| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 42 base::PLATFORM_FILE_ASYNC | | 42 base::PLATFORM_FILE_ASYNC | |
| 43 base::PLATFORM_FILE_WRITE_ATTRIBUTES; | 43 base::PLATFORM_FILE_WRITE_ATTRIBUTES; |
| 44 | 44 |
| 45 const int kCreateFilePermissions = | 45 const int kCreateFilePermissions = |
| 46 base::PLATFORM_FILE_CREATE; | 46 base::PLATFORM_FILE_CREATE; |
| 47 | 47 |
| 48 const int kEnumerateDirectoryPermissions = | 48 const int kEnumerateDirectoryPermissions = |
| 49 kReadFilePermissions | | 49 kReadFilePermissions | |
| 50 base::PLATFORM_FILE_ENUMERATE; | 50 base::PLATFORM_FILE_ENUMERATE; |
| 51 | 51 |
| 52 const int kReadWriteFilePermissions = |
| 53 base::PLATFORM_FILE_OPEN | |
| 54 base::PLATFORM_FILE_CREATE | |
| 55 base::PLATFORM_FILE_OPEN_ALWAYS | |
| 56 base::PLATFORM_FILE_CREATE_ALWAYS | |
| 57 base::PLATFORM_FILE_OPEN_TRUNCATED | |
| 58 base::PLATFORM_FILE_READ | |
| 59 base::PLATFORM_FILE_WRITE | |
| 60 base::PLATFORM_FILE_EXCLUSIVE_READ | |
| 61 base::PLATFORM_FILE_EXCLUSIVE_WRITE | |
| 62 base::PLATFORM_FILE_ASYNC | |
| 63 base::PLATFORM_FILE_WRITE_ATTRIBUTES; |
| 64 |
| 65 const int kCreateWriteFilePermissions = |
| 66 base::PLATFORM_FILE_CREATE | |
| 67 base::PLATFORM_FILE_CREATE_ALWAYS | |
| 68 base::PLATFORM_FILE_OPEN | |
| 69 base::PLATFORM_FILE_OPEN_ALWAYS | |
| 70 base::PLATFORM_FILE_OPEN_TRUNCATED | |
| 71 base::PLATFORM_FILE_WRITE | |
| 72 base::PLATFORM_FILE_WRITE_ATTRIBUTES | |
| 73 base::PLATFORM_FILE_ASYNC; |
| 74 // need EXCLUSIVE_WRITE in this mix? |
| 75 |
| 52 } // namespace | 76 } // namespace |
| 53 | 77 |
| 54 // The SecurityState class is used to maintain per-child process security state | 78 // The SecurityState class is used to maintain per-child process security state |
| 55 // information. | 79 // information. |
| 56 class ChildProcessSecurityPolicyImpl::SecurityState { | 80 class ChildProcessSecurityPolicyImpl::SecurityState { |
| 57 public: | 81 public: |
| 58 SecurityState() | 82 SecurityState() |
| 59 : enabled_bindings_(0), | 83 : enabled_bindings_(0), |
| 60 can_read_raw_cookies_(false) { } | 84 can_read_raw_cookies_(false) { } |
| 61 | 85 |
| (...skipping 339 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 401 if (net::FileURLToFilePath(url, &path)) | 425 if (net::FileURLToFilePath(url, &path)) |
| 402 state->second->GrantRequestOfSpecificFile(path); | 426 state->second->GrantRequestOfSpecificFile(path); |
| 403 } | 427 } |
| 404 } | 428 } |
| 405 | 429 |
| 406 void ChildProcessSecurityPolicyImpl::GrantReadFile(int child_id, | 430 void ChildProcessSecurityPolicyImpl::GrantReadFile(int child_id, |
| 407 const base::FilePath& file) { | 431 const base::FilePath& file) { |
| 408 GrantPermissionsForFile(child_id, file, kReadFilePermissions); | 432 GrantPermissionsForFile(child_id, file, kReadFilePermissions); |
| 409 } | 433 } |
| 410 | 434 |
| 435 void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFile( |
| 436 int child_id, const base::FilePath& file) { |
| 437 GrantPermissionsForFile(child_id, file, kReadWriteFilePermissions); |
| 438 } |
| 439 |
| 440 void ChildProcessSecurityPolicyImpl::GrantCreateWriteFile( |
| 441 int child_id, const base::FilePath& file) { |
| 442 GrantPermissionsForFile(child_id, file, kCreateWriteFilePermissions); |
| 443 } |
| 444 |
| 411 void ChildProcessSecurityPolicyImpl::GrantReadDirectory( | 445 void ChildProcessSecurityPolicyImpl::GrantReadDirectory( |
| 412 int child_id, const base::FilePath& directory) { | 446 int child_id, const base::FilePath& directory) { |
| 413 GrantPermissionsForFile(child_id, directory, kEnumerateDirectoryPermissions); | 447 GrantPermissionsForFile(child_id, directory, kEnumerateDirectoryPermissions); |
| 414 } | 448 } |
| 415 | 449 |
| 416 void ChildProcessSecurityPolicyImpl::GrantPermissionsForFile( | 450 void ChildProcessSecurityPolicyImpl::GrantPermissionsForFile( |
| 417 int child_id, const base::FilePath& file, int permissions) { | 451 int child_id, const base::FilePath& file, int permissions) { |
| 418 base::AutoLock lock(lock_); | 452 base::AutoLock lock(lock_); |
| 419 | 453 |
| 420 SecurityStateMap::iterator state = security_state_.find(child_id); | 454 SecurityStateMap::iterator state = security_state_.find(child_id); |
| (...skipping 316 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 737 } | 771 } |
| 738 | 772 |
| 739 void ChildProcessSecurityPolicyImpl::RegisterFileSystemPermissionPolicy( | 773 void ChildProcessSecurityPolicyImpl::RegisterFileSystemPermissionPolicy( |
| 740 fileapi::FileSystemType type, | 774 fileapi::FileSystemType type, |
| 741 int policy) { | 775 int policy) { |
| 742 base::AutoLock lock(lock_); | 776 base::AutoLock lock(lock_); |
| 743 file_system_policy_map_[type] = policy; | 777 file_system_policy_map_[type] = policy; |
| 744 } | 778 } |
| 745 | 779 |
| 746 } // namespace content | 780 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 18129002:
Update the child process security policy to use explicit permission grants. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src