| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <set> | 5 #include <set> |
| 6 #include <string> | 6 #include <string> |
| 7 | 7 |
| 8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
| 10 #include "base/platform_file.h" | 10 #include "base/platform_file.h" |
| (...skipping 329 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 340 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/"))); | 340 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/"))); |
| 341 EXPECT_TRUE(p->CanReadFile(kRendererID, | 341 EXPECT_TRUE(p->CanReadFile(kRendererID, |
| 342 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); | 342 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); |
| 343 EXPECT_FALSE(p->CanReadDirectory(kRendererID, | 343 EXPECT_FALSE(p->CanReadDirectory(kRendererID, |
| 344 FilePath(FILE_PATH_LITERAL("/etc/")))); | 344 FilePath(FILE_PATH_LITERAL("/etc/")))); |
| 345 | 345 |
| 346 p->Remove(kRendererID); | 346 p->Remove(kRendererID); |
| 347 } | 347 } |
| 348 | 348 |
| 349 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { | 349 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { |
| 350 FilePath granted_file = FilePath(FILE_PATH_LITERAL("/home/joe")); |
| 351 FilePath sibling_file = FilePath(FILE_PATH_LITERAL("/home/bob")); |
| 352 FilePath child_file = FilePath(FILE_PATH_LITERAL("/home/joe/file")); |
| 353 FilePath parent_file = FilePath(FILE_PATH_LITERAL("/home")); |
| 354 FilePath parent_slash_file = FilePath(FILE_PATH_LITERAL("/home/")); |
| 355 FilePath child_traversal1 = FilePath( |
| 356 FILE_PATH_LITERAL("/home/joe/././file")); |
| 357 FilePath child_traversal2 = FilePath( |
| 358 FILE_PATH_LITERAL("/home/joe/file/../otherfile")); |
| 359 FilePath evil_traversal1 = FilePath( |
| 360 FILE_PATH_LITERAL("/home/joe/../../etc/passwd")); |
| 361 FilePath evil_traversal2 = FilePath( |
| 362 FILE_PATH_LITERAL("/home/joe/./.././../etc/passwd")); |
| 363 FilePath self_traversal = FilePath( |
| 364 FILE_PATH_LITERAL("/home/joe/../joe/file")); |
| 365 |
| 350 ChildProcessSecurityPolicyImpl* p = | 366 ChildProcessSecurityPolicyImpl* p = |
| 351 ChildProcessSecurityPolicyImpl::GetInstance(); | 367 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 352 | 368 |
| 353 // Grant permissions for a file. | 369 // Grant permissions for a file. |
| 354 p->Add(kRendererID); | 370 p->Add(kRendererID); |
| 355 FilePath file = FilePath(FILE_PATH_LITERAL("/etc/passwd")); | 371 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 356 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | |
| 357 base::PLATFORM_FILE_OPEN)); | 372 base::PLATFORM_FILE_OPEN)); |
| 358 | 373 |
| 359 p->GrantPermissionsForFile(kRendererID, file, | 374 p->GrantPermissionsForFile(kRendererID, granted_file, |
| 360 base::PLATFORM_FILE_OPEN | | 375 base::PLATFORM_FILE_OPEN | |
| 361 base::PLATFORM_FILE_OPEN_TRUNCATED | | 376 base::PLATFORM_FILE_OPEN_TRUNCATED | |
| 362 base::PLATFORM_FILE_READ | | 377 base::PLATFORM_FILE_READ | |
| 363 base::PLATFORM_FILE_WRITE); | 378 base::PLATFORM_FILE_WRITE); |
| 364 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 379 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 365 base::PLATFORM_FILE_OPEN | | 380 base::PLATFORM_FILE_OPEN | |
| 366 base::PLATFORM_FILE_OPEN_TRUNCATED | | 381 base::PLATFORM_FILE_OPEN_TRUNCATED | |
| 367 base::PLATFORM_FILE_READ | | 382 base::PLATFORM_FILE_READ | |
| 368 base::PLATFORM_FILE_WRITE)); | 383 base::PLATFORM_FILE_WRITE)); |
| 369 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 384 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 370 base::PLATFORM_FILE_OPEN | | 385 base::PLATFORM_FILE_OPEN | |
| 371 base::PLATFORM_FILE_READ)); | 386 base::PLATFORM_FILE_READ)); |
| 372 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 387 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 373 base::PLATFORM_FILE_CREATE)); | 388 base::PLATFORM_FILE_CREATE)); |
| 374 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 389 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 375 base::PLATFORM_FILE_CREATE | | 390 base::PLATFORM_FILE_CREATE | |
| 376 base::PLATFORM_FILE_OPEN_TRUNCATED | | 391 base::PLATFORM_FILE_OPEN_TRUNCATED | |
| 377 base::PLATFORM_FILE_READ | | 392 base::PLATFORM_FILE_READ | |
| 378 base::PLATFORM_FILE_WRITE)); | 393 base::PLATFORM_FILE_WRITE)); |
| 394 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file, |
| 395 base::PLATFORM_FILE_OPEN | |
| 396 base::PLATFORM_FILE_READ)); |
| 397 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file, |
| 398 base::PLATFORM_FILE_OPEN | |
| 399 base::PLATFORM_FILE_READ)); |
| 400 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file, |
| 401 base::PLATFORM_FILE_OPEN | |
| 402 base::PLATFORM_FILE_READ)); |
| 403 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1, |
| 404 base::PLATFORM_FILE_OPEN | |
| 405 base::PLATFORM_FILE_READ)); |
| 406 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2, |
| 407 base::PLATFORM_FILE_OPEN | |
| 408 base::PLATFORM_FILE_READ)); |
| 409 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1, |
| 410 base::PLATFORM_FILE_OPEN | |
| 411 base::PLATFORM_FILE_READ)); |
| 412 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2, |
| 413 base::PLATFORM_FILE_OPEN | |
| 414 base::PLATFORM_FILE_READ)); |
| 415 // CPSP doesn't allow this case for the sake of simplicity. |
| 416 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal, |
| 417 base::PLATFORM_FILE_OPEN | |
| 418 base::PLATFORM_FILE_READ)); |
| 379 p->Remove(kRendererID); | 419 p->Remove(kRendererID); |
| 380 | 420 |
| 381 // Grant permissions for the directory the file is in. | 421 // Grant permissions for the directory the file is in. |
| 382 p->Add(kRendererID); | 422 p->Add(kRendererID); |
| 383 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 423 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 384 base::PLATFORM_FILE_OPEN)); | 424 base::PLATFORM_FILE_OPEN)); |
| 385 p->GrantPermissionsForFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc")), | 425 p->GrantPermissionsForFile(kRendererID, parent_file, |
| 386 base::PLATFORM_FILE_OPEN | | 426 base::PLATFORM_FILE_OPEN | |
| 387 base::PLATFORM_FILE_READ); | 427 base::PLATFORM_FILE_READ); |
| 388 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 428 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 389 base::PLATFORM_FILE_OPEN)); | 429 base::PLATFORM_FILE_OPEN)); |
| 390 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 430 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 391 base::PLATFORM_FILE_READ | | 431 base::PLATFORM_FILE_READ | |
| 392 base::PLATFORM_FILE_WRITE)); | 432 base::PLATFORM_FILE_WRITE)); |
| 393 p->Remove(kRendererID); | 433 p->Remove(kRendererID); |
| 394 | 434 |
| 395 // Grant permissions for the directory the file is in (with trailing '/'). | 435 // Grant permissions for the directory the file is in (with trailing '/'). |
| 396 p->Add(kRendererID); | 436 p->Add(kRendererID); |
| 397 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 437 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 398 base::PLATFORM_FILE_OPEN)); | 438 base::PLATFORM_FILE_OPEN)); |
| 399 p->GrantPermissionsForFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")), | 439 p->GrantPermissionsForFile(kRendererID, parent_slash_file, |
| 400 base::PLATFORM_FILE_OPEN | | 440 base::PLATFORM_FILE_OPEN | |
| 401 base::PLATFORM_FILE_READ); | 441 base::PLATFORM_FILE_READ); |
| 402 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 442 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 403 base::PLATFORM_FILE_OPEN)); | 443 base::PLATFORM_FILE_OPEN)); |
| 404 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 444 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 405 base::PLATFORM_FILE_READ | | 445 base::PLATFORM_FILE_READ | |
| 406 base::PLATFORM_FILE_WRITE)); | 446 base::PLATFORM_FILE_WRITE)); |
| 407 | 447 |
| 408 // Grant permissions for the file (should overwrite the permissions granted | 448 // Grant permissions for the file (should overwrite the permissions granted |
| 409 // for the directory). | 449 // for the directory). |
| 410 p->GrantPermissionsForFile(kRendererID, file, base::PLATFORM_FILE_TEMPORARY); | 450 p->GrantPermissionsForFile(kRendererID, granted_file, |
| 411 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 451 base::PLATFORM_FILE_TEMPORARY); |
| 452 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 412 base::PLATFORM_FILE_OPEN)); | 453 base::PLATFORM_FILE_OPEN)); |
| 413 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 454 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 414 base::PLATFORM_FILE_TEMPORARY)); | 455 base::PLATFORM_FILE_TEMPORARY)); |
| 415 | 456 |
| 416 // Revoke all permissions for the file (it should inherit its permissions | 457 // Revoke all permissions for the file (it should inherit its permissions |
| 417 // from the directory again). | 458 // from the directory again). |
| 418 p->RevokeAllPermissionsForFile(kRendererID, file); | 459 p->RevokeAllPermissionsForFile(kRendererID, granted_file); |
| 419 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 460 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 420 base::PLATFORM_FILE_OPEN | | 461 base::PLATFORM_FILE_OPEN | |
| 421 base::PLATFORM_FILE_READ)); | 462 base::PLATFORM_FILE_READ)); |
| 422 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 463 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 423 base::PLATFORM_FILE_TEMPORARY)); | 464 base::PLATFORM_FILE_TEMPORARY)); |
| 424 p->Remove(kRendererID); | 465 p->Remove(kRendererID); |
| 425 | 466 |
| 426 // Grant file permissions for the file to main thread renderer process, | 467 // Grant file permissions for the file to main thread renderer process, |
| 427 // make sure its worker thread renderer process inherits those. | 468 // make sure its worker thread renderer process inherits those. |
| 428 p->Add(kRendererID); | 469 p->Add(kRendererID); |
| 429 p->GrantPermissionsForFile(kRendererID, file, base::PLATFORM_FILE_OPEN | | 470 p->GrantPermissionsForFile(kRendererID, granted_file, |
| 430 base::PLATFORM_FILE_READ); | 471 base::PLATFORM_FILE_OPEN | |
| 431 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 472 base::PLATFORM_FILE_READ); |
| 473 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 432 base::PLATFORM_FILE_OPEN | | 474 base::PLATFORM_FILE_OPEN | |
| 433 base::PLATFORM_FILE_READ)); | 475 base::PLATFORM_FILE_READ)); |
| 434 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 476 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 435 base::PLATFORM_FILE_WRITE)); | 477 base::PLATFORM_FILE_WRITE)); |
| 436 p->AddWorker(kWorkerRendererID, kRendererID); | 478 p->AddWorker(kWorkerRendererID, kRendererID); |
| 437 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, file, | 479 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
| 438 base::PLATFORM_FILE_OPEN | | 480 base::PLATFORM_FILE_OPEN | |
| 439 base::PLATFORM_FILE_READ)); | 481 base::PLATFORM_FILE_READ)); |
| 440 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file, | 482 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
| 441 base::PLATFORM_FILE_WRITE)); | 483 base::PLATFORM_FILE_WRITE)); |
| 442 p->Remove(kRendererID); | 484 p->Remove(kRendererID); |
| 443 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file, | 485 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
| 444 base::PLATFORM_FILE_OPEN | | 486 base::PLATFORM_FILE_OPEN | |
| 445 base::PLATFORM_FILE_READ)); | 487 base::PLATFORM_FILE_READ)); |
| 446 p->Remove(kWorkerRendererID); | 488 p->Remove(kWorkerRendererID); |
| 447 } | 489 } |
| 448 | 490 |
| 449 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { | 491 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { |
| 450 ChildProcessSecurityPolicyImpl* p = | 492 ChildProcessSecurityPolicyImpl* p = |
| 451 ChildProcessSecurityPolicyImpl::GetInstance(); | 493 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 452 | 494 |
| 453 GURL url("chrome://thumb/http://www.google.com/"); | 495 GURL url("chrome://thumb/http://www.google.com/"); |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 486 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 528 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
| 487 // prepared to answer policy questions about renderers who no longer exist. | 529 // prepared to answer policy questions about renderers who no longer exist. |
| 488 | 530 |
| 489 // In this case, we default to secure behavior. | 531 // In this case, we default to secure behavior. |
| 490 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 532 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| 491 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 533 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
| 492 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 534 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
| 493 } | 535 } |
| 494 | 536 |
| 495 } // namespace content | 537 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11416218:
Merge 168692 - Apply missing kParentDirectory check (Closed)
Base URL: svn://svn.chromium.org/chrome/branches/1312/src/