Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(160)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 19599006: ChildProcessSecurityPolicy: Deprecate bitmask-based permissions checks for files. (Closed)

Created:
7 years, 5 months ago by tommycli
Modified:
7 years, 5 months ago
CC:
chromium-reviews, joi+watch-content_chromium.org, darin-cc_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Visibility:
Public.

Description

ChildProcessSecurityPolicy: Deprecate bitmask-based permissions checks for files. HasPermissionsForFile and HasPermissionsForFilesystemFile is currently used as general bitmask-based permissions querying functions for files. This change deprecates those functions and adds some additional explicit grants and grant-checking methods instead. The larger goal is to deprecate all usage of PlatformFile bitmasks in ChildProcessSecurityPolicy in favor of explicitly granted permissions. This is to improve security and allow for a permissions set different than PlatformFile. See https://chromiumcodereview.appspot.com/18129002. Original post by vandebo: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/2cGLolxsOs4/Ga8eF7iEejkJ BUG=262142 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=213262

Patch Set 1 #

Patch Set 2 : Update unit tests to test all grants. #

Patch Set 3 : Add deprecation warning #

Patch Set 4 : make test more readable #

Patch Set 5 : Also add FileSystemURL based methods. #

Total comments: 6

Patch Set 6 : address vandebo comments #

Total comments: 6

Patch Set 7 : #

Total comments: 2

Patch Set 8 : refactored permissions bits #

Patch Set 9 : #

Patch Set 10 : #

Patch Set 11 : change CanCreateReadWrite to CanCreateWrite #

Total comments: 1

Patch Set 12 : #

Total comments: 2

Patch Set 13 : Add comment about some confusing flags. #

Patch Set 14 : make test more obvious #

Patch Set 15 : #

Patch Set 16 : fix test on win #

Unified diffs Side-by-side diffs Delta from patch set Stats (+189 lines, -39 lines) Patch
M content/browser/child_process_security_policy_impl.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 3 chunks +14 lines, -1 line 0 comments Download
M content/browser/child_process_security_policy_impl.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 4 chunks +54 lines, -20 lines 0 comments Download
M content/browser/child_process_security_policy_unittest.cc View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 3 chunks +109 lines, -13 lines 0 comments Download
M content/public/browser/child_process_security_policy.h View 1 2 3 4 5 6 7 8 9 10 11 12 13 14 2 chunks +12 lines, -5 lines 0 comments Download

Messages

Total messages: 25 (0 generated)
tommycli
vandebo: If this seems reasonable, I will start on migrating the PepperFileRefHost classes to use ...
7 years, 5 months ago (2013-07-17 21:44:02 UTC) #1
vandebo (ex-Chrome)
https://chromiumcodereview.appspot.com/19599006/diff/9001/content/browser/child_process_security_policy_impl.cc File content/browser/child_process_security_policy_impl.cc (right): https://chromiumcodereview.appspot.com/19599006/diff/9001/content/browser/child_process_security_policy_impl.cc#newcode435 content/browser/child_process_security_policy_impl.cc:435: void ChildProcessSecurityPolicyImpl::GrantWriteFile( Are these currently used? I thought Greg's ...
7 years, 5 months ago (2013-07-17 21:54:27 UTC) #2
tommycli
https://chromiumcodereview.appspot.com/19599006/diff/9001/content/browser/child_process_security_policy_impl.cc File content/browser/child_process_security_policy_impl.cc (right): https://chromiumcodereview.appspot.com/19599006/diff/9001/content/browser/child_process_security_policy_impl.cc#newcode435 content/browser/child_process_security_policy_impl.cc:435: void ChildProcessSecurityPolicyImpl::GrantWriteFile( On 2013/07/17 21:54:27, vandebo wrote: > Are ...
7 years, 5 months ago (2013-07-17 22:31:10 UTC) #3
vandebo (ex-Chrome)
https://chromiumcodereview.appspot.com/19599006/diff/13001/content/browser/child_process_security_policy_impl.cc File content/browser/child_process_security_policy_impl.cc (right): https://chromiumcodereview.appspot.com/19599006/diff/13001/content/browser/child_process_security_policy_impl.cc#newcode65 content/browser/child_process_security_policy_impl.cc:65: const int kCreateWriteFilePermissions = On 2013/07/17 22:31:11, tommycli wrote: ...
7 years, 5 months ago (2013-07-18 15:16:59 UTC) #4
tommycli
https://codereview.chromium.org/19599006/diff/13001/content/browser/child_process_security_policy_unittest.cc File content/browser/child_process_security_policy_unittest.cc (right): https://codereview.chromium.org/19599006/diff/13001/content/browser/child_process_security_policy_unittest.cc#newcode97 content/browser/child_process_security_policy_unittest.cc:97: PermissionsSet(bool can_read, bool can_write, bool can_create, On 2013/07/18 15:16:59, ...
7 years, 5 months ago (2013-07-18 15:56:47 UTC) #5
vandebo (ex-Chrome)
https://codereview.chromium.org/19599006/diff/18001/content/browser/child_process_security_policy_unittest.cc File content/browser/child_process_security_policy_unittest.cc (right): https://codereview.chromium.org/19599006/diff/18001/content/browser/child_process_security_policy_unittest.cc#newcode121 content/browser/child_process_security_policy_unittest.cc:121: can_create_read_write = true; Should there only be three bools ...
7 years, 5 months ago (2013-07-18 16:15:57 UTC) #6
tommycli
https://codereview.chromium.org/19599006/diff/18001/content/browser/child_process_security_policy_unittest.cc File content/browser/child_process_security_policy_unittest.cc (right): https://codereview.chromium.org/19599006/diff/18001/content/browser/child_process_security_policy_unittest.cc#newcode121 content/browser/child_process_security_policy_unittest.cc:121: can_create_read_write = true; On 2013/07/18 16:15:58, vandebo wrote: > ...
7 years, 5 months ago (2013-07-18 16:23:45 UTC) #7
Tom Sepez
Can we get the changes to the callers of these methods added to the CL? ...
7 years, 5 months ago (2013-07-19 18:17:24 UTC) #8
tommycli
On 2013/07/19 18:17:24, Tom Sepez wrote: > Can we get the changes to the callers ...
7 years, 5 months ago (2013-07-19 18:24:36 UTC) #9
jam
why not remove the deprecated methods in this change? They're only on the Impl object, ...
7 years, 5 months ago (2013-07-22 16:21:10 UTC) #10
tommycli
On 2013/07/22 16:21:10, jam wrote: > why not remove the deprecated methods in this change? ...
7 years, 5 months ago (2013-07-22 16:33:54 UTC) #11
tommycli
vandebo/tsepez: May I have a review on this please? I'm comfortable with the set of ...
7 years, 5 months ago (2013-07-22 19:39:24 UTC) #12
Tom Sepez
lgtm
7 years, 5 months ago (2013-07-22 19:44:38 UTC) #13
tommycli
jam: May I have an OWNER review on content/public/browser/child_process_security_policy.h ?
7 years, 5 months ago (2013-07-22 20:12:38 UTC) #14
vandebo (ex-Chrome)
https://codereview.chromium.org/19599006/diff/39001/content/browser/child_process_security_policy_unittest.cc File content/browser/child_process_security_policy_unittest.cc (right): https://codereview.chromium.org/19599006/diff/39001/content/browser/child_process_security_policy_unittest.cc#newcode99 content/browser/child_process_security_policy_unittest.cc:99: : can_read(false), I find this class strange because the ...
7 years, 5 months ago (2013-07-22 21:33:40 UTC) #15
jam
lgtm
7 years, 5 months ago (2013-07-22 23:47:58 UTC) #16
tommycli
https://codereview.chromium.org/19599006/diff/39001/content/browser/child_process_security_policy_unittest.cc File content/browser/child_process_security_policy_unittest.cc (right): https://codereview.chromium.org/19599006/diff/39001/content/browser/child_process_security_policy_unittest.cc#newcode99 content/browser/child_process_security_policy_unittest.cc:99: : can_read(false), On 2013/07/22 21:33:41, vandebo wrote: > I ...
7 years, 5 months ago (2013-07-23 15:30:22 UTC) #17
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tommycli@chromium.org/19599006/49001
7 years, 5 months ago (2013-07-23 15:55:24 UTC) #18
commit-bot: I haz the power
Retried try job too often on win7_aura for step(s) content_unittests http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=win7_aura&number=62375
7 years, 5 months ago (2013-07-23 18:14:57 UTC) #19
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tommycli@chromium.org/19599006/77001
7 years, 5 months ago (2013-07-23 18:57:11 UTC) #20
commit-bot: I haz the power
Step "update" is always a major failure. Look at the try server FAQ for more ...
7 years, 5 months ago (2013-07-23 19:19:25 UTC) #21
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tommycli@chromium.org/19599006/77001
7 years, 5 months ago (2013-07-23 20:02:40 UTC) #22
commit-bot: I haz the power
Commit queue rejected this change because the description was changed between the time the change ...
7 years, 5 months ago (2013-07-23 23:03:08 UTC) #23
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/tommycli@chromium.org/19599006/77001
7 years, 5 months ago (2013-07-23 23:08:17 UTC) #24
commit-bot: I haz the power
7 years, 5 months ago (2013-07-23 23:18:24 UTC) #25
Message was sent while issue was closed. 
Change committed as 213262

Powered by Google App Engine
This is Rietveld 408576698