Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1098)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/child_process_security_policy_impl.cc

Issue 46303005: Fix chrome upload with content uri (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/child_process_security_policy_impl.h ('K') | « content/browser/child_process_security_policy_impl.h ('k') | content/browser/fileapi/fileapi_message_filter.cc » ('j') | content/browser/loader/upload_data_stream_builder.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/child_process_security_policy_impl.cc
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
index 6e5ef680a848a22c597e5e8a25fe8ab5dc098773..f33f33368db50c79e20b9e02d21891cf0a3dfbcc 100644
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -135,6 +135,24 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
return (it->second & permissions) == permissions;
}
+#if defined(OS_ANDROID)
+ // Grant certain permissions to a file.
+ void GrantPermissionsForContentUrl(const GURL& content_url,
+ int permissions) {
+ content_url_permissions_[content_url] |= permissions;
+ }
+
+ bool HasPermissionsForContentUrl(const GURL& content_url,
+ int permissions) {
+ if (content_url_permissions_.find(content_url) ==
+ content_url_permissions_.end()) {
+ return false;
+ }
+ return (content_url_permissions_[content_url] & permissions) ==
+ permissions;
+ }
+#endif
+
void GrantBindings(int bindings) {
enabled_bindings_ |= bindings;
}
@@ -258,6 +276,9 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
typedef std::map<base::FilePath, FilePermissionFlags> FileMap;
typedef std::map<std::string, FilePermissionFlags> FileSystemMap;
typedef std::set<base::FilePath> FileSet;
+#if defined(OS_ANDROID)
+ typedef std::map<GURL, FilePermissionFlags> ContentUrlMap;
+#endif
// Maps URL schemes to whether permission has been granted or revoked:
// |true| means the scheme has been granted.
@@ -283,6 +304,11 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
// The set of isolated filesystems the child process is permitted to access.
FileSystemMap filesystem_permissions_;
+#if defined(OS_ANDROID)
+ // The set of content urls the child process is permited to upload to the web.
+ ContentUrlMap content_url_permissions_;
+#endif
+
DISALLOW_COPY_AND_ASSIGN(SecurityState);
};
@@ -643,6 +669,49 @@ bool ChildProcessSecurityPolicyImpl::CanDeleteFromFileSystem(
DELETE_FILE_GRANT);
}
+#if defined(OS_ANDROID)
+void ChildProcessSecurityPolicyImpl::GrantReadContentUrl(
+ int child_id, const GURL& content_url) {
+ GrantPermissionsForContentUrl(child_id, content_url, READ_FILE_GRANT);
+}
+
+bool ChildProcessSecurityPolicyImpl::CanReadContentUrl(
+ int child_id, const GURL& content_url) {
+ if (!content_url.SchemeIsContent())
+ return false;
+ base::AutoLock lock(lock_);
+ bool result = ChildProcessHasPermissionsForContentUrl(
+ child_id, content_url, READ_FILE_GRANT);
+ if (!result) {
+ WorkerToMainProcessMap::iterator iter = worker_map_.find(child_id);
+ if (iter != worker_map_.end() && iter->second != 0) {
+ result = ChildProcessHasPermissionsForContentUrl(iter->second,
+ content_url,
+ READ_FILE_GRANT);
+ }
+ }
+ return result;
+}
+
+void ChildProcessSecurityPolicyImpl::GrantPermissionsForContentUrl(
+ int child_id, const GURL& content_url, int permissions) {
+ base::AutoLock lock(lock_);
+
+ SecurityStateMap::iterator state = security_state_.find(child_id);
+ if (state == security_state_.end())
+ return;
+ state->second->GrantPermissionsForContentUrl(content_url, READ_FILE_GRANT);
+}
+
+bool ChildProcessSecurityPolicyImpl::ChildProcessHasPermissionsForContentUrl(
+ int child_id, const GURL& content_url, int permissions) {
+ SecurityStateMap::iterator state = security_state_.find(child_id);
+ if (state == security_state_.end())
+ return false;
+ return state->second->HasPermissionsForContentUrl(content_url, permissions);
+}
+#endif
+
bool ChildProcessSecurityPolicyImpl::HasPermissionsForFile(
int child_id, const base::FilePath& file, int permissions) {
base::AutoLock lock(lock_);
« content/browser/child_process_security_policy_impl.h ('K') | « content/browser/child_process_security_policy_impl.h ('k') | content/browser/fileapi/fileapi_message_filter.cc » ('j') | content/browser/loader/upload_data_stream_builder.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698