OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <set> | 5 #include <set> |
6 #include <string> | 6 #include <string> |
7 | 7 |
8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
10 #include "content/browser/child_process_security_policy_impl.h" | 10 #include "content/browser/child_process_security_policy_impl.h" |
11 #include "content/public/common/url_constants.h" | 11 #include "content/public/common/url_constants.h" |
12 #include "content/test/test_content_browser_client.h" | 12 #include "content/test/test_content_browser_client.h" |
13 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
14 #include "url/gurl.h" | 14 #include "url/gurl.h" |
15 #include "webkit/browser/fileapi/file_permission_policy.h" | 15 #include "storage/browser/fileapi/file_permission_policy.h" |
16 #include "webkit/browser/fileapi/file_system_url.h" | 16 #include "storage/browser/fileapi/file_system_url.h" |
17 #include "webkit/browser/fileapi/isolated_context.h" | 17 #include "storage/browser/fileapi/isolated_context.h" |
18 #include "webkit/common/fileapi/file_system_types.h" | 18 #include "storage/common/fileapi/file_system_types.h" |
19 | 19 |
20 namespace content { | 20 namespace content { |
21 namespace { | 21 namespace { |
22 | 22 |
23 const int kRendererID = 42; | 23 const int kRendererID = 42; |
24 const int kWorkerRendererID = kRendererID + 1; | 24 const int kWorkerRendererID = kRendererID + 1; |
25 | 25 |
26 #if defined(FILE_PATH_USES_DRIVE_LETTERS) | 26 #if defined(FILE_PATH_USES_DRIVE_LETTERS) |
27 #define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x) | 27 #define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x) |
28 #else | 28 #else |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
91 void CheckHasNoFileSystemPermission(ChildProcessSecurityPolicyImpl* p, | 91 void CheckHasNoFileSystemPermission(ChildProcessSecurityPolicyImpl* p, |
92 const std::string& child_id) { | 92 const std::string& child_id) { |
93 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, child_id)); | 93 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, child_id)); |
94 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, child_id)); | 94 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, child_id)); |
95 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, child_id)); | 95 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, child_id)); |
96 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, child_id)); | 96 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, child_id)); |
97 } | 97 } |
98 | 98 |
99 void CheckHasNoFileSystemFilePermission(ChildProcessSecurityPolicyImpl* p, | 99 void CheckHasNoFileSystemFilePermission(ChildProcessSecurityPolicyImpl* p, |
100 const base::FilePath& file, | 100 const base::FilePath& file, |
101 const fileapi::FileSystemURL& url) { | 101 const storage::FileSystemURL& url) { |
102 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 102 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
103 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, file)); | 103 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, file)); |
104 EXPECT_FALSE(p->CanReadFileSystemFile(kRendererID, url)); | 104 EXPECT_FALSE(p->CanReadFileSystemFile(kRendererID, url)); |
105 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, url)); | 105 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, url)); |
106 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, url)); | 106 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, url)); |
107 EXPECT_FALSE(p->CanCreateReadWriteFileSystemFile(kRendererID, url)); | 107 EXPECT_FALSE(p->CanCreateReadWriteFileSystemFile(kRendererID, url)); |
108 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, url)); | 108 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, url)); |
109 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, url)); | 109 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, url)); |
110 } | 110 } |
111 | 111 |
(...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
301 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); | 301 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); |
302 | 302 |
303 p->Remove(kRendererID); | 303 p->Remove(kRendererID); |
304 } | 304 } |
305 | 305 |
306 TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) { | 306 TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) { |
307 ChildProcessSecurityPolicyImpl* p = | 307 ChildProcessSecurityPolicyImpl* p = |
308 ChildProcessSecurityPolicyImpl::GetInstance(); | 308 ChildProcessSecurityPolicyImpl::GetInstance(); |
309 | 309 |
310 p->Add(kRendererID); | 310 p->Add(kRendererID); |
311 std::string read_id = fileapi::IsolatedContext::GetInstance()-> | 311 std::string read_id = |
312 RegisterFileSystemForVirtualPath(fileapi::kFileSystemTypeTest, | 312 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath( |
313 "read_filesystem", | 313 storage::kFileSystemTypeTest, "read_filesystem", base::FilePath()); |
314 base::FilePath()); | 314 std::string read_write_id = |
315 std::string read_write_id = fileapi::IsolatedContext::GetInstance()-> | 315 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath( |
316 RegisterFileSystemForVirtualPath(fileapi::kFileSystemTypeTest, | 316 storage::kFileSystemTypeTest, |
317 "read_write_filesystem", | 317 "read_write_filesystem", |
318 base::FilePath()); | 318 base::FilePath()); |
319 std::string copy_into_id = fileapi::IsolatedContext::GetInstance()-> | 319 std::string copy_into_id = |
320 RegisterFileSystemForVirtualPath(fileapi::kFileSystemTypeTest, | 320 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath( |
321 "copy_into_filesystem", | 321 storage::kFileSystemTypeTest, |
322 base::FilePath()); | 322 "copy_into_filesystem", |
323 std::string delete_from_id = fileapi::IsolatedContext::GetInstance()-> | 323 base::FilePath()); |
324 RegisterFileSystemForVirtualPath(fileapi::kFileSystemTypeTest, | 324 std::string delete_from_id = |
325 "delete_from_filesystem", | 325 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath( |
326 base::FilePath()); | 326 storage::kFileSystemTypeTest, |
| 327 "delete_from_filesystem", |
| 328 base::FilePath()); |
327 | 329 |
328 // Test initially having no permissions. | 330 // Test initially having no permissions. |
329 CheckHasNoFileSystemPermission(p, read_id); | 331 CheckHasNoFileSystemPermission(p, read_id); |
330 CheckHasNoFileSystemPermission(p, read_write_id); | 332 CheckHasNoFileSystemPermission(p, read_write_id); |
331 CheckHasNoFileSystemPermission(p, copy_into_id); | 333 CheckHasNoFileSystemPermission(p, copy_into_id); |
332 CheckHasNoFileSystemPermission(p, delete_from_id); | 334 CheckHasNoFileSystemPermission(p, delete_from_id); |
333 | 335 |
334 // Testing varying combinations of grants and checks. | 336 // Testing varying combinations of grants and checks. |
335 p->GrantReadFileSystem(kRendererID, read_id); | 337 p->GrantReadFileSystem(kRendererID, read_id); |
336 EXPECT_TRUE(p->CanReadFileSystem(kRendererID, read_id)); | 338 EXPECT_TRUE(p->CanReadFileSystem(kRendererID, read_id)); |
(...skipping 29 matching lines...) Expand all Loading... |
366 | 368 |
367 // Test having no permissions upon re-adding same renderer ID. | 369 // Test having no permissions upon re-adding same renderer ID. |
368 p->Add(kRendererID); | 370 p->Add(kRendererID); |
369 CheckHasNoFileSystemPermission(p, read_id); | 371 CheckHasNoFileSystemPermission(p, read_id); |
370 CheckHasNoFileSystemPermission(p, read_write_id); | 372 CheckHasNoFileSystemPermission(p, read_write_id); |
371 CheckHasNoFileSystemPermission(p, copy_into_id); | 373 CheckHasNoFileSystemPermission(p, copy_into_id); |
372 CheckHasNoFileSystemPermission(p, delete_from_id); | 374 CheckHasNoFileSystemPermission(p, delete_from_id); |
373 | 375 |
374 // Cleanup. | 376 // Cleanup. |
375 p->Remove(kRendererID); | 377 p->Remove(kRendererID); |
376 fileapi::IsolatedContext::GetInstance()->RevokeFileSystem(read_id); | 378 storage::IsolatedContext::GetInstance()->RevokeFileSystem(read_id); |
377 fileapi::IsolatedContext::GetInstance()->RevokeFileSystem(read_write_id); | 379 storage::IsolatedContext::GetInstance()->RevokeFileSystem(read_write_id); |
378 fileapi::IsolatedContext::GetInstance()->RevokeFileSystem(copy_into_id); | 380 storage::IsolatedContext::GetInstance()->RevokeFileSystem(copy_into_id); |
379 fileapi::IsolatedContext::GetInstance()->RevokeFileSystem(delete_from_id); | 381 storage::IsolatedContext::GetInstance()->RevokeFileSystem(delete_from_id); |
380 } | 382 } |
381 | 383 |
382 TEST_F(ChildProcessSecurityPolicyTest, FilePermissionGrantingAndRevoking) { | 384 TEST_F(ChildProcessSecurityPolicyTest, FilePermissionGrantingAndRevoking) { |
383 ChildProcessSecurityPolicyImpl* p = | 385 ChildProcessSecurityPolicyImpl* p = |
384 ChildProcessSecurityPolicyImpl::GetInstance(); | 386 ChildProcessSecurityPolicyImpl::GetInstance(); |
385 | 387 |
386 p->RegisterFileSystemPermissionPolicy( | 388 p->RegisterFileSystemPermissionPolicy( |
387 fileapi::kFileSystemTypeTest, | 389 storage::kFileSystemTypeTest, |
388 fileapi::FILE_PERMISSION_USE_FILE_PERMISSION); | 390 storage::FILE_PERMISSION_USE_FILE_PERMISSION); |
389 | 391 |
390 p->Add(kRendererID); | 392 p->Add(kRendererID); |
391 base::FilePath file(TEST_PATH("/dir/testfile")); | 393 base::FilePath file(TEST_PATH("/dir/testfile")); |
392 file = file.NormalizePathSeparators(); | 394 file = file.NormalizePathSeparators(); |
393 fileapi::FileSystemURL url = fileapi::FileSystemURL::CreateForTest( | 395 storage::FileSystemURL url = storage::FileSystemURL::CreateForTest( |
394 GURL("http://foo/"), fileapi::kFileSystemTypeTest, file); | 396 GURL("http://foo/"), storage::kFileSystemTypeTest, file); |
395 | 397 |
396 // Test initially having no permissions. | 398 // Test initially having no permissions. |
397 CheckHasNoFileSystemFilePermission(p, file, url); | 399 CheckHasNoFileSystemFilePermission(p, file, url); |
398 | 400 |
399 // Testing every combination of permissions granting and revoking. | 401 // Testing every combination of permissions granting and revoking. |
400 p->GrantReadFile(kRendererID, file); | 402 p->GrantReadFile(kRendererID, file); |
401 EXPECT_TRUE(p->CanReadFile(kRendererID, file)); | 403 EXPECT_TRUE(p->CanReadFile(kRendererID, file)); |
402 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, file)); | 404 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, file)); |
403 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, url)); | 405 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, url)); |
404 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, url)); | 406 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, url)); |
(...skipping 228 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
633 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 635 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
634 // prepared to answer policy questions about renderers who no longer exist. | 636 // prepared to answer policy questions about renderers who no longer exist. |
635 | 637 |
636 // In this case, we default to secure behavior. | 638 // In this case, we default to secure behavior. |
637 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 639 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
638 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 640 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
639 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 641 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
640 } | 642 } |
641 | 643 |
642 } // namespace content | 644 } // namespace content |
OLD | NEW |