| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <set> | 5 #include <set> |
| 6 #include <string> | 6 #include <string> |
| 7 | 7 |
| 8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
| 10 #include "base/platform_file.h" | 10 #include "base/platform_file.h" |
| 11 #include "content/browser/child_process_security_policy.h" | 11 #include "content/browser/child_process_security_policy_impl.h" |
| 12 #include "content/browser/mock_content_browser_client.h" | 12 #include "content/browser/mock_content_browser_client.h" |
| 13 #include "content/common/test_url_constants.h" | 13 #include "content/common/test_url_constants.h" |
| 14 #include "content/public/common/url_constants.h" | 14 #include "content/public/common/url_constants.h" |
| 15 #include "googleurl/src/gurl.h" | 15 #include "googleurl/src/gurl.h" |
| 16 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
| 17 | 17 |
| 18 namespace { | 18 namespace { |
| 19 | 19 |
| 20 const int kRendererID = 42; | 20 const int kRendererID = 42; |
| 21 const int kWorkerRendererID = kRendererID + 1; | 21 const int kWorkerRendererID = kRendererID + 1; |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 66 void RegisterTestScheme(const std::string& scheme) { | 66 void RegisterTestScheme(const std::string& scheme) { |
| 67 test_browser_client_.AddScheme(scheme); | 67 test_browser_client_.AddScheme(scheme); |
| 68 } | 68 } |
| 69 | 69 |
| 70 private: | 70 private: |
| 71 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_; | 71 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_; |
| 72 content::ContentBrowserClient* old_browser_client_; | 72 content::ContentBrowserClient* old_browser_client_; |
| 73 }; | 73 }; |
| 74 | 74 |
| 75 TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) { | 75 TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) { |
| 76 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 76 ChildProcessSecurityPolicyImpl* p = |
| 77 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 77 | 78 |
| 78 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpScheme)); | 79 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpScheme)); |
| 79 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpsScheme)); | 80 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpsScheme)); |
| 80 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFtpScheme)); | 81 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFtpScheme)); |
| 81 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme)); | 82 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme)); |
| 82 EXPECT_TRUE(p->IsWebSafeScheme("feed")); | 83 EXPECT_TRUE(p->IsWebSafeScheme("feed")); |
| 83 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme)); | 84 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme)); |
| 84 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFileSystemScheme)); | 85 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFileSystemScheme)); |
| 85 | 86 |
| 86 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme")); | 87 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme")); |
| 87 p->RegisterWebSafeScheme("registered-web-safe-scheme"); | 88 p->RegisterWebSafeScheme("registered-web-safe-scheme"); |
| 88 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme")); | 89 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme")); |
| 89 | 90 |
| 90 EXPECT_FALSE(p->IsWebSafeScheme(chrome::kChromeUIScheme)); | 91 EXPECT_FALSE(p->IsWebSafeScheme(chrome::kChromeUIScheme)); |
| 91 } | 92 } |
| 92 | 93 |
| 93 TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { | 94 TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) { |
| 94 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 95 ChildProcessSecurityPolicyImpl* p = |
| 96 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 95 | 97 |
| 96 EXPECT_TRUE(p->IsPseudoScheme(chrome::kAboutScheme)); | 98 EXPECT_TRUE(p->IsPseudoScheme(chrome::kAboutScheme)); |
| 97 EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme)); | 99 EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme)); |
| 98 EXPECT_TRUE(p->IsPseudoScheme(chrome::kViewSourceScheme)); | 100 EXPECT_TRUE(p->IsPseudoScheme(chrome::kViewSourceScheme)); |
| 99 | 101 |
| 100 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme")); | 102 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme")); |
| 101 p->RegisterPseudoScheme("registered-pseudo-scheme"); | 103 p->RegisterPseudoScheme("registered-pseudo-scheme"); |
| 102 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme")); | 104 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme")); |
| 103 | 105 |
| 104 EXPECT_FALSE(p->IsPseudoScheme(chrome::kChromeUIScheme)); | 106 EXPECT_FALSE(p->IsPseudoScheme(chrome::kChromeUIScheme)); |
| 105 } | 107 } |
| 106 | 108 |
| 107 TEST_F(ChildProcessSecurityPolicyTest, IsDisabledSchemeTest) { | 109 TEST_F(ChildProcessSecurityPolicyTest, IsDisabledSchemeTest) { |
| 108 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 110 ChildProcessSecurityPolicyImpl* p = |
| 111 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 109 | 112 |
| 110 EXPECT_FALSE(p->IsDisabledScheme("evil-scheme")); | 113 EXPECT_FALSE(p->IsDisabledScheme("evil-scheme")); |
| 111 std::set<std::string> disabled_set; | 114 std::set<std::string> disabled_set; |
| 112 disabled_set.insert("evil-scheme"); | 115 disabled_set.insert("evil-scheme"); |
| 113 p->RegisterDisabledSchemes(disabled_set); | 116 p->RegisterDisabledSchemes(disabled_set); |
| 114 EXPECT_TRUE(p->IsDisabledScheme("evil-scheme")); | 117 EXPECT_TRUE(p->IsDisabledScheme("evil-scheme")); |
| 115 EXPECT_FALSE(p->IsDisabledScheme("good-scheme")); | 118 EXPECT_FALSE(p->IsDisabledScheme("good-scheme")); |
| 116 | 119 |
| 117 disabled_set.clear(); | 120 disabled_set.clear(); |
| 118 p->RegisterDisabledSchemes(disabled_set); | 121 p->RegisterDisabledSchemes(disabled_set); |
| 119 EXPECT_FALSE(p->IsDisabledScheme("evil-scheme")); | 122 EXPECT_FALSE(p->IsDisabledScheme("evil-scheme")); |
| 120 EXPECT_FALSE(p->IsDisabledScheme("good-scheme")); | 123 EXPECT_FALSE(p->IsDisabledScheme("good-scheme")); |
| 121 } | 124 } |
| 122 | 125 |
| 123 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { | 126 TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) { |
| 124 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 127 ChildProcessSecurityPolicyImpl* p = |
| 128 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 125 | 129 |
| 126 p->Add(kRendererID); | 130 p->Add(kRendererID); |
| 127 | 131 |
| 128 // Safe | 132 // Safe |
| 129 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"))); | 133 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/"))); |
| 130 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"))); | 134 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/"))); |
| 131 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); | 135 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/"))); |
| 132 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); | 136 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>"))); |
| 133 EXPECT_TRUE(p->CanRequestURL(kRendererID, | 137 EXPECT_TRUE(p->CanRequestURL(kRendererID, |
| 134 GURL("view-source:http://www.google.com/"))); | 138 GURL("view-source:http://www.google.com/"))); |
| 135 EXPECT_TRUE(p->CanRequestURL( | 139 EXPECT_TRUE(p->CanRequestURL( |
| 136 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); | 140 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif"))); |
| 137 | 141 |
| 138 // Dangerous | 142 // Dangerous |
| 139 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 143 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
| 140 GURL("file:///etc/passwd"))); | 144 GURL("file:///etc/passwd"))); |
| 141 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 145 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
| 142 GURL("chrome://foo/bar"))); | 146 GURL("chrome://foo/bar"))); |
| 143 | 147 |
| 144 p->Remove(kRendererID); | 148 p->Remove(kRendererID); |
| 145 } | 149 } |
| 146 | 150 |
| 147 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { | 151 TEST_F(ChildProcessSecurityPolicyTest, AboutTest) { |
| 148 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 152 ChildProcessSecurityPolicyImpl* p = |
| 153 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 149 | 154 |
| 150 p->Add(kRendererID); | 155 p->Add(kRendererID); |
| 151 | 156 |
| 152 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); | 157 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank"))); |
| 153 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); | 158 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK"))); |
| 154 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); | 159 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK"))); |
| 155 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); | 160 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank"))); |
| 156 | 161 |
| 157 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); | 162 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory"))); |
| 158 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); | 163 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash"))); |
| (...skipping 24 matching lines...) Expand all Loading... |
| 183 p->GrantRequestURL(kRendererID, GURL(chrome::kTestHistoryURL)); | 188 p->GrantRequestURL(kRendererID, GURL(chrome::kTestHistoryURL)); |
| 184 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL(chrome::kTestHistoryURL))); | 189 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL(chrome::kTestHistoryURL))); |
| 185 | 190 |
| 186 p->GrantRequestURL(kRendererID, GURL(chrome::kTestBookmarksURL)); | 191 p->GrantRequestURL(kRendererID, GURL(chrome::kTestBookmarksURL)); |
| 187 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL(chrome::kTestBookmarksURL))); | 192 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL(chrome::kTestBookmarksURL))); |
| 188 | 193 |
| 189 p->Remove(kRendererID); | 194 p->Remove(kRendererID); |
| 190 } | 195 } |
| 191 | 196 |
| 192 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { | 197 TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) { |
| 193 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 198 ChildProcessSecurityPolicyImpl* p = |
| 199 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 194 | 200 |
| 195 p->Add(kRendererID); | 201 p->Add(kRendererID); |
| 196 | 202 |
| 197 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | 203 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
| 198 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); | 204 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')")); |
| 199 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); | 205 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')"))); |
| 200 | 206 |
| 201 p->Remove(kRendererID); | 207 p->Remove(kRendererID); |
| 202 } | 208 } |
| 203 | 209 |
| 204 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { | 210 TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) { |
| 205 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 211 ChildProcessSecurityPolicyImpl* p = |
| 212 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 206 | 213 |
| 207 p->Add(kRendererID); | 214 p->Add(kRendererID); |
| 208 | 215 |
| 209 // Currently, "asdf" is destined for ShellExecute, so it is allowed. | 216 // Currently, "asdf" is destined for ShellExecute, so it is allowed. |
| 210 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 217 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
| 211 | 218 |
| 212 // Once we register "asdf", we default to deny. | 219 // Once we register "asdf", we default to deny. |
| 213 RegisterTestScheme("asdf"); | 220 RegisterTestScheme("asdf"); |
| 214 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 221 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
| 215 | 222 |
| 216 // We can allow new schemes by adding them to the whitelist. | 223 // We can allow new schemes by adding them to the whitelist. |
| 217 p->RegisterWebSafeScheme("asdf"); | 224 p->RegisterWebSafeScheme("asdf"); |
| 218 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); | 225 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers"))); |
| 219 | 226 |
| 220 // Cleanup. | 227 // Cleanup. |
| 221 p->Remove(kRendererID); | 228 p->Remove(kRendererID); |
| 222 } | 229 } |
| 223 | 230 |
| 224 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { | 231 TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) { |
| 225 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 232 ChildProcessSecurityPolicyImpl* p = |
| 233 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 226 | 234 |
| 227 p->Add(kRendererID); | 235 p->Add(kRendererID); |
| 228 | 236 |
| 229 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 237 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 230 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); | 238 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd")); |
| 231 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 239 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 232 | 240 |
| 233 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); | 241 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); |
| 234 std::set<std::string> disabled_set; | 242 std::set<std::string> disabled_set; |
| 235 disabled_set.insert("evil-scheme"); | 243 disabled_set.insert("evil-scheme"); |
| 236 p->RegisterDisabledSchemes(disabled_set); | 244 p->RegisterDisabledSchemes(disabled_set); |
| 237 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"))); | 245 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"))); |
| 238 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); | 246 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); |
| 239 disabled_set.clear(); | 247 disabled_set.clear(); |
| 240 p->RegisterDisabledSchemes(disabled_set); | 248 p->RegisterDisabledSchemes(disabled_set); |
| 241 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"))); | 249 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com"))); |
| 242 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); | 250 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path"))); |
| 243 | 251 |
| 244 // We should forget our state if we repeat a renderer id. | 252 // We should forget our state if we repeat a renderer id. |
| 245 p->Remove(kRendererID); | 253 p->Remove(kRendererID); |
| 246 p->Add(kRendererID); | 254 p->Add(kRendererID); |
| 247 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 255 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 248 p->Remove(kRendererID); | 256 p->Remove(kRendererID); |
| 249 } | 257 } |
| 250 | 258 |
| 251 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { | 259 TEST_F(ChildProcessSecurityPolicyTest, ViewSource) { |
| 252 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 260 ChildProcessSecurityPolicyImpl* p = |
| 261 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 253 | 262 |
| 254 p->Add(kRendererID); | 263 p->Add(kRendererID); |
| 255 | 264 |
| 256 // View source is determined by the embedded scheme. | 265 // View source is determined by the embedded scheme. |
| 257 EXPECT_TRUE(p->CanRequestURL(kRendererID, | 266 EXPECT_TRUE(p->CanRequestURL(kRendererID, |
| 258 GURL("view-source:http://www.google.com/"))); | 267 GURL("view-source:http://www.google.com/"))); |
| 259 EXPECT_FALSE(p->CanRequestURL(kRendererID, | 268 EXPECT_FALSE(p->CanRequestURL(kRendererID, |
| 260 GURL("view-source:file:///etc/passwd"))); | 269 GURL("view-source:file:///etc/passwd"))); |
| 261 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 270 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 262 EXPECT_FALSE(p->CanRequestURL( | 271 EXPECT_FALSE(p->CanRequestURL( |
| 263 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); | 272 kRendererID, GURL("view-source:view-source:http://www.google.com/"))); |
| 264 | 273 |
| 265 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); | 274 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")); |
| 266 // View source needs to be able to request the embedded scheme. | 275 // View source needs to be able to request the embedded scheme. |
| 267 EXPECT_TRUE(p->CanRequestURL(kRendererID, | 276 EXPECT_TRUE(p->CanRequestURL(kRendererID, |
| 268 GURL("view-source:file:///etc/passwd"))); | 277 GURL("view-source:file:///etc/passwd"))); |
| 269 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); | 278 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd"))); |
| 270 | 279 |
| 271 p->Remove(kRendererID); | 280 p->Remove(kRendererID); |
| 272 } | 281 } |
| 273 | 282 |
| 274 TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) { | 283 TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) { |
| 275 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 284 ChildProcessSecurityPolicyImpl* p = |
| 285 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 276 | 286 |
| 277 p->Add(kRendererID); | 287 p->Add(kRendererID); |
| 278 | 288 |
| 279 EXPECT_FALSE(p->CanReadFile(kRendererID, | 289 EXPECT_FALSE(p->CanReadFile(kRendererID, |
| 280 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); | 290 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); |
| 281 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/passwd"))); | 291 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/passwd"))); |
| 282 EXPECT_TRUE(p->CanReadFile(kRendererID, | 292 EXPECT_TRUE(p->CanReadFile(kRendererID, |
| 283 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); | 293 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); |
| 284 EXPECT_FALSE(p->CanReadFile(kRendererID, | 294 EXPECT_FALSE(p->CanReadFile(kRendererID, |
| 285 FilePath(FILE_PATH_LITERAL("/etc/shadow")))); | 295 FilePath(FILE_PATH_LITERAL("/etc/shadow")))); |
| 286 | 296 |
| 287 p->Remove(kRendererID); | 297 p->Remove(kRendererID); |
| 288 p->Add(kRendererID); | 298 p->Add(kRendererID); |
| 289 | 299 |
| 290 EXPECT_FALSE(p->CanReadFile(kRendererID, | 300 EXPECT_FALSE(p->CanReadFile(kRendererID, |
| 291 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); | 301 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); |
| 292 EXPECT_FALSE(p->CanReadFile(kRendererID, | 302 EXPECT_FALSE(p->CanReadFile(kRendererID, |
| 293 FilePath(FILE_PATH_LITERAL("/etc/shadow")))); | 303 FilePath(FILE_PATH_LITERAL("/etc/shadow")))); |
| 294 | 304 |
| 295 p->Remove(kRendererID); | 305 p->Remove(kRendererID); |
| 296 } | 306 } |
| 297 | 307 |
| 298 TEST_F(ChildProcessSecurityPolicyTest, CanReadDirectories) { | 308 TEST_F(ChildProcessSecurityPolicyTest, CanReadDirectories) { |
| 299 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 309 ChildProcessSecurityPolicyImpl* p = |
| 310 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 300 | 311 |
| 301 p->Add(kRendererID); | 312 p->Add(kRendererID); |
| 302 | 313 |
| 303 EXPECT_FALSE(p->CanReadDirectory(kRendererID, | 314 EXPECT_FALSE(p->CanReadDirectory(kRendererID, |
| 304 FilePath(FILE_PATH_LITERAL("/etc/")))); | 315 FilePath(FILE_PATH_LITERAL("/etc/")))); |
| 305 p->GrantReadDirectory(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/"))); | 316 p->GrantReadDirectory(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/"))); |
| 306 EXPECT_TRUE(p->CanReadDirectory(kRendererID, | 317 EXPECT_TRUE(p->CanReadDirectory(kRendererID, |
| 307 FilePath(FILE_PATH_LITERAL("/etc/")))); | 318 FilePath(FILE_PATH_LITERAL("/etc/")))); |
| 308 EXPECT_TRUE(p->CanReadFile(kRendererID, | 319 EXPECT_TRUE(p->CanReadFile(kRendererID, |
| 309 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); | 320 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); |
| (...skipping 11 matching lines...) Expand all Loading... |
| 321 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/"))); | 332 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/"))); |
| 322 EXPECT_TRUE(p->CanReadFile(kRendererID, | 333 EXPECT_TRUE(p->CanReadFile(kRendererID, |
| 323 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); | 334 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); |
| 324 EXPECT_FALSE(p->CanReadDirectory(kRendererID, | 335 EXPECT_FALSE(p->CanReadDirectory(kRendererID, |
| 325 FilePath(FILE_PATH_LITERAL("/etc/")))); | 336 FilePath(FILE_PATH_LITERAL("/etc/")))); |
| 326 | 337 |
| 327 p->Remove(kRendererID); | 338 p->Remove(kRendererID); |
| 328 } | 339 } |
| 329 | 340 |
| 330 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { | 341 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { |
| 331 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 342 ChildProcessSecurityPolicyImpl* p = |
| 343 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 332 | 344 |
| 333 // Grant permissions for a file. | 345 // Grant permissions for a file. |
| 334 p->Add(kRendererID); | 346 p->Add(kRendererID); |
| 335 FilePath file = FilePath(FILE_PATH_LITERAL("/etc/passwd")); | 347 FilePath file = FilePath(FILE_PATH_LITERAL("/etc/passwd")); |
| 336 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, | 348 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, |
| 337 base::PLATFORM_FILE_OPEN)); | 349 base::PLATFORM_FILE_OPEN)); |
| 338 | 350 |
| 339 p->GrantPermissionsForFile(kRendererID, file, | 351 p->GrantPermissionsForFile(kRendererID, file, |
| 340 base::PLATFORM_FILE_OPEN | | 352 base::PLATFORM_FILE_OPEN | |
| 341 base::PLATFORM_FILE_OPEN_TRUNCATED | | 353 base::PLATFORM_FILE_OPEN_TRUNCATED | |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 420 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file, | 432 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file, |
| 421 base::PLATFORM_FILE_WRITE)); | 433 base::PLATFORM_FILE_WRITE)); |
| 422 p->Remove(kRendererID); | 434 p->Remove(kRendererID); |
| 423 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file, | 435 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file, |
| 424 base::PLATFORM_FILE_OPEN | | 436 base::PLATFORM_FILE_OPEN | |
| 425 base::PLATFORM_FILE_READ)); | 437 base::PLATFORM_FILE_READ)); |
| 426 p->Remove(kWorkerRendererID); | 438 p->Remove(kWorkerRendererID); |
| 427 } | 439 } |
| 428 | 440 |
| 429 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { | 441 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { |
| 430 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 442 ChildProcessSecurityPolicyImpl* p = |
| 443 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 431 | 444 |
| 432 GURL url("chrome://thumb/http://www.google.com/"); | 445 GURL url("chrome://thumb/http://www.google.com/"); |
| 433 | 446 |
| 434 p->Add(kRendererID); | 447 p->Add(kRendererID); |
| 435 | 448 |
| 436 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 449 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
| 437 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 450 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| 438 p->GrantWebUIBindings(kRendererID); | 451 p->GrantWebUIBindings(kRendererID); |
| 439 EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); | 452 EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); |
| 440 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); | 453 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); |
| 441 | 454 |
| 442 p->Remove(kRendererID); | 455 p->Remove(kRendererID); |
| 443 } | 456 } |
| 444 | 457 |
| 445 TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) { | 458 TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) { |
| 446 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); | 459 ChildProcessSecurityPolicyImpl* p = |
| 460 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 447 | 461 |
| 448 GURL url("file:///etc/passwd"); | 462 GURL url("file:///etc/passwd"); |
| 449 FilePath file(FILE_PATH_LITERAL("/etc/passwd")); | 463 FilePath file(FILE_PATH_LITERAL("/etc/passwd")); |
| 450 | 464 |
| 451 p->Add(kRendererID); | 465 p->Add(kRendererID); |
| 452 | 466 |
| 453 p->GrantRequestURL(kRendererID, url); | 467 p->GrantRequestURL(kRendererID, url); |
| 454 p->GrantReadFile(kRendererID, file); | 468 p->GrantReadFile(kRendererID, file); |
| 455 p->GrantWebUIBindings(kRendererID); | 469 p->GrantWebUIBindings(kRendererID); |
| 456 | 470 |
| 457 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); | 471 EXPECT_TRUE(p->CanRequestURL(kRendererID, url)); |
| 458 EXPECT_TRUE(p->CanReadFile(kRendererID, file)); | 472 EXPECT_TRUE(p->CanReadFile(kRendererID, file)); |
| 459 EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); | 473 EXPECT_TRUE(p->HasWebUIBindings(kRendererID)); |
| 460 | 474 |
| 461 p->Remove(kRendererID); | 475 p->Remove(kRendererID); |
| 462 | 476 |
| 463 // Renderers are added and removed on the UI thread, but the policy can be | 477 // Renderers are added and removed on the UI thread, but the policy can be |
| 464 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be | 478 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be |
| 465 // prepared to answer policy questions about renderers who no longer exist. | 479 // prepared to answer policy questions about renderers who no longer exist. |
| 466 | 480 |
| 467 // In this case, we default to secure behavior. | 481 // In this case, we default to secure behavior. |
| 468 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); | 482 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); |
| 469 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); | 483 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); |
| 470 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); | 484 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
| 471 } | 485 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9360014:
Create a content public browser API around the ChildProcessSecurityPolicy class. The implementati... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/