| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy.h" | 5 #include "content/browser/child_process_security_policy.h" |
| 6 | 6 |
| 7 #include "base/file_path.h" | 7 #include "base/file_path.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/platform_file.h" | 9 #include "base/platform_file.h" |
| 10 #include "base/stl_util-inl.h" | 10 #include "base/stl_util-inl.h" |
| (...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 150 security_state_.clear(); | 150 security_state_.clear(); |
| 151 } | 151 } |
| 152 | 152 |
| 153 // static | 153 // static |
| 154 ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() { | 154 ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() { |
| 155 return Singleton<ChildProcessSecurityPolicy>::get(); | 155 return Singleton<ChildProcessSecurityPolicy>::get(); |
| 156 } | 156 } |
| 157 | 157 |
| 158 void ChildProcessSecurityPolicy::Add(int child_id) { | 158 void ChildProcessSecurityPolicy::Add(int child_id) { |
| 159 base::AutoLock lock(lock_); | 159 base::AutoLock lock(lock_); |
| 160 if (security_state_.count(child_id) != 0) { | 160 AddChild(child_id); |
| 161 NOTREACHED() << "Add child process at most once."; | 161 } |
| 162 return; | |
| 163 } | |
| 164 | 162 |
| 165 security_state_[child_id] = new SecurityState(); | 163 void ChildProcessSecurityPolicy::AddWorker(int child_id, |
| 164 int main_render_process_id) { |
| 165 base::AutoLock lock(lock_); |
| 166 AddChild(child_id); |
| 167 worker_map_[child_id] = main_render_process_id; |
| 166 } | 168 } |
| 167 | 169 |
| 168 void ChildProcessSecurityPolicy::Remove(int child_id) { | 170 void ChildProcessSecurityPolicy::Remove(int child_id) { |
| 169 base::AutoLock lock(lock_); | 171 base::AutoLock lock(lock_); |
| 170 if (!security_state_.count(child_id)) | 172 if (!security_state_.count(child_id)) |
| 171 return; // May be called multiple times. | 173 return; // May be called multiple times. |
| 172 | 174 |
| 173 delete security_state_[child_id]; | 175 delete security_state_[child_id]; |
| 174 security_state_.erase(child_id); | 176 security_state_.erase(child_id); |
| 177 worker_map_.erase(child_id); |
| 175 } | 178 } |
| 176 | 179 |
| 177 void ChildProcessSecurityPolicy::RegisterWebSafeScheme( | 180 void ChildProcessSecurityPolicy::RegisterWebSafeScheme( |
| 178 const std::string& scheme) { | 181 const std::string& scheme) { |
| 179 base::AutoLock lock(lock_); | 182 base::AutoLock lock(lock_); |
| 180 DCHECK(web_safe_schemes_.count(scheme) == 0) << "Add schemes at most once."; | 183 DCHECK(web_safe_schemes_.count(scheme) == 0) << "Add schemes at most once."; |
| 181 DCHECK(pseudo_schemes_.count(scheme) == 0) << "Web-safe implies not pseudo."; | 184 DCHECK(pseudo_schemes_.count(scheme) == 0) << "Web-safe implies not pseudo."; |
| 182 | 185 |
| 183 web_safe_schemes_.insert(scheme); | 186 web_safe_schemes_.insert(scheme); |
| 184 } | 187 } |
| (...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 398 bool ChildProcessSecurityPolicy::CanReadDirectory(int child_id, | 401 bool ChildProcessSecurityPolicy::CanReadDirectory(int child_id, |
| 399 const FilePath& directory) { | 402 const FilePath& directory) { |
| 400 return HasPermissionsForFile(child_id, | 403 return HasPermissionsForFile(child_id, |
| 401 directory, | 404 directory, |
| 402 kEnumerateDirectoryPermissions); | 405 kEnumerateDirectoryPermissions); |
| 403 } | 406 } |
| 404 | 407 |
| 405 bool ChildProcessSecurityPolicy::HasPermissionsForFile( | 408 bool ChildProcessSecurityPolicy::HasPermissionsForFile( |
| 406 int child_id, const FilePath& file, int permissions) { | 409 int child_id, const FilePath& file, int permissions) { |
| 407 base::AutoLock lock(lock_); | 410 base::AutoLock lock(lock_); |
| 408 | 411 bool result = ChildProcessHasPermissionsForFile(child_id, file, permissions); |
| 409 SecurityStateMap::iterator state = security_state_.find(child_id); | 412 if (!result) { |
| 410 if (state == security_state_.end()) | 413 // If this is a worker thread that has no access to a given file, |
| 411 return false; | 414 // let's check that its renderer process has access to that file instead. |
| 412 | 415 WorkerToMainProcessMap::iterator iter = worker_map_.find(child_id); |
| 413 return state->second->HasPermissionsForFile(file, permissions); | 416 if (iter != worker_map_.end() && iter->second != 0) { |
| 417 result = ChildProcessHasPermissionsForFile(iter->second, |
| 418 file, |
| 419 permissions); |
| 420 } |
| 421 } |
| 422 return result; |
| 414 } | 423 } |
| 415 | 424 |
| 416 bool ChildProcessSecurityPolicy::HasWebUIBindings(int child_id) { | 425 bool ChildProcessSecurityPolicy::HasWebUIBindings(int child_id) { |
| 417 base::AutoLock lock(lock_); | 426 base::AutoLock lock(lock_); |
| 418 | 427 |
| 419 SecurityStateMap::iterator state = security_state_.find(child_id); | 428 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 420 if (state == security_state_.end()) | 429 if (state == security_state_.end()) |
| 421 return false; | 430 return false; |
| 422 | 431 |
| 423 return state->second->has_web_ui_bindings(); | 432 return state->second->has_web_ui_bindings(); |
| (...skipping 11 matching lines...) Expand all Loading... |
| 435 | 444 |
| 436 bool ChildProcessSecurityPolicy::CanReadRawCookies(int child_id) { | 445 bool ChildProcessSecurityPolicy::CanReadRawCookies(int child_id) { |
| 437 base::AutoLock lock(lock_); | 446 base::AutoLock lock(lock_); |
| 438 | 447 |
| 439 SecurityStateMap::iterator state = security_state_.find(child_id); | 448 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 440 if (state == security_state_.end()) | 449 if (state == security_state_.end()) |
| 441 return false; | 450 return false; |
| 442 | 451 |
| 443 return state->second->can_read_raw_cookies(); | 452 return state->second->can_read_raw_cookies(); |
| 444 } | 453 } |
| 454 |
| 455 void ChildProcessSecurityPolicy::AddChild(int child_id) { |
| 456 if (security_state_.count(child_id) != 0) { |
| 457 NOTREACHED() << "Add child process at most once."; |
| 458 return; |
| 459 } |
| 460 |
| 461 security_state_[child_id] = new SecurityState(); |
| 462 } |
| 463 |
| 464 bool ChildProcessSecurityPolicy::ChildProcessHasPermissionsForFile( |
| 465 int child_id, const FilePath& file, int permissions) { |
| 466 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 467 if (state == security_state_.end()) |
| 468 return false; |
| 469 return state->second->HasPermissionsForFile(file, permissions); |
| 470 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6912001:
Merge 83754 - blob_storage_controller.cc assert from this bug was caused by the fact that worker ... (Closed)
Base URL: svn://svn.chromium.org/chrome/branches/742/src/