/content/browser/child_process_security_policy_impl.h
C Header | 255 lines | 131 code | 49 blank | 75 comment | 0 complexity | 9d6aba0587a4602dabcacf052cee452c MD5 | raw file
- // Copyright (c) 2012 The Chromium Authors. All rights reserved.
- // Use of this source code is governed by a BSD-style license that can be
- // found in the LICENSE file.
- #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_
- #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_
- #include <map>
- #include <set>
- #include <string>
- #include "base/compiler_specific.h"
- #include "base/gtest_prod_util.h"
- #include "base/memory/singleton.h"
- #include "base/synchronization/lock.h"
- #include "content/public/browser/child_process_security_policy.h"
- #include "content/public/common/resource_type.h"
- #include "storage/common/fileapi/file_system_types.h"
- class GURL;
- namespace base {
- class FilePath;
- }
- namespace storage {
- class FileSystemURL;
- }
- namespace content {
- class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
- : NON_EXPORTED_BASE(public ChildProcessSecurityPolicy) {
- public:
- // Object can only be created through GetInstance() so the constructor is
- // private.
- ~ChildProcessSecurityPolicyImpl() override;
- static ChildProcessSecurityPolicyImpl* GetInstance();
- // ChildProcessSecurityPolicy implementation.
- void RegisterWebSafeScheme(const std::string& scheme) override;
- bool IsWebSafeScheme(const std::string& scheme) override;
- void GrantReadFile(int child_id, const base::FilePath& file) override;
- void GrantCreateReadWriteFile(int child_id,
- const base::FilePath& file) override;
- void GrantCopyInto(int child_id, const base::FilePath& dir) override;
- void GrantDeleteFrom(int child_id, const base::FilePath& dir) override;
- void GrantReadFileSystem(int child_id,
- const std::string& filesystem_id) override;
- void GrantWriteFileSystem(int child_id,
- const std::string& filesystem_id) override;
- void GrantCreateFileForFileSystem(int child_id,
- const std::string& filesystem_id) override;
- void GrantCreateReadWriteFileSystem(
- int child_id,
- const std::string& filesystem_id) override;
- void GrantCopyIntoFileSystem(int child_id,
- const std::string& filesystem_id) override;
- void GrantDeleteFromFileSystem(int child_id,
- const std::string& filesystem_id) override;
- void GrantOrigin(int child_id, const url::Origin& origin) override;
- void GrantScheme(int child_id, const std::string& scheme) override;
- bool CanReadFile(int child_id, const base::FilePath& file) override;
- bool CanCreateReadWriteFile(int child_id,
- const base::FilePath& file) override;
- bool CanReadFileSystem(int child_id,
- const std::string& filesystem_id) override;
- bool CanReadWriteFileSystem(int child_id,
- const std::string& filesystem_id) override;
- bool CanCopyIntoFileSystem(int child_id,
- const std::string& filesystem_id) override;
- bool CanDeleteFromFileSystem(int child_id,
- const std::string& filesystem_id) override;
- bool HasWebUIBindings(int child_id) override;
- void GrantSendMidiSysExMessage(int child_id) override;
- bool CanAccessDataForOrigin(int child_id, const GURL& url) override;
- // Pseudo schemes are treated differently than other schemes because they
- // cannot be requested like normal URLs. There is no mechanism for revoking
- // pseudo schemes.
- void RegisterPseudoScheme(const std::string& scheme);
- // Returns true iff |scheme| has been registered as pseudo scheme.
- bool IsPseudoScheme(const std::string& scheme);
- // Upon creation, child processes should register themselves by calling this
- // this method exactly once.
- void Add(int child_id);
- // Upon creation, worker thread child processes should register themselves by
- // calling this this method exactly once. Workers that are not shared will
- // inherit permissions from their parent renderer process identified with
- // |main_render_process_id|.
- void AddWorker(int worker_child_id, int main_render_process_id);
- // Upon destruction, child processess should unregister themselves by caling
- // this method exactly once.
- void Remove(int child_id);
- // Whenever the browser processes commands the child process to request a URL,
- // it should call this method to grant the child process the capability to
- // request the URL, along with permission to request all URLs of the same
- // scheme.
- void GrantRequestURL(int child_id, const GURL& url);
- // Whenever the browser process drops a file icon on a tab, it should call
- // this method to grant the child process the capability to request this one
- // file:// URL, but not all urls of the file:// scheme.
- void GrantRequestSpecificFileURL(int child_id, const GURL& url);
- // Revokes all permissions granted to the given file.
- void RevokeAllPermissionsForFile(int child_id, const base::FilePath& file);
- // Grant the child process the ability to use Web UI Bindings.
- void GrantWebUIBindings(int child_id);
- // Grant the child process the ability to read raw cookies.
- void GrantReadRawCookies(int child_id);
- // Revoke read raw cookies permission.
- void RevokeReadRawCookies(int child_id);
- // Before servicing a child process's request for a URL, the browser should
- // call this method to determine whether the process has the capability to
- // request the URL.
- bool CanRequestURL(int child_id, const GURL& url);
- // Whether the process is allowed to commit a document from the given URL.
- // This is more restrictive than CanRequestURL, since CanRequestURL allows
- // requests that might lead to cross-process navigations or external protocol
- // handlers.
- bool CanCommitURL(int child_id, const GURL& url);
- // Explicit permissions checks for FileSystemURL specified files.
- bool CanReadFileSystemFile(int child_id, const storage::FileSystemURL& url);
- bool CanWriteFileSystemFile(int child_id, const storage::FileSystemURL& url);
- bool CanCreateFileSystemFile(int child_id, const storage::FileSystemURL& url);
- bool CanCreateReadWriteFileSystemFile(int child_id,
- const storage::FileSystemURL& url);
- bool CanCopyIntoFileSystemFile(int child_id,
- const storage::FileSystemURL& url);
- bool CanDeleteFileSystemFile(int child_id, const storage::FileSystemURL& url);
- // Returns true if the specified child_id has been granted ReadRawCookies.
- bool CanReadRawCookies(int child_id);
- // Sets the process as only permitted to use and see the cookies for the
- // given origin.
- // Origin lock is applied only if the --site-per-process flag is used.
- void LockToOrigin(int child_id, const GURL& gurl);
- // Register FileSystem type and permission policy which should be used
- // for the type. The |policy| must be a bitwise-or'd value of
- // storage::FilePermissionPolicy.
- void RegisterFileSystemPermissionPolicy(storage::FileSystemType type,
- int policy);
- // Returns true if sending system exclusive messages is allowed.
- bool CanSendMidiSysExMessage(int child_id);
- private:
- friend class ChildProcessSecurityPolicyInProcessBrowserTest;
- friend class ChildProcessSecurityPolicyTest;
- FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyInProcessBrowserTest,
- NoLeak);
- FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest, FilePermissions);
- class SecurityState;
- typedef std::set<std::string> SchemeSet;
- typedef std::map<int, SecurityState*> SecurityStateMap;
- typedef std::map<int, int> WorkerToMainProcessMap;
- typedef std::map<storage::FileSystemType, int> FileSystemPermissionPolicyMap;
- // Obtain an instance of ChildProcessSecurityPolicyImpl via GetInstance().
- ChildProcessSecurityPolicyImpl();
- friend struct base::DefaultSingletonTraits<ChildProcessSecurityPolicyImpl>;
- // Adds child process during registration.
- void AddChild(int child_id);
- // Determines if certain permissions were granted for a file to given child
- // process. |permissions| is an internally defined bit-set.
- bool ChildProcessHasPermissionsForFile(int child_id,
- const base::FilePath& file,
- int permissions);
- // Grant a particular permission set for a file. |permissions| is an
- // internally defined bit-set.
- void GrantPermissionsForFile(int child_id,
- const base::FilePath& file,
- int permissions);
- // Grants access permission to the given isolated file system
- // identified by |filesystem_id|. See comments for
- // ChildProcessSecurityPolicy::GrantReadFileSystem() for more details.
- void GrantPermissionsForFileSystem(
- int child_id,
- const std::string& filesystem_id,
- int permission);
- // Determines if certain permissions were granted for a file. |permissions|
- // is an internally defined bit-set. If |child_id| is a worker process,
- // this returns true if either the worker process or its parent renderer
- // has permissions for the file.
- bool HasPermissionsForFile(int child_id,
- const base::FilePath& file,
- int permissions);
- // Determines if certain permissions were granted for a file in FileSystem
- // API. |permissions| is an internally defined bit-set.
- bool HasPermissionsForFileSystemFile(int child_id,
- const storage::FileSystemURL& url,
- int permissions);
- // Determines if certain permissions were granted for a file system.
- // |permissions| is an internally defined bit-set.
- bool HasPermissionsForFileSystem(
- int child_id,
- const std::string& filesystem_id,
- int permission);
- // You must acquire this lock before reading or writing any members of this
- // class. You must not block while holding this lock.
- base::Lock lock_;
- // These schemes are white-listed for all child processes. This set is
- // protected by |lock_|.
- SchemeSet web_safe_schemes_;
- // These schemes do not actually represent retrievable URLs. For example,
- // the the URLs in the "about" scheme are aliases to other URLs. This set is
- // protected by |lock_|.
- SchemeSet pseudo_schemes_;
- // This map holds a SecurityState for each child process. The key for the
- // map is the ID of the ChildProcessHost. The SecurityState objects are
- // owned by this object and are protected by |lock_|. References to them must
- // not escape this class.
- SecurityStateMap security_state_;
- // This maps keeps the record of which js worker thread child process
- // corresponds to which main js thread child process.
- WorkerToMainProcessMap worker_map_;
- FileSystemPermissionPolicyMap file_system_policy_map_;
- DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl);
- };
- } // namespace content
- #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_