OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 5 #ifndef CHROME_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
6 #define CHROME_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 6 #define CHROME_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
7 | 7 |
8 #pragma once | 8 #pragma once |
9 | 9 |
10 #include <map> | 10 #include <map> |
11 #include <set> | 11 #include <set> |
12 #include <string> | 12 #include <string> |
13 | 13 |
14 #include "base/basictypes.h" | 14 #include "base/basictypes.h" |
15 #include "base/gtest_prod_util.h" | 15 #include "base/gtest_prod_util.h" |
16 #include "base/lock.h" | |
17 #include "base/singleton.h" | 16 #include "base/singleton.h" |
| 17 #include "base/synchronization/lock.h" |
18 | 18 |
19 class FilePath; | 19 class FilePath; |
20 class GURL; | 20 class GURL; |
21 | 21 |
22 // The ChildProcessSecurityPolicy class is used to grant and revoke security | 22 // The ChildProcessSecurityPolicy class is used to grant and revoke security |
23 // capabilities for child porcesses. For example, it restricts whether a child | 23 // capabilities for child porcesses. For example, it restricts whether a child |
24 // process is permmitted to loaded file:// URLs based on whether the process | 24 // process is permmitted to loaded file:// URLs based on whether the process |
25 // has ever been commanded to load file:// URLs by the browser. | 25 // has ever been commanded to load file:// URLs by the browser. |
26 // | 26 // |
27 // ChildProcessSecurityPolicy is a singleton that may be used on any thread. | 27 // ChildProcessSecurityPolicy is a singleton that may be used on any thread. |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
134 | 134 |
135 typedef std::set<std::string> SchemeSet; | 135 typedef std::set<std::string> SchemeSet; |
136 typedef std::map<int, SecurityState*> SecurityStateMap; | 136 typedef std::map<int, SecurityState*> SecurityStateMap; |
137 | 137 |
138 // Obtain an instance of ChildProcessSecurityPolicy via GetInstance(). | 138 // Obtain an instance of ChildProcessSecurityPolicy via GetInstance(). |
139 ChildProcessSecurityPolicy(); | 139 ChildProcessSecurityPolicy(); |
140 friend struct DefaultSingletonTraits<ChildProcessSecurityPolicy>; | 140 friend struct DefaultSingletonTraits<ChildProcessSecurityPolicy>; |
141 | 141 |
142 // You must acquire this lock before reading or writing any members of this | 142 // You must acquire this lock before reading or writing any members of this |
143 // class. You must not block while holding this lock. | 143 // class. You must not block while holding this lock. |
144 Lock lock_; | 144 base::Lock lock_; |
145 | 145 |
146 // These schemes are white-listed for all child processes. This set is | 146 // These schemes are white-listed for all child processes. This set is |
147 // protected by |lock_|. | 147 // protected by |lock_|. |
148 SchemeSet web_safe_schemes_; | 148 SchemeSet web_safe_schemes_; |
149 | 149 |
150 // These schemes do not actually represent retrievable URLs. For example, | 150 // These schemes do not actually represent retrievable URLs. For example, |
151 // the the URLs in the "about" scheme are aliases to other URLs. This set is | 151 // the the URLs in the "about" scheme are aliases to other URLs. This set is |
152 // protected by |lock_|. | 152 // protected by |lock_|. |
153 SchemeSet pseudo_schemes_; | 153 SchemeSet pseudo_schemes_; |
154 | 154 |
155 // This map holds a SecurityState for each child process. The key for the | 155 // This map holds a SecurityState for each child process. The key for the |
156 // map is the ID of the ChildProcessHost. The SecurityState objects are | 156 // map is the ID of the ChildProcessHost. The SecurityState objects are |
157 // owned by this object and are protected by |lock_|. References to them must | 157 // owned by this object and are protected by |lock_|. References to them must |
158 // not escape this class. | 158 // not escape this class. |
159 SecurityStateMap security_state_; | 159 SecurityStateMap security_state_; |
160 | 160 |
161 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicy); | 161 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicy); |
162 }; | 162 }; |
163 | 163 |
164 #endif // CHROME_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 164 #endif // CHROME_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
OLD | NEW |