| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/worker_host/worker_process_host.h" | 5 #include "content/browser/worker_host/worker_process_host.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/base_switches.h" | 10 #include "base/base_switches.h" |
| 11 #include "base/bind.h" | 11 #include "base/bind.h" |
| 12 #include "base/bind_helpers.h" | 12 #include "base/bind_helpers.h" |
| 13 #include "base/callback.h" | 13 #include "base/callback.h" |
| 14 #include "base/command_line.h" | 14 #include "base/command_line.h" |
| 15 #include "base/message_loop.h" | 15 #include "base/message_loop.h" |
| 16 #include "base/string_util.h" | 16 #include "base/string_util.h" |
| 17 #include "base/utf_string_conversions.h" | 17 #include "base/utf_string_conversions.h" |
| 18 #include "content/browser/appcache/appcache_dispatcher_host.h" | 18 #include "content/browser/appcache/appcache_dispatcher_host.h" |
| 19 #include "content/browser/browser_child_process_host_impl.h" | 19 #include "content/browser/browser_child_process_host_impl.h" |
| 20 #include "content/browser/child_process_security_policy.h" | 20 #include "content/browser/child_process_security_policy_impl.h" |
| 21 #include "content/browser/debugger/worker_devtools_manager.h" | 21 #include "content/browser/debugger/worker_devtools_manager.h" |
| 22 #include "content/browser/debugger/worker_devtools_message_filter.h" | 22 #include "content/browser/debugger/worker_devtools_message_filter.h" |
| 23 #include "content/browser/file_system/file_system_dispatcher_host.h" | 23 #include "content/browser/file_system/file_system_dispatcher_host.h" |
| 24 #include "content/browser/mime_registry_message_filter.h" | 24 #include "content/browser/mime_registry_message_filter.h" |
| 25 #include "content/browser/renderer_host/blob_message_filter.h" | 25 #include "content/browser/renderer_host/blob_message_filter.h" |
| 26 #include "content/browser/renderer_host/database_message_filter.h" | 26 #include "content/browser/renderer_host/database_message_filter.h" |
| 27 #include "content/browser/renderer_host/file_utilities_message_filter.h" | 27 #include "content/browser/renderer_host/file_utilities_message_filter.h" |
| 28 #include "content/browser/renderer_host/render_view_host.h" | 28 #include "content/browser/renderer_host/render_view_host.h" |
| 29 #include "content/browser/renderer_host/socket_stream_dispatcher_host.h" | 29 #include "content/browser/renderer_host/socket_stream_dispatcher_host.h" |
| 30 #include "content/browser/resource_context.h" | 30 #include "content/browser/resource_context.h" |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 106 parents.begin(); parent_iter != parents.end(); ++parent_iter) { | 106 parents.begin(); parent_iter != parents.end(); ++parent_iter) { |
| 107 BrowserThread::PostTask( | 107 BrowserThread::PostTask( |
| 108 BrowserThread::UI, FROM_HERE, | 108 BrowserThread::UI, FROM_HERE, |
| 109 base::Bind(&WorkerCrashCallback, parent_iter->render_process_id(), | 109 base::Bind(&WorkerCrashCallback, parent_iter->render_process_id(), |
| 110 parent_iter->render_view_id())); | 110 parent_iter->render_view_id())); |
| 111 } | 111 } |
| 112 WorkerServiceImpl::GetInstance()->NotifyWorkerDestroyed( | 112 WorkerServiceImpl::GetInstance()->NotifyWorkerDestroyed( |
| 113 this, i->worker_route_id()); | 113 this, i->worker_route_id()); |
| 114 } | 114 } |
| 115 | 115 |
| 116 ChildProcessSecurityPolicy::GetInstance()->Remove(process_->GetData().id); | 116 ChildProcessSecurityPolicyImpl::GetInstance()->Remove( |
| 117 process_->GetData().id); |
| 117 } | 118 } |
| 118 | 119 |
| 119 bool WorkerProcessHost::Send(IPC::Message* message) { | 120 bool WorkerProcessHost::Send(IPC::Message* message) { |
| 120 return process_->Send(message); | 121 return process_->Send(message); |
| 121 } | 122 } |
| 122 | 123 |
| 123 bool WorkerProcessHost::Init(int render_process_id) { | 124 bool WorkerProcessHost::Init(int render_process_id) { |
| 124 std::string channel_id = process_->GetHost()->CreateChannel(); | 125 std::string channel_id = process_->GetHost()->CreateChannel(); |
| 125 if (channel_id.empty()) | 126 if (channel_id.empty()) |
| 126 return false; | 127 return false; |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 186 | 187 |
| 187 process_->Launch( | 188 process_->Launch( |
| 188 #if defined(OS_WIN) | 189 #if defined(OS_WIN) |
| 189 FilePath(), | 190 FilePath(), |
| 190 #elif defined(OS_POSIX) | 191 #elif defined(OS_POSIX) |
| 191 use_zygote, | 192 use_zygote, |
| 192 base::environment_vector(), | 193 base::environment_vector(), |
| 193 #endif | 194 #endif |
| 194 cmd_line); | 195 cmd_line); |
| 195 | 196 |
| 196 ChildProcessSecurityPolicy::GetInstance()->AddWorker( | 197 ChildProcessSecurityPolicyImpl::GetInstance()->AddWorker( |
| 197 process_->GetData().id, render_process_id); | 198 process_->GetData().id, render_process_id); |
| 198 if (!CommandLine::ForCurrentProcess()->HasSwitch( | 199 if (!CommandLine::ForCurrentProcess()->HasSwitch( |
| 199 switches::kDisableFileSystem)) { | 200 switches::kDisableFileSystem)) { |
| 200 // Grant most file permissions to this worker. | 201 // Grant most file permissions to this worker. |
| 201 // PLATFORM_FILE_TEMPORARY, PLATFORM_FILE_HIDDEN and | 202 // PLATFORM_FILE_TEMPORARY, PLATFORM_FILE_HIDDEN and |
| 202 // PLATFORM_FILE_DELETE_ON_CLOSE are not granted, because no existing API | 203 // PLATFORM_FILE_DELETE_ON_CLOSE are not granted, because no existing API |
| 203 // requests them. | 204 // requests them. |
| 204 // This is for the filesystem sandbox. | 205 // This is for the filesystem sandbox. |
| 205 ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile( | 206 ChildProcessSecurityPolicyImpl::GetInstance()->GrantPermissionsForFile( |
| 206 process_->GetData().id, resource_context_->file_system_context()-> | 207 process_->GetData().id, resource_context_->file_system_context()-> |
| 207 sandbox_provider()->new_base_path(), | 208 sandbox_provider()->new_base_path(), |
| 208 base::PLATFORM_FILE_OPEN | | 209 base::PLATFORM_FILE_OPEN | |
| 209 base::PLATFORM_FILE_CREATE | | 210 base::PLATFORM_FILE_CREATE | |
| 210 base::PLATFORM_FILE_OPEN_ALWAYS | | 211 base::PLATFORM_FILE_OPEN_ALWAYS | |
| 211 base::PLATFORM_FILE_CREATE_ALWAYS | | 212 base::PLATFORM_FILE_CREATE_ALWAYS | |
| 212 base::PLATFORM_FILE_OPEN_TRUNCATED | | 213 base::PLATFORM_FILE_OPEN_TRUNCATED | |
| 213 base::PLATFORM_FILE_READ | | 214 base::PLATFORM_FILE_READ | |
| 214 base::PLATFORM_FILE_WRITE | | 215 base::PLATFORM_FILE_WRITE | |
| 215 base::PLATFORM_FILE_EXCLUSIVE_READ | | 216 base::PLATFORM_FILE_EXCLUSIVE_READ | |
| 216 base::PLATFORM_FILE_EXCLUSIVE_WRITE | | 217 base::PLATFORM_FILE_EXCLUSIVE_WRITE | |
| 217 base::PLATFORM_FILE_ASYNC | | 218 base::PLATFORM_FILE_ASYNC | |
| 218 base::PLATFORM_FILE_WRITE_ATTRIBUTES | | 219 base::PLATFORM_FILE_WRITE_ATTRIBUTES | |
| 219 base::PLATFORM_FILE_ENUMERATE); | 220 base::PLATFORM_FILE_ENUMERATE); |
| 220 // This is so that we can read and move stuff out of the old filesystem | 221 // This is so that we can read and move stuff out of the old filesystem |
| 221 // sandbox. | 222 // sandbox. |
| 222 ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile( | 223 ChildProcessSecurityPolicyImpl::GetInstance()->GrantPermissionsForFile( |
| 223 process_->GetData().id, resource_context_->file_system_context()-> | 224 process_->GetData().id, resource_context_->file_system_context()-> |
| 224 sandbox_provider()->old_base_path(), | 225 sandbox_provider()->old_base_path(), |
| 225 base::PLATFORM_FILE_READ | base::PLATFORM_FILE_WRITE | | 226 base::PLATFORM_FILE_READ | base::PLATFORM_FILE_WRITE | |
| 226 base::PLATFORM_FILE_WRITE_ATTRIBUTES | | 227 base::PLATFORM_FILE_WRITE_ATTRIBUTES | |
| 227 base::PLATFORM_FILE_ENUMERATE); | 228 base::PLATFORM_FILE_ENUMERATE); |
| 228 // This is so that we can rename the old sandbox out of the way so that | 229 // This is so that we can rename the old sandbox out of the way so that |
| 229 // we know we've taken care of it. | 230 // we know we've taken care of it. |
| 230 ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile( | 231 ChildProcessSecurityPolicyImpl::GetInstance()->GrantPermissionsForFile( |
| 231 process_->GetData().id, resource_context_->file_system_context()-> | 232 process_->GetData().id, resource_context_->file_system_context()-> |
| 232 sandbox_provider()->renamed_old_base_path(), | 233 sandbox_provider()->renamed_old_base_path(), |
| 233 base::PLATFORM_FILE_CREATE | base::PLATFORM_FILE_CREATE_ALWAYS | | 234 base::PLATFORM_FILE_CREATE | base::PLATFORM_FILE_CREATE_ALWAYS | |
| 234 base::PLATFORM_FILE_WRITE); | 235 base::PLATFORM_FILE_WRITE); |
| 235 } | 236 } |
| 236 | 237 |
| 237 CreateMessageFilters(render_process_id); | 238 CreateMessageFilters(render_process_id); |
| 238 | 239 |
| 239 return true; | 240 return true; |
| 240 } | 241 } |
| (...skipping 27 matching lines...) Expand all Loading... |
| 268 | 269 |
| 269 SocketStreamDispatcherHost* socket_stream_dispatcher_host = | 270 SocketStreamDispatcherHost* socket_stream_dispatcher_host = |
| 270 new SocketStreamDispatcherHost( | 271 new SocketStreamDispatcherHost( |
| 271 new URLRequestContextSelector(request_context), resource_context_); | 272 new URLRequestContextSelector(request_context), resource_context_); |
| 272 process_->GetHost()->AddFilter(socket_stream_dispatcher_host); | 273 process_->GetHost()->AddFilter(socket_stream_dispatcher_host); |
| 273 process_->GetHost()->AddFilter( | 274 process_->GetHost()->AddFilter( |
| 274 new content::WorkerDevToolsMessageFilter(process_->GetData().id)); | 275 new content::WorkerDevToolsMessageFilter(process_->GetData().id)); |
| 275 } | 276 } |
| 276 | 277 |
| 277 void WorkerProcessHost::CreateWorker(const WorkerInstance& instance) { | 278 void WorkerProcessHost::CreateWorker(const WorkerInstance& instance) { |
| 278 ChildProcessSecurityPolicy::GetInstance()->GrantRequestURL( | 279 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( |
| 279 process_->GetData().id, instance.url()); | 280 process_->GetData().id, instance.url()); |
| 280 | 281 |
| 281 instances_.push_back(instance); | 282 instances_.push_back(instance); |
| 282 | 283 |
| 283 WorkerProcessMsg_CreateWorker_Params params; | 284 WorkerProcessMsg_CreateWorker_Params params; |
| 284 params.url = instance.url(); | 285 params.url = instance.url(); |
| 285 params.name = instance.name(); | 286 params.name = instance.name(); |
| 286 params.route_id = instance.worker_route_id(); | 287 params.route_id = instance.worker_route_id(); |
| 287 params.creator_process_id = instance.parent_process_id(); | 288 params.creator_process_id = instance.parent_process_id(); |
| 288 params.shared_worker_appcache_id = instance.main_resource_appcache_id(); | 289 params.shared_worker_appcache_id = instance.main_resource_appcache_id(); |
| (...skipping 375 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 664 } | 665 } |
| 665 } | 666 } |
| 666 return false; | 667 return false; |
| 667 } | 668 } |
| 668 | 669 |
| 669 WorkerProcessHost::WorkerInstance::FilterInfo | 670 WorkerProcessHost::WorkerInstance::FilterInfo |
| 670 WorkerProcessHost::WorkerInstance::GetFilter() const { | 671 WorkerProcessHost::WorkerInstance::GetFilter() const { |
| 671 DCHECK(NumFilters() == 1); | 672 DCHECK(NumFilters() == 1); |
| 672 return *filters_.begin(); | 673 return *filters_.begin(); |
| 673 } | 674 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9360014:
Create a content public browser API around the ChildProcessSecurityPolicy class. The implementati... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/