Create a content public browser API around the ChildProcessSecurityPolicy class. The implementati...

content/browser/child_process_security_policy_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "content/browser/child_process_security_policy.h"
+#include "content/browser/child_process_security_policy_impl.h"
 
 #include "base/file_path.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
 #include "base/platform_file.h"
 #include "base/stl_util.h"
 #include "base/string_util.h"
 #include "content/browser/site_instance_impl.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/common/bindings_policy.h"
 #include "content/public/common/url_constants.h"
 #include "googleurl/src/gurl.h"
 #include "net/url_request/url_request.h"
 #include "webkit/fileapi/isolated_context.h"
 
+using content::ChildProcessSecurityPolicy;
 using content::SiteInstance;
 
 static const int kReadFilePermissions =
     base::PLATFORM_FILE_OPEN |
     base::PLATFORM_FILE_READ |
     base::PLATFORM_FILE_EXCLUSIVE_READ |
     base::PLATFORM_FILE_ASYNC;
 
 static const int kEnumerateDirectoryPermissions =
     kReadFilePermissions |
     base::PLATFORM_FILE_ENUMERATE;
 
 // The SecurityState class is used to maintain per-child process security state
 // information.
-class ChildProcessSecurityPolicy::SecurityState {
+class ChildProcessSecurityPolicyImpl::SecurityState {
  public:
   SecurityState()
     : enabled_bindings_(0),
       can_read_raw_cookies_(false) { }
 
   ~SecurityState() {
     scheme_policy_.clear();
     fileapi::IsolatedContext* isolated_context =
         fileapi::IsolatedContext::GetInstance();
     for (FileSystemSet::iterator iter = access_granted_filesystems_.begin();
@@ skipping 109 matching lines @@
   bool can_read_raw_cookies_;
 
   GURL origin_lock_;
 
   // The set of isolated filesystems the child process is permitted to access.
   FileSystemSet access_granted_filesystems_;
 
   DISALLOW_COPY_AND_ASSIGN(SecurityState);
 };
 
-ChildProcessSecurityPolicy::ChildProcessSecurityPolicy() {
+ChildProcessSecurityPolicyImpl::ChildProcessSecurityPolicyImpl() {
   // We know about these schemes and believe them to be safe.
   RegisterWebSafeScheme(chrome::kHttpScheme);
   RegisterWebSafeScheme(chrome::kHttpsScheme);
   RegisterWebSafeScheme(chrome::kFtpScheme);
   RegisterWebSafeScheme(chrome::kDataScheme);
   RegisterWebSafeScheme("feed");
   RegisterWebSafeScheme(chrome::kBlobScheme);
   RegisterWebSafeScheme(chrome::kFileSystemScheme);
 
   // We know about the following pseudo schemes and treat them specially.
   RegisterPseudoScheme(chrome::kAboutScheme);
   RegisterPseudoScheme(chrome::kJavaScriptScheme);
   RegisterPseudoScheme(chrome::kViewSourceScheme);
 }
 
-ChildProcessSecurityPolicy::~ChildProcessSecurityPolicy() {
+ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() {
   web_safe_schemes_.clear();
   pseudo_schemes_.clear();
   STLDeleteContainerPairSecondPointers(security_state_.begin(),
                                        security_state_.end());
   security_state_.clear();
 }
 
 // static
 ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() {
-  return Singleton<ChildProcessSecurityPolicy>::get();
+  return ChildProcessSecurityPolicyImpl::GetInstance();
 }
 
-void ChildProcessSecurityPolicy::Add(int child_id) {
+ChildProcessSecurityPolicyImpl* ChildProcessSecurityPolicyImpl::GetInstance() {
+  return Singleton<ChildProcessSecurityPolicyImpl>::get();
+}
+
+void ChildProcessSecurityPolicyImpl::Add(int child_id) {
   base::AutoLock lock(lock_);
   AddChild(child_id);
 }
 
-void ChildProcessSecurityPolicy::AddWorker(int child_id,
-                                           int main_render_process_id) {
+void ChildProcessSecurityPolicyImpl::AddWorker(int child_id,
+                                               int main_render_process_id) {
   base::AutoLock lock(lock_);
   AddChild(child_id);
   worker_map_[child_id] = main_render_process_id;
 }
 
-void ChildProcessSecurityPolicy::Remove(int child_id) {
+void ChildProcessSecurityPolicyImpl::Remove(int child_id) {
   base::AutoLock lock(lock_);
   if (!security_state_.count(child_id))
     return;  // May be called multiple times.
 
   delete security_state_[child_id];
   security_state_.erase(child_id);
   worker_map_.erase(child_id);
 }
 
-void ChildProcessSecurityPolicy::RegisterWebSafeScheme(
+void ChildProcessSecurityPolicyImpl::RegisterWebSafeScheme(
     const std::string& scheme) {
   base::AutoLock lock(lock_);
   DCHECK(web_safe_schemes_.count(scheme) == 0) << "Add schemes at most once.";
   DCHECK(pseudo_schemes_.count(scheme) == 0) << "Web-safe implies not pseudo.";
 
   web_safe_schemes_.insert(scheme);
 }
 
-bool ChildProcessSecurityPolicy::IsWebSafeScheme(const std::string& scheme) {
+bool ChildProcessSecurityPolicyImpl::IsWebSafeScheme(
+    const std::string& scheme) {
   base::AutoLock lock(lock_);
 
   return (web_safe_schemes_.find(scheme) != web_safe_schemes_.end());
 }
 
-void ChildProcessSecurityPolicy::RegisterPseudoScheme(
+void ChildProcessSecurityPolicyImpl::RegisterPseudoScheme(
     const std::string& scheme) {
   base::AutoLock lock(lock_);
   DCHECK(pseudo_schemes_.count(scheme) == 0) << "Add schemes at most once.";
   DCHECK(web_safe_schemes_.count(scheme) == 0) <<
       "Pseudo implies not web-safe.";
 
   pseudo_schemes_.insert(scheme);
 }
 
-bool ChildProcessSecurityPolicy::IsPseudoScheme(const std::string& scheme) {
+bool ChildProcessSecurityPolicyImpl::IsPseudoScheme(
+    const std::string& scheme) {
   base::AutoLock lock(lock_);
 
   return (pseudo_schemes_.find(scheme) != pseudo_schemes_.end());
 }
 
-void ChildProcessSecurityPolicy::RegisterDisabledSchemes(
+void ChildProcessSecurityPolicyImpl::RegisterDisabledSchemes(
     const std::set<std::string>& schemes) {
   base::AutoLock lock(lock_);
   disabled_schemes_ = schemes;
 }
 
-bool ChildProcessSecurityPolicy::IsDisabledScheme(const std::string& scheme) {
+bool ChildProcessSecurityPolicyImpl::IsDisabledScheme(
+    const std::string& scheme) {
   base::AutoLock lock(lock_);
   return disabled_schemes_.find(scheme) != disabled_schemes_.end();
 }
 
-void ChildProcessSecurityPolicy::GrantRequestURL(
+void ChildProcessSecurityPolicyImpl::GrantRequestURL(
     int child_id, const GURL& url) {
 
   if (!url.is_valid())
     return;  // Can't grant the capability to request invalid URLs.
 
   if (IsWebSafeScheme(url.scheme()))
     return;  // The scheme has already been whitelisted for every child process.
 
   if (IsPseudoScheme(url.scheme())) {
     // The view-source scheme is a special case of a pseudo-URL that eventually
@@ skipping 14 matching lines @@
     SecurityStateMap::iterator state = security_state_.find(child_id);
     if (state == security_state_.end())
       return;
 
     // If the child process has been commanded to request a scheme, then we
     // grant it the capability to request URLs of that scheme.
     state->second->GrantScheme(url.scheme());
   }
 }
 
-void ChildProcessSecurityPolicy::GrantReadFile(int child_id,
-                                               const FilePath& file) {
+void ChildProcessSecurityPolicyImpl::GrantReadFile(int child_id,
+                                                   const FilePath& file) {
   GrantPermissionsForFile(child_id, file, kReadFilePermissions);
 }
 
-void ChildProcessSecurityPolicy::GrantReadDirectory(int child_id,
-                                                    const FilePath& directory) {
+void ChildProcessSecurityPolicyImpl::GrantReadDirectory(
+    int child_id, const FilePath& directory) {
   GrantPermissionsForFile(child_id, directory, kEnumerateDirectoryPermissions);
 }
 
-void ChildProcessSecurityPolicy::GrantPermissionsForFile(
+void ChildProcessSecurityPolicyImpl::GrantPermissionsForFile(
     int child_id, const FilePath& file, int permissions) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->GrantPermissionsForFile(file, permissions);
 }
 
-void ChildProcessSecurityPolicy::RevokeAllPermissionsForFile(
+void ChildProcessSecurityPolicyImpl::RevokeAllPermissionsForFile(
     int child_id, const FilePath& file) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->RevokeAllPermissionsForFile(file);
 }
 
-void ChildProcessSecurityPolicy::GrantAccessFileSystem(
+void ChildProcessSecurityPolicyImpl::GrantAccessFileSystem(
     int child_id, const std::string& filesystem_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->GrantAccessFileSystem(filesystem_id);
 }
 
-void ChildProcessSecurityPolicy::GrantScheme(int child_id,
-                                             const std::string& scheme) {
+void ChildProcessSecurityPolicyImpl::GrantScheme(int child_id,
+                                                 const std::string& scheme) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->GrantScheme(scheme);
 }
 
-void ChildProcessSecurityPolicy::GrantWebUIBindings(int child_id) {
+void ChildProcessSecurityPolicyImpl::GrantWebUIBindings(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->GrantBindings(content::BINDINGS_POLICY_WEB_UI);
 
   // Web UI bindings need the ability to request chrome: URLs.
   state->second->GrantScheme(chrome::kChromeUIScheme);
 
   // Web UI pages can contain links to file:// URLs.
   state->second->GrantScheme(chrome::kFileScheme);
 }
 
-void ChildProcessSecurityPolicy::GrantReadRawCookies(int child_id) {
+void ChildProcessSecurityPolicyImpl::GrantReadRawCookies(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->GrantReadRawCookies();
 }
 
-void ChildProcessSecurityPolicy::RevokeReadRawCookies(int child_id) {
+void ChildProcessSecurityPolicyImpl::RevokeReadRawCookies(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->RevokeReadRawCookies();
 }
 
-bool ChildProcessSecurityPolicy::CanRequestURL(
+bool ChildProcessSecurityPolicyImpl::CanRequestURL(
     int child_id, const GURL& url) {
   if (!url.is_valid())
     return false;  // Can't request invalid URLs.
 
   if (IsDisabledScheme(url.scheme()))
     return false; // The scheme is disabled by policy.
 
   if (IsWebSafeScheme(url.scheme()))
     return true;  // The scheme has been white-listed for every child process.
 
@@ skipping 31 matching lines @@
     SecurityStateMap::iterator state = security_state_.find(child_id);
     if (state == security_state_.end())
       return false;
 
     // Otherwise, we consult the child process's security state to see if it is
     // allowed to request the URL.
     return state->second->CanRequestURL(url);
   }
 }
 
-bool ChildProcessSecurityPolicy::CanReadFile(int child_id,
+bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id,
                                              const FilePath& file) {
   return HasPermissionsForFile(child_id, file, kReadFilePermissions);
 }
 
-bool ChildProcessSecurityPolicy::CanReadDirectory(int child_id,
-                                                  const FilePath& directory) {
+bool ChildProcessSecurityPolicyImpl::CanReadDirectory(
+    int child_id, const FilePath& directory) {
   return HasPermissionsForFile(child_id,
                                directory,
                                kEnumerateDirectoryPermissions);
 }
 
-bool ChildProcessSecurityPolicy::HasPermissionsForFile(
+bool ChildProcessSecurityPolicyImpl::HasPermissionsForFile(
     int child_id, const FilePath& file, int permissions) {
   base::AutoLock lock(lock_);
   bool result = ChildProcessHasPermissionsForFile(child_id, file, permissions);
   if (!result) {
     // If this is a worker thread that has no access to a given file,
     // let's check that its renderer process has access to that file instead.
     WorkerToMainProcessMap::iterator iter = worker_map_.find(child_id);
     if (iter != worker_map_.end() && iter->second != 0) {
       result = ChildProcessHasPermissionsForFile(iter->second,
                                                  file,
                                                  permissions);
     }
   }
   return result;
 }
 
-bool ChildProcessSecurityPolicy::HasWebUIBindings(int child_id) {
+bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
 
   return state->second->has_web_ui_bindings();
 }
 
-bool ChildProcessSecurityPolicy::CanReadRawCookies(int child_id) {
+bool ChildProcessSecurityPolicyImpl::CanReadRawCookies(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
 
   return state->second->can_read_raw_cookies();
 }
 
-void ChildProcessSecurityPolicy::AddChild(int child_id) {
+void ChildProcessSecurityPolicyImpl::AddChild(int child_id) {
   if (security_state_.count(child_id) != 0) {
     NOTREACHED() << "Add child process at most once.";
     return;
   }
 
   security_state_[child_id] = new SecurityState();
 }
 
-bool ChildProcessSecurityPolicy::ChildProcessHasPermissionsForFile(
+bool ChildProcessSecurityPolicyImpl::ChildProcessHasPermissionsForFile(
     int child_id, const FilePath& file, int permissions) {
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
   return state->second->HasPermissionsForFile(file, permissions);
 }
 
-bool ChildProcessSecurityPolicy::CanUseCookiesForOrigin(int child_id,
-                                                        const GURL& gurl) {
+bool ChildProcessSecurityPolicyImpl::CanUseCookiesForOrigin(int child_id,
+                                                            const GURL& gurl) {
   base::AutoLock lock(lock_);
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
   return state->second->CanUseCookiesForOrigin(gurl);
 }
 
-void ChildProcessSecurityPolicy::LockToOrigin(int child_id, const GURL& gurl) {
+void ChildProcessSecurityPolicyImpl::LockToOrigin(int child_id,
+                                                  const GURL& gurl) {
   // "gurl" can be currently empty in some cases, such as file://blah.
   DCHECK(SiteInstanceImpl::GetSiteForURL(NULL, gurl) == gurl);
   base::AutoLock lock(lock_);
   SecurityStateMap::iterator state = security_state_.find(child_id);
   DCHECK(state != security_state_.end());
   state->second->LockToOrigin(gurl);
 }