OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
7 | 7 |
8 #include <set> | 8 #include <set> |
9 #include <string> | 9 #include <string> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
12 #include "content/common/content_export.h" | 12 #include "content/common/content_export.h" |
13 | 13 |
| 14 namespace base { |
14 class FilePath; | 15 class FilePath; |
| 16 } |
15 | 17 |
16 namespace content { | 18 namespace content { |
17 | 19 |
18 // The ChildProcessSecurityPolicy class is used to grant and revoke security | 20 // The ChildProcessSecurityPolicy class is used to grant and revoke security |
19 // capabilities for child processes. For example, it restricts whether a child | 21 // capabilities for child processes. For example, it restricts whether a child |
20 // process is permitted to load file:// URLs based on whether the process | 22 // process is permitted to load file:// URLs based on whether the process |
21 // has ever been commanded to load file:// URLs by the browser. | 23 // has ever been commanded to load file:// URLs by the browser. |
22 // | 24 // |
23 // ChildProcessSecurityPolicy is a singleton that may be used on any thread. | 25 // ChildProcessSecurityPolicy is a singleton that may be used on any thread. |
24 // | 26 // |
(...skipping 17 matching lines...) Expand all Loading... |
42 // Sets the list of disabled schemes. | 44 // Sets the list of disabled schemes. |
43 // URLs using these schemes won't be loaded at all. The previous list of | 45 // URLs using these schemes won't be loaded at all. The previous list of |
44 // schemes is overwritten. An empty |schemes| disables this feature. | 46 // schemes is overwritten. An empty |schemes| disables this feature. |
45 // Schemes listed as disabled take precedence over Web-safe schemes. | 47 // Schemes listed as disabled take precedence over Web-safe schemes. |
46 virtual void RegisterDisabledSchemes( | 48 virtual void RegisterDisabledSchemes( |
47 const std::set<std::string>& schemes) = 0; | 49 const std::set<std::string>& schemes) = 0; |
48 | 50 |
49 // Grants certain permissions to a file. |permissions| must be a bit-set of | 51 // Grants certain permissions to a file. |permissions| must be a bit-set of |
50 // base::PlatformFileFlags. | 52 // base::PlatformFileFlags. |
51 virtual void GrantPermissionsForFile(int child_id, | 53 virtual void GrantPermissionsForFile(int child_id, |
52 const FilePath& file, | 54 const base::FilePath& file, |
53 int permissions) = 0; | 55 int permissions) = 0; |
54 | 56 |
55 // Before servicing a child process's request to upload a file to the web, the | 57 // Before servicing a child process's request to upload a file to the web, the |
56 // browser should call this method to determine whether the process has the | 58 // browser should call this method to determine whether the process has the |
57 // capability to upload the requested file. | 59 // capability to upload the requested file. |
58 virtual bool CanReadFile(int child_id, const FilePath& file) = 0; | 60 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0; |
59 | 61 |
60 // Whenever the user picks a file from a <input type="file"> element, the | 62 // Whenever the user picks a file from a <input type="file"> element, the |
61 // browser should call this function to grant the child process the capability | 63 // browser should call this function to grant the child process the capability |
62 // to upload the file to the web. | 64 // to upload the file to the web. |
63 virtual void GrantReadFile(int child_id, const FilePath& file) = 0; | 65 virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0; |
64 | 66 |
65 // Grants read access permission to the given isolated file system | 67 // Grants read access permission to the given isolated file system |
66 // identified by |filesystem_id|. An isolated file system can be | 68 // identified by |filesystem_id|. An isolated file system can be |
67 // created for a set of native files/directories (like dropped files) | 69 // created for a set of native files/directories (like dropped files) |
68 // using fileapi::IsolatedContext. A child process needs to be granted | 70 // using fileapi::IsolatedContext. A child process needs to be granted |
69 // permission to the file system to access the files in it using | 71 // permission to the file system to access the files in it using |
70 // file system URL. | 72 // file system URL. |
71 // | 73 // |
72 // Note: to grant read access to the content of files you also need | 74 // Note: to grant read access to the content of files you also need |
73 // to give permission directly to the file paths using GrantReadFile. | 75 // to give permission directly to the file paths using GrantReadFile. |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
113 | 115 |
114 // Returns true iff read and write access has been granted to the filesystem | 116 // Returns true iff read and write access has been granted to the filesystem |
115 // with |filesystem_id|. | 117 // with |filesystem_id|. |
116 virtual bool CanReadWriteFileSystem(int child_id, | 118 virtual bool CanReadWriteFileSystem(int child_id, |
117 const std::string& filesystem_id) = 0; | 119 const std::string& filesystem_id) = 0; |
118 }; | 120 }; |
119 | 121 |
120 }; // namespace content | 122 }; // namespace content |
121 | 123 |
122 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 124 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
OLD | NEW |