OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <set> | 5 #include <set> |
6 #include <string> | 6 #include <string> |
7 | 7 |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/test/null_task_runner.h" |
9 #include "content/browser/child_process_security_policy_impl.h" | 10 #include "content/browser/child_process_security_policy_impl.h" |
| 11 #include "content/public/common/drop_data.h" |
10 #include "content/public/common/url_constants.h" | 12 #include "content/public/common/url_constants.h" |
11 #include "content/test/test_content_browser_client.h" | 13 #include "content/test/test_content_browser_client.h" |
| 14 #include "net/base/filename_util.h" |
| 15 #include "storage/browser/fileapi/external_mount_points.h" |
12 #include "storage/browser/fileapi/file_permission_policy.h" | 16 #include "storage/browser/fileapi/file_permission_policy.h" |
| 17 #include "storage/browser/fileapi/file_system_options.h" |
13 #include "storage/browser/fileapi/file_system_url.h" | 18 #include "storage/browser/fileapi/file_system_url.h" |
14 #include "storage/browser/fileapi/isolated_context.h" | 19 #include "storage/browser/fileapi/isolated_context.h" |
15 #include "storage/common/fileapi/file_system_types.h" | 20 #include "storage/common/fileapi/file_system_types.h" |
16 #include "testing/gtest/include/gtest/gtest.h" | 21 #include "testing/gtest/include/gtest/gtest.h" |
17 #include "url/gurl.h" | 22 #include "url/gurl.h" |
18 #include "url/origin.h" | 23 #include "url/origin.h" |
19 | 24 |
20 namespace content { | 25 namespace content { |
21 namespace { | 26 namespace { |
22 | 27 |
(...skipping 863 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
886 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); | 891 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); |
887 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); | 892 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); |
888 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); | 893 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); |
889 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1)); | 894 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1)); |
890 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2)); | 895 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2)); |
891 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_bar)); | 896 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_bar)); |
892 | 897 |
893 p->Remove(kRendererID); | 898 p->Remove(kRendererID); |
894 } | 899 } |
895 | 900 |
| 901 TEST_F(ChildProcessSecurityPolicyTest, DropDataGrantsTest_FileSystemFiles) { |
| 902 ChildProcessSecurityPolicyImpl* p = |
| 903 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 904 p->Add(kRendererID); |
| 905 |
| 906 // Prepare |original_file| FileSystemURL that comes from a |sensitive_origin|. |
| 907 // This attempts to simulate for unit testing the drive URL from |
| 908 // https://crbug.com/705295#c23. |
| 909 const GURL kSensitiveOrigin("chrome://hhaomjibdihmijegdhdafkllkbggdgoj/"); |
| 910 const char kMountName[] = "drive-testuser%40gmail.com-hash"; |
| 911 const base::FilePath kTestPath(FILE_PATH_LITERAL("root/dir/testfile.jpg")); |
| 912 scoped_refptr<storage::ExternalMountPoints> external_mount_points = |
| 913 storage::ExternalMountPoints::CreateRefCounted(); |
| 914 external_mount_points->RegisterFileSystem( |
| 915 kMountName, storage::FileSystemType::kFileSystemTypeTest, |
| 916 storage::FileSystemMountOption(), |
| 917 base::FilePath(FILE_PATH_LITERAL("/test")).AppendASCII(kMountName)); |
| 918 storage::FileSystemURL original_file = |
| 919 external_mount_points->CreateExternalFileSystemURL(kSensitiveOrigin, |
| 920 kMountName, kTestPath); |
| 921 EXPECT_TRUE(original_file.is_valid()); |
| 922 EXPECT_EQ(kSensitiveOrigin, original_file.origin()); |
| 923 |
| 924 // Prepare fake FileSystemContext to use in the test. |
| 925 scoped_refptr<base::SingleThreadTaskRunner> io_task_runner( |
| 926 new base::NullTaskRunner); |
| 927 scoped_refptr<base::SequencedTaskRunner> file_task_runner( |
| 928 new base::NullTaskRunner); |
| 929 storage::FileSystemOptions file_system_options( |
| 930 storage::FileSystemOptions::PROFILE_MODE_NORMAL, |
| 931 std::vector<std::string>(), nullptr); |
| 932 scoped_refptr<storage::FileSystemContext> test_file_system_context( |
| 933 new storage::FileSystemContext( |
| 934 io_task_runner.get(), file_task_runner.get(), |
| 935 external_mount_points.get(), |
| 936 nullptr, // special_storage_policy |
| 937 nullptr, // quota_manager_proxy, |
| 938 std::vector<std::unique_ptr<storage::FileSystemBackend>>(), |
| 939 std::vector<storage::URLRequestAutoMountHandler>(), |
| 940 base::FilePath(), // partition_path |
| 941 file_system_options)); |
| 942 |
| 943 // Prepare content::DropData containing |file_system_url|. |
| 944 DropData::FileSystemFileInfo filesystem_file_info; |
| 945 filesystem_file_info.url = original_file.ToGURL(); |
| 946 filesystem_file_info.size = 123; |
| 947 filesystem_file_info.filesystem_id = original_file.filesystem_id(); |
| 948 DropData drop_data; |
| 949 drop_data.file_system_files.push_back(filesystem_file_info); |
| 950 |
| 951 // Verify that initially no access is be granted to the |kSensitiveOrigin|. |
| 952 EXPECT_FALSE(p->CanCommitURL(kRendererID, kSensitiveOrigin)); |
| 953 |
| 954 // Verify that initially no access is granted to the |original_file|. |
| 955 EXPECT_FALSE(p->CanReadFileSystemFile(kRendererID, original_file)); |
| 956 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, original_file)); |
| 957 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, original_file)); |
| 958 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, original_file)); |
| 959 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, original_file)); |
| 960 |
| 961 // Invoke the API under test to grant access to |drop_data|. |
| 962 p->GrantFileAccessFromDropData(kRendererID, test_file_system_context.get(), |
| 963 &drop_data); |
| 964 |
| 965 // Verify that |drop_data| is mostly unchanged. |
| 966 EXPECT_EQ(0u, drop_data.filenames.size()); |
| 967 EXPECT_EQ(1u, drop_data.file_system_files.size()); |
| 968 EXPECT_EQ(123, drop_data.file_system_files[0].size); |
| 969 // It is okay if |drop_data.file_system_files[0].url| and |
| 970 // |drop_data.file_system_files[0].filesystem_id| change (to aid in enforcing |
| 971 // proper access patterns that are verified below). |
| 972 |
| 973 // Verify that the URL didn't change *too* much. |
| 974 storage::FileSystemURL dropped_file = |
| 975 test_file_system_context->CrackURL(drop_data.file_system_files[0].url); |
| 976 EXPECT_TRUE(dropped_file.is_valid()); |
| 977 EXPECT_EQ(original_file.origin(), dropped_file.origin()); |
| 978 EXPECT_EQ(original_file.path().BaseName(), dropped_file.path().BaseName()); |
| 979 |
| 980 // Verify that there is still no access to |kSensitiveOrigin|. |
| 981 EXPECT_FALSE(p->CanCommitURL(kRendererID, kSensitiveOrigin)); |
| 982 |
| 983 // Verify that there is still no access to |original_file|. |
| 984 EXPECT_FALSE(p->CanReadFileSystemFile(kRendererID, original_file)); |
| 985 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, original_file)); |
| 986 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, original_file)); |
| 987 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, original_file)); |
| 988 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, original_file)); |
| 989 |
| 990 // Verify that read access (and no other access) is granted for |
| 991 // |dropped_file|. |
| 992 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, dropped_file)); |
| 993 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, dropped_file)); |
| 994 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, dropped_file)); |
| 995 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, dropped_file)); |
| 996 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, dropped_file)); |
| 997 |
| 998 p->Remove(kRendererID); |
| 999 } |
| 1000 |
| 1001 TEST_F(ChildProcessSecurityPolicyTest, DropDataGrantsTest_LocalFiles) { |
| 1002 ChildProcessSecurityPolicyImpl* p = |
| 1003 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 1004 p->Add(kRendererID); |
| 1005 |
| 1006 // Prepare content::DropData containing some local files. |
| 1007 const base::FilePath kDraggedFile( |
| 1008 FILE_PATH_LITERAL("/test/dragged_file.txt")); |
| 1009 const base::FilePath kOtherFile(FILE_PATH_LITERAL("/test/other_file.txt")); |
| 1010 DropData drop_data; |
| 1011 drop_data.filenames.push_back(ui::FileInfo(kDraggedFile, base::FilePath())); |
| 1012 |
| 1013 // Verify that initially no access is granted to both |kDraggedFile| and |
| 1014 // |kOtherFile|. |
| 1015 EXPECT_FALSE(p->CanReadFile(kRendererID, kDraggedFile)); |
| 1016 EXPECT_FALSE(p->CanReadFile(kRendererID, kOtherFile)); |
| 1017 EXPECT_FALSE( |
| 1018 p->CanCommitURL(kRendererID, net::FilePathToFileURL(kDraggedFile))); |
| 1019 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, kDraggedFile)); |
| 1020 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, kOtherFile)); |
| 1021 EXPECT_FALSE( |
| 1022 p->CanCommitURL(kRendererID, net::FilePathToFileURL(kOtherFile))); |
| 1023 |
| 1024 // Invoke the API under test to grant access to |drop_data|. |
| 1025 p->GrantFileAccessFromDropData(kRendererID, nullptr, &drop_data); |
| 1026 |
| 1027 // Verify that |drop_data| is unchanged. |
| 1028 EXPECT_EQ(0u, drop_data.file_system_files.size()); |
| 1029 EXPECT_EQ(1u, drop_data.filenames.size()); |
| 1030 EXPECT_EQ(kDraggedFile, drop_data.filenames[0].path); |
| 1031 |
| 1032 // Verify that read access (and no other access) is granted for |
| 1033 // |kDraggedFile|. |
| 1034 EXPECT_TRUE(p->CanReadFile(kRendererID, kDraggedFile)); |
| 1035 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, kDraggedFile)); |
| 1036 EXPECT_TRUE( |
| 1037 p->CanCommitURL(kRendererID, net::FilePathToFileURL(kDraggedFile))); |
| 1038 |
| 1039 // Verify that there is still no access for |kOtherFile|. |
| 1040 EXPECT_FALSE(p->CanReadFile(kRendererID, kOtherFile)); |
| 1041 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, kOtherFile)); |
| 1042 EXPECT_FALSE( |
| 1043 p->CanCommitURL(kRendererID, net::FilePathToFileURL(kOtherFile))); |
| 1044 |
| 1045 p->Remove(kRendererID); |
| 1046 } |
| 1047 |
896 } // namespace content | 1048 } // namespace content |
OLD | NEW |