OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
7 | 7 |
8 #pragma once | 8 #pragma once |
9 | 9 |
10 #include <map> | 10 #include <map> |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
64 // Whenever the browser processes commands the child process to request a URL, | 64 // Whenever the browser processes commands the child process to request a URL, |
65 // it should call this method to grant the child process the capability to | 65 // it should call this method to grant the child process the capability to |
66 // request the URL. | 66 // request the URL. |
67 void GrantRequestURL(int child_id, const GURL& url); | 67 void GrantRequestURL(int child_id, const GURL& url); |
68 | 68 |
69 // Whenever the user picks a file from a <input type="file"> element, the | 69 // Whenever the user picks a file from a <input type="file"> element, the |
70 // browser should call this function to grant the child process the capability | 70 // browser should call this function to grant the child process the capability |
71 // to upload the file to the web. | 71 // to upload the file to the web. |
72 void GrantReadFile(int child_id, const FilePath& file); | 72 void GrantReadFile(int child_id, const FilePath& file); |
73 | 73 |
| 74 // Grants the child process permission to enumerate all the files in |
| 75 // this directory and read those files. |
| 76 void GrantReadDirectory(int child_id, const FilePath& directory); |
| 77 |
74 // Grants certain permissions to a file. |permissions| must be a bit-set of | 78 // Grants certain permissions to a file. |permissions| must be a bit-set of |
75 // base::PlatformFileFlags. | 79 // base::PlatformFileFlags. |
76 void GrantPermissionsForFile(int child_id, | 80 void GrantPermissionsForFile(int child_id, |
77 const FilePath& file, | 81 const FilePath& file, |
78 int permissions); | 82 int permissions); |
79 | 83 |
80 // Revokes all permissions granted to the given file. | 84 // Revokes all permissions granted to the given file. |
81 void RevokeAllPermissionsForFile(int child_id, const FilePath& file); | 85 void RevokeAllPermissionsForFile(int child_id, const FilePath& file); |
82 | 86 |
83 // Grants the child process the capability to access URLs of the provided | 87 // Grants the child process the capability to access URLs of the provided |
(...skipping 15 matching lines...) Expand all Loading... |
99 // Before servicing a child process's request for a URL, the browser should | 103 // Before servicing a child process's request for a URL, the browser should |
100 // call this method to determine whether the process has the capability to | 104 // call this method to determine whether the process has the capability to |
101 // request the URL. | 105 // request the URL. |
102 bool CanRequestURL(int child_id, const GURL& url); | 106 bool CanRequestURL(int child_id, const GURL& url); |
103 | 107 |
104 // Before servicing a child process's request to upload a file to the web, the | 108 // Before servicing a child process's request to upload a file to the web, the |
105 // browser should call this method to determine whether the process has the | 109 // browser should call this method to determine whether the process has the |
106 // capability to upload the requested file. | 110 // capability to upload the requested file. |
107 bool CanReadFile(int child_id, const FilePath& file); | 111 bool CanReadFile(int child_id, const FilePath& file); |
108 | 112 |
| 113 // Before servicing a child process's request to enumerate a directory |
| 114 // the browser should call this method to check for the capability. |
| 115 bool CanReadDirectory(int child_id, const FilePath& directory); |
| 116 |
109 // Determines if certain permissions were granted for a file. |permissions| | 117 // Determines if certain permissions were granted for a file. |permissions| |
110 // must be a bit-set of base::PlatformFileFlags. | 118 // must be a bit-set of base::PlatformFileFlags. |
111 bool HasPermissionsForFile(int child_id, | 119 bool HasPermissionsForFile(int child_id, |
112 const FilePath& file, | 120 const FilePath& file, |
113 int permissions); | 121 int permissions); |
114 | 122 |
115 // Returns true if the specified child_id has been granted WebUIBindings. | 123 // Returns true if the specified child_id has been granted WebUIBindings. |
116 // The browser should check this property before assuming the child process is | 124 // The browser should check this property before assuming the child process is |
117 // allowed to use WebUIBindings. | 125 // allowed to use WebUIBindings. |
118 bool HasWebUIBindings(int child_id); | 126 bool HasWebUIBindings(int child_id); |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
155 // This map holds a SecurityState for each child process. The key for the | 163 // This map holds a SecurityState for each child process. The key for the |
156 // map is the ID of the ChildProcessHost. The SecurityState objects are | 164 // map is the ID of the ChildProcessHost. The SecurityState objects are |
157 // owned by this object and are protected by |lock_|. References to them must | 165 // owned by this object and are protected by |lock_|. References to them must |
158 // not escape this class. | 166 // not escape this class. |
159 SecurityStateMap security_state_; | 167 SecurityStateMap security_state_; |
160 | 168 |
161 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicy); | 169 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicy); |
162 }; | 170 }; |
163 | 171 |
164 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 172 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
OLD | NEW |