diff options
| author | gspencer@chromium.org <gspencer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-05 19:41:04 +0000 |
|---|---|---|
| committer | gspencer@chromium.org <gspencer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-05 19:41:04 +0000 |
| commit | 4c219e27ca13c606e8c0ce7bd574a8976d524877 (patch) | |
| tree | 1a75a72d73d68a91088262095519ca866f5e1ba7 | |
| parent | b6a468984baba97e4e89218e45f3b16252dc1195 (diff) | |
| download | chromium_src-4c219e27ca13c606e8c0ce7bd574a8976d524877.zip chromium_src-4c219e27ca13c606e8c0ce7bd574a8976d524877.tar.gz chromium_src-4c219e27ca13c606e8c0ce7bd574a8976d524877.tar.bz2 | |
Fix file access on Chrome for ChromeOS on Linux
so that we can open files in the user's Downloads
directory.
Shouldn't affect actual ChromeOS or other platforms.
BUG=chromium-os:29447
TEST=Ran on Linux, opened files from Downloads folder.
Review URL: http://codereview.chromium.org/10068021
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@135553 0039d316-1c4b-4281-b951-d872f2087c98
20 files changed, 301 insertions, 168 deletions
diff --git a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc index 07497f3..7599502 100644 --- a/chrome/browser/chromeos/chrome_browser_main_chromeos.cc +++ b/chrome/browser/chromeos/chrome_browser_main_chromeos.cc @@ -51,6 +51,7 @@ #include "chrome/browser/defaults.h" #include "chrome/browser/low_memory_observer.h" #include "chrome/browser/metrics/metrics_service.h" +#include "chrome/browser/net/chrome_network_delegate.h" #include "chrome/browser/oom_priority_manager.h" #include "chrome/browser/policy/browser_policy_connector.h" #include "chrome/browser/prefs/pref_service.h" @@ -340,7 +341,7 @@ void ChromeBrowserMainPartsChromeos::PreProfileInit() { // TODO(abarth): Should this move to InitializeNetworkOptions()? // Allow access to file:// on ChromeOS for tests. if (parsed_command_line().HasSwitch(switches::kAllowFileAccess)) - net::URLRequest::AllowFileAccess(); + ChromeNetworkDelegate::AllowAccessToAllFiles(); // There are two use cases for kLoginUser: // 1) if passed in tandem with kLoginPassword, to drive a "StubLogin" diff --git a/chrome/browser/net/chrome_network_delegate.cc b/chrome/browser/net/chrome_network_delegate.cc index 545d127..2c65be6 100644 --- a/chrome/browser/net/chrome_network_delegate.cc +++ b/chrome/browser/net/chrome_network_delegate.cc @@ -29,6 +29,10 @@ #include "net/http/http_response_headers.h" #include "net/url_request/url_request.h" +#if defined(OS_CHROMEOS) +#include "base/chromeos/chromeos_version.h" +#endif + #if defined(ENABLE_CONFIGURATION_POLICY) #include "chrome/browser/policy/url_blacklist_manager.h" #endif @@ -37,6 +41,14 @@ using content::BrowserThread; using content::RenderViewHost; using content::ResourceRequestInfo; +// By default we don't allow access to all file:// urls on ChromeOS but we do on +// other platforms. +#if defined(OS_CHROMEOS) +bool ChromeNetworkDelegate::g_allow_file_access_ = false; +#else +bool ChromeNetworkDelegate::g_allow_file_access_ = true; +#endif + namespace { // If the |request| failed due to problems with a proxy, forward the error to @@ -134,6 +146,11 @@ void ChromeNetworkDelegate::InitializeReferrersEnabled( enable_referrers->MoveToThread(BrowserThread::IO); } +// static +void ChromeNetworkDelegate::AllowAccessToAllFiles() { + g_allow_file_access_ = true; +} + int ChromeNetworkDelegate::OnBeforeURLRequest( net::URLRequest* request, const net::CompletionCallback& callback, @@ -251,56 +268,92 @@ ChromeNetworkDelegate::OnAuthRequired( callback, credentials); } -bool ChromeNetworkDelegate::CanGetCookies( - const net::URLRequest* request, +bool ChromeNetworkDelegate::OnCanGetCookies( + const net::URLRequest& request, const net::CookieList& cookie_list) { // NULL during tests, or when we're running in the system context. if (!cookie_settings_) return true; bool allow = cookie_settings_->IsReadingCookieAllowed( - request->url(), request->first_party_for_cookies()); + request.url(), request.first_party_for_cookies()); int render_process_id = -1; int render_view_id = -1; if (content::ResourceRequestInfo::GetRenderViewForRequest( - request, &render_process_id, &render_view_id)) { + &request, &render_process_id, &render_view_id)) { BrowserThread::PostTask( BrowserThread::UI, FROM_HERE, base::Bind(&TabSpecificContentSettings::CookiesRead, render_process_id, render_view_id, - request->url(), request->first_party_for_cookies(), + request.url(), request.first_party_for_cookies(), cookie_list, !allow)); } return allow; } -bool ChromeNetworkDelegate::CanSetCookie( - const net::URLRequest* request, - const std::string& cookie_line, - net::CookieOptions* options) { +bool ChromeNetworkDelegate::OnCanSetCookie(const net::URLRequest& request, + const std::string& cookie_line, + net::CookieOptions* options) { // NULL during tests, or when we're running in the system context. if (!cookie_settings_) return true; bool allow = cookie_settings_->IsSettingCookieAllowed( - request->url(), request->first_party_for_cookies()); + request.url(), request.first_party_for_cookies()); - if (cookie_settings_->IsCookieSessionOnly(request->url())) + if (cookie_settings_->IsCookieSessionOnly(request.url())) options->set_force_session(); int render_process_id = -1; int render_view_id = -1; if (content::ResourceRequestInfo::GetRenderViewForRequest( - request, &render_process_id, &render_view_id)) { + &request, &render_process_id, &render_view_id)) { BrowserThread::PostTask( BrowserThread::UI, FROM_HERE, base::Bind(&TabSpecificContentSettings::CookieChanged, render_process_id, render_view_id, - request->url(), request->first_party_for_cookies(), + request.url(), request.first_party_for_cookies(), cookie_line, *options, !allow)); } return allow; } + +bool ChromeNetworkDelegate::OnCanAccessFile(const net::URLRequest& request, + const FilePath& path) const { + if (g_allow_file_access_) + return true; + +#if defined(OS_CHROMEOS) + // ChromeOS uses a whitelist to only allow access to files residing in the + // list of directories below. + static const char* const kLocalAccessWhiteList[] = { + "/home/chronos/user/Downloads", + "/home/chronos/user/log", + "/media", + "/opt/oem", + "/usr/share/chromeos-assets", + "/tmp", + "/var/log", + }; + + // If we're running Chrome for ChromeOS on Linux, we want to allow file + // access. + if (!base::chromeos::IsRunningOnChromeOS()) + return true; + + for (size_t i = 0; i < arraysize(kLocalAccessWhiteList); ++i) { + const FilePath white_listed_path(kLocalAccessWhiteList[i]); + // FilePath::operator== should probably handle trailing separators. + if (white_listed_path == path.StripTrailingSeparators() || + white_listed_path.IsParent(path)) { + return true; + } + } + return false; +#else + return true; +#endif // defined(OS_CHROMEOS) +} diff --git a/chrome/browser/net/chrome_network_delegate.h b/chrome/browser/net/chrome_network_delegate.h index a582c38..dda92d5 100644 --- a/chrome/browser/net/chrome_network_delegate.h +++ b/chrome/browser/net/chrome_network_delegate.h @@ -47,6 +47,10 @@ class ChromeNetworkDelegate : public net::NetworkDelegate { static void InitializeReferrersEnabled(BooleanPrefMember* enable_referrers, PrefService* pref_service); + // When called, all file:// URLs will now be accessible. If this is not + // called, then some platforms restrict access to file:// paths. + static void AllowAccessToAllFiles(); + private: // NetworkDelegate implementation. virtual int OnBeforeURLRequest(net::URLRequest* request, @@ -77,11 +81,13 @@ class ChromeNetworkDelegate : public net::NetworkDelegate { const net::AuthChallengeInfo& auth_info, const AuthCallback& callback, net::AuthCredentials* credentials) OVERRIDE; - virtual bool CanGetCookies(const net::URLRequest* request, - const net::CookieList& cookie_list) OVERRIDE; - virtual bool CanSetCookie(const net::URLRequest* request, - const std::string& cookie_line, - net::CookieOptions* options) OVERRIDE; + virtual bool OnCanGetCookies(const net::URLRequest& request, + const net::CookieList& cookie_list) OVERRIDE; + virtual bool OnCanSetCookie(const net::URLRequest& request, + const std::string& cookie_line, + net::CookieOptions* options) OVERRIDE; + virtual bool OnCanAccessFile(const net::URLRequest& request, + const FilePath& path) const OVERRIDE; scoped_refptr<ExtensionEventRouterForwarder> event_router_; void* profile_; @@ -95,6 +101,9 @@ class ChromeNetworkDelegate : public net::NetworkDelegate { // Weak, owned by our owner. const policy::URLBlacklistManager* url_blacklist_manager_; + // When true, allow access to all file:// URLs. + static bool g_allow_file_access_; + DISALLOW_COPY_AND_ASSIGN(ChromeNetworkDelegate); }; diff --git a/content/shell/shell_network_delegate.cc b/content/shell/shell_network_delegate.cc index 91bd349..1faa68d 100644 --- a/content/shell/shell_network_delegate.cc +++ b/content/shell/shell_network_delegate.cc @@ -70,15 +70,19 @@ ShellNetworkDelegate::AuthRequiredResponse ShellNetworkDelegate::OnAuthRequired( return AUTH_REQUIRED_RESPONSE_NO_ACTION; } -bool ShellNetworkDelegate::CanGetCookies( - const net::URLRequest* request, - const net::CookieList& cookie_list) { +bool ShellNetworkDelegate::OnCanGetCookies(const net::URLRequest& request, + const net::CookieList& cookie_list) { return true; } -bool ShellNetworkDelegate::CanSetCookie(const net::URLRequest* request, - const std::string& cookie_line, - net::CookieOptions* options) { +bool ShellNetworkDelegate::OnCanSetCookie(const net::URLRequest& request, + const std::string& cookie_line, + net::CookieOptions* options) { + return true; +} + +bool ShellNetworkDelegate::OnCanAccessFile(const net::URLRequest& request, + const FilePath& path) const { return true; } diff --git a/content/shell/shell_network_delegate.h b/content/shell/shell_network_delegate.h index c9b92f8..9b3de66 100644 --- a/content/shell/shell_network_delegate.h +++ b/content/shell/shell_network_delegate.h @@ -47,12 +47,13 @@ class ShellNetworkDelegate : public net::NetworkDelegate { const net::AuthChallengeInfo& auth_info, const AuthCallback& callback, net::AuthCredentials* credentials) OVERRIDE; - virtual bool CanGetCookies( - const net::URLRequest* request, - const net::CookieList& cookie_list) OVERRIDE; - virtual bool CanSetCookie(const net::URLRequest* request, - const std::string& cookie_line, - net::CookieOptions* options) OVERRIDE; + virtual bool OnCanGetCookies(const net::URLRequest& request, + const net::CookieList& cookie_list) OVERRIDE; + virtual bool OnCanSetCookie(const net::URLRequest& request, + const std::string& cookie_line, + net::CookieOptions* options) OVERRIDE; + virtual bool OnCanAccessFile(const net::URLRequest& request, + const FilePath& path) const OVERRIDE; DISALLOW_COPY_AND_ASSIGN(ShellNetworkDelegate); }; diff --git a/net/base/network_delegate.cc b/net/base/network_delegate.cc index 6b857cf..79ad701 100644 --- a/net/base/network_delegate.cc +++ b/net/base/network_delegate.cc @@ -92,21 +92,25 @@ NetworkDelegate::AuthRequiredResponse NetworkDelegate::NotifyAuthRequired( return OnAuthRequired(request, auth_info, callback, credentials); } -bool NetworkDelegate::NotifyReadingCookies( - const URLRequest* request, - const CookieList& cookie_list) { +bool NetworkDelegate::CanGetCookies(const URLRequest& request, + const CookieList& cookie_list) { DCHECK(CalledOnValidThread()); - DCHECK(!(request->load_flags() & net::LOAD_DO_NOT_SEND_COOKIES)); - return CanGetCookies(request, cookie_list); + DCHECK(!(request.load_flags() & net::LOAD_DO_NOT_SEND_COOKIES)); + return OnCanGetCookies(request, cookie_list); } -bool NetworkDelegate::NotifySettingCookie( - const URLRequest* request, - const std::string& cookie_line, - CookieOptions* options) { + bool NetworkDelegate::CanSetCookie(const URLRequest& request, + const std::string& cookie_line, + CookieOptions* options) { DCHECK(CalledOnValidThread()); - DCHECK(!(request->load_flags() & net::LOAD_DO_NOT_SAVE_COOKIES)); - return CanSetCookie(request, cookie_line, options); + DCHECK(!(request.load_flags() & net::LOAD_DO_NOT_SAVE_COOKIES)); + return OnCanSetCookie(request, cookie_line, options); +} + +bool NetworkDelegate::CanAccessFile(const URLRequest& request, + const FilePath& path) const { + DCHECK(CalledOnValidThread()); + return OnCanAccessFile(request, path); } } // namespace net diff --git a/net/base/network_delegate.h b/net/base/network_delegate.h index 34909ea..2886d48 100644 --- a/net/base/network_delegate.h +++ b/net/base/network_delegate.h @@ -14,6 +14,7 @@ #include "net/base/auth.h" #include "net/base/completion_callback.h" +class FilePath; class GURL; namespace net { @@ -77,14 +78,16 @@ class NetworkDelegate : public base::NonThreadSafe { const AuthChallengeInfo& auth_info, const AuthCallback& callback, AuthCredentials* credentials); - bool NotifyReadingCookies(const URLRequest* request, - const CookieList& cookie_list); - bool NotifySettingCookie(const URLRequest* request, - const std::string& cookie_line, - CookieOptions* options); + bool CanGetCookies(const URLRequest& request, + const CookieList& cookie_list); + bool CanSetCookie(const URLRequest& request, + const std::string& cookie_line, + CookieOptions* options); + bool CanAccessFile(const URLRequest& request, + const FilePath& path) const; private: - // This is the interface for subclasses of NetworkDelegate to implement. This + // This is the interface for subclasses of NetworkDelegate to implement. These // member functions will be called by the respective public notification // member function, which will perform basic sanity checking. @@ -182,15 +185,22 @@ class NetworkDelegate : public base::NonThreadSafe { // Called when reading cookies to allow the network delegate to block access // to the cookie. This method will never be invoked when // LOAD_DO_NOT_SEND_COOKIES is specified. - virtual bool CanGetCookies(const URLRequest* request, - const CookieList& cookie_list) = 0; + virtual bool OnCanGetCookies(const URLRequest& request, + const CookieList& cookie_list) = 0; // Called when a cookie is set to allow the network delegate to block access // to the cookie. This method will never be invoked when // LOAD_DO_NOT_SAVE_COOKIES is specified. - virtual bool CanSetCookie(const URLRequest* request, - const std::string& cookie_line, - CookieOptions* options) = 0; + virtual bool OnCanSetCookie(const URLRequest& request, + const std::string& cookie_line, + CookieOptions* options) = 0; + + + // Called when a file access is attempted to allow the network delegate to + // allow or block access to the given file path. Returns true if access is + // allowed. + virtual bool OnCanAccessFile(const URLRequest& request, + const FilePath& path) const = 0; }; diff --git a/net/proxy/network_delegate_error_observer_unittest.cc b/net/proxy/network_delegate_error_observer_unittest.cc index f4b4ba7..7c8efdf 100644 --- a/net/proxy/network_delegate_error_observer_unittest.cc +++ b/net/proxy/network_delegate_error_observer_unittest.cc @@ -63,15 +63,17 @@ class TestNetworkDelegate : public net::NetworkDelegate { AuthCredentials* credentials) OVERRIDE { return AUTH_REQUIRED_RESPONSE_NO_ACTION; } - virtual bool CanGetCookies( - const URLRequest* request, - const CookieList& cookie_list) OVERRIDE { + virtual bool OnCanGetCookies(const URLRequest& request, + const CookieList& cookie_list) OVERRIDE { return true; } - virtual bool CanSetCookie( - const URLRequest* request, - const std::string& cookie_line, - CookieOptions* options) OVERRIDE { + virtual bool OnCanSetCookie(const URLRequest& request, + const std::string& cookie_line, + CookieOptions* options) OVERRIDE { + return true; + } + virtual bool OnCanAccessFile(const net::URLRequest& request, + const FilePath& path) const OVERRIDE { return true; } diff --git a/net/proxy/proxy_script_fetcher_impl_unittest.cc b/net/proxy/proxy_script_fetcher_impl_unittest.cc index 8881161..45fcc07 100644 --- a/net/proxy/proxy_script_fetcher_impl_unittest.cc +++ b/net/proxy/proxy_script_fetcher_impl_unittest.cc @@ -21,6 +21,7 @@ #include "net/http/http_server_properties_impl.h" #include "net/test/test_server.h" #include "net/url_request/url_request_context_storage.h" +#include "net/url_request/url_request_file_job.h" #include "net/url_request/url_request_job_factory.h" #include "net/url_request/url_request_test_util.h" #include "testing/gtest/include/gtest/gtest.h" @@ -114,6 +115,80 @@ GURL GetTestFileUrl(const std::string& relpath) { return GURL(base_url.spec() + "/" + relpath); } +// Really simple NetworkDelegate so we can allow local file access on ChromeOS +// without introducing layering violations. +class BasicNetworkDelegate : public NetworkDelegate { + public: + BasicNetworkDelegate() {} + virtual ~BasicNetworkDelegate() {} + + private: + virtual int OnBeforeURLRequest(URLRequest* request, + const CompletionCallback& callback, + GURL* new_url) OVERRIDE { + return OK; + } + + virtual int OnBeforeSendHeaders(URLRequest* request, + const CompletionCallback& callback, + HttpRequestHeaders* headers) OVERRIDE { + return OK; + } + + virtual void OnSendHeaders(URLRequest* request, + const HttpRequestHeaders& headers) OVERRIDE {} + + virtual int OnHeadersReceived( + URLRequest* request, + const CompletionCallback& callback, + HttpResponseHeaders* original_response_headers, + scoped_refptr<HttpResponseHeaders>* override_response_headers) + OVERRIDE { + return OK; + } + + virtual void OnBeforeRedirect(URLRequest* request, + const GURL& new_location) OVERRIDE {} + + virtual void OnResponseStarted(URLRequest* request) OVERRIDE {} + + virtual void OnRawBytesRead(const URLRequest& request, + int bytes_read) OVERRIDE {} + + virtual void OnCompleted(URLRequest* request, bool started) OVERRIDE {} + + virtual void OnURLRequestDestroyed(URLRequest* request) OVERRIDE {} + + virtual void OnPACScriptError(int line_number, + const string16& error) OVERRIDE {} + + virtual NetworkDelegate::AuthRequiredResponse OnAuthRequired( + URLRequest* request, + const AuthChallengeInfo& auth_info, + const AuthCallback& callback, + AuthCredentials* credentials) OVERRIDE { + return NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION; + } + + virtual bool OnCanGetCookies(const URLRequest& request, + const CookieList& cookie_list) OVERRIDE { + return true; + } + + virtual bool OnCanSetCookie(const URLRequest& request, + const std::string& cookie_line, + CookieOptions* options) OVERRIDE { + return true; + } + + virtual bool OnCanAccessFile(const net::URLRequest& request, + const FilePath& path) const OVERRIDE { + return true; + } + + DISALLOW_COPY_AND_ASSIGN(BasicNetworkDelegate); +}; + } // namespace class ProxyScriptFetcherImplTest : public PlatformTest { @@ -124,17 +199,20 @@ class ProxyScriptFetcherImplTest : public PlatformTest { FilePath(kDocRoot)) { } - static void SetUpTestCase() { - URLRequest::AllowFileAccess(); + // testing::Test overrides + virtual void SetUp() OVERRIDE { + context_ = new RequestContext; + context_->set_network_delegate(&network_delegate_); } protected: TestServer test_server_; + BasicNetworkDelegate network_delegate_; + scoped_refptr<URLRequestContext> context_; }; TEST_F(ProxyScriptFetcherImplTest, FileUrl) { - scoped_refptr<URLRequestContext> context(new RequestContext); - ProxyScriptFetcherImpl pac_fetcher(context); + ProxyScriptFetcherImpl pac_fetcher(context_.get()); { // Fetch a non-existent file. string16 text; @@ -161,8 +239,7 @@ TEST_F(ProxyScriptFetcherImplTest, FileUrl) { TEST_F(ProxyScriptFetcherImplTest, HttpMimeType) { ASSERT_TRUE(test_server_.Start()); - scoped_refptr<URLRequestContext> context(new RequestContext); - ProxyScriptFetcherImpl pac_fetcher(context); + ProxyScriptFetcherImpl pac_fetcher(context_.get()); { // Fetch a PAC with mime type "text/plain" GURL url(test_server_.GetURL("files/pac.txt")); @@ -196,8 +273,7 @@ TEST_F(ProxyScriptFetcherImplTest, HttpMimeType) { TEST_F(ProxyScriptFetcherImplTest, HttpStatusCode) { ASSERT_TRUE(test_server_.Start()); - scoped_refptr<URLRequestContext> context(new RequestContext); - ProxyScriptFetcherImpl pac_fetcher(context); + ProxyScriptFetcherImpl pac_fetcher(context_.get()); { // Fetch a PAC which gives a 500 -- FAIL GURL url(test_server_.GetURL("files/500.pac")); @@ -222,8 +298,7 @@ TEST_F(ProxyScriptFetcherImplTest, HttpStatusCode) { TEST_F(ProxyScriptFetcherImplTest, ContentDisposition) { ASSERT_TRUE(test_server_.Start()); - scoped_refptr<URLRequestContext> context(new RequestContext); - ProxyScriptFetcherImpl pac_fetcher(context); + ProxyScriptFetcherImpl pac_fetcher(context_.get()); // Fetch PAC scripts via HTTP with a Content-Disposition header -- should // have no effect. @@ -239,8 +314,7 @@ TEST_F(ProxyScriptFetcherImplTest, ContentDisposition) { TEST_F(ProxyScriptFetcherImplTest, NoCache) { ASSERT_TRUE(test_server_.Start()); - scoped_refptr<URLRequestContext> context(new RequestContext); - ProxyScriptFetcherImpl pac_fetcher(context); + ProxyScriptFetcherImpl pac_fetcher(context_.get()); // Fetch a PAC script whose HTTP headers make it cacheable for 1 hour. GURL url(test_server_.GetURL("files/cacheable_1hr.pac")); @@ -271,8 +345,7 @@ TEST_F(ProxyScriptFetcherImplTest, NoCache) { TEST_F(ProxyScriptFetcherImplTest, TooLarge) { ASSERT_TRUE(test_server_.Start()); - scoped_refptr<URLRequestContext> context(new RequestContext); - ProxyScriptFetcherImpl pac_fetcher(context); + ProxyScriptFetcherImpl pac_fetcher(context_.get()); // Set the maximum response size to 50 bytes. int prev_size = pac_fetcher.SetSizeConstraint(50); @@ -312,8 +385,7 @@ TEST_F(ProxyScriptFetcherImplTest, TooLarge) { TEST_F(ProxyScriptFetcherImplTest, Hang) { ASSERT_TRUE(test_server_.Start()); - scoped_refptr<URLRequestContext> context(new RequestContext); - ProxyScriptFetcherImpl pac_fetcher(context); + ProxyScriptFetcherImpl pac_fetcher(context_.get()); // Set the timeout period to 0.5 seconds. base::TimeDelta prev_timeout = pac_fetcher.SetTimeoutConstraint( @@ -350,8 +422,7 @@ TEST_F(ProxyScriptFetcherImplTest, Hang) { TEST_F(ProxyScriptFetcherImplTest, Encodings) { ASSERT_TRUE(test_server_.Start()); - scoped_refptr<URLRequestContext> context(new RequestContext); - ProxyScriptFetcherImpl pac_fetcher(context); + ProxyScriptFetcherImpl pac_fetcher(context_.get()); // Test a response that is gzip-encoded -- should get inflated. { @@ -378,8 +449,7 @@ TEST_F(ProxyScriptFetcherImplTest, Encodings) { } TEST_F(ProxyScriptFetcherImplTest, DataURLs) { - scoped_refptr<URLRequestContext> context(new RequestContext); - ProxyScriptFetcherImpl pac_fetcher(context); + ProxyScriptFetcherImpl pac_fetcher(context_.get()); const char kEncodedUrl[] = "data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gRmluZFByb3h5R" diff --git a/net/url_request/url_request.cc b/net/url_request/url_request.cc index f3d813d..2096833 100644 --- a/net/url_request/url_request.cc +++ b/net/url_request/url_request.cc @@ -348,16 +348,6 @@ bool URLRequest::IsHandledURL(const GURL& url) { return IsHandledProtocol(url.scheme()); } -// static -void URLRequest::AllowFileAccess() { - URLRequestJobManager::GetInstance()->set_enable_file_access(true); -} - -// static -bool URLRequest::IsFileAccessAllowed() { - return URLRequestJobManager::GetInstance()->enable_file_access(); -} - void URLRequest::set_first_party_for_cookies( const GURL& first_party_for_cookies) { first_party_for_cookies_ = first_party_for_cookies; @@ -862,7 +852,7 @@ void URLRequest::NotifySSLCertificateError(const SSLInfo& ssl_info, bool URLRequest::CanGetCookies(const CookieList& cookie_list) const { DCHECK(!(load_flags_ & LOAD_DO_NOT_SEND_COOKIES)); if (context_ && context_->network_delegate()) { - return context_->network_delegate()->NotifyReadingCookies(this, + return context_->network_delegate()->CanGetCookies(*this, cookie_list); } return g_default_can_use_cookies; @@ -872,7 +862,7 @@ bool URLRequest::CanSetCookie(const std::string& cookie_line, CookieOptions* options) const { DCHECK(!(load_flags_ & LOAD_DO_NOT_SAVE_COOKIES)); if (context_ && context_->network_delegate()) { - return context_->network_delegate()->NotifySettingCookie(this, + return context_->network_delegate()->CanSetCookie(*this, cookie_line, options); } diff --git a/net/url_request/url_request.h b/net/url_request/url_request.h index b00cf88..4e25d37 100644 --- a/net/url_request/url_request.h +++ b/net/url_request/url_request.h @@ -310,10 +310,6 @@ class NET_EXPORT URLRequest : NON_EXPORTED_BASE(public base::NonThreadSafe), // Profile. static bool IsHandledURL(const GURL& url); - // Allow access to file:// on ChromeOS for tests. - static void AllowFileAccess(); - static bool IsFileAccessAllowed(); - // The original url is the url used to initialize the request, and it may // differ from the url if the request was redirected. const GURL& original_url() const { return url_chain_.front(); } diff --git a/net/url_request/url_request_context_builder.cc b/net/url_request/url_request_context_builder.cc index 5f8a32c..6547c2b 100644 --- a/net/url_request/url_request_context_builder.cc +++ b/net/url_request/url_request_context_builder.cc @@ -84,14 +84,19 @@ class BasicNetworkDelegate : public NetworkDelegate { return NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION; } - virtual bool CanGetCookies(const URLRequest* request, - const CookieList& cookie_list) OVERRIDE { + virtual bool OnCanGetCookies(const URLRequest& request, + const CookieList& cookie_list) OVERRIDE { return true; } - virtual bool CanSetCookie(const URLRequest* request, - const std::string& cookie_line, - CookieOptions* options) OVERRIDE { + virtual bool OnCanSetCookie(const URLRequest& request, + const std::string& cookie_line, + CookieOptions* options) OVERRIDE { + return true; + } + + virtual bool OnCanAccessFile(const net::URLRequest& request, + const FilePath& path) const OVERRIDE { return true; } diff --git a/net/url_request/url_request_file_job.cc b/net/url_request/url_request_file_job.cc index 3c8deae..0b64f74 100644 --- a/net/url_request/url_request_file_job.cc +++ b/net/url_request/url_request_file_job.cc @@ -36,6 +36,7 @@ #include "net/base/net_util.h" #include "net/http/http_util.h" #include "net/url_request/url_request.h" +#include "net/url_request/url_request_context.h" #include "net/url_request/url_request_error_job.h" #include "net/url_request/url_request_file_dir_job.h" @@ -94,15 +95,12 @@ URLRequestFileJob::URLRequestFileJob(URLRequest* request, // static URLRequestJob* URLRequestFileJob::Factory(URLRequest* request, const std::string& scheme) { - FilePath file_path; const bool is_file = FileURLToFilePath(request->url(), &file_path); -#if defined(OS_CHROMEOS) - // Check file access. - if (AccessDisabled(file_path)) + // Check file access permissions. + if (!IsFileAccessAllowed(*request, file_path)) return new URLRequestErrorJob(request, ERR_ACCESS_DENIED); -#endif // We need to decide whether to create URLRequestFileJob for file access or // URLRequestFileDirJob for directory access. To avoid accessing the @@ -120,35 +118,6 @@ URLRequestJob* URLRequestFileJob::Factory(URLRequest* request, return new URLRequestFileJob(request, file_path); } -#if defined(OS_CHROMEOS) -static const char* const kLocalAccessWhiteList[] = { - "/home/chronos/user/Downloads", - "/home/chronos/user/log", - "/media", - "/opt/oem", - "/usr/share/chromeos-assets", - "/tmp", - "/var/log", -}; - -// static -bool URLRequestFileJob::AccessDisabled(const FilePath& file_path) { - if (URLRequest::IsFileAccessAllowed()) { // for tests. - return false; - } - - for (size_t i = 0; i < arraysize(kLocalAccessWhiteList); ++i) { - const FilePath white_listed_path(kLocalAccessWhiteList[i]); - // FilePath::operator== should probably handle trailing seperators. - if (white_listed_path == file_path.StripTrailingSeparators() || - white_listed_path.IsParent(file_path)) { - return false; - } - } - return true; -} -#endif // OS_CHROMEOS - void URLRequestFileJob::Start() { DCHECK(!async_resolver_); async_resolver_ = new AsyncResolver(this); @@ -281,6 +250,18 @@ void URLRequestFileJob::SetExtraRequestHeaders( } } +// static +bool URLRequestFileJob::IsFileAccessAllowed(const URLRequest& request, + const FilePath& path) { + const URLRequestContext* context = request.context(); + if (!context) + return false; + const NetworkDelegate* delegate = context->network_delegate(); + if (delegate) + return delegate->CanAccessFile(request, path); + return false; +} + URLRequestFileJob::~URLRequestFileJob() { DCHECK(!async_resolver_); } diff --git a/net/url_request/url_request_file_job.h b/net/url_request/url_request_file_job.h index 0c250f8..b02008a 100644 --- a/net/url_request/url_request_file_job.h +++ b/net/url_request/url_request_file_job.h @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -53,6 +53,12 @@ class NET_EXPORT URLRequestFileJob : public URLRequestJob { FilePath file_path_; private: + // Tests to see if access to |path| is allowed. If g_allow_file_access_ is + // true, then this will return true. If the NetworkDelegate associated with + // the |request| says it's OK, then this will also return true. + static bool IsFileAccessAllowed(const URLRequest& request, + const FilePath& path); + // Callback after fetching file info on a background thread. void DidResolve(bool exists, const base::PlatformFileInfo& file_info); diff --git a/net/url_request/url_request_job_manager.cc b/net/url_request/url_request_job_manager.cc index f149fb2..70dd592 100644 --- a/net/url_request/url_request_job_manager.cc +++ b/net/url_request/url_request_job_manager.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -122,7 +122,7 @@ URLRequestJob* URLRequestJobManager::CreateJob( // If we reached here, then it means that a registered protocol factory // wasn't interested in handling the URL. That is fairly unexpected, and we - // don't know have a specific error to report here :-( + // don't have a specific error to report here :-( LOG(WARNING) << "Failed to map: " << request->url().spec(); return new URLRequestErrorJob(request, ERR_FAILED); } @@ -264,8 +264,7 @@ void URLRequestJobManager::UnregisterRequestInterceptor( URLRequestJobManager::URLRequestJobManager() : allowed_thread_(0), - allowed_thread_initialized_(false), - enable_file_access_(false) { + allowed_thread_initialized_(false) { } URLRequestJobManager::~URLRequestJobManager() {} diff --git a/net/url_request/url_request_job_manager.h b/net/url_request/url_request_job_manager.h index 469cc66..ce70272 100644 --- a/net/url_request/url_request_job_manager.h +++ b/net/url_request/url_request_job_manager.h @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -65,9 +65,6 @@ class URLRequestJobManager { void RegisterRequestInterceptor(URLRequest::Interceptor* interceptor); void UnregisterRequestInterceptor(URLRequest::Interceptor* interceptor); - void set_enable_file_access(bool enable) { enable_file_access_ = enable; } - bool enable_file_access() const { return enable_file_access_; } - private: typedef std::map<std::string, URLRequest::ProtocolFactory*> FactoryMap; typedef std::vector<URLRequest::Interceptor*> InterceptorList; @@ -90,7 +87,7 @@ class URLRequestJobManager { #else // The previous version of this check used GetCurrentThread on Windows to // get thread handles to compare. Unfortunately, GetCurrentThread returns - // a constant psuedo-handle (0xFFFFFFFE), and therefore IsAllowedThread + // a constant pseudo-handle (0xFFFFFFFE), and therefore IsAllowedThread // always returned true. The above code that's turned off is the correct // code, but causes the tree to turn red because some caller isn't // respecting our thread requirements. We're turning off the check for now; @@ -108,7 +105,6 @@ class URLRequestJobManager { mutable base::Lock lock_; FactoryMap factories_; InterceptorList interceptors_; - bool enable_file_access_; DISALLOW_COPY_AND_ASSIGN(URLRequestJobManager); }; diff --git a/net/url_request/url_request_test_util.cc b/net/url_request/url_request_test_util.cc index 7e565e4..7a1bc7f 100644 --- a/net/url_request/url_request_test_util.cc +++ b/net/url_request/url_request_test_util.cc @@ -495,8 +495,8 @@ net::NetworkDelegate::AuthRequiredResponse TestNetworkDelegate::OnAuthRequired( return net::NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION; } -bool TestNetworkDelegate::CanGetCookies(const net::URLRequest* request, - const net::CookieList& cookie_list) { +bool TestNetworkDelegate::OnCanGetCookies(const net::URLRequest& request, + const net::CookieList& cookie_list) { bool allow = true; if (cookie_options_bit_mask_ & NO_GET_COOKIES) allow = false; @@ -508,9 +508,9 @@ bool TestNetworkDelegate::CanGetCookies(const net::URLRequest* request, return allow; } -bool TestNetworkDelegate::CanSetCookie(const net::URLRequest* request, - const std::string& cookie_line, - net::CookieOptions* options) { +bool TestNetworkDelegate::OnCanSetCookie(const net::URLRequest& request, + const std::string& cookie_line, + net::CookieOptions* options) { bool allow = true; if (cookie_options_bit_mask_ & NO_SET_COOKIE) allow = false; @@ -527,6 +527,11 @@ bool TestNetworkDelegate::CanSetCookie(const net::URLRequest* request, return allow; } +bool TestNetworkDelegate::OnCanAccessFile(const net::URLRequest& request, + const FilePath& path) const { + return true; +} + // static std::string ScopedCustomUrlRequestTestHttpHost::value_("127.0.0.1"); diff --git a/net/url_request/url_request_test_util.h b/net/url_request/url_request_test_util.h index e882349..8c065cd 100644 --- a/net/url_request/url_request_test_util.h +++ b/net/url_request/url_request_test_util.h @@ -240,11 +240,13 @@ class TestNetworkDelegate : public net::NetworkDelegate { const net::AuthChallengeInfo& auth_info, const AuthCallback& callback, net::AuthCredentials* credentials) OVERRIDE; - virtual bool CanGetCookies(const net::URLRequest* request, - const net::CookieList& cookie_list) OVERRIDE; - virtual bool CanSetCookie(const net::URLRequest* request, - const std::string& cookie_line, - net::CookieOptions* options) OVERRIDE; + virtual bool OnCanGetCookies(const net::URLRequest& request, + const net::CookieList& cookie_list) OVERRIDE; + virtual bool OnCanSetCookie(const net::URLRequest& request, + const std::string& cookie_line, + net::CookieOptions* options) OVERRIDE; + virtual bool OnCanAccessFile(const net::URLRequest& request, + const FilePath& path) const OVERRIDE; void InitRequestStatesIfNew(int request_id); diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc index 204f223..25b2b0c 100644 --- a/net/url_request/url_request_unittest.cc +++ b/net/url_request/url_request_unittest.cc @@ -411,10 +411,6 @@ class URLRequestTest : public PlatformTest { default_context_->Init(); } - static void SetUpTestCase() { - URLRequest::AllowFileAccess(); - } - // Adds the TestJobInterceptor to the default context. TestJobInterceptor* AddTestInterceptor() { TestJobInterceptor* interceptor = new TestJobInterceptor(); diff --git a/webkit/tools/test_shell/simple_resource_loader_bridge.cc b/webkit/tools/test_shell/simple_resource_loader_bridge.cc index 27f7042..6d5865a 100644 --- a/webkit/tools/test_shell/simple_resource_loader_bridge.cc +++ b/webkit/tools/test_shell/simple_resource_loader_bridge.cc @@ -149,30 +149,33 @@ class TestShellNetworkDelegate : public net::NetworkDelegate { net::AuthCredentials* credentials) OVERRIDE { return AUTH_REQUIRED_RESPONSE_NO_ACTION; } - virtual bool CanGetCookies( - const net::URLRequest* request, - const net::CookieList& cookie_list) OVERRIDE { + virtual bool OnCanGetCookies(const net::URLRequest& request, + const net::CookieList& cookie_list) OVERRIDE { StaticCookiePolicy::Type policy_type = g_accept_all_cookies ? StaticCookiePolicy::ALLOW_ALL_COOKIES : StaticCookiePolicy::BLOCK_SETTING_THIRD_PARTY_COOKIES; StaticCookiePolicy policy(policy_type); int rv = policy.CanGetCookies( - request->url(), request->first_party_for_cookies()); + request.url(), request.first_party_for_cookies()); return rv == net::OK; } - virtual bool CanSetCookie(const net::URLRequest* request, - const std::string& cookie_line, - net::CookieOptions* options) OVERRIDE { + virtual bool OnCanSetCookie(const net::URLRequest& request, + const std::string& cookie_line, + net::CookieOptions* options) OVERRIDE { StaticCookiePolicy::Type policy_type = g_accept_all_cookies ? StaticCookiePolicy::ALLOW_ALL_COOKIES : StaticCookiePolicy::BLOCK_SETTING_THIRD_PARTY_COOKIES; StaticCookiePolicy policy(policy_type); int rv = policy.CanSetCookie( - request->url(), request->first_party_for_cookies()); + request.url(), request.first_party_for_cookies()); return rv == net::OK; } + virtual bool OnCanAccessFile(const net::URLRequest& request, + const FilePath& path) const OVERRIDE { + return true; + } }; TestShellRequestContextParams* g_request_context_params = NULL; |