Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(63)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/renderer_host/resource_message_filter.cc

Issue 3431032: Change ChildProcessSecurityPolicy to store a list of allowed flags for... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 10 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/browser/child_process_security_policy.cc ('K') | « chrome/browser/renderer_host/resource_dispatcher_host.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/renderer_host/resource_message_filter.h" 5 #include "chrome/browser/renderer_host/resource_message_filter.h"
6 6
7 #include "app/clipboard/clipboard.h" 7 #include "app/clipboard/clipboard.h"
8 #include "base/callback.h" 8 #include "base/callback.h"
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #if defined(OS_POSIX) 10 #if defined(OS_POSIX)
(...skipping 1431 matching lines...) Expand 10 before | Expand all | Expand 10 after
1442 net::HttpNetworkLayer::EnableSpdy("npn,force-alt-protocols"); 1442 net::HttpNetworkLayer::EnableSpdy("npn,force-alt-protocols");
1443 } else { 1443 } else {
1444 net::HttpNetworkLayer::EnableSpdy("npn-http"); 1444 net::HttpNetworkLayer::EnableSpdy("npn-http");
1445 } 1445 }
1446 } 1446 }
1447 1447
1448 void ResourceMessageFilter::OnGetFileSize(const FilePath& path, 1448 void ResourceMessageFilter::OnGetFileSize(const FilePath& path,
1449 IPC::Message* reply_msg) { 1449 IPC::Message* reply_msg) {
1450 // Get file size only when the child process has been granted permission to 1450 // Get file size only when the child process has been granted permission to
1451 // upload the file. 1451 // upload the file.
1452 if (!ChildProcessSecurityPolicy::GetInstance()->CanUploadFile(id(), path)) { 1452 if (!ChildProcessSecurityPolicy::GetInstance()->CanReadFile(id(), path)) {
1453 ViewHostMsg_GetFileSize::WriteReplyParams( 1453 ViewHostMsg_GetFileSize::WriteReplyParams(
1454 reply_msg, static_cast<int64>(-1)); 1454 reply_msg, static_cast<int64>(-1));
1455 Send(reply_msg); 1455 Send(reply_msg);
1456 return; 1456 return;
1457 } 1457 }
1458 1458
1459 // Getting file size could take long time if it lives on a network share, 1459 // Getting file size could take long time if it lives on a network share,
1460 // so run it on FILE thread. 1460 // so run it on FILE thread.
1461 ChromeThread::PostTask( 1461 ChromeThread::PostTask(
1462 ChromeThread::FILE, FROM_HERE, 1462 ChromeThread::FILE, FROM_HERE,
1463 NewRunnableMethod( 1463 NewRunnableMethod(
1464 this, &ResourceMessageFilter::OnGetFileInfoOnFileThread, path, 1464 this, &ResourceMessageFilter::OnGetFileInfoOnFileThread, path,
1465 reply_msg, &WriteFileSize)); 1465 reply_msg, &WriteFileSize));
1466 } 1466 }
1467 1467
1468 void ResourceMessageFilter::OnGetFileModificationTime(const FilePath& path, 1468 void ResourceMessageFilter::OnGetFileModificationTime(const FilePath& path,
1469 IPC::Message* reply_msg) { 1469 IPC::Message* reply_msg) {
1470 // Get file modification time only when the child process has been granted 1470 // Get file modification time only when the child process has been granted
1471 // permission to upload the file. 1471 // permission to upload the file.
1472 if (!ChildProcessSecurityPolicy::GetInstance()->CanUploadFile(id(), path)) { 1472 if (!ChildProcessSecurityPolicy::GetInstance()->CanReadFile(id(), path)) {
1473 ViewHostMsg_GetFileModificationTime::WriteReplyParams(reply_msg, 1473 ViewHostMsg_GetFileModificationTime::WriteReplyParams(reply_msg,
1474 base::Time()); 1474 base::Time());
1475 Send(reply_msg); 1475 Send(reply_msg);
1476 return; 1476 return;
1477 } 1477 }
1478 1478
1479 // Getting file modification time could take a long time if it lives on a 1479 // Getting file modification time could take a long time if it lives on a
1480 // network share, so run it on the FILE thread. 1480 // network share, so run it on the FILE thread.
1481 ChromeThread::PostTask( 1481 ChromeThread::PostTask(
1482 ChromeThread::FILE, FROM_HERE, 1482 ChromeThread::FILE, FROM_HERE,
(...skipping 18 matching lines...) Expand all
1501 ChromeThread::IO, FROM_HERE, 1501 ChromeThread::IO, FROM_HERE,
1502 NewRunnableMethod(this, &ResourceMessageFilter::Send, reply_msg)); 1502 NewRunnableMethod(this, &ResourceMessageFilter::Send, reply_msg));
1503 } 1503 }
1504 1504
1505 void ResourceMessageFilter::OnOpenFile(const FilePath& path, 1505 void ResourceMessageFilter::OnOpenFile(const FilePath& path,
1506 int mode, 1506 int mode,
1507 IPC::Message* reply_msg) { 1507 IPC::Message* reply_msg) {
1508 // Open the file only when the child process has been granted permission to 1508 // Open the file only when the child process has been granted permission to
1509 // upload the file. 1509 // upload the file.
1510 // TODO(jianli): Do we need separate permission to control opening the file? 1510 // TODO(jianli): Do we need separate permission to control opening the file?
1511 if (!ChildProcessSecurityPolicy::GetInstance()->CanUploadFile(id(), path)) { 1511 if (!ChildProcessSecurityPolicy::GetInstance()->CanReadFile(id(), path)) {
1512 ViewHostMsg_OpenFile::WriteReplyParams( 1512 ViewHostMsg_OpenFile::WriteReplyParams(
1513 reply_msg, 1513 reply_msg,
1514 #if defined(OS_WIN) 1514 #if defined(OS_WIN)
1515 base::kInvalidPlatformFileValue 1515 base::kInvalidPlatformFileValue
1516 #elif defined(OS_POSIX) 1516 #elif defined(OS_POSIX)
1517 base::FileDescriptor(base::kInvalidPlatformFileValue, true) 1517 base::FileDescriptor(base::kInvalidPlatformFileValue, true)
1518 #endif 1518 #endif
1519 ); 1519 );
1520 Send(reply_msg); 1520 Send(reply_msg);
1521 return; 1521 return;
(...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after
1695 ChromeThread::IO, FROM_HERE, 1695 ChromeThread::IO, FROM_HERE,
1696 NewRunnableMethod(this, &ResourceMessageFilter::Send, reply_msg)); 1696 NewRunnableMethod(this, &ResourceMessageFilter::Send, reply_msg));
1697 } 1697 }
1698 1698
1699 void ResourceMessageFilter::OnAsyncOpenFile(const IPC::Message& msg, 1699 void ResourceMessageFilter::OnAsyncOpenFile(const IPC::Message& msg,
1700 const FilePath& path, 1700 const FilePath& path,
1701 int flags, 1701 int flags,
1702 int message_id) { 1702 int message_id) {
1703 DCHECK(ChromeThread::CurrentlyOn(ChromeThread::IO)); 1703 DCHECK(ChromeThread::CurrentlyOn(ChromeThread::IO));
1704 1704
1705 if (!ChildProcessSecurityPolicy::GetInstance()->CanUploadFile(id(), path)) { 1705 if (!ChildProcessSecurityPolicy::GetInstance()->CanReadFile(id(), path)) {
1706 IPC::Message* reply = new ViewMsg_AsyncOpenFile_ACK( 1706 IPC::Message* reply = new ViewMsg_AsyncOpenFile_ACK(
1707 msg.routing_id(), base::PLATFORM_FILE_ERROR_ACCESS_DENIED, 1707 msg.routing_id(), base::PLATFORM_FILE_ERROR_ACCESS_DENIED,
1708 IPC::InvalidPlatformFileForTransit(), message_id); 1708 IPC::InvalidPlatformFileForTransit(), message_id);
1709 Send(reply); 1709 Send(reply);
1710 return; 1710 return;
1711 } 1711 }
1712 1712
1713 // TODO(dumi): update this check once we have a security attribute 1713 // TODO(dumi): update this check once we have a security attribute
1714 // that allows renderers to modify files. 1714 // that allows renderers to modify files.
1715 int allowed_flags = 1715 int allowed_flags =
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
1832 1832
1833 ViewHostMsg_GetRawCookies::WriteReplyParams(reply_msg_, cookies); 1833 ViewHostMsg_GetRawCookies::WriteReplyParams(reply_msg_, cookies);
1834 filter_->Send(reply_msg_); 1834 filter_->Send(reply_msg_);
1835 delete this; 1835 delete this;
1836 } 1836 }
1837 } 1837 }
1838 1838
1839 void GetCookiesCompletion::set_cookie_store(CookieStore* cookie_store) { 1839 void GetCookiesCompletion::set_cookie_store(CookieStore* cookie_store) {
1840 cookie_store_ = cookie_store; 1840 cookie_store_ = cookie_store;
1841 } 1841 }
OLDNEW
« chrome/browser/child_process_security_policy.cc ('K') | « chrome/browser/renderer_host/resource_dispatcher_host.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698