Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(715)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/child_process_security_policy_impl.h

Issue 18129002: Update the child process security policy to use explicit permission grants. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase to head Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/sessions/session_restore.cc ('k') | content/browser/child_process_security_policy_impl.cc » ('j') | content/browser/renderer_host/render_view_host_impl.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/child_process_security_policy_impl.h
diff --git a/content/browser/child_process_security_policy_impl.h b/content/browser/child_process_security_policy_impl.h
index 9d58e322371b5044f47a0142a2910b07c289e9fe..41de6b783d56a49750b4dd78da16f8147c925302 100644
--- a/content/browser/child_process_security_policy_impl.h
+++ b/content/browser/child_process_security_policy_impl.h
@@ -42,10 +42,11 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
// ChildProcessSecurityPolicy implementation.
virtual void RegisterWebSafeScheme(const std::string& scheme) OVERRIDE;
virtual bool IsWebSafeScheme(const std::string& scheme) OVERRIDE;
- virtual void GrantPermissionsForFile(int child_id,
- const base::FilePath& file,
- int permissions) OVERRIDE;
virtual void GrantReadFile(int child_id, const base::FilePath& file) OVERRIDE;
+ virtual void GrantReadWriteFile(int child_id,
+ const base::FilePath& file) OVERRIDE;
+ virtual void GrantCreateWriteFile(int child_id,
+ const base::FilePath& file) OVERRIDE;
virtual void GrantReadFileSystem(
int child_id,
const std::string& filesystem_id) OVERRIDE;
@@ -167,14 +168,6 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
// --site-per-process flags are used.
void LockToOrigin(int child_id, const GURL& gurl);
- // Grants access permission to the given isolated file system
- // identified by |filesystem_id|. See comments for
- // ChildProcessSecurityPolicy::GrantReadFileSystem() for more details.
- void GrantPermissionsForFileSystem(
- int child_id,
- const std::string& filesystem_id,
- int permission);
-
// Determines if certain permissions were granted for a file fystem.
// |permissions| must be a bitwise-or'd value of base::PlatformFileFlags.
bool HasPermissionsForFileSystem(
@@ -191,6 +184,7 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
private:
friend class ChildProcessSecurityPolicyInProcessBrowserTest;
+ friend class ChildProcessSecurityPolicyTest;
FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyInProcessBrowserTest,
NoLeak);
@@ -215,6 +209,20 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
const base::FilePath& file,
int permissions);
+ // Grant a particular permission set for a file. |permissions| is a bit-set
+ // of base::PlatformFileFlags.
+ void GrantPermissionsForFile(int child_id,
+ const base::FilePath& file,
+ int permissions);
+
+ // Grants access permission to the given isolated file system
+ // identified by |filesystem_id|. See comments for
+ // ChildProcessSecurityPolicy::GrantReadFileSystem() for more details.
+ void GrantPermissionsForFileSystem(
+ int child_id,
+ const std::string& filesystem_id,
+ int permission);
+
// You must acquire this lock before reading or writing any members of this
// class. You must not block while holding this lock.
base::Lock lock_;
« no previous file with comments | « chrome/browser/sessions/session_restore.cc ('k') | content/browser/child_process_security_policy_impl.cc » ('j') | content/browser/renderer_host/render_view_host_impl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698