Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(155)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/public/browser/child_process_security_policy.h

Issue 19599006: ChildProcessSecurityPolicy: Deprecate bitmask-based permissions checks for files. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Also add FileSystemURL based methods. Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/child_process_security_policy_impl.cc ('K') | « content/browser/child_process_security_policy_unittest.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
(...skipping 22 matching lines...) Expand all
33 static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance(); 33 static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance();
34 34
35 // Web-safe schemes can be requested by any child process. Once a web-safe 35 // Web-safe schemes can be requested by any child process. Once a web-safe
36 // scheme has been registered, any child process can request URLs with 36 // scheme has been registered, any child process can request URLs with
37 // that scheme. There is no mechanism for revoking web-safe schemes. 37 // that scheme. There is no mechanism for revoking web-safe schemes.
38 virtual void RegisterWebSafeScheme(const std::string& scheme) = 0; 38 virtual void RegisterWebSafeScheme(const std::string& scheme) = 0;
39 39
40 // Returns true iff |scheme| has been registered as a web-safe scheme. 40 // Returns true iff |scheme| has been registered as a web-safe scheme.
41 virtual bool IsWebSafeScheme(const std::string& scheme) = 0; 41 virtual bool IsWebSafeScheme(const std::string& scheme) = 0;
42 42
43 // Before servicing a child process's request to upload a file to the web, the 43 // These methods verify whether or not the child process has been granted
44 // browser should call this method to determine whether the process has the 44 // permissions perform these functions on |file|.
45 // capability to upload the requested file.
46 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0; 45 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0;
46 virtual bool CanWriteFile(int child_id, const base::FilePath& file) = 0;
47 virtual bool CanCreateFile(int child_id, const base::FilePath& file) = 0;
48 virtual bool CanCreateReadWriteFile(int child_id,
49 const base::FilePath& file) = 0;
47 50
48 // Whenever the user picks a file from a <input type="file"> element, the 51 // These methods grant the child process permissions on |file|.
49 // browser should call this function to grant the child process the capability
50 // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY.
51 virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0; 52 virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0;
53 virtual void GrantWriteFile(int child_id, const base::FilePath& file) = 0;
54 virtual void GrantCreateFile(int child_id, const base::FilePath& file) = 0;
52 55
53 // This permission grants creation, read, and full write access to a file, 56 // This permission grants creation, read, and full write access to a file,
54 // including attributes. 57 // including attributes.
55 virtual void GrantCreateReadWriteFile(int child_id, 58 virtual void GrantCreateReadWriteFile(int child_id,
56 const base::FilePath& file) = 0; 59 const base::FilePath& file) = 0;
57 60
58 // This permission grants creation and write access to a file. 61 // This permission grants creation and write access to a file.
59 virtual void GrantCreateWriteFile(int child_id, 62 virtual void GrantCreateWriteFile(int child_id,
60 const base::FilePath& file) = 0; 63 const base::FilePath& file) = 0;
61 64
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
110 113
111 // Returns true iff read and write access has been granted to the filesystem 114 // Returns true iff read and write access has been granted to the filesystem
112 // with |filesystem_id|. 115 // with |filesystem_id|.
113 virtual bool CanReadWriteFileSystem(int child_id, 116 virtual bool CanReadWriteFileSystem(int child_id,
114 const std::string& filesystem_id) = 0; 117 const std::string& filesystem_id) = 0;
115 }; 118 };
116 119
117 }; // namespace content 120 }; // namespace content
118 121
119 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 122 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
OLDNEW
« content/browser/child_process_security_policy_impl.cc ('K') | « content/browser/child_process_security_policy_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698