diff options
| author | jianli@chromium.org <jianli@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-09-10 20:25:52 +0000 |
|---|---|---|
| committer | jianli@chromium.org <jianli@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-09-10 20:25:52 +0000 |
| commit | c9a9f64a360ea100e2dbd08859e6242e54b98d49 (patch) | |
| tree | 100b50e396e9a2a66e29a19795788233c47d8267 /chrome/browser/renderer_host/blob_dispatcher_host.cc | |
| parent | 326a6a9153ad69dc7b62db8e218df7c9d0440a00 (diff) | |
| download | chromium_src-c9a9f64a360ea100e2dbd08859e6242e54b98d49.zip chromium_src-c9a9f64a360ea100e2dbd08859e6242e54b98d49.tar.gz chromium_src-c9a9f64a360ea100e2dbd08859e6242e54b98d49.tar.bz2 | |
Add the security check to ensure that the child process has the permission to read files when registering the blob data.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/3326017
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59140 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/renderer_host/blob_dispatcher_host.cc')
| -rw-r--r-- | chrome/browser/renderer_host/blob_dispatcher_host.cc | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/chrome/browser/renderer_host/blob_dispatcher_host.cc b/chrome/browser/renderer_host/blob_dispatcher_host.cc index f7eff24..28a3435 100644 --- a/chrome/browser/renderer_host/blob_dispatcher_host.cc +++ b/chrome/browser/renderer_host/blob_dispatcher_host.cc @@ -4,6 +4,7 @@ #include "chrome/browser/renderer_host/blob_dispatcher_host.h" +#include "chrome/browser/child_process_security_policy.h" #include "chrome/browser/chrome_blob_storage_context.h" #include "chrome/browser/chrome_thread.h" #include "chrome/common/render_messages.h" @@ -13,8 +14,10 @@ #include "webkit/blob/blob_storage_controller.h" BlobDispatcherHost::BlobDispatcherHost( + int process_id, ChromeBlobStorageContext* blob_storage_context) - : blob_storage_context_(blob_storage_context) { + : process_id_(process_id), + blob_storage_context_(blob_storage_context) { } BlobDispatcherHost::~BlobDispatcherHost() { @@ -46,9 +49,27 @@ bool BlobDispatcherHost::OnMessageReceived(const IPC::Message& message, return handled; } +// Check if the child process has been granted permission to register the files. +bool BlobDispatcherHost::CheckPermission( + webkit_blob::BlobData* blob_data) const { + ChildProcessSecurityPolicy* policy = + ChildProcessSecurityPolicy::GetInstance(); + for (std::vector<webkit_blob::BlobData::Item>::const_iterator iter = + blob_data->items().begin(); + iter != blob_data->items().end(); ++iter) { + if (iter->type() == webkit_blob::BlobData::TYPE_FILE) { + if (!policy->CanUploadFile(process_id_, iter->file_path())) + return false; + } + } + return true; +} + void BlobDispatcherHost::OnRegisterBlobUrl( const GURL& url, const scoped_refptr<webkit_blob::BlobData>& blob_data) { DCHECK(ChromeThread::CurrentlyOn(ChromeThread::IO)); + if (!CheckPermission(blob_data.get())) + return; blob_storage_context_->controller()->RegisterBlobUrl(url, blob_data); blob_urls_.insert(url.spec()); } |