Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(669)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/net/chrome_network_delegate.cc

Issue 2926543002: chromeos: Replace "/tmp" with a call to PathService::Get() (Closed)
Patch Set: Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | chrome/browser/net/chrome_network_delegate_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/net/chrome_network_delegate.h" 5 #include "chrome/browser/net/chrome_network_delegate.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 #include <stdlib.h> 8 #include <stdlib.h>
9 9
10 #include <vector> 10 #include <vector>
(...skipping 458 matching lines...) Expand 10 before | Expand all | Expand 10 after
469 } 469 }
470 470
471 // static 471 // static
472 bool ChromeNetworkDelegate::IsAccessAllowed( 472 bool ChromeNetworkDelegate::IsAccessAllowed(
473 const base::FilePath& path, 473 const base::FilePath& path,
474 const base::FilePath& profile_path) { 474 const base::FilePath& profile_path) {
475 #if !defined(OS_CHROMEOS) && !defined(OS_ANDROID) 475 #if !defined(OS_CHROMEOS) && !defined(OS_ANDROID)
476 return true; 476 return true;
477 #else 477 #else
478 478
479 std::vector<base::FilePath> whitelist;
479 #if defined(OS_CHROMEOS) 480 #if defined(OS_CHROMEOS)
480 // Use a whitelist to only allow access to files residing in the list of 481 // Use a whitelist to only allow access to files residing in the list of
481 // directories below. 482 // directories below.
482 static const char* const kLocalAccessWhiteList[] = { 483 static const base::FilePath::CharType* const kLocalAccessWhiteList[] = {
483 "/home/chronos/user/Downloads", 484 "/home/chronos/user/Downloads",
satorux1 2017/06/06 08:19:05 tried to replace this with DIR_DEFAULT_DOWNLOADS o
484 "/home/chronos/user/log", 485 "/home/chronos/user/log",
485 "/home/chronos/user/WebRTC Logs", 486 "/home/chronos/user/WebRTC Logs",
486 "/media", 487 "/media",
487 "/opt/oem", 488 "/opt/oem",
488 "/usr/share/chromeos-assets", 489 "/usr/share/chromeos-assets",
489 "/tmp",
490 "/var/log", 490 "/var/log",
491 }; 491 };
492 492
493 base::FilePath temp_dir;
494 if (PathService::Get(base::DIR_TEMP, &temp_dir))
495 whitelist.push_back(temp_dir);
496
493 // The actual location of "/home/chronos/user/Xyz" is the Xyz directory under 497 // The actual location of "/home/chronos/user/Xyz" is the Xyz directory under
494 // the profile path ("/home/chronos/user' is a hard link to current primary 498 // the profile path ("/home/chronos/user' is a hard link to current primary
495 // logged in profile.) For the support of multi-profile sessions, we are 499 // logged in profile.) For the support of multi-profile sessions, we are
496 // switching to use explicit "$PROFILE_PATH/Xyz" path and here whitelist such 500 // switching to use explicit "$PROFILE_PATH/Xyz" path and here whitelist such
497 // access. 501 // access.
498 if (!profile_path.empty()) { 502 if (!profile_path.empty()) {
499 const base::FilePath downloads = profile_path.AppendASCII("Downloads"); 503 const base::FilePath downloads = profile_path.AppendASCII("Downloads");
500 if (downloads == path.StripTrailingSeparators() || downloads.IsParent(path)) 504 whitelist.push_back(downloads);
501 return true;
502 const base::FilePath webrtc_logs = profile_path.AppendASCII("WebRTC Logs"); 505 const base::FilePath webrtc_logs = profile_path.AppendASCII("WebRTC Logs");
503 if (webrtc_logs == path.StripTrailingSeparators() || 506 whitelist.push_back(webrtc_logs);
504 webrtc_logs.IsParent(path)) {
505 return true;
506 }
507 } 507 }
508 #elif defined(OS_ANDROID) 508 #elif defined(OS_ANDROID)
509 // Access to files in external storage is allowed. 509 // Access to files in external storage is allowed.
510 base::FilePath external_storage_path; 510 base::FilePath external_storage_path;
511 PathService::Get(base::DIR_ANDROID_EXTERNAL_STORAGE, &external_storage_path); 511 PathService::Get(base::DIR_ANDROID_EXTERNAL_STORAGE, &external_storage_path);
512 if (external_storage_path.IsParent(path)) 512 if (external_storage_path.IsParent(path))
513 return true; 513 return true;
514 514
515 // Whitelist of other allowed directories. 515 // Whitelist of other allowed directories.
516 static const char* const kLocalAccessWhiteList[] = { 516 static const base::FilePath::CharType* const kLocalAccessWhiteList[] = {
517 "/sdcard", 517 "/sdcard", "/mnt/sdcard",
satorux1 2017/06/06 08:19:05 by clang format.
518 "/mnt/sdcard",
519 }; 518 };
520 #endif 519 #endif
521 520
522 for (size_t i = 0; i < arraysize(kLocalAccessWhiteList); ++i) { 521 for (size_t i = 0; i < arraysize(kLocalAccessWhiteList); ++i)
mmenke 2017/06/06 15:49:07 optional: Could switch this to something like "fo
satorux1 2017/06/08 02:13:44 Done.
523 const base::FilePath white_listed_path(kLocalAccessWhiteList[i]); 522 whitelist.push_back(base::FilePath(kLocalAccessWhiteList[i]));
523
524 for (const auto& white_listed_path : whitelist) {
524 // base::FilePath::operator== should probably handle trailing separators. 525 // base::FilePath::operator== should probably handle trailing separators.
525 if (white_listed_path == path.StripTrailingSeparators() || 526 if (white_listed_path == path.StripTrailingSeparators() ||
526 white_listed_path.IsParent(path)) { 527 white_listed_path.IsParent(path)) {
527 return true; 528 return true;
528 } 529 }
529 } 530 }
530 531
531 DVLOG(1) << "File access denied - " << path.value().c_str(); 532 DVLOG(1) << "File access denied - " << path.value().c_str();
532 return false; 533 return false;
533 #endif // !defined(OS_CHROMEOS) && !defined(OS_ANDROID) 534 #endif // !defined(OS_CHROMEOS) && !defined(OS_ANDROID)
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
597 if (!data_use_aggregator_) 598 if (!data_use_aggregator_)
598 return; 599 return;
599 600
600 if (is_data_usage_off_the_record_) { 601 if (is_data_usage_off_the_record_) {
601 data_use_aggregator_->ReportOffTheRecordDataUse(tx_bytes, rx_bytes); 602 data_use_aggregator_->ReportOffTheRecordDataUse(tx_bytes, rx_bytes);
602 return; 603 return;
603 } 604 }
604 605
605 data_use_aggregator_->ReportDataUse(request, tx_bytes, rx_bytes); 606 data_use_aggregator_->ReportDataUse(request, tx_bytes, rx_bytes);
606 } 607 }
OLDNEW
« no previous file with comments | « no previous file | chrome/browser/net/chrome_network_delegate_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698