Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(53)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/child_process_security_policy_impl.cc

Issue 2394673002: In ChildProcessSecurityPolicy, rename to |url| to |filesystem_url| (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/child_process_security_policy_impl.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/child_process_security_policy_impl.h" 5 #include "content/browser/child_process_security_policy_impl.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 773 matching lines...) Expand 10 before | Expand all | Expand 10 after
784 result = ChildProcessHasPermissionsForFile(iter->second, 784 result = ChildProcessHasPermissionsForFile(iter->second,
785 file, 785 file,
786 permissions); 786 permissions);
787 } 787 }
788 } 788 }
789 return result; 789 return result;
790 } 790 }
791 791
792 bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile( 792 bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile(
793 int child_id, 793 int child_id,
794 const storage::FileSystemURL& url, 794 const storage::FileSystemURL& filesystem_url,
795 int permissions) { 795 int permissions) {
796 if (!url.is_valid()) 796 if (!filesystem_url.is_valid())
797 return false; 797 return false;
798 798
799 // If |url.origin()| is not committable in this process, then this page 799 // If |filesystem_url.origin()| is not committable in this process, then this
800 // page
Charlie Reis 2016/10/04 23:25:58 nit: Fix line wrap.
ncarter (slow) 2016/10/06 18:11:24 Done.
800 // should not be able to place content in that origin via the filesystem 801 // should not be able to place content in that origin via the filesystem
801 // API either. 802 // API either.
802 bool can_commit_origin = CanCommitURL(child_id, url.origin()); 803 bool can_commit_origin = CanCommitURL(child_id, filesystem_url.origin());
803 UMA_HISTOGRAM_BOOLEAN("ChildProcessSecurityPolicy.FileSystemCanCommitOrigin", 804 UMA_HISTOGRAM_BOOLEAN("ChildProcessSecurityPolicy.FileSystemCanCommitOrigin",
804 can_commit_origin); 805 can_commit_origin);
805 if (!can_commit_origin) 806 if (!can_commit_origin)
806 return false; 807 return false;
807 808
808 if (url.path().ReferencesParent()) 809 if (filesystem_url.path().ReferencesParent())
809 return false; 810 return false;
810 811
811 // Any write access is disallowed on the root path. 812 // Any write access is disallowed on the root path.
812 if (storage::VirtualPath::IsRootPath(url.path()) && 813 if (storage::VirtualPath::IsRootPath(filesystem_url.path()) &&
813 (permissions & ~READ_FILE_GRANT)) { 814 (permissions & ~READ_FILE_GRANT)) {
814 return false; 815 return false;
815 } 816 }
816 817
817 if (url.mount_type() == storage::kFileSystemTypeIsolated) { 818 if (filesystem_url.mount_type() == storage::kFileSystemTypeIsolated) {
818 // When Isolated filesystems is overlayed on top of another filesystem, 819 // When Isolated filesystems is overlayed on top of another filesystem,
819 // its per-filesystem permission overrides the underlying filesystem 820 // its per-filesystem permission overrides the underlying filesystem
820 // permissions). 821 // permissions).
821 return HasPermissionsForFileSystem( 822 return HasPermissionsForFileSystem(
822 child_id, url.mount_filesystem_id(), permissions); 823 child_id, filesystem_url.mount_filesystem_id(), permissions);
823 } 824 }
824 825
825 FileSystemPermissionPolicyMap::iterator found = 826 FileSystemPermissionPolicyMap::iterator found =
826 file_system_policy_map_.find(url.type()); 827 file_system_policy_map_.find(filesystem_url.type());
827 if (found == file_system_policy_map_.end()) 828 if (found == file_system_policy_map_.end())
828 return false; 829 return false;
829 830
830 if ((found->second & storage::FILE_PERMISSION_READ_ONLY) && 831 if ((found->second & storage::FILE_PERMISSION_READ_ONLY) &&
831 permissions & ~READ_FILE_GRANT) { 832 permissions & ~READ_FILE_GRANT) {
832 return false; 833 return false;
833 } 834 }
834 835
835 if (found->second & storage::FILE_PERMISSION_USE_FILE_PERMISSION) 836 if (found->second & storage::FILE_PERMISSION_USE_FILE_PERMISSION)
836 return HasPermissionsForFile(child_id, url.path(), permissions); 837 return HasPermissionsForFile(child_id, filesystem_url.path(), permissions);
837 838
838 if (found->second & storage::FILE_PERMISSION_SANDBOX) 839 if (found->second & storage::FILE_PERMISSION_SANDBOX)
839 return true; 840 return true;
840 841
841 return false; 842 return false;
842 } 843 }
843 844
844 bool ChildProcessSecurityPolicyImpl::CanReadFileSystemFile( 845 bool ChildProcessSecurityPolicyImpl::CanReadFileSystemFile(
845 int child_id, 846 int child_id,
846 const storage::FileSystemURL& url) { 847 const storage::FileSystemURL& filesystem_url) {
847 return HasPermissionsForFileSystemFile(child_id, url, READ_FILE_GRANT); 848 return HasPermissionsForFileSystemFile(child_id, filesystem_url,
849 READ_FILE_GRANT);
848 } 850 }
849 851
850 bool ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile( 852 bool ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile(
851 int child_id, 853 int child_id,
852 const storage::FileSystemURL& url) { 854 const storage::FileSystemURL& filesystem_url) {
853 return HasPermissionsForFileSystemFile(child_id, url, WRITE_FILE_GRANT); 855 return HasPermissionsForFileSystemFile(child_id, filesystem_url,
856 WRITE_FILE_GRANT);
854 } 857 }
855 858
856 bool ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile( 859 bool ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile(
857 int child_id, 860 int child_id,
858 const storage::FileSystemURL& url) { 861 const storage::FileSystemURL& filesystem_url) {
859 return HasPermissionsForFileSystemFile(child_id, url, CREATE_NEW_FILE_GRANT); 862 return HasPermissionsForFileSystemFile(child_id, filesystem_url,
863 CREATE_NEW_FILE_GRANT);
860 } 864 }
861 865
862 bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile( 866 bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile(
863 int child_id, 867 int child_id,
864 const storage::FileSystemURL& url) { 868 const storage::FileSystemURL& filesystem_url) {
865 return HasPermissionsForFileSystemFile(child_id, url, 869 return HasPermissionsForFileSystemFile(child_id, filesystem_url,
866 CREATE_READ_WRITE_FILE_GRANT); 870 CREATE_READ_WRITE_FILE_GRANT);
867 } 871 }
868 872
869 bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystemFile( 873 bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystemFile(
870 int child_id, 874 int child_id,
871 const storage::FileSystemURL& url) { 875 const storage::FileSystemURL& filesystem_url) {
872 return HasPermissionsForFileSystemFile(child_id, url, COPY_INTO_FILE_GRANT); 876 return HasPermissionsForFileSystemFile(child_id, filesystem_url,
877 COPY_INTO_FILE_GRANT);
873 } 878 }
874 879
875 bool ChildProcessSecurityPolicyImpl::CanDeleteFileSystemFile( 880 bool ChildProcessSecurityPolicyImpl::CanDeleteFileSystemFile(
876 int child_id, 881 int child_id,
877 const storage::FileSystemURL& url) { 882 const storage::FileSystemURL& filesystem_url) {
878 return HasPermissionsForFileSystemFile(child_id, url, DELETE_FILE_GRANT); 883 return HasPermissionsForFileSystemFile(child_id, filesystem_url,
884 DELETE_FILE_GRANT);
879 } 885 }
880 886
881 bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) { 887 bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) {
882 base::AutoLock lock(lock_); 888 base::AutoLock lock(lock_);
883 889
884 SecurityStateMap::iterator state = security_state_.find(child_id); 890 SecurityStateMap::iterator state = security_state_.find(child_id);
885 if (state == security_state_.end()) 891 if (state == security_state_.end())
886 return false; 892 return false;
887 893
888 return state->second->has_web_ui_bindings(); 894 return state->second->has_web_ui_bindings();
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after
972 base::AutoLock lock(lock_); 978 base::AutoLock lock(lock_);
973 979
974 SecurityStateMap::iterator state = security_state_.find(child_id); 980 SecurityStateMap::iterator state = security_state_.find(child_id);
975 if (state == security_state_.end()) 981 if (state == security_state_.end())
976 return false; 982 return false;
977 983
978 return state->second->can_send_midi_sysex(); 984 return state->second->can_send_midi_sysex();
979 } 985 }
980 986
981 } // namespace content 987 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/child_process_security_policy_impl.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698