OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/worker_host/worker_process_host.h" | 5 #include "content/browser/worker_host/worker_process_host.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
193 #if defined(OS_WIN) | 193 #if defined(OS_WIN) |
194 FilePath(), | 194 FilePath(), |
195 #elif defined(OS_POSIX) | 195 #elif defined(OS_POSIX) |
196 use_zygote, | 196 use_zygote, |
197 base::EnvironmentVector(), | 197 base::EnvironmentVector(), |
198 #endif | 198 #endif |
199 cmd_line); | 199 cmd_line); |
200 | 200 |
201 ChildProcessSecurityPolicyImpl::GetInstance()->AddWorker( | 201 ChildProcessSecurityPolicyImpl::GetInstance()->AddWorker( |
202 process_->GetData().id, render_process_id); | 202 process_->GetData().id, render_process_id); |
203 if (!CommandLine::ForCurrentProcess()->HasSwitch( | |
204 switches::kDisableFileSystem)) { | |
205 // Grant most file permissions to this worker. | |
206 // PLATFORM_FILE_TEMPORARY, PLATFORM_FILE_HIDDEN and | |
207 // PLATFORM_FILE_DELETE_ON_CLOSE are not granted, because no existing API | |
208 // requests them. | |
209 // This is for the filesystem sandbox. | |
210 ChildProcessSecurityPolicyImpl::GetInstance()->GrantPermissionsForFile( | |
211 process_->GetData().id, | |
212 partition_.filesystem_context()->sandbox_provider()->new_base_path(), | |
213 base::PLATFORM_FILE_OPEN | | |
214 base::PLATFORM_FILE_CREATE | | |
215 base::PLATFORM_FILE_OPEN_ALWAYS | | |
216 base::PLATFORM_FILE_CREATE_ALWAYS | | |
217 base::PLATFORM_FILE_OPEN_TRUNCATED | | |
218 base::PLATFORM_FILE_READ | | |
219 base::PLATFORM_FILE_WRITE | | |
220 base::PLATFORM_FILE_EXCLUSIVE_READ | | |
221 base::PLATFORM_FILE_EXCLUSIVE_WRITE | | |
222 base::PLATFORM_FILE_ASYNC | | |
223 base::PLATFORM_FILE_WRITE_ATTRIBUTES | | |
224 base::PLATFORM_FILE_ENUMERATE); | |
225 // This is so that we can read and move stuff out of the old filesystem | |
226 // sandbox. | |
227 ChildProcessSecurityPolicyImpl::GetInstance()->GrantPermissionsForFile( | |
228 process_->GetData().id, | |
229 partition_.filesystem_context()->sandbox_provider()->old_base_path(), | |
230 base::PLATFORM_FILE_READ | base::PLATFORM_FILE_WRITE | | |
231 base::PLATFORM_FILE_WRITE_ATTRIBUTES | | |
232 base::PLATFORM_FILE_ENUMERATE); | |
233 // This is so that we can rename the old sandbox out of the way so that | |
234 // we know we've taken care of it. | |
235 ChildProcessSecurityPolicyImpl::GetInstance()->GrantPermissionsForFile( | |
236 process_->GetData().id, | |
237 partition_.filesystem_context()->sandbox_provider()-> | |
238 renamed_old_base_path(), | |
239 base::PLATFORM_FILE_CREATE | base::PLATFORM_FILE_CREATE_ALWAYS | | |
240 base::PLATFORM_FILE_WRITE); | |
241 } | |
242 | |
243 CreateMessageFilters(render_process_id); | 203 CreateMessageFilters(render_process_id); |
244 | 204 |
245 return true; | 205 return true; |
246 } | 206 } |
247 | 207 |
248 void WorkerProcessHost::CreateMessageFilters(int render_process_id) { | 208 void WorkerProcessHost::CreateMessageFilters(int render_process_id) { |
249 ChromeBlobStorageContext* blob_storage_context = | 209 ChromeBlobStorageContext* blob_storage_context = |
250 GetChromeBlobStorageContextForResourceContext(resource_context_); | 210 GetChromeBlobStorageContextForResourceContext(resource_context_); |
251 | 211 |
252 net::URLRequestContextGetter* url_request_context = | 212 net::URLRequestContextGetter* url_request_context = |
(...skipping 453 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
706 return false; | 666 return false; |
707 } | 667 } |
708 | 668 |
709 WorkerProcessHost::WorkerInstance::FilterInfo | 669 WorkerProcessHost::WorkerInstance::FilterInfo |
710 WorkerProcessHost::WorkerInstance::GetFilter() const { | 670 WorkerProcessHost::WorkerInstance::GetFilter() const { |
711 DCHECK(NumFilters() == 1); | 671 DCHECK(NumFilters() == 1); |
712 return *filters_.begin(); | 672 return *filters_.begin(); |
713 } | 673 } |
714 | 674 |
715 } // namespace content | 675 } // namespace content |
OLD | NEW |