| Index: content/browser/shared/child_process_security_policy_unittest.cc
|
| diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/shared/child_process_security_policy_unittest.cc
|
| similarity index 77%
|
| rename from content/browser/child_process_security_policy_unittest.cc
|
| rename to content/browser/shared/child_process_security_policy_unittest.cc
|
| index 24aa45bc21f050f00bea4642e7f5fe50674589a6..ec630c026724528ed307e05c5e9d7ad88be8ebd1 100644
|
| --- a/content/browser/child_process_security_policy_unittest.cc
|
| +++ b/content/browser/shared/child_process_security_policy_unittest.cc
|
| @@ -6,7 +6,7 @@
|
| #include <string>
|
|
|
| #include "base/files/file_path.h"
|
| -#include "content/browser/child_process_security_policy_impl.h"
|
| +#include "content/browser/shared/child_process_security_policy_helper.h"
|
| #include "content/public/common/url_constants.h"
|
| #include "content/test/test_content_browser_client.h"
|
| #include "storage/browser/fileapi/file_permission_policy.h"
|
| @@ -38,13 +38,9 @@ class ChildProcessSecurityPolicyTestBrowserClient
|
| return schemes_.find(url.scheme()) != schemes_.end();
|
| }
|
|
|
| - void ClearSchemes() {
|
| - schemes_.clear();
|
| - }
|
| + void ClearSchemes() { schemes_.clear(); }
|
|
|
| - void AddScheme(const std::string& scheme) {
|
| - schemes_.insert(scheme);
|
| - }
|
| + void AddScheme(const std::string& scheme) { schemes_.insert(scheme); }
|
|
|
| private:
|
| std::set<std::string> schemes_;
|
| @@ -54,8 +50,7 @@ class ChildProcessSecurityPolicyTestBrowserClient
|
|
|
| class ChildProcessSecurityPolicyTest : public testing::Test {
|
| public:
|
| - ChildProcessSecurityPolicyTest() : old_browser_client_(NULL) {
|
| - }
|
| + ChildProcessSecurityPolicyTest() : old_browser_client_(NULL) {}
|
|
|
| void SetUp() override {
|
| old_browser_client_ = SetBrowserClientForTesting(&test_browser_client_);
|
| @@ -81,14 +76,14 @@ class ChildProcessSecurityPolicyTest : public testing::Test {
|
| test_browser_client_.AddScheme(scheme);
|
| }
|
|
|
| - void GrantPermissionsForFile(ChildProcessSecurityPolicyImpl* p,
|
| + void GrantPermissionsForFile(ChildProcessSecurityPolicyHelper* p,
|
| int child_id,
|
| const base::FilePath& file,
|
| int permissions) {
|
| p->GrantPermissionsForFile(child_id, file, permissions);
|
| }
|
|
|
| - void CheckHasNoFileSystemPermission(ChildProcessSecurityPolicyImpl* p,
|
| + void CheckHasNoFileSystemPermission(ChildProcessSecurityPolicyHelper* p,
|
| const std::string& child_id) {
|
| EXPECT_FALSE(p->CanReadFileSystem(kRendererID, child_id));
|
| EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, child_id));
|
| @@ -96,7 +91,7 @@ class ChildProcessSecurityPolicyTest : public testing::Test {
|
| EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, child_id));
|
| }
|
|
|
| - void CheckHasNoFileSystemFilePermission(ChildProcessSecurityPolicyImpl* p,
|
| + void CheckHasNoFileSystemFilePermission(ChildProcessSecurityPolicyHelper* p,
|
| const base::FilePath& file,
|
| const storage::FileSystemURL& url) {
|
| EXPECT_FALSE(p->CanReadFile(kRendererID, file));
|
| @@ -114,10 +109,9 @@ class ChildProcessSecurityPolicyTest : public testing::Test {
|
| ContentBrowserClient* old_browser_client_;
|
| };
|
|
|
| -
|
| TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) {
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| EXPECT_TRUE(p->IsWebSafeScheme(url::kHttpScheme));
|
| EXPECT_TRUE(p->IsWebSafeScheme(url::kHttpsScheme));
|
| @@ -135,8 +129,8 @@ TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) {
|
| }
|
|
|
| TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| EXPECT_TRUE(p->IsPseudoScheme(url::kAboutScheme));
|
| EXPECT_TRUE(p->IsPseudoScheme(url::kJavaScriptScheme));
|
| @@ -150,8 +144,8 @@ TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
|
| }
|
|
|
| TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| p->Add(kRendererID);
|
|
|
| @@ -170,16 +164,12 @@ TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
|
| kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
|
|
|
| // Dangerous to request or commit.
|
| - EXPECT_FALSE(p->CanRequestURL(kRendererID,
|
| - GURL("file:///etc/passwd")));
|
| - EXPECT_FALSE(p->CanRequestURL(kRendererID,
|
| - GURL("chrome://foo/bar")));
|
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
|
| + EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("chrome://foo/bar")));
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID,
|
| GURL("view-source:http://www.google.com/")));
|
| - EXPECT_FALSE(p->CanCommitURL(kRendererID,
|
| - GURL("file:///etc/passwd")));
|
| - EXPECT_FALSE(p->CanCommitURL(kRendererID,
|
| - GURL("chrome://foo/bar")));
|
| + EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
|
| + EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("chrome://foo/bar")));
|
| EXPECT_FALSE(
|
| p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/")));
|
|
|
| @@ -187,8 +177,8 @@ TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
|
| }
|
|
|
| TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| p->Add(kRendererID);
|
|
|
| @@ -233,8 +223,8 @@ TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
|
| }
|
|
|
| TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| p->Add(kRendererID);
|
|
|
| @@ -248,8 +238,8 @@ TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
|
| }
|
|
|
| TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| p->Add(kRendererID);
|
|
|
| @@ -273,8 +263,8 @@ TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
|
| }
|
|
|
| TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| p->Add(kRendererID);
|
|
|
| @@ -293,26 +283,26 @@ TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
|
| }
|
|
|
| TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| p->Add(kRendererID);
|
|
|
| // Child processes cannot request view source URLs.
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID,
|
| GURL("view-source:http://www.google.com/")));
|
| - EXPECT_FALSE(p->CanRequestURL(kRendererID,
|
| - GURL("view-source:file:///etc/passwd")));
|
| + EXPECT_FALSE(
|
| + p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")));
|
| EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
|
| EXPECT_FALSE(p->CanRequestURL(
|
| kRendererID, GURL("view-source:view-source:http://www.google.com/")));
|
|
|
| // View source URLs don't actually commit; the renderer is put into view
|
| // source mode, and the inner URL commits.
|
| - EXPECT_FALSE(p->CanCommitURL(kRendererID,
|
| - GURL("view-source:http://www.google.com/")));
|
| - EXPECT_FALSE(p->CanCommitURL(kRendererID,
|
| - GURL("view-source:file:///etc/passwd")));
|
| + EXPECT_FALSE(
|
| + p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/")));
|
| + EXPECT_FALSE(
|
| + p->CanCommitURL(kRendererID, GURL("view-source:file:///etc/passwd")));
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
|
| EXPECT_FALSE(p->CanCommitURL(
|
| kRendererID, GURL("view-source:view-source:http://www.google.com/")));
|
| @@ -322,14 +312,14 @@ TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
|
| EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
|
| EXPECT_FALSE(
|
| p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")));
|
| - EXPECT_FALSE(p->CanCommitURL(kRendererID,
|
| - GURL("view-source:file:///etc/passwd")));
|
| + EXPECT_FALSE(
|
| + p->CanCommitURL(kRendererID, GURL("view-source:file:///etc/passwd")));
|
| p->Remove(kRendererID);
|
| }
|
|
|
| TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| p->Add(kRendererID);
|
|
|
| @@ -356,8 +346,8 @@ TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
|
| }
|
|
|
| TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) {
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| p->Add(kRendererID);
|
| std::string read_id =
|
| @@ -365,18 +355,15 @@ TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) {
|
| storage::kFileSystemTypeTest, "read_filesystem", base::FilePath());
|
| std::string read_write_id =
|
| storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
|
| - storage::kFileSystemTypeTest,
|
| - "read_write_filesystem",
|
| + storage::kFileSystemTypeTest, "read_write_filesystem",
|
| base::FilePath());
|
| std::string copy_into_id =
|
| storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
|
| - storage::kFileSystemTypeTest,
|
| - "copy_into_filesystem",
|
| + storage::kFileSystemTypeTest, "copy_into_filesystem",
|
| base::FilePath());
|
| std::string delete_from_id =
|
| storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
|
| - storage::kFileSystemTypeTest,
|
| - "delete_from_filesystem",
|
| + storage::kFileSystemTypeTest, "delete_from_filesystem",
|
| base::FilePath());
|
|
|
| // Test initially having no permissions.
|
| @@ -434,8 +421,8 @@ TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) {
|
| }
|
|
|
| TEST_F(ChildProcessSecurityPolicyTest, FilePermissionGrantingAndRevoking) {
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| p->RegisterFileSystemPermissionPolicy(
|
| storage::kFileSystemTypeTest,
|
| @@ -504,18 +491,18 @@ TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
|
| base::FilePath parent_slash_file = base::FilePath(TEST_PATH("/home/"));
|
| base::FilePath child_traversal1 =
|
| base::FilePath(TEST_PATH("/home/joe/././file"));
|
| - base::FilePath child_traversal2 = base::FilePath(
|
| - TEST_PATH("/home/joe/file/../otherfile"));
|
| + base::FilePath child_traversal2 =
|
| + base::FilePath(TEST_PATH("/home/joe/file/../otherfile"));
|
| base::FilePath evil_traversal1 =
|
| base::FilePath(TEST_PATH("/home/joe/../../etc/passwd"));
|
| - base::FilePath evil_traversal2 = base::FilePath(
|
| - TEST_PATH("/home/joe/./.././../etc/passwd"));
|
| + base::FilePath evil_traversal2 =
|
| + base::FilePath(TEST_PATH("/home/joe/./.././../etc/passwd"));
|
| base::FilePath self_traversal =
|
| base::FilePath(TEST_PATH("/home/joe/../joe/file"));
|
| base::FilePath relative_file = base::FilePath(FILE_PATH_LITERAL("home/joe"));
|
|
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| // Grant permissions for a file.
|
| p->Add(kRendererID);
|
| @@ -523,51 +510,46 @@ TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
|
| base::File::FLAG_OPEN));
|
|
|
| GrantPermissionsForFile(p, kRendererID, granted_file,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_OPEN_TRUNCATED |
|
| - base::File::FLAG_READ |
|
| - base::File::FLAG_WRITE);
|
| - EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_OPEN_TRUNCATED |
|
| - base::File::FLAG_READ |
|
| - base::File::FLAG_WRITE));
|
| - EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ));
|
| + base::File::FLAG_OPEN |
|
| + base::File::FLAG_OPEN_TRUNCATED |
|
| + base::File::FLAG_READ | base::File::FLAG_WRITE);
|
| + EXPECT_TRUE(p->HasPermissionsForFile(
|
| + kRendererID, granted_file,
|
| + base::File::FLAG_OPEN | base::File::FLAG_OPEN_TRUNCATED |
|
| + base::File::FLAG_READ | base::File::FLAG_WRITE));
|
| + EXPECT_TRUE(
|
| + p->HasPermissionsForFile(kRendererID, granted_file,
|
| + base::File::FLAG_OPEN | base::File::FLAG_READ));
|
| EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| base::File::FLAG_CREATE));
|
| EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, 0));
|
| - EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| - base::File::FLAG_CREATE |
|
| - base::File::FLAG_OPEN_TRUNCATED |
|
| - base::File::FLAG_READ |
|
| - base::File::FLAG_WRITE));
|
| - EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ));
|
| - EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ));
|
| - EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ));
|
| - EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ));
|
| - EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ));
|
| - EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ));
|
| - EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ));
|
| + EXPECT_FALSE(p->HasPermissionsForFile(
|
| + kRendererID, granted_file,
|
| + base::File::FLAG_CREATE | base::File::FLAG_OPEN_TRUNCATED |
|
| + base::File::FLAG_READ | base::File::FLAG_WRITE));
|
| + EXPECT_FALSE(
|
| + p->HasPermissionsForFile(kRendererID, sibling_file,
|
| + base::File::FLAG_OPEN | base::File::FLAG_READ));
|
| + EXPECT_FALSE(p->HasPermissionsForFile(
|
| + kRendererID, parent_file, base::File::FLAG_OPEN | base::File::FLAG_READ));
|
| + EXPECT_TRUE(p->HasPermissionsForFile(
|
| + kRendererID, child_file, base::File::FLAG_OPEN | base::File::FLAG_READ));
|
| + EXPECT_TRUE(
|
| + p->HasPermissionsForFile(kRendererID, child_traversal1,
|
| + base::File::FLAG_OPEN | base::File::FLAG_READ));
|
| + EXPECT_TRUE(
|
| + p->HasPermissionsForFile(kRendererID, child_traversal2,
|
| + base::File::FLAG_OPEN | base::File::FLAG_READ));
|
| + EXPECT_FALSE(
|
| + p->HasPermissionsForFile(kRendererID, evil_traversal1,
|
| + base::File::FLAG_OPEN | base::File::FLAG_READ));
|
| + EXPECT_FALSE(
|
| + p->HasPermissionsForFile(kRendererID, evil_traversal2,
|
| + base::File::FLAG_OPEN | base::File::FLAG_READ));
|
| // CPSP doesn't allow this case for the sake of simplicity.
|
| - EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ));
|
| + EXPECT_FALSE(
|
| + p->HasPermissionsForFile(kRendererID, self_traversal,
|
| + base::File::FLAG_OPEN | base::File::FLAG_READ));
|
| p->Remove(kRendererID);
|
|
|
| // Grant permissions for the directory the file is in.
|
| @@ -575,13 +557,12 @@ TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
|
| EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| base::File::FLAG_OPEN));
|
| GrantPermissionsForFile(p, kRendererID, parent_file,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ);
|
| + base::File::FLAG_OPEN | base::File::FLAG_READ);
|
| EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| - base::File::FLAG_OPEN));
|
| - EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| - base::File::FLAG_READ |
|
| - base::File::FLAG_WRITE));
|
| + base::File::FLAG_OPEN));
|
| + EXPECT_FALSE(
|
| + p->HasPermissionsForFile(kRendererID, granted_file,
|
| + base::File::FLAG_READ | base::File::FLAG_WRITE));
|
| p->Remove(kRendererID);
|
|
|
| // Grant permissions for the directory the file is in (with trailing '/').
|
| @@ -589,18 +570,17 @@ TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
|
| EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| base::File::FLAG_OPEN));
|
| GrantPermissionsForFile(p, kRendererID, parent_slash_file,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ);
|
| + base::File::FLAG_OPEN | base::File::FLAG_READ);
|
| EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| - base::File::FLAG_OPEN));
|
| - EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| - base::File::FLAG_READ |
|
| - base::File::FLAG_WRITE));
|
| + base::File::FLAG_OPEN));
|
| + EXPECT_FALSE(
|
| + p->HasPermissionsForFile(kRendererID, granted_file,
|
| + base::File::FLAG_READ | base::File::FLAG_WRITE));
|
|
|
| // Grant permissions for the file (should overwrite the permissions granted
|
| // for the directory).
|
| GrantPermissionsForFile(p, kRendererID, granted_file,
|
| - base::File::FLAG_TEMPORARY);
|
| + base::File::FLAG_TEMPORARY);
|
| EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| base::File::FLAG_OPEN));
|
| EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| @@ -609,9 +589,9 @@ TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
|
| // Revoke all permissions for the file (it should inherit its permissions
|
| // from the directory again).
|
| p->RevokeAllPermissionsForFile(kRendererID, granted_file);
|
| - EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ));
|
| + EXPECT_TRUE(
|
| + p->HasPermissionsForFile(kRendererID, granted_file,
|
| + base::File::FLAG_OPEN | base::File::FLAG_READ));
|
| EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| base::File::FLAG_TEMPORARY));
|
| p->Remove(kRendererID);
|
| @@ -620,36 +600,34 @@ TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
|
| // make sure its worker thread renderer process inherits those.
|
| p->Add(kRendererID);
|
| GrantPermissionsForFile(p, kRendererID, granted_file,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ);
|
| - EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ));
|
| + base::File::FLAG_OPEN | base::File::FLAG_READ);
|
| + EXPECT_TRUE(
|
| + p->HasPermissionsForFile(kRendererID, granted_file,
|
| + base::File::FLAG_OPEN | base::File::FLAG_READ));
|
| EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
|
| - base::File::FLAG_WRITE));
|
| + base::File::FLAG_WRITE));
|
| p->AddWorker(kWorkerRendererID, kRendererID);
|
| - EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ));
|
| + EXPECT_TRUE(
|
| + p->HasPermissionsForFile(kWorkerRendererID, granted_file,
|
| + base::File::FLAG_OPEN | base::File::FLAG_READ));
|
| EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
|
| base::File::FLAG_WRITE));
|
| p->Remove(kRendererID);
|
| - EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
|
| - base::File::FLAG_OPEN |
|
| - base::File::FLAG_READ));
|
| + EXPECT_FALSE(
|
| + p->HasPermissionsForFile(kWorkerRendererID, granted_file,
|
| + base::File::FLAG_OPEN | base::File::FLAG_READ));
|
| p->Remove(kWorkerRendererID);
|
|
|
| p->Add(kRendererID);
|
| - GrantPermissionsForFile(p, kRendererID, relative_file,
|
| - base::File::FLAG_OPEN);
|
| + GrantPermissionsForFile(p, kRendererID, relative_file, base::File::FLAG_OPEN);
|
| EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, relative_file,
|
| base::File::FLAG_OPEN));
|
| p->Remove(kRendererID);
|
| }
|
|
|
| TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) {
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| GURL url("chrome://thumb/http://www.google.com/");
|
|
|
| @@ -665,8 +643,8 @@ TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) {
|
| }
|
|
|
| TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) {
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| GURL url("file:///etc/passwd");
|
| base::FilePath file(TEST_PATH("/etc/passwd"));
|
| @@ -696,8 +674,8 @@ TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) {
|
| // Test the granting of origin permissions, and their interactions with
|
| // granting scheme permissions.
|
| TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) {
|
| - ChildProcessSecurityPolicyImpl* p =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| + ChildProcessSecurityPolicyHelper* p =
|
| + ChildProcessSecurityPolicyHelper::GetInstance();
|
|
|
| p->Add(kRendererID);
|
|
|
|
|
Chromium Code Reviews
Issue 2111343002:
Move implementation of ChildProcessSecurityPolicyImpl to c/b/shared, and wrap in c/b (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@mffr-win