OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/file_path.h" | 8 #include "base/file_path.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
59 fileapi::IsolatedContext::GetInstance(); | 59 fileapi::IsolatedContext::GetInstance(); |
60 for (FileSystemMap::iterator iter = filesystem_permissions_.begin(); | 60 for (FileSystemMap::iterator iter = filesystem_permissions_.begin(); |
61 iter != filesystem_permissions_.end(); | 61 iter != filesystem_permissions_.end(); |
62 ++iter) { | 62 ++iter) { |
63 isolated_context->RemoveReference(iter->first); | 63 isolated_context->RemoveReference(iter->first); |
64 } | 64 } |
65 UMA_HISTOGRAM_COUNTS("ChildProcessSecurityPolicy.PerChildFilePermissions", | 65 UMA_HISTOGRAM_COUNTS("ChildProcessSecurityPolicy.PerChildFilePermissions", |
66 file_permissions_.size()); | 66 file_permissions_.size()); |
67 } | 67 } |
68 | 68 |
69 bool CanLoadIframe(const GURL& gurl){ | |
70 if (origin_lock_.is_empty()) | |
71 return true; | |
72 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); | |
Charlie Reis
2012/11/28 18:58:26
Please add the same TODO as in CanAccessCookiesFor
irobert
2012/11/28 22:50:41
Done.
| |
73 return origin_lock_ == site_gurl; | |
74 } | |
75 | |
69 // Grant permission to request URLs with the specified scheme. | 76 // Grant permission to request URLs with the specified scheme. |
70 void GrantScheme(const std::string& scheme) { | 77 void GrantScheme(const std::string& scheme) { |
71 scheme_policy_[scheme] = true; | 78 scheme_policy_[scheme] = true; |
72 } | 79 } |
73 | 80 |
74 // Revoke permission to request URLs with the specified scheme. | 81 // Revoke permission to request URLs with the specified scheme. |
75 void RevokeScheme(const std::string& scheme) { | 82 void RevokeScheme(const std::string& scheme) { |
76 scheme_policy_[scheme] = false; | 83 scheme_policy_[scheme] = false; |
77 } | 84 } |
78 | 85 |
(...skipping 402 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
481 base::AutoLock lock(lock_); | 488 base::AutoLock lock(lock_); |
482 | 489 |
483 SecurityStateMap::iterator state = security_state_.find(child_id); | 490 SecurityStateMap::iterator state = security_state_.find(child_id); |
484 if (state == security_state_.end()) | 491 if (state == security_state_.end()) |
485 return; | 492 return; |
486 | 493 |
487 state->second->RevokeReadRawCookies(); | 494 state->second->RevokeReadRawCookies(); |
488 } | 495 } |
489 | 496 |
490 bool ChildProcessSecurityPolicyImpl::CanRequestURL( | 497 bool ChildProcessSecurityPolicyImpl::CanRequestURL( |
491 int child_id, const GURL& url) { | 498 int child_id, const GURL& url, ResourceType::Type resource_type) { |
492 if (!url.is_valid()) | 499 if (!url.is_valid()) |
493 return false; // Can't request invalid URLs. | 500 return false; // Can't request invalid URLs. |
494 | 501 |
495 if (IsDisabledScheme(url.scheme())) | 502 if (IsDisabledScheme(url.scheme())) |
496 return false; // The scheme is disabled by policy. | 503 return false; // The scheme is disabled by policy. |
497 | 504 |
505 // If --enable-strict-site-isolation flag is passed, | |
Charlie Reis
2012/11/28 18:58:26
--site-per-process
irobert
2012/11/28 22:50:41
Done.
| |
506 // we should enforce stronger security restrictions on page navigation. | |
507 // | |
508 // TODO: This will break some WebUI page such as "chrome://extensions/" | |
Charlie Reis
2012/11/28 18:58:26
nit: TODO(irobert):
Also, move the TODO comment i
irobert
2012/11/28 22:50:41
Done.
| |
509 // page (belongs to site chrome://chrome/) which loads an iframe for | |
510 // the page "chrome://uber-frame/" (belongs to site chrome://uber-frame/) | |
511 if (CommandLine::ForCurrentProcess()->HasSwitch( | |
512 switches::kEnableStrictSiteIsolation) && | |
Charlie Reis
2012/11/28 18:58:26
kSitePerProcess
irobert
2012/11/28 22:50:41
Done.
| |
513 (resource_type == ResourceType::MAIN_FRAME || | |
514 resource_type == ResourceType::SUB_FRAME)) { | |
Charlie Reis
2012/11/28 18:58:26
Looks like there's a ResourceType::IsFrame(resourc
irobert
2012/11/28 22:50:41
Done.
| |
515 base::AutoLock lock(lock_); | |
516 SecurityStateMap::iterator state = security_state_.find(child_id); | |
517 if (state == security_state_.end()) | |
518 return false; | |
519 if (!state->second->CanLoadIframe(url)) | |
Charlie Reis
2012/11/28 18:58:26
CanLoadIframe isn't an accurate name, if we're als
irobert
2012/11/28 22:50:41
Done.
| |
520 return false; | |
521 } | |
522 | |
498 if (IsWebSafeScheme(url.scheme())) | 523 if (IsWebSafeScheme(url.scheme())) |
499 return true; // The scheme has been white-listed for every child process. | 524 return true; // The scheme has been white-listed for every child process. |
500 | 525 |
501 if (IsPseudoScheme(url.scheme())) { | 526 if (IsPseudoScheme(url.scheme())) { |
502 // There are a number of special cases for pseudo schemes. | 527 // There are a number of special cases for pseudo schemes. |
503 | 528 |
504 if (url.SchemeIs(chrome::kViewSourceScheme)) { | 529 if (url.SchemeIs(chrome::kViewSourceScheme)) { |
505 // A view-source URL is allowed if the child process is permitted to | 530 // A view-source URL is allowed if the child process is permitted to |
506 // request the embedded URL. Careful to avoid pointless recursion. | 531 // request the embedded URL. Careful to avoid pointless recursion. |
507 GURL child_url(url.path()); | 532 GURL child_url(url.path()); |
508 if (child_url.SchemeIs(chrome::kViewSourceScheme) && | 533 if (child_url.SchemeIs(chrome::kViewSourceScheme) && |
509 url.SchemeIs(chrome::kViewSourceScheme)) | 534 url.SchemeIs(chrome::kViewSourceScheme)) |
510 return false; | 535 return false; |
511 | 536 |
512 return CanRequestURL(child_id, child_url); | 537 return CanRequestURL(child_id, child_url, resource_type); |
513 } | 538 } |
514 | 539 |
515 if (LowerCaseEqualsASCII(url.spec(), chrome::kAboutBlankURL)) | 540 if (LowerCaseEqualsASCII(url.spec(), chrome::kAboutBlankURL)) |
516 return true; // Every child process can request <about:blank>. | 541 return true; // Every child process can request <about:blank>. |
517 | 542 |
518 // URLs like <about:memory> and <about:crash> shouldn't be requestable by | 543 // URLs like <about:memory> and <about:crash> shouldn't be requestable by |
519 // any child process. Also, this case covers <javascript:...>, which should | 544 // any child process. Also, this case covers <javascript:...>, which should |
520 // be handled internally by the process and not kicked up to the browser. | 545 // be handled internally by the process and not kicked up to the browser. |
521 return false; | 546 return false; |
522 } | 547 } |
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
666 int permission) { | 691 int permission) { |
667 base::AutoLock lock(lock_); | 692 base::AutoLock lock(lock_); |
668 | 693 |
669 SecurityStateMap::iterator state = security_state_.find(child_id); | 694 SecurityStateMap::iterator state = security_state_.find(child_id); |
670 if (state == security_state_.end()) | 695 if (state == security_state_.end()) |
671 return false; | 696 return false; |
672 return state->second->HasPermissionsForFileSystem(filesystem_id, permission); | 697 return state->second->HasPermissionsForFileSystem(filesystem_id, permission); |
673 } | 698 } |
674 | 699 |
675 } // namespace content | 700 } // namespace content |
OLD | NEW |