OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/file_path.h" | 8 #include "base/file_path.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
160 if (file_permissions_.find(current_path) != file_permissions_.end()) | 160 if (file_permissions_.find(current_path) != file_permissions_.end()) |
161 return (file_permissions_[current_path] & permissions) == permissions; | 161 return (file_permissions_[current_path] & permissions) == permissions; |
162 } | 162 } |
163 last_path = current_path; | 163 last_path = current_path; |
164 current_path = current_path.DirName(); | 164 current_path = current_path.DirName(); |
165 } | 165 } |
166 | 166 |
167 return false; | 167 return false; |
168 } | 168 } |
169 | 169 |
| 170 bool CanLoadPage(const GURL& gurl){ |
| 171 if (origin_lock_.is_empty()) |
| 172 return true; |
| 173 // TODO(creis): We must pass the valid browser_context to convert hosted |
| 174 // apps URLs. Currently, hosted apps cannot be loaded in this mode. |
| 175 // See http://crbug.com/160576. |
| 176 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); |
| 177 return origin_lock_ == site_gurl; |
| 178 } |
| 179 |
170 bool CanAccessCookiesForOrigin(const GURL& gurl) { | 180 bool CanAccessCookiesForOrigin(const GURL& gurl) { |
171 if (origin_lock_.is_empty()) | 181 if (origin_lock_.is_empty()) |
172 return true; | 182 return true; |
173 // TODO(creis): We must pass the valid browser_context to convert hosted | 183 // TODO(creis): We must pass the valid browser_context to convert hosted |
174 // apps URLs. Currently, hosted apps cannot set cookies in this mode. | 184 // apps URLs. Currently, hosted apps cannot set cookies in this mode. |
175 // See http://crbug.com/160576. | 185 // See http://crbug.com/160576. |
176 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); | 186 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); |
177 return origin_lock_ == site_gurl; | 187 return origin_lock_ == site_gurl; |
178 } | 188 } |
179 | 189 |
(...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
480 void ChildProcessSecurityPolicyImpl::RevokeReadRawCookies(int child_id) { | 490 void ChildProcessSecurityPolicyImpl::RevokeReadRawCookies(int child_id) { |
481 base::AutoLock lock(lock_); | 491 base::AutoLock lock(lock_); |
482 | 492 |
483 SecurityStateMap::iterator state = security_state_.find(child_id); | 493 SecurityStateMap::iterator state = security_state_.find(child_id); |
484 if (state == security_state_.end()) | 494 if (state == security_state_.end()) |
485 return; | 495 return; |
486 | 496 |
487 state->second->RevokeReadRawCookies(); | 497 state->second->RevokeReadRawCookies(); |
488 } | 498 } |
489 | 499 |
| 500 bool ChildProcessSecurityPolicyImpl::CanLoadPage( |
| 501 int child_id, |
| 502 const GURL& url, |
| 503 ResourceType::Type resource_type) { |
| 504 // If --site-per-process flag is passed, we should enforce |
| 505 // stronger security restrictions on page navigation. |
| 506 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kSitePerProcess) && |
| 507 ResourceType::IsFrame(resource_type)) { |
| 508 // TODO(irobert): This currently breaks some WebUI page such as |
| 509 // "chrome://extensions/" (belongs to site chrome://chrome/) which |
| 510 // will load an iframe for the page "chrome://uber-frame/" |
| 511 // (belongs to site chrome://uber-frame/). |
| 512 base::AutoLock lock(lock_); |
| 513 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 514 if (state == security_state_.end()) |
| 515 return false; |
| 516 return state->second->CanLoadPage(url); |
| 517 } |
| 518 return true; |
| 519 } |
| 520 |
490 bool ChildProcessSecurityPolicyImpl::CanRequestURL( | 521 bool ChildProcessSecurityPolicyImpl::CanRequestURL( |
491 int child_id, const GURL& url) { | 522 int child_id, const GURL& url) { |
492 if (!url.is_valid()) | 523 if (!url.is_valid()) |
493 return false; // Can't request invalid URLs. | 524 return false; // Can't request invalid URLs. |
494 | 525 |
495 if (IsDisabledScheme(url.scheme())) | 526 if (IsDisabledScheme(url.scheme())) |
496 return false; // The scheme is disabled by policy. | 527 return false; // The scheme is disabled by policy. |
497 | 528 |
498 if (IsWebSafeScheme(url.scheme())) | 529 if (IsWebSafeScheme(url.scheme())) |
499 return true; // The scheme has been white-listed for every child process. | 530 return true; // The scheme has been white-listed for every child process. |
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
666 int permission) { | 697 int permission) { |
667 base::AutoLock lock(lock_); | 698 base::AutoLock lock(lock_); |
668 | 699 |
669 SecurityStateMap::iterator state = security_state_.find(child_id); | 700 SecurityStateMap::iterator state = security_state_.find(child_id); |
670 if (state == security_state_.end()) | 701 if (state == security_state_.end()) |
671 return false; | 702 return false; |
672 return state->second->HasPermissionsForFileSystem(filesystem_id, permission); | 703 return state->second->HasPermissionsForFileSystem(filesystem_id, permission); |
673 } | 704 } |
674 | 705 |
675 } // namespace content | 706 } // namespace content |
OLD | NEW |