OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "content/common/content_export.h" | 10 #include "content/common/content_export.h" |
(...skipping 16 matching lines...) Expand all Loading... |
27 class ChildProcessSecurityPolicy { | 27 class ChildProcessSecurityPolicy { |
28 public: | 28 public: |
29 virtual ~ChildProcessSecurityPolicy() {} | 29 virtual ~ChildProcessSecurityPolicy() {} |
30 | 30 |
31 // There is one global ChildProcessSecurityPolicy object for the entire | 31 // There is one global ChildProcessSecurityPolicy object for the entire |
32 // browser process. The object returned by this method may be accessed on | 32 // browser process. The object returned by this method may be accessed on |
33 // any thread. | 33 // any thread. |
34 static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance(); | 34 static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance(); |
35 | 35 |
36 // Web-safe schemes can be requested by any child process. Once a web-safe | 36 // Web-safe schemes can be requested by any child process. Once a web-safe |
37 // scheme has been registered, any child process can request URLs whose | 37 // scheme has been registered, any child process can request URLs with |
38 // origins use that scheme. There is no mechanism for revoking web-safe | 38 // that scheme. There is no mechanism for revoking web-safe schemes. |
39 // schemes. | |
40 // | |
41 // Only call this function if URLs of this scheme are okay to host in | |
42 // any ordinary renderer process. | |
43 // | |
44 // Registering 'your-scheme' as web-safe also causes 'blob:your-scheme://' | |
45 // and 'filesystem:your-scheme://' URLs to be considered web-safe. | |
46 virtual void RegisterWebSafeScheme(const std::string& scheme) = 0; | 39 virtual void RegisterWebSafeScheme(const std::string& scheme) = 0; |
47 | 40 |
48 // More restrictive variant of RegisterWebSafeScheme; URLs with this scheme | |
49 // may be requested by any child process, but navigations to this scheme may | |
50 // only commit in child processes that have been explicitly granted | |
51 // permission to do so. | |
52 // | |
53 // |always_allow_in_origin_headers| controls whether this scheme is allowed to | |
54 // appear as the Origin HTTP header in outbound requests, even if the | |
55 // originating process does not have permission to commit this scheme. This | |
56 // may be necessary if the scheme is used in conjunction with blink's | |
57 // IsolatedWorldSecurityOrigin mechanism, as for extension content scripts. | |
58 virtual void RegisterWebSafeIsolatedScheme( | |
59 const std::string& scheme, | |
60 bool always_allow_in_origin_headers) = 0; | |
61 | |
62 // Returns true iff |scheme| has been registered as a web-safe scheme. | 41 // Returns true iff |scheme| has been registered as a web-safe scheme. |
63 // TODO(nick): https://crbug.com/651534 This function does not have enough | |
64 // information to render an appropriate judgment for blob and filesystem URLs; | |
65 // change it to accept an URL instead. | |
66 virtual bool IsWebSafeScheme(const std::string& scheme) = 0; | 42 virtual bool IsWebSafeScheme(const std::string& scheme) = 0; |
67 | 43 |
68 // This permission grants only read access to a file. | 44 // This permission grants only read access to a file. |
69 // Whenever the user picks a file from a <input type="file"> element, the | 45 // Whenever the user picks a file from a <input type="file"> element, the |
70 // browser should call this function to grant the child process the capability | 46 // browser should call this function to grant the child process the capability |
71 // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY. | 47 // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY. |
72 virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0; | 48 virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0; |
73 | 49 |
74 // This permission grants creation, read, and full write access to a file, | 50 // This permission grants creation, read, and full write access to a file, |
75 // including attributes. | 51 // including attributes. |
76 virtual void GrantCreateReadWriteFile(int child_id, | 52 virtual void GrantCreateReadWriteFile(int child_id, |
77 const base::FilePath& file) = 0; | 53 const base::FilePath& file) = 0; |
78 | 54 |
79 // This permission grants copy-into permission for |dir|. | 55 // This permission grants copy-into permission for |dir|. |
80 virtual void GrantCopyInto(int child_id, const base::FilePath& dir) = 0; | 56 virtual void GrantCopyInto(int child_id, const base::FilePath& dir) = 0; |
81 | 57 |
82 // This permission grants delete permission for |dir|. | 58 // This permission grants delete permission for |dir|. |
83 virtual void GrantDeleteFrom(int child_id, const base::FilePath& dir) = 0; | 59 virtual void GrantDeleteFrom(int child_id, const base::FilePath& dir) = 0; |
84 | 60 |
85 // Determine whether the process has the capability to request the URL. | |
86 // Before servicing a child process's request for a URL, the content layer | |
87 // calls this method to determine whether it is safe. | |
88 virtual bool CanRequestURL(int child_id, const GURL& url) = 0; | |
89 | |
90 // Whether the process is allowed to commit a document from the given URL. | |
91 // This is more restrictive than CanRequestURL, since CanRequestURL allows | |
92 // requests that might lead to cross-process navigations or external protocol | |
93 // handlers. | |
94 virtual bool CanCommitURL(int child_id, const GURL& url) = 0; | |
95 | |
96 // These methods verify whether or not the child process has been granted | 61 // These methods verify whether or not the child process has been granted |
97 // permissions perform these functions on |file|. | 62 // permissions perform these functions on |file|. |
98 | 63 |
99 // Before servicing a child process's request to upload a file to the web, the | 64 // Before servicing a child process's request to upload a file to the web, the |
100 // browser should call this method to determine whether the process has the | 65 // browser should call this method to determine whether the process has the |
101 // capability to upload the requested file. | 66 // capability to upload the requested file. |
102 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0; | 67 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0; |
103 virtual bool CanCreateReadWriteFile(int child_id, | 68 virtual bool CanCreateReadWriteFile(int child_id, |
104 const base::FilePath& file) = 0; | 69 const base::FilePath& file) = 0; |
105 | 70 |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
197 // Returns true if the process is permitted to read and modify the data for | 162 // Returns true if the process is permitted to read and modify the data for |
198 // the given origin. This is currently used for cookies and passwords. | 163 // the given origin. This is currently used for cookies and passwords. |
199 // Does not affect cookies attached to or set by network requests. | 164 // Does not affect cookies attached to or set by network requests. |
200 // Only might return false if the --site-per-process flag is used. | 165 // Only might return false if the --site-per-process flag is used. |
201 virtual bool CanAccessDataForOrigin(int child_id, const GURL& gurl) = 0; | 166 virtual bool CanAccessDataForOrigin(int child_id, const GURL& gurl) = 0; |
202 }; | 167 }; |
203 | 168 |
204 } // namespace content | 169 } // namespace content |
205 | 170 |
206 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 171 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
OLD | NEW |