OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
11 #include "base/stl_util.h" | 11 #include "base/stl_util.h" |
12 #include "base/strings/string_util.h" | 12 #include "base/strings/string_util.h" |
13 #include "content/browser/plugin_process_host.h" | 13 #include "content/browser/plugin_process_host.h" |
14 #include "content/browser/site_instance_impl.h" | 14 #include "content/browser/site_instance_impl.h" |
15 #include "content/public/browser/child_process_data.h" | 15 #include "content/public/browser/child_process_data.h" |
16 #include "content/public/browser/content_browser_client.h" | 16 #include "content/public/browser/content_browser_client.h" |
17 #include "content/public/browser/render_process_host.h" | 17 #include "content/public/browser/render_process_host.h" |
18 #include "content/public/common/bindings_policy.h" | 18 #include "content/public/common/bindings_policy.h" |
19 #include "content/public/common/content_switches.h" | 19 #include "content/public/common/site_isolation_policy.h" |
20 #include "content/public/common/url_constants.h" | 20 #include "content/public/common/url_constants.h" |
21 #include "net/base/filename_util.h" | 21 #include "net/base/filename_util.h" |
22 #include "net/url_request/url_request.h" | 22 #include "net/url_request/url_request.h" |
23 #include "storage/browser/fileapi/file_permission_policy.h" | 23 #include "storage/browser/fileapi/file_permission_policy.h" |
24 #include "storage/browser/fileapi/file_system_url.h" | 24 #include "storage/browser/fileapi/file_system_url.h" |
25 #include "storage/browser/fileapi/isolated_context.h" | 25 #include "storage/browser/fileapi/isolated_context.h" |
26 #include "storage/common/fileapi/file_system_util.h" | 26 #include "storage/common/fileapi/file_system_util.h" |
27 #include "url/gurl.h" | 27 #include "url/gurl.h" |
28 | 28 |
29 namespace content { | 29 namespace content { |
(...skipping 529 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
559 return; | 559 return; |
560 | 560 |
561 state->second->RevokeReadRawCookies(); | 561 state->second->RevokeReadRawCookies(); |
562 } | 562 } |
563 | 563 |
564 bool ChildProcessSecurityPolicyImpl::CanLoadPage(int child_id, | 564 bool ChildProcessSecurityPolicyImpl::CanLoadPage(int child_id, |
565 const GURL& url, | 565 const GURL& url, |
566 ResourceType resource_type) { | 566 ResourceType resource_type) { |
567 // If --site-per-process flag is passed, we should enforce | 567 // If --site-per-process flag is passed, we should enforce |
568 // stronger security restrictions on page navigation. | 568 // stronger security restrictions on page navigation. |
569 if (base::CommandLine::ForCurrentProcess()->HasSwitch( | 569 if (SiteIsolationPolicy::DoesSiteRequireDedicatedProcess(url) && |
570 switches::kSitePerProcess) && | |
571 IsResourceTypeFrame(resource_type)) { | 570 IsResourceTypeFrame(resource_type)) { |
572 // TODO(nasko): Do the proper check for site-per-process, once | 571 // TODO(nasko): Do the proper check for site-per-process, once |
573 // out-of-process iframes is ready to go. | 572 // out-of-process iframes is ready to go. |
573 // TODO(nick): Can we trust |resource_type| here? | |
574 return true; | 574 return true; |
Charlie Reis
2015/07/13 22:13:14
This whole function is in kind of a weird state.
ncarter (slow)
2015/07/20 17:45:46
I've got another CL to rip this out completely.
| |
575 } | 575 } |
576 return true; | 576 return true; |
577 } | 577 } |
578 | 578 |
579 bool ChildProcessSecurityPolicyImpl::CanRequestURL( | 579 bool ChildProcessSecurityPolicyImpl::CanRequestURL( |
580 int child_id, const GURL& url) { | 580 int child_id, const GURL& url) { |
581 if (!url.is_valid()) | 581 if (!url.is_valid()) |
582 return false; // Can't request invalid URLs. | 582 return false; // Can't request invalid URLs. |
583 | 583 |
584 if (IsWebSafeScheme(url.scheme())) | 584 if (IsWebSafeScheme(url.scheme())) |
(...skipping 262 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
847 base::AutoLock lock(lock_); | 847 base::AutoLock lock(lock_); |
848 | 848 |
849 SecurityStateMap::iterator state = security_state_.find(child_id); | 849 SecurityStateMap::iterator state = security_state_.find(child_id); |
850 if (state == security_state_.end()) | 850 if (state == security_state_.end()) |
851 return false; | 851 return false; |
852 | 852 |
853 return state->second->can_send_midi_sysex(); | 853 return state->second->can_send_midi_sysex(); |
854 } | 854 } |
855 | 855 |
856 } // namespace content | 856 } // namespace content |
OLD | NEW |