ChildProcessSecurityPolicy: Change over to custom bitmask set.

Applies on top of https://codereview.chromium.org/25601002/. Refactoring plan: https://docs.google.com/a/google.com/document/d/1QGkGWuwgSuaRqovz4wyb0upqPKDVsgYOFKt44E7gmOE/edit?usp=sharing chromium-dev thread: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/2cGLolxsOs4/Ga8eF7iEejkJ R=tsepez@chromium.org BUG=262142 Review URL: https://codereview.chromium.org/25915002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@228744 0039d316-1c4b-4281-b951-d872f2087c98
author: tommycli@chromium.org <tommycli@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-10-15 19:49:41 +0000
committer: tommycli@chromium.org <tommycli@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-10-15 19:49:41 +0000
commit: 4b9d0863d0a116dbc747cc057dac0fd94604b8bd (patch)
tree: 910949e2bc5347983cb5eede92aded099c4cf366 /content
parent: 09eaa4c8b409f81cfc8c18bed8e1eadffd1615dd (diff)
download: chromium_src-4b9d0863d0a116dbc747cc057dac0fd94604b8bd.zip
chromium_src-4b9d0863d0a116dbc747cc057dac0fd94604b8bd.tar.gz
chromium_src-4b9d0863d0a116dbc747cc057dac0fd94604b8bd.tar.bz2
3 files changed, 57 insertions, 59 deletions
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
index 291005e..e91367f 100644
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -31,33 +31,35 @@ namespace content {
 
 namespace {
 
-const int kReadFilePermissions =
-    base::PLATFORM_FILE_OPEN |
-    base::PLATFORM_FILE_READ |
-    base::PLATFORM_FILE_EXCLUSIVE_READ |
-    base::PLATFORM_FILE_ASYNC;
-
-const int kWriteFilePermissions =
-    base::PLATFORM_FILE_OPEN |
-    base::PLATFORM_FILE_OPEN_TRUNCATED |
-    base::PLATFORM_FILE_WRITE |
-    base::PLATFORM_FILE_APPEND |
-    base::PLATFORM_FILE_EXCLUSIVE_WRITE |
-    base::PLATFORM_FILE_ASYNC |
-    base::PLATFORM_FILE_WRITE_ATTRIBUTES;
-
-const int kCreateNewFilePermissions =
-    base::PLATFORM_FILE_CREATE;
-
-const int kCreateOverwriteFilePermissions =
-    base::PLATFORM_FILE_OPEN_ALWAYS |
-    base::PLATFORM_FILE_CREATE_ALWAYS;
-
-const int kCreateReadWriteFilePermissions =
-    kReadFilePermissions |
-    kWriteFilePermissions |
-    kCreateNewFilePermissions |
-    kCreateOverwriteFilePermissions;
+// Used internally only. These bit positions have no relationship to any
+// underlying OS and can be changed to accommodate finer-grained permissions.
+enum ChildProcessSecurityPermissions {
+  READ_FILE_PERMISSION             = 1 << 0,
+  WRITE_FILE_PERMISSION            = 1 << 1,
+  CREATE_NEW_FILE_PERMISSION       = 1 << 2,
+  CREATE_OVERWRITE_FILE_PERMISSION = 1 << 3,
+
+  // Used by Media Galleries API
+  COPY_INTO_FILE_PERMISSION        = 1 << 4,
+};
+
+// Used internally only. Bitmasks that are actually used by the Grant* and Can*
+// methods. These contain one or more ChildProcessSecurityPermissions.
+enum ChildProcessSecurityGrants {
+  READ_FILE_GRANT              = READ_FILE_PERMISSION,
+  WRITE_FILE_GRANT             = WRITE_FILE_PERMISSION,
+
+  CREATE_NEW_FILE_GRANT        = CREATE_NEW_FILE_PERMISSION |
+                                 COPY_INTO_FILE_PERMISSION,
+
+  CREATE_READ_WRITE_FILE_GRANT = CREATE_NEW_FILE_PERMISSION |
+                                 CREATE_OVERWRITE_FILE_PERMISSION |
+                                 READ_FILE_PERMISSION |
+                                 WRITE_FILE_PERMISSION |
+                                 COPY_INTO_FILE_PERMISSION,
+
+  COPY_INTO_FILE_GRANT         = COPY_INTO_FILE_PERMISSION,
+};
 
 }  // namespace
 
@@ -426,12 +428,12 @@ void ChildProcessSecurityPolicyImpl::GrantRequestSpecificFileURL(
 
 void ChildProcessSecurityPolicyImpl::GrantReadFile(int child_id,
                                                    const base::FilePath& file) {
-  GrantPermissionsForFile(child_id, file, kReadFilePermissions);
+  GrantPermissionsForFile(child_id, file, READ_FILE_GRANT);
 }
 
 void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFile(
     int child_id, const base::FilePath& file) {
-  GrantPermissionsForFile(child_id, file, kCreateReadWriteFilePermissions);
+  GrantPermissionsForFile(child_id, file, CREATE_READ_WRITE_FILE_GRANT);
 }
 
 void ChildProcessSecurityPolicyImpl::GrantPermissionsForFile(
@@ -458,26 +460,22 @@ void ChildProcessSecurityPolicyImpl::RevokeAllPermissionsForFile(
 
 void ChildProcessSecurityPolicyImpl::GrantReadFileSystem(
     int child_id, const std::string& filesystem_id) {
-  GrantPermissionsForFileSystem(child_id, filesystem_id, kReadFilePermissions);
+  GrantPermissionsForFileSystem(child_id, filesystem_id, READ_FILE_GRANT);
 }
 
 void ChildProcessSecurityPolicyImpl::GrantWriteFileSystem(
     int child_id, const std::string& filesystem_id) {
-  GrantPermissionsForFileSystem(child_id, filesystem_id, kWriteFilePermissions);
+  GrantPermissionsForFileSystem(child_id, filesystem_id, WRITE_FILE_GRANT);
 }
 
 void ChildProcessSecurityPolicyImpl::GrantCreateFileForFileSystem(
     int child_id, const std::string& filesystem_id) {
-  GrantPermissionsForFileSystem(child_id, filesystem_id,
-                                kCreateNewFilePermissions);
+  GrantPermissionsForFileSystem(child_id, filesystem_id, CREATE_NEW_FILE_GRANT);
 }
 
 void ChildProcessSecurityPolicyImpl::GrantCopyIntoFileSystem(
     int child_id, const std::string& filesystem_id) {
-  // TODO(tommycli): These granted permissions a bit too broad, but not abused.
-  // We are fixing in http://crbug.com/262142 and associated CL.
-  GrantPermissionsForFileSystem(child_id, filesystem_id,
-                                kCreateNewFilePermissions);
+  GrantPermissionsForFileSystem(child_id, filesystem_id, COPY_INTO_FILE_GRANT);
 }
 
 void ChildProcessSecurityPolicyImpl::GrantSendMIDISysExMessage(int child_id) {
@@ -603,37 +601,30 @@ bool ChildProcessSecurityPolicyImpl::CanRequestURL(
 
 bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id,
                                                  const base::FilePath& file) {
-  return HasPermissionsForFile(child_id, file, kReadFilePermissions);
+  return HasPermissionsForFile(child_id, file, READ_FILE_GRANT);
 }
 
 bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile(
     int child_id,
     const base::FilePath& file) {
-  return HasPermissionsForFile(child_id, file, kCreateReadWriteFilePermissions);
+  return HasPermissionsForFile(child_id, file, CREATE_READ_WRITE_FILE_GRANT);
 }
 
 bool ChildProcessSecurityPolicyImpl::CanReadFileSystem(
     int child_id, const std::string& filesystem_id) {
-  return HasPermissionsForFileSystem(child_id,
-                                     filesystem_id,
-                                     kReadFilePermissions);
+  return HasPermissionsForFileSystem(child_id, filesystem_id, READ_FILE_GRANT);
 }
 
 bool ChildProcessSecurityPolicyImpl::CanReadWriteFileSystem(
     int child_id, const std::string& filesystem_id) {
-  return HasPermissionsForFileSystem(child_id,
-                                     filesystem_id,
-                                     kReadFilePermissions |
-                                     kWriteFilePermissions);
+  return HasPermissionsForFileSystem(child_id, filesystem_id,
+                                     READ_FILE_GRANT | WRITE_FILE_GRANT);
 }
 
 bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystem(
     int child_id, const std::string& filesystem_id) {
-  // TODO(tommycli): These granted permissions a bit too broad, but not abused.
-  // We are fixing in http://crbug.com/262142 and associated CL.
-  return HasPermissionsForFileSystem(child_id,
-                                     filesystem_id,
-                                     kCreateNewFilePermissions);
+  return HasPermissionsForFileSystem(child_id, filesystem_id,
+                                     COPY_INTO_FILE_GRANT);
 }
 
 bool ChildProcessSecurityPolicyImpl::HasPermissionsForFile(
@@ -663,7 +654,7 @@ bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile(
 
   // Any write access is disallowed on the root path.
   if (fileapi::VirtualPath::IsRootPath(url.path()) &&
-      (permissions & ~kReadFilePermissions)) {
+      (permissions & ~READ_FILE_GRANT)) {
     return false;
   }
 
@@ -681,7 +672,7 @@ bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile(
     return false;
 
   if ((found->second & fileapi::FILE_PERMISSION_READ_ONLY) &&
-      permissions & ~kReadFilePermissions) {
+      permissions & ~READ_FILE_GRANT) {
     return false;
   }
 
@@ -697,27 +688,32 @@ bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile(
 bool ChildProcessSecurityPolicyImpl::CanReadFileSystemFile(
     int child_id,
     const fileapi::FileSystemURL& url) {
-  return HasPermissionsForFileSystemFile(child_id, url, kReadFilePermissions);
+  return HasPermissionsForFileSystemFile(child_id, url, READ_FILE_GRANT);
 }
 
 bool ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile(
     int child_id,
     const fileapi::FileSystemURL& url) {
-  return HasPermissionsForFileSystemFile(child_id, url, kWriteFilePermissions);
+  return HasPermissionsForFileSystemFile(child_id, url, WRITE_FILE_GRANT);
 }
 
 bool ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile(
     int child_id,
     const fileapi::FileSystemURL& url) {
-  return HasPermissionsForFileSystemFile(child_id, url,
-                                         kCreateNewFilePermissions);
+  return HasPermissionsForFileSystemFile(child_id, url, CREATE_NEW_FILE_GRANT);
 }
 
 bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile(
     int child_id,
     const fileapi::FileSystemURL& url) {
   return HasPermissionsForFileSystemFile(child_id, url,
-                                         kCreateReadWriteFilePermissions);
+                                         CREATE_READ_WRITE_FILE_GRANT);
+}
+
+bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystemFile(
+    int child_id,
+    const fileapi::FileSystemURL& url) {
+  return HasPermissionsForFileSystemFile(child_id, url, COPY_INTO_FILE_GRANT);
 }
 
 bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) {
diff --git a/content/browser/child_process_security_policy_impl.h b/content/browser/child_process_security_policy_impl.h
index dec309c..53b9443 100644
--- a/content/browser/child_process_security_policy_impl.h
+++ b/content/browser/child_process_security_policy_impl.h
@@ -135,6 +135,8 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
   bool CanCreateFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
   bool CanCreateReadWriteFileSystemFile(int child_id,
                                         const fileapi::FileSystemURL& url);
+  bool CanCopyIntoFileSystemFile(int child_id,
+                                 const fileapi::FileSystemURL& url);
 
   // Returns true if the specified child_id has been granted WebUIBindings.
   // The browser should check this property before assuming the child process is
diff --git a/content/browser/fileapi/fileapi_message_filter.cc b/content/browser/fileapi/fileapi_message_filter.cc
index b642d84..98deb77 100644
--- a/content/browser/fileapi/fileapi_message_filter.cc
+++ b/content/browser/fileapi/fileapi_message_filter.cc
@@ -307,7 +307,7 @@ void FileAPIMessageFilter::OnCopy(
     return;
   }
   if (!security_policy_->CanReadFileSystemFile(process_id_, src_url) ||
-      !security_policy_->CanCreateFileSystemFile(process_id_, dest_url)) {
+      !security_policy_->CanCopyIntoFileSystemFile(process_id_, dest_url)) {
     Send(new FileSystemMsg_DidFail(request_id,
                                    base::PLATFORM_FILE_ERROR_SECURITY));
     return;
author	tommycli@chromium.org <tommycli@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-10-15 19:49:41 +0000
committer	tommycli@chromium.org <tommycli@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-10-15 19:49:41 +0000
commit	4b9d0863d0a116dbc747cc057dac0fd94604b8bd (patch)
tree	910949e2bc5347983cb5eede92aded099c4cf366 /content
parent	09eaa4c8b409f81cfc8c18bed8e1eadffd1615dd (diff)
download	chromium_src-4b9d0863d0a116dbc747cc057dac0fd94604b8bd.zip chromium_src-4b9d0863d0a116dbc747cc057dac0fd94604b8bd.tar.gz chromium_src-4b9d0863d0a116dbc747cc057dac0fd94604b8bd.tar.bz2