Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(78)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/child_process_security_policy.cc

Issue 8588039: Remove "open in new tab" items from context menu if the process doesn't (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/browser/browser_process_impl.cc ('K') | « chrome/browser/tab_contents/render_view_context_menu.cc ('k') | content/browser/tab_contents/tab_contents.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/child_process_security_policy.h" 5 #include "content/browser/child_process_security_policy.h"
6 6
7 #include "base/file_path.h" 7 #include "base/file_path.h"
8 #include "base/logging.h" 8 #include "base/logging.h"
9 #include "base/metrics/histogram.h" 9 #include "base/metrics/histogram.h"
10 #include "base/platform_file.h" 10 #include "base/platform_file.h"
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
71 } 71 }
72 72
73 void RevokeReadRawCookies() { 73 void RevokeReadRawCookies() {
74 can_read_raw_cookies_ = false; 74 can_read_raw_cookies_ = false;
75 } 75 }
76 76
77 // Determine whether permission has been granted to request url. 77 // Determine whether permission has been granted to request url.
78 // Schemes that have not been granted default to being denied. 78 // Schemes that have not been granted default to being denied.
79 bool CanRequestURL(const GURL& url) { 79 bool CanRequestURL(const GURL& url) {
80 SchemeMap::const_iterator judgment(scheme_policy_.find(url.scheme())); 80 SchemeMap::const_iterator judgment(scheme_policy_.find(url.scheme()));
81
82 if (judgment == scheme_policy_.end()) 81 if (judgment == scheme_policy_.end())
83 return false; // Unmentioned schemes are disallowed. 82 return false; // Unmentioned schemes are disallowed.
84 83
85 return judgment->second; 84 return judgment->second;
86 } 85 }
87 86
88 // Determine if the certain permissions have been granted to a file. 87 // Determine if the certain permissions have been granted to a file.
89 bool HasPermissionsForFile(const FilePath& file, int permissions) { 88 bool HasPermissionsForFile(const FilePath& file, int permissions) {
90 FilePath current_path = file.StripTrailingSeparators(); 89 FilePath current_path = file.StripTrailingSeparators();
91 FilePath last_path; 90 FilePath last_path;
(...skipping 260 matching lines...) Expand 10 before | Expand all | Expand 10 after
352 int child_id, const GURL& url) { 351 int child_id, const GURL& url) {
353 if (!url.is_valid()) 352 if (!url.is_valid())
354 return false; // Can't request invalid URLs. 353 return false; // Can't request invalid URLs.
355 354
356 if (IsDisabledScheme(url.scheme())) 355 if (IsDisabledScheme(url.scheme()))
357 return false; // The scheme is disabled by policy. 356 return false; // The scheme is disabled by policy.
358 357
359 if (IsWebSafeScheme(url.scheme())) 358 if (IsWebSafeScheme(url.scheme()))
360 return true; // The scheme has been white-listed for every child process. 359 return true; // The scheme has been white-listed for every child process.
361 360
362 if (IsPseudoScheme(url.scheme())) { 361 // There are a number of special cases for pseudo-schemes.
363 // There are a number of special cases for pseudo schemes. 362 if (url.SchemeIs(chrome::kViewSourceScheme)) {
363 // A view-source URL is allowed if the child process is permitted to
364 // request the embedded URL. Careful to avoid pointless recursion.
365 GURL child_url(url.path());
366 if (child_url.SchemeIs(chrome::kViewSourceScheme) &&
367 url.SchemeIs(chrome::kViewSourceScheme))
368 return false;
364 369
365 if (url.SchemeIs(chrome::kViewSourceScheme)) { 370 return CanRequestURL(child_id, child_url);
366 // A view-source URL is allowed if the child process is permitted to 371 }
367 // request the embedded URL. Careful to avoid pointless recursion.
368 GURL child_url(url.path());
369 if (child_url.SchemeIs(chrome::kViewSourceScheme) &&
370 url.SchemeIs(chrome::kViewSourceScheme))
371 return false;
372 372
373 return CanRequestURL(child_id, child_url); 373 if (url.SchemeIs(chrome::kAboutScheme)) {
374 } 374 // Every child process can request <about:blank> but URLs like
375 // <about:memory> and <about:crash> shouldn't be requestable by any
376 // child process.
377 return LowerCaseEqualsASCII(url.spec(), chrome::kAboutBlankURL);
378 }
375 379
376 if (LowerCaseEqualsASCII(url.spec(), chrome::kAboutBlankURL)) 380 if (url.SchemeIs(chrome::kJavaScriptScheme)) {
377 return true; // Every child process can request <about:blank>. 381 // The <javascript:...> case should be handled internally by the process
378 382 // and not kicked up to the browser.
379 // URLs like <about:memory> and <about:crash> shouldn't be requestable by
380 // any child process. Also, this case covers <javascript:...>, which should
381 // be handled internally by the process and not kicked up to the browser.
382 return false; 383 return false;
383 } 384 }
384 385
385 if (!net::URLRequest::IsHandledURL(url)) 386 if (!IsPseudoScheme(url.scheme()) && !net::URLRequest::IsHandledURL(url))
386 return true; // This URL request is destined for ShellExecute. 387 return true; // This URL request is destined for ShellExecute.
387 388
388 { 389 {
389 base::AutoLock lock(lock_); 390 base::AutoLock lock(lock_);
390 391
391 SecurityStateMap::iterator state = security_state_.find(child_id); 392 SecurityStateMap::iterator state = security_state_.find(child_id);
392 if (state == security_state_.end()) 393 if (state == security_state_.end())
393 return false; 394 return false;
394 395
395 // Otherwise, we consult the child process's security state to see if it is 396 // Otherwise, we consult the child process's security state to see if it is
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
475 476
476 void ChildProcessSecurityPolicy::LockToOrigin(int child_id, const GURL& gurl) { 477 void ChildProcessSecurityPolicy::LockToOrigin(int child_id, const GURL& gurl) {
477 // "gurl" can be currently empty in some cases, such as file://blah. 478 // "gurl" can be currently empty in some cases, such as file://blah.
478 DCHECK(SiteInstance::GetSiteForURL(NULL, gurl) == gurl); 479 DCHECK(SiteInstance::GetSiteForURL(NULL, gurl) == gurl);
479 base::AutoLock lock(lock_); 480 base::AutoLock lock(lock_);
480 SecurityStateMap::iterator state = security_state_.find(child_id); 481 SecurityStateMap::iterator state = security_state_.find(child_id);
481 DCHECK(state != security_state_.end()); 482 DCHECK(state != security_state_.end());
482 state->second->LockToOrigin(gurl); 483 state->second->LockToOrigin(gurl);
483 } 484 }
484 485
OLDNEW
« chrome/browser/browser_process_impl.cc ('K') | « chrome/browser/tab_contents/render_view_context_menu.cc ('k') | content/browser/tab_contents/tab_contents.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698