| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
| 6 | 6 |
| 7 #include "base/file_path.h" | 7 #include "base/file_path.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/metrics/histogram.h" | 9 #include "base/metrics/histogram.h" |
| 10 #include "base/platform_file.h" | 10 #include "base/platform_file.h" |
| 11 #include "base/stl_util.h" | 11 #include "base/stl_util.h" |
| 12 #include "base/string_util.h" | 12 #include "base/string_util.h" |
| 13 #include "content/browser/site_instance_impl.h" | 13 #include "content/browser/site_instance_impl.h" |
| 14 #include "content/public/browser/content_browser_client.h" | 14 #include "content/public/browser/content_browser_client.h" |
| 15 #include "content/public/common/bindings_policy.h" | 15 #include "content/public/common/bindings_policy.h" |
| 16 #include "content/public/common/url_constants.h" | 16 #include "content/public/common/url_constants.h" |
| 17 #include "googleurl/src/gurl.h" | 17 #include "googleurl/src/gurl.h" |
| 18 #include "net/base/net_util.h" | 18 #include "net/base/net_util.h" |
| 19 #include "net/url_request/url_request.h" | 19 #include "net/url_request/url_request.h" |
| 20 #include "webkit/fileapi/isolated_context.h" | 20 #include "webkit/fileapi/isolated_context.h" |
| 21 | 21 |
| 22 using content::ChildProcessSecurityPolicy; | 22 namespace content { |
| 23 using content::SiteInstance; | |
| 24 | 23 |
| 25 namespace { | 24 namespace { |
| 26 | 25 |
| 27 const int kReadFilePermissions = | 26 const int kReadFilePermissions = |
| 28 base::PLATFORM_FILE_OPEN | | 27 base::PLATFORM_FILE_OPEN | |
| 29 base::PLATFORM_FILE_READ | | 28 base::PLATFORM_FILE_READ | |
| 30 base::PLATFORM_FILE_EXCLUSIVE_READ | | 29 base::PLATFORM_FILE_EXCLUSIVE_READ | |
| 31 base::PLATFORM_FILE_ASYNC; | 30 base::PLATFORM_FILE_ASYNC; |
| 32 | 31 |
| 33 const int kWriteFilePermissions = | 32 const int kWriteFilePermissions = |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 161 return true; | 160 return true; |
| 162 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); | 161 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); |
| 163 return origin_lock_ == site_gurl; | 162 return origin_lock_ == site_gurl; |
| 164 } | 163 } |
| 165 | 164 |
| 166 void LockToOrigin(const GURL& gurl) { | 165 void LockToOrigin(const GURL& gurl) { |
| 167 origin_lock_ = gurl; | 166 origin_lock_ = gurl; |
| 168 } | 167 } |
| 169 | 168 |
| 170 bool has_web_ui_bindings() const { | 169 bool has_web_ui_bindings() const { |
| 171 return enabled_bindings_ & content::BINDINGS_POLICY_WEB_UI; | 170 return enabled_bindings_ & BINDINGS_POLICY_WEB_UI; |
| 172 } | 171 } |
| 173 | 172 |
| 174 bool can_read_raw_cookies() const { | 173 bool can_read_raw_cookies() const { |
| 175 return can_read_raw_cookies_; | 174 return can_read_raw_cookies_; |
| 176 } | 175 } |
| 177 | 176 |
| 178 private: | 177 private: |
| 179 typedef std::map<std::string, bool> SchemeMap; | 178 typedef std::map<std::string, bool> SchemeMap; |
| 180 | 179 |
| 181 typedef int FilePermissionFlags; // bit-set of PlatformFileFlags | 180 typedef int FilePermissionFlags; // bit-set of PlatformFileFlags |
| (...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 418 state->second->GrantScheme(scheme); | 417 state->second->GrantScheme(scheme); |
| 419 } | 418 } |
| 420 | 419 |
| 421 void ChildProcessSecurityPolicyImpl::GrantWebUIBindings(int child_id) { | 420 void ChildProcessSecurityPolicyImpl::GrantWebUIBindings(int child_id) { |
| 422 base::AutoLock lock(lock_); | 421 base::AutoLock lock(lock_); |
| 423 | 422 |
| 424 SecurityStateMap::iterator state = security_state_.find(child_id); | 423 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 425 if (state == security_state_.end()) | 424 if (state == security_state_.end()) |
| 426 return; | 425 return; |
| 427 | 426 |
| 428 state->second->GrantBindings(content::BINDINGS_POLICY_WEB_UI); | 427 state->second->GrantBindings(BINDINGS_POLICY_WEB_UI); |
| 429 | 428 |
| 430 // Web UI bindings need the ability to request chrome: URLs. | 429 // Web UI bindings need the ability to request chrome: URLs. |
| 431 state->second->GrantScheme(chrome::kChromeUIScheme); | 430 state->second->GrantScheme(chrome::kChromeUIScheme); |
| 432 | 431 |
| 433 // Web UI pages can contain links to file:// URLs. | 432 // Web UI pages can contain links to file:// URLs. |
| 434 state->second->GrantScheme(chrome::kFileScheme); | 433 state->second->GrantScheme(chrome::kFileScheme); |
| 435 } | 434 } |
| 436 | 435 |
| 437 void ChildProcessSecurityPolicyImpl::GrantReadRawCookies(int child_id) { | 436 void ChildProcessSecurityPolicyImpl::GrantReadRawCookies(int child_id) { |
| 438 base::AutoLock lock(lock_); | 437 base::AutoLock lock(lock_); |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 481 | 480 |
| 482 if (LowerCaseEqualsASCII(url.spec(), chrome::kAboutBlankURL)) | 481 if (LowerCaseEqualsASCII(url.spec(), chrome::kAboutBlankURL)) |
| 483 return true; // Every child process can request <about:blank>. | 482 return true; // Every child process can request <about:blank>. |
| 484 | 483 |
| 485 // URLs like <about:memory> and <about:crash> shouldn't be requestable by | 484 // URLs like <about:memory> and <about:crash> shouldn't be requestable by |
| 486 // any child process. Also, this case covers <javascript:...>, which should | 485 // any child process. Also, this case covers <javascript:...>, which should |
| 487 // be handled internally by the process and not kicked up to the browser. | 486 // be handled internally by the process and not kicked up to the browser. |
| 488 return false; | 487 return false; |
| 489 } | 488 } |
| 490 | 489 |
| 491 if (!content::GetContentClient()->browser()->IsHandledURL(url) && | 490 if (!GetContentClient()->browser()->IsHandledURL(url) && |
| 492 !net::URLRequest::IsHandledURL(url)) { | 491 !net::URLRequest::IsHandledURL(url)) { |
| 493 return true; // This URL request is destined for ShellExecute. | 492 return true; // This URL request is destined for ShellExecute. |
| 494 } | 493 } |
| 495 | 494 |
| 496 { | 495 { |
| 497 base::AutoLock lock(lock_); | 496 base::AutoLock lock(lock_); |
| 498 | 497 |
| 499 SecurityStateMap::iterator state = security_state_.find(child_id); | 498 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 500 if (state == security_state_.end()) | 499 if (state == security_state_.end()) |
| 501 return false; | 500 return false; |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 622 int child_id, | 621 int child_id, |
| 623 const std::string& filesystem_id, | 622 const std::string& filesystem_id, |
| 624 int permission) { | 623 int permission) { |
| 625 base::AutoLock lock(lock_); | 624 base::AutoLock lock(lock_); |
| 626 | 625 |
| 627 SecurityStateMap::iterator state = security_state_.find(child_id); | 626 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 628 if (state == security_state_.end()) | 627 if (state == security_state_.end()) |
| 629 return false; | 628 return false; |
| 630 return state->second->HasPermissionsForFileSystem(filesystem_id, permission); | 629 return state->second->HasPermissionsForFileSystem(filesystem_id, permission); |
| 631 } | 630 } |
| 631 |
| 632 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11274038:
content/browser: Move more files into the content namespace. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src