Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1945)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/child_process_security_policy_impl.cc

Issue 2437753003: Tighten IO thread blob/filesystem URL checks for apps with webview permission. (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/net/chrome_extensions_network_delegate.cc ('K') | « content/browser/child_process_security_policy_impl.h ('k') | content/public/browser/child_process_security_policy.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/child_process_security_policy_impl.cc
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
index 66a4c3add715ddab6d56d994ed22f6d496124368..d7fd241f5adebd7b7f10cad5bd52e6018fda1be0 100644
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -201,6 +201,10 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
can_send_midi_sysex_ = true;
}
+ bool CanCommitOrigin(const url::Origin& origin) {
+ return base::ContainsKey(origin_set_, origin);
+ }
+
// Determine whether permission has been granted to commit |url|.
bool CanCommitURL(const GURL& url) {
DCHECK(!url.SchemeIsBlob() && !url.SchemeIsFileSystem())
@@ -212,7 +216,7 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
return scheme_judgment->second;
// Otherwise, check for permission for specific origin.
- if (base::ContainsKey(origin_set_, url::Origin(url)))
+ if (CanCommitOrigin(url::Origin(url)))
return true;
// file:// URLs are more granular. The child may have been given
@@ -934,6 +938,16 @@ bool ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin(int child_id,
return state->second->CanAccessDataForOrigin(gurl);
}
+bool ChildProcessSecurityPolicyImpl::HasSpecificPermissionForOrigin(
+ int child_id,
+ const url::Origin& origin) {
+ base::AutoLock lock(lock_);
+ SecurityStateMap::iterator state = security_state_.find(child_id);
+ if (state == security_state_.end())
+ return false;
ncarter (slow) 2016/10/20 17:46:50 In previous interactions with CPSP, these |return
alexmos 2016/10/20 18:40:23 Acknowledged.
+ return state->second->CanCommitOrigin(origin);
+}
+
void ChildProcessSecurityPolicyImpl::LockToOrigin(int child_id,
const GURL& gurl) {
// "gurl" can be currently empty in some cases, such as file://blah.
« chrome/browser/net/chrome_extensions_network_delegate.cc ('K') | « content/browser/child_process_security_policy_impl.h ('k') | content/public/browser/child_process_security_policy.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698