diff options
| author | zelidrag@chromium.org <zelidrag@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-02 18:59:07 +0000 |
|---|---|---|
| committer | zelidrag@chromium.org <zelidrag@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-02 18:59:07 +0000 |
| commit | cee64fd3e5383a388b58d570c5d16d95de30f1be (patch) | |
| tree | b44db2d5b3f22d4887d2bb335e4a77984d403a15 /content/browser/child_process_security_policy_unittest.cc | |
| parent | ee20d40a89f961e7ac20e82de66ba087ac9d357a (diff) | |
| download | chromium_src-cee64fd3e5383a388b58d570c5d16d95de30f1be.zip chromium_src-cee64fd3e5383a388b58d570c5d16d95de30f1be.tar.gz chromium_src-cee64fd3e5383a388b58d570c5d16d95de30f1be.tar.bz2 | |
blob_storage_controller.cc assert from this bug was caused by the fact that worker thread actually run in a different renderer process from the main page JS thread. chrome.fileBrowserPrivate.* methods grant access to files through ChildProcessSecurityPolicy class, but such file permissions would end up associated with renderer process of the main thread only. When worker tries to register blobs representing such files, ChildProcessSecurityPolicy check would reject it since its client process id has nothing to do with main renderer's id.
This CL adds mapping between worker and main renderer processes and uses that to ensure that worker thread renderer process file permissions are "inherited" from its main JS thread renderer child process.
BUG=chromium-os:14680
TEST=added extra tests to ChildProcessSecurityPolicyTest.FilePermissions
Review URL: http://codereview.chromium.org/6893145
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@83754 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/browser/child_process_security_policy_unittest.cc')
| -rw-r--r-- | content/browser/child_process_security_policy_unittest.cc | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc index 53799b7..0ee30f8 100644 --- a/content/browser/child_process_security_policy_unittest.cc +++ b/content/browser/child_process_security_policy_unittest.cc @@ -27,6 +27,7 @@ class ChildProcessSecurityPolicyTest : public testing::Test { }; static int kRendererID = 42; +static int kWorkerRendererID = kRendererID + 1; TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) { ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance(); @@ -349,6 +350,28 @@ TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, base::PLATFORM_FILE_TEMPORARY)); p->Remove(kRendererID); + + // Grant file permissions for the file to main thread renderer process, + // make sure its worker thread renderer process inherits those. + p->Add(kRendererID); + p->GrantPermissionsForFile(kRendererID, file, base::PLATFORM_FILE_OPEN | + base::PLATFORM_FILE_READ); + EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, + base::PLATFORM_FILE_OPEN | + base::PLATFORM_FILE_READ)); + EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, + base::PLATFORM_FILE_WRITE)); + p->AddWorker(kWorkerRendererID, kRendererID); + EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, file, + base::PLATFORM_FILE_OPEN | + base::PLATFORM_FILE_READ)); + EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file, + base::PLATFORM_FILE_WRITE)); + p->Remove(kRendererID); + EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file, + base::PLATFORM_FILE_OPEN | + base::PLATFORM_FILE_READ)); + p->Remove(kWorkerRendererID); } TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) { |