Chromium Code Reviews Chromium Code Reviews
Issue 7873007:
Restricting redirects to chrome: (Closed)
Base URL: http://git.chromium.org/git/chromium.git@trunk| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
| 6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
| 7 | 7 |
| 8 #pragma once | 8 #pragma once |
| 9 | 9 |
| 10 #include <map> | 10 #include <map> |
| (...skipping 28 matching lines...) Expand all Loading... | |
| 39 static ChildProcessSecurityPolicy* GetInstance(); | 39 static ChildProcessSecurityPolicy* GetInstance(); |
| 40 | 40 |
| 41 // Web-safe schemes can be requested by any child process. Once a web-safe | 41 // Web-safe schemes can be requested by any child process. Once a web-safe |
| 42 // scheme has been registered, any child process can request URLs with | 42 // scheme has been registered, any child process can request URLs with |
| 43 // that scheme. There is no mechanism for revoking web-safe schemes. | 43 // that scheme. There is no mechanism for revoking web-safe schemes. |
| 44 void RegisterWebSafeScheme(const std::string& scheme); | 44 void RegisterWebSafeScheme(const std::string& scheme); |
| 45 | 45 |
| 46 // Returns true iff |scheme| has been registered as a web-safe scheme. | 46 // Returns true iff |scheme| has been registered as a web-safe scheme. |
| 47 bool IsWebSafeScheme(const std::string& scheme); | 47 bool IsWebSafeScheme(const std::string& scheme); |
| 48 | 48 |
| 49 // WebUI schemes are any to which access should be restricted to child | |
| 50 // processes that have been granted WebUIBindings. There is no mechanism for | |
| 51 // revoking WebUI schemes. | |
| 52 void RegisterWebUIScheme(const std::string& scheme); | |
| 53 | |
| 54 // Returns true iff |scheme| has been registered as a WebUI scheme | |
| 55 bool IsWebUIScheme(const std::string& scheme); | |
| 56 | |
| 49 // Pseudo schemes are treated differently than other schemes because they | 57 // Pseudo schemes are treated differently than other schemes because they |
| 50 // cannot be requested like normal URLs. There is no mechanism for revoking | 58 // cannot be requested like normal URLs. There is no mechanism for revoking |
| 51 // pseudo schemes. | 59 // pseudo schemes. |
| 52 void RegisterPseudoScheme(const std::string& scheme); | 60 void RegisterPseudoScheme(const std::string& scheme); |
| 53 | 61 |
| 54 // Returns true iff |scheme| has been registered as pseudo scheme. | 62 // Returns true iff |scheme| has been registered as pseudo scheme. |
| 55 bool IsPseudoScheme(const std::string& scheme); | 63 bool IsPseudoScheme(const std::string& scheme); |
| 56 | 64 |
| 57 // Sets the list of disabled schemes. | 65 // Sets the list of disabled schemes. |
| 58 // URLs using these schemes won't be loaded at all. The previous list of | 66 // URLs using these schemes won't be loaded at all. The previous list of |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 114 void GrantReadRawCookies(int child_id); | 122 void GrantReadRawCookies(int child_id); |
| 115 | 123 |
| 116 // Revoke read raw cookies permission. | 124 // Revoke read raw cookies permission. |
| 117 void RevokeReadRawCookies(int child_id); | 125 void RevokeReadRawCookies(int child_id); |
| 118 | 126 |
| 119 // Before servicing a child process's request for a URL, the browser should | 127 // Before servicing a child process's request for a URL, the browser should |
| 120 // call this method to determine whether the process has the capability to | 128 // call this method to determine whether the process has the capability to |
| 121 // request the URL. | 129 // request the URL. |
| 122 bool CanRequestURL(int child_id, const GURL& url); | 130 bool CanRequestURL(int child_id, const GURL& url); |
| 123 | 131 |
| 132 // Before servicing a child process's request to redirect to a URL, the | |
| 133 // browser should call this method to determine whether the process has the | |
| 134 // capability to redirect to it. This is slightly more restrictive than | |
| 135 // CanRequestURL. | |
| 136 bool CanRedirectURL(int child_id, const GURL& url); | |
|
abarth-chromium
2011/09/19 06:46:39
I'm not sure I understand why CanRedirectURL is an
| |
| 137 | |
| 124 // Before servicing a child process's request to upload a file to the web, the | 138 // Before servicing a child process's request to upload a file to the web, the |
| 125 // browser should call this method to determine whether the process has the | 139 // browser should call this method to determine whether the process has the |
| 126 // capability to upload the requested file. | 140 // capability to upload the requested file. |
| 127 bool CanReadFile(int child_id, const FilePath& file); | 141 bool CanReadFile(int child_id, const FilePath& file); |
| 128 | 142 |
| 129 // Before servicing a child process's request to enumerate a directory | 143 // Before servicing a child process's request to enumerate a directory |
| 130 // the browser should call this method to check for the capability. | 144 // the browser should call this method to check for the capability. |
| 131 bool CanReadDirectory(int child_id, const FilePath& directory); | 145 bool CanReadDirectory(int child_id, const FilePath& directory); |
| 132 | 146 |
| 133 // Determines if certain permissions were granted for a file. |permissions| | 147 // Determines if certain permissions were granted for a file. |permissions| |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 174 int permissions); | 188 int permissions); |
| 175 | 189 |
| 176 // You must acquire this lock before reading or writing any members of this | 190 // You must acquire this lock before reading or writing any members of this |
| 177 // class. You must not block while holding this lock. | 191 // class. You must not block while holding this lock. |
| 178 base::Lock lock_; | 192 base::Lock lock_; |
| 179 | 193 |
| 180 // These schemes are white-listed for all child processes. This set is | 194 // These schemes are white-listed for all child processes. This set is |
| 181 // protected by |lock_|. | 195 // protected by |lock_|. |
| 182 SchemeSet web_safe_schemes_; | 196 SchemeSet web_safe_schemes_; |
| 183 | 197 |
| 198 // These schemes are only accessible by children with WebUI bindings. This | |
| 199 // set is protected by |lock_|. | |
| 200 SchemeSet webui_schemes_; | |
| 201 | |
| 184 // These schemes do not actually represent retrievable URLs. For example, | 202 // These schemes do not actually represent retrievable URLs. For example, |
| 185 // the the URLs in the "about" scheme are aliases to other URLs. This set is | 203 // the the URLs in the "about" scheme are aliases to other URLs. This set is |
| 186 // protected by |lock_|. | 204 // protected by |lock_|. |
| 187 SchemeSet pseudo_schemes_; | 205 SchemeSet pseudo_schemes_; |
| 188 | 206 |
| 189 // These schemes are disabled by policy, and child processes are always | 207 // These schemes are disabled by policy, and child processes are always |
| 190 // denied permission to request them. This overrides |web_safe_schemes_|. | 208 // denied permission to request them. This overrides |web_safe_schemes_|. |
| 191 // This set is protected by |lock_|. | 209 // This set is protected by |lock_|. |
| 192 SchemeSet disabled_schemes_; | 210 SchemeSet disabled_schemes_; |
| 193 | 211 |
| 194 // This map holds a SecurityState for each child process. The key for the | 212 // This map holds a SecurityState for each child process. The key for the |
| 195 // map is the ID of the ChildProcessHost. The SecurityState objects are | 213 // map is the ID of the ChildProcessHost. The SecurityState objects are |
| 196 // owned by this object and are protected by |lock_|. References to them must | 214 // owned by this object and are protected by |lock_|. References to them must |
| 197 // not escape this class. | 215 // not escape this class. |
| 198 SecurityStateMap security_state_; | 216 SecurityStateMap security_state_; |
| 199 | 217 |
| 200 // This maps keeps the record of which js worker thread child process | 218 // This maps keeps the record of which js worker thread child process |
| 201 // corresponds to which main js thread child process. | 219 // corresponds to which main js thread child process. |
| 202 WorkerToMainProcessMap worker_map_; | 220 WorkerToMainProcessMap worker_map_; |
| 203 | 221 |
| 204 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicy); | 222 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicy); |
| 205 }; | 223 }; |
| 206 | 224 |
| 207 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 225 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
| OLD | NEW |
