| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <set> | 5 #include <set> |
| 6 #include <string> | 6 #include <string> |
| 7 | 7 |
| 8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
| 10 #include "base/platform_file.h" | 10 #include "base/platform_file.h" |
| (...skipping 328 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 339 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/"))); | 339 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/"))); |
| 340 EXPECT_TRUE(p->CanReadFile(kRendererID, | 340 EXPECT_TRUE(p->CanReadFile(kRendererID, |
| 341 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); | 341 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); |
| 342 EXPECT_FALSE(p->CanReadDirectory(kRendererID, | 342 EXPECT_FALSE(p->CanReadDirectory(kRendererID, |
| 343 FilePath(FILE_PATH_LITERAL("/etc/")))); | 343 FilePath(FILE_PATH_LITERAL("/etc/")))); |
| 344 | 344 |
| 345 p->Remove(kRendererID); | 345 p->Remove(kRendererID); |
| 346 } | 346 } |
| 347 | 347 |
| 348 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { | 348 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { |
| 349 FilePath granted_file = FilePath(FILE_PATH_LITERAL("/home/joe")); |
| 350 FilePath sibling_file = FilePath(FILE_PATH_LITERAL("/home/bob")); |
| 351 FilePath child_file = FilePath(FILE_PATH_LITERAL("/home/joe/file")); |
| 352 FilePath parent_file = FilePath(FILE_PATH_LITERAL("/home")); |
| 353 FilePath parent_slash_file = FilePath(FILE_PATH_LITERAL("/home/")); |
| 354 FilePath child_traversal1 = FilePath( |
| 355 FILE_PATH_LITERAL("/home/joe/././file")); |
| 356 FilePath child_traversal2 = FilePath( |
| 357 FILE_PATH_LITERAL("/home/joe/file/../otherfile")); |
| 358 FilePath evil_traversal1 = FilePath( |
| 359 FILE_PATH_LITERAL("/home/joe/../../etc/passwd")); |
| 360 FilePath evil_traversal2 = FilePath( |
| 361 FILE_PATH_LITERAL("/home/joe/./.././../etc/passwd")); |
| 362 FilePath self_traversal = FilePath( |
| 363 FILE_PATH_LITERAL("/home/joe/../joe/file")); |
| 364 |
| 349 ChildProcessSecurityPolicyImpl* p = | 365 ChildProcessSecurityPolicyImpl* p = |
| 350 ChildProcessSecurityPolicyImpl::GetInstance(); | 366 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 351 | 367 |
| 352 // Grant permissions for a file. | 368 // Grant permissions for a file. |
| 353 p->Add(kRendererID); | 369 p->Add(kRendererID); |
| 354 FilePath file = FilePath(FILE_PATH_LITERAL("/etc/passwd")); | 370 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 355 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | |
| 356 base::PLATFORM_FILE_OPEN)); | 371 base::PLATFORM_FILE_OPEN)); |
| 357 | 372 |
| 358 p->GrantPermissionsForFile(kRendererID, file, | 373 p->GrantPermissionsForFile(kRendererID, granted_file, |
| 359 base::PLATFORM_FILE_OPEN | | 374 base::PLATFORM_FILE_OPEN | |
| 360 base::PLATFORM_FILE_OPEN_TRUNCATED | | 375 base::PLATFORM_FILE_OPEN_TRUNCATED | |
| 361 base::PLATFORM_FILE_READ | | 376 base::PLATFORM_FILE_READ | |
| 362 base::PLATFORM_FILE_WRITE); | 377 base::PLATFORM_FILE_WRITE); |
| 363 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 378 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 364 base::PLATFORM_FILE_OPEN | | 379 base::PLATFORM_FILE_OPEN | |
| 365 base::PLATFORM_FILE_OPEN_TRUNCATED | | 380 base::PLATFORM_FILE_OPEN_TRUNCATED | |
| 366 base::PLATFORM_FILE_READ | | 381 base::PLATFORM_FILE_READ | |
| 367 base::PLATFORM_FILE_WRITE)); | 382 base::PLATFORM_FILE_WRITE)); |
| 368 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 383 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 369 base::PLATFORM_FILE_OPEN | | 384 base::PLATFORM_FILE_OPEN | |
| 370 base::PLATFORM_FILE_READ)); | 385 base::PLATFORM_FILE_READ)); |
| 371 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 386 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 372 base::PLATFORM_FILE_CREATE)); | 387 base::PLATFORM_FILE_CREATE)); |
| 373 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 388 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 374 base::PLATFORM_FILE_CREATE | | 389 base::PLATFORM_FILE_CREATE | |
| 375 base::PLATFORM_FILE_OPEN_TRUNCATED | | 390 base::PLATFORM_FILE_OPEN_TRUNCATED | |
| 376 base::PLATFORM_FILE_READ | | 391 base::PLATFORM_FILE_READ | |
| 377 base::PLATFORM_FILE_WRITE)); | 392 base::PLATFORM_FILE_WRITE)); |
| 393 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file, |
| 394 base::PLATFORM_FILE_OPEN | |
| 395 base::PLATFORM_FILE_READ)); |
| 396 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file, |
| 397 base::PLATFORM_FILE_OPEN | |
| 398 base::PLATFORM_FILE_READ)); |
| 399 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file, |
| 400 base::PLATFORM_FILE_OPEN | |
| 401 base::PLATFORM_FILE_READ)); |
| 402 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1, |
| 403 base::PLATFORM_FILE_OPEN | |
| 404 base::PLATFORM_FILE_READ)); |
| 405 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2, |
| 406 base::PLATFORM_FILE_OPEN | |
| 407 base::PLATFORM_FILE_READ)); |
| 408 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1, |
| 409 base::PLATFORM_FILE_OPEN | |
| 410 base::PLATFORM_FILE_READ)); |
| 411 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2, |
| 412 base::PLATFORM_FILE_OPEN | |
| 413 base::PLATFORM_FILE_READ)); |
| 414 // CPSP doesn't allow this case for the sake of simplicity. |
| 415 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal, |
| 416 base::PLATFORM_FILE_OPEN | |
| 417 base::PLATFORM_FILE_READ)); |
| 378 p->Remove(kRendererID); | 418 p->Remove(kRendererID); |
| 379 | 419 |
| 380 // Grant permissions for the directory the file is in. | 420 // Grant permissions for the directory the file is in. |
| 381 p->Add(kRendererID); | 421 p->Add(kRendererID); |
| 382 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 422 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 383 base::PLATFORM_FILE_OPEN)); | 423 base::PLATFORM_FILE_OPEN)); |
| 384 p->GrantPermissionsForFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc")), | 424 p->GrantPermissionsForFile(kRendererID, parent_file, |
| 385 base::PLATFORM_FILE_OPEN | | 425 base::PLATFORM_FILE_OPEN | |
| 386 base::PLATFORM_FILE_READ); | 426 base::PLATFORM_FILE_READ); |
| 387 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 427 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 388 base::PLATFORM_FILE_OPEN)); | 428 base::PLATFORM_FILE_OPEN)); |
| 389 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 429 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 390 base::PLATFORM_FILE_READ | | 430 base::PLATFORM_FILE_READ | |
| 391 base::PLATFORM_FILE_WRITE)); | 431 base::PLATFORM_FILE_WRITE)); |
| 392 p->Remove(kRendererID); | 432 p->Remove(kRendererID); |
| 393 | 433 |
| 394 // Grant permissions for the directory the file is in (with trailing '/'). | 434 // Grant permissions for the directory the file is in (with trailing '/'). |
| 395 p->Add(kRendererID); | 435 p->Add(kRendererID); |
| 396 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 436 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 397 base::PLATFORM_FILE_OPEN)); | 437 base::PLATFORM_FILE_OPEN)); |
| 398 p->GrantPermissionsForFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")), | 438 p->GrantPermissionsForFile(kRendererID, parent_slash_file, |
| 399 base::PLATFORM_FILE_OPEN | | 439 base::PLATFORM_FILE_OPEN | |
| 400 base::PLATFORM_FILE_READ); | 440 base::PLATFORM_FILE_READ); |
| 401 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 441 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 402 base::PLATFORM_FILE_OPEN)); | 442 base::PLATFORM_FILE_OPEN)); |
| 403 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 443 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 404 base::PLATFORM_FILE_READ | | 444 base::PLATFORM_FILE_READ | |
| 405 base::PLATFORM_FILE_WRITE)); | 445 base::PLATFORM_FILE_WRITE)); |
| 406 | 446 |
| 407 // Grant permissions for the file (should overwrite the permissions granted | 447 // Grant permissions for the file (should overwrite the permissions granted |
| 408 // for the directory). | 448 // for the directory). |
| 409 p->GrantPermissionsForFile(kRendererID, file, base::PLATFORM_FILE_TEMPORARY); | 449 p->GrantPermissionsForFile(kRendererID, granted_file, |
| 410 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 450 base::PLATFORM_FILE_TEMPORARY); |
| 451 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 411 base::PLATFORM_FILE_OPEN)); | 452 base::PLATFORM_FILE_OPEN)); |
| 412 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 453 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 413 base::PLATFORM_FILE_TEMPORARY)); | 454 base::PLATFORM_FILE_TEMPORARY)); |
| 414 | 455 |
| 415 // Revoke all permissions for the file (it should inherit its permissions | 456 // Revoke all permissions for the file (it should inherit its permissions |
| 416 // from the directory again). | 457 // from the directory again). |
| 417 p->RevokeAllPermissionsForFile(kRendererID, file); | 458 p->RevokeAllPermissionsForFile(kRendererID, granted_file); |
| 418 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 459 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 419 base::PLATFORM_FILE_OPEN | | 460 base::PLATFORM_FILE_OPEN | |
| 420 base::PLATFORM_FILE_READ)); | 461 base::PLATFORM_FILE_READ)); |
| 421 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 462 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 422 base::PLATFORM_FILE_TEMPORARY)); | 463 base::PLATFORM_FILE_TEMPORARY)); |
| 423 p->Remove(kRendererID); | 464 p->Remove(kRendererID); |
| 424 | 465 |
| 425 // Grant file permissions for the file to main thread renderer process, | 466 // Grant file permissions for the file to main thread renderer process, |
| 426 // make sure its worker thread renderer process inherits those. | 467 // make sure its worker thread renderer process inherits those. |
| 427 p->Add(kRendererID); | 468 p->Add(kRendererID); |
| 428 p->GrantPermissionsForFile(kRendererID, file, base::PLATFORM_FILE_OPEN | | 469 p->GrantPermissionsForFile(kRendererID, granted_file, |
| 429 base::PLATFORM_FILE_READ); | 470 base::PLATFORM_FILE_OPEN | |
| 430 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 471 base::PLATFORM_FILE_READ); |
| 472 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 431 base::PLATFORM_FILE_OPEN | | 473 base::PLATFORM_FILE_OPEN | |
| 432 base::PLATFORM_FILE_READ)); | 474 base::PLATFORM_FILE_READ)); |
| 433 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 475 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 434 base::PLATFORM_FILE_WRITE)); | 476 base::PLATFORM_FILE_WRITE)); |
| 435 p->AddWorker(kWorkerRendererID, kRendererID); | 477 p->AddWorker(kWorkerRendererID, kRendererID); |
| 436 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, file, | 478 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
| 437 base::PLATFORM_FILE_OPEN | | 479 base::PLATFORM_FILE_OPEN | |
| 438 base::PLATFORM_FILE_READ)); | 480 base::PLATFORM_FILE_READ)); |
| 439 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file, | 481 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
| 440 base::PLATFORM_FILE_WRITE)); | 482 base::PLATFORM_FILE_WRITE)); |
| 441 p->Remove(kRendererID); | 483 p->Remove(kRendererID); |
| 442 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file, | 484 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
| 443 base::PLATFORM_FILE_OPEN | | 485 base::PLATFORM_FILE_OPEN | |
| 444 base::PLATFORM_FILE_READ)); | 486 base::PLATFORM_FILE_READ)); |
| 445 p->Remove(kWorkerRendererID); | 487 p->Remove(kWorkerRendererID); |
| 446 } | 488 } |
| 447 | 489 |
| 448 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { | 490 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { |
| 449 ChildProcessSecurityPolicyImpl* p = | 491 ChildProcessSecurityPolicyImpl* p = |
| 450 ChildProcessSecurityPolicyImpl::GetInstance(); | 492 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 451 | 493 |
| 452 GURL url("chrome://thumb/http://www.google.com/"); | 494 GURL url("chrome://thumb/http://www.google.com/"); |
| (...skipping 30 matching lines...) Expand all Loading... |
| 483 | 525 |
| 484 // Renderers are added and removed on the UI thread, but the policy can be | 526 // Renderers are added and removed on the UI thread, but the policy can be |
| 485 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 527 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
| 486 // prepared to answer policy questions about renderers who no longer exist. | 528 // prepared to answer policy questions about renderers who no longer exist. |
| 487 | 529 |
| 488 // In this case, we default to secure behavior. | 530 // In this case, we default to secure behavior. |
| 489 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 531 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| 490 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 532 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
| 491 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 533 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
| 492 } | 534 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11316208:
Merge 168692 - Apply missing kParentDirectory check (Closed)
Base URL: svn://svn.chromium.org/chrome/branches/1271/src/