OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
11 #include "base/stl_util.h" | 11 #include "base/stl_util.h" |
12 #include "base/strings/string_util.h" | 12 #include "base/strings/string_util.h" |
13 #include "content/browser/plugin_process_host.h" | 13 #include "content/browser/plugin_process_host.h" |
14 #include "content/browser/site_instance_impl.h" | 14 #include "content/browser/site_instance_impl.h" |
15 #include "content/public/browser/child_process_data.h" | 15 #include "content/public/browser/child_process_data.h" |
16 #include "content/public/browser/content_browser_client.h" | 16 #include "content/public/browser/content_browser_client.h" |
17 #include "content/public/browser/render_process_host.h" | 17 #include "content/public/browser/render_process_host.h" |
18 #include "content/public/common/bindings_policy.h" | 18 #include "content/public/common/bindings_policy.h" |
19 #include "content/public/common/content_switches.h" | 19 #include "content/public/common/content_switches.h" |
20 #include "content/public/common/url_constants.h" | 20 #include "content/public/common/url_constants.h" |
21 #include "net/base/filename_util.h" | 21 #include "net/base/filename_util.h" |
22 #include "net/url_request/url_request.h" | 22 #include "net/url_request/url_request.h" |
23 #include "url/gurl.h" | 23 #include "url/gurl.h" |
24 #include "webkit/browser/fileapi/file_permission_policy.h" | 24 #include "storage/browser/fileapi/file_permission_policy.h" |
25 #include "webkit/browser/fileapi/file_system_url.h" | 25 #include "storage/browser/fileapi/file_system_url.h" |
26 #include "webkit/browser/fileapi/isolated_context.h" | 26 #include "storage/browser/fileapi/isolated_context.h" |
27 #include "webkit/common/fileapi/file_system_util.h" | 27 #include "storage/common/fileapi/file_system_util.h" |
28 | 28 |
29 namespace content { | 29 namespace content { |
30 | 30 |
31 namespace { | 31 namespace { |
32 | 32 |
33 // Used internally only. These bit positions have no relationship to any | 33 // Used internally only. These bit positions have no relationship to any |
34 // underlying OS and can be changed to accommodate finer-grained permissions. | 34 // underlying OS and can be changed to accommodate finer-grained permissions. |
35 enum ChildProcessSecurityPermissions { | 35 enum ChildProcessSecurityPermissions { |
36 READ_FILE_PERMISSION = 1 << 0, | 36 READ_FILE_PERMISSION = 1 << 0, |
37 WRITE_FILE_PERMISSION = 1 << 1, | 37 WRITE_FILE_PERMISSION = 1 << 1, |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
69 // information. | 69 // information. |
70 class ChildProcessSecurityPolicyImpl::SecurityState { | 70 class ChildProcessSecurityPolicyImpl::SecurityState { |
71 public: | 71 public: |
72 SecurityState() | 72 SecurityState() |
73 : enabled_bindings_(0), | 73 : enabled_bindings_(0), |
74 can_read_raw_cookies_(false), | 74 can_read_raw_cookies_(false), |
75 can_send_midi_sysex_(false) { } | 75 can_send_midi_sysex_(false) { } |
76 | 76 |
77 ~SecurityState() { | 77 ~SecurityState() { |
78 scheme_policy_.clear(); | 78 scheme_policy_.clear(); |
79 fileapi::IsolatedContext* isolated_context = | 79 storage::IsolatedContext* isolated_context = |
80 fileapi::IsolatedContext::GetInstance(); | 80 storage::IsolatedContext::GetInstance(); |
81 for (FileSystemMap::iterator iter = filesystem_permissions_.begin(); | 81 for (FileSystemMap::iterator iter = filesystem_permissions_.begin(); |
82 iter != filesystem_permissions_.end(); | 82 iter != filesystem_permissions_.end(); |
83 ++iter) { | 83 ++iter) { |
84 isolated_context->RemoveReference(iter->first); | 84 isolated_context->RemoveReference(iter->first); |
85 } | 85 } |
86 UMA_HISTOGRAM_COUNTS("ChildProcessSecurityPolicy.PerChildFilePermissions", | 86 UMA_HISTOGRAM_COUNTS("ChildProcessSecurityPolicy.PerChildFilePermissions", |
87 file_permissions_.size()); | 87 file_permissions_.size()); |
88 } | 88 } |
89 | 89 |
90 // Grant permission to request URLs with the specified scheme. | 90 // Grant permission to request URLs with the specified scheme. |
(...skipping 23 matching lines...) Expand all Loading... |
114 void RevokeAllPermissionsForFile(const base::FilePath& file) { | 114 void RevokeAllPermissionsForFile(const base::FilePath& file) { |
115 base::FilePath stripped = file.StripTrailingSeparators(); | 115 base::FilePath stripped = file.StripTrailingSeparators(); |
116 file_permissions_.erase(stripped); | 116 file_permissions_.erase(stripped); |
117 request_file_set_.erase(stripped); | 117 request_file_set_.erase(stripped); |
118 } | 118 } |
119 | 119 |
120 // Grant certain permissions to a file. | 120 // Grant certain permissions to a file. |
121 void GrantPermissionsForFileSystem(const std::string& filesystem_id, | 121 void GrantPermissionsForFileSystem(const std::string& filesystem_id, |
122 int permissions) { | 122 int permissions) { |
123 if (!ContainsKey(filesystem_permissions_, filesystem_id)) | 123 if (!ContainsKey(filesystem_permissions_, filesystem_id)) |
124 fileapi::IsolatedContext::GetInstance()->AddReference(filesystem_id); | 124 storage::IsolatedContext::GetInstance()->AddReference(filesystem_id); |
125 filesystem_permissions_[filesystem_id] |= permissions; | 125 filesystem_permissions_[filesystem_id] |= permissions; |
126 } | 126 } |
127 | 127 |
128 bool HasPermissionsForFileSystem(const std::string& filesystem_id, | 128 bool HasPermissionsForFileSystem(const std::string& filesystem_id, |
129 int permissions) { | 129 int permissions) { |
130 FileSystemMap::const_iterator it = | 130 FileSystemMap::const_iterator it = |
131 filesystem_permissions_.find(filesystem_id); | 131 filesystem_permissions_.find(filesystem_id); |
132 if (it == filesystem_permissions_.end()) | 132 if (it == filesystem_permissions_.end()) |
133 return false; | 133 return false; |
134 return (it->second & permissions) == permissions; | 134 return (it->second & permissions) == permissions; |
(...skipping 555 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
690 if (iter != worker_map_.end() && iter->second != 0) { | 690 if (iter != worker_map_.end() && iter->second != 0) { |
691 result = ChildProcessHasPermissionsForFile(iter->second, | 691 result = ChildProcessHasPermissionsForFile(iter->second, |
692 file, | 692 file, |
693 permissions); | 693 permissions); |
694 } | 694 } |
695 } | 695 } |
696 return result; | 696 return result; |
697 } | 697 } |
698 | 698 |
699 bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile( | 699 bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile( |
700 int child_id, const fileapi::FileSystemURL& url, int permissions) { | 700 int child_id, |
| 701 const storage::FileSystemURL& url, |
| 702 int permissions) { |
701 if (!url.is_valid()) | 703 if (!url.is_valid()) |
702 return false; | 704 return false; |
703 | 705 |
704 if (url.path().ReferencesParent()) | 706 if (url.path().ReferencesParent()) |
705 return false; | 707 return false; |
706 | 708 |
707 // Any write access is disallowed on the root path. | 709 // Any write access is disallowed on the root path. |
708 if (fileapi::VirtualPath::IsRootPath(url.path()) && | 710 if (storage::VirtualPath::IsRootPath(url.path()) && |
709 (permissions & ~READ_FILE_GRANT)) { | 711 (permissions & ~READ_FILE_GRANT)) { |
710 return false; | 712 return false; |
711 } | 713 } |
712 | 714 |
713 if (url.mount_type() == fileapi::kFileSystemTypeIsolated) { | 715 if (url.mount_type() == storage::kFileSystemTypeIsolated) { |
714 // When Isolated filesystems is overlayed on top of another filesystem, | 716 // When Isolated filesystems is overlayed on top of another filesystem, |
715 // its per-filesystem permission overrides the underlying filesystem | 717 // its per-filesystem permission overrides the underlying filesystem |
716 // permissions). | 718 // permissions). |
717 return HasPermissionsForFileSystem( | 719 return HasPermissionsForFileSystem( |
718 child_id, url.mount_filesystem_id(), permissions); | 720 child_id, url.mount_filesystem_id(), permissions); |
719 } | 721 } |
720 | 722 |
721 FileSystemPermissionPolicyMap::iterator found = | 723 FileSystemPermissionPolicyMap::iterator found = |
722 file_system_policy_map_.find(url.type()); | 724 file_system_policy_map_.find(url.type()); |
723 if (found == file_system_policy_map_.end()) | 725 if (found == file_system_policy_map_.end()) |
724 return false; | 726 return false; |
725 | 727 |
726 if ((found->second & fileapi::FILE_PERMISSION_READ_ONLY) && | 728 if ((found->second & storage::FILE_PERMISSION_READ_ONLY) && |
727 permissions & ~READ_FILE_GRANT) { | 729 permissions & ~READ_FILE_GRANT) { |
728 return false; | 730 return false; |
729 } | 731 } |
730 | 732 |
731 if (found->second & fileapi::FILE_PERMISSION_USE_FILE_PERMISSION) | 733 if (found->second & storage::FILE_PERMISSION_USE_FILE_PERMISSION) |
732 return HasPermissionsForFile(child_id, url.path(), permissions); | 734 return HasPermissionsForFile(child_id, url.path(), permissions); |
733 | 735 |
734 if (found->second & fileapi::FILE_PERMISSION_SANDBOX) | 736 if (found->second & storage::FILE_PERMISSION_SANDBOX) |
735 return true; | 737 return true; |
736 | 738 |
737 return false; | 739 return false; |
738 } | 740 } |
739 | 741 |
740 bool ChildProcessSecurityPolicyImpl::CanReadFileSystemFile( | 742 bool ChildProcessSecurityPolicyImpl::CanReadFileSystemFile( |
741 int child_id, | 743 int child_id, |
742 const fileapi::FileSystemURL& url) { | 744 const storage::FileSystemURL& url) { |
743 return HasPermissionsForFileSystemFile(child_id, url, READ_FILE_GRANT); | 745 return HasPermissionsForFileSystemFile(child_id, url, READ_FILE_GRANT); |
744 } | 746 } |
745 | 747 |
746 bool ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile( | 748 bool ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile( |
747 int child_id, | 749 int child_id, |
748 const fileapi::FileSystemURL& url) { | 750 const storage::FileSystemURL& url) { |
749 return HasPermissionsForFileSystemFile(child_id, url, WRITE_FILE_GRANT); | 751 return HasPermissionsForFileSystemFile(child_id, url, WRITE_FILE_GRANT); |
750 } | 752 } |
751 | 753 |
752 bool ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile( | 754 bool ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile( |
753 int child_id, | 755 int child_id, |
754 const fileapi::FileSystemURL& url) { | 756 const storage::FileSystemURL& url) { |
755 return HasPermissionsForFileSystemFile(child_id, url, CREATE_NEW_FILE_GRANT); | 757 return HasPermissionsForFileSystemFile(child_id, url, CREATE_NEW_FILE_GRANT); |
756 } | 758 } |
757 | 759 |
758 bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile( | 760 bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile( |
759 int child_id, | 761 int child_id, |
760 const fileapi::FileSystemURL& url) { | 762 const storage::FileSystemURL& url) { |
761 return HasPermissionsForFileSystemFile(child_id, url, | 763 return HasPermissionsForFileSystemFile(child_id, url, |
762 CREATE_READ_WRITE_FILE_GRANT); | 764 CREATE_READ_WRITE_FILE_GRANT); |
763 } | 765 } |
764 | 766 |
765 bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystemFile( | 767 bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystemFile( |
766 int child_id, | 768 int child_id, |
767 const fileapi::FileSystemURL& url) { | 769 const storage::FileSystemURL& url) { |
768 return HasPermissionsForFileSystemFile(child_id, url, COPY_INTO_FILE_GRANT); | 770 return HasPermissionsForFileSystemFile(child_id, url, COPY_INTO_FILE_GRANT); |
769 } | 771 } |
770 | 772 |
771 bool ChildProcessSecurityPolicyImpl::CanDeleteFileSystemFile( | 773 bool ChildProcessSecurityPolicyImpl::CanDeleteFileSystemFile( |
772 int child_id, | 774 int child_id, |
773 const fileapi::FileSystemURL& url) { | 775 const storage::FileSystemURL& url) { |
774 return HasPermissionsForFileSystemFile(child_id, url, DELETE_FILE_GRANT); | 776 return HasPermissionsForFileSystemFile(child_id, url, DELETE_FILE_GRANT); |
775 } | 777 } |
776 | 778 |
777 bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) { | 779 bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) { |
778 base::AutoLock lock(lock_); | 780 base::AutoLock lock(lock_); |
779 | 781 |
780 SecurityStateMap::iterator state = security_state_.find(child_id); | 782 SecurityStateMap::iterator state = security_state_.find(child_id); |
781 if (state == security_state_.end()) | 783 if (state == security_state_.end()) |
782 return false; | 784 return false; |
783 | 785 |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
868 int permission) { | 870 int permission) { |
869 base::AutoLock lock(lock_); | 871 base::AutoLock lock(lock_); |
870 | 872 |
871 SecurityStateMap::iterator state = security_state_.find(child_id); | 873 SecurityStateMap::iterator state = security_state_.find(child_id); |
872 if (state == security_state_.end()) | 874 if (state == security_state_.end()) |
873 return false; | 875 return false; |
874 return state->second->HasPermissionsForFileSystem(filesystem_id, permission); | 876 return state->second->HasPermissionsForFileSystem(filesystem_id, permission); |
875 } | 877 } |
876 | 878 |
877 void ChildProcessSecurityPolicyImpl::RegisterFileSystemPermissionPolicy( | 879 void ChildProcessSecurityPolicyImpl::RegisterFileSystemPermissionPolicy( |
878 fileapi::FileSystemType type, | 880 storage::FileSystemType type, |
879 int policy) { | 881 int policy) { |
880 base::AutoLock lock(lock_); | 882 base::AutoLock lock(lock_); |
881 file_system_policy_map_[type] = policy; | 883 file_system_policy_map_[type] = policy; |
882 } | 884 } |
883 | 885 |
884 bool ChildProcessSecurityPolicyImpl::CanSendMidiSysExMessage(int child_id) { | 886 bool ChildProcessSecurityPolicyImpl::CanSendMidiSysExMessage(int child_id) { |
885 base::AutoLock lock(lock_); | 887 base::AutoLock lock(lock_); |
886 | 888 |
887 SecurityStateMap::iterator state = security_state_.find(child_id); | 889 SecurityStateMap::iterator state = security_state_.find(child_id); |
888 if (state == security_state_.end()) | 890 if (state == security_state_.end()) |
889 return false; | 891 return false; |
890 | 892 |
891 return state->second->can_send_midi_sysex(); | 893 return state->second->can_send_midi_sysex(); |
892 } | 894 } |
893 | 895 |
894 } // namespace content | 896 } // namespace content |
OLD | NEW |