Chromium Code Reviews Chromium Code Reviews
Issue 2378253002:
BlobDispatcherHost: don't rely on NOTREACHED() checks in ParamTraits::Read (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/blob_storage/blob_dispatcher_host.h" | 5 #include "content/browser/blob_storage/blob_dispatcher_host.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/metrics/histogram_macros.h" | 10 #include "base/metrics/histogram_macros.h" |
| (...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 143 return; | 143 return; |
| 144 } | 144 } |
| 145 if (!async_builder_.IsBeingBuilt(uuid)) { | 145 if (!async_builder_.IsBeingBuilt(uuid)) { |
| 146 SendIPCResponse(uuid, BlobTransportResult::BAD_IPC); | 146 SendIPCResponse(uuid, BlobTransportResult::BAD_IPC); |
| 147 return; | 147 return; |
| 148 } | 148 } |
| 149 | 149 |
| 150 ChildProcessSecurityPolicyImpl* security_policy = | 150 ChildProcessSecurityPolicyImpl* security_policy = |
| 151 ChildProcessSecurityPolicyImpl::GetInstance(); | 151 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 152 for (const DataElement& item : descriptions) { | 152 for (const DataElement& item : descriptions) { |
| 153 if (item.type() == storage::DataElement::TYPE_FILE_FILESYSTEM) { | 153 // For each source object that provides the data for the blob, ensure that |
| 154 FileSystemURL filesystem_url( | 154 // this process has permission to read it. |
| 155 file_system_context_->CrackURL(item.filesystem_url())); | 155 switch (item.type()) { |
| 156 if (!FileSystemURLIsValid(file_system_context_.get(), filesystem_url) || | 156 case storage::DataElement::TYPE_FILE_FILESYSTEM: { |
| 157 !security_policy->CanReadFileSystemFile(process_id_, | 157 FileSystemURL filesystem_url( |
| 158 filesystem_url)) { | 158 file_system_context_->CrackURL(item.filesystem_url())); |
| 159 async_builder_.CancelBuildingBlob( | 159 if (!FileSystemURLIsValid(file_system_context_.get(), filesystem_url) || |
| 160 uuid, IPCBlobCreationCancelCode::FILE_WRITE_FAILED, context); | 160 !security_policy->CanReadFileSystemFile(process_id_, |
| 161 Send(new BlobStorageMsg_CancelBuildingBlob( | 161 filesystem_url)) { |
| 162 uuid, IPCBlobCreationCancelCode::FILE_WRITE_FAILED)); | 162 async_builder_.CancelBuildingBlob( |
| 163 return; | 163 uuid, IPCBlobCreationCancelCode::FILE_WRITE_FAILED, context); |
| 164 Send(new BlobStorageMsg_CancelBuildingBlob( | |
| 165 uuid, IPCBlobCreationCancelCode::FILE_WRITE_FAILED)); | |
| 166 return; | |
| 167 } | |
| 168 break; | |
| 164 } | 169 } |
| 165 } | 170 case storage::DataElement::TYPE_FILE: { |
| 166 if (item.type() == storage::DataElement::TYPE_FILE && | 171 if (!security_policy->CanReadFile(process_id_, item.path())) { |
| 167 !security_policy->CanReadFile(process_id_, item.path())) { | 172 async_builder_.CancelBuildingBlob( |
| 168 async_builder_.CancelBuildingBlob( | 173 uuid, IPCBlobCreationCancelCode::FILE_WRITE_FAILED, context); |
| 169 uuid, IPCBlobCreationCancelCode::FILE_WRITE_FAILED, context); | 174 Send(new BlobStorageMsg_CancelBuildingBlob( |
| 170 Send(new BlobStorageMsg_CancelBuildingBlob( | 175 uuid, IPCBlobCreationCancelCode::FILE_WRITE_FAILED)); |
| 171 uuid, IPCBlobCreationCancelCode::FILE_WRITE_FAILED)); | 176 return; |
| 172 return; | 177 } |
| 178 break; | |
| 179 } | |
| 180 case storage::DataElement::TYPE_BLOB: | |
| 181 case storage::DataElement::TYPE_BYTES_DESCRIPTION: | |
| 182 case storage::DataElement::TYPE_BYTES: { | |
| 183 // Bytes are already in hand; no need to check read permission. | |
| 184 // TODO(nick): For TYPE_BLOB, can we actually get here for blobs | |
| 185 // originally created by other processes? If so, is that cool? | |
| 186 break; | |
| 187 } | |
| 188 case storage::DataElement::TYPE_UNKNOWN: | |
| 189 case storage::DataElement::TYPE_DISK_CACHE_ENTRY: { | |
| 190 CHECK(false); // Should have been caught by IPC deserialization. | |
|
dcheng
2016/09/28 23:46:36
I'm uncertain how I feel about CHECKing this. This
ncarter (slow)
2016/10/05 23:18:46
Done.
| |
| 191 break; | |
| 192 } | |
| 173 } | 193 } |
| 174 } | 194 } |
| 175 | 195 |
| 176 // |this| owns async_builder_ so using base::Unretained(this) is safe. | 196 // |this| owns async_builder_ so using base::Unretained(this) is safe. |
| 177 BlobTransportResult result = async_builder_.StartBuildingBlob( | 197 BlobTransportResult result = async_builder_.StartBuildingBlob( |
| 178 uuid, descriptions, context->memory_available(), context, | 198 uuid, descriptions, context->memory_available(), context, |
| 179 base::Bind(&BlobDispatcherHost::SendMemoryRequest, base::Unretained(this), | 199 base::Bind(&BlobDispatcherHost::SendMemoryRequest, base::Unretained(this), |
| 180 uuid)); | 200 uuid)); |
| 181 SendIPCResponse(uuid, result); | 201 SendIPCResponse(uuid, result); |
| 182 } | 202 } |
| (...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 398 context->RevokePublicBlobURL(url); | 418 context->RevokePublicBlobURL(url); |
| 399 } | 419 } |
| 400 for (const auto& uuid_refnum_pair : blobs_inuse_map_) { | 420 for (const auto& uuid_refnum_pair : blobs_inuse_map_) { |
| 401 for (int i = 0; i < uuid_refnum_pair.second; ++i) | 421 for (int i = 0; i < uuid_refnum_pair.second; ++i) |
| 402 context->DecrementBlobRefCount(uuid_refnum_pair.first); | 422 context->DecrementBlobRefCount(uuid_refnum_pair.first); |
| 403 } | 423 } |
| 404 async_builder_.CancelAll(context); | 424 async_builder_.CancelAll(context); |
| 405 } | 425 } |
| 406 | 426 |
| 407 } // namespace content | 427 } // namespace content |
| OLD | NEW |
