| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/blob_storage/blob_dispatcher_host.h" | 5 #include "content/browser/blob_storage/blob_dispatcher_host.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/metrics/histogram_macros.h" | 10 #include "base/metrics/histogram_macros.h" |
| 11 #include "content/browser/bad_message.h" | 11 #include "content/browser/bad_message.h" |
| 12 #include "content/browser/blob_storage/chrome_blob_storage_context.h" | 12 #include "content/browser/blob_storage/chrome_blob_storage_context.h" |
| 13 #include "content/browser/child_process_security_policy_impl.h" |
| 14 #include "content/browser/fileapi/browser_file_system_helper.h" |
| 13 #include "content/common/fileapi/webblob_messages.h" | 15 #include "content/common/fileapi/webblob_messages.h" |
| 14 #include "ipc/ipc_platform_file.h" | 16 #include "ipc/ipc_platform_file.h" |
| 15 #include "storage/browser/blob/blob_storage_context.h" | 17 #include "storage/browser/blob/blob_storage_context.h" |
| 16 #include "storage/browser/blob/blob_transport_result.h" | 18 #include "storage/browser/blob/blob_transport_result.h" |
| 19 #include "storage/browser/fileapi/file_system_context.h" |
| 20 #include "storage/browser/fileapi/file_system_url.h" |
| 17 #include "storage/common/blob_storage/blob_item_bytes_request.h" | 21 #include "storage/common/blob_storage/blob_item_bytes_request.h" |
| 18 #include "storage/common/blob_storage/blob_item_bytes_response.h" | 22 #include "storage/common/blob_storage/blob_item_bytes_response.h" |
| 19 #include "storage/common/data_element.h" | 23 #include "storage/common/data_element.h" |
| 20 #include "url/gurl.h" | 24 #include "url/gurl.h" |
| 21 | 25 |
| 22 using storage::BlobStorageContext; | 26 using storage::BlobStorageContext; |
| 23 using storage::BlobStorageRegistry; | 27 using storage::BlobStorageRegistry; |
| 24 using storage::BlobTransportResult; | 28 using storage::BlobTransportResult; |
| 29 using storage::DataElement; |
| 25 using storage::IPCBlobCreationCancelCode; | 30 using storage::IPCBlobCreationCancelCode; |
| 31 using storage::FileSystemURL; |
| 26 | 32 |
| 27 namespace content { | 33 namespace content { |
| 28 namespace { | 34 namespace { |
| 29 | 35 |
| 30 // These are used for UMA stats, don't change. | 36 // These are used for UMA stats, don't change. |
| 31 enum RefcountOperation { | 37 enum RefcountOperation { |
| 32 BDH_DECREMENT = 0, | 38 BDH_DECREMENT = 0, |
| 33 BDH_INCREMENT, | 39 BDH_INCREMENT, |
| 34 BDH_TRACING_ENUM_LAST | 40 BDH_TRACING_ENUM_LAST |
| 35 }; | 41 }; |
| 36 | 42 |
| 37 } // namespace | 43 } // namespace |
| 38 | 44 |
| 39 BlobDispatcherHost::BlobDispatcherHost( | 45 BlobDispatcherHost::BlobDispatcherHost( |
| 40 ChromeBlobStorageContext* blob_storage_context) | 46 int process_id, |
| 47 scoped_refptr<ChromeBlobStorageContext> blob_storage_context, |
| 48 scoped_refptr<storage::FileSystemContext> file_system_context) |
| 41 : BrowserMessageFilter(BlobMsgStart), | 49 : BrowserMessageFilter(BlobMsgStart), |
| 42 blob_storage_context_(blob_storage_context) {} | 50 process_id_(process_id), |
| 51 file_system_context_(std::move(file_system_context)), |
| 52 blob_storage_context_(std::move(blob_storage_context)) {} |
| 43 | 53 |
| 44 BlobDispatcherHost::~BlobDispatcherHost() { | 54 BlobDispatcherHost::~BlobDispatcherHost() { |
| 45 ClearHostFromBlobStorageContext(); | 55 ClearHostFromBlobStorageContext(); |
| 46 } | 56 } |
| 47 | 57 |
| 48 void BlobDispatcherHost::OnChannelClosing() { | 58 void BlobDispatcherHost::OnChannelClosing() { |
| 49 ClearHostFromBlobStorageContext(); | 59 ClearHostFromBlobStorageContext(); |
| 50 public_blob_urls_.clear(); | 60 public_blob_urls_.clear(); |
| 51 blobs_inuse_map_.clear(); | 61 blobs_inuse_map_.clear(); |
| 52 } | 62 } |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 129 context); | 139 context); |
| 130 Send(new BlobStorageMsg_CancelBuildingBlob( | 140 Send(new BlobStorageMsg_CancelBuildingBlob( |
| 131 uuid, IPCBlobCreationCancelCode::BLOB_DEREFERENCED_WHILE_BUILDING)); | 141 uuid, IPCBlobCreationCancelCode::BLOB_DEREFERENCED_WHILE_BUILDING)); |
| 132 } | 142 } |
| 133 return; | 143 return; |
| 134 } | 144 } |
| 135 if (!async_builder_.IsBeingBuilt(uuid)) { | 145 if (!async_builder_.IsBeingBuilt(uuid)) { |
| 136 SendIPCResponse(uuid, BlobTransportResult::BAD_IPC); | 146 SendIPCResponse(uuid, BlobTransportResult::BAD_IPC); |
| 137 return; | 147 return; |
| 138 } | 148 } |
| 149 |
| 150 ChildProcessSecurityPolicyImpl* security_policy = |
| 151 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 152 for (const DataElement& item : descriptions) { |
| 153 if (item.type() == storage::DataElement::TYPE_FILE_FILESYSTEM) { |
| 154 FileSystemURL filesystem_url( |
| 155 file_system_context_->CrackURL(item.filesystem_url())); |
| 156 if (!FileSystemURLIsValid(file_system_context_.get(), filesystem_url) || |
| 157 !security_policy->CanReadFileSystemFile(process_id_, |
| 158 filesystem_url)) { |
| 159 async_builder_.CancelBuildingBlob( |
| 160 uuid, IPCBlobCreationCancelCode::FILE_WRITE_FAILED, context); |
| 161 Send(new BlobStorageMsg_CancelBuildingBlob( |
| 162 uuid, IPCBlobCreationCancelCode::FILE_WRITE_FAILED)); |
| 163 return; |
| 164 } |
| 165 } |
| 166 if (item.type() == storage::DataElement::TYPE_FILE && |
| 167 !security_policy->CanReadFile(process_id_, item.path())) { |
| 168 async_builder_.CancelBuildingBlob( |
| 169 uuid, IPCBlobCreationCancelCode::FILE_WRITE_FAILED, context); |
| 170 Send(new BlobStorageMsg_CancelBuildingBlob( |
| 171 uuid, IPCBlobCreationCancelCode::FILE_WRITE_FAILED)); |
| 172 return; |
| 173 } |
| 174 } |
| 175 |
| 139 // |this| owns async_builder_ so using base::Unretained(this) is safe. | 176 // |this| owns async_builder_ so using base::Unretained(this) is safe. |
| 140 BlobTransportResult result = async_builder_.StartBuildingBlob( | 177 BlobTransportResult result = async_builder_.StartBuildingBlob( |
| 141 uuid, descriptions, context->memory_available(), context, | 178 uuid, descriptions, context->memory_available(), context, |
| 142 base::Bind(&BlobDispatcherHost::SendMemoryRequest, base::Unretained(this), | 179 base::Bind(&BlobDispatcherHost::SendMemoryRequest, base::Unretained(this), |
| 143 uuid)); | 180 uuid)); |
| 144 SendIPCResponse(uuid, result); | 181 SendIPCResponse(uuid, result); |
| 145 } | 182 } |
| 146 | 183 |
| 147 void BlobDispatcherHost::OnMemoryItemResponse( | 184 void BlobDispatcherHost::OnMemoryItemResponse( |
| 148 const std::string& uuid, | 185 const std::string& uuid, |
| (...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 361 context->RevokePublicBlobURL(url); | 398 context->RevokePublicBlobURL(url); |
| 362 } | 399 } |
| 363 for (const auto& uuid_refnum_pair : blobs_inuse_map_) { | 400 for (const auto& uuid_refnum_pair : blobs_inuse_map_) { |
| 364 for (int i = 0; i < uuid_refnum_pair.second; ++i) | 401 for (int i = 0; i < uuid_refnum_pair.second; ++i) |
| 365 context->DecrementBlobRefCount(uuid_refnum_pair.first); | 402 context->DecrementBlobRefCount(uuid_refnum_pair.first); |
| 366 } | 403 } |
| 367 async_builder_.CancelAll(context); | 404 async_builder_.CancelAll(context); |
| 368 } | 405 } |
| 369 | 406 |
| 370 } // namespace content | 407 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2214293002:
[BlobStorage] Added back security policy for files in blobs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master