_ = false; |
| 52 } | 59 } |
| 53 | 60 |
| 54 // Determine whether permission has been granted to request url. | 61 // Determine whether permission has been granted to request url. |
| 55 // Schemes that have not been granted default to being denied. | 62 // Schemes that have not been granted default to being denied. |
| 56 bool CanRequestURL(const GURL& url) { | 63 bool CanRequestURL(const GURL& url) { |
| 57 SchemeMap::const_iterator judgment(scheme_policy_.find(url.scheme())); | 64 SchemeMap::const_iterator judgment(scheme_policy_.find(url.scheme())); |
| 58 | 65 |
| 59 if (judgment == scheme_policy_.end()) | 66 if (judgment == scheme_policy_.end()) |
| 60 return false; // Unmentioned schemes are disallowed. | 67 return false; // Unmentioned schemes are disallowed. |
| 61 | 68 |
| 62 return judgment->second; | 69 return judgment->second; |
| 63 } | 70 } |
| 64 | 71 |
| 65 // Determine whether permission has been granted to upload file. | 72 // Determine if the certain permissions have been granted to a file. |
| 66 // Files that have not been granted default to being denied. | 73 bool HasPermissionsForFile(const FilePath& file, int permissions) { |
| 67 bool CanUploadFile(const FilePath& file) { | 74 FilePath current_path = file.StripTrailingSeparators(); |
| 68 return uploadable_files_.find(file) != uploadable_files_.end(); | 75 FilePath last_path; |
| 76 while (current_path != last_path) { | |
| 77 if (file_permissions_.find(current_path) != file_permissions_.end()) | |
| 78 return (file_permissions_[current_path] & permissions) == permissions; | |
| 79 last_path = current_path; | |
| 80 current_path = current_path.DirName(); | |
| 81 } | |
| 82 | |
| 83 return false; | |
| 69 } | 84 } |
| 70 | 85 |
| 71 bool has_dom_ui_bindings() const { | 86 bool has_dom_ui_bindings() const { |
| 72 return BindingsPolicy::is_dom_ui_enabled(enabled_bindings_); | 87 return BindingsPolicy::is_dom_ui_enabled(enabled_bindings_); |
| 73 } | 88 } |
| 74 | 89 |
| 75 bool has_extension_bindings() const { | 90 bool has_extension_bindings() const { |
| 76 return BindingsPolicy::is_extension_enabled(enabled_bindings_); | 91 return BindingsPolicy::is_extension_enabled(enabled_bindings_); |
| 77 } | 92 } |
| 78 | 93 |
| 79 bool can_read_raw_cookies() const { | 94 bool can_read_raw_cookies() const { |
| 80 return can_read_raw_cookies_; | 95 return can_read_raw_cookies_; |
| 81 } | 96 } |
| 82 | 97 |
| 83 private: | 98 private: |
| 84 typedef std::map<std::string, bool> SchemeMap; | 99 typedef std::map<std::string, bool> SchemeMap; |
| 85 typedef std::set<FilePath> FileSet; | 100 typedef std::map<FilePath, int> FileMap; // bit-set of PlatformFileFlags |
|
darin (slow to review)
2010/09/28 06:18:27
nit: two spaces before the '//'
| |
| 86 | 101 |
| 87 // Maps URL schemes to whether permission has been granted or revoked: | 102 // Maps URL schemes to whether permission has been granted or revoked: |
| 88 // |true| means the scheme has been granted. | 103 // |true| means the scheme has been granted. |
| 89 // |false| means the scheme has been revoked. | 104 // |false| means the scheme has been revoked. |
| 90 // If a scheme is not present in the map, then it has never been granted | 105 // If a scheme is not present in the map, then it has never been granted |
| 91 // or revoked. | 106 // or revoked. |
| 92 SchemeMap scheme_policy_; | 107 SchemeMap scheme_policy_; |
| 93 | 108 |
| 94 // The set of files the renderer is permited to upload to the web. | 109 // The set of files the renderer is permited to upload to the web. |
| 95 FileSet uploadable_files_; | 110 FileMap file_permissions_; |
| 96 | 111 |
| 97 int enabled_bindings_; | 112 int enabled_bindings_; |
| 98 | 113 |
| 99 bool can_read_raw_cookies_; | 114 bool can_read_raw_cookies_; |
| 100 | 115 |
| 101 DISALLOW_COPY_AND_ASSIGN(SecurityState); | 116 DISALLOW_COPY_AND_ASSIGN(SecurityState); |
| 102 }; | 117 }; |
| 103 | 118 |
| 104 ChildProcessSecurityPolicy::ChildProcessSecurityPolicy() { | 119 ChildProcessSecurityPolicy::ChildProcessSecurityPolicy() { |
| 105 // We know about these schemes and believe them to be safe. | 120 // We know about these schemes and believe them to be safe. |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 208 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 223 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
| 209 if (state == security_state_.end()) | 224 if (state == security_state_.end()) |
| 210 return; | 225 return; |
| 211 | 226 |
| 212 // If the renderer has been commanded to request a scheme, then we grant | 227 // If the renderer has been commanded to request a scheme, then we grant |
| 213 // it the capability to request URLs of that scheme. | 228 // it the capability to request URLs of that scheme. |
| 214 state->second->GrantScheme(url.scheme()); | 229 state->second->GrantScheme(url.scheme()); |
| 215 } | 230 } |
| 216 } | 231 } |
| 217 | 232 |
| 218 void ChildProcessSecurityPolicy::GrantUploadFile(int renderer_id, | 233 void ChildProcessSecurityPolicy::GrantReadFile(int renderer_id, |
| 219 const FilePath& file) { | 234 const FilePath& file) { |
| 235 GrantPermissionsForFile(renderer_id, file, kReadFilePermissions); | |
| 236 } | |
| 237 | |
| 238 void ChildProcessSecurityPolicy::GrantPermissionsForFile( | |
| 239 int renderer_id, const FilePath& file, int permissions) { | |
| 220 AutoLock lock(lock_); | 240 AutoLock lock(lock_); |
| 221 | 241 |
| 222 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 242 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
| 223 if (state == security_state_.end()) | 243 if (state == security_state_.end()) |
| 224 return; | 244 return; |
| 225 | 245 |
| 226 state->second->GrantUploadFile(file); | 246 state->second->GrantPermissionsForFile(file, permissions); |
| 227 } | 247 } |
| 228 | 248 |
| 229 void ChildProcessSecurityPolicy::GrantScheme(int renderer_id, | 249 void ChildProcessSecurityPolicy::GrantScheme(int renderer_id, |
| 230 const std::string& scheme) { | 250 const std::string& scheme) { |
| 231 AutoLock lock(lock_); | 251 AutoLock lock(lock_); |
| 232 | 252 |
| 233 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 253 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
| 234 if (state == security_state_.end()) | 254 if (state == security_state_.end()) |
| 235 return; | 255 return; |
| 236 | 256 |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 329 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 349 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
| 330 if (state == security_state_.end()) | 350 if (state == security_state_.end()) |
| 331 return false; | 351 return false; |
| 332 | 352 |
| 333 // Otherwise, we consult the renderer's security state to see if it is | 353 // Otherwise, we consult the renderer's security state to see if it is |
| 334 // allowed to request the URL. | 354 // allowed to request the URL. |
| 335 return state->second->CanRequestURL(url); | 355 return state->second->CanRequestURL(url); |
| 336 } | 356 } |
| 337 } | 357 } |
| 338 | 358 |
| 339 bool ChildProcessSecurityPolicy::CanUploadFile(int renderer_id, | 359 bool ChildProcessSecurityPolicy::CanReadFile(int renderer_id, |
| 340 const FilePath& file) { | 360 const FilePath& file) { |
| 361 return HasPermissionsForFile(renderer_id, file, kReadFilePermissions); | |
| 362 } | |
| 363 | |
| 364 bool ChildProcessSecurityPolicy::HasPermissionsForFile( | |
| 365 int renderer_id, const FilePath& file, int permissions) { | |
| 341 AutoLock lock(lock_); | 366 AutoLock lock(lock_); |
| 342 | 367 |
| 343 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 368 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
| 344 if (state == security_state_.end()) | 369 if (state == security_state_.end()) |
| 345 return false; | 370 return false; |
| 346 | 371 |
| 347 return state->second->CanUploadFile(file); | 372 return state->second->HasPermissionsForFile(file, permissions); |
| 348 } | 373 } |
| 349 | 374 |
| 350 bool ChildProcessSecurityPolicy::HasDOMUIBindings(int renderer_id) { | 375 bool ChildProcessSecurityPolicy::HasDOMUIBindings(int renderer_id) { |
| 351 AutoLock lock(lock_); | 376 AutoLock lock(lock_); |
| 352 | 377 |
| 353 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 378 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
| 354 if (state == security_state_.end()) | 379 if (state == security_state_.end()) |
| 355 return false; | 380 return false; |
| 356 | 381 |
| 357 return state->second->has_dom_ui_bindings(); | 382 return state->second->has_dom_ui_bindings(); |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 369 | 394 |
| 370 bool ChildProcessSecurityPolicy::CanReadRawCookies(int renderer_id) { | 395 bool ChildProcessSecurityPolicy::CanReadRawCookies(int renderer_id) { |
| 371 AutoLock lock(lock_); | 396 AutoLock lock(lock_); |
| 372 | 397 |
| 373 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 398 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
| 374 if (state == security_state_.end()) | 399 if (state == security_state_.end()) |
| 375 return false; | 400 return false; |
| 376 | 401 |
| 377 return state->second->can_read_raw_cookies(); | 402 return state->second->can_read_raw_cookies(); |
| 378 } | 403 } |
| OLD | NEW |
