From 9f10431779fbe82df67ea79eddd99b1575c9c011 Mon Sep 17 00:00:00 2001 From: "tommycli@chromium.org" Date: Tue, 23 Jul 2013 23:18:19 +0000 Subject: ChildProcessSecurityPolicy: Deprecate bitmask-based permissions checks for files. HasPermissionsForFile and HasPermissionsForFilesystemFile is currently used as general bitmask-based permissions querying functions for files. This change deprecates those functions and adds some additional explicit grants and grant-checking methods instead. The larger goal is to deprecate all usage of PlatformFile bitmasks in ChildProcessSecurityPolicy in favor of explicitly granted permissions. This is to improve security and allow for a permissions set different than PlatformFile. See https://chromiumcodereview.appspot.com/18129002. Original post by vandebo: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/2cGLolxsOs4/Ga8eF7iEejkJ BUG=262142 Review URL: https://chromiumcodereview.appspot.com/19599006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@213262 0039d316-1c4b-4281-b951-d872f2087c98 --- content/browser/child_process_security_policy_impl.h | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'content/browser/child_process_security_policy_impl.h') diff --git a/content/browser/child_process_security_policy_impl.h b/content/browser/child_process_security_policy_impl.h index 66a5335..3477f1e 100644 --- a/content/browser/child_process_security_policy_impl.h +++ b/content/browser/child_process_security_policy_impl.h @@ -44,7 +44,7 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl virtual bool IsWebSafeScheme(const std::string& scheme) OVERRIDE; virtual void GrantReadFile(int child_id, const base::FilePath& file) OVERRIDE; virtual void GrantCreateReadWriteFile(int child_id, - const base::FilePath& file) OVERRIDE; + const base::FilePath& file) OVERRIDE; virtual void GrantCreateWriteFile(int child_id, const base::FilePath& file) OVERRIDE; virtual void GrantReadFileSystem( @@ -61,6 +61,10 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl const std::string& filesystem_id) OVERRIDE; virtual void GrantScheme(int child_id, const std::string& scheme) OVERRIDE; virtual bool CanReadFile(int child_id, const base::FilePath& file) OVERRIDE; + virtual bool CanWriteFile(int child_id, const base::FilePath& file) OVERRIDE; + virtual bool CanCreateFile(int child_id, const base::FilePath& file) OVERRIDE; + virtual bool CanCreateWriteFile(int child_id, + const base::FilePath& file) OVERRIDE; virtual bool CanReadFileSystem(int child_id, const std::string& filesystem_id) OVERRIDE; virtual bool CanReadWriteFileSystem( @@ -134,18 +138,27 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl // the browser should call this method to check for the capability. bool CanReadDirectory(int child_id, const base::FilePath& directory); + // Deprecated: Use CanReadFile, etc. methods instead. // Determines if certain permissions were granted for a file. |permissions| // must be a bitwise-or'd value of base::PlatformFileFlags. bool HasPermissionsForFile(int child_id, const base::FilePath& file, int permissions); + // Deprecated: Use CanReadFileSystemFile, etc. methods instead. // Determines if certain permissions were granted for a file in FileSystem // API. |permissions| must be a bitwise-or'd value of base::PlatformFileFlags. bool HasPermissionsForFileSystemFile(int child_id, const fileapi::FileSystemURL& url, int permissions); + // Explicit permissions checks for FileSystemURL specified files. + bool CanReadFileSystemFile(int child_id, const fileapi::FileSystemURL& url); + bool CanWriteFileSystemFile(int child_id, const fileapi::FileSystemURL& url); + bool CanCreateFileSystemFile(int child_id, const fileapi::FileSystemURL& url); + bool CanCreateWriteFileSystemFile(int child_id, + const fileapi::FileSystemURL& url); + // Returns true if the specified child_id has been granted WebUIBindings. // The browser should check this property before assuming the child process is // allowed to use WebUIBindings. -- cgit v1.1