OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
(...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
207 if (it != file_permissions_.end()) | 207 if (it != file_permissions_.end()) |
208 return (it->second & permissions) == permissions; | 208 return (it->second & permissions) == permissions; |
209 } | 209 } |
210 last_path = current_path; | 210 last_path = current_path; |
211 current_path = current_path.DirName(); | 211 current_path = current_path.DirName(); |
212 } | 212 } |
213 | 213 |
214 return false; | 214 return false; |
215 } | 215 } |
216 | 216 |
217 bool CanLoadPage(const GURL& gurl) { | |
218 if (origin_lock_.is_empty()) | |
219 return true; | |
220 | |
221 // TODO(creis): We must pass the valid browser_context to convert hosted | |
222 // apps URLs. Currently, hosted apps cannot be loaded in this mode. | |
223 // See http://crbug.com/160576. | |
224 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); | |
225 return origin_lock_ == site_gurl; | |
226 } | |
227 | |
228 bool CanAccessDataForOrigin(const GURL& gurl) { | 217 bool CanAccessDataForOrigin(const GURL& gurl) { |
229 if (origin_lock_.is_empty()) | 218 if (origin_lock_.is_empty()) |
230 return true; | 219 return true; |
231 // TODO(creis): We must pass the valid browser_context to convert hosted | 220 // TODO(creis): We must pass the valid browser_context to convert hosted |
232 // apps URLs. Currently, hosted apps cannot set cookies in this mode. | 221 // apps URLs. Currently, hosted apps cannot set cookies in this mode. |
233 // See http://crbug.com/160576. | 222 // See http://crbug.com/160576. |
234 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); | 223 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl); |
235 return origin_lock_ == site_gurl; | 224 return origin_lock_ == site_gurl; |
236 } | 225 } |
237 | 226 |
(...skipping 316 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
554 void ChildProcessSecurityPolicyImpl::RevokeReadRawCookies(int child_id) { | 543 void ChildProcessSecurityPolicyImpl::RevokeReadRawCookies(int child_id) { |
555 base::AutoLock lock(lock_); | 544 base::AutoLock lock(lock_); |
556 | 545 |
557 SecurityStateMap::iterator state = security_state_.find(child_id); | 546 SecurityStateMap::iterator state = security_state_.find(child_id); |
558 if (state == security_state_.end()) | 547 if (state == security_state_.end()) |
559 return; | 548 return; |
560 | 549 |
561 state->second->RevokeReadRawCookies(); | 550 state->second->RevokeReadRawCookies(); |
562 } | 551 } |
563 | 552 |
564 bool ChildProcessSecurityPolicyImpl::CanLoadPage(int child_id, | |
565 const GURL& url, | |
566 ResourceType resource_type) { | |
567 // If --site-per-process flag is passed, we should enforce | |
568 // stronger security restrictions on page navigation. | |
569 if (base::CommandLine::ForCurrentProcess()->HasSwitch( | |
570 switches::kSitePerProcess) && | |
571 IsResourceTypeFrame(resource_type)) { | |
572 // TODO(nasko): Do the proper check for site-per-process, once | |
573 // out-of-process iframes is ready to go. | |
574 return true; | |
575 } | |
576 return true; | |
577 } | |
578 | |
579 bool ChildProcessSecurityPolicyImpl::CanRequestURL( | 553 bool ChildProcessSecurityPolicyImpl::CanRequestURL( |
580 int child_id, const GURL& url) { | 554 int child_id, const GURL& url) { |
581 if (!url.is_valid()) | 555 if (!url.is_valid()) |
582 return false; // Can't request invalid URLs. | 556 return false; // Can't request invalid URLs. |
583 | 557 |
584 if (IsWebSafeScheme(url.scheme())) | 558 if (IsWebSafeScheme(url.scheme())) |
585 return true; // The scheme has been white-listed for every child process. | 559 return true; // The scheme has been white-listed for every child process. |
586 | 560 |
587 if (IsPseudoScheme(url.scheme())) { | 561 if (IsPseudoScheme(url.scheme())) { |
588 // There are a number of special cases for pseudo schemes. | 562 // There are a number of special cases for pseudo schemes. |
(...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
847 base::AutoLock lock(lock_); | 821 base::AutoLock lock(lock_); |
848 | 822 |
849 SecurityStateMap::iterator state = security_state_.find(child_id); | 823 SecurityStateMap::iterator state = security_state_.find(child_id); |
850 if (state == security_state_.end()) | 824 if (state == security_state_.end()) |
851 return false; | 825 return false; |
852 | 826 |
853 return state->second->can_send_midi_sysex(); | 827 return state->second->can_send_midi_sysex(); |
854 } | 828 } |
855 | 829 |
856 } // namespace content | 830 } // namespace content |
OLD | NEW |