OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/file_path.h" | 8 #include "base/file_path.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
160 if (file_permissions_.find(current_path) != file_permissions_.end()) | 160 if (file_permissions_.find(current_path) != file_permissions_.end()) |
161 return (file_permissions_[current_path] & permissions) == permissions; | 161 return (file_permissions_[current_path] & permissions) == permissions; |
162 } | 162 } |
163 last_path = current_path; | 163 last_path = current_path; |
164 current_path = current_path.DirName(); | 164 current_path = current_path.DirName(); |
165 } | 165 } |
166 | 166 |
167 return false; | 167 return false; |
168 } | 168 } |
169 | 169 |
| 170 bool CanLoadPage(const GURL& gurl) { |
| 171 if (origin_lock_.is_empty()) |
| 172 return true; |
| 173 |
| 174 // TODO(creis): We must pass the valid browser_context to convert hosted |
| 175 // apps URLs. Currently, hosted apps cannot be loaded in this mode. |
| 176 // See http://crbug.com/160576. |
| 177 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); |
| 178 return origin_lock_ == site_gurl; |
| 179 } |
| 180 |
170 bool CanAccessCookiesForOrigin(const GURL& gurl) { | 181 bool CanAccessCookiesForOrigin(const GURL& gurl) { |
171 if (origin_lock_.is_empty()) | 182 if (origin_lock_.is_empty()) |
172 return true; | 183 return true; |
173 // TODO(creis): We must pass the valid browser_context to convert hosted | 184 // TODO(creis): We must pass the valid browser_context to convert hosted |
174 // apps URLs. Currently, hosted apps cannot set cookies in this mode. | 185 // apps URLs. Currently, hosted apps cannot set cookies in this mode. |
175 // See http://crbug.com/160576. | 186 // See http://crbug.com/160576. |
176 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); | 187 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); |
177 return origin_lock_ == site_gurl; | 188 return origin_lock_ == site_gurl; |
178 } | 189 } |
179 | 190 |
(...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
480 void ChildProcessSecurityPolicyImpl::RevokeReadRawCookies(int child_id) { | 491 void ChildProcessSecurityPolicyImpl::RevokeReadRawCookies(int child_id) { |
481 base::AutoLock lock(lock_); | 492 base::AutoLock lock(lock_); |
482 | 493 |
483 SecurityStateMap::iterator state = security_state_.find(child_id); | 494 SecurityStateMap::iterator state = security_state_.find(child_id); |
484 if (state == security_state_.end()) | 495 if (state == security_state_.end()) |
485 return; | 496 return; |
486 | 497 |
487 state->second->RevokeReadRawCookies(); | 498 state->second->RevokeReadRawCookies(); |
488 } | 499 } |
489 | 500 |
| 501 bool ChildProcessSecurityPolicyImpl::CanLoadPage( |
| 502 int child_id, |
| 503 const GURL& url, |
| 504 ResourceType::Type resource_type) { |
| 505 // If --site-per-process flag is passed, we should enforce |
| 506 // stronger security restrictions on page navigation. |
| 507 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kSitePerProcess) && |
| 508 ResourceType::IsFrame(resource_type)) { |
| 509 // TODO(irobert): This currently breaks some WebUI page such as |
| 510 // "chrome://extensions/" (belongs to site chrome://chrome/) which |
| 511 // will load an iframe for the page "chrome://uber-frame/" |
| 512 // (belongs to site chrome://uber-frame/). |
| 513 base::AutoLock lock(lock_); |
| 514 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 515 if (state == security_state_.end()) |
| 516 return false; |
| 517 return state->second->CanLoadPage(url); |
| 518 } |
| 519 return true; |
| 520 } |
| 521 |
490 bool ChildProcessSecurityPolicyImpl::CanRequestURL( | 522 bool ChildProcessSecurityPolicyImpl::CanRequestURL( |
491 int child_id, const GURL& url) { | 523 int child_id, const GURL& url) { |
492 if (!url.is_valid()) | 524 if (!url.is_valid()) |
493 return false; // Can't request invalid URLs. | 525 return false; // Can't request invalid URLs. |
494 | 526 |
495 if (IsDisabledScheme(url.scheme())) | 527 if (IsDisabledScheme(url.scheme())) |
496 return false; // The scheme is disabled by policy. | 528 return false; // The scheme is disabled by policy. |
497 | 529 |
498 if (IsWebSafeScheme(url.scheme())) | 530 if (IsWebSafeScheme(url.scheme())) |
499 return true; // The scheme has been white-listed for every child process. | 531 return true; // The scheme has been white-listed for every child process. |
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
666 int permission) { | 698 int permission) { |
667 base::AutoLock lock(lock_); | 699 base::AutoLock lock(lock_); |
668 | 700 |
669 SecurityStateMap::iterator state = security_state_.find(child_id); | 701 SecurityStateMap::iterator state = security_state_.find(child_id); |
670 if (state == security_state_.end()) | 702 if (state == security_state_.end()) |
671 return false; | 703 return false; |
672 return state->second->HasPermissionsForFileSystem(filesystem_id, permission); | 704 return state->second->HasPermissionsForFileSystem(filesystem_id, permission); |
673 } | 705 } |
674 | 706 |
675 } // namespace content | 707 } // namespace content |
OLD | NEW |