| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/extensions/file_manager/file_handler_util.h" | 5 #include "chrome/browser/chromeos/extensions/file_manager/file_handler_util.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/file_util.h" | 8 #include "base/file_util.h" |
| 9 #include "base/i18n/case_conversion.h" | 9 #include "base/i18n/case_conversion.h" |
| 10 #include "base/strings/string_util.h" | 10 #include "base/strings/string_util.h" |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 55 const char kTaskDrive[] = "drive"; | 55 const char kTaskDrive[] = "drive"; |
| 56 const char kTaskApp[] = "app"; | 56 const char kTaskApp[] = "app"; |
| 57 | 57 |
| 58 namespace { | 58 namespace { |
| 59 | 59 |
| 60 // Legacy Drive task extension prefix, used by CrackTaskID. | 60 // Legacy Drive task extension prefix, used by CrackTaskID. |
| 61 const char kDriveTaskExtensionPrefix[] = "drive-app:"; | 61 const char kDriveTaskExtensionPrefix[] = "drive-app:"; |
| 62 const size_t kDriveTaskExtensionPrefixLength = | 62 const size_t kDriveTaskExtensionPrefixLength = |
| 63 arraysize(kDriveTaskExtensionPrefix) - 1; | 63 arraysize(kDriveTaskExtensionPrefix) - 1; |
| 64 | 64 |
| 65 const int kReadWriteFilePermissions = base::PLATFORM_FILE_OPEN | | |
| 66 base::PLATFORM_FILE_CREATE | | |
| 67 base::PLATFORM_FILE_OPEN_ALWAYS | | |
| 68 base::PLATFORM_FILE_CREATE_ALWAYS | | |
| 69 base::PLATFORM_FILE_OPEN_TRUNCATED | | |
| 70 base::PLATFORM_FILE_READ | | |
| 71 base::PLATFORM_FILE_WRITE | | |
| 72 base::PLATFORM_FILE_EXCLUSIVE_READ | | |
| 73 base::PLATFORM_FILE_EXCLUSIVE_WRITE | | |
| 74 base::PLATFORM_FILE_ASYNC | | |
| 75 base::PLATFORM_FILE_WRITE_ATTRIBUTES; | |
| 76 | |
| 77 const int kReadOnlyFilePermissions = base::PLATFORM_FILE_OPEN | | |
| 78 base::PLATFORM_FILE_READ | | |
| 79 base::PLATFORM_FILE_EXCLUSIVE_READ | | |
| 80 base::PLATFORM_FILE_ASYNC; | |
| 81 | |
| 82 // Returns process id of the process the extension is running in. | 65 // Returns process id of the process the extension is running in. |
| 83 int ExtractProcessFromExtensionId(Profile* profile, | 66 int ExtractProcessFromExtensionId(Profile* profile, |
| 84 const std::string& extension_id) { | 67 const std::string& extension_id) { |
| 85 GURL extension_url = | 68 GURL extension_url = |
| 86 Extension::GetBaseURLFromExtensionId(extension_id); | 69 Extension::GetBaseURLFromExtensionId(extension_id); |
| 87 ExtensionProcessManager* manager = | 70 ExtensionProcessManager* manager = |
| 88 extensions::ExtensionSystem::Get(profile)->process_manager(); | 71 extensions::ExtensionSystem::Get(profile)->process_manager(); |
| 89 | 72 |
| 90 SiteInstance* site_instance = manager->GetSiteInstanceForURL(extension_url); | 73 SiteInstance* site_instance = manager->GetSiteInstanceForURL(extension_url); |
| 91 if (!site_instance || !site_instance->HasProcess()) | 74 if (!site_instance || !site_instance->HasProcess()) |
| (...skipping 10 matching lines...) Expand all Loading... |
| 102 for (FileBrowserHandler::List::const_iterator action_iter = | 85 for (FileBrowserHandler::List::const_iterator action_iter = |
| 103 handler_list->begin(); | 86 handler_list->begin(); |
| 104 action_iter != handler_list->end(); | 87 action_iter != handler_list->end(); |
| 105 ++action_iter) { | 88 ++action_iter) { |
| 106 if (action_iter->get()->id() == action_id) | 89 if (action_iter->get()->id() == action_id) |
| 107 return action_iter->get(); | 90 return action_iter->get(); |
| 108 } | 91 } |
| 109 return NULL; | 92 return NULL; |
| 110 } | 93 } |
| 111 | 94 |
| 112 unsigned int GetAccessPermissionsForFileBrowserHandler( | |
| 113 const Extension* extension, | |
| 114 const std::string& action_id) { | |
| 115 const FileBrowserHandler* action = | |
| 116 FindFileBrowserHandler(extension, action_id); | |
| 117 if (!action) | |
| 118 return 0; | |
| 119 unsigned int result = 0; | |
| 120 if (action->CanRead()) | |
| 121 result |= kReadOnlyFilePermissions; | |
| 122 if (action->CanWrite()) | |
| 123 result |= kReadWriteFilePermissions; | |
| 124 // TODO(tbarzic): We don't handle Create yet. | |
| 125 return result; | |
| 126 } | |
| 127 | |
| 128 std::string EscapedUtf8ToLower(const std::string& str) { | 95 std::string EscapedUtf8ToLower(const std::string& str) { |
| 129 string16 utf16 = UTF8ToUTF16( | 96 string16 utf16 = UTF8ToUTF16( |
| 130 net::UnescapeURLComponent(str, net::UnescapeRule::NORMAL)); | 97 net::UnescapeURLComponent(str, net::UnescapeRule::NORMAL)); |
| 131 return net::EscapeUrlEncodedData( | 98 return net::EscapeUrlEncodedData( |
| 132 UTF16ToUTF8(base::i18n::ToLower(utf16)), | 99 UTF16ToUTF8(base::i18n::ToLower(utf16)), |
| 133 false /* do not replace space with plus */); | 100 false /* do not replace space with plus */); |
| 134 } | 101 } |
| 135 | 102 |
| 136 bool GetFileBrowserHandlers(Profile* profile, | 103 bool GetFileBrowserHandlers(Profile* profile, |
| 137 const GURL& selected_file_url, | 104 const GURL& selected_file_url, |
| (...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 269 profile->GetPrefs()->GetDictionary(prefs::kDefaultTasksBySuffix); | 236 profile->GetPrefs()->GetDictionary(prefs::kDefaultTasksBySuffix); |
| 270 DCHECK(suffix_task_prefs); | 237 DCHECK(suffix_task_prefs); |
| 271 LOG_IF(ERROR, !suffix_task_prefs) << "Unable to open suffix prefs"; | 238 LOG_IF(ERROR, !suffix_task_prefs) << "Unable to open suffix prefs"; |
| 272 std::string lower_suffix = StringToLowerASCII(suffix); | 239 std::string lower_suffix = StringToLowerASCII(suffix); |
| 273 if (suffix_task_prefs) | 240 if (suffix_task_prefs) |
| 274 suffix_task_prefs->GetStringWithoutPathExpansion(lower_suffix, &task_id); | 241 suffix_task_prefs->GetStringWithoutPathExpansion(lower_suffix, &task_id); |
| 275 VLOG_IF(1, !task_id.empty()) << "Found suffix default handler: " << task_id; | 242 VLOG_IF(1, !task_id.empty()) << "Found suffix default handler: " << task_id; |
| 276 return task_id; | 243 return task_id; |
| 277 } | 244 } |
| 278 | 245 |
| 279 int GetReadWritePermissions() { | |
| 280 return kReadWriteFilePermissions; | |
| 281 } | |
| 282 | |
| 283 int GetReadOnlyPermissions() { | |
| 284 return kReadOnlyFilePermissions; | |
| 285 } | |
| 286 | |
| 287 std::string MakeTaskID(const std::string& extension_id, | 246 std::string MakeTaskID(const std::string& extension_id, |
| 288 const std::string& task_type, | 247 const std::string& task_type, |
| 289 const std::string& action_id) { | 248 const std::string& action_id) { |
| 290 DCHECK(task_type == kTaskFile || | 249 DCHECK(task_type == kTaskFile || |
| 291 task_type == kTaskDrive || | 250 task_type == kTaskDrive || |
| 292 task_type == kTaskApp); | 251 task_type == kTaskApp); |
| 293 return base::StringPrintf("%s|%s|%s", | 252 return base::StringPrintf("%s|%s|%s", |
| 294 extension_id.c_str(), | 253 extension_id.c_str(), |
| 295 task_type.c_str(), | 254 task_type.c_str(), |
| 296 action_id.c_str()); | 255 action_id.c_str()); |
| (...skipping 529 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 826 event->restrict_to_profile = profile_; | 785 event->restrict_to_profile = profile_; |
| 827 event_router->DispatchEventToExtension(extension_->id(), event.Pass()); | 786 event_router->DispatchEventToExtension(extension_->id(), event.Pass()); |
| 828 | 787 |
| 829 ExecuteDoneOnUIThread(true); | 788 ExecuteDoneOnUIThread(true); |
| 830 } | 789 } |
| 831 | 790 |
| 832 void ExtensionTaskExecutor::SetupHandlerHostFileAccessPermissions( | 791 void ExtensionTaskExecutor::SetupHandlerHostFileAccessPermissions( |
| 833 const FileDefinitionList& file_list, | 792 const FileDefinitionList& file_list, |
| 834 const Extension* extension, | 793 const Extension* extension, |
| 835 int handler_pid) { | 794 int handler_pid) { |
| 795 const FileBrowserHandler* action = FindFileBrowserHandler(extension_, |
| 796 action_id_); |
| 836 for (FileDefinitionList::const_iterator iter = file_list.begin(); | 797 for (FileDefinitionList::const_iterator iter = file_list.begin(); |
| 837 iter != file_list.end(); | 798 iter != file_list.end(); |
| 838 ++iter) { | 799 ++iter) { |
| 839 content::ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile( | 800 if (!action) |
| 840 handler_pid, | 801 continue; |
| 841 iter->absolute_path, | 802 if (action->CanRead()) { |
| 842 GetAccessPermissionsForFileBrowserHandler(extension_.get(), | 803 content::ChildProcessSecurityPolicy::GetInstance()->GrantReadFile( |
| 843 action_id_)); | 804 handler_pid, iter->absolute_path); |
| 805 } |
| 806 if (action->CanWrite()) { |
| 807 content::ChildProcessSecurityPolicy::GetInstance()-> |
| 808 GrantCreateReadWriteFile(handler_pid, iter->absolute_path); |
| 809 } |
| 844 } | 810 } |
| 845 } | 811 } |
| 846 | 812 |
| 847 } // namespace file_handler_util | 813 } // namespace file_handler_util |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 18129002:
Update the child process security policy to use explicit permission grants. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src