OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "content/common/content_export.h" | 10 #include "content/common/content_export.h" |
(...skipping 16 matching lines...) Expand all Loading... | |
27 class ChildProcessSecurityPolicy { | 27 class ChildProcessSecurityPolicy { |
28 public: | 28 public: |
29 virtual ~ChildProcessSecurityPolicy() {} | 29 virtual ~ChildProcessSecurityPolicy() {} |
30 | 30 |
31 // There is one global ChildProcessSecurityPolicy object for the entire | 31 // There is one global ChildProcessSecurityPolicy object for the entire |
32 // browser process. The object returned by this method may be accessed on | 32 // browser process. The object returned by this method may be accessed on |
33 // any thread. | 33 // any thread. |
34 static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance(); | 34 static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance(); |
35 | 35 |
36 // Web-safe schemes can be requested by any child process. Once a web-safe | 36 // Web-safe schemes can be requested by any child process. Once a web-safe |
37 // scheme has been registered, any child process can request URLs with | 37 // scheme has been registered, any child process can request URLs whose |
38 // that scheme. There is no mechanism for revoking web-safe schemes. | 38 // origins use that scheme. There is no mechanism for revoking web-safe |
39 // schemes. | |
40 // | |
41 // Only call this function if URLs of this scheme are okay to host in | |
42 // any ordinary renderer process. | |
43 // | |
44 // Registering 'your-scheme' as web-safe also causes 'blob:your-scheme://' | |
45 // and 'filesystem:your-scheme://' URLs to be considered web-safe. | |
39 virtual void RegisterWebSafeScheme(const std::string& scheme) = 0; | 46 virtual void RegisterWebSafeScheme(const std::string& scheme) = 0; |
40 | 47 |
48 // More restrictive variant of RegisterWebSafeScheme; URLs with this scheme | |
49 // may be requested by any child process, but navigations to this scheme may | |
50 // only commit in child processes that have been explicitly granted | |
51 // permission to do so. | |
52 virtual void RegisterWebSafeIsolatedScheme(const std::string& scheme) = 0; | |
53 | |
41 // Returns true iff |scheme| has been registered as a web-safe scheme. | 54 // Returns true iff |scheme| has been registered as a web-safe scheme. |
55 // TODO(nick): This function does not have enough information to render | |
56 // an appropriate judgment for blob and filesystem URLs; change it | |
57 // to accept an URL instead. | |
Charlie Reis
2016/09/28 22:07:16
Good call! Can we list a bug number here so we do
ncarter (slow)
2016/09/29 21:01:45
Done.
| |
42 virtual bool IsWebSafeScheme(const std::string& scheme) = 0; | 58 virtual bool IsWebSafeScheme(const std::string& scheme) = 0; |
43 | 59 |
44 // This permission grants only read access to a file. | 60 // This permission grants only read access to a file. |
45 // Whenever the user picks a file from a <input type="file"> element, the | 61 // Whenever the user picks a file from a <input type="file"> element, the |
46 // browser should call this function to grant the child process the capability | 62 // browser should call this function to grant the child process the capability |
47 // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY. | 63 // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY. |
48 virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0; | 64 virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0; |
49 | 65 |
50 // This permission grants creation, read, and full write access to a file, | 66 // This permission grants creation, read, and full write access to a file, |
51 // including attributes. | 67 // including attributes. |
52 virtual void GrantCreateReadWriteFile(int child_id, | 68 virtual void GrantCreateReadWriteFile(int child_id, |
53 const base::FilePath& file) = 0; | 69 const base::FilePath& file) = 0; |
54 | 70 |
55 // This permission grants copy-into permission for |dir|. | 71 // This permission grants copy-into permission for |dir|. |
56 virtual void GrantCopyInto(int child_id, const base::FilePath& dir) = 0; | 72 virtual void GrantCopyInto(int child_id, const base::FilePath& dir) = 0; |
57 | 73 |
58 // This permission grants delete permission for |dir|. | 74 // This permission grants delete permission for |dir|. |
59 virtual void GrantDeleteFrom(int child_id, const base::FilePath& dir) = 0; | 75 virtual void GrantDeleteFrom(int child_id, const base::FilePath& dir) = 0; |
60 | 76 |
77 // Determine whether the process has the capability to request the URL. | |
78 // Before servicing a child process's request for a URL, the content layer | |
79 // calls this method to determine whether it is safe. | |
80 virtual bool CanRequestURL(int child_id, const GURL& url) = 0; | |
Charlie Reis
2016/09/28 22:07:16
Are these only public so tests can call them? I s
ncarter (slow)
2016/09/29 21:01:45
Yes, they're exposed for test. Embedders already c
| |
81 | |
82 // Whether the process is allowed to commit a document from the given URL. | |
83 // This is more restrictive than CanRequestURL, since CanRequestURL allows | |
84 // requests that might lead to cross-process navigations or external protocol | |
85 // handlers. | |
86 virtual bool CanCommitURL(int child_id, const GURL& url) = 0; | |
87 | |
61 // These methods verify whether or not the child process has been granted | 88 // These methods verify whether or not the child process has been granted |
62 // permissions perform these functions on |file|. | 89 // permissions perform these functions on |file|. |
63 | 90 |
64 // Before servicing a child process's request to upload a file to the web, the | 91 // Before servicing a child process's request to upload a file to the web, the |
65 // browser should call this method to determine whether the process has the | 92 // browser should call this method to determine whether the process has the |
66 // capability to upload the requested file. | 93 // capability to upload the requested file. |
67 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0; | 94 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0; |
68 virtual bool CanCreateReadWriteFile(int child_id, | 95 virtual bool CanCreateReadWriteFile(int child_id, |
69 const base::FilePath& file) = 0; | 96 const base::FilePath& file) = 0; |
70 | 97 |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
162 // Returns true if the process is permitted to read and modify the data for | 189 // Returns true if the process is permitted to read and modify the data for |
163 // the given origin. This is currently used for cookies and passwords. | 190 // the given origin. This is currently used for cookies and passwords. |
164 // Does not affect cookies attached to or set by network requests. | 191 // Does not affect cookies attached to or set by network requests. |
165 // Only might return false if the --site-per-process flag is used. | 192 // Only might return false if the --site-per-process flag is used. |
166 virtual bool CanAccessDataForOrigin(int child_id, const GURL& gurl) = 0; | 193 virtual bool CanAccessDataForOrigin(int child_id, const GURL& gurl) = 0; |
167 }; | 194 }; |
168 | 195 |
169 } // namespace content | 196 } // namespace content |
170 | 197 |
171 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 198 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
OLD | NEW |