Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(451)

Unified Diff: content/browser/child_process_security_policy_impl.cc

Issue 1362433002: Fix for "chrome://" links in PDFs. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Small fix. Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/browser/child_process_security_policy_impl.cc
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
index b748a72fe73236016d23c5a514b2b828f8b26779..9e94f34602d5e56fd450224bf33110e05da68293 100644
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -4,6 +4,8 @@
#include "content/browser/child_process_security_policy_impl.h"
+#include <utility>
+
#include "base/command_line.h"
#include "base/files/file_path.h"
#include "base/logging.h"
@@ -87,6 +89,11 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
file_permissions_.size());
}
+ // Grant permission to request URLs with the specified origin.
+ void GrantOrigin(const url::Origin& origin) {
+ origin_set_.insert(origin);
+ }
+
// Grant permission to request URLs with the specified scheme.
void GrantScheme(const std::string& scheme) {
scheme_policy_[scheme] = true;
@@ -168,10 +175,15 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
// Determine whether permission has been granted to commit |url|.
bool CanCommitURL(const GURL& url) {
- // Having permission to a scheme implies permssion to all of its URLs.
- SchemeMap::const_iterator judgment(scheme_policy_.find(url.scheme()));
- if (judgment != scheme_policy_.end())
- return judgment->second;
+ // Having permission to a scheme implies permission to all of its URLs.
+ SchemeMap::const_iterator scheme_judgment(
+ scheme_policy_.find(url.scheme()));
+ if (scheme_judgment != scheme_policy_.end())
+ return scheme_judgment->second;
+
+ // Otherwise, check for permission for specific origin.
+ if (ContainsKey(origin_set_, url::Origin(url)))
+ return true;
// file:// URLs are more granular. The child may have been given
// permission to a specific file but not the file:// scheme in general.
@@ -242,6 +254,7 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
private:
typedef std::map<std::string, bool> SchemeMap;
+ typedef std::set<url::Origin> OriginSet;
typedef int FilePermissionFlags; // bit-set of base::File::Flags
typedef std::map<base::FilePath, FilePermissionFlags> FileMap;
@@ -255,6 +268,10 @@ class ChildProcessSecurityPolicyImpl::SecurityState {
// or revoked.
SchemeMap scheme_policy_;
+ // The set of URL origins to which the child process has been granted
+ // permission.
+ OriginSet origin_set_;
+
// The set of files the child process is permited to upload to the web.
FileMap file_permissions_;
@@ -503,6 +520,17 @@ void ChildProcessSecurityPolicyImpl::GrantSendMidiSysExMessage(int child_id) {
state->second->GrantPermissionForMidiSysEx();
}
+void ChildProcessSecurityPolicyImpl::GrantOrigin(int child_id,
+ const url::Origin& origin) {
+ base::AutoLock lock(lock_);
+
+ SecurityStateMap::iterator state = security_state_.find(child_id);
+ if (state == security_state_.end())
+ return;
+
+ state->second->GrantOrigin(origin);
+}
+
void ChildProcessSecurityPolicyImpl::GrantScheme(int child_id,
const std::string& scheme) {
base::AutoLock lock(lock_);
« no previous file with comments | « content/browser/child_process_security_policy_impl.h ('k') | content/browser/child_process_security_policy_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698