OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
11 #include "content/common/content_export.h" | 11 #include "content/common/content_export.h" |
12 #include "url/gurl.h" | 12 #include "url/gurl.h" |
| 13 #include "url/origin.h" |
13 | 14 |
14 namespace base { | 15 namespace base { |
15 class FilePath; | 16 class FilePath; |
16 } | 17 } |
17 | 18 |
18 namespace content { | 19 namespace content { |
19 | 20 |
20 // The ChildProcessSecurityPolicy class is used to grant and revoke security | 21 // The ChildProcessSecurityPolicy class is used to grant and revoke security |
21 // capabilities for child processes. For example, it restricts whether a child | 22 // capabilities for child processes. For example, it restricts whether a child |
22 // process is permitted to load file:// URLs based on whether the process | 23 // process is permitted to load file:// URLs based on whether the process |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
120 // granting more general create and write permissions. | 121 // granting more general create and write permissions. |
121 virtual void GrantCopyIntoFileSystem(int child_id, | 122 virtual void GrantCopyIntoFileSystem(int child_id, |
122 const std::string& filesystem_id) = 0; | 123 const std::string& filesystem_id) = 0; |
123 | 124 |
124 // Grants permission to delete from filesystem |filesystem_id|. 'delete-from' | 125 // Grants permission to delete from filesystem |filesystem_id|. 'delete-from' |
125 // is used to allow deleting files into the destination filesystem without | 126 // is used to allow deleting files into the destination filesystem without |
126 // granting more general create and write permissions. | 127 // granting more general create and write permissions. |
127 virtual void GrantDeleteFromFileSystem(int child_id, | 128 virtual void GrantDeleteFromFileSystem(int child_id, |
128 const std::string& filesystem_id) = 0; | 129 const std::string& filesystem_id) = 0; |
129 | 130 |
| 131 // Grants the child process the capability to access URLs with the provided |
| 132 // origin. |
| 133 virtual void GrantOrigin(int child_id, const url::Origin& origin) = 0; |
| 134 |
130 // Grants the child process the capability to access URLs of the provided | 135 // Grants the child process the capability to access URLs of the provided |
131 // scheme. | 136 // scheme. |
132 virtual void GrantScheme(int child_id, const std::string& scheme) = 0; | 137 virtual void GrantScheme(int child_id, const std::string& scheme) = 0; |
133 | 138 |
134 // Returns true if read access has been granted to |filesystem_id|. | 139 // Returns true if read access has been granted to |filesystem_id|. |
135 virtual bool CanReadFileSystem(int child_id, | 140 virtual bool CanReadFileSystem(int child_id, |
136 const std::string& filesystem_id) = 0; | 141 const std::string& filesystem_id) = 0; |
137 | 142 |
138 // Returns true if read and write access has been granted to |filesystem_id|. | 143 // Returns true if read and write access has been granted to |filesystem_id|. |
139 virtual bool CanReadWriteFileSystem(int child_id, | 144 virtual bool CanReadWriteFileSystem(int child_id, |
(...skipping 18 matching lines...) Expand all Loading... |
158 // Returns true if the process is permitted to read and modify the data for | 163 // Returns true if the process is permitted to read and modify the data for |
159 // the given origin. This is currently used for cookies and passwords. | 164 // the given origin. This is currently used for cookies and passwords. |
160 // Does not affect cookies attached to or set by network requests. | 165 // Does not affect cookies attached to or set by network requests. |
161 // Only might return false if the --site-per-process flag is used. | 166 // Only might return false if the --site-per-process flag is used. |
162 virtual bool CanAccessDataForOrigin(int child_id, const GURL& gurl) = 0; | 167 virtual bool CanAccessDataForOrigin(int child_id, const GURL& gurl) = 0; |
163 }; | 168 }; |
164 | 169 |
165 } // namespace content | 170 } // namespace content |
166 | 171 |
167 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 172 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
OLD | NEW |