ChildProcessSecurityPolicy: Deprecate bitmask-based permissions checks for files.

HasPermissionsForFile and HasPermissionsForFilesystemFile is currently used as general bitmask-based permissions querying functions for files. This change deprecates those functions and adds some additional explicit grants and grant-checking methods instead. The larger goal is to deprecate all usage of PlatformFile bitmasks in ChildProcessSecurityPolicy in favor of explicitly granted permissions. This is to improve security and allow for a permissions set different than PlatformFile. See https://chromiumcodereview.appspot.com/18129002. Original post by vandebo: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/2cGLolxsOs4/Ga8eF7iEejkJ BUG=262142 Review URL: https://chromiumcodereview.appspot.com/19599006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@213262 0039d316-1c4b-4281-b951-d872f2087c98
author: tommycli@chromium.org <tommycli@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-07-23 23:18:19 +0000
committer: tommycli@chromium.org <tommycli@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-07-23 23:18:19 +0000
commit: 9f10431779fbe82df67ea79eddd99b1575c9c011 (patch)
tree: a2e8d31a3084f4f733f41508772cf91717b699c4 /content/browser/child_process_security_policy_impl.h
parent: 5a36dc13089e6cf21e7cae9763d08025e78e4cdb (diff)
download: chromium_src-9f10431779fbe82df67ea79eddd99b1575c9c011.zip
chromium_src-9f10431779fbe82df67ea79eddd99b1575c9c011.tar.gz
chromium_src-9f10431779fbe82df67ea79eddd99b1575c9c011.tar.bz2
1 files changed, 14 insertions, 1 deletions
diff --git a/content/browser/child_process_security_policy_impl.h b/content/browser/child_process_security_policy_impl.h
index 66a5335..3477f1e 100644
--- a/content/browser/child_process_security_policy_impl.h
+++ b/content/browser/child_process_security_policy_impl.h
@@ -44,7 +44,7 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
   virtual bool IsWebSafeScheme(const std::string& scheme) OVERRIDE;
   virtual void GrantReadFile(int child_id, const base::FilePath& file) OVERRIDE;
   virtual void GrantCreateReadWriteFile(int child_id,
-                                  const base::FilePath& file) OVERRIDE;
+                                        const base::FilePath& file) OVERRIDE;
   virtual void GrantCreateWriteFile(int child_id,
                                     const base::FilePath& file) OVERRIDE;
   virtual void GrantReadFileSystem(
@@ -61,6 +61,10 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
       const std::string& filesystem_id) OVERRIDE;
   virtual void GrantScheme(int child_id, const std::string& scheme) OVERRIDE;
   virtual bool CanReadFile(int child_id, const base::FilePath& file) OVERRIDE;
+  virtual bool CanWriteFile(int child_id, const base::FilePath& file) OVERRIDE;
+  virtual bool CanCreateFile(int child_id, const base::FilePath& file) OVERRIDE;
+  virtual bool CanCreateWriteFile(int child_id,
+                                  const base::FilePath& file) OVERRIDE;
   virtual bool CanReadFileSystem(int child_id,
                                  const std::string& filesystem_id) OVERRIDE;
   virtual bool CanReadWriteFileSystem(
@@ -134,18 +138,27 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
   // the browser should call this method to check for the capability.
   bool CanReadDirectory(int child_id, const base::FilePath& directory);
 
+  // Deprecated: Use CanReadFile, etc. methods instead.
   // Determines if certain permissions were granted for a file. |permissions|
   // must be a bitwise-or'd value of base::PlatformFileFlags.
   bool HasPermissionsForFile(int child_id,
                              const base::FilePath& file,
                              int permissions);
 
+  // Deprecated: Use CanReadFileSystemFile, etc. methods instead.
   // Determines if certain permissions were granted for a file in FileSystem
   // API. |permissions| must be a bitwise-or'd value of base::PlatformFileFlags.
   bool HasPermissionsForFileSystemFile(int child_id,
                                        const fileapi::FileSystemURL& url,
                                        int permissions);
 
+  // Explicit permissions checks for FileSystemURL specified files.
+  bool CanReadFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
+  bool CanWriteFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
+  bool CanCreateFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
+  bool CanCreateWriteFileSystemFile(int child_id,
+                                    const fileapi::FileSystemURL& url);
+
   // Returns true if the specified child_id has been granted WebUIBindings.
   // The browser should check this property before assuming the child process is
   // allowed to use WebUIBindings.
author	tommycli@chromium.org <tommycli@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-07-23 23:18:19 +0000
committer	tommycli@chromium.org <tommycli@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-07-23 23:18:19 +0000
commit	9f10431779fbe82df67ea79eddd99b1575c9c011 (patch)
tree	a2e8d31a3084f4f733f41508772cf91717b699c4 /content/browser/child_process_security_policy_impl.h
parent	5a36dc13089e6cf21e7cae9763d08025e78e4cdb (diff)
download	chromium_src-9f10431779fbe82df67ea79eddd99b1575c9c011.zip chromium_src-9f10431779fbe82df67ea79eddd99b1575c9c011.tar.gz chromium_src-9f10431779fbe82df67ea79eddd99b1575c9c011.tar.bz2