| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| 11 #include "base/debug/dump_without_crashing.h" | 11 #include "base/debug/dump_without_crashing.h" |
| 12 #include "base/files/file_path.h" | 12 #include "base/files/file_path.h" |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/macros.h" | 14 #include "base/macros.h" |
| 15 #include "base/memory/ptr_util.h" | 15 #include "base/memory/ptr_util.h" |
| 16 #include "base/metrics/histogram_macros.h" | 16 #include "base/metrics/histogram_macros.h" |
| 17 #include "base/strings/string_split.h" | 17 #include "base/strings/string_split.h" |
| 18 #include "base/strings/string_util.h" | 18 #include "base/strings/string_util.h" |
| 19 #include "build/build_config.h" | 19 #include "build/build_config.h" |
| 20 #include "content/browser/site_instance_impl.h" | 20 #include "content/browser/site_instance_impl.h" |
| 21 #include "content/common/resource_request_body_impl.h" | |
| 22 #include "content/common/site_isolation_policy.h" | 21 #include "content/common/site_isolation_policy.h" |
| 23 #include "content/public/browser/browser_context.h" | 22 #include "content/public/browser/browser_context.h" |
| 24 #include "content/public/browser/browser_thread.h" | 23 #include "content/public/browser/browser_thread.h" |
| 25 #include "content/public/browser/child_process_data.h" | 24 #include "content/public/browser/child_process_data.h" |
| 26 #include "content/public/browser/content_browser_client.h" | 25 #include "content/public/browser/content_browser_client.h" |
| 27 #include "content/public/browser/render_process_host.h" | 26 #include "content/public/browser/render_process_host.h" |
| 28 #include "content/public/browser/storage_partition.h" | 27 #include "content/public/browser/storage_partition.h" |
| 29 #include "content/public/common/bindings_policy.h" | 28 #include "content/public/common/bindings_policy.h" |
| 29 #include "content/public/common/resource_request_body.h" |
| 30 #include "content/public/common/url_constants.h" | 30 #include "content/public/common/url_constants.h" |
| 31 #include "net/base/filename_util.h" | 31 #include "net/base/filename_util.h" |
| 32 #include "net/url_request/url_request.h" | 32 #include "net/url_request/url_request.h" |
| 33 #include "storage/browser/fileapi/file_permission_policy.h" | 33 #include "storage/browser/fileapi/file_permission_policy.h" |
| 34 #include "storage/browser/fileapi/file_system_context.h" | 34 #include "storage/browser/fileapi/file_system_context.h" |
| 35 #include "storage/browser/fileapi/file_system_url.h" | 35 #include "storage/browser/fileapi/file_system_url.h" |
| 36 #include "storage/browser/fileapi/isolated_context.h" | 36 #include "storage/browser/fileapi/isolated_context.h" |
| 37 #include "storage/common/fileapi/file_system_util.h" | 37 #include "storage/common/fileapi/file_system_util.h" |
| 38 #include "url/gurl.h" | 38 #include "url/gurl.h" |
| 39 | 39 |
| (...skipping 716 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 756 const std::vector<base::FilePath>& files) { | 756 const std::vector<base::FilePath>& files) { |
| 757 return std::all_of(files.begin(), files.end(), | 757 return std::all_of(files.begin(), files.end(), |
| 758 [this, child_id](const base::FilePath& file) { | 758 [this, child_id](const base::FilePath& file) { |
| 759 return CanReadFile(child_id, file); | 759 return CanReadFile(child_id, file); |
| 760 }); | 760 }); |
| 761 } | 761 } |
| 762 | 762 |
| 763 bool ChildProcessSecurityPolicyImpl::CanReadRequestBody( | 763 bool ChildProcessSecurityPolicyImpl::CanReadRequestBody( |
| 764 int child_id, | 764 int child_id, |
| 765 const storage::FileSystemContext* file_system_context, | 765 const storage::FileSystemContext* file_system_context, |
| 766 const scoped_refptr<ResourceRequestBodyImpl>& body) { | 766 const scoped_refptr<ResourceRequestBody>& body) { |
| 767 if (!body) | 767 if (!body) |
| 768 return true; | 768 return true; |
| 769 | 769 |
| 770 for (const ResourceRequestBodyImpl::Element& element : *body->elements()) { | 770 for (const ResourceRequestBody::Element& element : *body->elements()) { |
| 771 switch (element.type()) { | 771 switch (element.type()) { |
| 772 case ResourceRequestBodyImpl::Element::TYPE_FILE: | 772 case ResourceRequestBody::Element::TYPE_FILE: |
| 773 if (!CanReadFile(child_id, element.path())) | 773 if (!CanReadFile(child_id, element.path())) |
| 774 return false; | 774 return false; |
| 775 break; | 775 break; |
| 776 | 776 |
| 777 case ResourceRequestBodyImpl::Element::TYPE_FILE_FILESYSTEM: | 777 case ResourceRequestBody::Element::TYPE_FILE_FILESYSTEM: |
| 778 if (!CanReadFileSystemFile(child_id, file_system_context->CrackURL( | 778 if (!CanReadFileSystemFile(child_id, file_system_context->CrackURL( |
| 779 element.filesystem_url()))) | 779 element.filesystem_url()))) |
| 780 return false; | 780 return false; |
| 781 break; | 781 break; |
| 782 | 782 |
| 783 case ResourceRequestBodyImpl::Element::TYPE_DISK_CACHE_ENTRY: | 783 case ResourceRequestBody::Element::TYPE_DISK_CACHE_ENTRY: |
| 784 // TYPE_DISK_CACHE_ENTRY can't be sent via IPC according to | 784 // TYPE_DISK_CACHE_ENTRY can't be sent via IPC according to |
| 785 // content/common/resource_messages.cc | 785 // content/common/resource_messages.cc |
| 786 NOTREACHED(); | 786 NOTREACHED(); |
| 787 return false; | 787 return false; |
| 788 | 788 |
| 789 case ResourceRequestBodyImpl::Element::TYPE_BYTES: | 789 case ResourceRequestBody::Element::TYPE_BYTES: |
| 790 case ResourceRequestBodyImpl::Element::TYPE_BYTES_DESCRIPTION: | 790 case ResourceRequestBody::Element::TYPE_BYTES_DESCRIPTION: |
| 791 // Data is self-contained within |body| - no need to check access. | 791 // Data is self-contained within |body| - no need to check access. |
| 792 break; | 792 break; |
| 793 | 793 |
| 794 case ResourceRequestBodyImpl::Element::TYPE_BLOB: | 794 case ResourceRequestBody::Element::TYPE_BLOB: |
| 795 // No need to validate - the unguessability of the uuid of the blob is a | 795 // No need to validate - the unguessability of the uuid of the blob is a |
| 796 // sufficient defense against access from an unrelated renderer. | 796 // sufficient defense against access from an unrelated renderer. |
| 797 break; | 797 break; |
| 798 | 798 |
| 799 case ResourceRequestBodyImpl::Element::TYPE_UNKNOWN: | 799 case ResourceRequestBody::Element::TYPE_UNKNOWN: |
| 800 default: | 800 default: |
| 801 // Fail safe - deny access. | 801 // Fail safe - deny access. |
| 802 NOTREACHED(); | 802 NOTREACHED(); |
| 803 return false; | 803 return false; |
| 804 } | 804 } |
| 805 } | 805 } |
| 806 return true; | 806 return true; |
| 807 } | 807 } |
| 808 | 808 |
| 809 bool ChildProcessSecurityPolicyImpl::CanReadRequestBody( | 809 bool ChildProcessSecurityPolicyImpl::CanReadRequestBody( |
| 810 SiteInstance* site_instance, | 810 SiteInstance* site_instance, |
| 811 const scoped_refptr<ResourceRequestBodyImpl>& body) { | 811 const scoped_refptr<ResourceRequestBody>& body) { |
| 812 DCHECK(site_instance); | 812 DCHECK(site_instance); |
| 813 DCHECK_CURRENTLY_ON(BrowserThread::UI); | 813 DCHECK_CURRENTLY_ON(BrowserThread::UI); |
| 814 | 814 |
| 815 int child_id = site_instance->GetProcess()->GetID(); | 815 int child_id = site_instance->GetProcess()->GetID(); |
| 816 | 816 |
| 817 StoragePartition* storage_partition = BrowserContext::GetStoragePartition( | 817 StoragePartition* storage_partition = BrowserContext::GetStoragePartition( |
| 818 site_instance->GetBrowserContext(), site_instance); | 818 site_instance->GetBrowserContext(), site_instance); |
| 819 const storage::FileSystemContext* file_system_context = | 819 const storage::FileSystemContext* file_system_context = |
| 820 storage_partition->GetFileSystemContext(); | 820 storage_partition->GetFileSystemContext(); |
| 821 | 821 |
| (...skipping 290 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1112 } | 1112 } |
| 1113 } | 1113 } |
| 1114 | 1114 |
| 1115 bool ChildProcessSecurityPolicyImpl::IsIsolatedOrigin( | 1115 bool ChildProcessSecurityPolicyImpl::IsIsolatedOrigin( |
| 1116 const url::Origin& origin) { | 1116 const url::Origin& origin) { |
| 1117 base::AutoLock lock(lock_); | 1117 base::AutoLock lock(lock_); |
| 1118 return isolated_origins_.find(origin) != isolated_origins_.end(); | 1118 return isolated_origins_.find(origin) != isolated_origins_.end(); |
| 1119 } | 1119 } |
| 1120 | 1120 |
| 1121 } // namespace content | 1121 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2954343005:
Merge ResourceRequestBodyImpl and ResourceRequestBody. (Closed)
