| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <set> | 5 #include <set> |
| 6 #include <string> | 6 #include <string> |
| 7 | 7 |
| 8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 9 #include "base/files/file_path.h" | 9 #include "base/files/file_path.h" |
| 10 #include "base/platform_file.h" | 10 #include "base/platform_file.h" |
| 11 #include "content/browser/child_process_security_policy_impl.h" | 11 #include "content/browser/child_process_security_policy_impl.h" |
| 12 #include "content/public/common/url_constants.h" | 12 #include "content/public/common/url_constants.h" |
| 13 #include "content/test/test_content_browser_client.h" | 13 #include "content/test/test_content_browser_client.h" |
| 14 #include "testing/gtest/include/gtest/gtest.h" | 14 #include "testing/gtest/include/gtest/gtest.h" |
| 15 #include "url/gurl.h" | 15 #include "url/gurl.h" |
| 16 #include "webkit/browser/fileapi/file_permission_policy.h" |
| 17 #include "webkit/browser/fileapi/file_system_url.h" |
| 18 #include "webkit/common/fileapi/file_system_types.h" |
| 16 | 19 |
| 17 namespace content { | 20 namespace content { |
| 18 namespace { | 21 namespace { |
| 19 | 22 |
| 20 const int kRendererID = 42; | 23 const int kRendererID = 42; |
| 21 const int kWorkerRendererID = kRendererID + 1; | 24 const int kWorkerRendererID = kRendererID + 1; |
| 22 | 25 |
| 23 #if defined(FILE_PATH_USES_DRIVE_LETTERS) | 26 #if defined(FILE_PATH_USES_DRIVE_LETTERS) |
| 24 #define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x) | 27 #define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x) |
| 25 #else | 28 #else |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 83 const base::FilePath& file, | 86 const base::FilePath& file, |
| 84 int permissions) { | 87 int permissions) { |
| 85 p->GrantPermissionsForFile(child_id, file, permissions); | 88 p->GrantPermissionsForFile(child_id, file, permissions); |
| 86 } | 89 } |
| 87 | 90 |
| 88 private: | 91 private: |
| 89 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_; | 92 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_; |
| 90 ContentBrowserClient* old_browser_client_; | 93 ContentBrowserClient* old_browser_client_; |
| 91 }; | 94 }; |
| 92 | 95 |
| 96 struct PermissionsSet { |
| 97 PermissionsSet(bool can_read, bool can_write, bool can_create, |
| 98 bool can_create_read_write) |
| 99 : can_read(can_read), |
| 100 can_write(can_write), |
| 101 can_create(can_create), |
| 102 can_create_read_write(can_create_read_write) { |
| 103 } |
| 104 |
| 105 bool operator==(const PermissionsSet& o) const { |
| 106 return can_read == o.can_read && |
| 107 can_write == o.can_write && |
| 108 can_create == o.can_create && |
| 109 can_create_read_write == o.can_create_read_write; |
| 110 } |
| 111 |
| 112 bool can_read; |
| 113 bool can_write; |
| 114 bool can_create; |
| 115 bool can_create_read_write; |
| 116 }; |
| 117 |
| 118 PermissionsSet GetAllPermissions(ChildProcessSecurityPolicyImpl* p, |
| 119 int child_id, const base::FilePath& file) { |
| 120 return PermissionsSet( |
| 121 p->CanReadFile(child_id, file), |
| 122 p->CanWriteFile(child_id, file), |
| 123 p->CanCreateFile(child_id, file), |
| 124 p->CanCreateReadWriteFile(child_id, file)); |
| 125 } |
| 126 |
| 127 PermissionsSet GetAllPermissionsForURL( |
| 128 ChildProcessSecurityPolicyImpl* p, |
| 129 int child_id, |
| 130 const fileapi::FileSystemURL& url) { |
| 131 return PermissionsSet( |
| 132 p->CanReadFileSystemFile(child_id, url), |
| 133 p->CanWriteFileSystemFile(child_id, url), |
| 134 p->CanCreateFileSystemFile(child_id, url), |
| 135 p->CanCreateReadWriteFileSystemFile(child_id, url)); |
| 136 } |
| 137 |
| 93 TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) { | 138 TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) { |
| 94 ChildProcessSecurityPolicyImpl* p = | 139 ChildProcessSecurityPolicyImpl* p = |
| 95 ChildProcessSecurityPolicyImpl::GetInstance(); | 140 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 96 | 141 |
| 97 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpScheme)); | 142 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpScheme)); |
| 98 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpsScheme)); | 143 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpsScheme)); |
| 99 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFtpScheme)); | 144 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFtpScheme)); |
| 100 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme)); | 145 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme)); |
| 101 EXPECT_TRUE(p->IsWebSafeScheme("feed")); | 146 EXPECT_TRUE(p->IsWebSafeScheme("feed")); |
| 102 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme)); | 147 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme)); |
| (...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 271 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); | 316 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); |
| 272 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); | 317 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url)); |
| 273 | 318 |
| 274 p->GrantRequestURL(kRendererID, icon_url); | 319 p->GrantRequestURL(kRendererID, icon_url); |
| 275 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); | 320 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url)); |
| 276 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); | 321 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url)); |
| 277 | 322 |
| 278 p->Remove(kRendererID); | 323 p->Remove(kRendererID); |
| 279 } | 324 } |
| 280 | 325 |
| 281 TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) { | 326 TEST_F(ChildProcessSecurityPolicyTest, PermissionGrantingAndRevoking) { |
| 282 ChildProcessSecurityPolicyImpl* p = | 327 ChildProcessSecurityPolicyImpl* p = |
| 283 ChildProcessSecurityPolicyImpl::GetInstance(); | 328 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 284 | 329 |
| 330 p->RegisterFileSystemPermissionPolicy( |
| 331 fileapi::kFileSystemTypeTest, |
| 332 fileapi::FILE_PERMISSION_USE_FILE_PERMISSION); |
| 333 |
| 285 p->Add(kRendererID); | 334 p->Add(kRendererID); |
| 335 base::FilePath file(TEST_PATH("/dir/testfile")); |
| 336 fileapi::FileSystemURL url = fileapi::FileSystemURL::CreateForTest( |
| 337 GURL("http://foo/"), fileapi::kFileSystemTypeTest, file); |
| 286 | 338 |
| 287 EXPECT_FALSE(p->CanReadFile(kRendererID, | 339 PermissionsSet all_denied(false, false, false, false); |
| 288 base::FilePath(TEST_PATH("/etc/passwd")))); | |
| 289 p->GrantReadFile(kRendererID, base::FilePath(TEST_PATH("/etc/passwd"))); | |
| 290 EXPECT_TRUE(p->CanReadFile(kRendererID, | |
| 291 base::FilePath(TEST_PATH("/etc/passwd")))); | |
| 292 EXPECT_FALSE(p->CanReadFile(kRendererID, | |
| 293 base::FilePath(TEST_PATH("/etc/shadow")))); | |
| 294 | 340 |
| 341 // Test initially having no permissions. |
| 342 EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file)); |
| 343 EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url)); |
| 344 |
| 345 // Testing every combination of permissions granting and revoking. |
| 346 PermissionsSet read_only(true, false, false, false); |
| 347 p->GrantReadFile(kRendererID, file); |
| 348 EXPECT_EQ(read_only, GetAllPermissions(p, kRendererID, file)); |
| 349 EXPECT_EQ(read_only, GetAllPermissionsForURL(p, kRendererID, url)); |
| 350 p->RevokeAllPermissionsForFile(kRendererID, file); |
| 351 EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file)); |
| 352 EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url)); |
| 353 |
| 354 PermissionsSet write_only(false, true, false, false); |
| 355 p->GrantWriteFile(kRendererID, file); |
| 356 EXPECT_EQ(write_only, GetAllPermissions(p, kRendererID, file)); |
| 357 EXPECT_EQ(write_only, GetAllPermissionsForURL(p, kRendererID, url)); |
| 358 p->RevokeAllPermissionsForFile(kRendererID, file); |
| 359 EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file)); |
| 360 EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url)); |
| 361 |
| 362 PermissionsSet create_only(false, false, true, false); |
| 363 p->GrantCreateFile(kRendererID, file); |
| 364 EXPECT_EQ(create_only, GetAllPermissions(p, kRendererID, file)); |
| 365 EXPECT_EQ(create_only, GetAllPermissionsForURL(p, kRendererID, url)); |
| 366 p->RevokeAllPermissionsForFile(kRendererID, file); |
| 367 EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file)); |
| 368 EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url)); |
| 369 |
| 370 PermissionsSet create_read_write(true, true, true, true); |
| 371 p->GrantCreateReadWriteFile(kRendererID, file); |
| 372 EXPECT_EQ(create_read_write, GetAllPermissions(p, kRendererID, file)); |
| 373 EXPECT_EQ(create_read_write, GetAllPermissionsForURL(p, kRendererID, url)); |
| 374 p->RevokeAllPermissionsForFile(kRendererID, file); |
| 375 EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file)); |
| 376 EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url)); |
| 377 |
| 378 // Test revoke permissions on renderer ID removal. |
| 379 p->GrantCreateReadWriteFile(kRendererID, file); |
| 380 EXPECT_EQ(create_read_write, GetAllPermissions(p, kRendererID, file)); |
| 381 EXPECT_EQ(create_read_write, GetAllPermissionsForURL(p, kRendererID, url)); |
| 295 p->Remove(kRendererID); | 382 p->Remove(kRendererID); |
| 383 EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file)); |
| 384 EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url)); |
| 385 |
| 386 // Test having no permissions upon re-adding same renderer ID. |
| 296 p->Add(kRendererID); | 387 p->Add(kRendererID); |
| 388 EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file)); |
| 389 EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url)); |
| 297 | 390 |
| 298 EXPECT_FALSE(p->CanReadFile(kRendererID, | 391 // Cleanup. |
| 299 base::FilePath(TEST_PATH("/etc/passwd")))); | |
| 300 EXPECT_FALSE(p->CanReadFile(kRendererID, | |
| 301 base::FilePath(TEST_PATH("/etc/shadow")))); | |
| 302 | |
| 303 p->Remove(kRendererID); | 392 p->Remove(kRendererID); |
| 304 } | 393 } |
| 305 | 394 |
| 306 TEST_F(ChildProcessSecurityPolicyTest, CanReadDirectories) { | 395 TEST_F(ChildProcessSecurityPolicyTest, CanReadDirectories) { |
| 307 ChildProcessSecurityPolicyImpl* p = | 396 ChildProcessSecurityPolicyImpl* p = |
| 308 ChildProcessSecurityPolicyImpl::GetInstance(); | 397 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 309 | 398 |
| 310 p->Add(kRendererID); | 399 p->Add(kRendererID); |
| 311 | 400 |
| 312 EXPECT_FALSE(p->CanReadDirectory(kRendererID, | 401 EXPECT_FALSE(p->CanReadDirectory(kRendererID, |
| (...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 528 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 617 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
| 529 // prepared to answer policy questions about renderers who no longer exist. | 618 // prepared to answer policy questions about renderers who no longer exist. |
| 530 | 619 |
| 531 // In this case, we default to secure behavior. | 620 // In this case, we default to secure behavior. |
| 532 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 621 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| 533 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 622 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
| 534 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 623 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
| 535 } | 624 } |
| 536 | 625 |
| 537 } // namespace content | 626 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 19599006:
ChildProcessSecurityPolicy: Deprecate bitmask-based permissions checks for files. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master