content/browser/renderer_host/pepper/pepper_internal_file_ref_backend.cc - Issue 19770009: PepperFileRefHost: Port to use explicit permission grants in ChildProcessSecurityPolicy.

Side by Side Diff: content/browser/renderer_host/pepper/pepper_internal_file_ref_backend.cc

Issue 19770009: PepperFileRefHost: Port to use explicit permission grants in ChildProcessSecurityPolicy. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@0044-write-support-remove-child-process-security-policy-bitmask-usage

Patch Set: address kinuko comment. Created 7 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« content/browser/renderer_host/pepper/pepper_external_file_ref_backend.cc ('K') | « content/browser/renderer_host/pepper/pepper_internal_file_ref_backend.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/browser/renderer_host/pepper/pepper_internal_file_ref_backend. h"	5 #include "content/browser/renderer_host/pepper/pepper_internal_file_ref_backend. h"

6	6

7 #include <string>	7 #include <string>

8	8

9 #include "base/callback.h"	9 #include "base/callback.h"

10 #include "base/file_util.h"	10 #include "base/file_util.h"

11 #include "base/files/file_util_proxy.h"	11 #include "base/files/file_util_proxy.h"

	12 #include "content/browser/child_process_security_policy_impl.h"

12 #include "content/browser/fileapi/browser_file_system_helper.h"	13 #include "content/browser/fileapi/browser_file_system_helper.h"

13 #include "content/browser/renderer_host/pepper/pepper_file_system_browser_host.h "	14 #include "content/browser/renderer_host/pepper/pepper_file_system_browser_host.h "

14 #include "content/public/browser/browser_context.h"	15 #include "content/public/browser/browser_context.h"

15 #include "content/public/browser/browser_thread.h"	16 #include "content/public/browser/browser_thread.h"

16 #include "content/public/browser/render_process_host.h"	17 #include "content/public/browser/render_process_host.h"

17 #include "content/public/browser/storage_partition.h"	18 #include "content/public/browser/storage_partition.h"

18 #include "net/base/escape.h"	19 #include "net/base/escape.h"

19 #include "ppapi/c/pp_errors.h"	20 #include "ppapi/c/pp_errors.h"

20 #include "ppapi/c/pp_file_info.h"	21 #include "ppapi/c/pp_file_info.h"

21 #include "ppapi/c/pp_instance.h"	22 #include "ppapi/c/pp_instance.h"

(...skipping 227 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
249 PpapiPluginMsg_FileRef_ReadDirectoryEntriesReply(infos, file_types));	250 PpapiPluginMsg_FileRef_ReadDirectoryEntriesReply(infos, file_types));

250 }	251 }

251	252

252 int32_t PepperInternalFileRefBackend::GetAbsolutePath(	253 int32_t PepperInternalFileRefBackend::GetAbsolutePath(

253 ppapi::host::ReplyMessageContext reply_context) {	254 ppapi::host::ReplyMessageContext reply_context) {

254 host_->SendReply(reply_context,	255 host_->SendReply(reply_context,

255 PpapiPluginMsg_FileRef_GetAbsolutePathReply(path_));	256 PpapiPluginMsg_FileRef_GetAbsolutePathReply(path_));

256 return PP_OK_COMPLETIONPENDING;	257 return PP_OK_COMPLETIONPENDING;

257 }	258 }

258	259

259 int32_t PepperInternalFileRefBackend::HasPermissions(int permissions) const {	260 int32_t PepperInternalFileRefBackend::CanRead() const {

260 base::PlatformFileError error;	261 fileapi::FileSystemURL url = GetFileSystemURL();

261 CheckFileSystemPermissionsForProcess(GetFileSystemContext().get(),	262 if (!FileSystemURLIsValid(GetFileSystemContext().get(), url))

262 render_process_id_,	263 return PP_ERROR_FAILED;
	dmichael (off chromium) 2013/07/24 17:27:44 teravest: Do you know what we would do in the case teravest: Do you know what we would do in the case of a bad FileSystemURL today? I just want to make sure we're doing the same thing. I'm guessing this doesn't really happen in practice anyway. teravest 2013/07/24 17:51:21 I'll look into this; the old code would just pass Show quoted text On 2013/07/24 17:27:44, dmichael wrote: > teravest: Do you know what we would do in the case of a bad FileSystemURL today? > I just want to make sure we're doing the same thing. I'm guessing this doesn't > really happen in practice anyway. I'll look into this; the old code would just pass the bad URL along to the fileapi layer (as far as I can tell), but I don't see how any operations would succeed when we don't have a sane url. tommycli 2013/07/24 18:05:30 CheckFileSystemPermissionsForProcess would return Show quoted text On 2013/07/24 17:51:21, teravest wrote: > On 2013/07/24 17:27:44, dmichael wrote: > > teravest: Do you know what we would do in the case of a bad FileSystemURL > today? > > I just want to make sure we're doing the same thing. I'm guessing this doesn't > > really happen in practice anyway. > > I'll look into this; the old code would just pass the bad URL along to the > fileapi layer (as far as I can tell), but I don't see how any operations would > succeed when we don't have a sane url. CheckFileSystemPermissionsForProcess would return a base::PLATFORM_FILE_ERROR_INVALID_URL, which ppapi::PlatformFileErrorToPepperError would convert to PP_ERROR_FAILED. So I think I duplicated the original behavior for invalid URLs. tommycli 2013/07/24 20:53:09 Yeah it's kind of weird. Probably because You have Show quoted text On 2013/07/24 18:05:30, tommycli wrote: > On 2013/07/24 17:51:21, teravest wrote: > > On 2013/07/24 17:27:44, dmichael wrote: > > > teravest: Do you know what we would do in the case of a bad FileSystemURL > > today? > > > I just want to make sure we're doing the same thing. I'm guessing this > doesn't > > > really happen in practice anyway. > > > > I'll look into this; the old code would just pass the bad URL along to the > > fileapi layer (as far as I can tell), but I don't see how any operations would > > succeed when we don't have a sane url. > > CheckFileSystemPermissionsForProcess would return a > base::PLATFORM_FILE_ERROR_INVALID_URL, which > ppapi::PlatformFileErrorToPepperError would convert to PP_ERROR_FAILED. So I > think I duplicated the original behavior for invalid URLs. Yeah it's kind of weird. Probably because You have a PepperFileRefHost that calls into a backend that implements CanRead* etc. via virtual functions - and Only PepperInternalFileRefBackend does the URL validation. Agreed though - not 100% happy with design... more like 70% happy.
263 GetFileSystemURL(),	264 if (!ChildProcessSecurityPolicyImpl::GetInstance()->

264 permissions,	265 CanReadFileSystemFile(render_process_id_, url)) {

265 &error);	266 return PP_ERROR_NOACCESS;

266 return ppapi::PlatformFileErrorToPepperError(error);	267 }

	268 return PP_OK;

	269 }

	270

	271 int32_t PepperInternalFileRefBackend::CanWrite() const {

	272 fileapi::FileSystemURL url = GetFileSystemURL();

	273 if (!FileSystemURLIsValid(GetFileSystemContext().get(), url))

	274 return PP_ERROR_FAILED;

	275 if (!ChildProcessSecurityPolicyImpl::GetInstance()->

	276 CanWriteFileSystemFile(render_process_id_, url)) {

	277 return PP_ERROR_NOACCESS;

	278 }

	279 return PP_OK;

	280 }

	281

	282 int32_t PepperInternalFileRefBackend::CanCreate() const {

	283 fileapi::FileSystemURL url = GetFileSystemURL();

	284 if (!FileSystemURLIsValid(GetFileSystemContext().get(), url))

	285 return PP_ERROR_FAILED;

	286 if (!ChildProcessSecurityPolicyImpl::GetInstance()->

	287 CanCreateFileSystemFile(render_process_id_, url)) {

	288 return PP_ERROR_NOACCESS;

	289 }

	290 return PP_OK;

	291 }

	292

	293 int32_t PepperInternalFileRefBackend::CanReadWrite() const {

	294 fileapi::FileSystemURL url = GetFileSystemURL();

	295 if (!FileSystemURLIsValid(GetFileSystemContext().get(), url))

	296 return PP_ERROR_FAILED;

	297 ChildProcessSecurityPolicyImpl* policy =

	298 ChildProcessSecurityPolicyImpl::GetInstance();

	299 if (!policy->CanReadFileSystemFile(render_process_id_, url) \|\|

	300 !policy->CanWriteFileSystemFile(render_process_id_, url)) {

	301 return PP_ERROR_NOACCESS;

	302 }

	303 return PP_OK;

267 }	304 }

268	305

269 } // namespace content	306 } // namespace content

OLD	NEW