diff options
| author | kinuko@chromium.org <kinuko@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-01 11:52:31 +0000 |
|---|---|---|
| committer | kinuko@chromium.org <kinuko@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-01 11:52:31 +0000 |
| commit | ce5cbed872693ef89bb6e33fa4dd513b1dd7054b (patch) | |
| tree | aae7f224608f012d54cdb7141c4d8bfd8ad0b3e6 /webkit/browser/fileapi/file_system_context.cc | |
| parent | 5e5ba0428effebbcce06382c792f5c9d2afc1ab8 (diff) | |
| download | chromium_src-ce5cbed872693ef89bb6e33fa4dd513b1dd7054b.zip chromium_src-ce5cbed872693ef89bb6e33fa4dd513b1dd7054b.tar.gz chromium_src-ce5cbed872693ef89bb6e33fa4dd513b1dd7054b.tar.bz2 | |
Implement ChildProcessSecurityPolicy::HasPermissionsForFileSystemFile()
In content/ layer:
- Add CPSP::HasPermissionsForFileSystemFile() for central
FileSystem permission check.
- Replace all permission check code for FileSystem files with the
newly added CPSP method
In webkit/browser/fileapi layer:
- Each MountPointProvider's GetPermissionPolicy() is replaced with a
central static FileSystemContext::GetPermissionPolicy() method.
Now the permission policy is statically defined for each type and
used by CPSP. Some FS-specific security checks are moved into
each FS's private implementation.
- For SandboxMountPointProvider: moved some API-specific validity
check code into a private IsAcessValid() method.
- For CrosMountPointProvider: IsAccessAllowed() method is still called
every time when a new FileSystemOperation is created, but doesn't
participate the CPSP's permission check.
BUG=174550
TEST=ChildProcessSecurityPolicyTest::FileSystemFilePermissions
R=aedla@chromium.org, darin@chromium.org, tbarzic@chromium.org, tsepez@chromium.org
Review URL: https://codereview.chromium.org/12310099
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@209418 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/browser/fileapi/file_system_context.cc')
| -rw-r--r-- | webkit/browser/fileapi/file_system_context.cc | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/webkit/browser/fileapi/file_system_context.cc b/webkit/browser/fileapi/file_system_context.cc index 79a4945..97f4205 100644 --- a/webkit/browser/fileapi/file_system_context.cc +++ b/webkit/browser/fileapi/file_system_context.cc @@ -11,6 +11,7 @@ #include "webkit/browser/blob/file_stream_reader.h" #include "webkit/browser/fileapi/copy_or_move_file_validator.h" #include "webkit/browser/fileapi/external_mount_points.h" +#include "webkit/browser/fileapi/file_permission_policy.h" #include "webkit/browser/fileapi/file_stream_writer.h" #include "webkit/browser/fileapi/file_system_file_util.h" #include "webkit/browser/fileapi/file_system_operation.h" @@ -53,6 +54,51 @@ void DidOpenFileSystem( } // namespace +// static +int FileSystemContext::GetPermissionPolicy(FileSystemType type) { + switch (type) { + case kFileSystemTypeTemporary: + case kFileSystemTypePersistent: + case kFileSystemTypeSyncable: + return FILE_PERMISSION_SANDBOX; + + case kFileSystemTypeDrive: + case kFileSystemTypeNativeForPlatformApp: + case kFileSystemTypeNativeLocal: + return FILE_PERMISSION_USE_FILE_PERMISSION; + + case kFileSystemTypeRestrictedNativeLocal: + return FILE_PERMISSION_READ_ONLY | + FILE_PERMISSION_USE_FILE_PERMISSION; + + // Following types are only accessed via IsolatedFileSystem, and + // don't have their own permission policies. + case kFileSystemTypeDeviceMedia: + case kFileSystemTypeDragged: + case kFileSystemTypeForTransientFile: + case kFileSystemTypeItunes: + case kFileSystemTypeNativeMedia: + case kFileSystemTypePicasa: + return FILE_PERMISSION_ALWAYS_DENY; + + // Following types only appear as mount_type, and will not be + // queried for their permission policies. + case kFileSystemTypeIsolated: + case kFileSystemTypeExternal: + return FILE_PERMISSION_ALWAYS_DENY; + + // Following types should not be used to access files by FileAPI clients. + case kFileSystemTypeTest: + case kFileSystemTypeSyncableForInternalSync: + case kFileSystemInternalTypeEnumEnd: + case kFileSystemInternalTypeEnumStart: + case kFileSystemTypeUnknown: + return FILE_PERMISSION_ALWAYS_DENY; + } + NOTREACHED(); + return FILE_PERMISSION_ALWAYS_DENY; +} + FileSystemContext::FileSystemContext( scoped_ptr<FileSystemTaskRunners> task_runners, ExternalMountPoints* external_mount_points, |