| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/frame_host/render_frame_proxy_host.h" | 5 #include "content/browser/frame_host/render_frame_proxy_host.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/lazy_instance.h" | 9 #include "base/lazy_instance.h" |
| 10 #include "content/browser/bad_message.h" | 10 #include "content/browser/bad_message.h" |
| 11 #include "content/browser/child_process_security_policy_impl.h" | 11 #include "content/browser/child_process_security_policy_impl.h" |
| 12 #include "content/browser/frame_host/cross_process_frame_connector.h" | 12 #include "content/browser/frame_host/cross_process_frame_connector.h" |
| 13 #include "content/browser/frame_host/frame_tree.h" | 13 #include "content/browser/frame_host/frame_tree.h" |
| 14 #include "content/browser/frame_host/frame_tree_node.h" | 14 #include "content/browser/frame_host/frame_tree_node.h" |
| 15 #include "content/browser/frame_host/navigator.h" | 15 #include "content/browser/frame_host/navigator.h" |
| 16 #include "content/browser/frame_host/render_frame_host_delegate.h" | 16 #include "content/browser/frame_host/render_frame_host_delegate.h" |
| 17 #include "content/browser/frame_host/render_widget_host_view_child_frame.h" | 17 #include "content/browser/frame_host/render_widget_host_view_child_frame.h" |
| 18 #include "content/browser/renderer_host/render_view_host_impl.h" | 18 #include "content/browser/renderer_host/render_view_host_impl.h" |
| 19 #include "content/browser/renderer_host/render_widget_host_view_base.h" | 19 #include "content/browser/renderer_host/render_widget_host_view_base.h" |
| 20 #include "content/browser/resource_request_body_browser_utils.h" |
| 20 #include "content/browser/site_instance_impl.h" | 21 #include "content/browser/site_instance_impl.h" |
| 21 #include "content/common/frame_messages.h" | 22 #include "content/common/frame_messages.h" |
| 22 #include "content/common/frame_owner_properties.h" | 23 #include "content/common/frame_owner_properties.h" |
| 23 #include "content/common/resource_request_body_impl.h" | 24 #include "content/common/resource_request_body_impl.h" |
| 24 #include "content/public/browser/browser_context.h" | 25 #include "content/public/browser/browser_context.h" |
| 25 #include "content/public/browser/browser_thread.h" | 26 #include "content/public/browser/browser_thread.h" |
| 26 #include "content/public/browser/storage_partition.h" | 27 #include "content/public/browser/storage_partition.h" |
| 27 #include "ipc/ipc_message.h" | 28 #include "ipc/ipc_message.h" |
| 28 #include "storage/browser/fileapi/file_system_context.h" | 29 #include "storage/browser/fileapi/file_system_context.h" |
| 29 | 30 |
| 30 namespace content { | 31 namespace content { |
| 31 | 32 |
| 32 namespace { | 33 namespace { |
| 33 | 34 |
| 34 // The (process id, routing id) pair that identifies one RenderFrameProxy. | 35 // The (process id, routing id) pair that identifies one RenderFrameProxy. |
| 35 typedef std::pair<int32_t, int32_t> RenderFrameProxyHostID; | 36 typedef std::pair<int32_t, int32_t> RenderFrameProxyHostID; |
| 36 typedef base::hash_map<RenderFrameProxyHostID, RenderFrameProxyHost*> | 37 typedef base::hash_map<RenderFrameProxyHostID, RenderFrameProxyHost*> |
| 37 RoutingIDFrameProxyMap; | 38 RoutingIDFrameProxyMap; |
| 38 base::LazyInstance<RoutingIDFrameProxyMap>::DestructorAtExit | 39 base::LazyInstance<RoutingIDFrameProxyMap>::DestructorAtExit |
| 39 g_routing_id_frame_proxy_map = LAZY_INSTANCE_INITIALIZER; | 40 g_routing_id_frame_proxy_map = LAZY_INSTANCE_INITIALIZER; |
| 40 | 41 |
| 41 // TODO(lukasza): https://crbug.com/726067: Remove code duplication - the | |
| 42 // function below should be reused by RenderFrameHostImpl::OnBeginNavigation and | |
| 43 // ResourceDispatcherHostImpl::ShouldServiceRequest. | |
| 44 bool CanReadRequestBody(SiteInstance* site_instance, | |
| 45 const scoped_refptr<ResourceRequestBodyImpl>& body) { | |
| 46 if (!body) | |
| 47 return true; | |
| 48 | |
| 49 ChildProcessSecurityPolicyImpl* security_policy = | |
| 50 ChildProcessSecurityPolicyImpl::GetInstance(); | |
| 51 int child_id = site_instance->GetProcess()->GetID(); | |
| 52 | |
| 53 StoragePartition* storage_partition = BrowserContext::GetStoragePartition( | |
| 54 site_instance->GetBrowserContext(), site_instance); | |
| 55 const storage::FileSystemContext* file_system_context = | |
| 56 storage_partition->GetFileSystemContext(); | |
| 57 | |
| 58 for (const ResourceRequestBodyImpl::Element& element : *body->elements()) { | |
| 59 switch (element.type()) { | |
| 60 case ResourceRequestBodyImpl::Element::TYPE_FILE: | |
| 61 if (!security_policy->CanReadFile(child_id, element.path())) | |
| 62 return false; | |
| 63 break; | |
| 64 | |
| 65 case ResourceRequestBodyImpl::Element::TYPE_FILE_FILESYSTEM: | |
| 66 if (!security_policy->CanReadFileSystemFile( | |
| 67 child_id, | |
| 68 file_system_context->CrackURL(element.filesystem_url()))) | |
| 69 return false; | |
| 70 break; | |
| 71 | |
| 72 case ResourceRequestBodyImpl::Element::TYPE_DISK_CACHE_ENTRY: | |
| 73 // TYPE_DISK_CACHE_ENTRY can't be sent via IPC according to | |
| 74 // content/common/resource_messages.cc | |
| 75 NOTREACHED(); | |
| 76 return false; | |
| 77 | |
| 78 case ResourceRequestBodyImpl::Element::TYPE_BYTES: | |
| 79 case ResourceRequestBodyImpl::Element::TYPE_BYTES_DESCRIPTION: | |
| 80 // Data is self-contained within |body| - no need to check access. | |
| 81 break; | |
| 82 | |
| 83 case ResourceRequestBodyImpl::Element::TYPE_BLOB: | |
| 84 // No need to validate - the unguessability of the uuid of the blob is a | |
| 85 // sufficient defense against access from an unrelated renderer. | |
| 86 break; | |
| 87 | |
| 88 case ResourceRequestBodyImpl::Element::TYPE_UNKNOWN: | |
| 89 default: | |
| 90 // Fail safe - deny access. | |
| 91 NOTREACHED(); | |
| 92 return false; | |
| 93 } | |
| 94 } | |
| 95 return true; | |
| 96 } | |
| 97 | |
| 98 } // namespace | 42 } // namespace |
| 99 | 43 |
| 100 // static | 44 // static |
| 101 RenderFrameProxyHost* RenderFrameProxyHost::FromID(int process_id, | 45 RenderFrameProxyHost* RenderFrameProxyHost::FromID(int process_id, |
| 102 int routing_id) { | 46 int routing_id) { |
| 103 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 47 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 104 RoutingIDFrameProxyMap* frames = g_routing_id_frame_proxy_map.Pointer(); | 48 RoutingIDFrameProxyMap* frames = g_routing_id_frame_proxy_map.Pointer(); |
| 105 RoutingIDFrameProxyMap::iterator it = frames->find( | 49 RoutingIDFrameProxyMap::iterator it = frames->find( |
| 106 RenderFrameProxyHostID(process_id, routing_id)); | 50 RenderFrameProxyHostID(process_id, routing_id)); |
| 107 return it == frames->end() ? NULL : it->second; | 51 return it == frames->end() ? NULL : it->second; |
| (...skipping 309 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 417 | 361 |
| 418 target_rfh->AdvanceFocus(type, source_proxy); | 362 target_rfh->AdvanceFocus(type, source_proxy); |
| 419 } | 363 } |
| 420 | 364 |
| 421 void RenderFrameProxyHost::OnFrameFocused() { | 365 void RenderFrameProxyHost::OnFrameFocused() { |
| 422 frame_tree_node_->current_frame_host()->delegate()->SetFocusedFrame( | 366 frame_tree_node_->current_frame_host()->delegate()->SetFocusedFrame( |
| 423 frame_tree_node_, GetSiteInstance()); | 367 frame_tree_node_, GetSiteInstance()); |
| 424 } | 368 } |
| 425 | 369 |
| 426 } // namespace content | 370 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2905763002:
Deduplicating CanReadRequestBody code. (Closed)
