OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <set> | 5 #include <set> |
6 #include <string> | 6 #include <string> |
7 | 7 |
8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
10 #include "base/platform_file.h" | 10 #include "base/platform_file.h" |
(...skipping 329 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
340 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/"))); | 340 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/"))); |
341 EXPECT_TRUE(p->CanReadFile(kRendererID, | 341 EXPECT_TRUE(p->CanReadFile(kRendererID, |
342 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); | 342 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); |
343 EXPECT_FALSE(p->CanReadDirectory(kRendererID, | 343 EXPECT_FALSE(p->CanReadDirectory(kRendererID, |
344 FilePath(FILE_PATH_LITERAL("/etc/")))); | 344 FilePath(FILE_PATH_LITERAL("/etc/")))); |
345 | 345 |
346 p->Remove(kRendererID); | 346 p->Remove(kRendererID); |
347 } | 347 } |
348 | 348 |
349 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { | 349 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { |
| 350 FilePath granted_file = FilePath(FILE_PATH_LITERAL("/home/joe")); |
| 351 FilePath sibling_file = FilePath(FILE_PATH_LITERAL("/home/bob")); |
| 352 FilePath child_file = FilePath(FILE_PATH_LITERAL("/home/joe/file")); |
| 353 FilePath parent_file = FilePath(FILE_PATH_LITERAL("/home")); |
| 354 FilePath parent_slash_file = FilePath(FILE_PATH_LITERAL("/home/")); |
| 355 FilePath child_traversal1 = FilePath( |
| 356 FILE_PATH_LITERAL("/home/joe/././file")); |
| 357 FilePath child_traversal2 = FilePath( |
| 358 FILE_PATH_LITERAL("/home/joe/file/../otherfile")); |
| 359 FilePath evil_traversal1 = FilePath( |
| 360 FILE_PATH_LITERAL("/home/joe/../../etc/passwd")); |
| 361 FilePath evil_traversal2 = FilePath( |
| 362 FILE_PATH_LITERAL("/home/joe/./.././../etc/passwd")); |
| 363 FilePath self_traversal = FilePath( |
| 364 FILE_PATH_LITERAL("/home/joe/../joe/file")); |
| 365 |
350 ChildProcessSecurityPolicyImpl* p = | 366 ChildProcessSecurityPolicyImpl* p = |
351 ChildProcessSecurityPolicyImpl::GetInstance(); | 367 ChildProcessSecurityPolicyImpl::GetInstance(); |
352 | 368 |
353 // Grant permissions for a file. | 369 // Grant permissions for a file. |
354 p->Add(kRendererID); | 370 p->Add(kRendererID); |
355 FilePath file = FilePath(FILE_PATH_LITERAL("/etc/passwd")); | 371 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
356 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | |
357 base::PLATFORM_FILE_OPEN)); | 372 base::PLATFORM_FILE_OPEN)); |
358 | 373 |
359 p->GrantPermissionsForFile(kRendererID, file, | 374 p->GrantPermissionsForFile(kRendererID, granted_file, |
360 base::PLATFORM_FILE_OPEN | | 375 base::PLATFORM_FILE_OPEN | |
361 base::PLATFORM_FILE_OPEN_TRUNCATED | | 376 base::PLATFORM_FILE_OPEN_TRUNCATED | |
362 base::PLATFORM_FILE_READ | | 377 base::PLATFORM_FILE_READ | |
363 base::PLATFORM_FILE_WRITE); | 378 base::PLATFORM_FILE_WRITE); |
364 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 379 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
365 base::PLATFORM_FILE_OPEN | | 380 base::PLATFORM_FILE_OPEN | |
366 base::PLATFORM_FILE_OPEN_TRUNCATED | | 381 base::PLATFORM_FILE_OPEN_TRUNCATED | |
367 base::PLATFORM_FILE_READ | | 382 base::PLATFORM_FILE_READ | |
368 base::PLATFORM_FILE_WRITE)); | 383 base::PLATFORM_FILE_WRITE)); |
369 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 384 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
370 base::PLATFORM_FILE_OPEN | | 385 base::PLATFORM_FILE_OPEN | |
371 base::PLATFORM_FILE_READ)); | 386 base::PLATFORM_FILE_READ)); |
372 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 387 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
373 base::PLATFORM_FILE_CREATE)); | 388 base::PLATFORM_FILE_CREATE)); |
374 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 389 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
375 base::PLATFORM_FILE_CREATE | | 390 base::PLATFORM_FILE_CREATE | |
376 base::PLATFORM_FILE_OPEN_TRUNCATED | | 391 base::PLATFORM_FILE_OPEN_TRUNCATED | |
377 base::PLATFORM_FILE_READ | | 392 base::PLATFORM_FILE_READ | |
378 base::PLATFORM_FILE_WRITE)); | 393 base::PLATFORM_FILE_WRITE)); |
| 394 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file, |
| 395 base::PLATFORM_FILE_OPEN | |
| 396 base::PLATFORM_FILE_READ)); |
| 397 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file, |
| 398 base::PLATFORM_FILE_OPEN | |
| 399 base::PLATFORM_FILE_READ)); |
| 400 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file, |
| 401 base::PLATFORM_FILE_OPEN | |
| 402 base::PLATFORM_FILE_READ)); |
| 403 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1, |
| 404 base::PLATFORM_FILE_OPEN | |
| 405 base::PLATFORM_FILE_READ)); |
| 406 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2, |
| 407 base::PLATFORM_FILE_OPEN | |
| 408 base::PLATFORM_FILE_READ)); |
| 409 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1, |
| 410 base::PLATFORM_FILE_OPEN | |
| 411 base::PLATFORM_FILE_READ)); |
| 412 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2, |
| 413 base::PLATFORM_FILE_OPEN | |
| 414 base::PLATFORM_FILE_READ)); |
| 415 // CPSP doesn't allow this case for the sake of simplicity. |
| 416 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal, |
| 417 base::PLATFORM_FILE_OPEN | |
| 418 base::PLATFORM_FILE_READ)); |
379 p->Remove(kRendererID); | 419 p->Remove(kRendererID); |
380 | 420 |
381 // Grant permissions for the directory the file is in. | 421 // Grant permissions for the directory the file is in. |
382 p->Add(kRendererID); | 422 p->Add(kRendererID); |
383 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 423 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
384 base::PLATFORM_FILE_OPEN)); | 424 base::PLATFORM_FILE_OPEN)); |
385 p->GrantPermissionsForFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc")), | 425 p->GrantPermissionsForFile(kRendererID, parent_file, |
386 base::PLATFORM_FILE_OPEN | | 426 base::PLATFORM_FILE_OPEN | |
387 base::PLATFORM_FILE_READ); | 427 base::PLATFORM_FILE_READ); |
388 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 428 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
389 base::PLATFORM_FILE_OPEN)); | 429 base::PLATFORM_FILE_OPEN)); |
390 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 430 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
391 base::PLATFORM_FILE_READ | | 431 base::PLATFORM_FILE_READ | |
392 base::PLATFORM_FILE_WRITE)); | 432 base::PLATFORM_FILE_WRITE)); |
393 p->Remove(kRendererID); | 433 p->Remove(kRendererID); |
394 | 434 |
395 // Grant permissions for the directory the file is in (with trailing '/'). | 435 // Grant permissions for the directory the file is in (with trailing '/'). |
396 p->Add(kRendererID); | 436 p->Add(kRendererID); |
397 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 437 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
398 base::PLATFORM_FILE_OPEN)); | 438 base::PLATFORM_FILE_OPEN)); |
399 p->GrantPermissionsForFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")), | 439 p->GrantPermissionsForFile(kRendererID, parent_slash_file, |
400 base::PLATFORM_FILE_OPEN | | 440 base::PLATFORM_FILE_OPEN | |
401 base::PLATFORM_FILE_READ); | 441 base::PLATFORM_FILE_READ); |
402 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 442 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
403 base::PLATFORM_FILE_OPEN)); | 443 base::PLATFORM_FILE_OPEN)); |
404 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 444 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
405 base::PLATFORM_FILE_READ | | 445 base::PLATFORM_FILE_READ | |
406 base::PLATFORM_FILE_WRITE)); | 446 base::PLATFORM_FILE_WRITE)); |
407 | 447 |
408 // Grant permissions for the file (should overwrite the permissions granted | 448 // Grant permissions for the file (should overwrite the permissions granted |
409 // for the directory). | 449 // for the directory). |
410 p->GrantPermissionsForFile(kRendererID, file, base::PLATFORM_FILE_TEMPORARY); | 450 p->GrantPermissionsForFile(kRendererID, granted_file, |
411 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 451 base::PLATFORM_FILE_TEMPORARY); |
| 452 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
412 base::PLATFORM_FILE_OPEN)); | 453 base::PLATFORM_FILE_OPEN)); |
413 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 454 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
414 base::PLATFORM_FILE_TEMPORARY)); | 455 base::PLATFORM_FILE_TEMPORARY)); |
415 | 456 |
416 // Revoke all permissions for the file (it should inherit its permissions | 457 // Revoke all permissions for the file (it should inherit its permissions |
417 // from the directory again). | 458 // from the directory again). |
418 p->RevokeAllPermissionsForFile(kRendererID, file); | 459 p->RevokeAllPermissionsForFile(kRendererID, granted_file); |
419 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 460 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
420 base::PLATFORM_FILE_OPEN | | 461 base::PLATFORM_FILE_OPEN | |
421 base::PLATFORM_FILE_READ)); | 462 base::PLATFORM_FILE_READ)); |
422 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 463 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
423 base::PLATFORM_FILE_TEMPORARY)); | 464 base::PLATFORM_FILE_TEMPORARY)); |
424 p->Remove(kRendererID); | 465 p->Remove(kRendererID); |
425 | 466 |
426 // Grant file permissions for the file to main thread renderer process, | 467 // Grant file permissions for the file to main thread renderer process, |
427 // make sure its worker thread renderer process inherits those. | 468 // make sure its worker thread renderer process inherits those. |
428 p->Add(kRendererID); | 469 p->Add(kRendererID); |
429 p->GrantPermissionsForFile(kRendererID, file, base::PLATFORM_FILE_OPEN | | 470 p->GrantPermissionsForFile(kRendererID, granted_file, |
430 base::PLATFORM_FILE_READ); | 471 base::PLATFORM_FILE_OPEN | |
431 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, | 472 base::PLATFORM_FILE_READ); |
| 473 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
432 base::PLATFORM_FILE_OPEN | | 474 base::PLATFORM_FILE_OPEN | |
433 base::PLATFORM_FILE_READ)); | 475 base::PLATFORM_FILE_READ)); |
434 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 476 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
435 base::PLATFORM_FILE_WRITE)); | 477 base::PLATFORM_FILE_WRITE)); |
436 p->AddWorker(kWorkerRendererID, kRendererID); | 478 p->AddWorker(kWorkerRendererID, kRendererID); |
437 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, file, | 479 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
438 base::PLATFORM_FILE_OPEN | | 480 base::PLATFORM_FILE_OPEN | |
439 base::PLATFORM_FILE_READ)); | 481 base::PLATFORM_FILE_READ)); |
440 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file, | 482 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
441 base::PLATFORM_FILE_WRITE)); | 483 base::PLATFORM_FILE_WRITE)); |
442 p->Remove(kRendererID); | 484 p->Remove(kRendererID); |
443 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file, | 485 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
444 base::PLATFORM_FILE_OPEN | | 486 base::PLATFORM_FILE_OPEN | |
445 base::PLATFORM_FILE_READ)); | 487 base::PLATFORM_FILE_READ)); |
446 p->Remove(kWorkerRendererID); | 488 p->Remove(kWorkerRendererID); |
447 } | 489 } |
448 | 490 |
449 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { | 491 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { |
450 ChildProcessSecurityPolicyImpl* p = | 492 ChildProcessSecurityPolicyImpl* p = |
451 ChildProcessSecurityPolicyImpl::GetInstance(); | 493 ChildProcessSecurityPolicyImpl::GetInstance(); |
452 | 494 |
453 GURL url("chrome://thumb/http://www.google.com/"); | 495 GURL url("chrome://thumb/http://www.google.com/"); |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
486 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 528 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
487 // prepared to answer policy questions about renderers who no longer exist. | 529 // prepared to answer policy questions about renderers who no longer exist. |
488 | 530 |
489 // In this case, we default to secure behavior. | 531 // In this case, we default to secure behavior. |
490 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 532 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
491 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 533 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
492 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 534 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
493 } | 535 } |
494 | 536 |
495 } // namespace content | 537 } // namespace content |
OLD | NEW |