content/browser/renderer_host/pepper/pepper_security_helper.cc - Issue 19723010: Pepper Message Filters: Port to use explicit permission grants in ChildProcessSecurityPolicy.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/browser/renderer_host/pepper/pepper_security_helper.cc

Issue 19723010: Pepper Message Filters: Port to use explicit permission grants in ChildProcessSecurityPolicy. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@0044-write-support-remove-child-process-security-policy-bitmask-usage

Patch Set: Created 7 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « content/browser/renderer_host/pepper/pepper_security_helper.h ('k') | content/browser/renderer_host/render_message_filter.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/browser/renderer_host/pepper/pepper_security_helper.cc

diff --git a/content/browser/renderer_host/pepper/pepper_security_helper.cc b/content/browser/renderer_host/pepper/pepper_security_helper.cc

new file mode 100644

index 0000000000000000000000000000000000000000..9d7c8737f89de00e20f3d4fdc8bfd31ac040dd2d

--- /dev/null

+++ b/content/browser/renderer_host/pepper/pepper_security_helper.cc

@@ -0,0 +1,53 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "content/browser/renderer_host/pepper/pepper_security_helper.h"

+#include "base/logging.h"

+#include "ppapi/c/ppb_file_io.h"

+namespace content {

+bool CanOpenWithPepperFlags(int pp_open_flags, int child_id,

tommycli 2013/07/23 22:21:35 security: Needs some scrutiny. See ppapi/shared_im

+ const base::FilePath& file) {

+ ChildProcessSecurityPolicyImpl* policy =

+ ChildProcessSecurityPolicyImpl::GetInstance();

+ bool pp_read = !!(pp_open_flags & PP_FILEOPENFLAG_READ);

+ bool pp_write = !!(pp_open_flags & PP_FILEOPENFLAG_WRITE);

+ bool pp_create = !!(pp_open_flags & PP_FILEOPENFLAG_CREATE);

+ bool pp_truncate = !!(pp_open_flags & PP_FILEOPENFLAG_TRUNCATE);

+ bool pp_exclusive = !!(pp_open_flags & PP_FILEOPENFLAG_EXCLUSIVE);

+ bool pp_append = !!(pp_open_flags & PP_FILEOPENFLAG_APPEND);

+ if (pp_read && !policy->CanReadFile(child_id, file))

+ return false;

+ if (pp_write && !policy->CanWriteFile(child_id, file))

+ return false;

+ if (pp_append) {

+ // Given ChildSecurityPolicyImpl's current definition of permissions,

+ // APPEND is never supported.

+ return false;

+ }

+ if (pp_truncate && !pp_write)

+ return false;

+ if (pp_create) {

+ if (pp_exclusive) {

+ return policy->CanCreateFile(child_id, file);

+ } else {

+ // Asks for a bit too much, but is the o

+ return policy->CanCreateWriteFile(child_id, file);

+ }

+ } else if (pp_truncate) {

+ return policy->CanCreateWriteFile(child_id, file);

+ }

+ return true;

+} // namespace content