Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(541)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/resource_request_body_browser_utils.cc

Issue 2905763002: Deduplicating CanReadRequestBody code. (Closed)
Patch Set: Tweaking content/browser/loader/DEPS Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/resource_request_body_browser_utils.h ('K') | « content/browser/resource_request_body_browser_utils.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/browser/resource_request_body_browser_utils.h"
6
7 #include "content/browser/child_process_security_policy_impl.h"
8 #include "content/browser/site_instance_impl.h"
9 #include "content/common/resource_request_body_impl.h"
10 #include "content/public/browser/browser_context.h"
11 #include "content/public/browser/storage_partition.h"
12 #include "storage/browser/fileapi/file_system_context.h"
13
14 namespace content {
15
16 bool CanReadRequestBody(SiteInstance* site_instance,
17 const scoped_refptr<ResourceRequestBodyImpl>& body) {
18 int child_id = site_instance->GetProcess()->GetID();
19
20 StoragePartition* storage_partition = BrowserContext::GetStoragePartition(
21 site_instance->GetBrowserContext(), site_instance);
22 const storage::FileSystemContext* file_system_context =
23 storage_partition->GetFileSystemContext();
24
25 return CanReadRequestBody(child_id, file_system_context, body);
26 }
27
28 bool CanReadRequestBody(int child_id,
29 const storage::FileSystemContext* file_system_context,
30 const scoped_refptr<ResourceRequestBodyImpl>& body) {
31 if (!body)
32 return true;
33
34 ChildProcessSecurityPolicyImpl* security_policy =
35 ChildProcessSecurityPolicyImpl::GetInstance();
36 for (const ResourceRequestBodyImpl::Element& element : *body->elements()) {
37 switch (element.type()) {
38 case ResourceRequestBodyImpl::Element::TYPE_FILE:
39 if (!security_policy->CanReadFile(child_id, element.path()))
40 return false;
41 break;
42
43 case ResourceRequestBodyImpl::Element::TYPE_FILE_FILESYSTEM:
44 if (!security_policy->CanReadFileSystemFile(
45 child_id,
46 file_system_context->CrackURL(element.filesystem_url())))
47 return false;
48 break;
49
50 case ResourceRequestBodyImpl::Element::TYPE_DISK_CACHE_ENTRY:
51 // TYPE_DISK_CACHE_ENTRY can't be sent via IPC according to
52 // content/common/resource_messages.cc
53 NOTREACHED();
54 return false;
55
56 case ResourceRequestBodyImpl::Element::TYPE_BYTES:
57 case ResourceRequestBodyImpl::Element::TYPE_BYTES_DESCRIPTION:
58 // Data is self-contained within |body| - no need to check access.
59 break;
60
61 case ResourceRequestBodyImpl::Element::TYPE_BLOB:
62 // No need to validate - the unguessability of the uuid of the blob is a
63 // sufficient defense against access from an unrelated renderer.
64 break;
65
66 case ResourceRequestBodyImpl::Element::TYPE_UNKNOWN:
67 default:
68 // Fail safe - deny access.
69 NOTREACHED();
70 return false;
71 }
72 }
73 return true;
74 }
75
76 } // namespace content
OLDNEW
« content/browser/resource_request_body_browser_utils.h ('K') | « content/browser/resource_request_body_browser_utils.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698