| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/child_process_security_policy.h" | 5 #include "chrome/browser/child_process_security_policy.h" |
| 6 | 6 |
| 7 #include "base/file_path.h" | 7 #include "base/file_path.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/stl_util-inl.h" | 9 #include "base/stl_util-inl.h" |
| 10 #include "base/string_util.h" | 10 #include "base/string_util.h" |
| 11 #include "chrome/common/bindings_policy.h" | 11 #include "chrome/common/bindings_policy.h" |
| 12 #include "chrome/common/url_constants.h" | 12 #include "chrome/common/url_constants.h" |
| 13 #include "googleurl/src/gurl.h" | 13 #include "googleurl/src/gurl.h" |
| 14 #include "net/url_request/url_request.h" | 14 #include "net/url_request/url_request.h" |
| 15 | 15 |
| 16 // The SecurityState class is used to maintain per-renderer security state | 16 // The SecurityState class is used to maintain per-renderer security state |
| 17 // information. | 17 // information. |
| 18 class ChildProcessSecurityPolicy::SecurityState { | 18 class ChildProcessSecurityPolicy::SecurityState { |
| 19 public: | 19 public: |
| 20 SecurityState() : enabled_bindings_(0) { } | 20 SecurityState() |
| 21 : enabled_bindings_(0), |
| 22 can_read_raw_cookies_(false) { } |
| 21 ~SecurityState() { | 23 ~SecurityState() { |
| 22 scheme_policy_.clear(); | 24 scheme_policy_.clear(); |
| 23 } | 25 } |
| 24 | 26 |
| 25 // Grant permission to request URLs with the specified scheme. | 27 // Grant permission to request URLs with the specified scheme. |
| 26 void GrantScheme(const std::string& scheme) { | 28 void GrantScheme(const std::string& scheme) { |
| 27 scheme_policy_[scheme] = true; | 29 scheme_policy_[scheme] = true; |
| 28 } | 30 } |
| 29 | 31 |
| 30 // Revoke permission to request URLs with the specified scheme. | 32 // Revoke permission to request URLs with the specified scheme. |
| 31 void RevokeScheme(const std::string& scheme) { | 33 void RevokeScheme(const std::string& scheme) { |
| 32 scheme_policy_[scheme] = false; | 34 scheme_policy_[scheme] = false; |
| 33 } | 35 } |
| 34 | 36 |
| 35 // Grant permission to upload the specified file to the web. | 37 // Grant permission to upload the specified file to the web. |
| 36 void GrantUploadFile(const FilePath& file) { | 38 void GrantUploadFile(const FilePath& file) { |
| 37 uploadable_files_.insert(file); | 39 uploadable_files_.insert(file); |
| 38 } | 40 } |
| 39 | 41 |
| 40 void GrantBindings(int bindings) { | 42 void GrantBindings(int bindings) { |
| 41 enabled_bindings_ |= bindings; | 43 enabled_bindings_ |= bindings; |
| 42 } | 44 } |
| 43 | 45 |
| 46 void GrantReadRawCookies() { |
| 47 can_read_raw_cookies_ = true; |
| 48 } |
| 49 |
| 50 void RevokeReadRawCookies() { |
| 51 can_read_raw_cookies_ = false; |
| 52 } |
| 53 |
| 44 // Determine whether permission has been granted to request url. | 54 // Determine whether permission has been granted to request url. |
| 45 // Schemes that have not been granted default to being denied. | 55 // Schemes that have not been granted default to being denied. |
| 46 bool CanRequestURL(const GURL& url) { | 56 bool CanRequestURL(const GURL& url) { |
| 47 SchemeMap::const_iterator judgment(scheme_policy_.find(url.scheme())); | 57 SchemeMap::const_iterator judgment(scheme_policy_.find(url.scheme())); |
| 48 | 58 |
| 49 if (judgment == scheme_policy_.end()) | 59 if (judgment == scheme_policy_.end()) |
| 50 return false; // Unmentioned schemes are disallowed. | 60 return false; // Unmentioned schemes are disallowed. |
| 51 | 61 |
| 52 return judgment->second; | 62 return judgment->second; |
| 53 } | 63 } |
| 54 | 64 |
| 55 // Determine whether permission has been granted to upload file. | 65 // Determine whether permission has been granted to upload file. |
| 56 // Files that have not been granted default to being denied. | 66 // Files that have not been granted default to being denied. |
| 57 bool CanUploadFile(const FilePath& file) { | 67 bool CanUploadFile(const FilePath& file) { |
| 58 return uploadable_files_.find(file) != uploadable_files_.end(); | 68 return uploadable_files_.find(file) != uploadable_files_.end(); |
| 59 } | 69 } |
| 60 | 70 |
| 61 bool has_dom_ui_bindings() const { | 71 bool has_dom_ui_bindings() const { |
| 62 return BindingsPolicy::is_dom_ui_enabled(enabled_bindings_); | 72 return BindingsPolicy::is_dom_ui_enabled(enabled_bindings_); |
| 63 } | 73 } |
| 64 | 74 |
| 65 bool has_extension_bindings() const { | 75 bool has_extension_bindings() const { |
| 66 return BindingsPolicy::is_extension_enabled(enabled_bindings_); | 76 return BindingsPolicy::is_extension_enabled(enabled_bindings_); |
| 67 } | 77 } |
| 68 | 78 |
| 79 bool can_read_raw_cookies() const { |
| 80 return can_read_raw_cookies_; |
| 81 } |
| 82 |
| 69 private: | 83 private: |
| 70 typedef std::map<std::string, bool> SchemeMap; | 84 typedef std::map<std::string, bool> SchemeMap; |
| 71 typedef std::set<FilePath> FileSet; | 85 typedef std::set<FilePath> FileSet; |
| 72 | 86 |
| 73 // Maps URL schemes to whether permission has been granted or revoked: | 87 // Maps URL schemes to whether permission has been granted or revoked: |
| 74 // |true| means the scheme has been granted. | 88 // |true| means the scheme has been granted. |
| 75 // |false| means the scheme has been revoked. | 89 // |false| means the scheme has been revoked. |
| 76 // If a scheme is not present in the map, then it has never been granted | 90 // If a scheme is not present in the map, then it has never been granted |
| 77 // or revoked. | 91 // or revoked. |
| 78 SchemeMap scheme_policy_; | 92 SchemeMap scheme_policy_; |
| 79 | 93 |
| 80 // The set of files the renderer is permited to upload to the web. | 94 // The set of files the renderer is permited to upload to the web. |
| 81 FileSet uploadable_files_; | 95 FileSet uploadable_files_; |
| 82 | 96 |
| 83 int enabled_bindings_; | 97 int enabled_bindings_; |
| 84 | 98 |
| 99 bool can_read_raw_cookies_; |
| 100 |
| 85 DISALLOW_COPY_AND_ASSIGN(SecurityState); | 101 DISALLOW_COPY_AND_ASSIGN(SecurityState); |
| 86 }; | 102 }; |
| 87 | 103 |
| 88 ChildProcessSecurityPolicy::ChildProcessSecurityPolicy() { | 104 ChildProcessSecurityPolicy::ChildProcessSecurityPolicy() { |
| 89 // We know about these schemes and believe them to be safe. | 105 // We know about these schemes and believe them to be safe. |
| 90 RegisterWebSafeScheme(chrome::kHttpScheme); | 106 RegisterWebSafeScheme(chrome::kHttpScheme); |
| 91 RegisterWebSafeScheme(chrome::kHttpsScheme); | 107 RegisterWebSafeScheme(chrome::kHttpsScheme); |
| 92 RegisterWebSafeScheme(chrome::kFtpScheme); | 108 RegisterWebSafeScheme(chrome::kFtpScheme); |
| 93 RegisterWebSafeScheme(chrome::kDataScheme); | 109 RegisterWebSafeScheme(chrome::kDataScheme); |
| 94 RegisterWebSafeScheme("feed"); | 110 RegisterWebSafeScheme("feed"); |
| (...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 245 void ChildProcessSecurityPolicy::GrantExtensionBindings(int renderer_id) { | 261 void ChildProcessSecurityPolicy::GrantExtensionBindings(int renderer_id) { |
| 246 AutoLock lock(lock_); | 262 AutoLock lock(lock_); |
| 247 | 263 |
| 248 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 264 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
| 249 if (state == security_state_.end()) | 265 if (state == security_state_.end()) |
| 250 return; | 266 return; |
| 251 | 267 |
| 252 state->second->GrantBindings(BindingsPolicy::EXTENSION); | 268 state->second->GrantBindings(BindingsPolicy::EXTENSION); |
| 253 } | 269 } |
| 254 | 270 |
| 271 void ChildProcessSecurityPolicy::GrantReadRawCookies(int renderer_id) { |
| 272 AutoLock lock(lock_); |
| 273 |
| 274 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
| 275 if (state == security_state_.end()) |
| 276 return; |
| 277 |
| 278 state->second->GrantReadRawCookies(); |
| 279 } |
| 280 |
| 281 void ChildProcessSecurityPolicy::RevokeReadRawCookies(int renderer_id) { |
| 282 AutoLock lock(lock_); |
| 283 |
| 284 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
| 285 if (state == security_state_.end()) |
| 286 return; |
| 287 |
| 288 state->second->RevokeReadRawCookies(); |
| 289 } |
| 290 |
| 255 bool ChildProcessSecurityPolicy::CanRequestURL( | 291 bool ChildProcessSecurityPolicy::CanRequestURL( |
| 256 int renderer_id, const GURL& url) { | 292 int renderer_id, const GURL& url) { |
| 257 if (!url.is_valid()) | 293 if (!url.is_valid()) |
| 258 return false; // Can't request invalid URLs. | 294 return false; // Can't request invalid URLs. |
| 259 | 295 |
| 260 if (IsWebSafeScheme(url.scheme())) | 296 if (IsWebSafeScheme(url.scheme())) |
| 261 return true; // The scheme has been white-listed for every renderer. | 297 return true; // The scheme has been white-listed for every renderer. |
| 262 | 298 |
| 263 if (IsPseudoScheme(url.scheme())) { | 299 if (IsPseudoScheme(url.scheme())) { |
| 264 // There are a number of special cases for pseudo schemes. | 300 // There are a number of special cases for pseudo schemes. |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 318 | 354 |
| 319 bool ChildProcessSecurityPolicy::HasExtensionBindings(int renderer_id) { | 355 bool ChildProcessSecurityPolicy::HasExtensionBindings(int renderer_id) { |
| 320 AutoLock lock(lock_); | 356 AutoLock lock(lock_); |
| 321 | 357 |
| 322 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 358 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
| 323 if (state == security_state_.end()) | 359 if (state == security_state_.end()) |
| 324 return false; | 360 return false; |
| 325 | 361 |
| 326 return state->second->has_extension_bindings(); | 362 return state->second->has_extension_bindings(); |
| 327 } | 363 } |
| 364 |
| 365 bool ChildProcessSecurityPolicy::CanReadRawCookies(int renderer_id) { |
| 366 AutoLock lock(lock_); |
| 367 |
| 368 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
| 369 if (state == security_state_.end()) |
| 370 return false; |
| 371 |
| 372 return state->second->can_read_raw_cookies(); |
| 373 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 294025:
DevTools: Implement raw cookies access for inspector. (Closed)
