Chromium Code Reviews Chromium Code Reviews
Issue 9360014:
Create a content public browser API around the ChildProcessSecurityPolicy class. The implementati... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | |
| 6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | |
| 7 #pragma once | |
| 8 | |
| 9 #include <set> | |
|
jam
2012/02/08 18:51:12
nit: not needed
ananta
2012/02/08 19:36:41
I added that to address a lint warning. We use set
jam
2012/02/08 19:40:14
oops, i must have searched wrong, nvm
| |
| 10 #include <string> | |
| 11 | |
| 12 #include "base/basictypes.h" | |
| 13 #include "content/common/content_export.h" | |
| 14 | |
| 15 class FilePath; | |
| 16 | |
| 17 namespace content { | |
| 18 | |
| 19 // The ChildProcessSecurityPolicy class is used to grant and revoke security | |
| 20 // capabilities for child processes. For example, it restricts whether a child | |
| 21 // process is permitted to load file:// URLs based on whether the process | |
| 22 // has ever been commanded to load file:// URLs by the browser. | |
| 23 // | |
| 24 // ChildProcessSecurityPolicy is a singleton that may be used on any thread. | |
| 25 // | |
| 26 class CONTENT_EXPORT ChildProcessSecurityPolicy { | |
|
jam
2012/02/08 18:51:12
nit: don't need CONTENT_EXPORT on the interface, j
ananta
2012/02/08 19:36:41
Done.
| |
| 27 public: | |
| 28 virtual ~ChildProcessSecurityPolicy() {} | |
| 29 | |
| 30 // There is one global ChildProcessSecurityPolicy object for the entire | |
| 31 // browser process. The object returned by this method may be accessed on | |
| 32 // any thread. | |
| 33 static ChildProcessSecurityPolicy* GetInstance(); | |
| 34 | |
| 35 // Web-safe schemes can be requested by any child process. Once a web-safe | |
| 36 // scheme has been registered, any child process can request URLs with | |
| 37 // that scheme. There is no mechanism for revoking web-safe schemes. | |
| 38 virtual void RegisterWebSafeScheme(const std::string& scheme) = 0; | |
| 39 | |
| 40 // Returns true iff |scheme| has been registered as a web-safe scheme. | |
| 41 virtual bool IsWebSafeScheme(const std::string& scheme) = 0; | |
| 42 | |
| 43 // Sets the list of disabled schemes. | |
| 44 // URLs using these schemes won't be loaded at all. The previous list of | |
| 45 // schemes is overwritten. An empty |schemes| disables this feature. | |
| 46 // Schemes listed as disabled take precedence over Web-safe schemes. | |
| 47 virtual void RegisterDisabledSchemes( | |
| 48 const std::set<std::string>& schemes) = 0; | |
| 49 | |
| 50 // Grants certain permissions to a file. |permissions| must be a bit-set of | |
| 51 // base::PlatformFileFlags. | |
| 52 virtual void GrantPermissionsForFile(int child_id, | |
| 53 const FilePath& file, | |
| 54 int permissions) = 0; | |
| 55 | |
| 56 // Whenever the user picks a file from a <input type="file"> element, the | |
| 57 // browser should call this function to grant the child process the capability | |
| 58 // to upload the file to the web. | |
| 59 virtual void GrantReadFile(int child_id, const FilePath& file) = 0; | |
| 60 | |
| 61 // Grants the child process the capability to access URLs of the provided | |
| 62 // scheme. | |
| 63 virtual void GrantScheme(int child_id, const std::string& scheme) = 0; | |
| 64 | |
| 65 protected: | |
| 66 // Obtain an instance of ChildProcessSecurityPolicy via GetInstance(). | |
| 67 ChildProcessSecurityPolicy() {} | |
|
jam
2012/02/08 18:51:12
nit: this isn't needed, since one can't create an
ananta
2012/02/08 19:36:41
Done.
| |
| 68 }; | |
| 69 | |
| 70 }; // namespace content | |
| 71 | |
| 72 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | |
| OLD | NEW |
