| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <set> | 5 #include <set> |
| 6 #include <string> | 6 #include <string> |
| 7 | 7 |
| 8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
| 10 #include "base/platform_file.h" | 10 #include "base/platform_file.h" |
| 11 #include "content/browser/child_process_security_policy_impl.h" | 11 #include "content/browser/child_process_security_policy_impl.h" |
| 12 #include "content/public/common/url_constants.h" | 12 #include "content/public/common/url_constants.h" |
| 13 #include "content/test/test_content_browser_client.h" | 13 #include "content/test/test_content_browser_client.h" |
| 14 #include "testing/gtest/include/gtest/gtest.h" | 14 #include "testing/gtest/include/gtest/gtest.h" |
| 15 #include "url/gurl.h" | 15 #include "url/gurl.h" |
| 16 #include "webkit/browser/fileapi/file_permission_policy.h" |
| 17 #include "webkit/browser/fileapi/file_system_url.h" |
| 18 #include "webkit/common/fileapi/file_system_types.h" |
| 16 | 19 |
| 17 namespace content { | 20 namespace content { |
| 18 namespace { | 21 namespace { |
| 19 | 22 |
| 20 const int kRendererID = 42; | 23 const int kRendererID = 42; |
| 21 const int kWorkerRendererID = kRendererID + 1; | 24 const int kWorkerRendererID = kRendererID + 1; |
| 22 | 25 |
| 23 #if defined(FILE_PATH_USES_DRIVE_LETTERS) | 26 #if defined(FILE_PATH_USES_DRIVE_LETTERS) |
| 24 #define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x) | 27 #define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x) |
| 25 #else | 28 #else |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 83 const base::FilePath& file, | 86 const base::FilePath& file, |
| 84 int permissions) { | 87 int permissions) { |
| 85 p->GrantPermissionsForFile(child_id, file, permissions); | 88 p->GrantPermissionsForFile(child_id, file, permissions); |
| 86 } | 89 } |
| 87 | 90 |
| 88 private: | 91 private: |
| 89 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_; | 92 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_; |
| 90 ContentBrowserClient* old_browser_client_; | 93 ContentBrowserClient* old_browser_client_; |
| 91 }; | 94 }; |
| 92 | 95 |
| 96 class PermissionsSet { |
| 97 public: |
| 98 PermissionsSet() |
| 99 : can_read(false), |
| 100 can_write(false), |
| 101 can_create(false), |
| 102 can_create_read_write(false) { |
| 103 } |
| 104 |
| 105 PermissionsSet& EnableRead() { |
| 106 can_read = true; |
| 107 return *this; |
| 108 } |
| 109 |
| 110 PermissionsSet& EnableWrite() { |
| 111 can_write = true; |
| 112 return *this; |
| 113 } |
| 114 |
| 115 PermissionsSet& EnableCreate() { |
| 116 can_create = true; |
| 117 return *this; |
| 118 } |
| 119 |
| 120 PermissionsSet& EnableCreateReadWrite() { |
| 121 can_create_read_write = true; |
| 122 return *this; |
| 123 } |
| 124 |
| 125 bool operator==(const PermissionsSet& o) const { |
| 126 return can_read == o.can_read && |
| 127 can_write == o.can_write && |
| 128 can_create == o.can_create && |
| 129 can_create_read_write == o.can_create_read_write; |
| 130 } |
| 131 |
| 132 private: |
| 133 bool can_read; |
| 134 bool can_write; |
| 135 bool can_create; |
| 136 bool can_create_read_write; |
| 137 }; |
| 138 |
| 139 PermissionsSet GetAllPermissions(ChildProcessSecurityPolicyImpl* p, |
| 140 int child_id, const base::FilePath& file) { |
| 141 PermissionsSet permissions; |
| 142 |
| 143 if (p->CanReadFile(child_id, file)) |
| 144 permissions.EnableRead(); |
| 145 if (p->CanWriteFile(child_id, file)) |
| 146 permissions.EnableWrite(); |
| 147 if (p->CanCreateFile(child_id, file)) |
| 148 permissions.EnableCreate(); |
| 149 if (p->CanCreateReadWriteFile(child_id, file)) |
| 150 permissions.EnableCreateReadWrite(); |
| 151 |
| 152 return permissions; |
| 153 } |
| 154 |
| 155 PermissionsSet GetAllPermissionsForURL( |
| 156 ChildProcessSecurityPolicyImpl* p, |
| 157 int child_id, |
| 158 const fileapi::FileSystemURL& url) { |
| 159 PermissionsSet permissions; |
| 160 |
| 161 if (p->CanReadFileSystemFile(child_id, url)) |
| 162 permissions.EnableRead(); |
| 163 if (p->CanWriteFileSystemFile(child_id, url)) |
| 164 permissions.EnableWrite(); |
| 165 if (p->CanCreateFileSystemFile(child_id, url)) |
| 166 permissions.EnableCreate(); |
| 167 if (p->CanCreateReadWriteFileSystemFile(child_id, url)) |
| 168 permissions.EnableCreateReadWrite(); |
| 169 |
| 170 return permissions; |
| 171 } |
| 172 |
| 93 TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) { | 173 TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) { |
| 94 ChildProcessSecurityPolicyImpl* p = | 174 ChildProcessSecurityPolicyImpl* p = |
| 95 ChildProcessSecurityPolicyImpl::GetInstance(); | 175 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 96 | 176 |
| 97 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpScheme)); | 177 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpScheme)); |
| 98 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpsScheme)); | 178 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpsScheme)); |
| 99 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFtpScheme)); | 179 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFtpScheme)); |
| 100 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme)); | 180 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme)); |
| 101 EXPECT_TRUE(p->IsWebSafeScheme("feed")); | 181 EXPECT_TRUE(p->IsWebSafeScheme("feed")); |
| 102 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme)); | 182 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme)); |
| (...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 271 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); | 351 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); |
| 272 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); | 352 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); |
| 273 | 353 |
| 274 p->GrantRequestURL(kRendererID, icon_url); | 354 p->GrantRequestURL(kRendererID, icon_url); |
| 275 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); | 355 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); |
| 276 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); | 356 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); |
| 277 | 357 |
| 278 p->Remove(kRendererID); | 358 p->Remove(kRendererID); |
| 279 } | 359 } |
| 280 | 360 |
| 281 TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) { | 361 TEST_F(ChildProcessSecurityPolicyTest, PermissionGrantingAndRevoking) { |
| 282 ChildProcessSecurityPolicyImpl* p = | 362 ChildProcessSecurityPolicyImpl* p = |
| 283 ChildProcessSecurityPolicyImpl::GetInstance(); | 363 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 284 | 364 |
| 365 p->RegisterFileSystemPermissionPolicy( |
| 366 fileapi::kFileSystemTypeTest, |
| 367 fileapi::FILE_PERMISSION_USE_FILE_PERMISSION); |
| 368 |
| 285 p->Add(kRendererID); | 369 p->Add(kRendererID); |
| 370 base::FilePath file(TEST_PATH("/dir/testfile")); |
| 371 fileapi::FileSystemURL url = fileapi::FileSystemURL::CreateForTest( |
| 372 GURL("http://foo/"), fileapi::kFileSystemTypeTest, file); |
| 286 | 373 |
| 287 EXPECT_FALSE(p->CanReadFile(kRendererID, | 374 PermissionsSet all_denied; |
| 288 base::FilePath(TEST_PATH("/etc/passwd")))); | |
| 289 p->GrantReadFile(kRendererID, base::FilePath(TEST_PATH("/etc/passwd"))); | |
| 290 EXPECT_TRUE(p->CanReadFile(kRendererID, | |
| 291 base::FilePath(TEST_PATH("/etc/passwd")))); | |
| 292 EXPECT_FALSE(p->CanReadFile(kRendererID, | |
| 293 base::FilePath(TEST_PATH("/etc/shadow")))); | |
| 294 | 375 |
| 376 // Test initially having no permissions. |
| 377 EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file)); |
| 378 EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url)); |
| 379 |
| 380 // Testing every combination of permissions granting and revoking. |
| 381 PermissionsSet read_only; |
| 382 read_only.EnableRead(); |
| 383 p->GrantReadFile(kRendererID, file); |
| 384 EXPECT_EQ(read_only, GetAllPermissions(p, kRendererID, file)); |
| 385 EXPECT_EQ(read_only, GetAllPermissionsForURL(p, kRendererID, url)); |
| 386 p->RevokeAllPermissionsForFile(kRendererID, file); |
| 387 EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file)); |
| 388 EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url)); |
| 389 |
| 390 PermissionsSet create_read_write; |
| 391 create_read_write.EnableRead().EnableWrite().EnableCreate() |
| 392 .EnableCreateReadWrite(); |
| 393 p->GrantCreateReadWriteFile(kRendererID, file); |
| 394 EXPECT_EQ(create_read_write, GetAllPermissions(p, kRendererID, file)); |
| 395 EXPECT_EQ(create_read_write, GetAllPermissionsForURL(p, kRendererID, url)); |
| 396 p->RevokeAllPermissionsForFile(kRendererID, file); |
| 397 EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file)); |
| 398 EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url)); |
| 399 |
| 400 PermissionsSet create_write; |
| 401 create_write.EnableCreate().EnableWrite(); |
| 402 p->GrantCreateWriteFile(kRendererID, file); |
| 403 EXPECT_EQ(create_write, GetAllPermissions(p, kRendererID, file)); |
| 404 EXPECT_EQ(create_write, GetAllPermissionsForURL(p, kRendererID, url)); |
| 405 p->RevokeAllPermissionsForFile(kRendererID, file); |
| 406 EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file)); |
| 407 EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url)); |
| 408 |
| 409 // Test revoke permissions on renderer ID removal. |
| 410 p->GrantCreateReadWriteFile(kRendererID, file); |
| 411 EXPECT_EQ(create_read_write, GetAllPermissions(p, kRendererID, file)); |
| 412 EXPECT_EQ(create_read_write, GetAllPermissionsForURL(p, kRendererID, url)); |
| 295 p->Remove(kRendererID); | 413 p->Remove(kRendererID); |
| 414 EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file)); |
| 415 EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url)); |
| 416 |
| 417 // Test having no permissions upon re-adding same renderer ID. |
| 296 p->Add(kRendererID); | 418 p->Add(kRendererID); |
| 419 EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file)); |
| 420 EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url)); |
| 297 | 421 |
| 298 EXPECT_FALSE(p->CanReadFile(kRendererID, | 422 // Cleanup. |
| 299 base::FilePath(TEST_PATH("/etc/passwd")))); | |
| 300 EXPECT_FALSE(p->CanReadFile(kRendererID, | |
| 301 base::FilePath(TEST_PATH("/etc/shadow")))); | |
| 302 | |
| 303 p->Remove(kRendererID); | 423 p->Remove(kRendererID); |
| 304 } | 424 } |
| 305 | 425 |
| 306 TEST_F(ChildProcessSecurityPolicyTest, CanReadDirectories) { | 426 TEST_F(ChildProcessSecurityPolicyTest, CanReadDirectories) { |
| 307 ChildProcessSecurityPolicyImpl* p = | 427 ChildProcessSecurityPolicyImpl* p = |
| 308 ChildProcessSecurityPolicyImpl::GetInstance(); | 428 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 309 | 429 |
| 310 p->Add(kRendererID); | 430 p->Add(kRendererID); |
| 311 | 431 |
| 312 EXPECT_FALSE(p->CanReadDirectory(kRendererID, | 432 EXPECT_FALSE(p->CanReadDirectory(kRendererID, |
| (...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 528 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 648 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
| 529 // prepared to answer policy questions about renderers who no longer exist. | 649 // prepared to answer policy questions about renderers who no longer exist. |
| 530 | 650 |
| 531 // In this case, we default to secure behavior. | 651 // In this case, we default to secure behavior. |
| 532 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 652 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| 533 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 653 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
| 534 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 654 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
| 535 } | 655 } |
| 536 | 656 |
| 537 } // namespace content | 657 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 19599006:
ChildProcessSecurityPolicy: Deprecate bitmask-based permissions checks for files. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master