OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 290 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
301 RegisterWebSafeScheme(url::kFtpScheme); | 301 RegisterWebSafeScheme(url::kFtpScheme); |
302 RegisterWebSafeScheme(url::kDataScheme); | 302 RegisterWebSafeScheme(url::kDataScheme); |
303 RegisterWebSafeScheme("feed"); | 303 RegisterWebSafeScheme("feed"); |
304 RegisterWebSafeScheme(url::kBlobScheme); | 304 RegisterWebSafeScheme(url::kBlobScheme); |
305 RegisterWebSafeScheme(url::kFileSystemScheme); | 305 RegisterWebSafeScheme(url::kFileSystemScheme); |
306 | 306 |
307 // We know about the following pseudo schemes and treat them specially. | 307 // We know about the following pseudo schemes and treat them specially. |
308 RegisterPseudoScheme(url::kAboutScheme); | 308 RegisterPseudoScheme(url::kAboutScheme); |
309 RegisterPseudoScheme(url::kJavaScriptScheme); | 309 RegisterPseudoScheme(url::kJavaScriptScheme); |
310 RegisterPseudoScheme(kViewSourceScheme); | 310 RegisterPseudoScheme(kViewSourceScheme); |
311 RegisterPseudoScheme(kHttpSuboriginScheme); | |
nasko
2016/09/22 23:53:42
I'll poke at this tomorrow, but now that we have a
jww
2016/09/23 04:12:44
Fair question. My impression was that all schemes
nasko
2016/09/23 21:59:48
Yeah, I poked around a bit and indeed it is a good
| |
312 RegisterPseudoScheme(kHttpsSuboriginScheme); | |
311 } | 313 } |
312 | 314 |
313 ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() { | 315 ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() { |
314 web_safe_schemes_.clear(); | 316 web_safe_schemes_.clear(); |
315 pseudo_schemes_.clear(); | 317 pseudo_schemes_.clear(); |
316 security_state_.clear(); | 318 security_state_.clear(); |
317 } | 319 } |
318 | 320 |
319 // static | 321 // static |
320 ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() { | 322 ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() { |
(...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
610 SecurityStateMap::iterator state = security_state_.find(child_id); | 612 SecurityStateMap::iterator state = security_state_.find(child_id); |
611 if (state == security_state_.end()) | 613 if (state == security_state_.end()) |
612 return false; | 614 return false; |
613 | 615 |
614 // Otherwise, we consult the child process's security state to see if it is | 616 // Otherwise, we consult the child process's security state to see if it is |
615 // allowed to commit the URL. | 617 // allowed to commit the URL. |
616 return state->second->CanCommitURL(url); | 618 return state->second->CanCommitURL(url); |
617 } | 619 } |
618 } | 620 } |
619 | 621 |
622 bool ChildProcessSecurityPolicyImpl::CanSetAsOriginHeader(int child_id, | |
623 const GURL& url) { | |
624 if (!url.is_valid()) | |
625 return false; // Can't set invalid URLs as origin headers. | |
626 | |
627 // Suborigin URLs are a special case and are allowed to be an origin header. | |
628 if (IsPseudoScheme(url.scheme()) && (url.scheme() == kHttpSuboriginScheme || | |
nasko
2016/09/23 21:59:47
You technically don't need the IsPseudoScheme chec
jww
2016/09/23 22:52:27
Done.
| |
629 url.scheme() == kHttpsSuboriginScheme)) | |
630 return true; | |
631 | |
632 return CanCommitURL(child_id, url); | |
633 } | |
634 | |
620 bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id, | 635 bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id, |
621 const base::FilePath& file) { | 636 const base::FilePath& file) { |
622 return HasPermissionsForFile(child_id, file, READ_FILE_GRANT); | 637 return HasPermissionsForFile(child_id, file, READ_FILE_GRANT); |
623 } | 638 } |
624 | 639 |
625 bool ChildProcessSecurityPolicyImpl::CanReadAllFiles( | 640 bool ChildProcessSecurityPolicyImpl::CanReadAllFiles( |
626 int child_id, | 641 int child_id, |
627 const std::vector<base::FilePath>& files) { | 642 const std::vector<base::FilePath>& files) { |
628 return std::all_of(files.begin(), files.end(), | 643 return std::all_of(files.begin(), files.end(), |
629 [this, child_id](const base::FilePath& file) { | 644 [this, child_id](const base::FilePath& file) { |
(...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
851 base::AutoLock lock(lock_); | 866 base::AutoLock lock(lock_); |
852 | 867 |
853 SecurityStateMap::iterator state = security_state_.find(child_id); | 868 SecurityStateMap::iterator state = security_state_.find(child_id); |
854 if (state == security_state_.end()) | 869 if (state == security_state_.end()) |
855 return false; | 870 return false; |
856 | 871 |
857 return state->second->can_send_midi_sysex(); | 872 return state->second->can_send_midi_sysex(); |
858 } | 873 } |
859 | 874 |
860 } // namespace content | 875 } // namespace content |
OLD | NEW |