OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ |
6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ |
7 | 7 |
8 #include <map> | 8 #include <map> |
9 #include <memory> | 9 #include <memory> |
10 #include <set> | 10 #include <set> |
(...skipping 18 matching lines...) Loading... |
29 } | 29 } |
30 | 30 |
31 namespace storage { | 31 namespace storage { |
32 class FileSystemContext; | 32 class FileSystemContext; |
33 class FileSystemURL; | 33 class FileSystemURL; |
34 } | 34 } |
35 | 35 |
36 namespace content { | 36 namespace content { |
37 | 37 |
38 class SiteInstance; | 38 class SiteInstance; |
39 class ResourceRequestBodyImpl; | 39 class ResourceRequestBody; |
40 | 40 |
41 class CONTENT_EXPORT ChildProcessSecurityPolicyImpl | 41 class CONTENT_EXPORT ChildProcessSecurityPolicyImpl |
42 : NON_EXPORTED_BASE(public ChildProcessSecurityPolicy) { | 42 : NON_EXPORTED_BASE(public ChildProcessSecurityPolicy) { |
43 public: | 43 public: |
44 // Object can only be created through GetInstance() so the constructor is | 44 // Object can only be created through GetInstance() so the constructor is |
45 // private. | 45 // private. |
46 ~ChildProcessSecurityPolicyImpl() override; | 46 ~ChildProcessSecurityPolicyImpl() override; |
47 | 47 |
48 static ChildProcessSecurityPolicyImpl* GetInstance(); | 48 static ChildProcessSecurityPolicyImpl* GetInstance(); |
49 | 49 |
(...skipping 42 matching lines...) Loading... |
92 bool HasSpecificPermissionForOrigin(int child_id, | 92 bool HasSpecificPermissionForOrigin(int child_id, |
93 const url::Origin& origin) override; | 93 const url::Origin& origin) override; |
94 | 94 |
95 // Returns if |child_id| can read all of the |files|. | 95 // Returns if |child_id| can read all of the |files|. |
96 bool CanReadAllFiles(int child_id, const std::vector<base::FilePath>& files); | 96 bool CanReadAllFiles(int child_id, const std::vector<base::FilePath>& files); |
97 | 97 |
98 // Validate that |child_id| in |file_system_context| is allowed to access | 98 // Validate that |child_id| in |file_system_context| is allowed to access |
99 // data in the POST body specified by |body|. Can be called on any thread. | 99 // data in the POST body specified by |body|. Can be called on any thread. |
100 bool CanReadRequestBody(int child_id, | 100 bool CanReadRequestBody(int child_id, |
101 const storage::FileSystemContext* file_system_context, | 101 const storage::FileSystemContext* file_system_context, |
102 const scoped_refptr<ResourceRequestBodyImpl>& body); | 102 const scoped_refptr<ResourceRequestBody>& body); |
103 | 103 |
104 // Validate that the renderer process for |site_instance| is allowed to access | 104 // Validate that the renderer process for |site_instance| is allowed to access |
105 // data in the POST body specified by |body|. Has to be called on the UI | 105 // data in the POST body specified by |body|. Has to be called on the UI |
106 // thread. | 106 // thread. |
107 bool CanReadRequestBody(SiteInstance* site_instance, | 107 bool CanReadRequestBody(SiteInstance* site_instance, |
108 const scoped_refptr<ResourceRequestBodyImpl>& body); | 108 const scoped_refptr<ResourceRequestBody>& body); |
109 | 109 |
110 // Pseudo schemes are treated differently than other schemes because they | 110 // Pseudo schemes are treated differently than other schemes because they |
111 // cannot be requested like normal URLs. There is no mechanism for revoking | 111 // cannot be requested like normal URLs. There is no mechanism for revoking |
112 // pseudo schemes. | 112 // pseudo schemes. |
113 void RegisterPseudoScheme(const std::string& scheme); | 113 void RegisterPseudoScheme(const std::string& scheme); |
114 | 114 |
115 // Returns true iff |scheme| has been registered as pseudo scheme. | 115 // Returns true iff |scheme| has been registered as pseudo scheme. |
116 bool IsPseudoScheme(const std::string& scheme); | 116 bool IsPseudoScheme(const std::string& scheme); |
117 | 117 |
118 // Upon creation, child processes should register themselves by calling this | 118 // Upon creation, child processes should register themselves by calling this |
(...skipping 209 matching lines...) Loading... |
328 // eTLD+1. Each of these origins requires a dedicated process. This set is | 328 // eTLD+1. Each of these origins requires a dedicated process. This set is |
329 // protected by |lock_|. | 329 // protected by |lock_|. |
330 std::set<url::Origin> isolated_origins_; | 330 std::set<url::Origin> isolated_origins_; |
331 | 331 |
332 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl); | 332 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl); |
333 }; | 333 }; |
334 | 334 |
335 } // namespace content | 335 } // namespace content |
336 | 336 |
337 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ | 337 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_ |
OLD | NEW |