OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <set> | 5 #include <set> |
6 #include <string> | 6 #include <string> |
7 | 7 |
8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
10 #include "content/browser/child_process_security_policy_impl.h" | 10 #include "content/browser/child_process_security_policy_impl.h" |
11 #include "content/public/common/url_constants.h" | 11 #include "content/public/common/url_constants.h" |
12 #include "content/test/test_content_browser_client.h" | 12 #include "content/test/test_content_browser_client.h" |
13 #include "storage/browser/fileapi/file_permission_policy.h" | 13 #include "storage/browser/fileapi/file_permission_policy.h" |
14 #include "storage/browser/fileapi/file_system_url.h" | 14 #include "storage/browser/fileapi/file_system_url.h" |
15 #include "storage/browser/fileapi/isolated_context.h" | 15 #include "storage/browser/fileapi/isolated_context.h" |
16 #include "storage/common/fileapi/file_system_types.h" | 16 #include "storage/common/fileapi/file_system_types.h" |
17 #include "testing/gtest/include/gtest/gtest.h" | 17 #include "testing/gtest/include/gtest/gtest.h" |
18 #include "url/gurl.h" | 18 #include "url/gurl.h" |
| 19 #include "url/origin.h" |
19 | 20 |
20 namespace content { | 21 namespace content { |
21 namespace { | 22 namespace { |
22 | 23 |
23 const int kRendererID = 42; | 24 const int kRendererID = 42; |
24 const int kWorkerRendererID = kRendererID + 1; | 25 const int kWorkerRendererID = kRendererID + 1; |
25 | 26 |
26 #if defined(FILE_PATH_USES_DRIVE_LETTERS) | 27 #if defined(FILE_PATH_USES_DRIVE_LETTERS) |
27 #define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x) | 28 #define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x) |
28 #else | 29 #else |
(...skipping 661 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
690 // Renderers are added and removed on the UI thread, but the policy can be | 691 // Renderers are added and removed on the UI thread, but the policy can be |
691 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 692 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
692 // prepared to answer policy questions about renderers who no longer exist. | 693 // prepared to answer policy questions about renderers who no longer exist. |
693 | 694 |
694 // In this case, we default to secure behavior. | 695 // In this case, we default to secure behavior. |
695 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 696 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
696 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 697 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
697 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 698 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
698 } | 699 } |
699 | 700 |
| 701 // Test the granting of origin permissions, and their interactions with |
| 702 // granting scheme permissions. |
| 703 TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) { |
| 704 ChildProcessSecurityPolicyImpl* p = |
| 705 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 706 |
| 707 p->Add(kRendererID); |
| 708 |
| 709 GURL url_foo1("chrome://foo/resource1"); |
| 710 GURL url_foo2("chrome://foo/resource2"); |
| 711 GURL url_bar("chrome://bar/resource3"); |
| 712 |
| 713 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo1)); |
| 714 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo2)); |
| 715 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar)); |
| 716 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1)); |
| 717 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2)); |
| 718 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); |
| 719 |
| 720 p->GrantOrigin(kRendererID, url::Origin(url_foo1)); |
| 721 |
| 722 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1)); |
| 723 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); |
| 724 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar)); |
| 725 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); |
| 726 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); |
| 727 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); |
| 728 |
| 729 p->GrantScheme(kRendererID, kChromeUIScheme); |
| 730 |
| 731 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1)); |
| 732 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); |
| 733 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar)); |
| 734 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); |
| 735 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); |
| 736 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); |
| 737 |
| 738 p->Remove(kRendererID); |
| 739 } |
| 740 |
700 } // namespace content | 741 } // namespace content |
OLD | NEW |