summaryrefslogtreecommitdiffstats
path: root/chrome
diff options
context:
space:
mode:
Diffstat (limited to 'chrome')
-rw-r--r--chrome/browser/child_process_security_policy.cc4
-rw-r--r--chrome/browser/chrome_plugin_host.cc9
-rw-r--r--chrome/browser/plugin_process_host.cc22
-rw-r--r--chrome/browser/plugin_process_host.h4
-rw-r--r--chrome/common/chrome_plugin_api.h12
-rw-r--r--chrome/common/plugin_messages_internal.h9
-rw-r--r--chrome/plugin/chrome_plugin_host.cc30
-rw-r--r--chrome/plugin/webplugin_proxy.cc8
-rw-r--r--chrome/plugin/webplugin_proxy.h5
9 files changed, 92 insertions, 11 deletions
diff --git a/chrome/browser/child_process_security_policy.cc b/chrome/browser/child_process_security_policy.cc
index 20130e7..c1cb73e 100644
--- a/chrome/browser/child_process_security_policy.cc
+++ b/chrome/browser/child_process_security_policy.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -292,7 +292,7 @@ bool ChildProcessSecurityPolicy::CanRequestURL(int renderer_id, const GURL& url)
}
bool ChildProcessSecurityPolicy::CanUploadFile(int renderer_id,
- const FilePath& file) {
+ const FilePath& file) {
AutoLock lock(lock_);
SecurityStateMap::iterator state = security_state_.find(renderer_id);
diff --git a/chrome/browser/chrome_plugin_host.cc b/chrome/browser/chrome_plugin_host.cc
index 75a2fc3..4e61732 100644
--- a/chrome/browser/chrome_plugin_host.cc
+++ b/chrome/browser/chrome_plugin_host.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -546,6 +546,12 @@ CPError STDCALL CPB_SetDropEffect(
return CPERR_FAILURE;
}
+CPError STDCALL CPB_AllowFileDrop(
+ CPID id, CPBrowsingContext context, const char* file_drag_data) {
+ NOTREACHED() << "Should not be called in the browser process.";
+ return CPERR_FAILURE;
+}
+
//
// Functions related to network interception
//
@@ -789,6 +795,7 @@ CPBrowserFuncs* GetCPBrowserFuncsForBrowser() {
browser_funcs.open_file_dialog = CPB_OpenFileDialog;
browser_funcs.get_drag_data = CPB_GetDragData;
browser_funcs.set_drop_effect = CPB_SetDropEffect;
+ browser_funcs.allow_file_drop = CPB_AllowFileDrop;
request_funcs.size = sizeof(request_funcs);
request_funcs.start_request = CPR_StartRequest;
diff --git a/chrome/browser/plugin_process_host.cc b/chrome/browser/plugin_process_host.cc
index f03b42f..ca2f502 100644
--- a/chrome/browser/plugin_process_host.cc
+++ b/chrome/browser/plugin_process_host.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -27,6 +27,7 @@
#include "base/scoped_ptr.h"
#include "base/thread.h"
#include "chrome/browser/browser_process.h"
+#include "chrome/browser/child_process_security_policy.h"
#include "chrome/browser/chrome_plugin_browsing_context.h"
#include "chrome/browser/chrome_thread.h"
#include "chrome/browser/plugin_service.h"
@@ -439,6 +440,7 @@ void PluginProcessHost::OnMessageReceived(const IPC::Message& msg) {
OnGetPluginFinderUrl)
IPC_MESSAGE_HANDLER(PluginProcessHostMsg_PluginMessage, OnPluginMessage)
IPC_MESSAGE_HANDLER(PluginProcessHostMsg_GetCookies, OnGetCookies)
+ IPC_MESSAGE_HANDLER(PluginProcessHostMsg_AccessFiles, OnAccessFiles)
IPC_MESSAGE_HANDLER_DELAY_REPLY(PluginProcessHostMsg_ResolveProxy,
OnResolveProxy)
#if defined(OS_WIN)
@@ -507,6 +509,24 @@ void PluginProcessHost::OnGetCookies(uint32 request_context,
*cookies = context->cookie_store()->GetCookies(url);
}
+void PluginProcessHost::OnAccessFiles(int process_id,
+ const std::vector<std::string>& files,
+ bool* allowed) {
+ ChildProcessSecurityPolicy* policy =
+ ChildProcessSecurityPolicy::GetInstance();
+
+ for (size_t i = 0; i < files.size(); ++i) {
+ const FilePath path = FilePath::FromWStringHack(UTF8ToWide(files[i]));
+ if (!policy->CanUploadFile(process_id, path)) {
+ LOG(INFO) << "Denied unauthorized request for file " << files[i];
+ *allowed = false;
+ return;
+ }
+ }
+
+ *allowed = true;
+}
+
void PluginProcessHost::OnResolveProxy(const GURL& url,
IPC::Message* reply_msg) {
resolve_proxy_msg_helper_.Start(url, reply_msg);
diff --git a/chrome/browser/plugin_process_host.h b/chrome/browser/plugin_process_host.h
index 8c3a948..22e9249 100644
--- a/chrome/browser/plugin_process_host.h
+++ b/chrome/browser/plugin_process_host.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -101,6 +101,8 @@ class PluginProcessHost : public ChildProcessHost,
void OnGetPluginFinderUrl(std::string* plugin_finder_url);
void OnGetCookies(uint32 request_context, const GURL& url,
std::string* cookies);
+ void OnAccessFiles(int process_id, const std::vector<std::string>& files,
+ bool* allowed);
void OnResolveProxy(const GURL& url, IPC::Message* reply_msg);
void OnPluginMessage(const std::vector<uint8>& data);
diff --git a/chrome/common/chrome_plugin_api.h b/chrome/common/chrome_plugin_api.h
index c10985a..d30357c 100644
--- a/chrome/common/chrome_plugin_api.h
+++ b/chrome/common/chrome_plugin_api.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
@@ -30,7 +30,7 @@ extern "C" {
// The current version of the API, used by the 'version' field of CPPluginFuncs
// and CPBrowserFuncs.
#define CP_MAJOR_VERSION 0
-#define CP_MINOR_VERSION 10
+#define CP_MINOR_VERSION 11
#define CP_VERSION ((CP_MAJOR_VERSION << 8) | (CP_MINOR_VERSION))
#define CP_GET_MAJOR_VERSION(version) ((version & 0xff00) >> 8)
@@ -445,6 +445,13 @@ typedef CPError (STDCALL *CPB_GetDragDataFunc)(
typedef CPError (STDCALL *CPB_SetDropEffectFunc)(
CPID id, CPBrowsingContext context, struct NPObject* event, int effect);
+// For drag type "Files", the drag data returned by CPB_GetDragDataFunc() is a
+// backspace delimited list of file paths. Use this routine to pass that data
+// to the browser process to verify that the renderer has permission to access
+// the files. Returns CPERR_SUCCESS if access is allowed.
+typedef CPError (STDCALL *CPB_AllowFileDropFunc)(
+ CPID id, CPBrowsingContext context, const char* file_drag_data);
+
// Function table for issuing requests using via the other side's network stack.
// For the plugin, this functions deal with issuing requests through the
// browser. For the browser, these functions deal with allowing the plugin to
@@ -521,6 +528,7 @@ typedef struct _CPBrowserFuncs {
CPB_OpenFileDialogFunc open_file_dialog;
CPB_GetDragDataFunc get_drag_data;
CPB_SetDropEffectFunc set_drop_effect;
+ CPB_AllowFileDropFunc allow_file_drop;
} CPBrowserFuncs;
diff --git a/chrome/common/plugin_messages_internal.h b/chrome/common/plugin_messages_internal.h
index 8631973..18152d9 100644
--- a/chrome/common/plugin_messages_internal.h
+++ b/chrome/common/plugin_messages_internal.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -73,6 +73,13 @@ IPC_BEGIN_MESSAGES(PluginProcessHost)
GURL /* url */,
std::string /* cookies */)
+ // Used by the plugin process to verify that its renderer |process_id| has
+ // permission to access the given |files|.
+ IPC_SYNC_MESSAGE_CONTROL2_1(PluginProcessHostMsg_AccessFiles,
+ int /* process_id */,
+ std::vector<std::string> /* files */,
+ bool /* allowed */)
+
// Get the list of proxies to use for |url|, as a semicolon delimited list
// of "<TYPE> <HOST>:<PORT>" | "DIRECT". See also ViewHostMsg_ResolveProxy
// which does the same thing.
diff --git a/chrome/plugin/chrome_plugin_host.cc b/chrome/plugin/chrome_plugin_host.cc
index a81d7d3..81a128a 100644
--- a/chrome/plugin/chrome_plugin_host.cc
+++ b/chrome/plugin/chrome_plugin_host.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -351,6 +351,33 @@ CPError STDCALL CPB_SetDropEffect(
return CPERR_FAILURE;
}
+CPError STDCALL CPB_AllowFileDrop(
+ CPID id, CPBrowsingContext context, const char* file_drag_data) {
+ CHECK(ChromePluginLib::IsPluginThread());
+
+ WebPluginProxy* webplugin = WebPluginProxy::FromCPBrowsingContext(context);
+ if (!webplugin || !file_drag_data)
+ return CPERR_INVALID_PARAMETER;
+
+ const int pid = webplugin->GetRendererProcessId();
+ if (!pid)
+ return CPERR_FAILURE;
+
+ static const char kDelimiter('\b');
+ std::vector<std::string> files;
+ SplitStringDontTrim(file_drag_data, kDelimiter, &files);
+
+ bool allowed = false;
+ if (!PluginThread::current()->Send(
+ new PluginProcessHostMsg_AccessFiles(pid, files, &allowed))) {
+ return CPERR_FAILURE;
+ }
+
+ if (allowed)
+ return CPERR_SUCCESS;
+ return CPERR_FAILURE;
+}
+
CPError STDCALL CPB_GetCommandLineArguments(
CPID id, CPBrowsingContext context, const char* url, char** arguments) {
CHECK(ChromePluginLib::IsPluginThread());
@@ -636,6 +663,7 @@ CPBrowserFuncs* GetCPBrowserFuncsForPlugin() {
browser_funcs.open_file_dialog = CPB_OpenFileDialog;
browser_funcs.get_drag_data = CPB_GetDragData;
browser_funcs.set_drop_effect = CPB_SetDropEffect;
+ browser_funcs.allow_file_drop = CPB_AllowFileDrop;
browser_funcs.request_funcs = &request_funcs;
browser_funcs.response_funcs = &response_funcs;
diff --git a/chrome/plugin/webplugin_proxy.cc b/chrome/plugin/webplugin_proxy.cc
index 1356c61..67919e8 100644
--- a/chrome/plugin/webplugin_proxy.cc
+++ b/chrome/plugin/webplugin_proxy.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -247,6 +247,12 @@ WebPluginResourceClient* WebPluginProxy::GetResourceClient(int id) {
return iterator->second;
}
+int WebPluginProxy::GetRendererProcessId() {
+ if (channel_.get())
+ return channel_->peer_pid();
+ return 0;
+}
+
void WebPluginProxy::DidPaint() {
// If we have an accumulated damaged rect, then check to see if we need to
// send out another InvalidateRect message.
diff --git a/chrome/plugin/webplugin_proxy.h b/chrome/plugin/webplugin_proxy.h
index 1b1468e..9454d28 100644
--- a/chrome/plugin/webplugin_proxy.h
+++ b/chrome/plugin/webplugin_proxy.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -88,6 +88,9 @@ class WebPluginProxy : public WebPlugin {
// object with that id exists.
WebPluginResourceClient* GetResourceClient(int id);
+ // Returns the process id of the renderer that contains this plugin.
+ int GetRendererProcessId();
+
// For windowless plugins, paints the given rectangle into the local buffer.
void Paint(const gfx::Rect& rect);