OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
(...skipping 315 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
326 RegisterWebSafeScheme(url::kFtpScheme); | 326 RegisterWebSafeScheme(url::kFtpScheme); |
327 RegisterWebSafeScheme(url::kDataScheme); | 327 RegisterWebSafeScheme(url::kDataScheme); |
328 RegisterWebSafeScheme("feed"); | 328 RegisterWebSafeScheme("feed"); |
329 RegisterWebSafeScheme(url::kBlobScheme); | 329 RegisterWebSafeScheme(url::kBlobScheme); |
330 RegisterWebSafeScheme(url::kFileSystemScheme); | 330 RegisterWebSafeScheme(url::kFileSystemScheme); |
331 | 331 |
332 // We know about the following pseudo schemes and treat them specially. | 332 // We know about the following pseudo schemes and treat them specially. |
333 RegisterPseudoScheme(url::kAboutScheme); | 333 RegisterPseudoScheme(url::kAboutScheme); |
334 RegisterPseudoScheme(url::kJavaScriptScheme); | 334 RegisterPseudoScheme(url::kJavaScriptScheme); |
335 RegisterPseudoScheme(kViewSourceScheme); | 335 RegisterPseudoScheme(kViewSourceScheme); |
| 336 RegisterPseudoScheme(kHttpSuboriginScheme); |
| 337 RegisterPseudoScheme(kHttpsSuboriginScheme); |
336 } | 338 } |
337 | 339 |
338 ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() { | 340 ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() { |
339 web_safe_schemes_.clear(); | 341 web_safe_schemes_.clear(); |
340 pseudo_schemes_.clear(); | 342 pseudo_schemes_.clear(); |
341 security_state_.clear(); | 343 security_state_.clear(); |
342 } | 344 } |
343 | 345 |
344 // static | 346 // static |
345 ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() { | 347 ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() { |
(...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
641 SecurityStateMap::iterator state = security_state_.find(child_id); | 643 SecurityStateMap::iterator state = security_state_.find(child_id); |
642 if (state == security_state_.end()) | 644 if (state == security_state_.end()) |
643 return false; | 645 return false; |
644 | 646 |
645 // Otherwise, we consult the child process's security state to see if it is | 647 // Otherwise, we consult the child process's security state to see if it is |
646 // allowed to commit the URL. | 648 // allowed to commit the URL. |
647 return state->second->CanCommitURL(url); | 649 return state->second->CanCommitURL(url); |
648 } | 650 } |
649 } | 651 } |
650 | 652 |
| 653 bool ChildProcessSecurityPolicyImpl::CanSetAsOriginHeader(int child_id, |
| 654 const GURL& url) { |
| 655 if (!url.is_valid()) |
| 656 return false; // Can't set invalid URLs as origin headers. |
| 657 |
| 658 // Suborigin URLs are a special case and are allowed to be an origin header. |
| 659 if (url.scheme() == kHttpSuboriginScheme || |
| 660 url.scheme() == kHttpsSuboriginScheme) { |
| 661 DCHECK(IsPseudoScheme(url.scheme())); |
| 662 return true; |
| 663 } |
| 664 |
| 665 return CanCommitURL(child_id, url); |
| 666 } |
| 667 |
651 bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id, | 668 bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id, |
652 const base::FilePath& file) { | 669 const base::FilePath& file) { |
653 return HasPermissionsForFile(child_id, file, READ_FILE_GRANT); | 670 return HasPermissionsForFile(child_id, file, READ_FILE_GRANT); |
654 } | 671 } |
655 | 672 |
656 bool ChildProcessSecurityPolicyImpl::CanReadAllFiles( | 673 bool ChildProcessSecurityPolicyImpl::CanReadAllFiles( |
657 int child_id, | 674 int child_id, |
658 const std::vector<base::FilePath>& files) { | 675 const std::vector<base::FilePath>& files) { |
659 return std::all_of(files.begin(), files.end(), | 676 return std::all_of(files.begin(), files.end(), |
660 [this, child_id](const base::FilePath& file) { | 677 [this, child_id](const base::FilePath& file) { |
(...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
882 base::AutoLock lock(lock_); | 899 base::AutoLock lock(lock_); |
883 | 900 |
884 SecurityStateMap::iterator state = security_state_.find(child_id); | 901 SecurityStateMap::iterator state = security_state_.find(child_id); |
885 if (state == security_state_.end()) | 902 if (state == security_state_.end()) |
886 return false; | 903 return false; |
887 | 904 |
888 return state->second->can_send_midi_sysex(); | 905 return state->second->can_send_midi_sysex(); |
889 } | 906 } |
890 | 907 |
891 } // namespace content | 908 } // namespace content |
OLD | NEW |