| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ |
| 6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ |
| 7 | 7 |
| 8 | 8 |
| 9 #include <map> | 9 #include <map> |
| 10 #include <set> | 10 #include <set> |
| (...skipping 24 matching lines...) Expand all Loading... |
| 35 public: | 35 public: |
| 36 // Object can only be created through GetInstance() so the constructor is | 36 // Object can only be created through GetInstance() so the constructor is |
| 37 // private. | 37 // private. |
| 38 virtual ~ChildProcessSecurityPolicyImpl(); | 38 virtual ~ChildProcessSecurityPolicyImpl(); |
| 39 | 39 |
| 40 static ChildProcessSecurityPolicyImpl* GetInstance(); | 40 static ChildProcessSecurityPolicyImpl* GetInstance(); |
| 41 | 41 |
| 42 // ChildProcessSecurityPolicy implementation. | 42 // ChildProcessSecurityPolicy implementation. |
| 43 virtual void RegisterWebSafeScheme(const std::string& scheme) OVERRIDE; | 43 virtual void RegisterWebSafeScheme(const std::string& scheme) OVERRIDE; |
| 44 virtual bool IsWebSafeScheme(const std::string& scheme) OVERRIDE; | 44 virtual bool IsWebSafeScheme(const std::string& scheme) OVERRIDE; |
| 45 virtual void GrantPermissionsForFile(int child_id, | |
| 46 const base::FilePath& file, | |
| 47 int permissions) OVERRIDE; | |
| 48 virtual void GrantReadFile(int child_id, const base::FilePath& file) OVERRIDE; | 45 virtual void GrantReadFile(int child_id, const base::FilePath& file) OVERRIDE; |
| 46 virtual void GrantCreateReadWriteFile(int child_id, |
| 47 const base::FilePath& file) OVERRIDE; |
| 48 virtual void GrantCreateWriteFile(int child_id, |
| 49 const base::FilePath& file) OVERRIDE; |
| 49 virtual void GrantReadFileSystem( | 50 virtual void GrantReadFileSystem( |
| 50 int child_id, | 51 int child_id, |
| 51 const std::string& filesystem_id) OVERRIDE; | 52 const std::string& filesystem_id) OVERRIDE; |
| 52 virtual void GrantWriteFileSystem( | 53 virtual void GrantWriteFileSystem( |
| 53 int child_id, | 54 int child_id, |
| 54 const std::string& filesystem_id) OVERRIDE; | 55 const std::string& filesystem_id) OVERRIDE; |
| 55 virtual void GrantCreateFileForFileSystem( | 56 virtual void GrantCreateFileForFileSystem( |
| 56 int child_id, | 57 int child_id, |
| 57 const std::string& filesystem_id) OVERRIDE; | 58 const std::string& filesystem_id) OVERRIDE; |
| 58 virtual void GrantScheme(int child_id, const std::string& scheme) OVERRIDE; | 59 virtual void GrantScheme(int child_id, const std::string& scheme) OVERRIDE; |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 160 // Only might return false if the very experimental | 161 // Only might return false if the very experimental |
| 161 // --enable-strict-site-isolation or --site-per-process flags are used. | 162 // --enable-strict-site-isolation or --site-per-process flags are used. |
| 162 bool CanSendCookiesForOrigin(int child_id, const GURL& gurl); | 163 bool CanSendCookiesForOrigin(int child_id, const GURL& gurl); |
| 163 | 164 |
| 164 // Sets the process as only permitted to use and see the cookies for the | 165 // Sets the process as only permitted to use and see the cookies for the |
| 165 // given origin. | 166 // given origin. |
| 166 // Only used if the very experimental --enable-strict-site-isolation or | 167 // Only used if the very experimental --enable-strict-site-isolation or |
| 167 // --site-per-process flags are used. | 168 // --site-per-process flags are used. |
| 168 void LockToOrigin(int child_id, const GURL& gurl); | 169 void LockToOrigin(int child_id, const GURL& gurl); |
| 169 | 170 |
| 170 // Grants access permission to the given isolated file system | |
| 171 // identified by |filesystem_id|. See comments for | |
| 172 // ChildProcessSecurityPolicy::GrantReadFileSystem() for more details. | |
| 173 void GrantPermissionsForFileSystem( | |
| 174 int child_id, | |
| 175 const std::string& filesystem_id, | |
| 176 int permission); | |
| 177 | |
| 178 // Determines if certain permissions were granted for a file fystem. | 171 // Determines if certain permissions were granted for a file fystem. |
| 179 // |permissions| must be a bitwise-or'd value of base::PlatformFileFlags. | 172 // |permissions| must be a bitwise-or'd value of base::PlatformFileFlags. |
| 180 bool HasPermissionsForFileSystem( | 173 bool HasPermissionsForFileSystem( |
| 181 int child_id, | 174 int child_id, |
| 182 const std::string& filesystem_id, | 175 const std::string& filesystem_id, |
| 183 int permission); | 176 int permission); |
| 184 | 177 |
| 185 // Register FileSystem type and permission policy which should be used | 178 // Register FileSystem type and permission policy which should be used |
| 186 // for the type. The |policy| must be a bitwise-or'd value of | 179 // for the type. The |policy| must be a bitwise-or'd value of |
| 187 // fileapi::FilePermissionPolicy. | 180 // fileapi::FilePermissionPolicy. |
| 188 void RegisterFileSystemPermissionPolicy( | 181 void RegisterFileSystemPermissionPolicy( |
| 189 fileapi::FileSystemType type, | 182 fileapi::FileSystemType type, |
| 190 int policy); | 183 int policy); |
| 191 | 184 |
| 192 private: | 185 private: |
| 193 friend class ChildProcessSecurityPolicyInProcessBrowserTest; | 186 friend class ChildProcessSecurityPolicyInProcessBrowserTest; |
| 187 friend class ChildProcessSecurityPolicyTest; |
| 194 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyInProcessBrowserTest, | 188 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyInProcessBrowserTest, |
| 195 NoLeak); | 189 NoLeak); |
| 196 | 190 |
| 197 class SecurityState; | 191 class SecurityState; |
| 198 | 192 |
| 199 typedef std::set<std::string> SchemeSet; | 193 typedef std::set<std::string> SchemeSet; |
| 200 typedef std::map<int, SecurityState*> SecurityStateMap; | 194 typedef std::map<int, SecurityState*> SecurityStateMap; |
| 201 typedef std::map<int, int> WorkerToMainProcessMap; | 195 typedef std::map<int, int> WorkerToMainProcessMap; |
| 202 typedef std::map<fileapi::FileSystemType, int> FileSystemPermissionPolicyMap; | 196 typedef std::map<fileapi::FileSystemType, int> FileSystemPermissionPolicyMap; |
| 203 | 197 |
| 204 // Obtain an instance of ChildProcessSecurityPolicyImpl via GetInstance(). | 198 // Obtain an instance of ChildProcessSecurityPolicyImpl via GetInstance(). |
| 205 ChildProcessSecurityPolicyImpl(); | 199 ChildProcessSecurityPolicyImpl(); |
| 206 friend struct DefaultSingletonTraits<ChildProcessSecurityPolicyImpl>; | 200 friend struct DefaultSingletonTraits<ChildProcessSecurityPolicyImpl>; |
| 207 | 201 |
| 208 // Adds child process during registration. | 202 // Adds child process during registration. |
| 209 void AddChild(int child_id); | 203 void AddChild(int child_id); |
| 210 | 204 |
| 211 // Determines if certain permissions were granted for a file to given child | 205 // Determines if certain permissions were granted for a file to given child |
| 212 // process. |permissions| must be a bitwise-or'd value of | 206 // process. |permissions| must be a bitwise-or'd value of |
| 213 // base::PlatformFileFlags. | 207 // base::PlatformFileFlags. |
| 214 bool ChildProcessHasPermissionsForFile(int child_id, | 208 bool ChildProcessHasPermissionsForFile(int child_id, |
| 215 const base::FilePath& file, | 209 const base::FilePath& file, |
| 216 int permissions); | 210 int permissions); |
| 217 | 211 |
| 212 // Grant a particular permission set for a file. |permissions| is a bit-set |
| 213 // of base::PlatformFileFlags. |
| 214 void GrantPermissionsForFile(int child_id, |
| 215 const base::FilePath& file, |
| 216 int permissions); |
| 217 |
| 218 // Grants access permission to the given isolated file system |
| 219 // identified by |filesystem_id|. See comments for |
| 220 // ChildProcessSecurityPolicy::GrantReadFileSystem() for more details. |
| 221 void GrantPermissionsForFileSystem( |
| 222 int child_id, |
| 223 const std::string& filesystem_id, |
| 224 int permission); |
| 225 |
| 218 // You must acquire this lock before reading or writing any members of this | 226 // You must acquire this lock before reading or writing any members of this |
| 219 // class. You must not block while holding this lock. | 227 // class. You must not block while holding this lock. |
| 220 base::Lock lock_; | 228 base::Lock lock_; |
| 221 | 229 |
| 222 // These schemes are white-listed for all child processes. This set is | 230 // These schemes are white-listed for all child processes. This set is |
| 223 // protected by |lock_|. | 231 // protected by |lock_|. |
| 224 SchemeSet web_safe_schemes_; | 232 SchemeSet web_safe_schemes_; |
| 225 | 233 |
| 226 // These schemes do not actually represent retrievable URLs. For example, | 234 // These schemes do not actually represent retrievable URLs. For example, |
| 227 // the the URLs in the "about" scheme are aliases to other URLs. This set is | 235 // the the URLs in the "about" scheme are aliases to other URLs. This set is |
| (...skipping 11 matching lines...) Expand all Loading... |
| 239 WorkerToMainProcessMap worker_map_; | 247 WorkerToMainProcessMap worker_map_; |
| 240 | 248 |
| 241 FileSystemPermissionPolicyMap file_system_policy_map_; | 249 FileSystemPermissionPolicyMap file_system_policy_map_; |
| 242 | 250 |
| 243 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl); | 251 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl); |
| 244 }; | 252 }; |
| 245 | 253 |
| 246 } // namespace content | 254 } // namespace content |
| 247 | 255 |
| 248 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 256 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 18129002:
Update the child process security policy to use explicit permission grants. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src