| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <set> | 5 #include <set> |
| 6 #include <string> | 6 #include <string> |
| 7 | 7 |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "content/browser/child_process_security_policy_impl.h" | 9 #include "content/browser/shared/child_process_security_policy_helper.h" |
| 10 #include "content/public/common/url_constants.h" | 10 #include "content/public/common/url_constants.h" |
| 11 #include "content/test/test_content_browser_client.h" | 11 #include "content/test/test_content_browser_client.h" |
| 12 #include "storage/browser/fileapi/file_permission_policy.h" | 12 #include "storage/browser/fileapi/file_permission_policy.h" |
| 13 #include "storage/browser/fileapi/file_system_url.h" | 13 #include "storage/browser/fileapi/file_system_url.h" |
| 14 #include "storage/browser/fileapi/isolated_context.h" | 14 #include "storage/browser/fileapi/isolated_context.h" |
| 15 #include "storage/common/fileapi/file_system_types.h" | 15 #include "storage/common/fileapi/file_system_types.h" |
| 16 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
| 17 #include "url/gurl.h" | 17 #include "url/gurl.h" |
| 18 #include "url/origin.h" | 18 #include "url/origin.h" |
| 19 | 19 |
| (...skipping 11 matching lines...) Expand all Loading... |
| 31 | 31 |
| 32 class ChildProcessSecurityPolicyTestBrowserClient | 32 class ChildProcessSecurityPolicyTestBrowserClient |
| 33 : public TestContentBrowserClient { | 33 : public TestContentBrowserClient { |
| 34 public: | 34 public: |
| 35 ChildProcessSecurityPolicyTestBrowserClient() {} | 35 ChildProcessSecurityPolicyTestBrowserClient() {} |
| 36 | 36 |
| 37 bool IsHandledURL(const GURL& url) override { | 37 bool IsHandledURL(const GURL& url) override { |
| 38 return schemes_.find(url.scheme()) != schemes_.end(); | 38 return schemes_.find(url.scheme()) != schemes_.end(); |
| 39 } | 39 } |
| 40 | 40 |
| 41 void ClearSchemes() { | 41 void ClearSchemes() { schemes_.clear(); } |
| 42 schemes_.clear(); | |
| 43 } | |
| 44 | 42 |
| 45 void AddScheme(const std::string& scheme) { | 43 void AddScheme(const std::string& scheme) { schemes_.insert(scheme); } |
| 46 schemes_.insert(scheme); | |
| 47 } | |
| 48 | 44 |
| 49 private: | 45 private: |
| 50 std::set<std::string> schemes_; | 46 std::set<std::string> schemes_; |
| 51 }; | 47 }; |
| 52 | 48 |
| 53 } // namespace | 49 } // namespace |
| 54 | 50 |
| 55 class ChildProcessSecurityPolicyTest : public testing::Test { | 51 class ChildProcessSecurityPolicyTest : public testing::Test { |
| 56 public: | 52 public: |
| 57 ChildProcessSecurityPolicyTest() : old_browser_client_(NULL) { | 53 ChildProcessSecurityPolicyTest() : old_browser_client_(NULL) {} |
| 58 } | |
| 59 | 54 |
| 60 void SetUp() override { | 55 void SetUp() override { |
| 61 old_browser_client_ = SetBrowserClientForTesting(&test_browser_client_); | 56 old_browser_client_ = SetBrowserClientForTesting(&test_browser_client_); |
| 62 | 57 |
| 63 // Claim to always handle chrome:// URLs because the CPSP's notion of | 58 // Claim to always handle chrome:// URLs because the CPSP's notion of |
| 64 // allowing WebUI bindings is hard-wired to this particular scheme. | 59 // allowing WebUI bindings is hard-wired to this particular scheme. |
| 65 test_browser_client_.AddScheme(kChromeUIScheme); | 60 test_browser_client_.AddScheme(kChromeUIScheme); |
| 66 | 61 |
| 67 // Claim to always handle file:// URLs like the browser would. | 62 // Claim to always handle file:// URLs like the browser would. |
| 68 // net::URLRequest::IsHandledURL() no longer claims support for default | 63 // net::URLRequest::IsHandledURL() no longer claims support for default |
| 69 // protocols as this is the responsibility of the browser (which is | 64 // protocols as this is the responsibility of the browser (which is |
| 70 // responsible for adding the appropriate ProtocolHandler). | 65 // responsible for adding the appropriate ProtocolHandler). |
| 71 test_browser_client_.AddScheme(url::kFileScheme); | 66 test_browser_client_.AddScheme(url::kFileScheme); |
| 72 } | 67 } |
| 73 | 68 |
| 74 void TearDown() override { | 69 void TearDown() override { |
| 75 test_browser_client_.ClearSchemes(); | 70 test_browser_client_.ClearSchemes(); |
| 76 SetBrowserClientForTesting(old_browser_client_); | 71 SetBrowserClientForTesting(old_browser_client_); |
| 77 } | 72 } |
| 78 | 73 |
| 79 protected: | 74 protected: |
| 80 void RegisterTestScheme(const std::string& scheme) { | 75 void RegisterTestScheme(const std::string& scheme) { |
| 81 test_browser_client_.AddScheme(scheme); | 76 test_browser_client_.AddScheme(scheme); |
| 82 } | 77 } |
| 83 | 78 |
| 84 void GrantPermissionsForFile(ChildProcessSecurityPolicyImpl* p, | 79 void GrantPermissionsForFile(ChildProcessSecurityPolicyHelper* p, |
| 85 int child_id, | 80 int child_id, |
| 86 const base::FilePath& file, | 81 const base::FilePath& file, |
| 87 int permissions) { | 82 int permissions) { |
| 88 p->GrantPermissionsForFile(child_id, file, permissions); | 83 p->GrantPermissionsForFile(child_id, file, permissions); |
| 89 } | 84 } |
| 90 | 85 |
| 91 void CheckHasNoFileSystemPermission(ChildProcessSecurityPolicyImpl* p, | 86 void CheckHasNoFileSystemPermission(ChildProcessSecurityPolicyHelper* p, |
| 92 const std::string& child_id) { | 87 const std::string& child_id) { |
| 93 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, child_id)); | 88 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, child_id)); |
| 94 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, child_id)); | 89 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, child_id)); |
| 95 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, child_id)); | 90 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, child_id)); |
| 96 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, child_id)); | 91 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, child_id)); |
| 97 } | 92 } |
| 98 | 93 |
| 99 void CheckHasNoFileSystemFilePermission(ChildProcessSecurityPolicyImpl* p, | 94 void CheckHasNoFileSystemFilePermission(ChildProcessSecurityPolicyHelper* p, |
| 100 const base::FilePath& file, | 95 const base::FilePath& file, |
| 101 const storage::FileSystemURL& url) { | 96 const storage::FileSystemURL& url) { |
| 102 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 97 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
| 103 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, file)); | 98 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, file)); |
| 104 EXPECT_FALSE(p->CanReadFileSystemFile(kRendererID, url)); | 99 EXPECT_FALSE(p->CanReadFileSystemFile(kRendererID, url)); |
| 105 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, url)); | 100 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, url)); |
| 106 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, url)); | 101 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, url)); |
| 107 EXPECT_FALSE(p->CanCreateReadWriteFileSystemFile(kRendererID, url)); | 102 EXPECT_FALSE(p->CanCreateReadWriteFileSystemFile(kRendererID, url)); |
| 108 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, url)); | 103 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, url)); |
| 109 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, url)); | 104 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, url)); |
| 110 } | 105 } |
| 111 | 106 |
| 112 private: | 107 private: |
| 113 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_; | 108 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_; |
| 114 ContentBrowserClient* old_browser_client_; | 109 ContentBrowserClient* old_browser_client_; |
| 115 }; | 110 }; |
| 116 | 111 |
| 117 | |
| 118 TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) { | 112 TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) { |
| 119 ChildProcessSecurityPolicyImpl* p = | 113 ChildProcessSecurityPolicyHelper* p = |
| 120 ChildProcessSecurityPolicyImpl::GetInstance(); | 114 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 121 | 115 |
| 122 EXPECT_TRUE(p->IsWebSafeScheme(url::kHttpScheme)); | 116 EXPECT_TRUE(p->IsWebSafeScheme(url::kHttpScheme)); |
| 123 EXPECT_TRUE(p->IsWebSafeScheme(url::kHttpsScheme)); | 117 EXPECT_TRUE(p->IsWebSafeScheme(url::kHttpsScheme)); |
| 124 EXPECT_TRUE(p->IsWebSafeScheme(url::kFtpScheme)); | 118 EXPECT_TRUE(p->IsWebSafeScheme(url::kFtpScheme)); |
| 125 EXPECT_TRUE(p->IsWebSafeScheme(url::kDataScheme)); | 119 EXPECT_TRUE(p->IsWebSafeScheme(url::kDataScheme)); |
| 126 EXPECT_TRUE(p->IsWebSafeScheme("feed")); | 120 EXPECT_TRUE(p->IsWebSafeScheme("feed")); |
| 127 EXPECT_TRUE(p->IsWebSafeScheme(url::kBlobScheme)); | 121 EXPECT_TRUE(p->IsWebSafeScheme(url::kBlobScheme)); |
| 128 EXPECT_TRUE(p->IsWebSafeScheme(url::kFileSystemScheme)); | 122 EXPECT_TRUE(p->IsWebSafeScheme(url::kFileSystemScheme)); |
| 129 | 123 |
| 130 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme")); | 124 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme")); |
| 131 p->RegisterWebSafeScheme("registered-web-safe-scheme"); | 125 p->RegisterWebSafeScheme("registered-web-safe-scheme"); |
| 132 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme")); | 126 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme")); |
| 133 | 127 |
| 134 EXPECT_FALSE(p->IsWebSafeScheme(kChromeUIScheme)); | 128 EXPECT_FALSE(p->IsWebSafeScheme(kChromeUIScheme)); |
| 135 } | 129 } |
| 136 | 130 |
| 137 TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { | 131 TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { |
| 138 ChildProcessSecurityPolicyImpl* p = | 132 ChildProcessSecurityPolicyHelper* p = |
| 139 ChildProcessSecurityPolicyImpl::GetInstance(); | 133 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 140 | 134 |
| 141 EXPECT_TRUE(p->IsPseudoScheme(url::kAboutScheme)); | 135 EXPECT_TRUE(p->IsPseudoScheme(url::kAboutScheme)); |
| 142 EXPECT_TRUE(p->IsPseudoScheme(url::kJavaScriptScheme)); | 136 EXPECT_TRUE(p->IsPseudoScheme(url::kJavaScriptScheme)); |
| 143 EXPECT_TRUE(p->IsPseudoScheme(kViewSourceScheme)); | 137 EXPECT_TRUE(p->IsPseudoScheme(kViewSourceScheme)); |
| 144 | 138 |
| 145 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme")); | 139 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme")); |
| 146 p->RegisterPseudoScheme("registered-pseudo-scheme"); | 140 p->RegisterPseudoScheme("registered-pseudo-scheme"); |
| 147 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme")); | 141 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme")); |
| 148 | 142 |
| 149 EXPECT_FALSE(p->IsPseudoScheme(kChromeUIScheme)); | 143 EXPECT_FALSE(p->IsPseudoScheme(kChromeUIScheme)); |
| 150 } | 144 } |
| 151 | 145 |
| 152 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { | 146 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { |
| 153 ChildProcessSecurityPolicyImpl* p = | 147 ChildProcessSecurityPolicyHelper* p = |
| 154 ChildProcessSecurityPolicyImpl::GetInstance(); | 148 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 155 | 149 |
| 156 p->Add(kRendererID); | 150 p->Add(kRendererID); |
| 157 | 151 |
| 158 // Safe to request or commit. | 152 // Safe to request or commit. |
| 159 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"))); | 153 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"))); |
| 160 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"))); | 154 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"))); |
| 161 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); | 155 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); |
| 162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); | 156 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); |
| 163 EXPECT_TRUE(p->CanRequestURL( | 157 EXPECT_TRUE(p->CanRequestURL( |
| 164 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); | 158 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); |
| 165 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/"))); | 159 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/"))); |
| 166 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/"))); | 160 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/"))); |
| 167 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); | 161 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); |
| 168 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); | 162 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); |
| 169 EXPECT_TRUE(p->CanCommitURL( | 163 EXPECT_TRUE(p->CanCommitURL( |
| 170 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); | 164 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); |
| 171 | 165 |
| 172 // Dangerous to request or commit. | 166 // Dangerous to request or commit. |
| 173 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 167 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 174 GURL("file:///etc/passwd"))); | 168 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("chrome://foo/bar"))); |
| 175 EXPECT_FALSE(p->CanRequestURL(kRendererID, | |
| 176 GURL("chrome://foo/bar"))); | |
| 177 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 169 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
| 178 GURL("view-source:http://www.google.com/"))); | 170 GURL("view-source:http://www.google.com/"))); |
| 179 EXPECT_FALSE(p->CanCommitURL(kRendererID, | 171 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
| 180 GURL("file:///etc/passwd"))); | 172 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("chrome://foo/bar"))); |
| 181 EXPECT_FALSE(p->CanCommitURL(kRendererID, | |
| 182 GURL("chrome://foo/bar"))); | |
| 183 EXPECT_FALSE( | 173 EXPECT_FALSE( |
| 184 p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/"))); | 174 p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/"))); |
| 185 | 175 |
| 186 p->Remove(kRendererID); | 176 p->Remove(kRendererID); |
| 187 } | 177 } |
| 188 | 178 |
| 189 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { | 179 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { |
| 190 ChildProcessSecurityPolicyImpl* p = | 180 ChildProcessSecurityPolicyHelper* p = |
| 191 ChildProcessSecurityPolicyImpl::GetInstance(); | 181 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 192 | 182 |
| 193 p->Add(kRendererID); | 183 p->Add(kRendererID); |
| 194 | 184 |
| 195 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); | 185 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); |
| 196 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); | 186 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); |
| 197 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); | 187 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); |
| 198 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); | 188 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); |
| 199 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:blank"))); | 189 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:blank"))); |
| 200 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:BlAnK"))); | 190 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:BlAnK"))); |
| 201 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK"))); | 191 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK"))); |
| (...skipping 24 matching lines...) Expand all Loading... |
| 226 // These requests for chrome:// pages should be granted. | 216 // These requests for chrome:// pages should be granted. |
| 227 GURL chrome_url("chrome://foo"); | 217 GURL chrome_url("chrome://foo"); |
| 228 p->GrantRequestURL(kRendererID, chrome_url); | 218 p->GrantRequestURL(kRendererID, chrome_url); |
| 229 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url)); | 219 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url)); |
| 230 EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url)); | 220 EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url)); |
| 231 | 221 |
| 232 p->Remove(kRendererID); | 222 p->Remove(kRendererID); |
| 233 } | 223 } |
| 234 | 224 |
| 235 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { | 225 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { |
| 236 ChildProcessSecurityPolicyImpl* p = | 226 ChildProcessSecurityPolicyHelper* p = |
| 237 ChildProcessSecurityPolicyImpl::GetInstance(); | 227 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 238 | 228 |
| 239 p->Add(kRendererID); | 229 p->Add(kRendererID); |
| 240 | 230 |
| 241 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | 231 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
| 242 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); | 232 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); |
| 243 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); | 233 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); |
| 244 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | 234 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
| 245 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); | 235 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')"))); |
| 246 | 236 |
| 247 p->Remove(kRendererID); | 237 p->Remove(kRendererID); |
| 248 } | 238 } |
| 249 | 239 |
| 250 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { | 240 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { |
| 251 ChildProcessSecurityPolicyImpl* p = | 241 ChildProcessSecurityPolicyHelper* p = |
| 252 ChildProcessSecurityPolicyImpl::GetInstance(); | 242 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 253 | 243 |
| 254 p->Add(kRendererID); | 244 p->Add(kRendererID); |
| 255 | 245 |
| 256 // Currently, "asdf" is destined for ShellExecute, so it is allowed to be | 246 // Currently, "asdf" is destined for ShellExecute, so it is allowed to be |
| 257 // requested but not committed. | 247 // requested but not committed. |
| 258 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 248 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
| 259 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); | 249 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); |
| 260 | 250 |
| 261 // Once we register "asdf", we default to deny. | 251 // Once we register "asdf", we default to deny. |
| 262 RegisterTestScheme("asdf"); | 252 RegisterTestScheme("asdf"); |
| 263 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 253 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
| 264 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); | 254 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); |
| 265 | 255 |
| 266 // We can allow new schemes by adding them to the whitelist. | 256 // We can allow new schemes by adding them to the whitelist. |
| 267 p->RegisterWebSafeScheme("asdf"); | 257 p->RegisterWebSafeScheme("asdf"); |
| 268 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 258 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
| 269 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); | 259 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers"))); |
| 270 | 260 |
| 271 // Cleanup. | 261 // Cleanup. |
| 272 p->Remove(kRendererID); | 262 p->Remove(kRendererID); |
| 273 } | 263 } |
| 274 | 264 |
| 275 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { | 265 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { |
| 276 ChildProcessSecurityPolicyImpl* p = | 266 ChildProcessSecurityPolicyHelper* p = |
| 277 ChildProcessSecurityPolicyImpl::GetInstance(); | 267 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 278 | 268 |
| 279 p->Add(kRendererID); | 269 p->Add(kRendererID); |
| 280 | 270 |
| 281 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 271 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 282 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); | 272 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
| 283 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); | 273 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); |
| 284 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 274 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 285 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); | 275 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
| 286 | 276 |
| 287 // We should forget our state if we repeat a renderer id. | 277 // We should forget our state if we repeat a renderer id. |
| 288 p->Remove(kRendererID); | 278 p->Remove(kRendererID); |
| 289 p->Add(kRendererID); | 279 p->Add(kRendererID); |
| 290 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 280 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 291 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); | 281 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
| 292 p->Remove(kRendererID); | 282 p->Remove(kRendererID); |
| 293 } | 283 } |
| 294 | 284 |
| 295 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { | 285 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { |
| 296 ChildProcessSecurityPolicyImpl* p = | 286 ChildProcessSecurityPolicyHelper* p = |
| 297 ChildProcessSecurityPolicyImpl::GetInstance(); | 287 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 298 | 288 |
| 299 p->Add(kRendererID); | 289 p->Add(kRendererID); |
| 300 | 290 |
| 301 // Child processes cannot request view source URLs. | 291 // Child processes cannot request view source URLs. |
| 302 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 292 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
| 303 GURL("view-source:http://www.google.com/"))); | 293 GURL("view-source:http://www.google.com/"))); |
| 304 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 294 EXPECT_FALSE( |
| 305 GURL("view-source:file:///etc/passwd"))); | 295 p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"))); |
| 306 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 296 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 307 EXPECT_FALSE(p->CanRequestURL( | 297 EXPECT_FALSE(p->CanRequestURL( |
| 308 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); | 298 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); |
| 309 | 299 |
| 310 // View source URLs don't actually commit; the renderer is put into view | 300 // View source URLs don't actually commit; the renderer is put into view |
| 311 // source mode, and the inner URL commits. | 301 // source mode, and the inner URL commits. |
| 312 EXPECT_FALSE(p->CanCommitURL(kRendererID, | 302 EXPECT_FALSE( |
| 313 GURL("view-source:http://www.google.com/"))); | 303 p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/"))); |
| 314 EXPECT_FALSE(p->CanCommitURL(kRendererID, | 304 EXPECT_FALSE( |
| 315 GURL("view-source:file:///etc/passwd"))); | 305 p->CanCommitURL(kRendererID, GURL("view-source:file:///etc/passwd"))); |
| 316 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); | 306 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
| 317 EXPECT_FALSE(p->CanCommitURL( | 307 EXPECT_FALSE(p->CanCommitURL( |
| 318 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); | 308 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); |
| 319 | 309 |
| 320 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); | 310 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); |
| 321 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 311 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 322 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); | 312 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd"))); |
| 323 EXPECT_FALSE( | 313 EXPECT_FALSE( |
| 324 p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"))); | 314 p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"))); |
| 325 EXPECT_FALSE(p->CanCommitURL(kRendererID, | 315 EXPECT_FALSE( |
| 326 GURL("view-source:file:///etc/passwd"))); | 316 p->CanCommitURL(kRendererID, GURL("view-source:file:///etc/passwd"))); |
| 327 p->Remove(kRendererID); | 317 p->Remove(kRendererID); |
| 328 } | 318 } |
| 329 | 319 |
| 330 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { | 320 TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) { |
| 331 ChildProcessSecurityPolicyImpl* p = | 321 ChildProcessSecurityPolicyHelper* p = |
| 332 ChildProcessSecurityPolicyImpl::GetInstance(); | 322 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 333 | 323 |
| 334 p->Add(kRendererID); | 324 p->Add(kRendererID); |
| 335 | 325 |
| 336 GURL icon_url("file:///tmp/foo.png"); | 326 GURL icon_url("file:///tmp/foo.png"); |
| 337 GURL sensitive_url("file:///etc/passwd"); | 327 GURL sensitive_url("file:///etc/passwd"); |
| 338 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url)); | 328 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url)); |
| 339 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); | 329 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); |
| 340 EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url)); | 330 EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url)); |
| 341 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); | 331 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); |
| 342 | 332 |
| 343 p->GrantRequestSpecificFileURL(kRendererID, icon_url); | 333 p->GrantRequestSpecificFileURL(kRendererID, icon_url); |
| 344 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); | 334 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); |
| 345 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); | 335 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); |
| 346 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); | 336 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); |
| 347 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); | 337 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url)); |
| 348 | 338 |
| 349 p->GrantRequestURL(kRendererID, icon_url); | 339 p->GrantRequestURL(kRendererID, icon_url); |
| 350 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); | 340 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); |
| 351 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); | 341 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); |
| 352 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); | 342 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url)); |
| 353 EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url)); | 343 EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url)); |
| 354 | 344 |
| 355 p->Remove(kRendererID); | 345 p->Remove(kRendererID); |
| 356 } | 346 } |
| 357 | 347 |
| 358 TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) { | 348 TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) { |
| 359 ChildProcessSecurityPolicyImpl* p = | 349 ChildProcessSecurityPolicyHelper* p = |
| 360 ChildProcessSecurityPolicyImpl::GetInstance(); | 350 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 361 | 351 |
| 362 p->Add(kRendererID); | 352 p->Add(kRendererID); |
| 363 std::string read_id = | 353 std::string read_id = |
| 364 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath( | 354 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath( |
| 365 storage::kFileSystemTypeTest, "read_filesystem", base::FilePath()); | 355 storage::kFileSystemTypeTest, "read_filesystem", base::FilePath()); |
| 366 std::string read_write_id = | 356 std::string read_write_id = |
| 367 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath( | 357 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath( |
| 368 storage::kFileSystemTypeTest, | 358 storage::kFileSystemTypeTest, "read_write_filesystem", |
| 369 "read_write_filesystem", | |
| 370 base::FilePath()); | 359 base::FilePath()); |
| 371 std::string copy_into_id = | 360 std::string copy_into_id = |
| 372 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath( | 361 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath( |
| 373 storage::kFileSystemTypeTest, | 362 storage::kFileSystemTypeTest, "copy_into_filesystem", |
| 374 "copy_into_filesystem", | |
| 375 base::FilePath()); | 363 base::FilePath()); |
| 376 std::string delete_from_id = | 364 std::string delete_from_id = |
| 377 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath( | 365 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath( |
| 378 storage::kFileSystemTypeTest, | 366 storage::kFileSystemTypeTest, "delete_from_filesystem", |
| 379 "delete_from_filesystem", | |
| 380 base::FilePath()); | 367 base::FilePath()); |
| 381 | 368 |
| 382 // Test initially having no permissions. | 369 // Test initially having no permissions. |
| 383 CheckHasNoFileSystemPermission(p, read_id); | 370 CheckHasNoFileSystemPermission(p, read_id); |
| 384 CheckHasNoFileSystemPermission(p, read_write_id); | 371 CheckHasNoFileSystemPermission(p, read_write_id); |
| 385 CheckHasNoFileSystemPermission(p, copy_into_id); | 372 CheckHasNoFileSystemPermission(p, copy_into_id); |
| 386 CheckHasNoFileSystemPermission(p, delete_from_id); | 373 CheckHasNoFileSystemPermission(p, delete_from_id); |
| 387 | 374 |
| 388 // Testing varying combinations of grants and checks. | 375 // Testing varying combinations of grants and checks. |
| 389 p->GrantReadFileSystem(kRendererID, read_id); | 376 p->GrantReadFileSystem(kRendererID, read_id); |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 427 | 414 |
| 428 // Cleanup. | 415 // Cleanup. |
| 429 p->Remove(kRendererID); | 416 p->Remove(kRendererID); |
| 430 storage::IsolatedContext::GetInstance()->RevokeFileSystem(read_id); | 417 storage::IsolatedContext::GetInstance()->RevokeFileSystem(read_id); |
| 431 storage::IsolatedContext::GetInstance()->RevokeFileSystem(read_write_id); | 418 storage::IsolatedContext::GetInstance()->RevokeFileSystem(read_write_id); |
| 432 storage::IsolatedContext::GetInstance()->RevokeFileSystem(copy_into_id); | 419 storage::IsolatedContext::GetInstance()->RevokeFileSystem(copy_into_id); |
| 433 storage::IsolatedContext::GetInstance()->RevokeFileSystem(delete_from_id); | 420 storage::IsolatedContext::GetInstance()->RevokeFileSystem(delete_from_id); |
| 434 } | 421 } |
| 435 | 422 |
| 436 TEST_F(ChildProcessSecurityPolicyTest, FilePermissionGrantingAndRevoking) { | 423 TEST_F(ChildProcessSecurityPolicyTest, FilePermissionGrantingAndRevoking) { |
| 437 ChildProcessSecurityPolicyImpl* p = | 424 ChildProcessSecurityPolicyHelper* p = |
| 438 ChildProcessSecurityPolicyImpl::GetInstance(); | 425 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 439 | 426 |
| 440 p->RegisterFileSystemPermissionPolicy( | 427 p->RegisterFileSystemPermissionPolicy( |
| 441 storage::kFileSystemTypeTest, | 428 storage::kFileSystemTypeTest, |
| 442 storage::FILE_PERMISSION_USE_FILE_PERMISSION); | 429 storage::FILE_PERMISSION_USE_FILE_PERMISSION); |
| 443 | 430 |
| 444 p->Add(kRendererID); | 431 p->Add(kRendererID); |
| 445 base::FilePath file(TEST_PATH("/dir/testfile")); | 432 base::FilePath file(TEST_PATH("/dir/testfile")); |
| 446 file = file.NormalizePathSeparators(); | 433 file = file.NormalizePathSeparators(); |
| 447 storage::FileSystemURL url = storage::FileSystemURL::CreateForTest( | 434 storage::FileSystemURL url = storage::FileSystemURL::CreateForTest( |
| 448 GURL("http://foo/"), storage::kFileSystemTypeTest, file); | 435 GURL("http://foo/"), storage::kFileSystemTypeTest, file); |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 497 } | 484 } |
| 498 | 485 |
| 499 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { | 486 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { |
| 500 base::FilePath granted_file = base::FilePath(TEST_PATH("/home/joe")); | 487 base::FilePath granted_file = base::FilePath(TEST_PATH("/home/joe")); |
| 501 base::FilePath sibling_file = base::FilePath(TEST_PATH("/home/bob")); | 488 base::FilePath sibling_file = base::FilePath(TEST_PATH("/home/bob")); |
| 502 base::FilePath child_file = base::FilePath(TEST_PATH("/home/joe/file")); | 489 base::FilePath child_file = base::FilePath(TEST_PATH("/home/joe/file")); |
| 503 base::FilePath parent_file = base::FilePath(TEST_PATH("/home")); | 490 base::FilePath parent_file = base::FilePath(TEST_PATH("/home")); |
| 504 base::FilePath parent_slash_file = base::FilePath(TEST_PATH("/home/")); | 491 base::FilePath parent_slash_file = base::FilePath(TEST_PATH("/home/")); |
| 505 base::FilePath child_traversal1 = | 492 base::FilePath child_traversal1 = |
| 506 base::FilePath(TEST_PATH("/home/joe/././file")); | 493 base::FilePath(TEST_PATH("/home/joe/././file")); |
| 507 base::FilePath child_traversal2 = base::FilePath( | 494 base::FilePath child_traversal2 = |
| 508 TEST_PATH("/home/joe/file/../otherfile")); | 495 base::FilePath(TEST_PATH("/home/joe/file/../otherfile")); |
| 509 base::FilePath evil_traversal1 = | 496 base::FilePath evil_traversal1 = |
| 510 base::FilePath(TEST_PATH("/home/joe/../../etc/passwd")); | 497 base::FilePath(TEST_PATH("/home/joe/../../etc/passwd")); |
| 511 base::FilePath evil_traversal2 = base::FilePath( | 498 base::FilePath evil_traversal2 = |
| 512 TEST_PATH("/home/joe/./.././../etc/passwd")); | 499 base::FilePath(TEST_PATH("/home/joe/./.././../etc/passwd")); |
| 513 base::FilePath self_traversal = | 500 base::FilePath self_traversal = |
| 514 base::FilePath(TEST_PATH("/home/joe/../joe/file")); | 501 base::FilePath(TEST_PATH("/home/joe/../joe/file")); |
| 515 base::FilePath relative_file = base::FilePath(FILE_PATH_LITERAL("home/joe")); | 502 base::FilePath relative_file = base::FilePath(FILE_PATH_LITERAL("home/joe")); |
| 516 | 503 |
| 517 ChildProcessSecurityPolicyImpl* p = | 504 ChildProcessSecurityPolicyHelper* p = |
| 518 ChildProcessSecurityPolicyImpl::GetInstance(); | 505 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 519 | 506 |
| 520 // Grant permissions for a file. | 507 // Grant permissions for a file. |
| 521 p->Add(kRendererID); | 508 p->Add(kRendererID); |
| 522 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 509 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 523 base::File::FLAG_OPEN)); | 510 base::File::FLAG_OPEN)); |
| 524 | 511 |
| 525 GrantPermissionsForFile(p, kRendererID, granted_file, | 512 GrantPermissionsForFile(p, kRendererID, granted_file, |
| 526 base::File::FLAG_OPEN | | 513 base::File::FLAG_OPEN | |
| 527 base::File::FLAG_OPEN_TRUNCATED | | 514 base::File::FLAG_OPEN_TRUNCATED | |
| 528 base::File::FLAG_READ | | 515 base::File::FLAG_READ | base::File::FLAG_WRITE); |
| 529 base::File::FLAG_WRITE); | 516 EXPECT_TRUE(p->HasPermissionsForFile( |
| 530 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, | 517 kRendererID, granted_file, |
| 531 base::File::FLAG_OPEN | | 518 base::File::FLAG_OPEN | base::File::FLAG_OPEN_TRUNCATED | |
| 532 base::File::FLAG_OPEN_TRUNCATED | | 519 base::File::FLAG_READ | base::File::FLAG_WRITE)); |
| 533 base::File::FLAG_READ | | 520 EXPECT_TRUE( |
| 534 base::File::FLAG_WRITE)); | 521 p->HasPermissionsForFile(kRendererID, granted_file, |
| 535 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, | 522 base::File::FLAG_OPEN | base::File::FLAG_READ)); |
| 536 base::File::FLAG_OPEN | | |
| 537 base::File::FLAG_READ)); | |
| 538 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 523 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 539 base::File::FLAG_CREATE)); | 524 base::File::FLAG_CREATE)); |
| 540 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, 0)); | 525 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, 0)); |
| 541 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 526 EXPECT_FALSE(p->HasPermissionsForFile( |
| 542 base::File::FLAG_CREATE | | 527 kRendererID, granted_file, |
| 543 base::File::FLAG_OPEN_TRUNCATED | | 528 base::File::FLAG_CREATE | base::File::FLAG_OPEN_TRUNCATED | |
| 544 base::File::FLAG_READ | | 529 base::File::FLAG_READ | base::File::FLAG_WRITE)); |
| 545 base::File::FLAG_WRITE)); | 530 EXPECT_FALSE( |
| 546 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file, | 531 p->HasPermissionsForFile(kRendererID, sibling_file, |
| 547 base::File::FLAG_OPEN | | 532 base::File::FLAG_OPEN | base::File::FLAG_READ)); |
| 548 base::File::FLAG_READ)); | 533 EXPECT_FALSE(p->HasPermissionsForFile( |
| 549 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file, | 534 kRendererID, parent_file, base::File::FLAG_OPEN | base::File::FLAG_READ)); |
| 550 base::File::FLAG_OPEN | | 535 EXPECT_TRUE(p->HasPermissionsForFile( |
| 551 base::File::FLAG_READ)); | 536 kRendererID, child_file, base::File::FLAG_OPEN | base::File::FLAG_READ)); |
| 552 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file, | 537 EXPECT_TRUE( |
| 553 base::File::FLAG_OPEN | | 538 p->HasPermissionsForFile(kRendererID, child_traversal1, |
| 554 base::File::FLAG_READ)); | 539 base::File::FLAG_OPEN | base::File::FLAG_READ)); |
| 555 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1, | 540 EXPECT_TRUE( |
| 556 base::File::FLAG_OPEN | | 541 p->HasPermissionsForFile(kRendererID, child_traversal2, |
| 557 base::File::FLAG_READ)); | 542 base::File::FLAG_OPEN | base::File::FLAG_READ)); |
| 558 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2, | 543 EXPECT_FALSE( |
| 559 base::File::FLAG_OPEN | | 544 p->HasPermissionsForFile(kRendererID, evil_traversal1, |
| 560 base::File::FLAG_READ)); | 545 base::File::FLAG_OPEN | base::File::FLAG_READ)); |
| 561 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1, | 546 EXPECT_FALSE( |
| 562 base::File::FLAG_OPEN | | 547 p->HasPermissionsForFile(kRendererID, evil_traversal2, |
| 563 base::File::FLAG_READ)); | 548 base::File::FLAG_OPEN | base::File::FLAG_READ)); |
| 564 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2, | |
| 565 base::File::FLAG_OPEN | | |
| 566 base::File::FLAG_READ)); | |
| 567 // CPSP doesn't allow this case for the sake of simplicity. | 549 // CPSP doesn't allow this case for the sake of simplicity. |
| 568 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal, | 550 EXPECT_FALSE( |
| 569 base::File::FLAG_OPEN | | 551 p->HasPermissionsForFile(kRendererID, self_traversal, |
| 570 base::File::FLAG_READ)); | 552 base::File::FLAG_OPEN | base::File::FLAG_READ)); |
| 571 p->Remove(kRendererID); | 553 p->Remove(kRendererID); |
| 572 | 554 |
| 573 // Grant permissions for the directory the file is in. | 555 // Grant permissions for the directory the file is in. |
| 574 p->Add(kRendererID); | 556 p->Add(kRendererID); |
| 575 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 557 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 576 base::File::FLAG_OPEN)); | 558 base::File::FLAG_OPEN)); |
| 577 GrantPermissionsForFile(p, kRendererID, parent_file, | 559 GrantPermissionsForFile(p, kRendererID, parent_file, |
| 578 base::File::FLAG_OPEN | | 560 base::File::FLAG_OPEN | base::File::FLAG_READ); |
| 579 base::File::FLAG_READ); | |
| 580 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, | 561 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 581 base::File::FLAG_OPEN)); | 562 base::File::FLAG_OPEN)); |
| 582 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 563 EXPECT_FALSE( |
| 583 base::File::FLAG_READ | | 564 p->HasPermissionsForFile(kRendererID, granted_file, |
| 584 base::File::FLAG_WRITE)); | 565 base::File::FLAG_READ | base::File::FLAG_WRITE)); |
| 585 p->Remove(kRendererID); | 566 p->Remove(kRendererID); |
| 586 | 567 |
| 587 // Grant permissions for the directory the file is in (with trailing '/'). | 568 // Grant permissions for the directory the file is in (with trailing '/'). |
| 588 p->Add(kRendererID); | 569 p->Add(kRendererID); |
| 589 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 570 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 590 base::File::FLAG_OPEN)); | 571 base::File::FLAG_OPEN)); |
| 591 GrantPermissionsForFile(p, kRendererID, parent_slash_file, | 572 GrantPermissionsForFile(p, kRendererID, parent_slash_file, |
| 592 base::File::FLAG_OPEN | | 573 base::File::FLAG_OPEN | base::File::FLAG_READ); |
| 593 base::File::FLAG_READ); | |
| 594 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, | 574 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 595 base::File::FLAG_OPEN)); | 575 base::File::FLAG_OPEN)); |
| 596 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 576 EXPECT_FALSE( |
| 597 base::File::FLAG_READ | | 577 p->HasPermissionsForFile(kRendererID, granted_file, |
| 598 base::File::FLAG_WRITE)); | 578 base::File::FLAG_READ | base::File::FLAG_WRITE)); |
| 599 | 579 |
| 600 // Grant permissions for the file (should overwrite the permissions granted | 580 // Grant permissions for the file (should overwrite the permissions granted |
| 601 // for the directory). | 581 // for the directory). |
| 602 GrantPermissionsForFile(p, kRendererID, granted_file, | 582 GrantPermissionsForFile(p, kRendererID, granted_file, |
| 603 base::File::FLAG_TEMPORARY); | 583 base::File::FLAG_TEMPORARY); |
| 604 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 584 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 605 base::File::FLAG_OPEN)); | 585 base::File::FLAG_OPEN)); |
| 606 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, | 586 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 607 base::File::FLAG_TEMPORARY)); | 587 base::File::FLAG_TEMPORARY)); |
| 608 | 588 |
| 609 // Revoke all permissions for the file (it should inherit its permissions | 589 // Revoke all permissions for the file (it should inherit its permissions |
| 610 // from the directory again). | 590 // from the directory again). |
| 611 p->RevokeAllPermissionsForFile(kRendererID, granted_file); | 591 p->RevokeAllPermissionsForFile(kRendererID, granted_file); |
| 612 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, | 592 EXPECT_TRUE( |
| 613 base::File::FLAG_OPEN | | 593 p->HasPermissionsForFile(kRendererID, granted_file, |
| 614 base::File::FLAG_READ)); | 594 base::File::FLAG_OPEN | base::File::FLAG_READ)); |
| 615 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 595 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 616 base::File::FLAG_TEMPORARY)); | 596 base::File::FLAG_TEMPORARY)); |
| 617 p->Remove(kRendererID); | 597 p->Remove(kRendererID); |
| 618 | 598 |
| 619 // Grant file permissions for the file to main thread renderer process, | 599 // Grant file permissions for the file to main thread renderer process, |
| 620 // make sure its worker thread renderer process inherits those. | 600 // make sure its worker thread renderer process inherits those. |
| 621 p->Add(kRendererID); | 601 p->Add(kRendererID); |
| 622 GrantPermissionsForFile(p, kRendererID, granted_file, | 602 GrantPermissionsForFile(p, kRendererID, granted_file, |
| 623 base::File::FLAG_OPEN | | 603 base::File::FLAG_OPEN | base::File::FLAG_READ); |
| 624 base::File::FLAG_READ); | 604 EXPECT_TRUE( |
| 625 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, | 605 p->HasPermissionsForFile(kRendererID, granted_file, |
| 626 base::File::FLAG_OPEN | | 606 base::File::FLAG_OPEN | base::File::FLAG_READ)); |
| 627 base::File::FLAG_READ)); | |
| 628 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 607 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 629 base::File::FLAG_WRITE)); | 608 base::File::FLAG_WRITE)); |
| 630 p->AddWorker(kWorkerRendererID, kRendererID); | 609 p->AddWorker(kWorkerRendererID, kRendererID); |
| 631 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, | 610 EXPECT_TRUE( |
| 632 base::File::FLAG_OPEN | | 611 p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
| 633 base::File::FLAG_READ)); | 612 base::File::FLAG_OPEN | base::File::FLAG_READ)); |
| 634 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, | 613 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
| 635 base::File::FLAG_WRITE)); | 614 base::File::FLAG_WRITE)); |
| 636 p->Remove(kRendererID); | 615 p->Remove(kRendererID); |
| 637 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, | 616 EXPECT_FALSE( |
| 638 base::File::FLAG_OPEN | | 617 p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
| 639 base::File::FLAG_READ)); | 618 base::File::FLAG_OPEN | base::File::FLAG_READ)); |
| 640 p->Remove(kWorkerRendererID); | 619 p->Remove(kWorkerRendererID); |
| 641 | 620 |
| 642 p->Add(kRendererID); | 621 p->Add(kRendererID); |
| 643 GrantPermissionsForFile(p, kRendererID, relative_file, | 622 GrantPermissionsForFile(p, kRendererID, relative_file, base::File::FLAG_OPEN); |
| 644 base::File::FLAG_OPEN); | |
| 645 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, relative_file, | 623 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, relative_file, |
| 646 base::File::FLAG_OPEN)); | 624 base::File::FLAG_OPEN)); |
| 647 p->Remove(kRendererID); | 625 p->Remove(kRendererID); |
| 648 } | 626 } |
| 649 | 627 |
| 650 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { | 628 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { |
| 651 ChildProcessSecurityPolicyImpl* p = | 629 ChildProcessSecurityPolicyHelper* p = |
| 652 ChildProcessSecurityPolicyImpl::GetInstance(); | 630 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 653 | 631 |
| 654 GURL url("chrome://thumb/http://www.google.com/"); | 632 GURL url("chrome://thumb/http://www.google.com/"); |
| 655 | 633 |
| 656 p->Add(kRendererID); | 634 p->Add(kRendererID); |
| 657 | 635 |
| 658 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 636 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
| 659 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 637 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| 660 p->GrantWebUIBindings(kRendererID); | 638 p->GrantWebUIBindings(kRendererID); |
| 661 EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); | 639 EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); |
| 662 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); | 640 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); |
| 663 | 641 |
| 664 p->Remove(kRendererID); | 642 p->Remove(kRendererID); |
| 665 } | 643 } |
| 666 | 644 |
| 667 TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) { | 645 TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) { |
| 668 ChildProcessSecurityPolicyImpl* p = | 646 ChildProcessSecurityPolicyHelper* p = |
| 669 ChildProcessSecurityPolicyImpl::GetInstance(); | 647 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 670 | 648 |
| 671 GURL url("file:///etc/passwd"); | 649 GURL url("file:///etc/passwd"); |
| 672 base::FilePath file(TEST_PATH("/etc/passwd")); | 650 base::FilePath file(TEST_PATH("/etc/passwd")); |
| 673 | 651 |
| 674 p->Add(kRendererID); | 652 p->Add(kRendererID); |
| 675 | 653 |
| 676 p->GrantRequestURL(kRendererID, url); | 654 p->GrantRequestURL(kRendererID, url); |
| 677 p->GrantReadFile(kRendererID, file); | 655 p->GrantReadFile(kRendererID, file); |
| 678 p->GrantWebUIBindings(kRendererID); | 656 p->GrantWebUIBindings(kRendererID); |
| 679 | 657 |
| 680 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); | 658 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); |
| 681 EXPECT_TRUE(p->CanReadFile(kRendererID, file)); | 659 EXPECT_TRUE(p->CanReadFile(kRendererID, file)); |
| 682 EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); | 660 EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); |
| 683 | 661 |
| 684 p->Remove(kRendererID); | 662 p->Remove(kRendererID); |
| 685 | 663 |
| 686 // Renderers are added and removed on the UI thread, but the policy can be | 664 // Renderers are added and removed on the UI thread, but the policy can be |
| 687 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 665 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
| 688 // prepared to answer policy questions about renderers who no longer exist. | 666 // prepared to answer policy questions about renderers who no longer exist. |
| 689 | 667 |
| 690 // In this case, we default to secure behavior. | 668 // In this case, we default to secure behavior. |
| 691 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 669 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| 692 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 670 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
| 693 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 671 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
| 694 } | 672 } |
| 695 | 673 |
| 696 // Test the granting of origin permissions, and their interactions with | 674 // Test the granting of origin permissions, and their interactions with |
| 697 // granting scheme permissions. | 675 // granting scheme permissions. |
| 698 TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) { | 676 TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) { |
| 699 ChildProcessSecurityPolicyImpl* p = | 677 ChildProcessSecurityPolicyHelper* p = |
| 700 ChildProcessSecurityPolicyImpl::GetInstance(); | 678 ChildProcessSecurityPolicyHelper::GetInstance(); |
| 701 | 679 |
| 702 p->Add(kRendererID); | 680 p->Add(kRendererID); |
| 703 | 681 |
| 704 GURL url_foo1("chrome://foo/resource1"); | 682 GURL url_foo1("chrome://foo/resource1"); |
| 705 GURL url_foo2("chrome://foo/resource2"); | 683 GURL url_foo2("chrome://foo/resource2"); |
| 706 GURL url_bar("chrome://bar/resource3"); | 684 GURL url_bar("chrome://bar/resource3"); |
| 707 | 685 |
| 708 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo1)); | 686 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo1)); |
| 709 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo2)); | 687 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo2)); |
| 710 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar)); | 688 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar)); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 727 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); | 705 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2)); |
| 728 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar)); | 706 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar)); |
| 729 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); | 707 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); |
| 730 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); | 708 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); |
| 731 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); | 709 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); |
| 732 | 710 |
| 733 p->Remove(kRendererID); | 711 p->Remove(kRendererID); |
| 734 } | 712 } |
| 735 | 713 |
| 736 } // namespace content | 714 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2111343002:
Move implementation of ChildProcessSecurityPolicyImpl to c/b/shared, and wrap in c/b (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@mffr-win