Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(246)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/child_process_security_policy.cc

Issue 6623015: Add a path for a web page to request the enumeration of a directory. This, t... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/browser/child_process_security_policy.h ('k') | content/browser/child_process_security_policy_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/child_process_security_policy.h" 5 #include "content/browser/child_process_security_policy.h"
6 6
7 #include "base/file_path.h" 7 #include "base/file_path.h"
8 #include "base/logging.h" 8 #include "base/logging.h"
9 #include "base/platform_file.h" 9 #include "base/platform_file.h"
10 #include "base/stl_util-inl.h" 10 #include "base/stl_util-inl.h"
11 #include "base/string_util.h" 11 #include "base/string_util.h"
12 #include "chrome/common/bindings_policy.h" 12 #include "chrome/common/bindings_policy.h"
13 #include "chrome/common/url_constants.h" 13 #include "chrome/common/url_constants.h"
14 #include "googleurl/src/gurl.h" 14 #include "googleurl/src/gurl.h"
15 #include "net/url_request/url_request.h" 15 #include "net/url_request/url_request.h"
16 16
17 static const int kReadFilePermissions = 17 static const int kReadFilePermissions =
18 base::PLATFORM_FILE_OPEN | 18 base::PLATFORM_FILE_OPEN |
19 base::PLATFORM_FILE_READ | 19 base::PLATFORM_FILE_READ |
20 base::PLATFORM_FILE_EXCLUSIVE_READ | 20 base::PLATFORM_FILE_EXCLUSIVE_READ |
21 base::PLATFORM_FILE_ASYNC; 21 base::PLATFORM_FILE_ASYNC;
22 22
23 static const int kEnumerateDirectoryPermissions =
24 kReadFilePermissions |
25 base::PLATFORM_FILE_ENUMERATE;
26
23 // The SecurityState class is used to maintain per-child process security state 27 // The SecurityState class is used to maintain per-child process security state
24 // information. 28 // information.
25 class ChildProcessSecurityPolicy::SecurityState { 29 class ChildProcessSecurityPolicy::SecurityState {
26 public: 30 public:
27 SecurityState() 31 SecurityState()
28 : enabled_bindings_(0), 32 : enabled_bindings_(0),
29 can_read_raw_cookies_(false) { } 33 can_read_raw_cookies_(false) { }
30 ~SecurityState() { 34 ~SecurityState() {
31 scheme_policy_.clear(); 35 scheme_policy_.clear();
32 } 36 }
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after
234 // grant it the capability to request URLs of that scheme. 238 // grant it the capability to request URLs of that scheme.
235 state->second->GrantScheme(url.scheme()); 239 state->second->GrantScheme(url.scheme());
236 } 240 }
237 } 241 }
238 242
239 void ChildProcessSecurityPolicy::GrantReadFile(int child_id, 243 void ChildProcessSecurityPolicy::GrantReadFile(int child_id,
240 const FilePath& file) { 244 const FilePath& file) {
241 GrantPermissionsForFile(child_id, file, kReadFilePermissions); 245 GrantPermissionsForFile(child_id, file, kReadFilePermissions);
242 } 246 }
243 247
248 void ChildProcessSecurityPolicy::GrantReadDirectory(int child_id,
249 const FilePath& directory) {
250 GrantPermissionsForFile(child_id, directory, kEnumerateDirectoryPermissions);
251 }
252
244 void ChildProcessSecurityPolicy::GrantPermissionsForFile( 253 void ChildProcessSecurityPolicy::GrantPermissionsForFile(
245 int child_id, const FilePath& file, int permissions) { 254 int child_id, const FilePath& file, int permissions) {
246 base::AutoLock lock(lock_); 255 base::AutoLock lock(lock_);
247 256
248 SecurityStateMap::iterator state = security_state_.find(child_id); 257 SecurityStateMap::iterator state = security_state_.find(child_id);
249 if (state == security_state_.end()) 258 if (state == security_state_.end())
250 return; 259 return;
251 260
252 state->second->GrantPermissionsForFile(file, permissions); 261 state->second->GrantPermissionsForFile(file, permissions);
253 } 262 }
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after
365 // allowed to request the URL. 374 // allowed to request the URL.
366 return state->second->CanRequestURL(url); 375 return state->second->CanRequestURL(url);
367 } 376 }
368 } 377 }
369 378
370 bool ChildProcessSecurityPolicy::CanReadFile(int child_id, 379 bool ChildProcessSecurityPolicy::CanReadFile(int child_id,
371 const FilePath& file) { 380 const FilePath& file) {
372 return HasPermissionsForFile(child_id, file, kReadFilePermissions); 381 return HasPermissionsForFile(child_id, file, kReadFilePermissions);
373 } 382 }
374 383
384 bool ChildProcessSecurityPolicy::CanReadDirectory(int child_id,
385 const FilePath& directory) {
386 return HasPermissionsForFile(child_id,
387 directory,
388 kEnumerateDirectoryPermissions);
389 }
390
375 bool ChildProcessSecurityPolicy::HasPermissionsForFile( 391 bool ChildProcessSecurityPolicy::HasPermissionsForFile(
376 int child_id, const FilePath& file, int permissions) { 392 int child_id, const FilePath& file, int permissions) {
377 base::AutoLock lock(lock_); 393 base::AutoLock lock(lock_);
378 394
379 SecurityStateMap::iterator state = security_state_.find(child_id); 395 SecurityStateMap::iterator state = security_state_.find(child_id);
380 if (state == security_state_.end()) 396 if (state == security_state_.end())
381 return false; 397 return false;
382 398
383 return state->second->HasPermissionsForFile(file, permissions); 399 return state->second->HasPermissionsForFile(file, permissions);
384 } 400 }
(...skipping 20 matching lines...) Expand all
405 421
406 bool ChildProcessSecurityPolicy::CanReadRawCookies(int child_id) { 422 bool ChildProcessSecurityPolicy::CanReadRawCookies(int child_id) {
407 base::AutoLock lock(lock_); 423 base::AutoLock lock(lock_);
408 424
409 SecurityStateMap::iterator state = security_state_.find(child_id); 425 SecurityStateMap::iterator state = security_state_.find(child_id);
410 if (state == security_state_.end()) 426 if (state == security_state_.end())
411 return false; 427 return false;
412 428
413 return state->second->can_read_raw_cookies(); 429 return state->second->can_read_raw_cookies();
414 } 430 }
OLDNEW
« no previous file with comments | « content/browser/child_process_security_policy.h ('k') | content/browser/child_process_security_policy_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698