| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc
e-loading | 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc
e-loading |
| 6 | 6 |
| 7 #include "content/browser/loader/resource_dispatcher_host_impl.h" | 7 #include "content/browser/loader/resource_dispatcher_host_impl.h" |
| 8 | 8 |
| 9 #include <stddef.h> | 9 #include <stddef.h> |
| 10 | 10 |
| (...skipping 20 matching lines...) Expand all Loading... |
| 31 #include "base/profiler/scoped_tracker.h" | 31 #include "base/profiler/scoped_tracker.h" |
| 32 #include "base/stl_util.h" | 32 #include "base/stl_util.h" |
| 33 #include "base/strings/string_util.h" | 33 #include "base/strings/string_util.h" |
| 34 #include "base/third_party/dynamic_annotations/dynamic_annotations.h" | 34 #include "base/third_party/dynamic_annotations/dynamic_annotations.h" |
| 35 #include "base/time/time.h" | 35 #include "base/time/time.h" |
| 36 #include "content/browser/appcache/appcache_interceptor.h" | 36 #include "content/browser/appcache/appcache_interceptor.h" |
| 37 #include "content/browser/appcache/chrome_appcache_service.h" | 37 #include "content/browser/appcache/chrome_appcache_service.h" |
| 38 #include "content/browser/bad_message.h" | 38 #include "content/browser/bad_message.h" |
| 39 #include "content/browser/blob_storage/chrome_blob_storage_context.h" | 39 #include "content/browser/blob_storage/chrome_blob_storage_context.h" |
| 40 #include "content/browser/cert_store_impl.h" | 40 #include "content/browser/cert_store_impl.h" |
| 41 #include "content/browser/child_process_security_policy_impl.h" | |
| 42 #include "content/browser/download/download_resource_handler.h" | 41 #include "content/browser/download/download_resource_handler.h" |
| 43 #include "content/browser/download/save_file_manager.h" | 42 #include "content/browser/download/save_file_manager.h" |
| 44 #include "content/browser/download/save_file_resource_handler.h" | 43 #include "content/browser/download/save_file_resource_handler.h" |
| 45 #include "content/browser/frame_host/frame_tree.h" | 44 #include "content/browser/frame_host/frame_tree.h" |
| 46 #include "content/browser/frame_host/navigation_request_info.h" | 45 #include "content/browser/frame_host/navigation_request_info.h" |
| 47 #include "content/browser/frame_host/navigator.h" | 46 #include "content/browser/frame_host/navigator.h" |
| 48 #include "content/browser/loader/async_resource_handler.h" | 47 #include "content/browser/loader/async_resource_handler.h" |
| 49 #include "content/browser/loader/async_revalidation_manager.h" | 48 #include "content/browser/loader/async_revalidation_manager.h" |
| 50 #include "content/browser/loader/cross_site_resource_handler.h" | 49 #include "content/browser/loader/cross_site_resource_handler.h" |
| 51 #include "content/browser/loader/detachable_resource_handler.h" | 50 #include "content/browser/loader/detachable_resource_handler.h" |
| 52 #include "content/browser/loader/loader_delegate.h" | 51 #include "content/browser/loader/loader_delegate.h" |
| 53 #include "content/browser/loader/mime_type_resource_handler.h" | 52 #include "content/browser/loader/mime_type_resource_handler.h" |
| 54 #include "content/browser/loader/navigation_resource_handler.h" | 53 #include "content/browser/loader/navigation_resource_handler.h" |
| 55 #include "content/browser/loader/navigation_resource_throttle.h" | 54 #include "content/browser/loader/navigation_resource_throttle.h" |
| 56 #include "content/browser/loader/navigation_url_loader_impl_core.h" | 55 #include "content/browser/loader/navigation_url_loader_impl_core.h" |
| 57 #include "content/browser/loader/power_save_block_resource_throttle.h" | 56 #include "content/browser/loader/power_save_block_resource_throttle.h" |
| 58 #include "content/browser/loader/redirect_to_file_resource_handler.h" | 57 #include "content/browser/loader/redirect_to_file_resource_handler.h" |
| 59 #include "content/browser/loader/resource_message_filter.h" | 58 #include "content/browser/loader/resource_message_filter.h" |
| 60 #include "content/browser/loader/resource_request_info_impl.h" | 59 #include "content/browser/loader/resource_request_info_impl.h" |
| 61 #include "content/browser/loader/stream_resource_handler.h" | 60 #include "content/browser/loader/stream_resource_handler.h" |
| 62 #include "content/browser/loader/sync_resource_handler.h" | 61 #include "content/browser/loader/sync_resource_handler.h" |
| 63 #include "content/browser/loader/throttling_resource_handler.h" | 62 #include "content/browser/loader/throttling_resource_handler.h" |
| 64 #include "content/browser/loader/upload_data_stream_builder.h" | 63 #include "content/browser/loader/upload_data_stream_builder.h" |
| 65 #include "content/browser/resource_context_impl.h" | 64 #include "content/browser/resource_context_impl.h" |
| 66 #include "content/browser/service_worker/foreign_fetch_request_handler.h" | 65 #include "content/browser/service_worker/foreign_fetch_request_handler.h" |
| 67 #include "content/browser/service_worker/link_header_support.h" | 66 #include "content/browser/service_worker/link_header_support.h" |
| 68 #include "content/browser/service_worker/service_worker_request_handler.h" | 67 #include "content/browser/service_worker/service_worker_request_handler.h" |
| 68 #include "content/browser/shared/child_process_security_policy_helper.h" |
| 69 #include "content/browser/streams/stream.h" | 69 #include "content/browser/streams/stream.h" |
| 70 #include "content/browser/streams/stream_context.h" | 70 #include "content/browser/streams/stream_context.h" |
| 71 #include "content/browser/streams/stream_registry.h" | 71 #include "content/browser/streams/stream_registry.h" |
| 72 #include "content/browser/web_contents/web_contents_impl.h" | 72 #include "content/browser/web_contents/web_contents_impl.h" |
| 73 #include "content/common/navigation_params.h" | 73 #include "content/common/navigation_params.h" |
| 74 #include "content/common/net/url_request_service_worker_data.h" | 74 #include "content/common/net/url_request_service_worker_data.h" |
| 75 #include "content/common/resource_messages.h" | 75 #include "content/common/resource_messages.h" |
| 76 #include "content/common/resource_request.h" | 76 #include "content/common/resource_request.h" |
| 77 #include "content/common/resource_request_body_impl.h" | 77 #include "content/common/resource_request_body_impl.h" |
| 78 #include "content/common/resource_request_completion_status.h" | 78 #include "content/common/resource_request_completion_status.h" |
| (...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 291 // Consults the RendererSecurity policy to determine whether the | 291 // Consults the RendererSecurity policy to determine whether the |
| 292 // ResourceDispatcherHostImpl should service this request. A request might be | 292 // ResourceDispatcherHostImpl should service this request. A request might be |
| 293 // disallowed if the renderer is not authorized to retrieve the request URL or | 293 // disallowed if the renderer is not authorized to retrieve the request URL or |
| 294 // if the renderer is attempting to upload an unauthorized file. | 294 // if the renderer is attempting to upload an unauthorized file. |
| 295 bool ShouldServiceRequest(int process_type, | 295 bool ShouldServiceRequest(int process_type, |
| 296 int child_id, | 296 int child_id, |
| 297 const ResourceRequest& request_data, | 297 const ResourceRequest& request_data, |
| 298 const net::HttpRequestHeaders& headers, | 298 const net::HttpRequestHeaders& headers, |
| 299 ResourceMessageFilter* filter, | 299 ResourceMessageFilter* filter, |
| 300 ResourceContext* resource_context) { | 300 ResourceContext* resource_context) { |
| 301 ChildProcessSecurityPolicyImpl* policy = | 301 ChildProcessSecurityPolicyHelper* policy = |
| 302 ChildProcessSecurityPolicyImpl::GetInstance(); | 302 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 303 | 303 |
| 304 // Check if the renderer is permitted to request the requested URL. | 304 // Check if the renderer is permitted to request the requested URL. |
| 305 if (!policy->CanRequestURL(child_id, request_data.url)) { | 305 if (!policy->CanRequestURL(child_id, request_data.url)) { |
| 306 VLOG(1) << "Denied unauthorized request for " | 306 VLOG(1) << "Denied unauthorized request for " |
| 307 << request_data.url.possibly_invalid_spec(); | 307 << request_data.url.possibly_invalid_spec(); |
| 308 return false; | 308 return false; |
| 309 } | 309 } |
| 310 | 310 |
| 311 // Check if the renderer is using an illegal Origin header. If so, kill it. | 311 // Check if the renderer is using an illegal Origin header. If so, kill it. |
| 312 std::string origin_string; | 312 std::string origin_string; |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 346 } | 346 } |
| 347 } | 347 } |
| 348 } | 348 } |
| 349 } | 349 } |
| 350 | 350 |
| 351 return true; | 351 return true; |
| 352 } | 352 } |
| 353 | 353 |
| 354 void RemoveDownloadFileFromChildSecurityPolicy(int child_id, | 354 void RemoveDownloadFileFromChildSecurityPolicy(int child_id, |
| 355 const base::FilePath& path) { | 355 const base::FilePath& path) { |
| 356 ChildProcessSecurityPolicyImpl::GetInstance()->RevokeAllPermissionsForFile( | 356 ChildProcessSecurityPolicyHelper::GetInstance()->RevokeAllPermissionsForFile( |
| 357 child_id, path); | 357 child_id, path); |
| 358 } | 358 } |
| 359 | 359 |
| 360 int GetCertID(CertStore* cert_store, net::URLRequest* request, int child_id) { | 360 int GetCertID(CertStore* cert_store, net::URLRequest* request, int child_id) { |
| 361 if (request->ssl_info().cert.get()) | 361 if (request->ssl_info().cert.get()) |
| 362 return cert_store->StoreCert(request->ssl_info().cert.get(), child_id); | 362 return cert_store->StoreCert(request->ssl_info().cert.get(), child_id); |
| 363 return 0; | 363 return 0; |
| 364 } | 364 } |
| 365 | 365 |
| 366 void NotifyRedirectOnUI(int render_process_id, | 366 void NotifyRedirectOnUI(int render_process_id, |
| (...skipping 365 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 732 // We treat a download as a main frame load, and thus update the policy URL on | 732 // We treat a download as a main frame load, and thus update the policy URL on |
| 733 // redirects. | 733 // redirects. |
| 734 // | 734 // |
| 735 // TODO(davidben): Is this correct? If this came from a | 735 // TODO(davidben): Is this correct? If this came from a |
| 736 // ViewHostMsg_DownloadUrl in a frame, should it have first-party URL set | 736 // ViewHostMsg_DownloadUrl in a frame, should it have first-party URL set |
| 737 // appropriately? | 737 // appropriately? |
| 738 request->set_first_party_url_policy( | 738 request->set_first_party_url_policy( |
| 739 net::URLRequest::UPDATE_FIRST_PARTY_URL_ON_REDIRECT); | 739 net::URLRequest::UPDATE_FIRST_PARTY_URL_ON_REDIRECT); |
| 740 | 740 |
| 741 // Check if the renderer is permitted to request the requested URL. | 741 // Check if the renderer is permitted to request the requested URL. |
| 742 if (!ChildProcessSecurityPolicyImpl::GetInstance()-> | 742 if (!ChildProcessSecurityPolicyHelper::GetInstance()->CanRequestURL( |
| 743 CanRequestURL(render_process_id, url)) { | 743 render_process_id, url)) { |
| 744 DVLOG(1) << "Denied unauthorized download request for " | 744 DVLOG(1) << "Denied unauthorized download request for " |
| 745 << url.possibly_invalid_spec(); | 745 << url.possibly_invalid_spec(); |
| 746 return DOWNLOAD_INTERRUPT_REASON_NETWORK_INVALID_REQUEST; | 746 return DOWNLOAD_INTERRUPT_REASON_NETWORK_INVALID_REQUEST; |
| 747 } | 747 } |
| 748 | 748 |
| 749 request_id_--; | 749 request_id_--; |
| 750 | 750 |
| 751 const net::URLRequestContext* request_context = request->context(); | 751 const net::URLRequestContext* request_context = request->context(); |
| 752 if (!request_context->job_factory()->IsHandledURL(url)) { | 752 if (!request_context->job_factory()->IsHandledURL(url)) { |
| 753 DVLOG(1) << "Download request for unsupported protocol: " | 753 DVLOG(1) << "Download request for unsupported protocol: " |
| (...skipping 725 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1479 .get())); | 1479 .get())); |
| 1480 } | 1480 } |
| 1481 | 1481 |
| 1482 bool allow_download = request_data.allow_download && | 1482 bool allow_download = request_data.allow_download && |
| 1483 IsResourceTypeFrame(request_data.resource_type); | 1483 IsResourceTypeFrame(request_data.resource_type); |
| 1484 bool do_not_prompt_for_login = request_data.do_not_prompt_for_login; | 1484 bool do_not_prompt_for_login = request_data.do_not_prompt_for_login; |
| 1485 bool is_sync_load = sync_result != NULL; | 1485 bool is_sync_load = sync_result != NULL; |
| 1486 | 1486 |
| 1487 // Raw headers are sensitive, as they include Cookie/Set-Cookie, so only | 1487 // Raw headers are sensitive, as they include Cookie/Set-Cookie, so only |
| 1488 // allow requesting them if requester has ReadRawCookies permission. | 1488 // allow requesting them if requester has ReadRawCookies permission. |
| 1489 ChildProcessSecurityPolicyImpl* policy = | 1489 ChildProcessSecurityPolicyHelper* policy = |
| 1490 ChildProcessSecurityPolicyImpl::GetInstance(); | 1490 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 1491 bool report_raw_headers = request_data.report_raw_headers; | 1491 bool report_raw_headers = request_data.report_raw_headers; |
| 1492 if (report_raw_headers && !policy->CanReadRawCookies(child_id)) { | 1492 if (report_raw_headers && !policy->CanReadRawCookies(child_id)) { |
| 1493 // TODO: crbug.com/523063 can we call bad_message::ReceivedBadMessage here? | 1493 // TODO: crbug.com/523063 can we call bad_message::ReceivedBadMessage here? |
| 1494 VLOG(1) << "Denied unauthorized request for raw headers"; | 1494 VLOG(1) << "Denied unauthorized request for raw headers"; |
| 1495 report_raw_headers = false; | 1495 report_raw_headers = false; |
| 1496 } | 1496 } |
| 1497 int load_flags = | 1497 int load_flags = |
| 1498 BuildLoadFlagsForRequest(request_data, child_id, is_sync_load); | 1498 BuildLoadFlagsForRequest(request_data, child_id, is_sync_load); |
| 1499 if (request_data.resource_type == RESOURCE_TYPE_PREFETCH || | 1499 if (request_data.resource_type == RESOURCE_TYPE_PREFETCH || |
| 1500 request_data.resource_type == RESOURCE_TYPE_FAVICON) { | 1500 request_data.resource_type == RESOURCE_TYPE_FAVICON) { |
| (...skipping 254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1755 // TODO(michaeln): maybe throttle DataDownloaded messages | 1755 // TODO(michaeln): maybe throttle DataDownloaded messages |
| 1756 } | 1756 } |
| 1757 | 1757 |
| 1758 void ResourceDispatcherHostImpl::RegisterDownloadedTempFile( | 1758 void ResourceDispatcherHostImpl::RegisterDownloadedTempFile( |
| 1759 int child_id, int request_id, const base::FilePath& file_path) { | 1759 int child_id, int request_id, const base::FilePath& file_path) { |
| 1760 scoped_refptr<ShareableFileReference> reference = | 1760 scoped_refptr<ShareableFileReference> reference = |
| 1761 ShareableFileReference::Get(file_path); | 1761 ShareableFileReference::Get(file_path); |
| 1762 DCHECK(reference.get()); | 1762 DCHECK(reference.get()); |
| 1763 | 1763 |
| 1764 registered_temp_files_[child_id][request_id] = reference; | 1764 registered_temp_files_[child_id][request_id] = reference; |
| 1765 ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile( | 1765 ChildProcessSecurityPolicyHelper::GetInstance()->GrantReadFile( |
| 1766 child_id, reference->path()); | 1766 child_id, reference->path()); |
| 1767 | 1767 |
| 1768 // When the temp file is deleted, revoke permissions that the renderer has | 1768 // When the temp file is deleted, revoke permissions that the renderer has |
| 1769 // to that file. This covers an edge case where the file is deleted and then | 1769 // to that file. This covers an edge case where the file is deleted and then |
| 1770 // the same name is re-used for some other purpose, we don't want the old | 1770 // the same name is re-used for some other purpose, we don't want the old |
| 1771 // renderer to still have access to it. | 1771 // renderer to still have access to it. |
| 1772 // | 1772 // |
| 1773 // We do this when the file is deleted because the renderer can take a blob | 1773 // We do this when the file is deleted because the renderer can take a blob |
| 1774 // reference to the temp file that outlives the url loaded that it was | 1774 // reference to the temp file that outlives the url loaded that it was |
| 1775 // loaded with to keep the file (and permissions) alive. | 1775 // loaded with to keep the file (and permissions) alive. |
| (...skipping 856 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2632 ssl.cert_id = GetCertStore()->StoreCert(ssl_info.cert.get(), child_id); | 2632 ssl.cert_id = GetCertStore()->StoreCert(ssl_info.cert.get(), child_id); |
| 2633 response->head.security_info = SerializeSecurityInfo(ssl); | 2633 response->head.security_info = SerializeSecurityInfo(ssl); |
| 2634 } | 2634 } |
| 2635 | 2635 |
| 2636 CertStore* ResourceDispatcherHostImpl::GetCertStore() { | 2636 CertStore* ResourceDispatcherHostImpl::GetCertStore() { |
| 2637 return cert_store_for_testing_ ? cert_store_for_testing_ | 2637 return cert_store_for_testing_ ? cert_store_for_testing_ |
| 2638 : CertStore::GetInstance(); | 2638 : CertStore::GetInstance(); |
| 2639 } | 2639 } |
| 2640 | 2640 |
| 2641 } // namespace content | 2641 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2111343002:
Move implementation of ChildProcessSecurityPolicyImpl to c/b/shared, and wrap in c/b (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@mffr-win