| Index: content/browser/shared/child_process_security_policy_helper.cc
|
| diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/shared/child_process_security_policy_helper.cc
|
| similarity index 74%
|
| copy from content/browser/child_process_security_policy_impl.cc
|
| copy to content/browser/shared/child_process_security_policy_helper.cc
|
| index 0def4b57ad00d5633e426246ec2b46e29c3159ae..88c8168fd1aceb8575022e94b5acac50ab91ba4d 100644
|
| --- a/content/browser/child_process_security_policy_impl.cc
|
| +++ b/content/browser/shared/child_process_security_policy_helper.cc
|
| @@ -2,7 +2,7 @@
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#include "content/browser/child_process_security_policy_impl.h"
|
| +#include "content/browser/shared/child_process_security_policy_helper.h"
|
|
|
| #include <algorithm>
|
| #include <utility>
|
| @@ -37,24 +37,24 @@ namespace {
|
| // Used internally only. These bit positions have no relationship to any
|
| // underlying OS and can be changed to accommodate finer-grained permissions.
|
| enum ChildProcessSecurityPermissions {
|
| - READ_FILE_PERMISSION = 1 << 0,
|
| - WRITE_FILE_PERMISSION = 1 << 1,
|
| - CREATE_NEW_FILE_PERMISSION = 1 << 2,
|
| + READ_FILE_PERMISSION = 1 << 0,
|
| + WRITE_FILE_PERMISSION = 1 << 1,
|
| + CREATE_NEW_FILE_PERMISSION = 1 << 2,
|
| CREATE_OVERWRITE_FILE_PERMISSION = 1 << 3,
|
| - DELETE_FILE_PERMISSION = 1 << 4,
|
| + DELETE_FILE_PERMISSION = 1 << 4,
|
|
|
| // Used by Media Galleries API
|
| - COPY_INTO_FILE_PERMISSION = 1 << 5,
|
| + COPY_INTO_FILE_PERMISSION = 1 << 5,
|
| };
|
|
|
| // Used internally only. Bitmasks that are actually used by the Grant* and Can*
|
| // methods. These contain one or more ChildProcessSecurityPermissions.
|
| enum ChildProcessSecurityGrants {
|
| - READ_FILE_GRANT = READ_FILE_PERMISSION,
|
| - WRITE_FILE_GRANT = WRITE_FILE_PERMISSION,
|
| + READ_FILE_GRANT = READ_FILE_PERMISSION,
|
| + WRITE_FILE_GRANT = WRITE_FILE_PERMISSION,
|
|
|
| - CREATE_NEW_FILE_GRANT = CREATE_NEW_FILE_PERMISSION |
|
| - COPY_INTO_FILE_PERMISSION,
|
| + CREATE_NEW_FILE_GRANT =
|
| + CREATE_NEW_FILE_PERMISSION | COPY_INTO_FILE_PERMISSION,
|
|
|
| CREATE_READ_WRITE_FILE_GRANT = CREATE_NEW_FILE_PERMISSION |
|
| CREATE_OVERWRITE_FILE_PERMISSION |
|
| @@ -63,28 +63,27 @@ enum ChildProcessSecurityGrants {
|
| COPY_INTO_FILE_PERMISSION |
|
| DELETE_FILE_PERMISSION,
|
|
|
| - COPY_INTO_FILE_GRANT = COPY_INTO_FILE_PERMISSION,
|
| - DELETE_FILE_GRANT = DELETE_FILE_PERMISSION,
|
| + COPY_INTO_FILE_GRANT = COPY_INTO_FILE_PERMISSION,
|
| + DELETE_FILE_GRANT = DELETE_FILE_PERMISSION,
|
| };
|
|
|
| } // namespace
|
|
|
| // The SecurityState class is used to maintain per-child process security state
|
| // information.
|
| -class ChildProcessSecurityPolicyImpl::SecurityState {
|
| +class ChildProcessSecurityPolicyHelper::SecurityState {
|
| public:
|
| SecurityState()
|
| - : enabled_bindings_(0),
|
| - can_read_raw_cookies_(false),
|
| - can_send_midi_sysex_(false) { }
|
| + : enabled_bindings_(0),
|
| + can_read_raw_cookies_(false),
|
| + can_send_midi_sysex_(false) {}
|
|
|
| ~SecurityState() {
|
| scheme_policy_.clear();
|
| storage::IsolatedContext* isolated_context =
|
| storage::IsolatedContext::GetInstance();
|
| for (FileSystemMap::iterator iter = filesystem_permissions_.begin();
|
| - iter != filesystem_permissions_.end();
|
| - ++iter) {
|
| + iter != filesystem_permissions_.end(); ++iter) {
|
| isolated_context->RemoveReference(iter->first);
|
| }
|
| UMA_HISTOGRAM_COUNTS("ChildProcessSecurityPolicy.PerChildFilePermissions",
|
| @@ -92,14 +91,10 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
|
| }
|
|
|
| // Grant permission to request URLs with the specified origin.
|
| - void GrantOrigin(const url::Origin& origin) {
|
| - origin_set_.insert(origin);
|
| - }
|
| + void GrantOrigin(const url::Origin& origin) { origin_set_.insert(origin); }
|
|
|
| // Grant permission to request URLs with the specified scheme.
|
| - void GrantScheme(const std::string& scheme) {
|
| - scheme_policy_[scheme] = true;
|
| - }
|
| + void GrantScheme(const std::string& scheme) { scheme_policy_[scheme] = true; }
|
|
|
| // Revoke permission to request URLs with the specified scheme.
|
| void RevokeScheme(const std::string& scheme) {
|
| @@ -115,7 +110,7 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
|
| }
|
|
|
| // Grant navigation to a file but not the file:// scheme in general.
|
| - void GrantRequestOfSpecificFile(const base::FilePath &file) {
|
| + void GrantRequestOfSpecificFile(const base::FilePath& file) {
|
| request_file_set_.insert(file.StripTrailingSeparators());
|
| }
|
|
|
| @@ -159,21 +154,13 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
|
| }
|
| #endif
|
|
|
| - void GrantBindings(int bindings) {
|
| - enabled_bindings_ |= bindings;
|
| - }
|
| + void GrantBindings(int bindings) { enabled_bindings_ |= bindings; }
|
|
|
| - void GrantReadRawCookies() {
|
| - can_read_raw_cookies_ = true;
|
| - }
|
| + void GrantReadRawCookies() { can_read_raw_cookies_ = true; }
|
|
|
| - void RevokeReadRawCookies() {
|
| - can_read_raw_cookies_ = false;
|
| - }
|
| + void RevokeReadRawCookies() { can_read_raw_cookies_ = false; }
|
|
|
| - void GrantPermissionForMidiSysEx() {
|
| - can_send_midi_sysex_ = true;
|
| - }
|
| + void GrantPermissionForMidiSysEx() { can_send_midi_sysex_ = true; }
|
|
|
| // Determine whether permission has been granted to commit |url|.
|
| bool CanCommitURL(const GURL& url) {
|
| @@ -238,21 +225,15 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
|
| return origin_lock_ == site_gurl;
|
| }
|
|
|
| - void LockToOrigin(const GURL& gurl) {
|
| - origin_lock_ = gurl;
|
| - }
|
| + void LockToOrigin(const GURL& gurl) { origin_lock_ = gurl; }
|
|
|
| bool has_web_ui_bindings() const {
|
| return enabled_bindings_ & BINDINGS_POLICY_WEB_UI;
|
| }
|
|
|
| - bool can_read_raw_cookies() const {
|
| - return can_read_raw_cookies_;
|
| - }
|
| + bool can_read_raw_cookies() const { return can_read_raw_cookies_; }
|
|
|
| - bool can_send_midi_sysex() const {
|
| - return can_send_midi_sysex_;
|
| - }
|
| + bool can_send_midi_sysex() const { return can_send_midi_sysex_; }
|
|
|
| private:
|
| typedef std::map<std::string, bool> SchemeMap;
|
| @@ -294,7 +275,7 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
|
| DISALLOW_COPY_AND_ASSIGN(SecurityState);
|
| };
|
|
|
| -ChildProcessSecurityPolicyImpl::ChildProcessSecurityPolicyImpl() {
|
| +ChildProcessSecurityPolicyHelper::ChildProcessSecurityPolicyHelper() {
|
| // We know about these schemes and believe them to be safe.
|
| RegisterWebSafeScheme(url::kHttpScheme);
|
| RegisterWebSafeScheme(url::kHttpsScheme);
|
| @@ -310,7 +291,7 @@ ChildProcessSecurityPolicyImpl::ChildProcessSecurityPolicyImpl() {
|
| RegisterPseudoScheme(kViewSourceScheme);
|
| }
|
|
|
| -ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() {
|
| +ChildProcessSecurityPolicyHelper::~ChildProcessSecurityPolicyHelper() {
|
| web_safe_schemes_.clear();
|
| pseudo_schemes_.clear();
|
| STLDeleteContainerPairSecondPointers(security_state_.begin(),
|
| @@ -318,28 +299,24 @@ ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() {
|
| security_state_.clear();
|
| }
|
|
|
| -// static
|
| -ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() {
|
| - return ChildProcessSecurityPolicyImpl::GetInstance();
|
| -}
|
| -
|
| -ChildProcessSecurityPolicyImpl* ChildProcessSecurityPolicyImpl::GetInstance() {
|
| - return base::Singleton<ChildProcessSecurityPolicyImpl>::get();
|
| +ChildProcessSecurityPolicyHelper*
|
| +ChildProcessSecurityPolicyHelper::GetInstance() {
|
| + return base::Singleton<ChildProcessSecurityPolicyHelper>::get();
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::Add(int child_id) {
|
| +void ChildProcessSecurityPolicyHelper::Add(int child_id) {
|
| base::AutoLock lock(lock_);
|
| AddChild(child_id);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::AddWorker(int child_id,
|
| - int main_render_process_id) {
|
| +void ChildProcessSecurityPolicyHelper::AddWorker(int child_id,
|
| + int main_render_process_id) {
|
| base::AutoLock lock(lock_);
|
| AddChild(child_id);
|
| worker_map_[child_id] = main_render_process_id;
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::Remove(int child_id) {
|
| +void ChildProcessSecurityPolicyHelper::Remove(int child_id) {
|
| base::AutoLock lock(lock_);
|
| SecurityStateMap::iterator it = security_state_.find(child_id);
|
| if (it == security_state_.end())
|
| @@ -350,7 +327,7 @@ void ChildProcessSecurityPolicyImpl::Remove(int child_id) {
|
| worker_map_.erase(child_id);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::RegisterWebSafeScheme(
|
| +void ChildProcessSecurityPolicyHelper::RegisterWebSafeScheme(
|
| const std::string& scheme) {
|
| base::AutoLock lock(lock_);
|
| DCHECK_EQ(0U, web_safe_schemes_.count(scheme)) << "Add schemes at most once.";
|
| @@ -360,14 +337,14 @@ void ChildProcessSecurityPolicyImpl::RegisterWebSafeScheme(
|
| web_safe_schemes_.insert(scheme);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::IsWebSafeScheme(
|
| +bool ChildProcessSecurityPolicyHelper::IsWebSafeScheme(
|
| const std::string& scheme) {
|
| base::AutoLock lock(lock_);
|
|
|
| return ContainsKey(web_safe_schemes_, scheme);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::RegisterPseudoScheme(
|
| +void ChildProcessSecurityPolicyHelper::RegisterPseudoScheme(
|
| const std::string& scheme) {
|
| base::AutoLock lock(lock_);
|
| DCHECK_EQ(0U, pseudo_schemes_.count(scheme)) << "Add schemes at most once.";
|
| @@ -377,16 +354,15 @@ void ChildProcessSecurityPolicyImpl::RegisterPseudoScheme(
|
| pseudo_schemes_.insert(scheme);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::IsPseudoScheme(
|
| +bool ChildProcessSecurityPolicyHelper::IsPseudoScheme(
|
| const std::string& scheme) {
|
| base::AutoLock lock(lock_);
|
|
|
| return ContainsKey(pseudo_schemes_, scheme);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantRequestURL(
|
| - int child_id, const GURL& url) {
|
| -
|
| +void ChildProcessSecurityPolicyHelper::GrantRequestURL(int child_id,
|
| + const GURL& url) {
|
| if (!url.is_valid())
|
| return; // Can't grant the capability to request invalid URLs.
|
|
|
| @@ -409,7 +385,7 @@ void ChildProcessSecurityPolicyImpl::GrantRequestURL(
|
| }
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantRequestSpecificFileURL(
|
| +void ChildProcessSecurityPolicyHelper::GrantRequestSpecificFileURL(
|
| int child_id,
|
| const GURL& url) {
|
| if (!url.SchemeIs(url::kFileScheme))
|
| @@ -429,28 +405,34 @@ void ChildProcessSecurityPolicyImpl::GrantRequestSpecificFileURL(
|
| }
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantReadFile(int child_id,
|
| - const base::FilePath& file) {
|
| +void ChildProcessSecurityPolicyHelper::GrantReadFile(
|
| + int child_id,
|
| + const base::FilePath& file) {
|
| GrantPermissionsForFile(child_id, file, READ_FILE_GRANT);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFile(
|
| - int child_id, const base::FilePath& file) {
|
| +void ChildProcessSecurityPolicyHelper::GrantCreateReadWriteFile(
|
| + int child_id,
|
| + const base::FilePath& file) {
|
| GrantPermissionsForFile(child_id, file, CREATE_READ_WRITE_FILE_GRANT);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantCopyInto(int child_id,
|
| - const base::FilePath& dir) {
|
| +void ChildProcessSecurityPolicyHelper::GrantCopyInto(
|
| + int child_id,
|
| + const base::FilePath& dir) {
|
| GrantPermissionsForFile(child_id, dir, COPY_INTO_FILE_GRANT);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantDeleteFrom(
|
| - int child_id, const base::FilePath& dir) {
|
| +void ChildProcessSecurityPolicyHelper::GrantDeleteFrom(
|
| + int child_id,
|
| + const base::FilePath& dir) {
|
| GrantPermissionsForFile(child_id, dir, DELETE_FILE_GRANT);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantPermissionsForFile(
|
| - int child_id, const base::FilePath& file, int permissions) {
|
| +void ChildProcessSecurityPolicyHelper::GrantPermissionsForFile(
|
| + int child_id,
|
| + const base::FilePath& file,
|
| + int permissions) {
|
| base::AutoLock lock(lock_);
|
|
|
| SecurityStateMap::iterator state = security_state_.find(child_id);
|
| @@ -460,8 +442,9 @@ void ChildProcessSecurityPolicyImpl::GrantPermissionsForFile(
|
| state->second->GrantPermissionsForFile(file, permissions);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::RevokeAllPermissionsForFile(
|
| - int child_id, const base::FilePath& file) {
|
| +void ChildProcessSecurityPolicyHelper::RevokeAllPermissionsForFile(
|
| + int child_id,
|
| + const base::FilePath& file) {
|
| base::AutoLock lock(lock_);
|
|
|
| SecurityStateMap::iterator state = security_state_.find(child_id);
|
| @@ -471,38 +454,44 @@ void ChildProcessSecurityPolicyImpl::RevokeAllPermissionsForFile(
|
| state->second->RevokeAllPermissionsForFile(file);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantReadFileSystem(
|
| - int child_id, const std::string& filesystem_id) {
|
| +void ChildProcessSecurityPolicyHelper::GrantReadFileSystem(
|
| + int child_id,
|
| + const std::string& filesystem_id) {
|
| GrantPermissionsForFileSystem(child_id, filesystem_id, READ_FILE_GRANT);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantWriteFileSystem(
|
| - int child_id, const std::string& filesystem_id) {
|
| +void ChildProcessSecurityPolicyHelper::GrantWriteFileSystem(
|
| + int child_id,
|
| + const std::string& filesystem_id) {
|
| GrantPermissionsForFileSystem(child_id, filesystem_id, WRITE_FILE_GRANT);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantCreateFileForFileSystem(
|
| - int child_id, const std::string& filesystem_id) {
|
| +void ChildProcessSecurityPolicyHelper::GrantCreateFileForFileSystem(
|
| + int child_id,
|
| + const std::string& filesystem_id) {
|
| GrantPermissionsForFileSystem(child_id, filesystem_id, CREATE_NEW_FILE_GRANT);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFileSystem(
|
| - int child_id, const std::string& filesystem_id) {
|
| - GrantPermissionsForFileSystem(
|
| - child_id, filesystem_id, CREATE_READ_WRITE_FILE_GRANT);
|
| +void ChildProcessSecurityPolicyHelper::GrantCreateReadWriteFileSystem(
|
| + int child_id,
|
| + const std::string& filesystem_id) {
|
| + GrantPermissionsForFileSystem(child_id, filesystem_id,
|
| + CREATE_READ_WRITE_FILE_GRANT);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantCopyIntoFileSystem(
|
| - int child_id, const std::string& filesystem_id) {
|
| +void ChildProcessSecurityPolicyHelper::GrantCopyIntoFileSystem(
|
| + int child_id,
|
| + const std::string& filesystem_id) {
|
| GrantPermissionsForFileSystem(child_id, filesystem_id, COPY_INTO_FILE_GRANT);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantDeleteFromFileSystem(
|
| - int child_id, const std::string& filesystem_id) {
|
| +void ChildProcessSecurityPolicyHelper::GrantDeleteFromFileSystem(
|
| + int child_id,
|
| + const std::string& filesystem_id) {
|
| GrantPermissionsForFileSystem(child_id, filesystem_id, DELETE_FILE_GRANT);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantSendMidiSysExMessage(int child_id) {
|
| +void ChildProcessSecurityPolicyHelper::GrantSendMidiSysExMessage(int child_id) {
|
| base::AutoLock lock(lock_);
|
|
|
| SecurityStateMap::iterator state = security_state_.find(child_id);
|
| @@ -512,8 +501,8 @@ void ChildProcessSecurityPolicyImpl::GrantSendMidiSysExMessage(int child_id) {
|
| state->second->GrantPermissionForMidiSysEx();
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantOrigin(int child_id,
|
| - const url::Origin& origin) {
|
| +void ChildProcessSecurityPolicyHelper::GrantOrigin(int child_id,
|
| + const url::Origin& origin) {
|
| base::AutoLock lock(lock_);
|
|
|
| SecurityStateMap::iterator state = security_state_.find(child_id);
|
| @@ -523,8 +512,8 @@ void ChildProcessSecurityPolicyImpl::GrantOrigin(int child_id,
|
| state->second->GrantOrigin(origin);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantScheme(int child_id,
|
| - const std::string& scheme) {
|
| +void ChildProcessSecurityPolicyHelper::GrantScheme(int child_id,
|
| + const std::string& scheme) {
|
| base::AutoLock lock(lock_);
|
|
|
| SecurityStateMap::iterator state = security_state_.find(child_id);
|
| @@ -534,7 +523,7 @@ void ChildProcessSecurityPolicyImpl::GrantScheme(int child_id,
|
| state->second->GrantScheme(scheme);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantWebUIBindings(int child_id) {
|
| +void ChildProcessSecurityPolicyHelper::GrantWebUIBindings(int child_id) {
|
| base::AutoLock lock(lock_);
|
|
|
| SecurityStateMap::iterator state = security_state_.find(child_id);
|
| @@ -550,7 +539,7 @@ void ChildProcessSecurityPolicyImpl::GrantWebUIBindings(int child_id) {
|
| state->second->GrantScheme(url::kFileScheme);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantReadRawCookies(int child_id) {
|
| +void ChildProcessSecurityPolicyHelper::GrantReadRawCookies(int child_id) {
|
| base::AutoLock lock(lock_);
|
|
|
| SecurityStateMap::iterator state = security_state_.find(child_id);
|
| @@ -560,7 +549,7 @@ void ChildProcessSecurityPolicyImpl::GrantReadRawCookies(int child_id) {
|
| state->second->GrantReadRawCookies();
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::RevokeReadRawCookies(int child_id) {
|
| +void ChildProcessSecurityPolicyHelper::RevokeReadRawCookies(int child_id) {
|
| base::AutoLock lock(lock_);
|
|
|
| SecurityStateMap::iterator state = security_state_.find(child_id);
|
| @@ -570,8 +559,8 @@ void ChildProcessSecurityPolicyImpl::RevokeReadRawCookies(int child_id) {
|
| state->second->RevokeReadRawCookies();
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanRequestURL(
|
| - int child_id, const GURL& url) {
|
| +bool ChildProcessSecurityPolicyHelper::CanRequestURL(int child_id,
|
| + const GURL& url) {
|
| if (!url.is_valid())
|
| return false; // Can't request invalid URLs.
|
|
|
| @@ -595,8 +584,8 @@ bool ChildProcessSecurityPolicyImpl::CanRequestURL(
|
| !net::URLRequest::IsHandledURL(url);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id,
|
| - const GURL& url) {
|
| +bool ChildProcessSecurityPolicyHelper::CanCommitURL(int child_id,
|
| + const GURL& url) {
|
| if (!url.is_valid())
|
| return false; // Can't commit invalid URLs.
|
|
|
| @@ -624,12 +613,12 @@ bool ChildProcessSecurityPolicyImpl::CanCommitURL(int child_id,
|
| }
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id,
|
| - const base::FilePath& file) {
|
| +bool ChildProcessSecurityPolicyHelper::CanReadFile(int child_id,
|
| + const base::FilePath& file) {
|
| return HasPermissionsForFile(child_id, file, READ_FILE_GRANT);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanReadAllFiles(
|
| +bool ChildProcessSecurityPolicyHelper::CanReadAllFiles(
|
| int child_id,
|
| const std::vector<base::FilePath>& files) {
|
| return std::all_of(files.begin(), files.end(),
|
| @@ -638,37 +627,43 @@ bool ChildProcessSecurityPolicyImpl::CanReadAllFiles(
|
| });
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile(
|
| +bool ChildProcessSecurityPolicyHelper::CanCreateReadWriteFile(
|
| int child_id,
|
| const base::FilePath& file) {
|
| return HasPermissionsForFile(child_id, file, CREATE_READ_WRITE_FILE_GRANT);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanReadFileSystem(
|
| - int child_id, const std::string& filesystem_id) {
|
| +bool ChildProcessSecurityPolicyHelper::CanReadFileSystem(
|
| + int child_id,
|
| + const std::string& filesystem_id) {
|
| return HasPermissionsForFileSystem(child_id, filesystem_id, READ_FILE_GRANT);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanReadWriteFileSystem(
|
| - int child_id, const std::string& filesystem_id) {
|
| +bool ChildProcessSecurityPolicyHelper::CanReadWriteFileSystem(
|
| + int child_id,
|
| + const std::string& filesystem_id) {
|
| return HasPermissionsForFileSystem(child_id, filesystem_id,
|
| READ_FILE_GRANT | WRITE_FILE_GRANT);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystem(
|
| - int child_id, const std::string& filesystem_id) {
|
| +bool ChildProcessSecurityPolicyHelper::CanCopyIntoFileSystem(
|
| + int child_id,
|
| + const std::string& filesystem_id) {
|
| return HasPermissionsForFileSystem(child_id, filesystem_id,
|
| COPY_INTO_FILE_GRANT);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanDeleteFromFileSystem(
|
| - int child_id, const std::string& filesystem_id) {
|
| +bool ChildProcessSecurityPolicyHelper::CanDeleteFromFileSystem(
|
| + int child_id,
|
| + const std::string& filesystem_id) {
|
| return HasPermissionsForFileSystem(child_id, filesystem_id,
|
| DELETE_FILE_GRANT);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::HasPermissionsForFile(
|
| - int child_id, const base::FilePath& file, int permissions) {
|
| +bool ChildProcessSecurityPolicyHelper::HasPermissionsForFile(
|
| + int child_id,
|
| + const base::FilePath& file,
|
| + int permissions) {
|
| base::AutoLock lock(lock_);
|
| bool result = ChildProcessHasPermissionsForFile(child_id, file, permissions);
|
| if (!result) {
|
| @@ -676,15 +671,14 @@ bool ChildProcessSecurityPolicyImpl::HasPermissionsForFile(
|
| // let's check that its renderer process has access to that file instead.
|
| WorkerToMainProcessMap::iterator iter = worker_map_.find(child_id);
|
| if (iter != worker_map_.end() && iter->second != 0) {
|
| - result = ChildProcessHasPermissionsForFile(iter->second,
|
| - file,
|
| - permissions);
|
| + result =
|
| + ChildProcessHasPermissionsForFile(iter->second, file, permissions);
|
| }
|
| }
|
| return result;
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile(
|
| +bool ChildProcessSecurityPolicyHelper::HasPermissionsForFileSystemFile(
|
| int child_id,
|
| const storage::FileSystemURL& url,
|
| int permissions) {
|
| @@ -704,8 +698,8 @@ bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile(
|
| // When Isolated filesystems is overlayed on top of another filesystem,
|
| // its per-filesystem permission overrides the underlying filesystem
|
| // permissions).
|
| - return HasPermissionsForFileSystem(
|
| - child_id, url.mount_filesystem_id(), permissions);
|
| + return HasPermissionsForFileSystem(child_id, url.mount_filesystem_id(),
|
| + permissions);
|
| }
|
|
|
| FileSystemPermissionPolicyMap::iterator found =
|
| @@ -727,44 +721,44 @@ bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile(
|
| return false;
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanReadFileSystemFile(
|
| +bool ChildProcessSecurityPolicyHelper::CanReadFileSystemFile(
|
| int child_id,
|
| const storage::FileSystemURL& url) {
|
| return HasPermissionsForFileSystemFile(child_id, url, READ_FILE_GRANT);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile(
|
| +bool ChildProcessSecurityPolicyHelper::CanWriteFileSystemFile(
|
| int child_id,
|
| const storage::FileSystemURL& url) {
|
| return HasPermissionsForFileSystemFile(child_id, url, WRITE_FILE_GRANT);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile(
|
| +bool ChildProcessSecurityPolicyHelper::CanCreateFileSystemFile(
|
| int child_id,
|
| const storage::FileSystemURL& url) {
|
| return HasPermissionsForFileSystemFile(child_id, url, CREATE_NEW_FILE_GRANT);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile(
|
| +bool ChildProcessSecurityPolicyHelper::CanCreateReadWriteFileSystemFile(
|
| int child_id,
|
| const storage::FileSystemURL& url) {
|
| return HasPermissionsForFileSystemFile(child_id, url,
|
| CREATE_READ_WRITE_FILE_GRANT);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystemFile(
|
| +bool ChildProcessSecurityPolicyHelper::CanCopyIntoFileSystemFile(
|
| int child_id,
|
| const storage::FileSystemURL& url) {
|
| return HasPermissionsForFileSystemFile(child_id, url, COPY_INTO_FILE_GRANT);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanDeleteFileSystemFile(
|
| +bool ChildProcessSecurityPolicyHelper::CanDeleteFileSystemFile(
|
| int child_id,
|
| const storage::FileSystemURL& url) {
|
| return HasPermissionsForFileSystemFile(child_id, url, DELETE_FILE_GRANT);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) {
|
| +bool ChildProcessSecurityPolicyHelper::HasWebUIBindings(int child_id) {
|
| base::AutoLock lock(lock_);
|
|
|
| SecurityStateMap::iterator state = security_state_.find(child_id);
|
| @@ -774,7 +768,7 @@ bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) {
|
| return state->second->has_web_ui_bindings();
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanReadRawCookies(int child_id) {
|
| +bool ChildProcessSecurityPolicyHelper::CanReadRawCookies(int child_id) {
|
| base::AutoLock lock(lock_);
|
|
|
| SecurityStateMap::iterator state = security_state_.find(child_id);
|
| @@ -784,7 +778,7 @@ bool ChildProcessSecurityPolicyImpl::CanReadRawCookies(int child_id) {
|
| return state->second->can_read_raw_cookies();
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::AddChild(int child_id) {
|
| +void ChildProcessSecurityPolicyHelper::AddChild(int child_id) {
|
| if (security_state_.count(child_id) != 0) {
|
| NOTREACHED() << "Add child process at most once.";
|
| return;
|
| @@ -793,16 +787,19 @@ void ChildProcessSecurityPolicyImpl::AddChild(int child_id) {
|
| security_state_[child_id] = new SecurityState();
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::ChildProcessHasPermissionsForFile(
|
| - int child_id, const base::FilePath& file, int permissions) {
|
| +bool ChildProcessSecurityPolicyHelper::ChildProcessHasPermissionsForFile(
|
| + int child_id,
|
| + const base::FilePath& file,
|
| + int permissions) {
|
| SecurityStateMap::iterator state = security_state_.find(child_id);
|
| if (state == security_state_.end())
|
| return false;
|
| return state->second->HasPermissionsForFile(file, permissions);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin(int child_id,
|
| - const GURL& gurl) {
|
| +bool ChildProcessSecurityPolicyHelper::CanAccessDataForOrigin(
|
| + int child_id,
|
| + const GURL& gurl) {
|
| base::AutoLock lock(lock_);
|
| SecurityStateMap::iterator state = security_state_.find(child_id);
|
| if (state == security_state_.end()) {
|
| @@ -813,8 +810,8 @@ bool ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin(int child_id,
|
| return state->second->CanAccessDataForOrigin(gurl);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::LockToOrigin(int child_id,
|
| - const GURL& gurl) {
|
| +void ChildProcessSecurityPolicyHelper::LockToOrigin(int child_id,
|
| + const GURL& gurl) {
|
| // "gurl" can be currently empty in some cases, such as file://blah.
|
| DCHECK(SiteInstanceImpl::GetSiteForURL(NULL, gurl) == gurl);
|
| base::AutoLock lock(lock_);
|
| @@ -823,7 +820,7 @@ void ChildProcessSecurityPolicyImpl::LockToOrigin(int child_id,
|
| state->second->LockToOrigin(gurl);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::GrantPermissionsForFileSystem(
|
| +void ChildProcessSecurityPolicyHelper::GrantPermissionsForFileSystem(
|
| int child_id,
|
| const std::string& filesystem_id,
|
| int permission) {
|
| @@ -835,7 +832,7 @@ void ChildProcessSecurityPolicyImpl::GrantPermissionsForFileSystem(
|
| state->second->GrantPermissionsForFileSystem(filesystem_id, permission);
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystem(
|
| +bool ChildProcessSecurityPolicyHelper::HasPermissionsForFileSystem(
|
| int child_id,
|
| const std::string& filesystem_id,
|
| int permission) {
|
| @@ -847,14 +844,14 @@ bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystem(
|
| return state->second->HasPermissionsForFileSystem(filesystem_id, permission);
|
| }
|
|
|
| -void ChildProcessSecurityPolicyImpl::RegisterFileSystemPermissionPolicy(
|
| +void ChildProcessSecurityPolicyHelper::RegisterFileSystemPermissionPolicy(
|
| storage::FileSystemType type,
|
| int policy) {
|
| base::AutoLock lock(lock_);
|
| file_system_policy_map_[type] = policy;
|
| }
|
|
|
| -bool ChildProcessSecurityPolicyImpl::CanSendMidiSysExMessage(int child_id) {
|
| +bool ChildProcessSecurityPolicyHelper::CanSendMidiSysExMessage(int child_id) {
|
| base::AutoLock lock(lock_);
|
|
|
| SecurityStateMap::iterator state = security_state_.find(child_id);
|
|
|
Chromium Code Reviews
Issue 2111343002:
Move implementation of ChildProcessSecurityPolicyImpl to c/b/shared, and wrap in c/b (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@mffr-win