| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 315 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 326 RegisterWebSafeScheme(url::kFtpScheme); | 326 RegisterWebSafeScheme(url::kFtpScheme); |
| 327 RegisterWebSafeScheme(url::kDataScheme); | 327 RegisterWebSafeScheme(url::kDataScheme); |
| 328 RegisterWebSafeScheme("feed"); | 328 RegisterWebSafeScheme("feed"); |
| 329 RegisterWebSafeScheme(url::kBlobScheme); | 329 RegisterWebSafeScheme(url::kBlobScheme); |
| 330 RegisterWebSafeScheme(url::kFileSystemScheme); | 330 RegisterWebSafeScheme(url::kFileSystemScheme); |
| 331 | 331 |
| 332 // We know about the following pseudo schemes and treat them specially. | 332 // We know about the following pseudo schemes and treat them specially. |
| 333 RegisterPseudoScheme(url::kAboutScheme); | 333 RegisterPseudoScheme(url::kAboutScheme); |
| 334 RegisterPseudoScheme(url::kJavaScriptScheme); | 334 RegisterPseudoScheme(url::kJavaScriptScheme); |
| 335 RegisterPseudoScheme(kViewSourceScheme); | 335 RegisterPseudoScheme(kViewSourceScheme); |
| 336 RegisterPseudoScheme(kHttpSuboriginScheme); |
| 337 RegisterPseudoScheme(kHttpsSuboriginScheme); |
| 336 } | 338 } |
| 337 | 339 |
| 338 ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() { | 340 ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() { |
| 339 web_safe_schemes_.clear(); | 341 web_safe_schemes_.clear(); |
| 340 pseudo_schemes_.clear(); | 342 pseudo_schemes_.clear(); |
| 341 security_state_.clear(); | 343 security_state_.clear(); |
| 342 } | 344 } |
| 343 | 345 |
| 344 // static | 346 // static |
| 345 ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() { | 347 ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() { |
| (...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 641 SecurityStateMap::iterator state = security_state_.find(child_id); | 643 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 642 if (state == security_state_.end()) | 644 if (state == security_state_.end()) |
| 643 return false; | 645 return false; |
| 644 | 646 |
| 645 // Otherwise, we consult the child process's security state to see if it is | 647 // Otherwise, we consult the child process's security state to see if it is |
| 646 // allowed to commit the URL. | 648 // allowed to commit the URL. |
| 647 return state->second->CanCommitURL(url); | 649 return state->second->CanCommitURL(url); |
| 648 } | 650 } |
| 649 } | 651 } |
| 650 | 652 |
| 653 bool ChildProcessSecurityPolicyImpl::CanSetAsOriginHeader(int child_id, |
| 654 const GURL& url) { |
| 655 if (!url.is_valid()) |
| 656 return false; // Can't set invalid URLs as origin headers. |
| 657 |
| 658 // Suborigin URLs are a special case and are allowed to be an origin header. |
| 659 if (url.scheme() == kHttpSuboriginScheme || |
| 660 url.scheme() == kHttpsSuboriginScheme) { |
| 661 DCHECK(IsPseudoScheme(url.scheme())); |
| 662 return true; |
| 663 } |
| 664 |
| 665 return CanCommitURL(child_id, url); |
| 666 } |
| 667 |
| 651 bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id, | 668 bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id, |
| 652 const base::FilePath& file) { | 669 const base::FilePath& file) { |
| 653 return HasPermissionsForFile(child_id, file, READ_FILE_GRANT); | 670 return HasPermissionsForFile(child_id, file, READ_FILE_GRANT); |
| 654 } | 671 } |
| 655 | 672 |
| 656 bool ChildProcessSecurityPolicyImpl::CanReadAllFiles( | 673 bool ChildProcessSecurityPolicyImpl::CanReadAllFiles( |
| 657 int child_id, | 674 int child_id, |
| 658 const std::vector<base::FilePath>& files) { | 675 const std::vector<base::FilePath>& files) { |
| 659 return std::all_of(files.begin(), files.end(), | 676 return std::all_of(files.begin(), files.end(), |
| 660 [this, child_id](const base::FilePath& file) { | 677 [this, child_id](const base::FilePath& file) { |
| (...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 882 base::AutoLock lock(lock_); | 899 base::AutoLock lock(lock_); |
| 883 | 900 |
| 884 SecurityStateMap::iterator state = security_state_.find(child_id); | 901 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 885 if (state == security_state_.end()) | 902 if (state == security_state_.end()) |
| 886 return false; | 903 return false; |
| 887 | 904 |
| 888 return state->second->can_send_midi_sysex(); | 905 return state->second->can_send_midi_sysex(); |
| 889 } | 906 } |
| 890 | 907 |
| 891 } // namespace content | 908 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2332263002:
Updated suborigin serialization to latest spec proposal (Closed)
