OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <set> | 5 #include <set> |
6 #include <string> | 6 #include <string> |
7 | 7 |
8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
10 #include "base/platform_file.h" | 10 #include "base/platform_file.h" |
(...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
123 EXPECT_FALSE(p->IsDisabledScheme("good-scheme")); | 123 EXPECT_FALSE(p->IsDisabledScheme("good-scheme")); |
124 } | 124 } |
125 | 125 |
126 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { | 126 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { |
127 ChildProcessSecurityPolicyImpl* p = | 127 ChildProcessSecurityPolicyImpl* p = |
128 ChildProcessSecurityPolicyImpl::GetInstance(); | 128 ChildProcessSecurityPolicyImpl::GetInstance(); |
129 | 129 |
130 p->Add(kRendererID); | 130 p->Add(kRendererID); |
131 | 131 |
132 // Safe | 132 // Safe |
133 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"))); | 133 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"), |
134 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"))); | 134 ResourceType::MAIN_FRAME)); |
135 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); | 135 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"), |
136 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); | 136 ResourceType::MAIN_FRAME)); |
Charlie Reis
2012/11/28 18:58:26
Just to test both code paths, let's make this one
| |
137 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"), | |
138 ResourceType::MAIN_FRAME)); | |
139 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"), | |
140 ResourceType::MAIN_FRAME)); | |
137 EXPECT_TRUE(p->CanRequestURL(kRendererID, | 141 EXPECT_TRUE(p->CanRequestURL(kRendererID, |
138 GURL("view-source:http://www.google.com/"))); | 142 GURL("view-source:http://www.google.com/"), |
143 ResourceType::MAIN_FRAME)); | |
139 EXPECT_TRUE(p->CanRequestURL( | 144 EXPECT_TRUE(p->CanRequestURL( |
140 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); | 145 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"), |
146 ResourceType::LAST_TYPE)); | |
irobert
2012/11/28 01:27:57
For these tests, resource type does not matter the
Charlie Reis
2012/11/28 18:58:26
Sure, but might as well use something realistic.
| |
141 | 147 |
142 // Dangerous | 148 // Dangerous |
143 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 149 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
144 GURL("file:///etc/passwd"))); | 150 GURL("file:///etc/passwd"), |
151 ResourceType::LAST_TYPE)); | |
145 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 152 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
146 GURL("chrome://foo/bar"))); | 153 GURL("chrome://foo/bar"), |
154 ResourceType::LAST_TYPE)); | |
147 | 155 |
148 p->Remove(kRendererID); | 156 p->Remove(kRendererID); |
149 } | 157 } |
150 | 158 |
151 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { | 159 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { |
152 ChildProcessSecurityPolicyImpl* p = | 160 ChildProcessSecurityPolicyImpl* p = |
153 ChildProcessSecurityPolicyImpl::GetInstance(); | 161 ChildProcessSecurityPolicyImpl::GetInstance(); |
154 | 162 |
155 p->Add(kRendererID); | 163 p->Add(kRendererID); |
156 | 164 |
157 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); | 165 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"), |
158 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); | 166 ResourceType::MAIN_FRAME)); |
159 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); | 167 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"), |
160 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); | 168 ResourceType::MAIN_FRAME)); |
169 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"), | |
170 ResourceType::MAIN_FRAME)); | |
171 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"), | |
172 ResourceType::MAIN_FRAME)); | |
161 | 173 |
162 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); | 174 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"), |
163 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); | 175 ResourceType::MAIN_FRAME)); |
164 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"))); | 176 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"), |
165 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"))); | 177 ResourceType::MAIN_FRAME)); |
178 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache"), | |
179 ResourceType::MAIN_FRAME)); | |
180 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang"), | |
181 ResourceType::MAIN_FRAME)); | |
166 | 182 |
167 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory"))); | 183 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory"), |
168 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"))); | 184 ResourceType::MAIN_FRAME)); |
169 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"))); | 185 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh"), |
186 ResourceType::MAIN_FRAME)); | |
187 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe"), | |
188 ResourceType::MAIN_FRAME)); | |
170 | 189 |
171 // Requests for about: pages should be denied. | 190 // Requests for about: pages should be denied. |
172 p->GrantRequestURL(kRendererID, GURL("about:crash")); | 191 p->GrantRequestURL(kRendererID, GURL("about:crash")); |
173 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); | 192 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"), |
193 ResourceType::MAIN_FRAME)); | |
174 | 194 |
175 // These requests for chrome:// pages should be granted. | 195 // These requests for chrome:// pages should be granted. |
176 GURL chrome_url("chrome://foo"); | 196 GURL chrome_url("chrome://foo"); |
177 p->GrantRequestURL(kRendererID, chrome_url); | 197 p->GrantRequestURL(kRendererID, chrome_url); |
178 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url)); | 198 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url, |
199 ResourceType::MAIN_FRAME)); | |
179 | 200 |
180 p->Remove(kRendererID); | 201 p->Remove(kRendererID); |
181 } | 202 } |
182 | 203 |
183 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { | 204 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { |
184 ChildProcessSecurityPolicyImpl* p = | 205 ChildProcessSecurityPolicyImpl* p = |
185 ChildProcessSecurityPolicyImpl::GetInstance(); | 206 ChildProcessSecurityPolicyImpl::GetInstance(); |
186 | 207 |
187 p->Add(kRendererID); | 208 p->Add(kRendererID); |
188 | 209 |
189 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | 210 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"), |
211 ResourceType::MAIN_FRAME)); | |
190 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); | 212 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); |
191 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | 213 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"), |
214 ResourceType::MAIN_FRAME)); | |
192 | 215 |
193 p->Remove(kRendererID); | 216 p->Remove(kRendererID); |
194 } | 217 } |
195 | 218 |
196 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { | 219 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { |
197 ChildProcessSecurityPolicyImpl* p = | 220 ChildProcessSecurityPolicyImpl* p = |
198 ChildProcessSecurityPolicyImpl::GetInstance(); | 221 ChildProcessSecurityPolicyImpl::GetInstance(); |
199 | 222 |
200 p->Add(kRendererID); | 223 p->Add(kRendererID); |
201 | 224 |
202 // Currently, "asdf" is destined for ShellExecute, so it is allowed. | 225 // Currently, "asdf" is destined for ShellExecute, so it is allowed. |
203 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 226 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"), |
227 ResourceType::MAIN_FRAME)); | |
204 | 228 |
205 // Once we register "asdf", we default to deny. | 229 // Once we register "asdf", we default to deny. |
206 RegisterTestScheme("asdf"); | 230 RegisterTestScheme("asdf"); |
207 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 231 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"), |
232 ResourceType::MAIN_FRAME)); | |
208 | 233 |
209 // We can allow new schemes by adding them to the whitelist. | 234 // We can allow new schemes by adding them to the whitelist. |
210 p->RegisterWebSafeScheme("asdf"); | 235 p->RegisterWebSafeScheme("asdf"); |
211 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 236 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"), |
237 ResourceType::MAIN_FRAME)); | |
212 | 238 |
213 // Cleanup. | 239 // Cleanup. |
214 p->Remove(kRendererID); | 240 p->Remove(kRendererID); |
215 } | 241 } |
216 | 242 |
217 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { | 243 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { |
218 ChildProcessSecurityPolicyImpl* p = | 244 ChildProcessSecurityPolicyImpl* p = |
219 ChildProcessSecurityPolicyImpl::GetInstance(); | 245 ChildProcessSecurityPolicyImpl::GetInstance(); |
220 | 246 |
221 p->Add(kRendererID); | 247 p->Add(kRendererID); |
222 | 248 |
223 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 249 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"), |
250 ResourceType::LAST_TYPE)); | |
Charlie Reis
2012/11/28 18:58:26
Let's make these all MAIN_FRAME, since the intent
| |
224 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); | 251 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); |
225 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 252 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"), |
253 ResourceType::LAST_TYPE)); | |
226 | 254 |
227 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); | 255 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"), |
256 ResourceType::LAST_TYPE)); | |
228 std::set<std::string> disabled_set; | 257 std::set<std::string> disabled_set; |
229 disabled_set.insert("evil-scheme"); | 258 disabled_set.insert("evil-scheme"); |
230 p->RegisterDisabledSchemes(disabled_set); | 259 p->RegisterDisabledSchemes(disabled_set); |
231 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"))); | 260 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"), |
232 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); | 261 ResourceType::LAST_TYPE)); |
262 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"), | |
263 ResourceType::LAST_TYPE)); | |
233 disabled_set.clear(); | 264 disabled_set.clear(); |
234 p->RegisterDisabledSchemes(disabled_set); | 265 p->RegisterDisabledSchemes(disabled_set); |
235 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"))); | 266 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"), |
236 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); | 267 ResourceType::MAIN_FRAME)); |
268 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"), | |
269 ResourceType::LAST_TYPE)); | |
237 | 270 |
238 // We should forget our state if we repeat a renderer id. | 271 // We should forget our state if we repeat a renderer id. |
239 p->Remove(kRendererID); | 272 p->Remove(kRendererID); |
240 p->Add(kRendererID); | 273 p->Add(kRendererID); |
241 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 274 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"), |
275 ResourceType::LAST_TYPE)); | |
242 p->Remove(kRendererID); | 276 p->Remove(kRendererID); |
243 } | 277 } |
244 | 278 |
245 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { | 279 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { |
246 ChildProcessSecurityPolicyImpl* p = | 280 ChildProcessSecurityPolicyImpl* p = |
247 ChildProcessSecurityPolicyImpl::GetInstance(); | 281 ChildProcessSecurityPolicyImpl::GetInstance(); |
248 | 282 |
249 p->Add(kRendererID); | 283 p->Add(kRendererID); |
250 | 284 |
251 // View source is determined by the embedded scheme. | 285 // View source is determined by the embedded scheme. |
252 EXPECT_TRUE(p->CanRequestURL(kRendererID, | 286 EXPECT_TRUE(p->CanRequestURL(kRendererID, |
253 GURL("view-source:http://www.google.com/"))); | 287 GURL("view-source:http://www.google.com/"), |
288 ResourceType::MAIN_FRAME)); | |
254 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 289 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
255 GURL("view-source:file:///etc/passwd"))); | 290 GURL("view-source:file:///etc/passwd"), |
256 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 291 ResourceType::LAST_TYPE)); |
Charlie Reis
2012/11/28 18:58:26
Same: these should all be MAIN_FRAME.
| |
292 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"), | |
293 ResourceType::LAST_TYPE)); | |
257 EXPECT_FALSE(p->CanRequestURL( | 294 EXPECT_FALSE(p->CanRequestURL( |
258 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); | 295 kRendererID, GURL("view-source:view-source:http://www.google.com/"), |
296 ResourceType::MAIN_FRAME)); | |
259 | 297 |
260 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); | 298 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); |
261 // View source needs to be able to request the embedded scheme. | 299 // View source needs to be able to request the embedded scheme. |
262 EXPECT_TRUE(p->CanRequestURL(kRendererID, | 300 EXPECT_TRUE(p->CanRequestURL(kRendererID, |
263 GURL("view-source:file:///etc/passwd"))); | 301 GURL("view-source:file:///etc/passwd"), |
264 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 302 ResourceType::MAIN_FRAME)); |
303 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"), | |
304 ResourceType::LAST_TYPE)); | |
265 | 305 |
266 p->Remove(kRendererID); | 306 p->Remove(kRendererID); |
267 } | 307 } |
268 | 308 |
269 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { | 309 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { |
270 ChildProcessSecurityPolicyImpl* p = | 310 ChildProcessSecurityPolicyImpl* p = |
271 ChildProcessSecurityPolicyImpl::GetInstance(); | 311 ChildProcessSecurityPolicyImpl::GetInstance(); |
272 | 312 |
273 p->Add(kRendererID); | 313 p->Add(kRendererID); |
274 | 314 |
275 GURL icon_url("file:///tmp/foo.png"); | 315 GURL icon_url("file:///tmp/foo.png"); |
276 GURL sensitive_url("file:///etc/passwd"); | 316 GURL sensitive_url("file:///etc/passwd"); |
277 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url)); | 317 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url, |
278 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); | 318 ResourceType::IMAGE)); |
Charlie Reis
2012/11/28 18:58:26
Even though this is an image, let's treat these al
| |
319 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url, | |
320 ResourceType::LAST_TYPE)); | |
279 | 321 |
280 p->GrantRequestSpecificFileURL(kRendererID, icon_url); | 322 p->GrantRequestSpecificFileURL(kRendererID, icon_url); |
281 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); | 323 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url, |
282 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); | 324 ResourceType::IMAGE)); |
325 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url, | |
326 ResourceType::LAST_TYPE)); | |
283 | 327 |
284 p->GrantRequestURL(kRendererID, icon_url); | 328 p->GrantRequestURL(kRendererID, icon_url); |
285 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); | 329 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url, |
286 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); | 330 ResourceType::IMAGE)); |
331 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url, | |
332 ResourceType::LAST_TYPE)); | |
287 | 333 |
288 p->Remove(kRendererID); | 334 p->Remove(kRendererID); |
289 } | 335 } |
290 | 336 |
291 TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) { | 337 TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) { |
292 ChildProcessSecurityPolicyImpl* p = | 338 ChildProcessSecurityPolicyImpl* p = |
293 ChildProcessSecurityPolicyImpl::GetInstance(); | 339 ChildProcessSecurityPolicyImpl::GetInstance(); |
294 | 340 |
295 p->Add(kRendererID); | 341 p->Add(kRendererID); |
296 | 342 |
(...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
490 | 536 |
491 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { | 537 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { |
492 ChildProcessSecurityPolicyImpl* p = | 538 ChildProcessSecurityPolicyImpl* p = |
493 ChildProcessSecurityPolicyImpl::GetInstance(); | 539 ChildProcessSecurityPolicyImpl::GetInstance(); |
494 | 540 |
495 GURL url("chrome://thumb/http://www.google.com/"); | 541 GURL url("chrome://thumb/http://www.google.com/"); |
496 | 542 |
497 p->Add(kRendererID); | 543 p->Add(kRendererID); |
498 | 544 |
499 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 545 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
500 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 546 EXPECT_FALSE(p->CanRequestURL(kRendererID, url, |
547 ResourceType::MAIN_FRAME)); | |
501 p->GrantWebUIBindings(kRendererID); | 548 p->GrantWebUIBindings(kRendererID); |
502 EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); | 549 EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); |
503 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); | 550 EXPECT_TRUE(p->CanRequestURL(kRendererID, url, |
551 ResourceType::MAIN_FRAME)); | |
504 | 552 |
505 p->Remove(kRendererID); | 553 p->Remove(kRendererID); |
506 } | 554 } |
507 | 555 |
508 TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) { | 556 TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) { |
509 ChildProcessSecurityPolicyImpl* p = | 557 ChildProcessSecurityPolicyImpl* p = |
510 ChildProcessSecurityPolicyImpl::GetInstance(); | 558 ChildProcessSecurityPolicyImpl::GetInstance(); |
511 | 559 |
512 GURL url("file:///etc/passwd"); | 560 GURL url("file:///etc/passwd"); |
513 FilePath file(FILE_PATH_LITERAL("/etc/passwd")); | 561 FilePath file(FILE_PATH_LITERAL("/etc/passwd")); |
514 | 562 |
515 p->Add(kRendererID); | 563 p->Add(kRendererID); |
516 | 564 |
517 p->GrantRequestURL(kRendererID, url); | 565 p->GrantRequestURL(kRendererID, url); |
518 p->GrantReadFile(kRendererID, file); | 566 p->GrantReadFile(kRendererID, file); |
519 p->GrantWebUIBindings(kRendererID); | 567 p->GrantWebUIBindings(kRendererID); |
520 | 568 |
521 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); | 569 EXPECT_TRUE(p->CanRequestURL(kRendererID, url, |
570 ResourceType::LAST_TYPE)); | |
Charlie Reis
2012/11/28 18:58:26
MAIN_FRAME
| |
522 EXPECT_TRUE(p->CanReadFile(kRendererID, file)); | 571 EXPECT_TRUE(p->CanReadFile(kRendererID, file)); |
523 EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); | 572 EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); |
524 | 573 |
525 p->Remove(kRendererID); | 574 p->Remove(kRendererID); |
526 | 575 |
527 // Renderers are added and removed on the UI thread, but the policy can be | 576 // Renderers are added and removed on the UI thread, but the policy can be |
528 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 577 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
529 // prepared to answer policy questions about renderers who no longer exist. | 578 // prepared to answer policy questions about renderers who no longer exist. |
530 | 579 |
531 // In this case, we default to secure behavior. | 580 // In this case, we default to secure behavior. |
532 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 581 EXPECT_FALSE(p->CanRequestURL(kRendererID, url, |
582 ResourceType::MAIN_FRAME)); | |
533 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 583 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
534 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 584 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
535 } | 585 } |
536 | 586 |
537 } // namespace content | 587 } // namespace content |
OLD | NEW |