| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy.h" | 5 #include "content/browser/child_process_security_policy.h" |
| 6 | 6 |
| 7 #include "base/file_path.h" | 7 #include "base/file_path.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/metrics/histogram.h" |
| 9 #include "base/platform_file.h" | 10 #include "base/platform_file.h" |
| 10 #include "base/stl_util.h" | 11 #include "base/stl_util.h" |
| 11 #include "base/string_util.h" | 12 #include "base/string_util.h" |
| 12 #include "content/public/common/bindings_policy.h" | 13 #include "content/public/common/bindings_policy.h" |
| 13 #include "content/public/common/url_constants.h" | 14 #include "content/public/common/url_constants.h" |
| 14 #include "googleurl/src/gurl.h" | 15 #include "googleurl/src/gurl.h" |
| 15 #include "net/url_request/url_request.h" | 16 #include "net/url_request/url_request.h" |
| 16 | 17 |
| 17 static const int kReadFilePermissions = | 18 static const int kReadFilePermissions = |
| 18 base::PLATFORM_FILE_OPEN | | 19 base::PLATFORM_FILE_OPEN | |
| 19 base::PLATFORM_FILE_READ | | 20 base::PLATFORM_FILE_READ | |
| 20 base::PLATFORM_FILE_EXCLUSIVE_READ | | 21 base::PLATFORM_FILE_EXCLUSIVE_READ | |
| 21 base::PLATFORM_FILE_ASYNC; | 22 base::PLATFORM_FILE_ASYNC; |
| 22 | 23 |
| 23 static const int kEnumerateDirectoryPermissions = | 24 static const int kEnumerateDirectoryPermissions = |
| 24 kReadFilePermissions | | 25 kReadFilePermissions | |
| 25 base::PLATFORM_FILE_ENUMERATE; | 26 base::PLATFORM_FILE_ENUMERATE; |
| 26 | 27 |
| 27 // The SecurityState class is used to maintain per-child process security state | 28 // The SecurityState class is used to maintain per-child process security state |
| 28 // information. | 29 // information. |
| 29 class ChildProcessSecurityPolicy::SecurityState { | 30 class ChildProcessSecurityPolicy::SecurityState { |
| 30 public: | 31 public: |
| 31 SecurityState() | 32 SecurityState() |
| 32 : enabled_bindings_(0), | 33 : enabled_bindings_(0), |
| 33 can_read_raw_cookies_(false) { } | 34 can_read_raw_cookies_(false) { } |
| 34 ~SecurityState() { | 35 ~SecurityState() { |
| 35 scheme_policy_.clear(); | 36 scheme_policy_.clear(); |
| 37 UMA_HISTOGRAM_COUNTS("ChildProcessSecurityPolicy.PerChildFilePermissions", |
| 38 file_permissions_.size()); |
| 36 } | 39 } |
| 37 | 40 |
| 38 // Grant permission to request URLs with the specified scheme. | 41 // Grant permission to request URLs with the specified scheme. |
| 39 void GrantScheme(const std::string& scheme) { | 42 void GrantScheme(const std::string& scheme) { |
| 40 scheme_policy_[scheme] = true; | 43 scheme_policy_[scheme] = true; |
| 41 } | 44 } |
| 42 | 45 |
| 43 // Revoke permission to request URLs with the specified scheme. | 46 // Revoke permission to request URLs with the specified scheme. |
| 44 void RevokeScheme(const std::string& scheme) { | 47 void RevokeScheme(const std::string& scheme) { |
| 45 scheme_policy_[scheme] = false; | 48 scheme_policy_[scheme] = false; |
| 46 } | 49 } |
| 47 | 50 |
| 48 // Grant certain permissions to a file. | 51 // Grant certain permissions to a file. |
| 49 void GrantPermissionsForFile(const FilePath& file, int permissions) { | 52 void GrantPermissionsForFile(const FilePath& file, int permissions) { |
| 50 file_permissions_[file.StripTrailingSeparators()] |= permissions; | 53 FilePath stripped = file.StripTrailingSeparators(); |
| 54 file_permissions_[stripped] |= permissions; |
| 55 UMA_HISTOGRAM_COUNTS("ChildProcessSecurityPolicy.FilePermissionPathLength", |
| 56 stripped.value().size()); |
| 51 } | 57 } |
| 52 | 58 |
| 53 // Revokes all permissions granted to a file. | 59 // Revokes all permissions granted to a file. |
| 54 void RevokeAllPermissionsForFile(const FilePath& file) { | 60 void RevokeAllPermissionsForFile(const FilePath& file) { |
| 55 file_permissions_.erase(file.StripTrailingSeparators()); | 61 file_permissions_.erase(file.StripTrailingSeparators()); |
| 56 } | 62 } |
| 57 | 63 |
| 58 void GrantBindings(int bindings) { | 64 void GrantBindings(int bindings) { |
| 59 enabled_bindings_ |= bindings; | 65 enabled_bindings_ |= bindings; |
| 60 } | 66 } |
| (...skipping 375 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 436 security_state_[child_id] = new SecurityState(); | 442 security_state_[child_id] = new SecurityState(); |
| 437 } | 443 } |
| 438 | 444 |
| 439 bool ChildProcessSecurityPolicy::ChildProcessHasPermissionsForFile( | 445 bool ChildProcessSecurityPolicy::ChildProcessHasPermissionsForFile( |
| 440 int child_id, const FilePath& file, int permissions) { | 446 int child_id, const FilePath& file, int permissions) { |
| 441 SecurityStateMap::iterator state = security_state_.find(child_id); | 447 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 442 if (state == security_state_.end()) | 448 if (state == security_state_.end()) |
| 443 return false; | 449 return false; |
| 444 return state->second->HasPermissionsForFile(file, permissions); | 450 return state->second->HasPermissionsForFile(file, permissions); |
| 445 } | 451 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8569006:
Add UMA stats for per-child file permissions count (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src