OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
7 | 7 |
8 #pragma once | 8 #pragma once |
9 | 9 |
10 #include <map> | 10 #include <map> |
(...skipping 28 matching lines...) Expand all Loading... | |
39 static ChildProcessSecurityPolicy* GetInstance(); | 39 static ChildProcessSecurityPolicy* GetInstance(); |
40 | 40 |
41 // Web-safe schemes can be requested by any child process. Once a web-safe | 41 // Web-safe schemes can be requested by any child process. Once a web-safe |
42 // scheme has been registered, any child process can request URLs with | 42 // scheme has been registered, any child process can request URLs with |
43 // that scheme. There is no mechanism for revoking web-safe schemes. | 43 // that scheme. There is no mechanism for revoking web-safe schemes. |
44 void RegisterWebSafeScheme(const std::string& scheme); | 44 void RegisterWebSafeScheme(const std::string& scheme); |
45 | 45 |
46 // Returns true iff |scheme| has been registered as a web-safe scheme. | 46 // Returns true iff |scheme| has been registered as a web-safe scheme. |
47 bool IsWebSafeScheme(const std::string& scheme); | 47 bool IsWebSafeScheme(const std::string& scheme); |
48 | 48 |
49 // WebUI schemes are any to which access should be restricted to child | |
50 // processes that have been granted WebUIBindings. There is no mechanism for | |
51 // revoking WebUI schemes. | |
52 void RegisterWebUIScheme(const std::string& scheme); | |
53 | |
54 // Returns true iff |scheme| has been registered as a WebUI scheme | |
55 bool IsWebUIScheme(const std::string& scheme); | |
56 | |
49 // Pseudo schemes are treated differently than other schemes because they | 57 // Pseudo schemes are treated differently than other schemes because they |
50 // cannot be requested like normal URLs. There is no mechanism for revoking | 58 // cannot be requested like normal URLs. There is no mechanism for revoking |
51 // pseudo schemes. | 59 // pseudo schemes. |
52 void RegisterPseudoScheme(const std::string& scheme); | 60 void RegisterPseudoScheme(const std::string& scheme); |
53 | 61 |
54 // Returns true iff |scheme| has been registered as pseudo scheme. | 62 // Returns true iff |scheme| has been registered as pseudo scheme. |
55 bool IsPseudoScheme(const std::string& scheme); | 63 bool IsPseudoScheme(const std::string& scheme); |
56 | 64 |
57 // Sets the list of disabled schemes. | 65 // Sets the list of disabled schemes. |
58 // URLs using these schemes won't be loaded at all. The previous list of | 66 // URLs using these schemes won't be loaded at all. The previous list of |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
114 void GrantReadRawCookies(int child_id); | 122 void GrantReadRawCookies(int child_id); |
115 | 123 |
116 // Revoke read raw cookies permission. | 124 // Revoke read raw cookies permission. |
117 void RevokeReadRawCookies(int child_id); | 125 void RevokeReadRawCookies(int child_id); |
118 | 126 |
119 // Before servicing a child process's request for a URL, the browser should | 127 // Before servicing a child process's request for a URL, the browser should |
120 // call this method to determine whether the process has the capability to | 128 // call this method to determine whether the process has the capability to |
121 // request the URL. | 129 // request the URL. |
122 bool CanRequestURL(int child_id, const GURL& url); | 130 bool CanRequestURL(int child_id, const GURL& url); |
123 | 131 |
132 // Before servicing a child process's request to redirect to a URL, the | |
133 // browser should call this method to determine whether the process has the | |
134 // capability to redirect to it. This is slightly more restrictive than | |
135 // CanRequestURL. | |
136 bool CanRedirectURL(int child_id, const GURL& url); | |
abarth-chromium
2011/09/19 06:46:39
I'm not sure I understand why CanRedirectURL is an
| |
137 | |
124 // Before servicing a child process's request to upload a file to the web, the | 138 // Before servicing a child process's request to upload a file to the web, the |
125 // browser should call this method to determine whether the process has the | 139 // browser should call this method to determine whether the process has the |
126 // capability to upload the requested file. | 140 // capability to upload the requested file. |
127 bool CanReadFile(int child_id, const FilePath& file); | 141 bool CanReadFile(int child_id, const FilePath& file); |
128 | 142 |
129 // Before servicing a child process's request to enumerate a directory | 143 // Before servicing a child process's request to enumerate a directory |
130 // the browser should call this method to check for the capability. | 144 // the browser should call this method to check for the capability. |
131 bool CanReadDirectory(int child_id, const FilePath& directory); | 145 bool CanReadDirectory(int child_id, const FilePath& directory); |
132 | 146 |
133 // Determines if certain permissions were granted for a file. |permissions| | 147 // Determines if certain permissions were granted for a file. |permissions| |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
174 int permissions); | 188 int permissions); |
175 | 189 |
176 // You must acquire this lock before reading or writing any members of this | 190 // You must acquire this lock before reading or writing any members of this |
177 // class. You must not block while holding this lock. | 191 // class. You must not block while holding this lock. |
178 base::Lock lock_; | 192 base::Lock lock_; |
179 | 193 |
180 // These schemes are white-listed for all child processes. This set is | 194 // These schemes are white-listed for all child processes. This set is |
181 // protected by |lock_|. | 195 // protected by |lock_|. |
182 SchemeSet web_safe_schemes_; | 196 SchemeSet web_safe_schemes_; |
183 | 197 |
198 // These schemes are only accessible by children with WebUI bindings. This | |
199 // set is protected by |lock_|. | |
200 SchemeSet webui_schemes_; | |
201 | |
184 // These schemes do not actually represent retrievable URLs. For example, | 202 // These schemes do not actually represent retrievable URLs. For example, |
185 // the the URLs in the "about" scheme are aliases to other URLs. This set is | 203 // the the URLs in the "about" scheme are aliases to other URLs. This set is |
186 // protected by |lock_|. | 204 // protected by |lock_|. |
187 SchemeSet pseudo_schemes_; | 205 SchemeSet pseudo_schemes_; |
188 | 206 |
189 // These schemes are disabled by policy, and child processes are always | 207 // These schemes are disabled by policy, and child processes are always |
190 // denied permission to request them. This overrides |web_safe_schemes_|. | 208 // denied permission to request them. This overrides |web_safe_schemes_|. |
191 // This set is protected by |lock_|. | 209 // This set is protected by |lock_|. |
192 SchemeSet disabled_schemes_; | 210 SchemeSet disabled_schemes_; |
193 | 211 |
194 // This map holds a SecurityState for each child process. The key for the | 212 // This map holds a SecurityState for each child process. The key for the |
195 // map is the ID of the ChildProcessHost. The SecurityState objects are | 213 // map is the ID of the ChildProcessHost. The SecurityState objects are |
196 // owned by this object and are protected by |lock_|. References to them must | 214 // owned by this object and are protected by |lock_|. References to them must |
197 // not escape this class. | 215 // not escape this class. |
198 SecurityStateMap security_state_; | 216 SecurityStateMap security_state_; |
199 | 217 |
200 // This maps keeps the record of which js worker thread child process | 218 // This maps keeps the record of which js worker thread child process |
201 // corresponds to which main js thread child process. | 219 // corresponds to which main js thread child process. |
202 WorkerToMainProcessMap worker_map_; | 220 WorkerToMainProcessMap worker_map_; |
203 | 221 |
204 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicy); | 222 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicy); |
205 }; | 223 }; |
206 | 224 |
207 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 225 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
OLD | NEW |