Chromium Code Reviews Chromium Code Reviews
Issue 8496027:
Enhance --enable-strict-site-isolation to prevent a site-isolated renderer (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy.h" | 5 #include "content/browser/child_process_security_policy.h" |
| 6 | 6 |
| 7 #include "base/file_path.h" | 7 #include "base/file_path.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/platform_file.h" | 9 #include "base/platform_file.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| 11 #include "base/string_util.h" | 11 #include "base/string_util.h" |
| 12 #include "content/browser/site_instance.h" | |
| 12 #include "content/public/common/bindings_policy.h" | 13 #include "content/public/common/bindings_policy.h" |
| 13 #include "content/public/common/url_constants.h" | 14 #include "content/public/common/url_constants.h" |
| 14 #include "googleurl/src/gurl.h" | 15 #include "googleurl/src/gurl.h" |
| 15 #include "net/url_request/url_request.h" | 16 #include "net/url_request/url_request.h" |
| 16 | 17 |
| 17 static const int kReadFilePermissions = | 18 static const int kReadFilePermissions = |
| 18 base::PLATFORM_FILE_OPEN | | 19 base::PLATFORM_FILE_OPEN | |
| 19 base::PLATFORM_FILE_READ | | 20 base::PLATFORM_FILE_READ | |
| 20 base::PLATFORM_FILE_EXCLUSIVE_READ | | 21 base::PLATFORM_FILE_EXCLUSIVE_READ | |
| 21 base::PLATFORM_FILE_ASYNC; | 22 base::PLATFORM_FILE_ASYNC; |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 85 while (current_path != last_path) { | 86 while (current_path != last_path) { |
| 86 if (file_permissions_.find(current_path) != file_permissions_.end()) | 87 if (file_permissions_.find(current_path) != file_permissions_.end()) |
| 87 return (file_permissions_[current_path] & permissions) == permissions; | 88 return (file_permissions_[current_path] & permissions) == permissions; |
| 88 last_path = current_path; | 89 last_path = current_path; |
| 89 current_path = current_path.DirName(); | 90 current_path = current_path.DirName(); |
| 90 } | 91 } |
| 91 | 92 |
| 92 return false; | 93 return false; |
| 93 } | 94 } |
| 94 | 95 |
| 96 bool CanUseCookiesForOrigin(const GURL& gurl) { | |
| 97 if (origin_lock_.is_empty()) | |
| 98 return true; | |
| 99 GURL site_gurl = SiteInstance::GetSiteForURL(NULL, gurl); | |
|
Charlie Reis
2011/11/22 19:06:59
Hosted apps and extensions do run in renderer proc
| |
| 100 return origin_lock_ == site_gurl; | |
| 101 } | |
| 102 | |
| 103 void LockToOrigin(const GURL& gurl) { | |
| 104 origin_lock_ = gurl; | |
| 105 } | |
| 106 | |
| 95 bool has_web_ui_bindings() const { | 107 bool has_web_ui_bindings() const { |
| 96 return enabled_bindings_ & content::BINDINGS_POLICY_WEB_UI; | 108 return enabled_bindings_ & content::BINDINGS_POLICY_WEB_UI; |
| 97 } | 109 } |
| 98 | 110 |
| 99 bool can_read_raw_cookies() const { | 111 bool can_read_raw_cookies() const { |
| 100 return can_read_raw_cookies_; | 112 return can_read_raw_cookies_; |
| 101 } | 113 } |
| 102 | 114 |
| 103 private: | 115 private: |
| 104 typedef std::map<std::string, bool> SchemeMap; | 116 typedef std::map<std::string, bool> SchemeMap; |
| 105 typedef std::map<FilePath, int> FileMap; // bit-set of PlatformFileFlags | 117 typedef std::map<FilePath, int> FileMap; // bit-set of PlatformFileFlags |
| 106 | 118 |
| 107 // Maps URL schemes to whether permission has been granted or revoked: | 119 // Maps URL schemes to whether permission has been granted or revoked: |
| 108 // |true| means the scheme has been granted. | 120 // |true| means the scheme has been granted. |
| 109 // |false| means the scheme has been revoked. | 121 // |false| means the scheme has been revoked. |
| 110 // If a scheme is not present in the map, then it has never been granted | 122 // If a scheme is not present in the map, then it has never been granted |
| 111 // or revoked. | 123 // or revoked. |
| 112 SchemeMap scheme_policy_; | 124 SchemeMap scheme_policy_; |
| 113 | 125 |
| 114 // The set of files the child process is permited to upload to the web. | 126 // The set of files the child process is permited to upload to the web. |
| 115 FileMap file_permissions_; | 127 FileMap file_permissions_; |
| 116 | 128 |
| 117 int enabled_bindings_; | 129 int enabled_bindings_; |
| 118 | 130 |
| 119 bool can_read_raw_cookies_; | 131 bool can_read_raw_cookies_; |
| 120 | 132 |
| 133 GURL origin_lock_; | |
| 134 | |
| 121 DISALLOW_COPY_AND_ASSIGN(SecurityState); | 135 DISALLOW_COPY_AND_ASSIGN(SecurityState); |
| 122 }; | 136 }; |
| 123 | 137 |
| 124 ChildProcessSecurityPolicy::ChildProcessSecurityPolicy() { | 138 ChildProcessSecurityPolicy::ChildProcessSecurityPolicy() { |
| 125 // We know about these schemes and believe them to be safe. | 139 // We know about these schemes and believe them to be safe. |
| 126 RegisterWebSafeScheme(chrome::kHttpScheme); | 140 RegisterWebSafeScheme(chrome::kHttpScheme); |
| 127 RegisterWebSafeScheme(chrome::kHttpsScheme); | 141 RegisterWebSafeScheme(chrome::kHttpsScheme); |
| 128 RegisterWebSafeScheme(chrome::kFtpScheme); | 142 RegisterWebSafeScheme(chrome::kFtpScheme); |
| 129 RegisterWebSafeScheme(chrome::kDataScheme); | 143 RegisterWebSafeScheme(chrome::kDataScheme); |
| 130 RegisterWebSafeScheme("feed"); | 144 RegisterWebSafeScheme("feed"); |
| (...skipping 305 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 436 security_state_[child_id] = new SecurityState(); | 450 security_state_[child_id] = new SecurityState(); |
| 437 } | 451 } |
| 438 | 452 |
| 439 bool ChildProcessSecurityPolicy::ChildProcessHasPermissionsForFile( | 453 bool ChildProcessSecurityPolicy::ChildProcessHasPermissionsForFile( |
| 440 int child_id, const FilePath& file, int permissions) { | 454 int child_id, const FilePath& file, int permissions) { |
| 441 SecurityStateMap::iterator state = security_state_.find(child_id); | 455 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 442 if (state == security_state_.end()) | 456 if (state == security_state_.end()) |
| 443 return false; | 457 return false; |
| 444 return state->second->HasPermissionsForFile(file, permissions); | 458 return state->second->HasPermissionsForFile(file, permissions); |
| 445 } | 459 } |
| 460 | |
| 461 bool ChildProcessSecurityPolicy::CanUseCookiesForOrigin(int child_id, | |
| 462 const GURL& gurl) { | |
| 463 base::AutoLock lock(lock_); | |
| 464 SecurityStateMap::iterator state = security_state_.find(child_id); | |
| 465 if (state == security_state_.end()) { | |
| 466 NOTREACHED(); | |
| 467 return false; | |
| 468 } | |
| 469 return state->second->CanUseCookiesForOrigin(gurl); | |
| 470 } | |
| 471 | |
| 472 void ChildProcessSecurityPolicy::LockToOrigin(int child_id, const GURL& gurl) { | |
| 473 DCHECK(!gurl.is_empty()); | |
| 474 DCHECK(gurl.GetOrigin() == gurl); | |
|
Charlie Reis
2011/11/22 19:06:59
Interesting. I think line 475 implies line 474, b
| |
| 475 DCHECK(SiteInstance::GetSiteForURL(NULL, gurl) == gurl); | |
| 476 base::AutoLock lock(lock_); | |
| 477 SecurityStateMap::iterator state = security_state_.find(child_id); | |
| 478 DCHECK(state != security_state_.end()); | |
| 479 state->second->LockToOrigin(gurl); | |
| 480 } | |
| 481 | |
| OLD | NEW |
