Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(127)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 6893145: Ensured that worker thread renderer process file permissions are inherited from its main thread r... (Closed)

Created:
9 years, 7 months ago by zel
Modified:
9 years, 6 months ago
CC:
chromium-reviews, Paweł Hajdan Jr., Dmitry Titov
Visibility:
Public.

Description

blob_storage_controller.cc assert from this bug was caused by the fact that worker thread actually run in a different renderer process from the main page JS thread. chrome.fileBrowserPrivate.* methods grant access to files through ChildProcessSecurityPolicy class, but such file permissions would end up associated with renderer process of the main thread only. When worker tries to register blobs representing such files, ChildProcessSecurityPolicy check would reject it since its client process id has nothing to do with main renderer's id. This CL adds mapping between worker and main renderer processes and uses that to ensure that worker thread renderer process file permissions are "inherited" from its main JS thread renderer child process. BUG=chromium-os:14680 TEST=added extra tests to ChildProcessSecurityPolicyTest.FilePermissions Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=83754

Patch Set 1 #

Patch Set 2 : '' #

Patch Set 3 : '' #

Patch Set 4 : '' #

Total comments: 4

Patch Set 5 : '' #

Patch Set 6 : '' #

Unified diffs Side-by-side diffs Delta from patch set Stats (+83 lines, -13 lines) Patch
M content/browser/child_process_security_policy.h View 1 2 3 4 3 chunks +21 lines, -1 line 0 comments Download
M content/browser/child_process_security_policy.cc View 1 2 3 4 4 chunks +37 lines, -11 lines 0 comments Download
M content/browser/child_process_security_policy_unittest.cc View 1 2 3 4 2 chunks +23 lines, -0 lines 0 comments Download
M content/browser/worker_host/worker_process_host.cc View 1 2 3 4 1 chunk +2 lines, -1 line 0 comments Download

Messages

Total messages: 7 (0 generated)
zel
9 years, 7 months ago (2011-04-30 05:33:13 UTC) #1
darin (slow to review)
Jian should also review this.
9 years, 7 months ago (2011-04-30 22:14:31 UTC) #2
jianli
Not sure I fully understand this bug. Does this only happen in ChromeOS? Adding dumi ...
9 years, 7 months ago (2011-05-01 07:12:20 UTC) #3
zel
This is happening anywhere where you have explicit file permissions given to a renderer process. ...
9 years, 7 months ago (2011-05-01 15:08:17 UTC) #4
jianli
John is looking into this. Removed dumi from the reviewer list.
9 years, 7 months ago (2011-05-02 17:04:19 UTC) #5
jam
lgtm Dmitry: FYI. this change can be reverted when workers run in the renderers http://codereview.chromium.org/6893145/diff/15/content/browser/child_process_security_policy.cc ...
9 years, 7 months ago (2011-05-02 17:17:53 UTC) #6
zel
9 years, 7 months ago (2011-05-02 18:16:11 UTC) #7 
http://codereview.chromium.org/6893145/diff/15/content/browser/child_process_...
File content/browser/child_process_security_policy.cc (right):

http://codereview.chromium.org/6893145/diff/15/content/browser/child_process_...
content/browser/child_process_security_policy.cc:168: main_render_process_id));
On 2011/05/02 17:17:53, John Abd-El-Malek wrote:
> nit: seems simpler to read if it's just
> 
> worker_map_[child_id] = main_render_process_id;

Done.

http://codereview.chromium.org/6893145/diff/15/content/browser/child_process_...
content/browser/child_process_security_policy.cc:415: // let's check that its
main thread renderer process has access to that
On 2011/05/02 17:17:53, John Abd-El-Malek wrote:
> nit "main thread" seems redundant.  "its renderer process" is enough

Done.

Powered by Google App Engine
This is Rietveld 408576698