| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <set> | 5 #include <set> |
| 6 #include <string> | 6 #include <string> |
| 7 | 7 |
| 8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
| 10 #include "base/platform_file.h" | |
| 11 #include "content/browser/child_process_security_policy_impl.h" | 10 #include "content/browser/child_process_security_policy_impl.h" |
| 12 #include "content/public/common/url_constants.h" | 11 #include "content/public/common/url_constants.h" |
| 13 #include "content/test/test_content_browser_client.h" | 12 #include "content/test/test_content_browser_client.h" |
| 14 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
| 15 #include "url/gurl.h" | 14 #include "url/gurl.h" |
| 16 #include "webkit/browser/fileapi/file_permission_policy.h" | 15 #include "webkit/browser/fileapi/file_permission_policy.h" |
| 17 #include "webkit/browser/fileapi/file_system_url.h" | 16 #include "webkit/browser/fileapi/file_system_url.h" |
| 18 #include "webkit/browser/fileapi/isolated_context.h" | 17 #include "webkit/browser/fileapi/isolated_context.h" |
| 19 #include "webkit/common/fileapi/file_system_types.h" | 18 #include "webkit/common/fileapi/file_system_types.h" |
| 20 | 19 |
| (...skipping 439 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 460 base::FilePath self_traversal = | 459 base::FilePath self_traversal = |
| 461 base::FilePath(TEST_PATH("/home/joe/../joe/file")); | 460 base::FilePath(TEST_PATH("/home/joe/../joe/file")); |
| 462 base::FilePath relative_file = base::FilePath(FILE_PATH_LITERAL("home/joe")); | 461 base::FilePath relative_file = base::FilePath(FILE_PATH_LITERAL("home/joe")); |
| 463 | 462 |
| 464 ChildProcessSecurityPolicyImpl* p = | 463 ChildProcessSecurityPolicyImpl* p = |
| 465 ChildProcessSecurityPolicyImpl::GetInstance(); | 464 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 466 | 465 |
| 467 // Grant permissions for a file. | 466 // Grant permissions for a file. |
| 468 p->Add(kRendererID); | 467 p->Add(kRendererID); |
| 469 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 468 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 470 base::PLATFORM_FILE_OPEN)); | 469 base::File::FLAG_OPEN)); |
| 471 | 470 |
| 472 GrantPermissionsForFile(p, kRendererID, granted_file, | 471 GrantPermissionsForFile(p, kRendererID, granted_file, |
| 473 base::PLATFORM_FILE_OPEN | | 472 base::File::FLAG_OPEN | |
| 474 base::PLATFORM_FILE_OPEN_TRUNCATED | | 473 base::File::FLAG_OPEN_TRUNCATED | |
| 475 base::PLATFORM_FILE_READ | | 474 base::File::FLAG_READ | |
| 476 base::PLATFORM_FILE_WRITE); | 475 base::File::FLAG_WRITE); |
| 477 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, | 476 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 478 base::PLATFORM_FILE_OPEN | | 477 base::File::FLAG_OPEN | |
| 479 base::PLATFORM_FILE_OPEN_TRUNCATED | | 478 base::File::FLAG_OPEN_TRUNCATED | |
| 480 base::PLATFORM_FILE_READ | | 479 base::File::FLAG_READ | |
| 481 base::PLATFORM_FILE_WRITE)); | 480 base::File::FLAG_WRITE)); |
| 482 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, | 481 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 483 base::PLATFORM_FILE_OPEN | | 482 base::File::FLAG_OPEN | |
| 484 base::PLATFORM_FILE_READ)); | 483 base::File::FLAG_READ)); |
| 485 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 484 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 486 base::PLATFORM_FILE_CREATE)); | 485 base::File::FLAG_CREATE)); |
| 487 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, 0)); | 486 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, 0)); |
| 488 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 487 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 489 base::PLATFORM_FILE_CREATE | | 488 base::File::FLAG_CREATE | |
| 490 base::PLATFORM_FILE_OPEN_TRUNCATED | | 489 base::File::FLAG_OPEN_TRUNCATED | |
| 491 base::PLATFORM_FILE_READ | | 490 base::File::FLAG_READ | |
| 492 base::PLATFORM_FILE_WRITE)); | 491 base::File::FLAG_WRITE)); |
| 493 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file, | 492 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file, |
| 494 base::PLATFORM_FILE_OPEN | | 493 base::File::FLAG_OPEN | |
| 495 base::PLATFORM_FILE_READ)); | 494 base::File::FLAG_READ)); |
| 496 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file, | 495 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file, |
| 497 base::PLATFORM_FILE_OPEN | | 496 base::File::FLAG_OPEN | |
| 498 base::PLATFORM_FILE_READ)); | 497 base::File::FLAG_READ)); |
| 499 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file, | 498 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file, |
| 500 base::PLATFORM_FILE_OPEN | | 499 base::File::FLAG_OPEN | |
| 501 base::PLATFORM_FILE_READ)); | 500 base::File::FLAG_READ)); |
| 502 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1, | 501 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1, |
| 503 base::PLATFORM_FILE_OPEN | | 502 base::File::FLAG_OPEN | |
| 504 base::PLATFORM_FILE_READ)); | 503 base::File::FLAG_READ)); |
| 505 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2, | 504 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2, |
| 506 base::PLATFORM_FILE_OPEN | | 505 base::File::FLAG_OPEN | |
| 507 base::PLATFORM_FILE_READ)); | 506 base::File::FLAG_READ)); |
| 508 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1, | 507 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1, |
| 509 base::PLATFORM_FILE_OPEN | | 508 base::File::FLAG_OPEN | |
| 510 base::PLATFORM_FILE_READ)); | 509 base::File::FLAG_READ)); |
| 511 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2, | 510 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2, |
| 512 base::PLATFORM_FILE_OPEN | | 511 base::File::FLAG_OPEN | |
| 513 base::PLATFORM_FILE_READ)); | 512 base::File::FLAG_READ)); |
| 514 // CPSP doesn't allow this case for the sake of simplicity. | 513 // CPSP doesn't allow this case for the sake of simplicity. |
| 515 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal, | 514 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal, |
| 516 base::PLATFORM_FILE_OPEN | | 515 base::File::FLAG_OPEN | |
| 517 base::PLATFORM_FILE_READ)); | 516 base::File::FLAG_READ)); |
| 518 p->Remove(kRendererID); | 517 p->Remove(kRendererID); |
| 519 | 518 |
| 520 // Grant permissions for the directory the file is in. | 519 // Grant permissions for the directory the file is in. |
| 521 p->Add(kRendererID); | 520 p->Add(kRendererID); |
| 522 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 521 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 523 base::PLATFORM_FILE_OPEN)); | 522 base::File::FLAG_OPEN)); |
| 524 GrantPermissionsForFile(p, kRendererID, parent_file, | 523 GrantPermissionsForFile(p, kRendererID, parent_file, |
| 525 base::PLATFORM_FILE_OPEN | | 524 base::File::FLAG_OPEN | |
| 526 base::PLATFORM_FILE_READ); | 525 base::File::FLAG_READ); |
| 527 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, | 526 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 528 base::PLATFORM_FILE_OPEN)); | 527 base::File::FLAG_OPEN)); |
| 529 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 528 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 530 base::PLATFORM_FILE_READ | | 529 base::File::FLAG_READ | |
| 531 base::PLATFORM_FILE_WRITE)); | 530 base::File::FLAG_WRITE)); |
| 532 p->Remove(kRendererID); | 531 p->Remove(kRendererID); |
| 533 | 532 |
| 534 // Grant permissions for the directory the file is in (with trailing '/'). | 533 // Grant permissions for the directory the file is in (with trailing '/'). |
| 535 p->Add(kRendererID); | 534 p->Add(kRendererID); |
| 536 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 535 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 537 base::PLATFORM_FILE_OPEN)); | 536 base::File::FLAG_OPEN)); |
| 538 GrantPermissionsForFile(p, kRendererID, parent_slash_file, | 537 GrantPermissionsForFile(p, kRendererID, parent_slash_file, |
| 539 base::PLATFORM_FILE_OPEN | | 538 base::File::FLAG_OPEN | |
| 540 base::PLATFORM_FILE_READ); | 539 base::File::FLAG_READ); |
| 541 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, | 540 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 542 base::PLATFORM_FILE_OPEN)); | 541 base::File::FLAG_OPEN)); |
| 543 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 542 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 544 base::PLATFORM_FILE_READ | | 543 base::File::FLAG_READ | |
| 545 base::PLATFORM_FILE_WRITE)); | 544 base::File::FLAG_WRITE)); |
| 546 | 545 |
| 547 // Grant permissions for the file (should overwrite the permissions granted | 546 // Grant permissions for the file (should overwrite the permissions granted |
| 548 // for the directory). | 547 // for the directory). |
| 549 GrantPermissionsForFile(p, kRendererID, granted_file, | 548 GrantPermissionsForFile(p, kRendererID, granted_file, |
| 550 base::PLATFORM_FILE_TEMPORARY); | 549 base::File::FLAG_TEMPORARY); |
| 551 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 550 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 552 base::PLATFORM_FILE_OPEN)); | 551 base::File::FLAG_OPEN)); |
| 553 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, | 552 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 554 base::PLATFORM_FILE_TEMPORARY)); | 553 base::File::FLAG_TEMPORARY)); |
| 555 | 554 |
| 556 // Revoke all permissions for the file (it should inherit its permissions | 555 // Revoke all permissions for the file (it should inherit its permissions |
| 557 // from the directory again). | 556 // from the directory again). |
| 558 p->RevokeAllPermissionsForFile(kRendererID, granted_file); | 557 p->RevokeAllPermissionsForFile(kRendererID, granted_file); |
| 559 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, | 558 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 560 base::PLATFORM_FILE_OPEN | | 559 base::File::FLAG_OPEN | |
| 561 base::PLATFORM_FILE_READ)); | 560 base::File::FLAG_READ)); |
| 562 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 561 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 563 base::PLATFORM_FILE_TEMPORARY)); | 562 base::File::FLAG_TEMPORARY)); |
| 564 p->Remove(kRendererID); | 563 p->Remove(kRendererID); |
| 565 | 564 |
| 566 // Grant file permissions for the file to main thread renderer process, | 565 // Grant file permissions for the file to main thread renderer process, |
| 567 // make sure its worker thread renderer process inherits those. | 566 // make sure its worker thread renderer process inherits those. |
| 568 p->Add(kRendererID); | 567 p->Add(kRendererID); |
| 569 GrantPermissionsForFile(p, kRendererID, granted_file, | 568 GrantPermissionsForFile(p, kRendererID, granted_file, |
| 570 base::PLATFORM_FILE_OPEN | | 569 base::File::FLAG_OPEN | |
| 571 base::PLATFORM_FILE_READ); | 570 base::File::FLAG_READ); |
| 572 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, | 571 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 573 base::PLATFORM_FILE_OPEN | | 572 base::File::FLAG_OPEN | |
| 574 base::PLATFORM_FILE_READ)); | 573 base::File::FLAG_READ)); |
| 575 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, | 574 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, |
| 576 base::PLATFORM_FILE_WRITE)); | 575 base::File::FLAG_WRITE)); |
| 577 p->AddWorker(kWorkerRendererID, kRendererID); | 576 p->AddWorker(kWorkerRendererID, kRendererID); |
| 578 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, | 577 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
| 579 base::PLATFORM_FILE_OPEN | | 578 base::File::FLAG_OPEN | |
| 580 base::PLATFORM_FILE_READ)); | 579 base::File::FLAG_READ)); |
| 581 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, | 580 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
| 582 base::PLATFORM_FILE_WRITE)); | 581 base::File::FLAG_WRITE)); |
| 583 p->Remove(kRendererID); | 582 p->Remove(kRendererID); |
| 584 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, | 583 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file, |
| 585 base::PLATFORM_FILE_OPEN | | 584 base::File::FLAG_OPEN | |
| 586 base::PLATFORM_FILE_READ)); | 585 base::File::FLAG_READ)); |
| 587 p->Remove(kWorkerRendererID); | 586 p->Remove(kWorkerRendererID); |
| 588 | 587 |
| 589 p->Add(kRendererID); | 588 p->Add(kRendererID); |
| 590 GrantPermissionsForFile(p, kRendererID, relative_file, | 589 GrantPermissionsForFile(p, kRendererID, relative_file, |
| 591 base::PLATFORM_FILE_OPEN); | 590 base::File::FLAG_OPEN); |
| 592 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, relative_file, | 591 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, relative_file, |
| 593 base::PLATFORM_FILE_OPEN)); | 592 base::File::FLAG_OPEN)); |
| 594 p->Remove(kRendererID); | 593 p->Remove(kRendererID); |
| 595 } | 594 } |
| 596 | 595 |
| 597 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { | 596 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { |
| 598 ChildProcessSecurityPolicyImpl* p = | 597 ChildProcessSecurityPolicyImpl* p = |
| 599 ChildProcessSecurityPolicyImpl::GetInstance(); | 598 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 600 | 599 |
| 601 GURL url("chrome://thumb/http://www.google.com/"); | 600 GURL url("chrome://thumb/http://www.google.com/"); |
| 602 | 601 |
| 603 p->Add(kRendererID); | 602 p->Add(kRendererID); |
| (...skipping 30 matching lines...) Expand all Loading... |
| 634 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 633 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
| 635 // prepared to answer policy questions about renderers who no longer exist. | 634 // prepared to answer policy questions about renderers who no longer exist. |
| 636 | 635 |
| 637 // In this case, we default to secure behavior. | 636 // In this case, we default to secure behavior. |
| 638 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 637 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| 639 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 638 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
| 640 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 639 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
| 641 } | 640 } |
| 642 | 641 |
| 643 } // namespace content | 642 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 318753007:
Remove stale references to PlatformFile flags, errors or functions. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src