OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "content/common/content_export.h" | 10 #include "content/common/content_export.h" |
(...skipping 16 matching lines...) Expand all Loading... |
27 class ChildProcessSecurityPolicy { | 27 class ChildProcessSecurityPolicy { |
28 public: | 28 public: |
29 virtual ~ChildProcessSecurityPolicy() {} | 29 virtual ~ChildProcessSecurityPolicy() {} |
30 | 30 |
31 // There is one global ChildProcessSecurityPolicy object for the entire | 31 // There is one global ChildProcessSecurityPolicy object for the entire |
32 // browser process. The object returned by this method may be accessed on | 32 // browser process. The object returned by this method may be accessed on |
33 // any thread. | 33 // any thread. |
34 static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance(); | 34 static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance(); |
35 | 35 |
36 // Web-safe schemes can be requested by any child process. Once a web-safe | 36 // Web-safe schemes can be requested by any child process. Once a web-safe |
37 // scheme has been registered, any child process can request URLs with | 37 // scheme has been registered, any child process can request URLs whose |
38 // that scheme. There is no mechanism for revoking web-safe schemes. | 38 // origins use that scheme. There is no mechanism for revoking web-safe |
| 39 // schemes. |
| 40 // |
| 41 // Only call this function if URLs of this scheme are okay to host in |
| 42 // any ordinary renderer process. |
| 43 // |
| 44 // Registering 'your-scheme' as web-safe also causes 'blob:your-scheme://' |
| 45 // and 'filesystem:your-scheme://' URLs to be considered web-safe. |
39 virtual void RegisterWebSafeScheme(const std::string& scheme) = 0; | 46 virtual void RegisterWebSafeScheme(const std::string& scheme) = 0; |
40 | 47 |
| 48 // More restrictive variant of RegisterWebSafeScheme; URLs with this scheme |
| 49 // may be requested by any child process, but navigations to this scheme may |
| 50 // only commit in child processes that have been explicitly granted |
| 51 // permission to do so. |
| 52 // |
| 53 // |always_allow_in_origin_headers| controls whether this scheme is allowed to |
| 54 // appear as the Origin HTTP header in outbound requests, even if the |
| 55 // originating process does not have permission to commit this scheme. This |
| 56 // may be necessary if the scheme is used in conjunction with blink's |
| 57 // IsolatedWorldSecurityOrigin mechanism, as for extension content scripts. |
| 58 virtual void RegisterWebSafeIsolatedScheme( |
| 59 const std::string& scheme, |
| 60 bool always_allow_in_origin_headers) = 0; |
| 61 |
41 // Returns true iff |scheme| has been registered as a web-safe scheme. | 62 // Returns true iff |scheme| has been registered as a web-safe scheme. |
| 63 // TODO(nick): https://crbug.com/651534 This function does not have enough |
| 64 // information to render an appropriate judgment for blob and filesystem URLs; |
| 65 // change it to accept an URL instead. |
42 virtual bool IsWebSafeScheme(const std::string& scheme) = 0; | 66 virtual bool IsWebSafeScheme(const std::string& scheme) = 0; |
43 | 67 |
44 // This permission grants only read access to a file. | 68 // This permission grants only read access to a file. |
45 // Whenever the user picks a file from a <input type="file"> element, the | 69 // Whenever the user picks a file from a <input type="file"> element, the |
46 // browser should call this function to grant the child process the capability | 70 // browser should call this function to grant the child process the capability |
47 // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY. | 71 // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY. |
48 virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0; | 72 virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0; |
49 | 73 |
50 // This permission grants creation, read, and full write access to a file, | 74 // This permission grants creation, read, and full write access to a file, |
51 // including attributes. | 75 // including attributes. |
52 virtual void GrantCreateReadWriteFile(int child_id, | 76 virtual void GrantCreateReadWriteFile(int child_id, |
53 const base::FilePath& file) = 0; | 77 const base::FilePath& file) = 0; |
54 | 78 |
55 // This permission grants copy-into permission for |dir|. | 79 // This permission grants copy-into permission for |dir|. |
56 virtual void GrantCopyInto(int child_id, const base::FilePath& dir) = 0; | 80 virtual void GrantCopyInto(int child_id, const base::FilePath& dir) = 0; |
57 | 81 |
58 // This permission grants delete permission for |dir|. | 82 // This permission grants delete permission for |dir|. |
59 virtual void GrantDeleteFrom(int child_id, const base::FilePath& dir) = 0; | 83 virtual void GrantDeleteFrom(int child_id, const base::FilePath& dir) = 0; |
60 | 84 |
| 85 // Determine whether the process has the capability to request the URL. |
| 86 // Before servicing a child process's request for a URL, the content layer |
| 87 // calls this method to determine whether it is safe. |
| 88 virtual bool CanRequestURL(int child_id, const GURL& url) = 0; |
| 89 |
| 90 // Whether the process is allowed to commit a document from the given URL. |
| 91 // This is more restrictive than CanRequestURL, since CanRequestURL allows |
| 92 // requests that might lead to cross-process navigations or external protocol |
| 93 // handlers. |
| 94 virtual bool CanCommitURL(int child_id, const GURL& url) = 0; |
| 95 |
61 // These methods verify whether or not the child process has been granted | 96 // These methods verify whether or not the child process has been granted |
62 // permissions perform these functions on |file|. | 97 // permissions perform these functions on |file|. |
63 | 98 |
64 // Before servicing a child process's request to upload a file to the web, the | 99 // Before servicing a child process's request to upload a file to the web, the |
65 // browser should call this method to determine whether the process has the | 100 // browser should call this method to determine whether the process has the |
66 // capability to upload the requested file. | 101 // capability to upload the requested file. |
67 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0; | 102 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0; |
68 virtual bool CanCreateReadWriteFile(int child_id, | 103 virtual bool CanCreateReadWriteFile(int child_id, |
69 const base::FilePath& file) = 0; | 104 const base::FilePath& file) = 0; |
70 | 105 |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
162 // Returns true if the process is permitted to read and modify the data for | 197 // Returns true if the process is permitted to read and modify the data for |
163 // the given origin. This is currently used for cookies and passwords. | 198 // the given origin. This is currently used for cookies and passwords. |
164 // Does not affect cookies attached to or set by network requests. | 199 // Does not affect cookies attached to or set by network requests. |
165 // Only might return false if the --site-per-process flag is used. | 200 // Only might return false if the --site-per-process flag is used. |
166 virtual bool CanAccessDataForOrigin(int child_id, const GURL& gurl) = 0; | 201 virtual bool CanAccessDataForOrigin(int child_id, const GURL& gurl) = 0; |
167 }; | 202 }; |
168 | 203 |
169 } // namespace content | 204 } // namespace content |
170 | 205 |
171 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 206 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
OLD | NEW |