| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 5 #ifndef CONTENT_BROWSER_SHARED_CHILD_PROCESS_SECURITY_POLICY_HELPER_H_ |
| 6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 6 #define CONTENT_BROWSER_SHARED_CHILD_PROCESS_SECURITY_POLICY_HELPER_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <set> | 9 #include <set> |
| 10 #include <string> | 10 #include <string> |
| 11 #include <vector> | 11 #include <vector> |
| 12 | 12 |
| 13 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
| 14 #include "base/gtest_prod_util.h" | 14 #include "base/gtest_prod_util.h" |
| 15 #include "base/macros.h" | 15 #include "base/macros.h" |
| 16 #include "base/memory/singleton.h" | 16 #include "base/memory/singleton.h" |
| 17 #include "base/synchronization/lock.h" | 17 #include "base/synchronization/lock.h" |
| 18 #include "content/public/browser/child_process_security_policy.h" | |
| 19 #include "content/public/common/resource_type.h" | 18 #include "content/public/common/resource_type.h" |
| 20 #include "storage/common/fileapi/file_system_types.h" | 19 #include "storage/common/fileapi/file_system_types.h" |
| 20 #include "url/origin.h" |
| 21 | 21 |
| 22 class GURL; | 22 class GURL; |
| 23 | 23 |
| 24 namespace base { | 24 namespace base { |
| 25 class FilePath; | 25 class FilePath; |
| 26 } | 26 } |
| 27 | 27 |
| 28 namespace storage { | 28 namespace storage { |
| 29 class FileSystemURL; | 29 class FileSystemURL; |
| 30 } | 30 } |
| 31 | 31 |
| 32 namespace content { | 32 namespace content { |
| 33 | 33 |
| 34 class CONTENT_EXPORT ChildProcessSecurityPolicyImpl | 34 class CONTENT_EXPORT ChildProcessSecurityPolicyHelper { |
| 35 : NON_EXPORTED_BASE(public ChildProcessSecurityPolicy) { | |
| 36 public: | 35 public: |
| 37 // Object can only be created through GetInstance() so the constructor is | 36 // Object can only be created through GetInstance() so the constructor is |
| 38 // private. | 37 // private. |
| 39 ~ChildProcessSecurityPolicyImpl() override; | 38 ~ChildProcessSecurityPolicyHelper(); |
| 40 | 39 |
| 41 static ChildProcessSecurityPolicyImpl* GetInstance(); | 40 static ChildProcessSecurityPolicyHelper* GetInstance(); |
| 42 | 41 |
| 43 // ChildProcessSecurityPolicy implementation. | 42 void RegisterWebSafeScheme(const std::string& scheme); |
| 44 void RegisterWebSafeScheme(const std::string& scheme) override; | 43 bool IsWebSafeScheme(const std::string& scheme); |
| 45 bool IsWebSafeScheme(const std::string& scheme) override; | 44 void GrantReadFile(int child_id, const base::FilePath& file); |
| 46 void GrantReadFile(int child_id, const base::FilePath& file) override; | 45 void GrantCreateReadWriteFile(int child_id, const base::FilePath& file); |
| 47 void GrantCreateReadWriteFile(int child_id, | 46 void GrantCopyInto(int child_id, const base::FilePath& dir); |
| 48 const base::FilePath& file) override; | 47 void GrantDeleteFrom(int child_id, const base::FilePath& dir); |
| 49 void GrantCopyInto(int child_id, const base::FilePath& dir) override; | 48 void GrantReadFileSystem(int child_id, const std::string& filesystem_id); |
| 50 void GrantDeleteFrom(int child_id, const base::FilePath& dir) override; | 49 void GrantWriteFileSystem(int child_id, const std::string& filesystem_id); |
| 51 void GrantReadFileSystem(int child_id, | |
| 52 const std::string& filesystem_id) override; | |
| 53 void GrantWriteFileSystem(int child_id, | |
| 54 const std::string& filesystem_id) override; | |
| 55 void GrantCreateFileForFileSystem(int child_id, | 50 void GrantCreateFileForFileSystem(int child_id, |
| 56 const std::string& filesystem_id) override; | 51 const std::string& filesystem_id); |
| 57 void GrantCreateReadWriteFileSystem( | 52 void GrantCreateReadWriteFileSystem(int child_id, |
| 58 int child_id, | 53 const std::string& filesystem_id); |
| 59 const std::string& filesystem_id) override; | 54 void GrantCopyIntoFileSystem(int child_id, const std::string& filesystem_id); |
| 60 void GrantCopyIntoFileSystem(int child_id, | |
| 61 const std::string& filesystem_id) override; | |
| 62 void GrantDeleteFromFileSystem(int child_id, | 55 void GrantDeleteFromFileSystem(int child_id, |
| 63 const std::string& filesystem_id) override; | 56 const std::string& filesystem_id); |
| 64 void GrantOrigin(int child_id, const url::Origin& origin) override; | 57 void GrantOrigin(int child_id, const url::Origin& origin); |
| 65 void GrantScheme(int child_id, const std::string& scheme) override; | 58 void GrantScheme(int child_id, const std::string& scheme); |
| 66 bool CanReadFile(int child_id, const base::FilePath& file) override; | 59 bool CanReadFile(int child_id, const base::FilePath& file); |
| 67 bool CanCreateReadWriteFile(int child_id, | 60 bool CanCreateReadWriteFile(int child_id, const base::FilePath& file); |
| 68 const base::FilePath& file) override; | 61 bool CanReadFileSystem(int child_id, const std::string& filesystem_id); |
| 69 bool CanReadFileSystem(int child_id, | 62 bool CanReadWriteFileSystem(int child_id, const std::string& filesystem_id); |
| 70 const std::string& filesystem_id) override; | 63 bool CanCopyIntoFileSystem(int child_id, const std::string& filesystem_id); |
| 71 bool CanReadWriteFileSystem(int child_id, | 64 bool CanDeleteFromFileSystem(int child_id, const std::string& filesystem_id); |
| 72 const std::string& filesystem_id) override; | 65 bool HasWebUIBindings(int child_id); |
| 73 bool CanCopyIntoFileSystem(int child_id, | 66 void GrantSendMidiSysExMessage(int child_id); |
| 74 const std::string& filesystem_id) override; | 67 bool CanAccessDataForOrigin(int child_id, const GURL& url); |
| 75 bool CanDeleteFromFileSystem(int child_id, | |
| 76 const std::string& filesystem_id) override; | |
| 77 bool HasWebUIBindings(int child_id) override; | |
| 78 void GrantSendMidiSysExMessage(int child_id) override; | |
| 79 bool CanAccessDataForOrigin(int child_id, const GURL& url) override; | |
| 80 | 68 |
| 81 // Returns if |child_id| can read all of the |files|. | 69 // Returns if |child_id| can read all of the |files|. |
| 82 bool CanReadAllFiles(int child_id, const std::vector<base::FilePath>& files); | 70 bool CanReadAllFiles(int child_id, const std::vector<base::FilePath>& files); |
| 83 | 71 |
| 84 // Pseudo schemes are treated differently than other schemes because they | 72 // Pseudo schemes are treated differently than other schemes because they |
| 85 // cannot be requested like normal URLs. There is no mechanism for revoking | 73 // cannot be requested like normal URLs. There is no mechanism for revoking |
| 86 // pseudo schemes. | 74 // pseudo schemes. |
| 87 void RegisterPseudoScheme(const std::string& scheme); | 75 void RegisterPseudoScheme(const std::string& scheme); |
| 88 | 76 |
| 89 // Returns true iff |scheme| has been registered as pseudo scheme. | 77 // Returns true iff |scheme| has been registered as pseudo scheme. |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 171 NoLeak); | 159 NoLeak); |
| 172 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest, FilePermissions); | 160 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest, FilePermissions); |
| 173 | 161 |
| 174 class SecurityState; | 162 class SecurityState; |
| 175 | 163 |
| 176 typedef std::set<std::string> SchemeSet; | 164 typedef std::set<std::string> SchemeSet; |
| 177 typedef std::map<int, SecurityState*> SecurityStateMap; | 165 typedef std::map<int, SecurityState*> SecurityStateMap; |
| 178 typedef std::map<int, int> WorkerToMainProcessMap; | 166 typedef std::map<int, int> WorkerToMainProcessMap; |
| 179 typedef std::map<storage::FileSystemType, int> FileSystemPermissionPolicyMap; | 167 typedef std::map<storage::FileSystemType, int> FileSystemPermissionPolicyMap; |
| 180 | 168 |
| 181 // Obtain an instance of ChildProcessSecurityPolicyImpl via GetInstance(). | 169 // Obtain an instance of ChildProcessSecurityPolicyHelper via GetInstance(). |
| 182 ChildProcessSecurityPolicyImpl(); | 170 ChildProcessSecurityPolicyHelper(); |
| 183 friend struct base::DefaultSingletonTraits<ChildProcessSecurityPolicyImpl>; | 171 friend struct base::DefaultSingletonTraits<ChildProcessSecurityPolicyHelper>; |
| 184 | 172 |
| 185 // Adds child process during registration. | 173 // Adds child process during registration. |
| 186 void AddChild(int child_id); | 174 void AddChild(int child_id); |
| 187 | 175 |
| 188 // Determines if certain permissions were granted for a file to given child | 176 // Determines if certain permissions were granted for a file to given child |
| 189 // process. |permissions| is an internally defined bit-set. | 177 // process. |permissions| is an internally defined bit-set. |
| 190 bool ChildProcessHasPermissionsForFile(int child_id, | 178 bool ChildProcessHasPermissionsForFile(int child_id, |
| 191 const base::FilePath& file, | 179 const base::FilePath& file, |
| 192 int permissions); | 180 int permissions); |
| 193 | 181 |
| 194 // Grant a particular permission set for a file. |permissions| is an | 182 // Grant a particular permission set for a file. |permissions| is an |
| 195 // internally defined bit-set. | 183 // internally defined bit-set. |
| 196 void GrantPermissionsForFile(int child_id, | 184 void GrantPermissionsForFile(int child_id, |
| 197 const base::FilePath& file, | 185 const base::FilePath& file, |
| 198 int permissions); | 186 int permissions); |
| 199 | 187 |
| 200 // Grants access permission to the given isolated file system | 188 // Grants access permission to the given isolated file system |
| 201 // identified by |filesystem_id|. See comments for | 189 // identified by |filesystem_id|. See comments for |
| 202 // ChildProcessSecurityPolicy::GrantReadFileSystem() for more details. | 190 // ChildProcessSecurityPolicy::GrantReadFileSystem() for more details. |
| 203 void GrantPermissionsForFileSystem( | 191 void GrantPermissionsForFileSystem(int child_id, |
| 204 int child_id, | 192 const std::string& filesystem_id, |
| 205 const std::string& filesystem_id, | 193 int permission); |
| 206 int permission); | |
| 207 | 194 |
| 208 // Determines if certain permissions were granted for a file. |permissions| | 195 // Determines if certain permissions were granted for a file. |permissions| |
| 209 // is an internally defined bit-set. If |child_id| is a worker process, | 196 // is an internally defined bit-set. If |child_id| is a worker process, |
| 210 // this returns true if either the worker process or its parent renderer | 197 // this returns true if either the worker process or its parent renderer |
| 211 // has permissions for the file. | 198 // has permissions for the file. |
| 212 bool HasPermissionsForFile(int child_id, | 199 bool HasPermissionsForFile(int child_id, |
| 213 const base::FilePath& file, | 200 const base::FilePath& file, |
| 214 int permissions); | 201 int permissions); |
| 215 | 202 |
| 216 // Determines if certain permissions were granted for a file in FileSystem | 203 // Determines if certain permissions were granted for a file in FileSystem |
| 217 // API. |permissions| is an internally defined bit-set. | 204 // API. |permissions| is an internally defined bit-set. |
| 218 bool HasPermissionsForFileSystemFile(int child_id, | 205 bool HasPermissionsForFileSystemFile(int child_id, |
| 219 const storage::FileSystemURL& url, | 206 const storage::FileSystemURL& url, |
| 220 int permissions); | 207 int permissions); |
| 221 | 208 |
| 222 // Determines if certain permissions were granted for a file system. | 209 // Determines if certain permissions were granted for a file system. |
| 223 // |permissions| is an internally defined bit-set. | 210 // |permissions| is an internally defined bit-set. |
| 224 bool HasPermissionsForFileSystem( | 211 bool HasPermissionsForFileSystem(int child_id, |
| 225 int child_id, | 212 const std::string& filesystem_id, |
| 226 const std::string& filesystem_id, | 213 int permission); |
| 227 int permission); | |
| 228 | 214 |
| 229 // You must acquire this lock before reading or writing any members of this | 215 // You must acquire this lock before reading or writing any members of this |
| 230 // class. You must not block while holding this lock. | 216 // class. You must not block while holding this lock. |
| 231 base::Lock lock_; | 217 base::Lock lock_; |
| 232 | 218 |
| 233 // These schemes are white-listed for all child processes. This set is | 219 // These schemes are white-listed for all child processes. This set is |
| 234 // protected by |lock_|. | 220 // protected by |lock_|. |
| 235 SchemeSet web_safe_schemes_; | 221 SchemeSet web_safe_schemes_; |
| 236 | 222 |
| 237 // These schemes do not actually represent retrievable URLs. For example, | 223 // These schemes do not actually represent retrievable URLs. For example, |
| 238 // the the URLs in the "about" scheme are aliases to other URLs. This set is | 224 // the the URLs in the "about" scheme are aliases to other URLs. This set is |
| 239 // protected by |lock_|. | 225 // protected by |lock_|. |
| 240 SchemeSet pseudo_schemes_; | 226 SchemeSet pseudo_schemes_; |
| 241 | 227 |
| 242 // This map holds a SecurityState for each child process. The key for the | 228 // This map holds a SecurityState for each child process. The key for the |
| 243 // map is the ID of the ChildProcessHost. The SecurityState objects are | 229 // map is the ID of the ChildProcessHost. The SecurityState objects are |
| 244 // owned by this object and are protected by |lock_|. References to them must | 230 // owned by this object and are protected by |lock_|. References to them must |
| 245 // not escape this class. | 231 // not escape this class. |
| 246 SecurityStateMap security_state_; | 232 SecurityStateMap security_state_; |
| 247 | 233 |
| 248 // This maps keeps the record of which js worker thread child process | 234 // This maps keeps the record of which js worker thread child process |
| 249 // corresponds to which main js thread child process. | 235 // corresponds to which main js thread child process. |
| 250 WorkerToMainProcessMap worker_map_; | 236 WorkerToMainProcessMap worker_map_; |
| 251 | 237 |
| 252 FileSystemPermissionPolicyMap file_system_policy_map_; | 238 FileSystemPermissionPolicyMap file_system_policy_map_; |
| 253 | 239 |
| 254 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl); | 240 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyHelper); |
| 255 }; | 241 }; |
| 256 | 242 |
| 257 } // namespace content | 243 } // namespace content |
| 258 | 244 |
| 259 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 245 #endif // CONTENT_BROWSER_SHARED_CHILD_PROCESS_SECURITY_POLICY_HELPER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2111343002:
Move implementation of ChildProcessSecurityPolicyImpl to c/b/shared, and wrap in c/b (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@mffr-win