chrome/browser/net/chrome_extensions_network_delegate.cc - Issue 2437753003: Tighten IO thread blob/filesystem URL checks for apps with webview permission.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/net/chrome_extensions_network_delegate.cc

Issue 2437753003: Tighten IO thread blob/filesystem URL checks for apps with webview permission. (Closed)

Patch Set: arraysize Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « chrome/browser/extensions/process_manager_browsertest.cc ('k') | content/browser/child_process_security_policy_impl.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/net/chrome_extensions_network_delegate.cc

diff --git a/chrome/browser/net/chrome_extensions_network_delegate.cc b/chrome/browser/net/chrome_extensions_network_delegate.cc

index 0befcccc2b8081dca6eed521fd0299398959fb3c..15cb48c12c183b216588aeb94f37494050a6efc8 100644

--- a/chrome/browser/net/chrome_extensions_network_delegate.cc

+++ b/chrome/browser/net/chrome_extensions_network_delegate.cc

@@ -10,12 +10,16 @@

#include "net/base/net_errors.h"

#if defined(ENABLE_EXTENSIONS)

+#include "base/debug/alias.h"

+#include "base/debug/dump_without_crashing.h"

+#include "base/strings/string_util.h"

#include "chrome/browser/browser_process.h"

#include "chrome/browser/extensions/api/proxy/proxy_api.h"

#include "chrome/browser/extensions/event_router_forwarder.h"

#include "chrome/browser/profiles/profile_manager.h"

#include "chrome/browser/renderer_host/chrome_navigation_ui_data.h"

#include "content/public/browser/browser_thread.h"

+#include "content/public/browser/child_process_security_policy.h"

#include "content/public/browser/render_frame_host.h"

#include "content/public/browser/resource_request_info.h"

#include "content/public/common/browser_side_navigation_policy.h"

@@ -209,8 +213,25 @@ int ChromeExtensionsNetworkDelegateImpl::OnBeforeURLRequest(

extension &&

extension->permissions_data()->HasAPIPermission(

extensions::APIPermission::kWebView);

- if (!has_webview_permission)

+ // Check whether the request is coming from a <webview> guest process via

+ // ChildProcessSecurityPolicy. A guest process should have already been

+ // granted permission to request |origin| when its WebContents was created.

+ // See https://crbug.com/656752.

+ auto* policy = content::ChildProcessSecurityPolicy::GetInstance();

+ bool from_guest =

+ policy->HasSpecificPermissionForOrigin(info->GetChildID(), origin);

+ if (!has_webview_permission || !from_guest) {

+ // TODO(alexmos): Temporary instrumentation to find any regressions for

+ // this blocking. Remove after verifying that this is not breaking any

+ // legitimate use cases.

+ char origin_copy[256];

+ base::strlcpy(origin_copy, origin.Serialize().c_str(),

+ arraysize(origin_copy));

+ base::debug::Alias(&origin_copy);

+ base::debug::Alias(&from_guest);

+ base::debug::DumpWithoutCrashing();

return net::ERR_ABORTED;

+ }

}

return ExtensionWebRequestEventRouter::GetInstance()->OnBeforeRequest(

« no previous file with comments | « chrome/browser/extensions/process_manager_browsertest.cc ('k') | content/browser/child_process_security_policy_impl.h » ('j') | no next file with comments »