Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(17)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/renderer_host/pepper/pepper_internal_file_ref_backend.cc

Issue 19770009: PepperFileRefHost: Port to use explicit permission grants in ChildProcessSecurityPolicy. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@0044-write-support-remove-child-process-security-policy-bitmask-usage
Patch Set: merge Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/renderer_host/pepper/pepper_internal_file_ref_backend.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/renderer_host/pepper/pepper_internal_file_ref_backend. h" 5 #include "content/browser/renderer_host/pepper/pepper_internal_file_ref_backend. h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/callback.h" 9 #include "base/callback.h"
10 #include "base/file_util.h" 10 #include "base/file_util.h"
11 #include "base/files/file_util_proxy.h" 11 #include "base/files/file_util_proxy.h"
12 #include "content/browser/child_process_security_policy_impl.h"
12 #include "content/browser/fileapi/browser_file_system_helper.h" 13 #include "content/browser/fileapi/browser_file_system_helper.h"
13 #include "content/browser/renderer_host/pepper/pepper_file_system_browser_host.h " 14 #include "content/browser/renderer_host/pepper/pepper_file_system_browser_host.h "
14 #include "content/public/browser/browser_context.h" 15 #include "content/public/browser/browser_context.h"
15 #include "content/public/browser/browser_thread.h" 16 #include "content/public/browser/browser_thread.h"
16 #include "content/public/browser/render_process_host.h" 17 #include "content/public/browser/render_process_host.h"
17 #include "content/public/browser/storage_partition.h" 18 #include "content/public/browser/storage_partition.h"
18 #include "net/base/escape.h" 19 #include "net/base/escape.h"
19 #include "ppapi/c/pp_errors.h" 20 #include "ppapi/c/pp_errors.h"
20 #include "ppapi/c/pp_file_info.h" 21 #include "ppapi/c/pp_file_info.h"
21 #include "ppapi/c/pp_instance.h" 22 #include "ppapi/c/pp_instance.h"
(...skipping 227 matching lines...) Expand 10 before | Expand all | Expand 10 after
249 PpapiPluginMsg_FileRef_ReadDirectoryEntriesReply(infos, file_types)); 250 PpapiPluginMsg_FileRef_ReadDirectoryEntriesReply(infos, file_types));
250 } 251 }
251 252
252 int32_t PepperInternalFileRefBackend::GetAbsolutePath( 253 int32_t PepperInternalFileRefBackend::GetAbsolutePath(
253 ppapi::host::ReplyMessageContext reply_context) { 254 ppapi::host::ReplyMessageContext reply_context) {
254 host_->SendReply(reply_context, 255 host_->SendReply(reply_context,
255 PpapiPluginMsg_FileRef_GetAbsolutePathReply(path_)); 256 PpapiPluginMsg_FileRef_GetAbsolutePathReply(path_));
256 return PP_OK_COMPLETIONPENDING; 257 return PP_OK_COMPLETIONPENDING;
257 } 258 }
258 259
259 int32_t PepperInternalFileRefBackend::HasPermissions(int permissions) const { 260 int32_t PepperInternalFileRefBackend::CanRead() const {
260 base::PlatformFileError error; 261 fileapi::FileSystemURL url = GetFileSystemURL();
261 CheckFileSystemPermissionsForProcess(GetFileSystemContext().get(), 262 if (!FileSystemURLIsValid(GetFileSystemContext().get(), url))
262 render_process_id_, 263 return PP_ERROR_FAILED;
263 GetFileSystemURL(), 264 if (!ChildProcessSecurityPolicyImpl::GetInstance()->
264 permissions, 265 CanReadFileSystemFile(render_process_id_, url)) {
265 &error); 266 return PP_ERROR_NOACCESS;
266 return ppapi::PlatformFileErrorToPepperError(error); 267 }
268 return PP_OK;
269 }
270
271 int32_t PepperInternalFileRefBackend::CanWrite() const {
272 fileapi::FileSystemURL url = GetFileSystemURL();
273 if (!FileSystemURLIsValid(GetFileSystemContext().get(), url))
274 return PP_ERROR_FAILED;
275 if (!ChildProcessSecurityPolicyImpl::GetInstance()->
276 CanWriteFileSystemFile(render_process_id_, url)) {
277 return PP_ERROR_NOACCESS;
278 }
279 return PP_OK;
280 }
281
282 int32_t PepperInternalFileRefBackend::CanCreate() const {
283 fileapi::FileSystemURL url = GetFileSystemURL();
284 if (!FileSystemURLIsValid(GetFileSystemContext().get(), url))
285 return PP_ERROR_FAILED;
286 if (!ChildProcessSecurityPolicyImpl::GetInstance()->
287 CanCreateFileSystemFile(render_process_id_, url)) {
288 return PP_ERROR_NOACCESS;
289 }
290 return PP_OK;
291 }
292
293 int32_t PepperInternalFileRefBackend::CanReadWrite() const {
294 fileapi::FileSystemURL url = GetFileSystemURL();
295 if (!FileSystemURLIsValid(GetFileSystemContext().get(), url))
296 return PP_ERROR_FAILED;
297 ChildProcessSecurityPolicyImpl* policy =
298 ChildProcessSecurityPolicyImpl::GetInstance();
299 if (!policy->CanReadFileSystemFile(render_process_id_, url) ||
300 !policy->CanWriteFileSystemFile(render_process_id_, url)) {
301 return PP_ERROR_NOACCESS;
302 }
303 return PP_OK;
267 } 304 }
268 305
269 } // namespace content 306 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/renderer_host/pepper/pepper_internal_file_ref_backend.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698