| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| 11 #include "base/debug/dump_without_crashing.h" | 11 #include "base/debug/dump_without_crashing.h" |
| 12 #include "base/files/file_path.h" | 12 #include "base/files/file_path.h" |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/macros.h" | 14 #include "base/macros.h" |
| 15 #include "base/memory/ptr_util.h" | 15 #include "base/memory/ptr_util.h" |
| 16 #include "base/metrics/histogram_macros.h" | 16 #include "base/metrics/histogram_macros.h" |
| 17 #include "base/strings/string_util.h" | 17 #include "base/strings/string_util.h" |
| 18 #include "build/build_config.h" | 18 #include "build/build_config.h" |
| 19 #include "content/browser/site_instance_impl.h" | 19 #include "content/browser/site_instance_impl.h" |
| 20 #include "content/common/resource_request_body_impl.h" |
| 20 #include "content/common/site_isolation_policy.h" | 21 #include "content/common/site_isolation_policy.h" |
| 22 #include "content/public/browser/browser_context.h" |
| 23 #include "content/public/browser/browser_thread.h" |
| 21 #include "content/public/browser/child_process_data.h" | 24 #include "content/public/browser/child_process_data.h" |
| 22 #include "content/public/browser/content_browser_client.h" | 25 #include "content/public/browser/content_browser_client.h" |
| 23 #include "content/public/browser/render_process_host.h" | 26 #include "content/public/browser/render_process_host.h" |
| 27 #include "content/public/browser/storage_partition.h" |
| 24 #include "content/public/common/bindings_policy.h" | 28 #include "content/public/common/bindings_policy.h" |
| 25 #include "content/public/common/url_constants.h" | 29 #include "content/public/common/url_constants.h" |
| 26 #include "net/base/filename_util.h" | 30 #include "net/base/filename_util.h" |
| 27 #include "net/url_request/url_request.h" | 31 #include "net/url_request/url_request.h" |
| 28 #include "storage/browser/fileapi/file_permission_policy.h" | 32 #include "storage/browser/fileapi/file_permission_policy.h" |
| 33 #include "storage/browser/fileapi/file_system_context.h" |
| 29 #include "storage/browser/fileapi/file_system_url.h" | 34 #include "storage/browser/fileapi/file_system_url.h" |
| 30 #include "storage/browser/fileapi/isolated_context.h" | 35 #include "storage/browser/fileapi/isolated_context.h" |
| 31 #include "storage/common/fileapi/file_system_util.h" | 36 #include "storage/common/fileapi/file_system_util.h" |
| 32 #include "url/gurl.h" | 37 #include "url/gurl.h" |
| 33 | 38 |
| 34 namespace content { | 39 namespace content { |
| 35 | 40 |
| 36 namespace { | 41 namespace { |
| 37 | 42 |
| 38 // Used internally only. These bit positions have no relationship to any | 43 // Used internally only. These bit positions have no relationship to any |
| (...skipping 698 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 737 | 742 |
| 738 bool ChildProcessSecurityPolicyImpl::CanReadAllFiles( | 743 bool ChildProcessSecurityPolicyImpl::CanReadAllFiles( |
| 739 int child_id, | 744 int child_id, |
| 740 const std::vector<base::FilePath>& files) { | 745 const std::vector<base::FilePath>& files) { |
| 741 return std::all_of(files.begin(), files.end(), | 746 return std::all_of(files.begin(), files.end(), |
| 742 [this, child_id](const base::FilePath& file) { | 747 [this, child_id](const base::FilePath& file) { |
| 743 return CanReadFile(child_id, file); | 748 return CanReadFile(child_id, file); |
| 744 }); | 749 }); |
| 745 } | 750 } |
| 746 | 751 |
| 752 bool ChildProcessSecurityPolicyImpl::CanReadRequestBody( |
| 753 int child_id, |
| 754 const storage::FileSystemContext* file_system_context, |
| 755 const scoped_refptr<ResourceRequestBodyImpl>& body) { |
| 756 if (!body) |
| 757 return true; |
| 758 |
| 759 for (const ResourceRequestBodyImpl::Element& element : *body->elements()) { |
| 760 switch (element.type()) { |
| 761 case ResourceRequestBodyImpl::Element::TYPE_FILE: |
| 762 if (!CanReadFile(child_id, element.path())) |
| 763 return false; |
| 764 break; |
| 765 |
| 766 case ResourceRequestBodyImpl::Element::TYPE_FILE_FILESYSTEM: |
| 767 if (!CanReadFileSystemFile(child_id, file_system_context->CrackURL( |
| 768 element.filesystem_url()))) |
| 769 return false; |
| 770 break; |
| 771 |
| 772 case ResourceRequestBodyImpl::Element::TYPE_DISK_CACHE_ENTRY: |
| 773 // TYPE_DISK_CACHE_ENTRY can't be sent via IPC according to |
| 774 // content/common/resource_messages.cc |
| 775 NOTREACHED(); |
| 776 return false; |
| 777 |
| 778 case ResourceRequestBodyImpl::Element::TYPE_BYTES: |
| 779 case ResourceRequestBodyImpl::Element::TYPE_BYTES_DESCRIPTION: |
| 780 // Data is self-contained within |body| - no need to check access. |
| 781 break; |
| 782 |
| 783 case ResourceRequestBodyImpl::Element::TYPE_BLOB: |
| 784 // No need to validate - the unguessability of the uuid of the blob is a |
| 785 // sufficient defense against access from an unrelated renderer. |
| 786 break; |
| 787 |
| 788 case ResourceRequestBodyImpl::Element::TYPE_UNKNOWN: |
| 789 default: |
| 790 // Fail safe - deny access. |
| 791 NOTREACHED(); |
| 792 return false; |
| 793 } |
| 794 } |
| 795 return true; |
| 796 } |
| 797 |
| 798 bool ChildProcessSecurityPolicyImpl::CanReadRequestBody( |
| 799 SiteInstance* site_instance, |
| 800 const scoped_refptr<ResourceRequestBodyImpl>& body) { |
| 801 DCHECK(site_instance); |
| 802 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 803 |
| 804 int child_id = site_instance->GetProcess()->GetID(); |
| 805 |
| 806 StoragePartition* storage_partition = BrowserContext::GetStoragePartition( |
| 807 site_instance->GetBrowserContext(), site_instance); |
| 808 const storage::FileSystemContext* file_system_context = |
| 809 storage_partition->GetFileSystemContext(); |
| 810 |
| 811 return CanReadRequestBody(child_id, file_system_context, body); |
| 812 } |
| 813 |
| 747 bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile( | 814 bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile( |
| 748 int child_id, | 815 int child_id, |
| 749 const base::FilePath& file) { | 816 const base::FilePath& file) { |
| 750 return HasPermissionsForFile(child_id, file, CREATE_READ_WRITE_FILE_GRANT); | 817 return HasPermissionsForFile(child_id, file, CREATE_READ_WRITE_FILE_GRANT); |
| 751 } | 818 } |
| 752 | 819 |
| 753 bool ChildProcessSecurityPolicyImpl::CanReadFileSystem( | 820 bool ChildProcessSecurityPolicyImpl::CanReadFileSystem( |
| 754 int child_id, const std::string& filesystem_id) { | 821 int child_id, const std::string& filesystem_id) { |
| 755 return HasPermissionsForFileSystem(child_id, filesystem_id, READ_FILE_GRANT); | 822 return HasPermissionsForFileSystem(child_id, filesystem_id, READ_FILE_GRANT); |
| 756 } | 823 } |
| (...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 987 base::AutoLock lock(lock_); | 1054 base::AutoLock lock(lock_); |
| 988 | 1055 |
| 989 SecurityStateMap::iterator state = security_state_.find(child_id); | 1056 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 990 if (state == security_state_.end()) | 1057 if (state == security_state_.end()) |
| 991 return false; | 1058 return false; |
| 992 | 1059 |
| 993 return state->second->can_send_midi_sysex(); | 1060 return state->second->can_send_midi_sysex(); |
| 994 } | 1061 } |
| 995 | 1062 |
| 996 } // namespace content | 1063 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2908433003:
RenderFrameProxyHost::OnOpenURL needs to validate resource request body. (Closed)
