Chromium Code Reviews Chromium Code Reviews
Issue 23461031:
FileAPIMessageFilter Security: Minimal patch to fix permissions escalation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/metrics/histogram.h" | 10 #include "base/metrics/histogram.h" |
| (...skipping 20 matching lines...) Expand all Loading... | |
| 31 | 31 |
| 32 const int kReadFilePermissions = | 32 const int kReadFilePermissions = |
| 33 base::PLATFORM_FILE_OPEN | | 33 base::PLATFORM_FILE_OPEN | |
| 34 base::PLATFORM_FILE_READ | | 34 base::PLATFORM_FILE_READ | |
| 35 base::PLATFORM_FILE_EXCLUSIVE_READ | | 35 base::PLATFORM_FILE_EXCLUSIVE_READ | |
| 36 base::PLATFORM_FILE_ASYNC; | 36 base::PLATFORM_FILE_ASYNC; |
| 37 | 37 |
| 38 const int kWriteFilePermissions = | 38 const int kWriteFilePermissions = |
| 39 base::PLATFORM_FILE_OPEN | | 39 base::PLATFORM_FILE_OPEN | |
| 40 base::PLATFORM_FILE_WRITE | | 40 base::PLATFORM_FILE_WRITE | |
| 41 base::PLATFORM_FILE_APPEND | | |
|
tommycli
2013/09/06 00:21:31
If Pepper only ever opens files in filesystems of
| |
| 41 base::PLATFORM_FILE_EXCLUSIVE_WRITE | | 42 base::PLATFORM_FILE_EXCLUSIVE_WRITE | |
| 42 base::PLATFORM_FILE_ASYNC | | 43 base::PLATFORM_FILE_ASYNC | |
| 43 base::PLATFORM_FILE_WRITE_ATTRIBUTES; | 44 base::PLATFORM_FILE_WRITE_ATTRIBUTES; |
| 44 | 45 |
| 45 const int kCreateFilePermissions = | 46 const int kCreateFilePermissions = |
| 46 base::PLATFORM_FILE_CREATE; | 47 base::PLATFORM_FILE_CREATE; |
| 47 | 48 |
| 48 const int kEnumerateDirectoryPermissions = | 49 const int kEnumerateDirectoryPermissions = |
| 49 kReadFilePermissions | | 50 kReadFilePermissions | |
| 50 base::PLATFORM_FILE_ENUMERATE; | 51 base::PLATFORM_FILE_ENUMERATE; |
| (...skipping 802 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 853 base::AutoLock lock(lock_); | 854 base::AutoLock lock(lock_); |
| 854 | 855 |
| 855 SecurityStateMap::iterator state = security_state_.find(child_id); | 856 SecurityStateMap::iterator state = security_state_.find(child_id); |
| 856 if (state == security_state_.end()) | 857 if (state == security_state_.end()) |
| 857 return false; | 858 return false; |
| 858 | 859 |
| 859 return state->second->can_send_midi_sysex(); | 860 return state->second->can_send_midi_sysex(); |
| 860 } | 861 } |
| 861 | 862 |
| 862 } // namespace content | 863 } // namespace content |
| OLD | NEW |
