Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/net/chrome_network_delegate.h" | 5 #include "chrome/browser/net/chrome_network_delegate.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdlib.h> | 8 #include <stdlib.h> |
| 9 | 9 |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 458 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 469 } | 469 } |
| 470 | 470 |
| 471 // static | 471 // static |
| 472 bool ChromeNetworkDelegate::IsAccessAllowed( | 472 bool ChromeNetworkDelegate::IsAccessAllowed( |
| 473 const base::FilePath& path, | 473 const base::FilePath& path, |
| 474 const base::FilePath& profile_path) { | 474 const base::FilePath& profile_path) { |
| 475 #if !defined(OS_CHROMEOS) && !defined(OS_ANDROID) | 475 #if !defined(OS_CHROMEOS) && !defined(OS_ANDROID) |
| 476 return true; | 476 return true; |
| 477 #else | 477 #else |
| 478 | 478 |
| 479 std::vector<base::FilePath> whitelist; | |
| 479 #if defined(OS_CHROMEOS) | 480 #if defined(OS_CHROMEOS) |
| 480 // Use a whitelist to only allow access to files residing in the list of | 481 // Use a whitelist to only allow access to files residing in the list of |
| 481 // directories below. | 482 // directories below. |
| 482 static const char* const kLocalAccessWhiteList[] = { | 483 static const base::FilePath::CharType* const kLocalAccessWhiteList[] = { |
| 483 "/home/chronos/user/Downloads", | 484 "/home/chronos/user/Downloads", |
|
satorux1
2017/06/06 08:19:05
tried to replace this with DIR_DEFAULT_DOWNLOADS o
| |
| 484 "/home/chronos/user/log", | 485 "/home/chronos/user/log", |
| 485 "/home/chronos/user/WebRTC Logs", | 486 "/home/chronos/user/WebRTC Logs", |
| 486 "/media", | 487 "/media", |
| 487 "/opt/oem", | 488 "/opt/oem", |
| 488 "/usr/share/chromeos-assets", | 489 "/usr/share/chromeos-assets", |
| 489 "/tmp", | |
| 490 "/var/log", | 490 "/var/log", |
| 491 }; | 491 }; |
| 492 | 492 |
| 493 base::FilePath temp_dir; | |
| 494 if (PathService::Get(base::DIR_TEMP, &temp_dir)) | |
| 495 whitelist.push_back(temp_dir); | |
| 496 | |
| 493 // The actual location of "/home/chronos/user/Xyz" is the Xyz directory under | 497 // The actual location of "/home/chronos/user/Xyz" is the Xyz directory under |
| 494 // the profile path ("/home/chronos/user' is a hard link to current primary | 498 // the profile path ("/home/chronos/user' is a hard link to current primary |
| 495 // logged in profile.) For the support of multi-profile sessions, we are | 499 // logged in profile.) For the support of multi-profile sessions, we are |
| 496 // switching to use explicit "$PROFILE_PATH/Xyz" path and here whitelist such | 500 // switching to use explicit "$PROFILE_PATH/Xyz" path and here whitelist such |
| 497 // access. | 501 // access. |
| 498 if (!profile_path.empty()) { | 502 if (!profile_path.empty()) { |
| 499 const base::FilePath downloads = profile_path.AppendASCII("Downloads"); | 503 const base::FilePath downloads = profile_path.AppendASCII("Downloads"); |
| 500 if (downloads == path.StripTrailingSeparators() || downloads.IsParent(path)) | 504 whitelist.push_back(downloads); |
| 501 return true; | |
| 502 const base::FilePath webrtc_logs = profile_path.AppendASCII("WebRTC Logs"); | 505 const base::FilePath webrtc_logs = profile_path.AppendASCII("WebRTC Logs"); |
| 503 if (webrtc_logs == path.StripTrailingSeparators() || | 506 whitelist.push_back(webrtc_logs); |
| 504 webrtc_logs.IsParent(path)) { | |
| 505 return true; | |
| 506 } | |
| 507 } | 507 } |
| 508 #elif defined(OS_ANDROID) | 508 #elif defined(OS_ANDROID) |
| 509 // Access to files in external storage is allowed. | 509 // Access to files in external storage is allowed. |
| 510 base::FilePath external_storage_path; | 510 base::FilePath external_storage_path; |
| 511 PathService::Get(base::DIR_ANDROID_EXTERNAL_STORAGE, &external_storage_path); | 511 PathService::Get(base::DIR_ANDROID_EXTERNAL_STORAGE, &external_storage_path); |
| 512 if (external_storage_path.IsParent(path)) | 512 if (external_storage_path.IsParent(path)) |
| 513 return true; | 513 return true; |
| 514 | 514 |
| 515 // Whitelist of other allowed directories. | 515 // Whitelist of other allowed directories. |
| 516 static const char* const kLocalAccessWhiteList[] = { | 516 static const base::FilePath::CharType* const kLocalAccessWhiteList[] = { |
| 517 "/sdcard", | 517 "/sdcard", "/mnt/sdcard", |
|
satorux1
2017/06/06 08:19:05
by clang format.
| |
| 518 "/mnt/sdcard", | |
| 519 }; | 518 }; |
| 520 #endif | 519 #endif |
| 521 | 520 |
| 522 for (size_t i = 0; i < arraysize(kLocalAccessWhiteList); ++i) { | 521 for (size_t i = 0; i < arraysize(kLocalAccessWhiteList); ++i) |
|
mmenke
2017/06/06 15:49:07
optional: Could switch this to something like "fo
satorux1
2017/06/08 02:13:44
Done.
| |
| 523 const base::FilePath white_listed_path(kLocalAccessWhiteList[i]); | 522 whitelist.push_back(base::FilePath(kLocalAccessWhiteList[i])); |
| 523 | |
| 524 for (const auto& white_listed_path : whitelist) { | |
| 524 // base::FilePath::operator== should probably handle trailing separators. | 525 // base::FilePath::operator== should probably handle trailing separators. |
| 525 if (white_listed_path == path.StripTrailingSeparators() || | 526 if (white_listed_path == path.StripTrailingSeparators() || |
| 526 white_listed_path.IsParent(path)) { | 527 white_listed_path.IsParent(path)) { |
| 527 return true; | 528 return true; |
| 528 } | 529 } |
| 529 } | 530 } |
| 530 | 531 |
| 531 DVLOG(1) << "File access denied - " << path.value().c_str(); | 532 DVLOG(1) << "File access denied - " << path.value().c_str(); |
| 532 return false; | 533 return false; |
| 533 #endif // !defined(OS_CHROMEOS) && !defined(OS_ANDROID) | 534 #endif // !defined(OS_CHROMEOS) && !defined(OS_ANDROID) |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 597 if (!data_use_aggregator_) | 598 if (!data_use_aggregator_) |
| 598 return; | 599 return; |
| 599 | 600 |
| 600 if (is_data_usage_off_the_record_) { | 601 if (is_data_usage_off_the_record_) { |
| 601 data_use_aggregator_->ReportOffTheRecordDataUse(tx_bytes, rx_bytes); | 602 data_use_aggregator_->ReportOffTheRecordDataUse(tx_bytes, rx_bytes); |
| 602 return; | 603 return; |
| 603 } | 604 } |
| 604 | 605 |
| 605 data_use_aggregator_->ReportDataUse(request, tx_bytes, rx_bytes); | 606 data_use_aggregator_->ReportDataUse(request, tx_bytes, rx_bytes); |
| 606 } | 607 } |
| OLD | NEW |