OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <set> | 5 #include <set> |
6 #include <string> | 6 #include <string> |
7 | 7 |
8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
10 #include "content/browser/child_process_security_policy_impl.h" | 10 #include "content/browser/child_process_security_policy_impl.h" |
11 #include "content/public/common/url_constants.h" | 11 #include "content/public/common/url_constants.h" |
12 #include "content/test/test_content_browser_client.h" | 12 #include "content/test/test_content_browser_client.h" |
13 #include "storage/browser/fileapi/file_permission_policy.h" | 13 #include "storage/browser/fileapi/file_permission_policy.h" |
14 #include "storage/browser/fileapi/file_system_url.h" | 14 #include "storage/browser/fileapi/file_system_url.h" |
15 #include "storage/browser/fileapi/isolated_context.h" | 15 #include "storage/browser/fileapi/isolated_context.h" |
16 #include "storage/common/fileapi/file_system_types.h" | 16 #include "storage/common/fileapi/file_system_types.h" |
17 #include "testing/gtest/include/gtest/gtest.h" | 17 #include "testing/gtest/include/gtest/gtest.h" |
18 #include "url/gurl.h" | 18 #include "url/gurl.h" |
19 #include "url/origin.h" | |
19 | 20 |
20 namespace content { | 21 namespace content { |
21 namespace { | 22 namespace { |
22 | 23 |
23 const int kRendererID = 42; | 24 const int kRendererID = 42; |
24 const int kWorkerRendererID = kRendererID + 1; | 25 const int kWorkerRendererID = kRendererID + 1; |
25 | 26 |
26 #if defined(FILE_PATH_USES_DRIVE_LETTERS) | 27 #if defined(FILE_PATH_USES_DRIVE_LETTERS) |
27 #define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x) | 28 #define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x) |
28 #else | 29 #else |
(...skipping 661 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
690 // Renderers are added and removed on the UI thread, but the policy can be | 691 // Renderers are added and removed on the UI thread, but the policy can be |
691 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 692 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
692 // prepared to answer policy questions about renderers who no longer exist. | 693 // prepared to answer policy questions about renderers who no longer exist. |
693 | 694 |
694 // In this case, we default to secure behavior. | 695 // In this case, we default to secure behavior. |
695 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 696 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
696 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 697 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
697 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 698 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
698 } | 699 } |
699 | 700 |
701 // Test the granting of origin permissions, and their interactions with | |
702 // granting scheme permissions. | |
703 TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) { | |
704 ChildProcessSecurityPolicyImpl* p = | |
705 ChildProcessSecurityPolicyImpl::GetInstance(); | |
706 | |
707 p->Add(kRendererID); | |
708 | |
709 GURL url_foo1("chrome://foo/resource1"); | |
710 GURL url_foo2("chrome://foo/resource2"); | |
711 GURL url_bar("chrome://bar/resource3"); | |
712 | |
713 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1)); | |
Charlie Reis
2015/09/29 22:15:53
nit: Let's also include CanRequestURL calls, simil
paulmeyer
2015/09/30 14:21:31
Done.
| |
714 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2)); | |
715 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); | |
716 | |
717 p->GrantOrigin(kRendererID, url::Origin(url_foo1)); | |
718 | |
719 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); | |
720 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); | |
721 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); | |
722 | |
723 p->GrantScheme(kRendererID, kChromeUIScheme); | |
724 | |
725 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); | |
726 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); | |
727 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); | |
728 | |
729 p->Remove(kRendererID); | |
730 } | |
731 | |
700 } // namespace content | 732 } // namespace content |
OLD | NEW |