| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ |
| 6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ |
| 7 | 7 |
| 8 | 8 |
| 9 #include <map> | 9 #include <map> |
| 10 #include <set> | 10 #include <set> |
| 11 #include <string> | 11 #include <string> |
| 12 | 12 |
| 13 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
| 14 #include "base/gtest_prod_util.h" | 14 #include "base/gtest_prod_util.h" |
| 15 #include "base/memory/singleton.h" | 15 #include "base/memory/singleton.h" |
| 16 #include "base/synchronization/lock.h" | 16 #include "base/synchronization/lock.h" |
| 17 #include "content/public/browser/child_process_security_policy.h" | 17 #include "content/public/browser/child_process_security_policy.h" |
| 18 #include "webkit/glue/resource_type.h" | 18 #include "webkit/glue/resource_type.h" |
| 19 | 19 |
| 20 class GURL; |
| 21 |
| 22 namespace base { |
| 20 class FilePath; | 23 class FilePath; |
| 21 class GURL; | 24 } |
| 22 | 25 |
| 23 namespace content { | 26 namespace content { |
| 24 | 27 |
| 25 class CONTENT_EXPORT ChildProcessSecurityPolicyImpl | 28 class CONTENT_EXPORT ChildProcessSecurityPolicyImpl |
| 26 : NON_EXPORTED_BASE(public ChildProcessSecurityPolicy) { | 29 : NON_EXPORTED_BASE(public ChildProcessSecurityPolicy) { |
| 27 public: | 30 public: |
| 28 // Object can only be created through GetInstance() so the constructor is | 31 // Object can only be created through GetInstance() so the constructor is |
| 29 // private. | 32 // private. |
| 30 virtual ~ChildProcessSecurityPolicyImpl(); | 33 virtual ~ChildProcessSecurityPolicyImpl(); |
| 31 | 34 |
| 32 static ChildProcessSecurityPolicyImpl* GetInstance(); | 35 static ChildProcessSecurityPolicyImpl* GetInstance(); |
| 33 | 36 |
| 34 // ChildProcessSecurityPolicy implementation. | 37 // ChildProcessSecurityPolicy implementation. |
| 35 virtual void RegisterWebSafeScheme(const std::string& scheme) OVERRIDE; | 38 virtual void RegisterWebSafeScheme(const std::string& scheme) OVERRIDE; |
| 36 virtual bool IsWebSafeScheme(const std::string& scheme) OVERRIDE; | 39 virtual bool IsWebSafeScheme(const std::string& scheme) OVERRIDE; |
| 37 virtual void RegisterDisabledSchemes(const std::set<std::string>& schemes) | 40 virtual void RegisterDisabledSchemes(const std::set<std::string>& schemes) |
| 38 OVERRIDE; | 41 OVERRIDE; |
| 39 virtual void GrantPermissionsForFile(int child_id, | 42 virtual void GrantPermissionsForFile(int child_id, |
| 40 const FilePath& file, | 43 const base::FilePath& file, |
| 41 int permissions) OVERRIDE; | 44 int permissions) OVERRIDE; |
| 42 virtual void GrantReadFile(int child_id, const FilePath& file) OVERRIDE; | 45 virtual void GrantReadFile(int child_id, const base::FilePath& file) OVERRIDE; |
| 43 virtual void GrantReadFileSystem( | 46 virtual void GrantReadFileSystem( |
| 44 int child_id, | 47 int child_id, |
| 45 const std::string& filesystem_id) OVERRIDE; | 48 const std::string& filesystem_id) OVERRIDE; |
| 46 virtual void GrantWriteFileSystem( | 49 virtual void GrantWriteFileSystem( |
| 47 int child_id, | 50 int child_id, |
| 48 const std::string& filesystem_id) OVERRIDE; | 51 const std::string& filesystem_id) OVERRIDE; |
| 49 virtual void GrantCreateFileForFileSystem( | 52 virtual void GrantCreateFileForFileSystem( |
| 50 int child_id, | 53 int child_id, |
| 51 const std::string& filesystem_id) OVERRIDE; | 54 const std::string& filesystem_id) OVERRIDE; |
| 52 virtual void GrantScheme(int child_id, const std::string& scheme) OVERRIDE; | 55 virtual void GrantScheme(int child_id, const std::string& scheme) OVERRIDE; |
| 53 virtual bool CanReadFile(int child_id, const FilePath& file) OVERRIDE; | 56 virtual bool CanReadFile(int child_id, const base::FilePath& file) OVERRIDE; |
| 54 virtual bool CanReadFileSystem(int child_id, | 57 virtual bool CanReadFileSystem(int child_id, |
| 55 const std::string& filesystem_id) OVERRIDE; | 58 const std::string& filesystem_id) OVERRIDE; |
| 56 virtual bool CanReadWriteFileSystem( | 59 virtual bool CanReadWriteFileSystem( |
| 57 int child_id, | 60 int child_id, |
| 58 const std::string& filesystem_id) OVERRIDE; | 61 const std::string& filesystem_id) OVERRIDE; |
| 59 | 62 |
| 60 // Pseudo schemes are treated differently than other schemes because they | 63 // Pseudo schemes are treated differently than other schemes because they |
| 61 // cannot be requested like normal URLs. There is no mechanism for revoking | 64 // cannot be requested like normal URLs. There is no mechanism for revoking |
| 62 // pseudo schemes. | 65 // pseudo schemes. |
| 63 void RegisterPseudoScheme(const std::string& scheme); | 66 void RegisterPseudoScheme(const std::string& scheme); |
| (...skipping 24 matching lines...) Expand all Loading... |
| 88 // scheme. | 91 // scheme. |
| 89 void GrantRequestURL(int child_id, const GURL& url); | 92 void GrantRequestURL(int child_id, const GURL& url); |
| 90 | 93 |
| 91 // Whenever the browser process drops a file icon on a tab, it should call | 94 // Whenever the browser process drops a file icon on a tab, it should call |
| 92 // this method to grant the child process the capability to request this one | 95 // this method to grant the child process the capability to request this one |
| 93 // file:// URL, but not all urls of the file:// scheme. | 96 // file:// URL, but not all urls of the file:// scheme. |
| 94 void GrantRequestSpecificFileURL(int child_id, const GURL& url); | 97 void GrantRequestSpecificFileURL(int child_id, const GURL& url); |
| 95 | 98 |
| 96 // Grants the child process permission to enumerate all the files in | 99 // Grants the child process permission to enumerate all the files in |
| 97 // this directory and read those files. | 100 // this directory and read those files. |
| 98 void GrantReadDirectory(int child_id, const FilePath& directory); | 101 void GrantReadDirectory(int child_id, const base::FilePath& directory); |
| 99 | 102 |
| 100 // Revokes all permissions granted to the given file. | 103 // Revokes all permissions granted to the given file. |
| 101 void RevokeAllPermissionsForFile(int child_id, const FilePath& file); | 104 void RevokeAllPermissionsForFile(int child_id, const base::FilePath& file); |
| 102 | 105 |
| 103 // Grant the child process the ability to use Web UI Bindings. | 106 // Grant the child process the ability to use Web UI Bindings. |
| 104 void GrantWebUIBindings(int child_id); | 107 void GrantWebUIBindings(int child_id); |
| 105 | 108 |
| 106 // Grant the child process the ability to read raw cookies. | 109 // Grant the child process the ability to read raw cookies. |
| 107 void GrantReadRawCookies(int child_id); | 110 void GrantReadRawCookies(int child_id); |
| 108 | 111 |
| 109 // Revoke read raw cookies permission. | 112 // Revoke read raw cookies permission. |
| 110 void RevokeReadRawCookies(int child_id); | 113 void RevokeReadRawCookies(int child_id); |
| 111 | 114 |
| 112 // Before servicing a child process's request for a URL, the browser should | 115 // Before servicing a child process's request for a URL, the browser should |
| 113 // call this method to determine whether the process has the capability to | 116 // call this method to determine whether the process has the capability to |
| 114 // request the URL. | 117 // request the URL. |
| 115 bool CanRequestURL(int child_id, const GURL& url); | 118 bool CanRequestURL(int child_id, const GURL& url); |
| 116 | 119 |
| 117 // Returns true if the process is permitted to load pages from | 120 // Returns true if the process is permitted to load pages from |
| 118 // the given origin in main frames or subframes. | 121 // the given origin in main frames or subframes. |
| 119 // Only might return false if --site-per-process flag is used. | 122 // Only might return false if --site-per-process flag is used. |
| 120 bool CanLoadPage(int child_id, | 123 bool CanLoadPage(int child_id, |
| 121 const GURL& url, | 124 const GURL& url, |
| 122 ResourceType::Type resource_type); | 125 ResourceType::Type resource_type); |
| 123 | 126 |
| 124 // Before servicing a child process's request to enumerate a directory | 127 // Before servicing a child process's request to enumerate a directory |
| 125 // the browser should call this method to check for the capability. | 128 // the browser should call this method to check for the capability. |
| 126 bool CanReadDirectory(int child_id, const FilePath& directory); | 129 bool CanReadDirectory(int child_id, const base::FilePath& directory); |
| 127 | 130 |
| 128 // Determines if certain permissions were granted for a file. |permissions| | 131 // Determines if certain permissions were granted for a file. |permissions| |
| 129 // must be a bit-set of base::PlatformFileFlags. | 132 // must be a bit-set of base::PlatformFileFlags. |
| 130 bool HasPermissionsForFile(int child_id, | 133 bool HasPermissionsForFile(int child_id, |
| 131 const FilePath& file, | 134 const base::FilePath& file, |
| 132 int permissions); | 135 int permissions); |
| 133 | 136 |
| 134 // Returns true if the specified child_id has been granted WebUIBindings. | 137 // Returns true if the specified child_id has been granted WebUIBindings. |
| 135 // The browser should check this property before assuming the child process is | 138 // The browser should check this property before assuming the child process is |
| 136 // allowed to use WebUIBindings. | 139 // allowed to use WebUIBindings. |
| 137 bool HasWebUIBindings(int child_id); | 140 bool HasWebUIBindings(int child_id); |
| 138 | 141 |
| 139 // Returns true if the specified child_id has been granted ReadRawCookies. | 142 // Returns true if the specified child_id has been granted ReadRawCookies. |
| 140 bool CanReadRawCookies(int child_id); | 143 bool CanReadRawCookies(int child_id); |
| 141 | 144 |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 187 // Obtain an instance of ChildProcessSecurityPolicyImpl via GetInstance(). | 190 // Obtain an instance of ChildProcessSecurityPolicyImpl via GetInstance(). |
| 188 ChildProcessSecurityPolicyImpl(); | 191 ChildProcessSecurityPolicyImpl(); |
| 189 friend struct DefaultSingletonTraits<ChildProcessSecurityPolicyImpl>; | 192 friend struct DefaultSingletonTraits<ChildProcessSecurityPolicyImpl>; |
| 190 | 193 |
| 191 // Adds child process during registration. | 194 // Adds child process during registration. |
| 192 void AddChild(int child_id); | 195 void AddChild(int child_id); |
| 193 | 196 |
| 194 // Determines if certain permissions were granted for a file to given child | 197 // Determines if certain permissions were granted for a file to given child |
| 195 // process. |permissions| must be a bit-set of base::PlatformFileFlags. | 198 // process. |permissions| must be a bit-set of base::PlatformFileFlags. |
| 196 bool ChildProcessHasPermissionsForFile(int child_id, | 199 bool ChildProcessHasPermissionsForFile(int child_id, |
| 197 const FilePath& file, | 200 const base::FilePath& file, |
| 198 int permissions); | 201 int permissions); |
| 199 | 202 |
| 200 // You must acquire this lock before reading or writing any members of this | 203 // You must acquire this lock before reading or writing any members of this |
| 201 // class. You must not block while holding this lock. | 204 // class. You must not block while holding this lock. |
| 202 base::Lock lock_; | 205 base::Lock lock_; |
| 203 | 206 |
| 204 // These schemes are white-listed for all child processes. This set is | 207 // These schemes are white-listed for all child processes. This set is |
| 205 // protected by |lock_|. | 208 // protected by |lock_|. |
| 206 SchemeSet web_safe_schemes_; | 209 SchemeSet web_safe_schemes_; |
| 207 | 210 |
| (...skipping 16 matching lines...) Expand all Loading... |
| 224 // This maps keeps the record of which js worker thread child process | 227 // This maps keeps the record of which js worker thread child process |
| 225 // corresponds to which main js thread child process. | 228 // corresponds to which main js thread child process. |
| 226 WorkerToMainProcessMap worker_map_; | 229 WorkerToMainProcessMap worker_map_; |
| 227 | 230 |
| 228 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl); | 231 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl); |
| 229 }; | 232 }; |
| 230 | 233 |
| 231 } // namespace content | 234 } // namespace content |
| 232 | 235 |
| 233 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 236 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12163003:
Add FilePath to base namespace. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src