Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(144)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/public/browser/child_process_security_policy.h

Issue 19723010: Pepper Message Filters: Port to use explicit permission grants in ChildProcessSecurityPolicy. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@0044-write-support-remove-child-process-security-policy-bitmask-usage
Patch Set: Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/content_browser.gypi ('k') | content/renderer/pepper/pepper_file_io_host.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
59 // permissions perform these functions on |file|. 59 // permissions perform these functions on |file|.
60 60
61 // Before servicing a child process's request to upload a file to the web, the 61 // Before servicing a child process's request to upload a file to the web, the
62 // browser should call this method to determine whether the process has the 62 // browser should call this method to determine whether the process has the
63 // capability to upload the requested file. 63 // capability to upload the requested file.
64 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0; 64 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0;
65 virtual bool CanWriteFile(int child_id, const base::FilePath& file) = 0; 65 virtual bool CanWriteFile(int child_id, const base::FilePath& file) = 0;
66 virtual bool CanCreateFile(int child_id, const base::FilePath& file) = 0; 66 virtual bool CanCreateFile(int child_id, const base::FilePath& file) = 0;
67 virtual bool CanCreateWriteFile(int child_id, const base::FilePath& file) = 0; 67 virtual bool CanCreateWriteFile(int child_id, const base::FilePath& file) = 0;
68 68
69 // Special support for Pepper plugin open file requests. Translates the
70 // Pepper open flags to the specific grants supported by the policy.
71 bool HasPermissionsForPepperMode(int child_id, const base::FilePath& file,
jam 2013/07/22 23:46:41 nit: since this is used only by content, put it on
tommycli 2013/07/23 22:21:35 Whoops this was just leftover. This has been put i
72 int pp_open_flags);
73
69 // Grants read access permission to the given isolated file system 74 // Grants read access permission to the given isolated file system
70 // identified by |filesystem_id|. An isolated file system can be 75 // identified by |filesystem_id|. An isolated file system can be
71 // created for a set of native files/directories (like dropped files) 76 // created for a set of native files/directories (like dropped files)
72 // using fileapi::IsolatedContext. A child process needs to be granted 77 // using fileapi::IsolatedContext. A child process needs to be granted
73 // permission to the file system to access the files in it using 78 // permission to the file system to access the files in it using
74 // file system URL. 79 // file system URL.
75 // 80 //
76 // Note: to grant read access to the content of files you also need 81 // Note: to grant read access to the content of files you also need
77 // to give permission directly to the file paths using GrantReadFile. 82 // to give permission directly to the file paths using GrantReadFile.
78 // TODO(kinuko): We should unify this file-level and file-system-level 83 // TODO(kinuko): We should unify this file-level and file-system-level
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
117 122
118 // Returns true iff read and write access has been granted to the filesystem 123 // Returns true iff read and write access has been granted to the filesystem
119 // with |filesystem_id|. 124 // with |filesystem_id|.
120 virtual bool CanReadWriteFileSystem(int child_id, 125 virtual bool CanReadWriteFileSystem(int child_id,
121 const std::string& filesystem_id) = 0; 126 const std::string& filesystem_id) = 0;
122 }; 127 };
123 128
124 }; // namespace content 129 }; // namespace content
125 130
126 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 131 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
OLDNEW
« no previous file with comments | « content/content_browser.gypi ('k') | content/renderer/pepper/pepper_file_io_host.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698