OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy.h" | 5 #include "content/browser/child_process_security_policy.h" |
6 | 6 |
7 #include "base/file_path.h" | 7 #include "base/file_path.h" |
8 #include "base/logging.h" | 8 #include "base/logging.h" |
9 #include "base/platform_file.h" | 9 #include "base/platform_file.h" |
10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
(...skipping 118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
129 // We know about these schemes and believe them to be safe. | 129 // We know about these schemes and believe them to be safe. |
130 RegisterWebSafeScheme(chrome::kHttpScheme); | 130 RegisterWebSafeScheme(chrome::kHttpScheme); |
131 RegisterWebSafeScheme(chrome::kHttpsScheme); | 131 RegisterWebSafeScheme(chrome::kHttpsScheme); |
132 RegisterWebSafeScheme(chrome::kFtpScheme); | 132 RegisterWebSafeScheme(chrome::kFtpScheme); |
133 RegisterWebSafeScheme(chrome::kDataScheme); | 133 RegisterWebSafeScheme(chrome::kDataScheme); |
134 RegisterWebSafeScheme("feed"); | 134 RegisterWebSafeScheme("feed"); |
135 RegisterWebSafeScheme(chrome::kExtensionScheme); | 135 RegisterWebSafeScheme(chrome::kExtensionScheme); |
136 RegisterWebSafeScheme(chrome::kBlobScheme); | 136 RegisterWebSafeScheme(chrome::kBlobScheme); |
137 RegisterWebSafeScheme(chrome::kFileSystemScheme); | 137 RegisterWebSafeScheme(chrome::kFileSystemScheme); |
138 | 138 |
139 // The following Web UI schemes are only accessible by children with with | |
140 // WebUI bindings. | |
141 RegisterWebUIScheme(chrome::kChromeUIScheme); | |
abarth-chromium
2011/09/19 06:46:39
In the past, access to this scheme happened natura
| |
142 | |
139 // We know about the following pseudo schemes and treat them specially. | 143 // We know about the following pseudo schemes and treat them specially. |
140 RegisterPseudoScheme(chrome::kAboutScheme); | 144 RegisterPseudoScheme(chrome::kAboutScheme); |
141 RegisterPseudoScheme(chrome::kJavaScriptScheme); | 145 RegisterPseudoScheme(chrome::kJavaScriptScheme); |
142 RegisterPseudoScheme(chrome::kViewSourceScheme); | 146 RegisterPseudoScheme(chrome::kViewSourceScheme); |
143 } | 147 } |
144 | 148 |
145 ChildProcessSecurityPolicy::~ChildProcessSecurityPolicy() { | 149 ChildProcessSecurityPolicy::~ChildProcessSecurityPolicy() { |
146 web_safe_schemes_.clear(); | 150 web_safe_schemes_.clear(); |
147 pseudo_schemes_.clear(); | 151 pseudo_schemes_.clear(); |
148 STLDeleteContainerPairSecondPointers(security_state_.begin(), | 152 STLDeleteContainerPairSecondPointers(security_state_.begin(), |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
185 | 189 |
186 web_safe_schemes_.insert(scheme); | 190 web_safe_schemes_.insert(scheme); |
187 } | 191 } |
188 | 192 |
189 bool ChildProcessSecurityPolicy::IsWebSafeScheme(const std::string& scheme) { | 193 bool ChildProcessSecurityPolicy::IsWebSafeScheme(const std::string& scheme) { |
190 base::AutoLock lock(lock_); | 194 base::AutoLock lock(lock_); |
191 | 195 |
192 return (web_safe_schemes_.find(scheme) != web_safe_schemes_.end()); | 196 return (web_safe_schemes_.find(scheme) != web_safe_schemes_.end()); |
193 } | 197 } |
194 | 198 |
199 void ChildProcessSecurityPolicy::RegisterWebUIScheme( | |
200 const std::string& scheme) { | |
201 base::AutoLock lock(lock_); | |
202 DCHECK(webui_schemes_.count(scheme) == 0) << "Adds schemes at most once."; | |
203 DCHECK(web_safe_schemes_.count(scheme) == 0) << "WebUI schemes not web-safe."; | |
204 | |
205 webui_schemes_.insert(scheme); | |
206 } | |
207 | |
208 bool ChildProcessSecurityPolicy::IsWebUIScheme(const std::string& scheme) { | |
209 base::AutoLock lock(lock_); | |
210 | |
211 return (webui_schemes_.find(scheme) != webui_schemes_.end()); | |
212 } | |
213 | |
195 void ChildProcessSecurityPolicy::RegisterPseudoScheme( | 214 void ChildProcessSecurityPolicy::RegisterPseudoScheme( |
196 const std::string& scheme) { | 215 const std::string& scheme) { |
197 base::AutoLock lock(lock_); | 216 base::AutoLock lock(lock_); |
198 DCHECK(pseudo_schemes_.count(scheme) == 0) << "Add schemes at most once."; | 217 DCHECK(pseudo_schemes_.count(scheme) == 0) << "Add schemes at most once."; |
199 DCHECK(web_safe_schemes_.count(scheme) == 0) << | 218 DCHECK(web_safe_schemes_.count(scheme) == 0) << |
200 "Pseudo implies not web-safe."; | 219 "Pseudo implies not web-safe."; |
201 | 220 |
202 pseudo_schemes_.insert(scheme); | 221 pseudo_schemes_.insert(scheme); |
203 } | 222 } |
204 | 223 |
(...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
342 | 361 |
343 state->second->RevokeReadRawCookies(); | 362 state->second->RevokeReadRawCookies(); |
344 } | 363 } |
345 | 364 |
346 bool ChildProcessSecurityPolicy::CanRequestURL( | 365 bool ChildProcessSecurityPolicy::CanRequestURL( |
347 int child_id, const GURL& url) { | 366 int child_id, const GURL& url) { |
348 if (!url.is_valid()) | 367 if (!url.is_valid()) |
349 return false; // Can't request invalid URLs. | 368 return false; // Can't request invalid URLs. |
350 | 369 |
351 if (IsDisabledScheme(url.scheme())) | 370 if (IsDisabledScheme(url.scheme())) |
352 return false; // The scheme is disabled by policy. | 371 return false; // The scheme is disabled by policy. |
353 | 372 |
354 if (IsWebSafeScheme(url.scheme())) | 373 if (IsWebSafeScheme(url.scheme())) |
355 return true; // The scheme has been white-listed for every child process. | 374 return true; // The scheme has been white-listed for every child process. |
356 | 375 |
357 if (IsPseudoScheme(url.scheme())) { | 376 if (IsPseudoScheme(url.scheme())) { |
358 // There are a number of special cases for pseudo schemes. | 377 // There are a number of special cases for pseudo schemes. |
359 | 378 |
360 if (url.SchemeIs(chrome::kViewSourceScheme)) { | 379 if (url.SchemeIs(chrome::kViewSourceScheme)) { |
361 // A view-source URL is allowed if the child process is permitted to | 380 // A view-source URL is allowed if the child process is permitted to |
362 // request the embedded URL. Careful to avoid pointless recursion. | 381 // request the embedded URL. Careful to avoid pointless recursion. |
(...skipping 23 matching lines...) Expand all Loading... | |
386 SecurityStateMap::iterator state = security_state_.find(child_id); | 405 SecurityStateMap::iterator state = security_state_.find(child_id); |
387 if (state == security_state_.end()) | 406 if (state == security_state_.end()) |
388 return false; | 407 return false; |
389 | 408 |
390 // Otherwise, we consult the child process's security state to see if it is | 409 // Otherwise, we consult the child process's security state to see if it is |
391 // allowed to request the URL. | 410 // allowed to request the URL. |
392 return state->second->CanRequestURL(url); | 411 return state->second->CanRequestURL(url); |
393 } | 412 } |
394 } | 413 } |
395 | 414 |
415 bool ChildProcessSecurityPolicy::CanRedirectURL( | |
416 int child_id, const GURL& url) { | |
417 return CanRequestURL(child_id, url) && !IsWebUIScheme(url.scheme()); | |
abarth-chromium
2011/09/19 06:46:39
If you can request a URL, why can't you redirect t
| |
418 } | |
419 | |
396 bool ChildProcessSecurityPolicy::CanReadFile(int child_id, | 420 bool ChildProcessSecurityPolicy::CanReadFile(int child_id, |
397 const FilePath& file) { | 421 const FilePath& file) { |
398 return HasPermissionsForFile(child_id, file, kReadFilePermissions); | 422 return HasPermissionsForFile(child_id, file, kReadFilePermissions); |
399 } | 423 } |
400 | 424 |
401 bool ChildProcessSecurityPolicy::CanReadDirectory(int child_id, | 425 bool ChildProcessSecurityPolicy::CanReadDirectory(int child_id, |
402 const FilePath& directory) { | 426 const FilePath& directory) { |
403 return HasPermissionsForFile(child_id, | 427 return HasPermissionsForFile(child_id, |
404 directory, | 428 directory, |
405 kEnumerateDirectoryPermissions); | 429 kEnumerateDirectoryPermissions); |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
461 security_state_[child_id] = new SecurityState(); | 485 security_state_[child_id] = new SecurityState(); |
462 } | 486 } |
463 | 487 |
464 bool ChildProcessSecurityPolicy::ChildProcessHasPermissionsForFile( | 488 bool ChildProcessSecurityPolicy::ChildProcessHasPermissionsForFile( |
465 int child_id, const FilePath& file, int permissions) { | 489 int child_id, const FilePath& file, int permissions) { |
466 SecurityStateMap::iterator state = security_state_.find(child_id); | 490 SecurityStateMap::iterator state = security_state_.find(child_id); |
467 if (state == security_state_.end()) | 491 if (state == security_state_.end()) |
468 return false; | 492 return false; |
469 return state->second->HasPermissionsForFile(file, permissions); | 493 return state->second->HasPermissionsForFile(file, permissions); |
470 } | 494 } |
OLD | NEW |