content/browser/child_process_security_policy_impl.cc - Issue 19599006: ChildProcessSecurityPolicy: Deprecate bitmask-based permissions checks for files.

Side by Side Diff: content/browser/child_process_security_policy_impl.cc

Issue 19599006: ChildProcessSecurityPolicy: Deprecate bitmask-based permissions checks for files. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: address vandebo comments Created 7 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « content/browser/child_process_security_policy_impl.h ('k') | content/browser/child_process_security_policy_unittest.cc » ('j') | content/browser/child_process_security_policy_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/child_process_security_policy_impl.h"	5 #include "content/browser/child_process_security_policy_impl.h"

6	6

7 #include "base/command_line.h"	7 #include "base/command_line.h"

8 #include "base/files/file_path.h"	8 #include "base/files/file_path.h"

9 #include "base/logging.h"	9 #include "base/logging.h"

10 #include "base/metrics/histogram.h"	10 #include "base/metrics/histogram.h"

(...skipping 31 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
42 base::PLATFORM_FILE_ASYNC \|	42 base::PLATFORM_FILE_ASYNC \|

43 base::PLATFORM_FILE_WRITE_ATTRIBUTES;	43 base::PLATFORM_FILE_WRITE_ATTRIBUTES;

44	44

45 const int kCreateFilePermissions =	45 const int kCreateFilePermissions =

46 base::PLATFORM_FILE_CREATE;	46 base::PLATFORM_FILE_CREATE;

47	47

48 const int kEnumerateDirectoryPermissions =	48 const int kEnumerateDirectoryPermissions =

49 kReadFilePermissions \|	49 kReadFilePermissions \|

50 base::PLATFORM_FILE_ENUMERATE;	50 base::PLATFORM_FILE_ENUMERATE;

51	51

52 const int kReadWriteFilePermissions =	52 const int kCreateReadWriteFilePermissions =

53 base::PLATFORM_FILE_OPEN \|	53 base::PLATFORM_FILE_OPEN \|

54 base::PLATFORM_FILE_CREATE \|	54 base::PLATFORM_FILE_CREATE \|

55 base::PLATFORM_FILE_OPEN_ALWAYS \|	55 base::PLATFORM_FILE_OPEN_ALWAYS \|

56 base::PLATFORM_FILE_CREATE_ALWAYS \|	56 base::PLATFORM_FILE_CREATE_ALWAYS \|

57 base::PLATFORM_FILE_OPEN_TRUNCATED \|	57 base::PLATFORM_FILE_OPEN_TRUNCATED \|

58 base::PLATFORM_FILE_READ \|	58 base::PLATFORM_FILE_READ \|

59 base::PLATFORM_FILE_WRITE \|	59 base::PLATFORM_FILE_WRITE \|

60 base::PLATFORM_FILE_EXCLUSIVE_READ \|	60 base::PLATFORM_FILE_EXCLUSIVE_READ \|

61 base::PLATFORM_FILE_EXCLUSIVE_WRITE \|	61 base::PLATFORM_FILE_EXCLUSIVE_WRITE \|

62 base::PLATFORM_FILE_ASYNC \|	62 base::PLATFORM_FILE_ASYNC \|

63 base::PLATFORM_FILE_WRITE_ATTRIBUTES;	63 base::PLATFORM_FILE_WRITE_ATTRIBUTES;

64	64

65 const int kCreateWriteFilePermissions =	65 const int kCreateWriteFilePermissions =
	tommycli 2013/07/17 22:31:11 Here I added EXCLUSIVE_WRITE to the list. Otherwis Here I added EXCLUSIVE_WRITE to the list. Otherwise, GrantCreateWrite would not make CanWrite true..., which seems counterintuitive and violated my unit test. Does this seem legit to you? vandebo (ex-Chrome) 2013/07/18 15:16:59 Maybe... Please make sure the the security reviewe Show quoted text On 2013/07/17 22:31:11, tommycli wrote: > Here I added EXCLUSIVE_WRITE to the list. Otherwise, GrantCreateWrite would not > make CanWrite true..., which seems counterintuitive and violated my unit test. > > Does this seem legit to you? Maybe... Please make sure the the security reviewer considers this question.
66 base::PLATFORM_FILE_CREATE \|	66 kCreateFilePermissions \|

67 base::PLATFORM_FILE_CREATE_ALWAYS \|	67 kWriteFilePermissions \|

68 base::PLATFORM_FILE_OPEN \|	68 base::PLATFORM_FILE_CREATE_ALWAYS \|

69 base::PLATFORM_FILE_OPEN_ALWAYS \|	69 base::PLATFORM_FILE_OPEN_ALWAYS \|

70 base::PLATFORM_FILE_OPEN_TRUNCATED \|	70 base::PLATFORM_FILE_OPEN_TRUNCATED;

71 base::PLATFORM_FILE_WRITE \|

72 base::PLATFORM_FILE_WRITE_ATTRIBUTES \|

73 base::PLATFORM_FILE_ASYNC;

74 // need EXCLUSIVE_WRITE in this mix?

75	71

76 } // namespace	72 } // namespace

77	73

78 // The SecurityState class is used to maintain per-child process security state	74 // The SecurityState class is used to maintain per-child process security state

79 // information.	75 // information.

80 class ChildProcessSecurityPolicyImpl::SecurityState {	76 class ChildProcessSecurityPolicyImpl::SecurityState {

81 public:	77 public:

82 SecurityState()	78 SecurityState()

83 : enabled_bindings_(0),	79 : enabled_bindings_(0),

84 can_read_raw_cookies_(false) { }	80 can_read_raw_cookies_(false) { }

(...skipping 342 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
427 }	423 }

428 }	424 }

429	425

430 void ChildProcessSecurityPolicyImpl::GrantReadFile(int child_id,	426 void ChildProcessSecurityPolicyImpl::GrantReadFile(int child_id,

431 const base::FilePath& file) {	427 const base::FilePath& file) {

432 GrantPermissionsForFile(child_id, file, kReadFilePermissions);	428 GrantPermissionsForFile(child_id, file, kReadFilePermissions);

433 }	429 }

434	430

435 void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFile(	431 void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFile(

436 int child_id, const base::FilePath& file) {	432 int child_id, const base::FilePath& file) {

437 GrantPermissionsForFile(child_id, file, kReadWriteFilePermissions);	433 GrantPermissionsForFile(child_id, file, kCreateReadWriteFilePermissions);

438 }	434 }

439	435

440 void ChildProcessSecurityPolicyImpl::GrantCreateWriteFile(	436 void ChildProcessSecurityPolicyImpl::GrantCreateWriteFile(

441 int child_id, const base::FilePath& file) {	437 int child_id, const base::FilePath& file) {

442 GrantPermissionsForFile(child_id, file, kCreateWriteFilePermissions);	438 GrantPermissionsForFile(child_id, file, kCreateWriteFilePermissions);

443 }	439 }

444	440

445 void ChildProcessSecurityPolicyImpl::GrantReadDirectory(	441 void ChildProcessSecurityPolicyImpl::GrantReadDirectory(

446 int child_id, const base::FilePath& directory) {	442 int child_id, const base::FilePath& directory) {

447 GrantPermissionsForFile(child_id, directory, kEnumerateDirectoryPermissions);	443 GrantPermissionsForFile(child_id, directory, kEnumerateDirectoryPermissions);

(...skipping 146 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
594 // allowed to request the URL.	590 // allowed to request the URL.

595 return state->second->CanRequestURL(url);	591 return state->second->CanRequestURL(url);

596 }	592 }

597 }	593 }

598	594

599 bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id,	595 bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id,

600 const base::FilePath& file) {	596 const base::FilePath& file) {

601 return HasPermissionsForFile(child_id, file, kReadFilePermissions);	597 return HasPermissionsForFile(child_id, file, kReadFilePermissions);

602 }	598 }

603	599

	600 bool ChildProcessSecurityPolicyImpl::CanWriteFile(int child_id,

	601 const base::FilePath& file) {

	602 return HasPermissionsForFile(child_id, file, kWriteFilePermissions);

	603 }

	604

	605 bool ChildProcessSecurityPolicyImpl::CanCreateFile(int child_id,

	606 const base::FilePath& file) {

	607 return HasPermissionsForFile(child_id, file, kCreateFilePermissions);

	608 }

	609

	610 bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile(

	611 int child_id,

	612 const base::FilePath& file) {

	613 return HasPermissionsForFile(child_id, file, kCreateReadWriteFilePermissions);

	614 }

	615

604 bool ChildProcessSecurityPolicyImpl::CanReadDirectory(	616 bool ChildProcessSecurityPolicyImpl::CanReadDirectory(

605 int child_id, const base::FilePath& directory) {	617 int child_id, const base::FilePath& directory) {

606 return HasPermissionsForFile(child_id,	618 return HasPermissionsForFile(child_id,

607 directory,	619 directory,

608 kEnumerateDirectoryPermissions);	620 kEnumerateDirectoryPermissions);

609 }	621 }

610	622

611 bool ChildProcessSecurityPolicyImpl::CanReadFileSystem(	623 bool ChildProcessSecurityPolicyImpl::CanReadFileSystem(

612 int child_id, const std::string& filesystem_id) {	624 int child_id, const std::string& filesystem_id) {

613 return HasPermissionsForFileSystem(child_id,	625 return HasPermissionsForFileSystem(child_id,

(...skipping 60 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
674	686

675 if (found->second & fileapi::FILE_PERMISSION_USE_FILE_PERMISSION)	687 if (found->second & fileapi::FILE_PERMISSION_USE_FILE_PERMISSION)

676 return HasPermissionsForFile(child_id, url.path(), permissions);	688 return HasPermissionsForFile(child_id, url.path(), permissions);

677	689

678 if (found->second & fileapi::FILE_PERMISSION_SANDBOX)	690 if (found->second & fileapi::FILE_PERMISSION_SANDBOX)

679 return true;	691 return true;

680	692

681 return false;	693 return false;

682 }	694 }

683	695

	696 bool ChildProcessSecurityPolicyImpl::CanReadFileSystemFile(

	697 int child_id,

	698 const fileapi::FileSystemURL& url) {

	699 return HasPermissionsForFileSystemFile(child_id, url, kReadFilePermissions);

	700 }

	701

	702 bool ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile(

	703 int child_id,

	704 const fileapi::FileSystemURL& url) {

	705 return HasPermissionsForFileSystemFile(child_id, url, kWriteFilePermissions);

	706 }

	707

	708 bool ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile(

	709 int child_id,

	710 const fileapi::FileSystemURL& url) {

	711 return HasPermissionsForFileSystemFile(child_id, url, kCreateFilePermissions);

	712 }

	713

	714 bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile(

	715 int child_id,

	716 const fileapi::FileSystemURL& url) {

	717 return HasPermissionsForFileSystemFile(child_id, url,

	718 kCreateReadWriteFilePermissions);

	719 }

	720

684 bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) {	721 bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) {

685 base::AutoLock lock(lock_);	722 base::AutoLock lock(lock_);

686	723

687 SecurityStateMap::iterator state = security_state_.find(child_id);	724 SecurityStateMap::iterator state = security_state_.find(child_id);

688 if (state == security_state_.end())	725 if (state == security_state_.end())

689 return false;	726 return false;

690	727

691 return state->second->has_web_ui_bindings();	728 return state->second->has_web_ui_bindings();

692 }	729 }

693	730

(...skipping 77 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
771 }	808 }

772	809

773 void ChildProcessSecurityPolicyImpl::RegisterFileSystemPermissionPolicy(	810 void ChildProcessSecurityPolicyImpl::RegisterFileSystemPermissionPolicy(

774 fileapi::FileSystemType type,	811 fileapi::FileSystemType type,

775 int policy) {	812 int policy) {

776 base::AutoLock lock(lock_);	813 base::AutoLock lock(lock_);

777 file_system_policy_map_[type] = policy;	814 file_system_policy_map_[type] = policy;

778 }	815 }

779	816

780 } // namespace content	817 } // namespace content

OLD	NEW