summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--content/browser/child_process_security_policy_impl.cc112
-rw-r--r--content/browser/child_process_security_policy_impl.h2
-rw-r--r--content/browser/fileapi/fileapi_message_filter.cc2
3 files changed, 57 insertions, 59 deletions
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
index 291005e..e91367f 100644
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -31,33 +31,35 @@ namespace content {
namespace {
-const int kReadFilePermissions =
- base::PLATFORM_FILE_OPEN |
- base::PLATFORM_FILE_READ |
- base::PLATFORM_FILE_EXCLUSIVE_READ |
- base::PLATFORM_FILE_ASYNC;
-
-const int kWriteFilePermissions =
- base::PLATFORM_FILE_OPEN |
- base::PLATFORM_FILE_OPEN_TRUNCATED |
- base::PLATFORM_FILE_WRITE |
- base::PLATFORM_FILE_APPEND |
- base::PLATFORM_FILE_EXCLUSIVE_WRITE |
- base::PLATFORM_FILE_ASYNC |
- base::PLATFORM_FILE_WRITE_ATTRIBUTES;
-
-const int kCreateNewFilePermissions =
- base::PLATFORM_FILE_CREATE;
-
-const int kCreateOverwriteFilePermissions =
- base::PLATFORM_FILE_OPEN_ALWAYS |
- base::PLATFORM_FILE_CREATE_ALWAYS;
-
-const int kCreateReadWriteFilePermissions =
- kReadFilePermissions |
- kWriteFilePermissions |
- kCreateNewFilePermissions |
- kCreateOverwriteFilePermissions;
+// Used internally only. These bit positions have no relationship to any
+// underlying OS and can be changed to accommodate finer-grained permissions.
+enum ChildProcessSecurityPermissions {
+ READ_FILE_PERMISSION = 1 << 0,
+ WRITE_FILE_PERMISSION = 1 << 1,
+ CREATE_NEW_FILE_PERMISSION = 1 << 2,
+ CREATE_OVERWRITE_FILE_PERMISSION = 1 << 3,
+
+ // Used by Media Galleries API
+ COPY_INTO_FILE_PERMISSION = 1 << 4,
+};
+
+// Used internally only. Bitmasks that are actually used by the Grant* and Can*
+// methods. These contain one or more ChildProcessSecurityPermissions.
+enum ChildProcessSecurityGrants {
+ READ_FILE_GRANT = READ_FILE_PERMISSION,
+ WRITE_FILE_GRANT = WRITE_FILE_PERMISSION,
+
+ CREATE_NEW_FILE_GRANT = CREATE_NEW_FILE_PERMISSION |
+ COPY_INTO_FILE_PERMISSION,
+
+ CREATE_READ_WRITE_FILE_GRANT = CREATE_NEW_FILE_PERMISSION |
+ CREATE_OVERWRITE_FILE_PERMISSION |
+ READ_FILE_PERMISSION |
+ WRITE_FILE_PERMISSION |
+ COPY_INTO_FILE_PERMISSION,
+
+ COPY_INTO_FILE_GRANT = COPY_INTO_FILE_PERMISSION,
+};
} // namespace
@@ -426,12 +428,12 @@ void ChildProcessSecurityPolicyImpl::GrantRequestSpecificFileURL(
void ChildProcessSecurityPolicyImpl::GrantReadFile(int child_id,
const base::FilePath& file) {
- GrantPermissionsForFile(child_id, file, kReadFilePermissions);
+ GrantPermissionsForFile(child_id, file, READ_FILE_GRANT);
}
void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFile(
int child_id, const base::FilePath& file) {
- GrantPermissionsForFile(child_id, file, kCreateReadWriteFilePermissions);
+ GrantPermissionsForFile(child_id, file, CREATE_READ_WRITE_FILE_GRANT);
}
void ChildProcessSecurityPolicyImpl::GrantPermissionsForFile(
@@ -458,26 +460,22 @@ void ChildProcessSecurityPolicyImpl::RevokeAllPermissionsForFile(
void ChildProcessSecurityPolicyImpl::GrantReadFileSystem(
int child_id, const std::string& filesystem_id) {
- GrantPermissionsForFileSystem(child_id, filesystem_id, kReadFilePermissions);
+ GrantPermissionsForFileSystem(child_id, filesystem_id, READ_FILE_GRANT);
}
void ChildProcessSecurityPolicyImpl::GrantWriteFileSystem(
int child_id, const std::string& filesystem_id) {
- GrantPermissionsForFileSystem(child_id, filesystem_id, kWriteFilePermissions);
+ GrantPermissionsForFileSystem(child_id, filesystem_id, WRITE_FILE_GRANT);
}
void ChildProcessSecurityPolicyImpl::GrantCreateFileForFileSystem(
int child_id, const std::string& filesystem_id) {
- GrantPermissionsForFileSystem(child_id, filesystem_id,
- kCreateNewFilePermissions);
+ GrantPermissionsForFileSystem(child_id, filesystem_id, CREATE_NEW_FILE_GRANT);
}
void ChildProcessSecurityPolicyImpl::GrantCopyIntoFileSystem(
int child_id, const std::string& filesystem_id) {
- // TODO(tommycli): These granted permissions a bit too broad, but not abused.
- // We are fixing in http://crbug.com/262142 and associated CL.
- GrantPermissionsForFileSystem(child_id, filesystem_id,
- kCreateNewFilePermissions);
+ GrantPermissionsForFileSystem(child_id, filesystem_id, COPY_INTO_FILE_GRANT);
}
void ChildProcessSecurityPolicyImpl::GrantSendMIDISysExMessage(int child_id) {
@@ -603,37 +601,30 @@ bool ChildProcessSecurityPolicyImpl::CanRequestURL(
bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id,
const base::FilePath& file) {
- return HasPermissionsForFile(child_id, file, kReadFilePermissions);
+ return HasPermissionsForFile(child_id, file, READ_FILE_GRANT);
}
bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile(
int child_id,
const base::FilePath& file) {
- return HasPermissionsForFile(child_id, file, kCreateReadWriteFilePermissions);
+ return HasPermissionsForFile(child_id, file, CREATE_READ_WRITE_FILE_GRANT);
}
bool ChildProcessSecurityPolicyImpl::CanReadFileSystem(
int child_id, const std::string& filesystem_id) {
- return HasPermissionsForFileSystem(child_id,
- filesystem_id,
- kReadFilePermissions);
+ return HasPermissionsForFileSystem(child_id, filesystem_id, READ_FILE_GRANT);
}
bool ChildProcessSecurityPolicyImpl::CanReadWriteFileSystem(
int child_id, const std::string& filesystem_id) {
- return HasPermissionsForFileSystem(child_id,
- filesystem_id,
- kReadFilePermissions |
- kWriteFilePermissions);
+ return HasPermissionsForFileSystem(child_id, filesystem_id,
+ READ_FILE_GRANT | WRITE_FILE_GRANT);
}
bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystem(
int child_id, const std::string& filesystem_id) {
- // TODO(tommycli): These granted permissions a bit too broad, but not abused.
- // We are fixing in http://crbug.com/262142 and associated CL.
- return HasPermissionsForFileSystem(child_id,
- filesystem_id,
- kCreateNewFilePermissions);
+ return HasPermissionsForFileSystem(child_id, filesystem_id,
+ COPY_INTO_FILE_GRANT);
}
bool ChildProcessSecurityPolicyImpl::HasPermissionsForFile(
@@ -663,7 +654,7 @@ bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile(
// Any write access is disallowed on the root path.
if (fileapi::VirtualPath::IsRootPath(url.path()) &&
- (permissions & ~kReadFilePermissions)) {
+ (permissions & ~READ_FILE_GRANT)) {
return false;
}
@@ -681,7 +672,7 @@ bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile(
return false;
if ((found->second & fileapi::FILE_PERMISSION_READ_ONLY) &&
- permissions & ~kReadFilePermissions) {
+ permissions & ~READ_FILE_GRANT) {
return false;
}
@@ -697,27 +688,32 @@ bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile(
bool ChildProcessSecurityPolicyImpl::CanReadFileSystemFile(
int child_id,
const fileapi::FileSystemURL& url) {
- return HasPermissionsForFileSystemFile(child_id, url, kReadFilePermissions);
+ return HasPermissionsForFileSystemFile(child_id, url, READ_FILE_GRANT);
}
bool ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile(
int child_id,
const fileapi::FileSystemURL& url) {
- return HasPermissionsForFileSystemFile(child_id, url, kWriteFilePermissions);
+ return HasPermissionsForFileSystemFile(child_id, url, WRITE_FILE_GRANT);
}
bool ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile(
int child_id,
const fileapi::FileSystemURL& url) {
- return HasPermissionsForFileSystemFile(child_id, url,
- kCreateNewFilePermissions);
+ return HasPermissionsForFileSystemFile(child_id, url, CREATE_NEW_FILE_GRANT);
}
bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile(
int child_id,
const fileapi::FileSystemURL& url) {
return HasPermissionsForFileSystemFile(child_id, url,
- kCreateReadWriteFilePermissions);
+ CREATE_READ_WRITE_FILE_GRANT);
+}
+
+bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystemFile(
+ int child_id,
+ const fileapi::FileSystemURL& url) {
+ return HasPermissionsForFileSystemFile(child_id, url, COPY_INTO_FILE_GRANT);
}
bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) {
diff --git a/content/browser/child_process_security_policy_impl.h b/content/browser/child_process_security_policy_impl.h
index dec309c..53b9443 100644
--- a/content/browser/child_process_security_policy_impl.h
+++ b/content/browser/child_process_security_policy_impl.h
@@ -135,6 +135,8 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
bool CanCreateFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
bool CanCreateReadWriteFileSystemFile(int child_id,
const fileapi::FileSystemURL& url);
+ bool CanCopyIntoFileSystemFile(int child_id,
+ const fileapi::FileSystemURL& url);
// Returns true if the specified child_id has been granted WebUIBindings.
// The browser should check this property before assuming the child process is
diff --git a/content/browser/fileapi/fileapi_message_filter.cc b/content/browser/fileapi/fileapi_message_filter.cc
index b642d84..98deb77 100644
--- a/content/browser/fileapi/fileapi_message_filter.cc
+++ b/content/browser/fileapi/fileapi_message_filter.cc
@@ -307,7 +307,7 @@ void FileAPIMessageFilter::OnCopy(
return;
}
if (!security_policy_->CanReadFileSystemFile(process_id_, src_url) ||
- !security_policy_->CanCreateFileSystemFile(process_id_, dest_url)) {
+ !security_policy_->CanCopyIntoFileSystemFile(process_id_, dest_url)) {
Send(new FileSystemMsg_DidFail(request_id,
base::PLATFORM_FILE_ERROR_SECURITY));
return;
generated by cgit v1.1 at 2025-02-05 07:50:12 +0000