| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy.h" | 5 #include "content/browser/child_process_security_policy.h" |
| 6 | 6 |
| 7 #include "base/file_path.h" | 7 #include "base/file_path.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/metrics/histogram.h" | 9 #include "base/metrics/histogram.h" |
| 10 #include "base/platform_file.h" | 10 #include "base/platform_file.h" |
| 11 #include "base/stl_util.h" | 11 #include "base/stl_util.h" |
| 12 #include "base/string_util.h" | 12 #include "base/string_util.h" |
| 13 #include "content/browser/site_instance.h" |
| 13 #include "content/public/common/bindings_policy.h" | 14 #include "content/public/common/bindings_policy.h" |
| 14 #include "content/public/common/url_constants.h" | 15 #include "content/public/common/url_constants.h" |
| 15 #include "googleurl/src/gurl.h" | 16 #include "googleurl/src/gurl.h" |
| 16 #include "net/url_request/url_request.h" | 17 #include "net/url_request/url_request.h" |
| 17 | 18 |
| 18 static const int kReadFilePermissions = | 19 static const int kReadFilePermissions = |
| 19 base::PLATFORM_FILE_OPEN | | 20 base::PLATFORM_FILE_OPEN | |
| 20 base::PLATFORM_FILE_READ | | 21 base::PLATFORM_FILE_READ | |
| 21 base::PLATFORM_FILE_EXCLUSIVE_READ | | 22 base::PLATFORM_FILE_EXCLUSIVE_READ | |
| 22 base::PLATFORM_FILE_ASYNC; | 23 base::PLATFORM_FILE_ASYNC; |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 91 while (current_path != last_path) { | 92 while (current_path != last_path) { |
| 92 if (file_permissions_.find(current_path) != file_permissions_.end()) | 93 if (file_permissions_.find(current_path) != file_permissions_.end()) |
| 93 return (file_permissions_[current_path] & permissions) == permissions; | 94 return (file_permissions_[current_path] & permissions) == permissions; |
| 94 last_path = current_path; | 95 last_path = current_path; |
| 95 current_path = current_path.DirName(); | 96 current_path = current_path.DirName(); |
| 96 } | 97 } |
| 97 | 98 |
| 98 return false; | 99 return false; |
| 99 } | 100 } |
| 100 | 101 |
| 102 bool CanUseCookiesForOrigin(const GURL& gurl) { |
| 103 if (origin_lock_.is_empty()) |
| 104 return true; |
| 105 GURL site_gurl = SiteInstance::GetSiteForURL(NULL, gurl); |
| 106 return origin_lock_ == site_gurl; |
| 107 } |
| 108 |
| 109 void LockToOrigin(const GURL& gurl) { |
| 110 origin_lock_ = gurl; |
| 111 } |
| 112 |
| 101 bool has_web_ui_bindings() const { | 113 bool has_web_ui_bindings() const { |
| 102 return enabled_bindings_ & content::BINDINGS_POLICY_WEB_UI; | 114 return enabled_bindings_ & content::BINDINGS_POLICY_WEB_UI; |
| 103 } | 115 } |
| 104 | 116 |
| 105 bool can_read_raw_cookies() const { | 117 bool can_read_raw_cookies() const { |
| 106 return can_read_raw_cookies_; | 118 return can_read_raw_cookies_; |
| 107 } | 119 } |
| 108 | 120 |
| 109 private: | 121 private: |
| 110 typedef std::map<std::string, bool> SchemeMap; | 122 typedef std::map<std::string, bool> SchemeMap; |
| 111 typedef std::map<FilePath, int> FileMap; // bit-set of PlatformFileFlags | 123 typedef std::map<FilePath, int> FileMap; // bit-set of PlatformFileFlags |
| 112 | 124 |
| 113 // Maps URL schemes to whether permission has been granted or revoked: | 125 // Maps URL schemes to whether permission has been granted or revoked: |
| 114 // |true| means the scheme has been granted. | 126 // |true| means the scheme has been granted. |
| 115 // |false| means the scheme has been revoked. | 127 // |false| means the scheme has been revoked. |
| 116 // If a scheme is not present in the map, then it has never been granted | 128 // If a scheme is not present in the map, then it has never been granted |
| 117 // or revoked. | 129 // or revoked. |
| 118 SchemeMap scheme_policy_; | 130 SchemeMap scheme_policy_; |
| 119 | 131 |
| 120 // The set of files the child process is permited to upload to the web. | 132 // The set of files the child process is permited to upload to the web. |
| 121 FileMap file_permissions_; | 133 FileMap file_permissions_; |
| 122 | 134 |
| 123 int enabled_bindings_; | 135 int enabled_bindings_; |
| 124 | 136 |
| 125 bool can_read_raw_cookies_; | 137 bool can_read_raw_cookies_; |
| 126 | 138 |
| 139 GURL origin_lock_; |
| 140 |
| 127 DISALLOW_COPY_AND_ASSIGN(SecurityState); | 141 DISALLOW_COPY_AND_ASSIGN(SecurityState); |
| 128 }; | 142 }; |
| 129 | 143 |
| 130 ChildProcessSecurityPolicy::ChildProcessSecurityPolicy() { | 144 ChildProcessSecurityPolicy::ChildProcessSecurityPolicy() { |
| 131 // We know about these schemes and believe them to be safe. | 145 // We know about these schemes and believe them to be safe. |
| 132 RegisterWebSafeScheme(chrome::kHttpScheme); | 146 RegisterWebSafeScheme(chrome::kHttpScheme); |
| 133 RegisterWebSafeScheme(chrome::kHttpsScheme); | 147 RegisterWebSafeScheme(chrome::kHttpsScheme); |
| 134 RegisterWebSafeScheme(chrome::kFtpScheme); | 148 RegisterWebSafeScheme(chrome::kFtpScheme); |
| 135 RegisterWebSafeScheme(chrome::kDataScheme); | 149 RegisterWebSafeScheme(chrome::kDataScheme); |
| 136 RegisterWebSafeScheme("feed"); | 150 RegisterWebSafeScheme("feed"); |
| (...skipping 305 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 442 security_state_[child_id] = new SecurityState(); | 456 security_state_[child_id] = new SecurityState(); |
| 443 } | 457 } |
| 444 | 458 |
| 445 bool ChildProcessSecurityPolicy::ChildProcessHasPermissionsForFile( | 459 bool ChildProcessSecurityPolicy::ChildProcessHasPermissionsForFile( |
| 446 int child_id, const FilePath& file, int permissions) { | 460 int child_id, const FilePath& file, int permissions) { |
| 447 SecurityStateMap::iterator state = security_state_.find(child_id); | 461 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 448 if (state == security_state_.end()) | 462 if (state == security_state_.end()) |
| 449 return false; | 463 return false; |
| 450 return state->second->HasPermissionsForFile(file, permissions); | 464 return state->second->HasPermissionsForFile(file, permissions); |
| 451 } | 465 } |
| 466 |
| 467 bool ChildProcessSecurityPolicy::CanUseCookiesForOrigin(int child_id, |
| 468 const GURL& gurl) { |
| 469 base::AutoLock lock(lock_); |
| 470 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 471 if (state == security_state_.end()) |
| 472 return false; |
| 473 return state->second->CanUseCookiesForOrigin(gurl); |
| 474 } |
| 475 |
| 476 void ChildProcessSecurityPolicy::LockToOrigin(int child_id, const GURL& gurl) { |
| 477 // "gurl" can be currently empty in some cases, such as file://blah. |
| 478 DCHECK(SiteInstance::GetSiteForURL(NULL, gurl) == gurl); |
| 479 base::AutoLock lock(lock_); |
| 480 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 481 DCHECK(state != security_state_.end()); |
| 482 state->second->LockToOrigin(gurl); |
| 483 } |
| 484 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8496027:
Enhance --enable-strict-site-isolation to prevent a site-isolated renderer (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/