OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <set> | 5 #include <set> |
6 #include <string> | 6 #include <string> |
7 | 7 |
8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
10 #include "base/platform_file.h" | 10 #include "base/platform_file.h" |
(...skipping 328 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
339 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/"))); | 339 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/"))); |
340 EXPECT_TRUE(p->CanReadFile(kRendererID, | 340 EXPECT_TRUE(p->CanReadFile(kRendererID, |
341 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); | 341 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); |
342 EXPECT_FALSE(p->CanReadDirectory(kRendererID, | 342 EXPECT_FALSE(p->CanReadDirectory(kRendererID, |
343 FilePath(FILE_PATH_LITERAL("/etc/")))); | 343 FilePath(FILE_PATH_LITERAL("/etc/")))); |
344 | 344 |
345 p->Remove(kRendererID); | 345 p->Remove(kRendererID); |
346 } | 346 } |
347 | 347 |
348 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { | 348 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { |
| 349 FilePath granted_file = FilePath(FILE_PATH_LITERAL("/home/joe")); |
| 350 FilePath sibling_file = FilePath(FILE_PATH_LITERAL("/home/bob")); |
| 351 FilePath child_file = FilePath(FILE_PATH_LITERAL("/home/joe/file")); |
| 352 FilePath parent_file = FilePath(FILE_PATH_LITERAL("/home")); |
| 353 FilePath parent_slash_file = FilePath(FILE_PATH_LITERAL("/home/")); |
| 354 FilePath child_traversal1 = FilePath( |
| 355 FILE_PATH_LITERAL("/home/joe/././file")); |
| 356 FilePath child_traversal2 = FilePath( |
| 357 FILE_PATH_LITERAL("/home/joe/file/../otherfile")); |
| 358 FilePath evil_traversal1 = FilePath( |
| 359 FILE_PATH_LITERAL("/home/joe/../../etc/passwd")); |
| 360 FilePath evil_traversal2 = FilePath( |
| 361 FILE_PATH_LITERAL("/home/joe/./.././../etc/passwd")); |
| 362 FilePath self_traversal = FilePath( |
| 363 FILE_PATH_LITERAL("/home/joe/../joe/file")); |
| 364 |
349 ChildProcessSecurityPolicyImpl* p = | 365 ChildProcessSecurityPolicyImpl* p = |
350 ChildProcessSecurityPolicyImpl::GetInstance(); | 366 ChildProcessSecurityPolicyImpl::GetInstance(); |
351 | 367 |
352 // Grant permissions for a file. | 368 // Grant permissions for a file. |
353 p->Add(kRendererID); | 369 p->Add(kRendererID); |
354 FilePath file = FilePath(FILE_PATH_LITERAL("/etc/passwd")); | 370 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
355 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | |
356 base::PLATFORM_FILE_OPEN)); | 371 base::PLATFORM_FILE_OPEN)); |
357 | 372 |
358 p->GrantPermissionsForFile(kRendererID, file, | 373 p->GrantPermissionsForFile(kRendererID, granted_file, |
359 base::PLATFORM_FILE_OPEN | | 374 base::PLATFORM_FILE_OPEN | |
360 base::PLATFORM_FILE_OPEN_TRUNCATED | | 375 base::PLATFORM_FILE_OPEN_TRUNCATED | |
361 base::PLATFORM_FILE_READ | | 376 base::PLATFORM_FILE_READ | |
362 base::PLATFORM_FILE_WRITE); | 377 base::PLATFORM_FILE_WRITE); |
363 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 378 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
364 base::PLATFORM_FILE_OPEN | | 379 base::PLATFORM_FILE_OPEN | |
365 base::PLATFORM_FILE_OPEN_TRUNCATED | | 380 base::PLATFORM_FILE_OPEN_TRUNCATED | |
366 base::PLATFORM_FILE_READ | | 381 base::PLATFORM_FILE_READ | |
367 base::PLATFORM_FILE_WRITE)); | 382 base::PLATFORM_FILE_WRITE)); |
368 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 383 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
369 base::PLATFORM_FILE_OPEN | | 384 base::PLATFORM_FILE_OPEN | |
370 base::PLATFORM_FILE_READ)); | 385 base::PLATFORM_FILE_READ)); |
371 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 386 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
372 base::PLATFORM_FILE_CREATE)); | 387 base::PLATFORM_FILE_CREATE)); |
373 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 388 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
374 base::PLATFORM_FILE_CREATE | | 389 base::PLATFORM_FILE_CREATE | |
375 base::PLATFORM_FILE_OPEN_TRUNCATED | | 390 base::PLATFORM_FILE_OPEN_TRUNCATED | |
376 base::PLATFORM_FILE_READ | | 391 base::PLATFORM_FILE_READ | |
377 base::PLATFORM_FILE_WRITE)); | 392 base::PLATFORM_FILE_WRITE)); |
| 393 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file, |
| 394 base::PLATFORM_FILE_OPEN | |
| 395 base::PLATFORM_FILE_READ)); |
| 396 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file, |
| 397 base::PLATFORM_FILE_OPEN | |
| 398 base::PLATFORM_FILE_READ)); |
| 399 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file, |
| 400 base::PLATFORM_FILE_OPEN | |
| 401 base::PLATFORM_FILE_READ)); |
| 402 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1, |
| 403 base::PLATFORM_FILE_OPEN | |
| 404 base::PLATFORM_FILE_READ)); |
| 405 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2, |
| 406 base::PLATFORM_FILE_OPEN | |
| 407 base::PLATFORM_FILE_READ)); |
| 408 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1, |
| 409 base::PLATFORM_FILE_OPEN | |
| 410 base::PLATFORM_FILE_READ)); |
| 411 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2, |
| 412 base::PLATFORM_FILE_OPEN | |
| 413 base::PLATFORM_FILE_READ)); |
| 414 // CPSP doesn't allow this case for the sake of simplicity. |
| 415 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal, |
| 416 base::PLATFORM_FILE_OPEN | |
| 417 base::PLATFORM_FILE_READ)); |
378 p->Remove(kRendererID); | 418 p->Remove(kRendererID); |
379 | 419 |
380 // Grant permissions for the directory the file is in. | 420 // Grant permissions for the directory the file is in. |
381 p->Add(kRendererID); | 421 p->Add(kRendererID); |
382 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 422 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
383 base::PLATFORM_FILE_OPEN)); | 423 base::PLATFORM_FILE_OPEN)); |
384 p->GrantPermissionsForFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc")), | 424 p->GrantPermissionsForFile(kRendererID, parent_file, |
385 base::PLATFORM_FILE_OPEN | | 425 base::PLATFORM_FILE_OPEN | |
386 base::PLATFORM_FILE_READ); | 426 base::PLATFORM_FILE_READ); |
387 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 427 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
388 base::PLATFORM_FILE_OPEN)); | 428 base::PLATFORM_FILE_OPEN)); |
389 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 429 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
390 base::PLATFORM_FILE_READ | | 430 base::PLATFORM_FILE_READ | |
391 base::PLATFORM_FILE_WRITE)); | 431 base::PLATFORM_FILE_WRITE)); |
392 p->Remove(kRendererID); | 432 p->Remove(kRendererID); |
393 | 433 |
394 // Grant permissions for the directory the file is in (with trailing '/'). | 434 // Grant permissions for the directory the file is in (with trailing '/'). |
395 p->Add(kRendererID); | 435 p->Add(kRendererID); |
396 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 436 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
397 base::PLATFORM_FILE_OPEN)); | 437 base::PLATFORM_FILE_OPEN)); |
398 p->GrantPermissionsForFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")), | 438 p->GrantPermissionsForFile(kRendererID, parent_slash_file, |
399 base::PLATFORM_FILE_OPEN | | 439 base::PLATFORM_FILE_OPEN | |
400 base::PLATFORM_FILE_READ); | 440 base::PLATFORM_FILE_READ); |
401 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 441 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
402 base::PLATFORM_FILE_OPEN)); | 442 base::PLATFORM_FILE_OPEN)); |
403 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 443 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
404 base::PLATFORM_FILE_READ | | 444 base::PLATFORM_FILE_READ | |
405 base::PLATFORM_FILE_WRITE)); | 445 base::PLATFORM_FILE_WRITE)); |
406 | 446 |
407 // Grant permissions for the file (should overwrite the permissions granted | 447 // Grant permissions for the file (should overwrite the permissions granted |
408 // for the directory). | 448 // for the directory). |
409 p->GrantPermissionsForFile(kRendererID, file, base::PLATFORM_FILE_TEMPORARY); | 449 p->GrantPermissionsForFile(kRendererID, granted_file, |
410 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 450 base::PLATFORM_FILE_TEMPORARY); |
| 451 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
411 base::PLATFORM_FILE_OPEN)); | 452 base::PLATFORM_FILE_OPEN)); |
412 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 453 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
413 base::PLATFORM_FILE_TEMPORARY)); | 454 base::PLATFORM_FILE_TEMPORARY)); |
414 | 455 |
415 // Revoke all permissions for the file (it should inherit its permissions | 456 // Revoke all permissions for the file (it should inherit its permissions |
416 // from the directory again). | 457 // from the directory again). |
417 p->RevokeAllPermissionsForFile(kRendererID, file); | 458 p->RevokeAllPermissionsForFile(kRendererID, granted_file); |
418 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 459 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
419 base::PLATFORM_FILE_OPEN | | 460 base::PLATFORM_FILE_OPEN | |
420 base::PLATFORM_FILE_READ)); | 461 base::PLATFORM_FILE_READ)); |
421 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 462 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
422 base::PLATFORM_FILE_TEMPORARY)); | 463 base::PLATFORM_FILE_TEMPORARY)); |
423 p->Remove(kRendererID); | 464 p->Remove(kRendererID); |
424 | 465 |
425 // Grant file permissions for the file to main thread renderer process, | 466 // Grant file permissions for the file to main thread renderer process, |
426 // make sure its worker thread renderer process inherits those. | 467 // make sure its worker thread renderer process inherits those. |
427 p->Add(kRendererID); | 468 p->Add(kRendererID); |
428 p->GrantPermissionsForFile(kRendererID, file, base::PLATFORM_FILE_OPEN | | 469 p->GrantPermissionsForFile(kRendererID, granted_file, |
429 base::PLATFORM_FILE_READ); | 470 base::PLATFORM_FILE_OPEN | |
430 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 471 base::PLATFORM_FILE_READ); |
| 472 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
431 base::PLATFORM_FILE_OPEN | | 473 base::PLATFORM_FILE_OPEN | |
432 base::PLATFORM_FILE_READ)); | 474 base::PLATFORM_FILE_READ)); |
433 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 475 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
434 base::PLATFORM_FILE_WRITE)); | 476 base::PLATFORM_FILE_WRITE)); |
435 p->AddWorker(kWorkerRendererID, kRendererID); | 477 p->AddWorker(kWorkerRendererID, kRendererID); |
436 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, file, | 478 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
437 base::PLATFORM_FILE_OPEN | | 479 base::PLATFORM_FILE_OPEN | |
438 base::PLATFORM_FILE_READ)); | 480 base::PLATFORM_FILE_READ)); |
439 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file, | 481 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
440 base::PLATFORM_FILE_WRITE)); | 482 base::PLATFORM_FILE_WRITE)); |
441 p->Remove(kRendererID); | 483 p->Remove(kRendererID); |
442 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file, | 484 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
443 base::PLATFORM_FILE_OPEN | | 485 base::PLATFORM_FILE_OPEN | |
444 base::PLATFORM_FILE_READ)); | 486 base::PLATFORM_FILE_READ)); |
445 p->Remove(kWorkerRendererID); | 487 p->Remove(kWorkerRendererID); |
446 } | 488 } |
447 | 489 |
448 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { | 490 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { |
449 ChildProcessSecurityPolicyImpl* p = | 491 ChildProcessSecurityPolicyImpl* p = |
450 ChildProcessSecurityPolicyImpl::GetInstance(); | 492 ChildProcessSecurityPolicyImpl::GetInstance(); |
451 | 493 |
452 GURL url("chrome://thumb/http://www.google.com/"); | 494 GURL url("chrome://thumb/http://www.google.com/"); |
(...skipping 30 matching lines...) Expand all Loading... |
483 | 525 |
484 // Renderers are added and removed on the UI thread, but the policy can be | 526 // Renderers are added and removed on the UI thread, but the policy can be |
485 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 527 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
486 // prepared to answer policy questions about renderers who no longer exist. | 528 // prepared to answer policy questions about renderers who no longer exist. |
487 | 529 |
488 // In this case, we default to secure behavior. | 530 // In this case, we default to secure behavior. |
489 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 531 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
490 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 532 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
491 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 533 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
492 } | 534 } |
OLD | NEW |