| blob | b0f9817c85e46a75b8f59ed57956a9f05b68990f |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_
6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_
9 #include <map>
10 #include <set>
11 #include <string>
25 }
29 }
33 class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
36 // Object can only be created through GetInstance() so the constructor is
37 // private.
42 // ChildProcessSecurityPolicy implementation.
85 // Pseudo schemes are treated differently than other schemes because they
86 // cannot be requested like normal URLs. There is no mechanism for revoking
87 // pseudo schemes.
90 // Returns true iff |scheme| has been registered as pseudo scheme.
93 // Upon creation, child processes should register themselves by calling this
94 // this method exactly once.
97 // Upon creation, worker thread child processes should register themselves by
98 // calling this this method exactly once. Workers that are not shared will
99 // inherit permissions from their parent renderer process identified with
100 // |main_render_process_id|.
103 // Upon destruction, child processess should unregister themselves by caling
104 // this method exactly once.
107 // Whenever the browser processes commands the child process to request a URL,
108 // it should call this method to grant the child process the capability to
109 // request the URL, along with permission to request all URLs of the same
110 // scheme.
113 // Whenever the browser process drops a file icon on a tab, it should call
114 // this method to grant the child process the capability to request this one
115 // file:// URL, but not all urls of the file:// scheme.
118 // Revokes all permissions granted to the given file.
121 // Grant the child process the ability to use Web UI Bindings.
124 // Grant the child process the ability to read raw cookies.
127 // Revoke read raw cookies permission.
130 // Grants permission to send system exclusive message to any MIDI devices.
133 // Before servicing a child process's request for a URL, the browser should
134 // call this method to determine whether the process has the capability to
135 // request the URL.
138 // Returns true if the process is permitted to load pages from
139 // the given origin in main frames or subframes.
140 // Only might return false if --site-per-process flag is used.
143 ResourceType resource_type);
145 // Explicit permissions checks for FileSystemURL specified files.
155 // Returns true if the specified child_id has been granted ReadRawCookies.
158 // Returns true if the process is permitted to read and modify the cookies for
159 // the given origin. Does not affect cookies attached to or set by network
160 // requests.
161 // Only might return false if the very experimental
162 // --enable-strict-site-isolation or --site-per-process flags are used.
165 // Returns true if the process is permitted to attach cookies to (or have
166 // cookies set by) network requests.
167 // Only might return false if the very experimental
168 // --enable-strict-site-isolation or --site-per-process flags are used.
171 // Sets the process as only permitted to use and see the cookies for the
172 // given origin.
173 // Only used if the very experimental --enable-strict-site-isolation or
174 // --site-per-process flags are used.
177 // Register FileSystem type and permission policy which should be used
178 // for the type. The |policy| must be a bitwise-or'd value of
179 // storage::FilePermissionPolicy.
183 // Returns true if sending system exclusive messages is allowed.
190 NoLeak);
200 // Obtain an instance of ChildProcessSecurityPolicyImpl via GetInstance().
204 // Adds child process during registration.
207 // Determines if certain permissions were granted for a file to given child
208 // process. |permissions| is an internally defined bit-set.
213 // Grant a particular permission set for a file. |permissions| is an
214 // internally defined bit-set.
219 // Grants access permission to the given isolated file system
220 // identified by |filesystem_id|. See comments for
221 // ChildProcessSecurityPolicy::GrantReadFileSystem() for more details.
227 // Determines if certain permissions were granted for a file. |permissions|
228 // is an internally defined bit-set. If |child_id| is a worker process,
229 // this returns true if either the worker process or its parent renderer
230 // has permissions for the file.
235 // Determines if certain permissions were granted for a file in FileSystem
236 // API. |permissions| is an internally defined bit-set.
241 // Determines if certain permissions were granted for a file system.
242 // |permissions| is an internally defined bit-set.
248 // You must acquire this lock before reading or writing any members of this
249 // class. You must not block while holding this lock.
252 // These schemes are white-listed for all child processes. This set is
253 // protected by |lock_|.
254 SchemeSet web_safe_schemes_;
256 // These schemes do not actually represent retrievable URLs. For example,
257 // the the URLs in the "about" scheme are aliases to other URLs. This set is
258 // protected by |lock_|.
259 SchemeSet pseudo_schemes_;
261 // This map holds a SecurityState for each child process. The key for the
262 // map is the ID of the ChildProcessHost. The SecurityState objects are
263 // owned by this object and are protected by |lock_|. References to them must
264 // not escape this class.
265 SecurityStateMap security_state_;
267 // This maps keeps the record of which js worker thread child process
268 // corresponds to which main js thread child process.
269 WorkerToMainProcessMap worker_map_;
271 FileSystemPermissionPolicyMap file_system_policy_map_;
274 };