OLD | NEW |
---|---|
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/child_process_security_policy.h" | 5 #include "chrome/browser/child_process_security_policy.h" |
6 | 6 |
7 #include "base/file_path.h" | 7 #include "base/file_path.h" |
8 #include "base/logging.h" | 8 #include "base/logging.h" |
9 #include "base/platform_file.h" | |
9 #include "base/stl_util-inl.h" | 10 #include "base/stl_util-inl.h" |
10 #include "base/string_util.h" | 11 #include "base/string_util.h" |
11 #include "chrome/common/bindings_policy.h" | 12 #include "chrome/common/bindings_policy.h" |
12 #include "chrome/common/url_constants.h" | 13 #include "chrome/common/url_constants.h" |
13 #include "googleurl/src/gurl.h" | 14 #include "googleurl/src/gurl.h" |
14 #include "net/url_request/url_request.h" | 15 #include "net/url_request/url_request.h" |
15 | 16 |
17 const int kReadFilePermissions = | |
darin (slow to review)
2010/09/28 06:18:27
nit: mark this as 'static'
| |
18 base::PLATFORM_FILE_OPEN | | |
19 base::PLATFORM_FILE_READ | | |
20 base::PLATFORM_FILE_EXCLUSIVE_READ | | |
21 base::PLATFORM_FILE_ASYNC; | |
22 | |
16 // The SecurityState class is used to maintain per-renderer security state | 23 // The SecurityState class is used to maintain per-renderer security state |
17 // information. | 24 // information. |
18 class ChildProcessSecurityPolicy::SecurityState { | 25 class ChildProcessSecurityPolicy::SecurityState { |
19 public: | 26 public: |
20 SecurityState() | 27 SecurityState() |
21 : enabled_bindings_(0), | 28 : enabled_bindings_(0), |
22 can_read_raw_cookies_(false) { } | 29 can_read_raw_cookies_(false) { } |
23 ~SecurityState() { | 30 ~SecurityState() { |
24 scheme_policy_.clear(); | 31 scheme_policy_.clear(); |
25 } | 32 } |
26 | 33 |
27 // Grant permission to request URLs with the specified scheme. | 34 // Grant permission to request URLs with the specified scheme. |
28 void GrantScheme(const std::string& scheme) { | 35 void GrantScheme(const std::string& scheme) { |
29 scheme_policy_[scheme] = true; | 36 scheme_policy_[scheme] = true; |
30 } | 37 } |
31 | 38 |
32 // Revoke permission to request URLs with the specified scheme. | 39 // Revoke permission to request URLs with the specified scheme. |
33 void RevokeScheme(const std::string& scheme) { | 40 void RevokeScheme(const std::string& scheme) { |
34 scheme_policy_[scheme] = false; | 41 scheme_policy_[scheme] = false; |
35 } | 42 } |
36 | 43 |
37 // Grant permission to upload the specified file to the web. | 44 // Grant certain permissions to a file. |
38 void GrantUploadFile(const FilePath& file) { | 45 void GrantPermissionsForFile(const FilePath& file, int permissions) { |
39 uploadable_files_.insert(file); | 46 file_permissions_[file.StripTrailingSeparators()] |= permissions; |
40 } | 47 } |
41 | 48 |
42 void GrantBindings(int bindings) { | 49 void GrantBindings(int bindings) { |
43 enabled_bindings_ |= bindings; | 50 enabled_bindings_ |= bindings; |
44 } | 51 } |
45 | 52 |
46 void GrantReadRawCookies() { | 53 void GrantReadRawCookies() { |
47 can_read_raw_cookies_ = true; | 54 can_read_raw_cookies_ = true; |
48 } | 55 } |
49 | 56 |
50 void RevokeReadRawCookies() { | 57 void RevokeReadRawCookies() { |
51 can_read_raw_cookies_ = false; | 58 can_read_raw_cookies_ = false; |
52 } | 59 } |
53 | 60 |
54 // Determine whether permission has been granted to request url. | 61 // Determine whether permission has been granted to request url. |
55 // Schemes that have not been granted default to being denied. | 62 // Schemes that have not been granted default to being denied. |
56 bool CanRequestURL(const GURL& url) { | 63 bool CanRequestURL(const GURL& url) { |
57 SchemeMap::const_iterator judgment(scheme_policy_.find(url.scheme())); | 64 SchemeMap::const_iterator judgment(scheme_policy_.find(url.scheme())); |
58 | 65 |
59 if (judgment == scheme_policy_.end()) | 66 if (judgment == scheme_policy_.end()) |
60 return false; // Unmentioned schemes are disallowed. | 67 return false; // Unmentioned schemes are disallowed. |
61 | 68 |
62 return judgment->second; | 69 return judgment->second; |
63 } | 70 } |
64 | 71 |
65 // Determine whether permission has been granted to upload file. | 72 // Determine if the certain permissions have been granted to a file. |
66 // Files that have not been granted default to being denied. | 73 bool HasPermissionsForFile(const FilePath& file, int permissions) { |
67 bool CanUploadFile(const FilePath& file) { | 74 FilePath current_path = file.StripTrailingSeparators(); |
68 return uploadable_files_.find(file) != uploadable_files_.end(); | 75 FilePath last_path; |
76 while (current_path != last_path) { | |
77 if (file_permissions_.find(current_path) != file_permissions_.end()) | |
78 return (file_permissions_[current_path] & permissions) == permissions; | |
79 last_path = current_path; | |
80 current_path = current_path.DirName(); | |
81 } | |
82 | |
83 return false; | |
69 } | 84 } |
70 | 85 |
71 bool has_dom_ui_bindings() const { | 86 bool has_dom_ui_bindings() const { |
72 return BindingsPolicy::is_dom_ui_enabled(enabled_bindings_); | 87 return BindingsPolicy::is_dom_ui_enabled(enabled_bindings_); |
73 } | 88 } |
74 | 89 |
75 bool has_extension_bindings() const { | 90 bool has_extension_bindings() const { |
76 return BindingsPolicy::is_extension_enabled(enabled_bindings_); | 91 return BindingsPolicy::is_extension_enabled(enabled_bindings_); |
77 } | 92 } |
78 | 93 |
79 bool can_read_raw_cookies() const { | 94 bool can_read_raw_cookies() const { |
80 return can_read_raw_cookies_; | 95 return can_read_raw_cookies_; |
81 } | 96 } |
82 | 97 |
83 private: | 98 private: |
84 typedef std::map<std::string, bool> SchemeMap; | 99 typedef std::map<std::string, bool> SchemeMap; |
85 typedef std::set<FilePath> FileSet; | 100 typedef std::map<FilePath, int> FileMap; // bit-set of PlatformFileFlags |
darin (slow to review)
2010/09/28 06:18:27
nit: two spaces before the '//'
| |
86 | 101 |
87 // Maps URL schemes to whether permission has been granted or revoked: | 102 // Maps URL schemes to whether permission has been granted or revoked: |
88 // |true| means the scheme has been granted. | 103 // |true| means the scheme has been granted. |
89 // |false| means the scheme has been revoked. | 104 // |false| means the scheme has been revoked. |
90 // If a scheme is not present in the map, then it has never been granted | 105 // If a scheme is not present in the map, then it has never been granted |
91 // or revoked. | 106 // or revoked. |
92 SchemeMap scheme_policy_; | 107 SchemeMap scheme_policy_; |
93 | 108 |
94 // The set of files the renderer is permited to upload to the web. | 109 // The set of files the renderer is permited to upload to the web. |
95 FileSet uploadable_files_; | 110 FileMap file_permissions_; |
96 | 111 |
97 int enabled_bindings_; | 112 int enabled_bindings_; |
98 | 113 |
99 bool can_read_raw_cookies_; | 114 bool can_read_raw_cookies_; |
100 | 115 |
101 DISALLOW_COPY_AND_ASSIGN(SecurityState); | 116 DISALLOW_COPY_AND_ASSIGN(SecurityState); |
102 }; | 117 }; |
103 | 118 |
104 ChildProcessSecurityPolicy::ChildProcessSecurityPolicy() { | 119 ChildProcessSecurityPolicy::ChildProcessSecurityPolicy() { |
105 // We know about these schemes and believe them to be safe. | 120 // We know about these schemes and believe them to be safe. |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
208 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 223 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
209 if (state == security_state_.end()) | 224 if (state == security_state_.end()) |
210 return; | 225 return; |
211 | 226 |
212 // If the renderer has been commanded to request a scheme, then we grant | 227 // If the renderer has been commanded to request a scheme, then we grant |
213 // it the capability to request URLs of that scheme. | 228 // it the capability to request URLs of that scheme. |
214 state->second->GrantScheme(url.scheme()); | 229 state->second->GrantScheme(url.scheme()); |
215 } | 230 } |
216 } | 231 } |
217 | 232 |
218 void ChildProcessSecurityPolicy::GrantUploadFile(int renderer_id, | 233 void ChildProcessSecurityPolicy::GrantReadFile(int renderer_id, |
219 const FilePath& file) { | 234 const FilePath& file) { |
235 GrantPermissionsForFile(renderer_id, file, kReadFilePermissions); | |
236 } | |
237 | |
238 void ChildProcessSecurityPolicy::GrantPermissionsForFile( | |
239 int renderer_id, const FilePath& file, int permissions) { | |
220 AutoLock lock(lock_); | 240 AutoLock lock(lock_); |
221 | 241 |
222 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 242 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
223 if (state == security_state_.end()) | 243 if (state == security_state_.end()) |
224 return; | 244 return; |
225 | 245 |
226 state->second->GrantUploadFile(file); | 246 state->second->GrantPermissionsForFile(file, permissions); |
227 } | 247 } |
228 | 248 |
229 void ChildProcessSecurityPolicy::GrantScheme(int renderer_id, | 249 void ChildProcessSecurityPolicy::GrantScheme(int renderer_id, |
230 const std::string& scheme) { | 250 const std::string& scheme) { |
231 AutoLock lock(lock_); | 251 AutoLock lock(lock_); |
232 | 252 |
233 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 253 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
234 if (state == security_state_.end()) | 254 if (state == security_state_.end()) |
235 return; | 255 return; |
236 | 256 |
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
329 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 349 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
330 if (state == security_state_.end()) | 350 if (state == security_state_.end()) |
331 return false; | 351 return false; |
332 | 352 |
333 // Otherwise, we consult the renderer's security state to see if it is | 353 // Otherwise, we consult the renderer's security state to see if it is |
334 // allowed to request the URL. | 354 // allowed to request the URL. |
335 return state->second->CanRequestURL(url); | 355 return state->second->CanRequestURL(url); |
336 } | 356 } |
337 } | 357 } |
338 | 358 |
339 bool ChildProcessSecurityPolicy::CanUploadFile(int renderer_id, | 359 bool ChildProcessSecurityPolicy::CanReadFile(int renderer_id, |
340 const FilePath& file) { | 360 const FilePath& file) { |
361 return HasPermissionsForFile(renderer_id, file, kReadFilePermissions); | |
362 } | |
363 | |
364 bool ChildProcessSecurityPolicy::HasPermissionsForFile( | |
365 int renderer_id, const FilePath& file, int permissions) { | |
341 AutoLock lock(lock_); | 366 AutoLock lock(lock_); |
342 | 367 |
343 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 368 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
344 if (state == security_state_.end()) | 369 if (state == security_state_.end()) |
345 return false; | 370 return false; |
346 | 371 |
347 return state->second->CanUploadFile(file); | 372 return state->second->HasPermissionsForFile(file, permissions); |
348 } | 373 } |
349 | 374 |
350 bool ChildProcessSecurityPolicy::HasDOMUIBindings(int renderer_id) { | 375 bool ChildProcessSecurityPolicy::HasDOMUIBindings(int renderer_id) { |
351 AutoLock lock(lock_); | 376 AutoLock lock(lock_); |
352 | 377 |
353 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 378 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
354 if (state == security_state_.end()) | 379 if (state == security_state_.end()) |
355 return false; | 380 return false; |
356 | 381 |
357 return state->second->has_dom_ui_bindings(); | 382 return state->second->has_dom_ui_bindings(); |
(...skipping 11 matching lines...) Expand all Loading... | |
369 | 394 |
370 bool ChildProcessSecurityPolicy::CanReadRawCookies(int renderer_id) { | 395 bool ChildProcessSecurityPolicy::CanReadRawCookies(int renderer_id) { |
371 AutoLock lock(lock_); | 396 AutoLock lock(lock_); |
372 | 397 |
373 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 398 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
374 if (state == security_state_.end()) | 399 if (state == security_state_.end()) |
375 return false; | 400 return false; |
376 | 401 |
377 return state->second->can_read_raw_cookies(); | 402 return state->second->can_read_raw_cookies(); |
378 } | 403 } |
OLD | NEW |