diff options
Diffstat (limited to 'content/browser')
5 files changed, 2 insertions, 64 deletions
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc index b725f7e..291005e 100644 --- a/content/browser/child_process_security_policy_impl.cc +++ b/content/browser/child_process_security_policy_impl.cc @@ -49,10 +49,6 @@ const int kWriteFilePermissions = const int kCreateNewFilePermissions = base::PLATFORM_FILE_CREATE; -const int kEnumerateDirectoryPermissions = - kReadFilePermissions | - base::PLATFORM_FILE_ENUMERATE; - const int kCreateOverwriteFilePermissions = base::PLATFORM_FILE_OPEN_ALWAYS | base::PLATFORM_FILE_CREATE_ALWAYS; @@ -438,11 +434,6 @@ void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFile( GrantPermissionsForFile(child_id, file, kCreateReadWriteFilePermissions); } -void ChildProcessSecurityPolicyImpl::GrantReadDirectory( - int child_id, const base::FilePath& directory) { - GrantPermissionsForFile(child_id, directory, kEnumerateDirectoryPermissions); -} - void ChildProcessSecurityPolicyImpl::GrantPermissionsForFile( int child_id, const base::FilePath& file, int permissions) { base::AutoLock lock(lock_); @@ -621,13 +612,6 @@ bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile( return HasPermissionsForFile(child_id, file, kCreateReadWriteFilePermissions); } -bool ChildProcessSecurityPolicyImpl::CanReadDirectory( - int child_id, const base::FilePath& directory) { - return HasPermissionsForFile(child_id, - directory, - kEnumerateDirectoryPermissions); -} - bool ChildProcessSecurityPolicyImpl::CanReadFileSystem( int child_id, const std::string& filesystem_id) { return HasPermissionsForFileSystem(child_id, diff --git a/content/browser/child_process_security_policy_impl.h b/content/browser/child_process_security_policy_impl.h index b1f68e4..dec309c 100644 --- a/content/browser/child_process_security_policy_impl.h +++ b/content/browser/child_process_security_policy_impl.h @@ -102,10 +102,6 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl // file:// URL, but not all urls of the file:// scheme. void GrantRequestSpecificFileURL(int child_id, const GURL& url); - // Grants the child process permission to enumerate all the files in - // this directory and read those files. - void GrantReadDirectory(int child_id, const base::FilePath& directory); - // Revokes all permissions granted to the given file. void RevokeAllPermissionsForFile(int child_id, const base::FilePath& file); @@ -133,10 +129,6 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl const GURL& url, ResourceType::Type resource_type); - // Before servicing a child process's request to enumerate a directory - // the browser should call this method to check for the capability. - bool CanReadDirectory(int child_id, const base::FilePath& directory); - // Explicit permissions checks for FileSystemURL specified files. bool CanReadFileSystemFile(int child_id, const fileapi::FileSystemURL& url); bool CanWriteFileSystemFile(int child_id, const fileapi::FileSystemURL& url); diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc index 9f574c5..2e68b18 100644 --- a/content/browser/child_process_security_policy_unittest.cc +++ b/content/browser/child_process_security_policy_unittest.cc @@ -448,40 +448,6 @@ TEST_F(ChildProcessSecurityPolicyTest, FilePermissionGrantingAndRevoking) { p->Remove(kRendererID); } -TEST_F(ChildProcessSecurityPolicyTest, CanReadDirectories) { - ChildProcessSecurityPolicyImpl* p = - ChildProcessSecurityPolicyImpl::GetInstance(); - - p->Add(kRendererID); - - EXPECT_FALSE(p->CanReadDirectory(kRendererID, - base::FilePath(TEST_PATH("/etc/")))); - p->GrantReadDirectory(kRendererID, - base::FilePath(TEST_PATH("/etc/"))); - EXPECT_TRUE(p->CanReadDirectory(kRendererID, - base::FilePath(TEST_PATH("/etc/")))); - EXPECT_TRUE(p->CanReadFile(kRendererID, - base::FilePath(TEST_PATH("/etc/passwd")))); - - p->Remove(kRendererID); - p->Add(kRendererID); - - EXPECT_FALSE(p->CanReadDirectory(kRendererID, - base::FilePath(TEST_PATH("/etc/")))); - EXPECT_FALSE(p->CanReadFile(kRendererID, - base::FilePath(TEST_PATH("/etc/passwd")))); - - // Just granting read permission as a file doesn't imply reading as a - // directory. - p->GrantReadFile(kRendererID, base::FilePath(TEST_PATH("/etc/"))); - EXPECT_TRUE(p->CanReadFile(kRendererID, - base::FilePath(TEST_PATH("/etc/passwd")))); - EXPECT_FALSE(p->CanReadDirectory(kRendererID, - base::FilePath(TEST_PATH("/etc/")))); - - p->Remove(kRendererID); -} - TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { base::FilePath granted_file = base::FilePath(TEST_PATH("/home/joe")); base::FilePath sibling_file = base::FilePath(TEST_PATH("/home/bob")); diff --git a/content/browser/renderer_host/render_view_host_impl.cc b/content/browser/renderer_host/render_view_host_impl.cc index 11888c6..689ceed 100644 --- a/content/browser/renderer_host/render_view_host_impl.cc +++ b/content/browser/renderer_host/render_view_host_impl.cc @@ -627,12 +627,8 @@ void RenderViewHostImpl::DragTargetDragEnter( // directories, but dragging a file would cause the read/write access to be // overwritten with read-only access, making them impossible to delete or // rename until the renderer was killed. - if (!policy->CanReadFile(renderer_id, path)) { + if (!policy->CanReadFile(renderer_id, path)) policy->GrantReadFile(renderer_id, path); - // Allow dragged directories to be enumerated by the child process. - // Note that we can't tell a file from a directory at this point. - policy->GrantReadDirectory(renderer_id, path); - } } fileapi::IsolatedContext* isolated_context = diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc index a3aa086..b2d98cf 100644 --- a/content/browser/web_contents/web_contents_impl.cc +++ b/content/browser/web_contents/web_contents_impl.cc @@ -2452,7 +2452,7 @@ void WebContentsImpl::OnEnumerateDirectory(int request_id, ChildProcessSecurityPolicyImpl* policy = ChildProcessSecurityPolicyImpl::GetInstance(); - if (policy->CanReadDirectory(GetRenderProcessHost()->GetID(), path)) + if (policy->CanReadFile(GetRenderProcessHost()->GetID(), path)) delegate_->EnumerateDirectory(this, request_id, path); } |