| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 773 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 784 result = ChildProcessHasPermissionsForFile(iter->second, | 784 result = ChildProcessHasPermissionsForFile(iter->second, |
| 785 file, | 785 file, |
| 786 permissions); | 786 permissions); |
| 787 } | 787 } |
| 788 } | 788 } |
| 789 return result; | 789 return result; |
| 790 } | 790 } |
| 791 | 791 |
| 792 bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile( | 792 bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile( |
| 793 int child_id, | 793 int child_id, |
| 794 const storage::FileSystemURL& url, | 794 const storage::FileSystemURL& filesystem_url, |
| 795 int permissions) { | 795 int permissions) { |
| 796 if (!url.is_valid()) | 796 if (!filesystem_url.is_valid()) |
| 797 return false; | 797 return false; |
| 798 | 798 |
| 799 // If |url.origin()| is not committable in this process, then this page | 799 // If |filesystem_url.origin()| is not committable in this process, then this |
| 800 // should not be able to place content in that origin via the filesystem | 800 // page should not be able to place content in that origin via the filesystem |
| 801 // API either. | 801 // API either. |
| 802 if (!CanCommitURL(child_id, url.origin())) { | 802 if (!CanCommitURL(child_id, filesystem_url.origin())) { |
| 803 UMA_HISTOGRAM_BOOLEAN("FileSystem.OriginFailedCanCommitURL", true); | 803 UMA_HISTOGRAM_BOOLEAN("FileSystem.OriginFailedCanCommitURL", true); |
| 804 return false; | 804 return false; |
| 805 } | 805 } |
| 806 | 806 |
| 807 if (url.path().ReferencesParent()) | 807 if (filesystem_url.path().ReferencesParent()) |
| 808 return false; | 808 return false; |
| 809 | 809 |
| 810 // Any write access is disallowed on the root path. | 810 // Any write access is disallowed on the root path. |
| 811 if (storage::VirtualPath::IsRootPath(url.path()) && | 811 if (storage::VirtualPath::IsRootPath(filesystem_url.path()) && |
| 812 (permissions & ~READ_FILE_GRANT)) { | 812 (permissions & ~READ_FILE_GRANT)) { |
| 813 return false; | 813 return false; |
| 814 } | 814 } |
| 815 | 815 |
| 816 if (url.mount_type() == storage::kFileSystemTypeIsolated) { | 816 if (filesystem_url.mount_type() == storage::kFileSystemTypeIsolated) { |
| 817 // When Isolated filesystems is overlayed on top of another filesystem, | 817 // When Isolated filesystems is overlayed on top of another filesystem, |
| 818 // its per-filesystem permission overrides the underlying filesystem | 818 // its per-filesystem permission overrides the underlying filesystem |
| 819 // permissions). | 819 // permissions). |
| 820 return HasPermissionsForFileSystem( | 820 return HasPermissionsForFileSystem( |
| 821 child_id, url.mount_filesystem_id(), permissions); | 821 child_id, filesystem_url.mount_filesystem_id(), permissions); |
| 822 } | 822 } |
| 823 | 823 |
| 824 FileSystemPermissionPolicyMap::iterator found = | 824 FileSystemPermissionPolicyMap::iterator found = |
| 825 file_system_policy_map_.find(url.type()); | 825 file_system_policy_map_.find(filesystem_url.type()); |
| 826 if (found == file_system_policy_map_.end()) | 826 if (found == file_system_policy_map_.end()) |
| 827 return false; | 827 return false; |
| 828 | 828 |
| 829 if ((found->second & storage::FILE_PERMISSION_READ_ONLY) && | 829 if ((found->second & storage::FILE_PERMISSION_READ_ONLY) && |
| 830 permissions & ~READ_FILE_GRANT) { | 830 permissions & ~READ_FILE_GRANT) { |
| 831 return false; | 831 return false; |
| 832 } | 832 } |
| 833 | 833 |
| 834 if (found->second & storage::FILE_PERMISSION_USE_FILE_PERMISSION) | 834 if (found->second & storage::FILE_PERMISSION_USE_FILE_PERMISSION) |
| 835 return HasPermissionsForFile(child_id, url.path(), permissions); | 835 return HasPermissionsForFile(child_id, filesystem_url.path(), permissions); |
| 836 | 836 |
| 837 if (found->second & storage::FILE_PERMISSION_SANDBOX) | 837 if (found->second & storage::FILE_PERMISSION_SANDBOX) |
| 838 return true; | 838 return true; |
| 839 | 839 |
| 840 return false; | 840 return false; |
| 841 } | 841 } |
| 842 | 842 |
| 843 bool ChildProcessSecurityPolicyImpl::CanReadFileSystemFile( | 843 bool ChildProcessSecurityPolicyImpl::CanReadFileSystemFile( |
| 844 int child_id, | 844 int child_id, |
| 845 const storage::FileSystemURL& url) { | 845 const storage::FileSystemURL& filesystem_url) { |
| 846 return HasPermissionsForFileSystemFile(child_id, url, READ_FILE_GRANT); | 846 return HasPermissionsForFileSystemFile(child_id, filesystem_url, |
| 847 READ_FILE_GRANT); |
| 847 } | 848 } |
| 848 | 849 |
| 849 bool ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile( | 850 bool ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile( |
| 850 int child_id, | 851 int child_id, |
| 851 const storage::FileSystemURL& url) { | 852 const storage::FileSystemURL& filesystem_url) { |
| 852 return HasPermissionsForFileSystemFile(child_id, url, WRITE_FILE_GRANT); | 853 return HasPermissionsForFileSystemFile(child_id, filesystem_url, |
| 854 WRITE_FILE_GRANT); |
| 853 } | 855 } |
| 854 | 856 |
| 855 bool ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile( | 857 bool ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile( |
| 856 int child_id, | 858 int child_id, |
| 857 const storage::FileSystemURL& url) { | 859 const storage::FileSystemURL& filesystem_url) { |
| 858 return HasPermissionsForFileSystemFile(child_id, url, CREATE_NEW_FILE_GRANT); | 860 return HasPermissionsForFileSystemFile(child_id, filesystem_url, |
| 861 CREATE_NEW_FILE_GRANT); |
| 859 } | 862 } |
| 860 | 863 |
| 861 bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile( | 864 bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile( |
| 862 int child_id, | 865 int child_id, |
| 863 const storage::FileSystemURL& url) { | 866 const storage::FileSystemURL& filesystem_url) { |
| 864 return HasPermissionsForFileSystemFile(child_id, url, | 867 return HasPermissionsForFileSystemFile(child_id, filesystem_url, |
| 865 CREATE_READ_WRITE_FILE_GRANT); | 868 CREATE_READ_WRITE_FILE_GRANT); |
| 866 } | 869 } |
| 867 | 870 |
| 868 bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystemFile( | 871 bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystemFile( |
| 869 int child_id, | 872 int child_id, |
| 870 const storage::FileSystemURL& url) { | 873 const storage::FileSystemURL& filesystem_url) { |
| 871 return HasPermissionsForFileSystemFile(child_id, url, COPY_INTO_FILE_GRANT); | 874 return HasPermissionsForFileSystemFile(child_id, filesystem_url, |
| 875 COPY_INTO_FILE_GRANT); |
| 872 } | 876 } |
| 873 | 877 |
| 874 bool ChildProcessSecurityPolicyImpl::CanDeleteFileSystemFile( | 878 bool ChildProcessSecurityPolicyImpl::CanDeleteFileSystemFile( |
| 875 int child_id, | 879 int child_id, |
| 876 const storage::FileSystemURL& url) { | 880 const storage::FileSystemURL& filesystem_url) { |
| 877 return HasPermissionsForFileSystemFile(child_id, url, DELETE_FILE_GRANT); | 881 return HasPermissionsForFileSystemFile(child_id, filesystem_url, |
| 882 DELETE_FILE_GRANT); |
| 878 } | 883 } |
| 879 | 884 |
| 880 bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) { | 885 bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) { |
| 881 base::AutoLock lock(lock_); | 886 base::AutoLock lock(lock_); |
| 882 | 887 |
| 883 SecurityStateMap::iterator state = security_state_.find(child_id); | 888 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 884 if (state == security_state_.end()) | 889 if (state == security_state_.end()) |
| 885 return false; | 890 return false; |
| 886 | 891 |
| 887 return state->second->has_web_ui_bindings(); | 892 return state->second->has_web_ui_bindings(); |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 971 base::AutoLock lock(lock_); | 976 base::AutoLock lock(lock_); |
| 972 | 977 |
| 973 SecurityStateMap::iterator state = security_state_.find(child_id); | 978 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 974 if (state == security_state_.end()) | 979 if (state == security_state_.end()) |
| 975 return false; | 980 return false; |
| 976 | 981 |
| 977 return state->second->can_send_midi_sysex(); | 982 return state->second->can_send_midi_sysex(); |
| 978 } | 983 } |
| 979 | 984 |
| 980 } // namespace content | 985 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2394673002:
In ChildProcessSecurityPolicy, rename to |url| to |filesystem_url| (Closed)
