Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(101)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/renderer_host/render_view_host_impl.cc

Issue 18129002: Update the child process security policy to use explicit permission grants. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase to head Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/browser/renderer_host/render_view_host_impl.h ('k') | content/browser/renderer_host/render_view_host_unittest.cc » ('j') | content/public/browser/child_process_security_policy.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/renderer_host/render_view_host_impl.h" 5 #include "content/browser/renderer_host/render_view_host_impl.h"
6 6
7 #include <set> 7 #include <set>
8 #include <string> 8 #include <string>
9 #include <utility> 9 #include <utility>
10 #include <vector> 10 #include <vector>
(...skipping 816 matching lines...) Expand 10 before | Expand all | Expand 10 after
827 RenderWidgetHostImpl::LostMouseLock(); 827 RenderWidgetHostImpl::LostMouseLock();
828 delegate_->LostMouseLock(); 828 delegate_->LostMouseLock();
829 } 829 }
830 830
831 void RenderViewHostImpl::SetInitialFocus(bool reverse) { 831 void RenderViewHostImpl::SetInitialFocus(bool reverse) {
832 Send(new ViewMsg_SetInitialFocus(GetRoutingID(), reverse)); 832 Send(new ViewMsg_SetInitialFocus(GetRoutingID(), reverse));
833 } 833 }
834 834
835 void RenderViewHostImpl::FilesSelectedInChooser( 835 void RenderViewHostImpl::FilesSelectedInChooser(
836 const std::vector<ui::SelectedFileInfo>& files, 836 const std::vector<ui::SelectedFileInfo>& files,
837 int permissions) { 837 RenderViewHost::FileSelectionPermissions permissions) {
838 // Grant the security access requested to the given files. 838 // Grant the security access requested to the given files.
839 for (size_t i = 0; i < files.size(); ++i) { 839 for (size_t i = 0; i < files.size(); ++i) {
840 const ui::SelectedFileInfo& file = files[i]; 840 const ui::SelectedFileInfo& file = files[i];
841 ChildProcessSecurityPolicyImpl::GetInstance()->GrantPermissionsForFile( 841 if (permissions == RenderViewHost::FILE_PERMISSION_READ_ONLY) {
842 GetProcess()->GetID(), file.local_path, permissions); 842 ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
843 GetProcess()->GetID(), file.local_path);
844 }
845 if (permissions == RenderViewHost::FILE_PERMISSION_WRITE) {
Tom Sepez 2013/07/09 18:52:50 nit: else if
Greg Billock 2013/07/09 21:09:50 Done.
846 ChildProcessSecurityPolicyImpl::GetInstance()->GrantCreateWriteFile(
847 GetProcess()->GetID(), file.local_path);
848 }
843 } 849 }
844 Send(new ViewMsg_RunFileChooserResponse(GetRoutingID(), files)); 850 Send(new ViewMsg_RunFileChooserResponse(GetRoutingID(), files));
845 } 851 }
846 852
847 void RenderViewHostImpl::DirectoryEnumerationFinished( 853 void RenderViewHostImpl::DirectoryEnumerationFinished(
848 int request_id, 854 int request_id,
849 const std::vector<base::FilePath>& files) { 855 const std::vector<base::FilePath>& files) {
850 // Grant the security access requested to the given files. 856 // Grant the security access requested to the given files.
851 for (std::vector<base::FilePath>::const_iterator file = files.begin(); 857 for (std::vector<base::FilePath>::const_iterator file = files.begin();
852 file != files.end(); ++file) { 858 file != files.end(); ++file) {
(...skipping 1216 matching lines...) Expand 10 before | Expand all | Expand 10 after
2069 const std::vector<base::FilePath>& file_paths = state.GetReferencedFiles(); 2075 const std::vector<base::FilePath>& file_paths = state.GetReferencedFiles();
2070 for (std::vector<base::FilePath>::const_iterator file = file_paths.begin(); 2076 for (std::vector<base::FilePath>::const_iterator file = file_paths.begin();
2071 file != file_paths.end(); ++file) { 2077 file != file_paths.end(); ++file) {
2072 if (!policy->CanReadFile(GetProcess()->GetID(), *file)) 2078 if (!policy->CanReadFile(GetProcess()->GetID(), *file))
2073 return false; 2079 return false;
2074 } 2080 }
2075 return true; 2081 return true;
2076 } 2082 }
2077 2083
2078 } // namespace content 2084 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/renderer_host/render_view_host_impl.h ('k') | content/browser/renderer_host/render_view_host_unittest.cc » ('j') | content/public/browser/child_process_security_policy.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698