| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
| (...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 169 | 169 |
| 170 // Determine whether permission has been granted to request |url|. | 170 // Determine whether permission has been granted to request |url|. |
| 171 bool CanRequestURL(const GURL& url) { | 171 bool CanRequestURL(const GURL& url) { |
| 172 // Having permission to a scheme implies permssion to all of its URLs. | 172 // Having permission to a scheme implies permssion to all of its URLs. |
| 173 SchemeMap::const_iterator judgment(scheme_policy_.find(url.scheme())); | 173 SchemeMap::const_iterator judgment(scheme_policy_.find(url.scheme())); |
| 174 if (judgment != scheme_policy_.end()) | 174 if (judgment != scheme_policy_.end()) |
| 175 return judgment->second; | 175 return judgment->second; |
| 176 | 176 |
| 177 // file:// URLs are more granular. The child may have been given | 177 // file:// URLs are more granular. The child may have been given |
| 178 // permission to a specific file but not the file:// scheme in general. | 178 // permission to a specific file but not the file:// scheme in general. |
| 179 if (url.SchemeIs(kFileScheme)) { | 179 if (url.SchemeIs(url::kFileScheme)) { |
| 180 base::FilePath path; | 180 base::FilePath path; |
| 181 if (net::FileURLToFilePath(url, &path)) | 181 if (net::FileURLToFilePath(url, &path)) |
| 182 return ContainsKey(request_file_set_, path); | 182 return ContainsKey(request_file_set_, path); |
| 183 } | 183 } |
| 184 | 184 |
| 185 return false; // Unmentioned schemes are disallowed. | 185 return false; // Unmentioned schemes are disallowed. |
| 186 } | 186 } |
| 187 | 187 |
| 188 // Determine if the certain permissions have been granted to a file. | 188 // Determine if the certain permissions have been granted to a file. |
| 189 bool HasPermissionsForFile(const base::FilePath& file, int permissions) { | 189 bool HasPermissionsForFile(const base::FilePath& file, int permissions) { |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 303 // The set of isolated filesystems the child process is permitted to access. | 303 // The set of isolated filesystems the child process is permitted to access. |
| 304 FileSystemMap filesystem_permissions_; | 304 FileSystemMap filesystem_permissions_; |
| 305 | 305 |
| 306 DISALLOW_COPY_AND_ASSIGN(SecurityState); | 306 DISALLOW_COPY_AND_ASSIGN(SecurityState); |
| 307 }; | 307 }; |
| 308 | 308 |
| 309 ChildProcessSecurityPolicyImpl::ChildProcessSecurityPolicyImpl() { | 309 ChildProcessSecurityPolicyImpl::ChildProcessSecurityPolicyImpl() { |
| 310 // We know about these schemes and believe them to be safe. | 310 // We know about these schemes and believe them to be safe. |
| 311 RegisterWebSafeScheme(url::kHttpScheme); | 311 RegisterWebSafeScheme(url::kHttpScheme); |
| 312 RegisterWebSafeScheme(url::kHttpsScheme); | 312 RegisterWebSafeScheme(url::kHttpsScheme); |
| 313 RegisterWebSafeScheme(kFtpScheme); | 313 RegisterWebSafeScheme(url::kFtpScheme); |
| 314 RegisterWebSafeScheme(kDataScheme); | 314 RegisterWebSafeScheme(url::kDataScheme); |
| 315 RegisterWebSafeScheme("feed"); | 315 RegisterWebSafeScheme("feed"); |
| 316 RegisterWebSafeScheme(kBlobScheme); | 316 RegisterWebSafeScheme(url::kBlobScheme); |
| 317 RegisterWebSafeScheme(kFileSystemScheme); | 317 RegisterWebSafeScheme(url::kFileSystemScheme); |
| 318 | 318 |
| 319 // We know about the following pseudo schemes and treat them specially. | 319 // We know about the following pseudo schemes and treat them specially. |
| 320 RegisterPseudoScheme(kAboutScheme); | 320 RegisterPseudoScheme(kAboutScheme); |
| 321 RegisterPseudoScheme(kJavaScriptScheme); | 321 RegisterPseudoScheme(url::kJavaScriptScheme); |
| 322 RegisterPseudoScheme(kViewSourceScheme); | 322 RegisterPseudoScheme(kViewSourceScheme); |
| 323 } | 323 } |
| 324 | 324 |
| 325 ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() { | 325 ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() { |
| 326 web_safe_schemes_.clear(); | 326 web_safe_schemes_.clear(); |
| 327 pseudo_schemes_.clear(); | 327 pseudo_schemes_.clear(); |
| 328 STLDeleteContainerPairSecondPointers(security_state_.begin(), | 328 STLDeleteContainerPairSecondPointers(security_state_.begin(), |
| 329 security_state_.end()); | 329 security_state_.end()); |
| 330 security_state_.clear(); | 330 security_state_.clear(); |
| 331 } | 331 } |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 427 | 427 |
| 428 // When the child process has been commanded to request this scheme, | 428 // When the child process has been commanded to request this scheme, |
| 429 // we grant it the capability to request all URLs of that scheme. | 429 // we grant it the capability to request all URLs of that scheme. |
| 430 state->second->GrantScheme(url.scheme()); | 430 state->second->GrantScheme(url.scheme()); |
| 431 } | 431 } |
| 432 } | 432 } |
| 433 | 433 |
| 434 void ChildProcessSecurityPolicyImpl::GrantRequestSpecificFileURL( | 434 void ChildProcessSecurityPolicyImpl::GrantRequestSpecificFileURL( |
| 435 int child_id, | 435 int child_id, |
| 436 const GURL& url) { | 436 const GURL& url) { |
| 437 if (!url.SchemeIs(kFileScheme)) | 437 if (!url.SchemeIs(url::kFileScheme)) |
| 438 return; | 438 return; |
| 439 | 439 |
| 440 { | 440 { |
| 441 base::AutoLock lock(lock_); | 441 base::AutoLock lock(lock_); |
| 442 SecurityStateMap::iterator state = security_state_.find(child_id); | 442 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 443 if (state == security_state_.end()) | 443 if (state == security_state_.end()) |
| 444 return; | 444 return; |
| 445 | 445 |
| 446 // When the child process has been commanded to request a file:// URL, | 446 // When the child process has been commanded to request a file:// URL, |
| 447 // then we grant it the capability for that URL only. | 447 // then we grant it the capability for that URL only. |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 551 SecurityStateMap::iterator state = security_state_.find(child_id); | 551 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 552 if (state == security_state_.end()) | 552 if (state == security_state_.end()) |
| 553 return; | 553 return; |
| 554 | 554 |
| 555 state->second->GrantBindings(BINDINGS_POLICY_WEB_UI); | 555 state->second->GrantBindings(BINDINGS_POLICY_WEB_UI); |
| 556 | 556 |
| 557 // Web UI bindings need the ability to request chrome: URLs. | 557 // Web UI bindings need the ability to request chrome: URLs. |
| 558 state->second->GrantScheme(kChromeUIScheme); | 558 state->second->GrantScheme(kChromeUIScheme); |
| 559 | 559 |
| 560 // Web UI pages can contain links to file:// URLs. | 560 // Web UI pages can contain links to file:// URLs. |
| 561 state->second->GrantScheme(kFileScheme); | 561 state->second->GrantScheme(url::kFileScheme); |
| 562 } | 562 } |
| 563 | 563 |
| 564 void ChildProcessSecurityPolicyImpl::GrantReadRawCookies(int child_id) { | 564 void ChildProcessSecurityPolicyImpl::GrantReadRawCookies(int child_id) { |
| 565 base::AutoLock lock(lock_); | 565 base::AutoLock lock(lock_); |
| 566 | 566 |
| 567 SecurityStateMap::iterator state = security_state_.find(child_id); | 567 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 568 if (state == security_state_.end()) | 568 if (state == security_state_.end()) |
| 569 return; | 569 return; |
| 570 | 570 |
| 571 state->second->GrantReadRawCookies(); | 571 state->second->GrantReadRawCookies(); |
| (...skipping 313 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 885 base::AutoLock lock(lock_); | 885 base::AutoLock lock(lock_); |
| 886 | 886 |
| 887 SecurityStateMap::iterator state = security_state_.find(child_id); | 887 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 888 if (state == security_state_.end()) | 888 if (state == security_state_.end()) |
| 889 return false; | 889 return false; |
| 890 | 890 |
| 891 return state->second->can_send_midi_sysex(); | 891 return state->second->can_send_midi_sysex(); |
| 892 } | 892 } |
| 893 | 893 |
| 894 } // namespace content | 894 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 273193004:
Move some content url constants to /url. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master