OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy.h" | 5 #include "content/browser/child_process_security_policy.h" |
6 | 6 |
7 #include "base/file_path.h" | 7 #include "base/file_path.h" |
8 #include "base/logging.h" | 8 #include "base/logging.h" |
9 #include "base/platform_file.h" | 9 #include "base/platform_file.h" |
10 #include "base/stl_util-inl.h" | 10 #include "base/stl_util-inl.h" |
11 #include "base/string_util.h" | 11 #include "base/string_util.h" |
12 #include "chrome/common/bindings_policy.h" | 12 #include "chrome/common/bindings_policy.h" |
13 #include "chrome/common/url_constants.h" | 13 #include "chrome/common/url_constants.h" |
14 #include "googleurl/src/gurl.h" | 14 #include "googleurl/src/gurl.h" |
15 #include "net/url_request/url_request.h" | 15 #include "net/url_request/url_request.h" |
16 | 16 |
17 static const int kReadFilePermissions = | 17 static const int kReadFilePermissions = |
18 base::PLATFORM_FILE_OPEN | | 18 base::PLATFORM_FILE_OPEN | |
19 base::PLATFORM_FILE_READ | | 19 base::PLATFORM_FILE_READ | |
20 base::PLATFORM_FILE_EXCLUSIVE_READ | | 20 base::PLATFORM_FILE_EXCLUSIVE_READ | |
21 base::PLATFORM_FILE_ASYNC; | 21 base::PLATFORM_FILE_ASYNC; |
22 | 22 |
| 23 static const int kEnumerateDirectoryPermissions = |
| 24 kReadFilePermissions | |
| 25 base::PLATFORM_FILE_ENUMERATE; |
| 26 |
23 // The SecurityState class is used to maintain per-child process security state | 27 // The SecurityState class is used to maintain per-child process security state |
24 // information. | 28 // information. |
25 class ChildProcessSecurityPolicy::SecurityState { | 29 class ChildProcessSecurityPolicy::SecurityState { |
26 public: | 30 public: |
27 SecurityState() | 31 SecurityState() |
28 : enabled_bindings_(0), | 32 : enabled_bindings_(0), |
29 can_read_raw_cookies_(false) { } | 33 can_read_raw_cookies_(false) { } |
30 ~SecurityState() { | 34 ~SecurityState() { |
31 scheme_policy_.clear(); | 35 scheme_policy_.clear(); |
32 } | 36 } |
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
234 // grant it the capability to request URLs of that scheme. | 238 // grant it the capability to request URLs of that scheme. |
235 state->second->GrantScheme(url.scheme()); | 239 state->second->GrantScheme(url.scheme()); |
236 } | 240 } |
237 } | 241 } |
238 | 242 |
239 void ChildProcessSecurityPolicy::GrantReadFile(int child_id, | 243 void ChildProcessSecurityPolicy::GrantReadFile(int child_id, |
240 const FilePath& file) { | 244 const FilePath& file) { |
241 GrantPermissionsForFile(child_id, file, kReadFilePermissions); | 245 GrantPermissionsForFile(child_id, file, kReadFilePermissions); |
242 } | 246 } |
243 | 247 |
| 248 void ChildProcessSecurityPolicy::GrantReadDirectory(int child_id, |
| 249 const FilePath& directory) { |
| 250 GrantPermissionsForFile(child_id, directory, kEnumerateDirectoryPermissions); |
| 251 } |
| 252 |
244 void ChildProcessSecurityPolicy::GrantPermissionsForFile( | 253 void ChildProcessSecurityPolicy::GrantPermissionsForFile( |
245 int child_id, const FilePath& file, int permissions) { | 254 int child_id, const FilePath& file, int permissions) { |
246 base::AutoLock lock(lock_); | 255 base::AutoLock lock(lock_); |
247 | 256 |
248 SecurityStateMap::iterator state = security_state_.find(child_id); | 257 SecurityStateMap::iterator state = security_state_.find(child_id); |
249 if (state == security_state_.end()) | 258 if (state == security_state_.end()) |
250 return; | 259 return; |
251 | 260 |
252 state->second->GrantPermissionsForFile(file, permissions); | 261 state->second->GrantPermissionsForFile(file, permissions); |
253 } | 262 } |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
365 // allowed to request the URL. | 374 // allowed to request the URL. |
366 return state->second->CanRequestURL(url); | 375 return state->second->CanRequestURL(url); |
367 } | 376 } |
368 } | 377 } |
369 | 378 |
370 bool ChildProcessSecurityPolicy::CanReadFile(int child_id, | 379 bool ChildProcessSecurityPolicy::CanReadFile(int child_id, |
371 const FilePath& file) { | 380 const FilePath& file) { |
372 return HasPermissionsForFile(child_id, file, kReadFilePermissions); | 381 return HasPermissionsForFile(child_id, file, kReadFilePermissions); |
373 } | 382 } |
374 | 383 |
| 384 bool ChildProcessSecurityPolicy::CanReadDirectory(int child_id, |
| 385 const FilePath& directory) { |
| 386 return HasPermissionsForFile(child_id, |
| 387 directory, |
| 388 kEnumerateDirectoryPermissions); |
| 389 } |
| 390 |
375 bool ChildProcessSecurityPolicy::HasPermissionsForFile( | 391 bool ChildProcessSecurityPolicy::HasPermissionsForFile( |
376 int child_id, const FilePath& file, int permissions) { | 392 int child_id, const FilePath& file, int permissions) { |
377 base::AutoLock lock(lock_); | 393 base::AutoLock lock(lock_); |
378 | 394 |
379 SecurityStateMap::iterator state = security_state_.find(child_id); | 395 SecurityStateMap::iterator state = security_state_.find(child_id); |
380 if (state == security_state_.end()) | 396 if (state == security_state_.end()) |
381 return false; | 397 return false; |
382 | 398 |
383 return state->second->HasPermissionsForFile(file, permissions); | 399 return state->second->HasPermissionsForFile(file, permissions); |
384 } | 400 } |
(...skipping 20 matching lines...) Expand all Loading... |
405 | 421 |
406 bool ChildProcessSecurityPolicy::CanReadRawCookies(int child_id) { | 422 bool ChildProcessSecurityPolicy::CanReadRawCookies(int child_id) { |
407 base::AutoLock lock(lock_); | 423 base::AutoLock lock(lock_); |
408 | 424 |
409 SecurityStateMap::iterator state = security_state_.find(child_id); | 425 SecurityStateMap::iterator state = security_state_.find(child_id); |
410 if (state == security_state_.end()) | 426 if (state == security_state_.end()) |
411 return false; | 427 return false; |
412 | 428 |
413 return state->second->can_read_raw_cookies(); | 429 return state->second->can_read_raw_cookies(); |
414 } | 430 } |
OLD | NEW |