OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/file_path.h" | 8 #include "base/file_path.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
160 if (file_permissions_.find(current_path) != file_permissions_.end()) | 160 if (file_permissions_.find(current_path) != file_permissions_.end()) |
161 return (file_permissions_[current_path] & permissions) == permissions; | 161 return (file_permissions_[current_path] & permissions) == permissions; |
162 } | 162 } |
163 last_path = current_path; | 163 last_path = current_path; |
164 current_path = current_path.DirName(); | 164 current_path = current_path.DirName(); |
165 } | 165 } |
166 | 166 |
167 return false; | 167 return false; |
168 } | 168 } |
169 | 169 |
170 bool CanLoadPage(const GURL& gurl){ | |
171 if (origin_lock_.is_empty()) | |
172 return true; | |
173 // TODO(creis): We must pass the valid browser_context to convert hosted | |
174 // apps URLs. Currently, hosted apps cannot set cookies in this mode. | |
Charlie Reis
2012/11/29 22:00:54
nit: s/set cookies/be loaded/
irobert
2012/12/01 00:02:48
Done.
| |
175 // See http://crbug.com/160576. | |
176 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); | |
177 return origin_lock_ == site_gurl; | |
178 } | |
179 | |
170 bool CanAccessCookiesForOrigin(const GURL& gurl) { | 180 bool CanAccessCookiesForOrigin(const GURL& gurl) { |
171 if (origin_lock_.is_empty()) | 181 if (origin_lock_.is_empty()) |
172 return true; | 182 return true; |
173 // TODO(creis): We must pass the valid browser_context to convert hosted | 183 // TODO(creis): We must pass the valid browser_context to convert hosted |
174 // apps URLs. Currently, hosted apps cannot set cookies in this mode. | 184 // apps URLs. Currently, hosted apps cannot set cookies in this mode. |
175 // See http://crbug.com/160576. | 185 // See http://crbug.com/160576. |
176 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); | 186 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); |
177 return origin_lock_ == site_gurl; | 187 return origin_lock_ == site_gurl; |
178 } | 188 } |
179 | 189 |
(...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
480 void ChildProcessSecurityPolicyImpl::RevokeReadRawCookies(int child_id) { | 490 void ChildProcessSecurityPolicyImpl::RevokeReadRawCookies(int child_id) { |
481 base::AutoLock lock(lock_); | 491 base::AutoLock lock(lock_); |
482 | 492 |
483 SecurityStateMap::iterator state = security_state_.find(child_id); | 493 SecurityStateMap::iterator state = security_state_.find(child_id); |
484 if (state == security_state_.end()) | 494 if (state == security_state_.end()) |
485 return; | 495 return; |
486 | 496 |
487 state->second->RevokeReadRawCookies(); | 497 state->second->RevokeReadRawCookies(); |
488 } | 498 } |
489 | 499 |
500 bool ChildProcessSecurityPolicyImpl::CanLoadPage( | |
501 int child_id, const GURL& url, ResourceType::Type resource_type) { | |
Charlie Reis
2012/11/29 22:00:54
Style nit: Each argument should be on its own line
irobert
2012/12/01 00:02:48
Done.
| |
502 // If --site-per-process flag is passed, we should enforce | |
503 // stronger security restrictions on page navigation. | |
504 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kSitePerProcess) && | |
505 ResourceType::IsFrame(resource_type)) { | |
506 // TODO(irobert): This will break some WebUI page such as | |
Charlie Reis
2012/11/29 22:00:54
nit: s/will break/currently breaks/
irobert
2012/12/01 00:02:48
Done.
| |
507 // "chrome://extensions/" (belongs to site chrome://chrome/) which | |
508 // will load an iframe for the page "chrome://uber-frame/" | |
509 // (belongs to site chrome://uber-frame/) | |
Charlie Reis
2012/11/29 22:00:54
nit: End with period.
irobert
2012/12/01 00:02:48
Done.
| |
510 base::AutoLock lock(lock_); | |
511 SecurityStateMap::iterator state = security_state_.find(child_id); | |
512 if (state == security_state_.end()) | |
513 return false; | |
514 return state->second->CanLoadPage(url); | |
515 } | |
516 return true; | |
517 } | |
518 | |
490 bool ChildProcessSecurityPolicyImpl::CanRequestURL( | 519 bool ChildProcessSecurityPolicyImpl::CanRequestURL( |
491 int child_id, const GURL& url) { | 520 int child_id, const GURL& url) { |
492 if (!url.is_valid()) | 521 if (!url.is_valid()) |
493 return false; // Can't request invalid URLs. | 522 return false; // Can't request invalid URLs. |
494 | 523 |
495 if (IsDisabledScheme(url.scheme())) | 524 if (IsDisabledScheme(url.scheme())) |
496 return false; // The scheme is disabled by policy. | 525 return false; // The scheme is disabled by policy. |
497 | 526 |
498 if (IsWebSafeScheme(url.scheme())) | 527 if (IsWebSafeScheme(url.scheme())) |
499 return true; // The scheme has been white-listed for every child process. | 528 return true; // The scheme has been white-listed for every child process. |
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
666 int permission) { | 695 int permission) { |
667 base::AutoLock lock(lock_); | 696 base::AutoLock lock(lock_); |
668 | 697 |
669 SecurityStateMap::iterator state = security_state_.find(child_id); | 698 SecurityStateMap::iterator state = security_state_.find(child_id); |
670 if (state == security_state_.end()) | 699 if (state == security_state_.end()) |
671 return false; | 700 return false; |
672 return state->second->HasPermissionsForFileSystem(filesystem_id, permission); | 701 return state->second->HasPermissionsForFileSystem(filesystem_id, permission); |
673 } | 702 } |
674 | 703 |
675 } // namespace content | 704 } // namespace content |
OLD | NEW |