Index: content/browser/resource_request_body_browser_utils.cc |
diff --git a/content/browser/resource_request_body_browser_utils.cc b/content/browser/resource_request_body_browser_utils.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..d1b521a05a04152220f2e5121d94f5d740f3f87c |
--- /dev/null |
+++ b/content/browser/resource_request_body_browser_utils.cc |
@@ -0,0 +1,80 @@ |
+// Copyright 2017 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "content/browser/resource_request_body_browser_utils.h" |
+ |
+#include "content/browser/child_process_security_policy_impl.h" |
+#include "content/browser/site_instance_impl.h" |
+#include "content/common/resource_request_body_impl.h" |
+#include "content/public/browser/browser_context.h" |
+#include "content/public/browser/storage_partition.h" |
+#include "storage/browser/fileapi/file_system_context.h" |
+ |
+namespace content { |
+ |
+namespace { |
+ |
+bool CanReadRequestBody(int child_id, |
+ const storage::FileSystemContext* file_system_context, |
+ const scoped_refptr<ResourceRequestBodyImpl>& body) { |
alexmos
2017/05/25 23:44:06
This one looks like a ChildProcessSecurityPolicyIm
Łukasz Anforowicz
2017/05/26 00:05:14
nick@: Any concerns with making CanReadRequestBody
ncarter (slow)
2017/05/26 21:23:11
My gut sense: it doesn't totally feel like it fits
|
+ if (!body) |
+ return true; |
+ |
+ ChildProcessSecurityPolicyImpl* security_policy = |
+ ChildProcessSecurityPolicyImpl::GetInstance(); |
+ for (const ResourceRequestBodyImpl::Element& element : *body->elements()) { |
+ switch (element.type()) { |
+ case ResourceRequestBodyImpl::Element::TYPE_FILE: |
+ if (!security_policy->CanReadFile(child_id, element.path())) |
+ return false; |
+ break; |
+ |
+ case ResourceRequestBodyImpl::Element::TYPE_FILE_FILESYSTEM: |
+ if (!security_policy->CanReadFileSystemFile( |
+ child_id, |
+ file_system_context->CrackURL(element.filesystem_url()))) |
+ return false; |
+ break; |
+ |
+ case ResourceRequestBodyImpl::Element::TYPE_DISK_CACHE_ENTRY: |
+ // TYPE_DISK_CACHE_ENTRY can't be sent via IPC according to |
+ // content/common/resource_messages.cc |
+ NOTREACHED(); |
+ return false; |
+ |
+ case ResourceRequestBodyImpl::Element::TYPE_BYTES: |
+ case ResourceRequestBodyImpl::Element::TYPE_BYTES_DESCRIPTION: |
+ // Data is self-contained within |body| - no need to check access. |
+ break; |
+ |
+ case ResourceRequestBodyImpl::Element::TYPE_BLOB: |
+ // No need to validate - the unguessability of the uuid of the blob is a |
+ // sufficient defense against access from an unrelated renderer. |
+ break; |
+ |
+ case ResourceRequestBodyImpl::Element::TYPE_UNKNOWN: |
+ default: |
+ // Fail safe - deny access. |
+ NOTREACHED(); |
+ return false; |
+ } |
+ } |
+ return true; |
+} |
+ |
+} // namespace |
+ |
+bool CanReadRequestBody(SiteInstance* site_instance, |
+ const scoped_refptr<ResourceRequestBodyImpl>& body) { |
+ int child_id = site_instance->GetProcess()->GetID(); |
+ |
+ StoragePartition* storage_partition = BrowserContext::GetStoragePartition( |
+ site_instance->GetBrowserContext(), site_instance); |
+ const storage::FileSystemContext* file_system_context = |
+ storage_partition->GetFileSystemContext(); |
+ |
+ return CanReadRequestBody(child_id, file_system_context, body); |
+} |
+ |
+} // namespace content |