Add ICU message format support
[chromium-blink-merge.git] / content / browser / child_process_security_policy_impl.cc
blob7c96e7b6c4069dd77ad8621265f25ca0614cafe7
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/browser/child_process_security_policy_impl.h"
7 #include "base/command_line.h"
8 #include "base/files/file_path.h"
9 #include "base/logging.h"
10 #include "base/metrics/histogram.h"
11 #include "base/stl_util.h"
12 #include "base/strings/string_util.h"
13 #include "content/browser/plugin_process_host.h"
14 #include "content/browser/site_instance_impl.h"
15 #include "content/common/site_isolation_policy.h"
16 #include "content/public/browser/child_process_data.h"
17 #include "content/public/browser/content_browser_client.h"
18 #include "content/public/browser/render_process_host.h"
19 #include "content/public/common/bindings_policy.h"
20 #include "content/public/common/url_constants.h"
21 #include "net/base/filename_util.h"
22 #include "net/url_request/url_request.h"
23 #include "storage/browser/fileapi/file_permission_policy.h"
24 #include "storage/browser/fileapi/file_system_url.h"
25 #include "storage/browser/fileapi/isolated_context.h"
26 #include "storage/common/fileapi/file_system_util.h"
27 #include "url/gurl.h"
29 namespace content {
31 namespace {
33 // Used internally only. These bit positions have no relationship to any
34 // underlying OS and can be changed to accommodate finer-grained permissions.
35 enum ChildProcessSecurityPermissions {
36 READ_FILE_PERMISSION = 1 << 0,
37 WRITE_FILE_PERMISSION = 1 << 1,
38 CREATE_NEW_FILE_PERMISSION = 1 << 2,
39 CREATE_OVERWRITE_FILE_PERMISSION = 1 << 3,
40 DELETE_FILE_PERMISSION = 1 << 4,
42 // Used by Media Galleries API
43 COPY_INTO_FILE_PERMISSION = 1 << 5,
46 // Used internally only. Bitmasks that are actually used by the Grant* and Can*
47 // methods. These contain one or more ChildProcessSecurityPermissions.
48 enum ChildProcessSecurityGrants {
49 READ_FILE_GRANT = READ_FILE_PERMISSION,
50 WRITE_FILE_GRANT = WRITE_FILE_PERMISSION,
52 CREATE_NEW_FILE_GRANT = CREATE_NEW_FILE_PERMISSION |
53 COPY_INTO_FILE_PERMISSION,
55 CREATE_READ_WRITE_FILE_GRANT = CREATE_NEW_FILE_PERMISSION |
56 CREATE_OVERWRITE_FILE_PERMISSION |
57 READ_FILE_PERMISSION |
58 WRITE_FILE_PERMISSION |
59 COPY_INTO_FILE_PERMISSION |
60 DELETE_FILE_PERMISSION,
62 COPY_INTO_FILE_GRANT = COPY_INTO_FILE_PERMISSION,
63 DELETE_FILE_GRANT = DELETE_FILE_PERMISSION,
66 } // namespace
68 // The SecurityState class is used to maintain per-child process security state
69 // information.
70 class ChildProcessSecurityPolicyImpl::SecurityState {
71 public:
72 SecurityState()
73 : enabled_bindings_(0),
74 can_read_raw_cookies_(false),
75 can_send_midi_sysex_(false) { }
77 ~SecurityState() {
78 scheme_policy_.clear();
79 storage::IsolatedContext* isolated_context =
80 storage::IsolatedContext::GetInstance();
81 for (FileSystemMap::iterator iter = filesystem_permissions_.begin();
82 iter != filesystem_permissions_.end();
83 ++iter) {
84 isolated_context->RemoveReference(iter->first);
86 UMA_HISTOGRAM_COUNTS("ChildProcessSecurityPolicy.PerChildFilePermissions",
87 file_permissions_.size());
90 // Grant permission to request URLs with the specified scheme.
91 void GrantScheme(const std::string& scheme) {
92 scheme_policy_[scheme] = true;
95 // Revoke permission to request URLs with the specified scheme.
96 void RevokeScheme(const std::string& scheme) {
97 scheme_policy_[scheme] = false;
100 // Grant certain permissions to a file.
101 void GrantPermissionsForFile(const base::FilePath& file, int permissions) {
102 base::FilePath stripped = file.StripTrailingSeparators();
103 file_permissions_[stripped] |= permissions;
104 UMA_HISTOGRAM_COUNTS("ChildProcessSecurityPolicy.FilePermissionPathLength",
105 stripped.value().size());
108 // Grant navigation to a file but not the file:// scheme in general.
109 void GrantRequestOfSpecificFile(const base::FilePath &file) {
110 request_file_set_.insert(file.StripTrailingSeparators());
113 // Revokes all permissions granted to a file.
114 void RevokeAllPermissionsForFile(const base::FilePath& file) {
115 base::FilePath stripped = file.StripTrailingSeparators();
116 file_permissions_.erase(stripped);
117 request_file_set_.erase(stripped);
120 // Grant certain permissions to a file.
121 void GrantPermissionsForFileSystem(const std::string& filesystem_id,
122 int permissions) {
123 if (!ContainsKey(filesystem_permissions_, filesystem_id))
124 storage::IsolatedContext::GetInstance()->AddReference(filesystem_id);
125 filesystem_permissions_[filesystem_id] |= permissions;
128 bool HasPermissionsForFileSystem(const std::string& filesystem_id,
129 int permissions) {
130 FileSystemMap::const_iterator it =
131 filesystem_permissions_.find(filesystem_id);
132 if (it == filesystem_permissions_.end())
133 return false;
134 return (it->second & permissions) == permissions;
137 #if defined(OS_ANDROID)
138 // Determine if the certain permissions have been granted to a content URI.
139 bool HasPermissionsForContentUri(const base::FilePath& file,
140 int permissions) {
141 DCHECK(!file.empty());
142 DCHECK(file.IsContentUri());
143 if (!permissions)
144 return false;
145 base::FilePath file_path = file.StripTrailingSeparators();
146 FileMap::const_iterator it = file_permissions_.find(file_path);
147 if (it != file_permissions_.end())
148 return (it->second & permissions) == permissions;
149 return false;
151 #endif
153 void GrantBindings(int bindings) {
154 enabled_bindings_ |= bindings;
157 void GrantReadRawCookies() {
158 can_read_raw_cookies_ = true;
161 void RevokeReadRawCookies() {
162 can_read_raw_cookies_ = false;
165 void GrantPermissionForMidiSysEx() {
166 can_send_midi_sysex_ = true;
169 // Determine whether permission has been granted to request |url|.
170 bool CanRequestURL(const GURL& url) {
171 // Having permission to a scheme implies permssion to all of its URLs.
172 SchemeMap::const_iterator judgment(scheme_policy_.find(url.scheme()));
173 if (judgment != scheme_policy_.end())
174 return judgment->second;
176 // file:// URLs are more granular. The child may have been given
177 // permission to a specific file but not the file:// scheme in general.
178 if (url.SchemeIs(url::kFileScheme)) {
179 base::FilePath path;
180 if (net::FileURLToFilePath(url, &path))
181 return ContainsKey(request_file_set_, path);
184 return false; // Unmentioned schemes are disallowed.
187 // Determine if the certain permissions have been granted to a file.
188 bool HasPermissionsForFile(const base::FilePath& file, int permissions) {
189 #if defined(OS_ANDROID)
190 if (file.IsContentUri())
191 return HasPermissionsForContentUri(file, permissions);
192 #endif
193 if (!permissions || file.empty() || !file.IsAbsolute())
194 return false;
195 base::FilePath current_path = file.StripTrailingSeparators();
196 base::FilePath last_path;
197 int skip = 0;
198 while (current_path != last_path) {
199 base::FilePath base_name = current_path.BaseName();
200 if (base_name.value() == base::FilePath::kParentDirectory) {
201 ++skip;
202 } else if (skip > 0) {
203 if (base_name.value() != base::FilePath::kCurrentDirectory)
204 --skip;
205 } else {
206 FileMap::const_iterator it = file_permissions_.find(current_path);
207 if (it != file_permissions_.end())
208 return (it->second & permissions) == permissions;
210 last_path = current_path;
211 current_path = current_path.DirName();
214 return false;
217 bool CanAccessDataForOrigin(const GURL& gurl) {
218 if (origin_lock_.is_empty())
219 return true;
220 // TODO(creis): We must pass the valid browser_context to convert hosted
221 // apps URLs. Currently, hosted apps cannot set cookies in this mode.
222 // See http://crbug.com/160576.
223 GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl);
224 return origin_lock_ == site_gurl;
227 void LockToOrigin(const GURL& gurl) {
228 origin_lock_ = gurl;
231 bool has_web_ui_bindings() const {
232 return enabled_bindings_ & BINDINGS_POLICY_WEB_UI;
235 bool can_read_raw_cookies() const {
236 return can_read_raw_cookies_;
239 bool can_send_midi_sysex() const {
240 return can_send_midi_sysex_;
243 private:
244 typedef std::map<std::string, bool> SchemeMap;
246 typedef int FilePermissionFlags; // bit-set of base::File::Flags
247 typedef std::map<base::FilePath, FilePermissionFlags> FileMap;
248 typedef std::map<std::string, FilePermissionFlags> FileSystemMap;
249 typedef std::set<base::FilePath> FileSet;
251 // Maps URL schemes to whether permission has been granted or revoked:
252 // |true| means the scheme has been granted.
253 // |false| means the scheme has been revoked.
254 // If a scheme is not present in the map, then it has never been granted
255 // or revoked.
256 SchemeMap scheme_policy_;
258 // The set of files the child process is permited to upload to the web.
259 FileMap file_permissions_;
261 // The set of files the child process is permitted to load.
262 FileSet request_file_set_;
264 int enabled_bindings_;
266 bool can_read_raw_cookies_;
268 bool can_send_midi_sysex_;
270 GURL origin_lock_;
272 // The set of isolated filesystems the child process is permitted to access.
273 FileSystemMap filesystem_permissions_;
275 DISALLOW_COPY_AND_ASSIGN(SecurityState);
278 ChildProcessSecurityPolicyImpl::ChildProcessSecurityPolicyImpl() {
279 // We know about these schemes and believe them to be safe.
280 RegisterWebSafeScheme(url::kHttpScheme);
281 RegisterWebSafeScheme(url::kHttpsScheme);
282 RegisterWebSafeScheme(url::kFtpScheme);
283 RegisterWebSafeScheme(url::kDataScheme);
284 RegisterWebSafeScheme("feed");
285 RegisterWebSafeScheme(url::kBlobScheme);
286 RegisterWebSafeScheme(url::kFileSystemScheme);
288 // We know about the following pseudo schemes and treat them specially.
289 RegisterPseudoScheme(url::kAboutScheme);
290 RegisterPseudoScheme(url::kJavaScriptScheme);
291 RegisterPseudoScheme(kViewSourceScheme);
294 ChildProcessSecurityPolicyImpl::~ChildProcessSecurityPolicyImpl() {
295 web_safe_schemes_.clear();
296 pseudo_schemes_.clear();
297 STLDeleteContainerPairSecondPointers(security_state_.begin(),
298 security_state_.end());
299 security_state_.clear();
302 // static
303 ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() {
304 return ChildProcessSecurityPolicyImpl::GetInstance();
307 ChildProcessSecurityPolicyImpl* ChildProcessSecurityPolicyImpl::GetInstance() {
308 return Singleton<ChildProcessSecurityPolicyImpl>::get();
311 void ChildProcessSecurityPolicyImpl::Add(int child_id) {
312 base::AutoLock lock(lock_);
313 AddChild(child_id);
316 void ChildProcessSecurityPolicyImpl::AddWorker(int child_id,
317 int main_render_process_id) {
318 base::AutoLock lock(lock_);
319 AddChild(child_id);
320 worker_map_[child_id] = main_render_process_id;
323 void ChildProcessSecurityPolicyImpl::Remove(int child_id) {
324 base::AutoLock lock(lock_);
325 SecurityStateMap::iterator it = security_state_.find(child_id);
326 if (it == security_state_.end())
327 return; // May be called multiple times.
329 delete it->second;
330 security_state_.erase(it);
331 worker_map_.erase(child_id);
334 void ChildProcessSecurityPolicyImpl::RegisterWebSafeScheme(
335 const std::string& scheme) {
336 base::AutoLock lock(lock_);
337 DCHECK_EQ(0U, web_safe_schemes_.count(scheme)) << "Add schemes at most once.";
338 DCHECK_EQ(0U, pseudo_schemes_.count(scheme))
339 << "Web-safe implies not pseudo.";
341 web_safe_schemes_.insert(scheme);
344 bool ChildProcessSecurityPolicyImpl::IsWebSafeScheme(
345 const std::string& scheme) {
346 base::AutoLock lock(lock_);
348 return ContainsKey(web_safe_schemes_, scheme);
351 void ChildProcessSecurityPolicyImpl::RegisterPseudoScheme(
352 const std::string& scheme) {
353 base::AutoLock lock(lock_);
354 DCHECK_EQ(0U, pseudo_schemes_.count(scheme)) << "Add schemes at most once.";
355 DCHECK_EQ(0U, web_safe_schemes_.count(scheme))
356 << "Pseudo implies not web-safe.";
358 pseudo_schemes_.insert(scheme);
361 bool ChildProcessSecurityPolicyImpl::IsPseudoScheme(
362 const std::string& scheme) {
363 base::AutoLock lock(lock_);
365 return ContainsKey(pseudo_schemes_, scheme);
368 void ChildProcessSecurityPolicyImpl::GrantRequestURL(
369 int child_id, const GURL& url) {
371 if (!url.is_valid())
372 return; // Can't grant the capability to request invalid URLs.
374 if (IsWebSafeScheme(url.scheme()))
375 return; // The scheme has already been whitelisted for every child process.
377 if (IsPseudoScheme(url.scheme())) {
378 // The view-source scheme is a special case of a pseudo-URL that eventually
379 // results in requesting its embedded URL.
380 if (url.SchemeIs(kViewSourceScheme)) {
381 // URLs with the view-source scheme typically look like:
382 // view-source:http://www.google.com/a
383 // In order to request these URLs, the child_id needs to be able to
384 // request the embedded URL.
385 GrantRequestURL(child_id, GURL(url.GetContent()));
388 return; // Can't grant the capability to request pseudo schemes.
392 base::AutoLock lock(lock_);
393 SecurityStateMap::iterator state = security_state_.find(child_id);
394 if (state == security_state_.end())
395 return;
397 // When the child process has been commanded to request this scheme,
398 // we grant it the capability to request all URLs of that scheme.
399 state->second->GrantScheme(url.scheme());
403 void ChildProcessSecurityPolicyImpl::GrantRequestSpecificFileURL(
404 int child_id,
405 const GURL& url) {
406 if (!url.SchemeIs(url::kFileScheme))
407 return;
410 base::AutoLock lock(lock_);
411 SecurityStateMap::iterator state = security_state_.find(child_id);
412 if (state == security_state_.end())
413 return;
415 // When the child process has been commanded to request a file:// URL,
416 // then we grant it the capability for that URL only.
417 base::FilePath path;
418 if (net::FileURLToFilePath(url, &path))
419 state->second->GrantRequestOfSpecificFile(path);
423 void ChildProcessSecurityPolicyImpl::GrantReadFile(int child_id,
424 const base::FilePath& file) {
425 GrantPermissionsForFile(child_id, file, READ_FILE_GRANT);
428 void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFile(
429 int child_id, const base::FilePath& file) {
430 GrantPermissionsForFile(child_id, file, CREATE_READ_WRITE_FILE_GRANT);
433 void ChildProcessSecurityPolicyImpl::GrantCopyInto(int child_id,
434 const base::FilePath& dir) {
435 GrantPermissionsForFile(child_id, dir, COPY_INTO_FILE_GRANT);
438 void ChildProcessSecurityPolicyImpl::GrantDeleteFrom(
439 int child_id, const base::FilePath& dir) {
440 GrantPermissionsForFile(child_id, dir, DELETE_FILE_GRANT);
443 void ChildProcessSecurityPolicyImpl::GrantPermissionsForFile(
444 int child_id, const base::FilePath& file, int permissions) {
445 base::AutoLock lock(lock_);
447 SecurityStateMap::iterator state = security_state_.find(child_id);
448 if (state == security_state_.end())
449 return;
451 state->second->GrantPermissionsForFile(file, permissions);
454 void ChildProcessSecurityPolicyImpl::RevokeAllPermissionsForFile(
455 int child_id, const base::FilePath& file) {
456 base::AutoLock lock(lock_);
458 SecurityStateMap::iterator state = security_state_.find(child_id);
459 if (state == security_state_.end())
460 return;
462 state->second->RevokeAllPermissionsForFile(file);
465 void ChildProcessSecurityPolicyImpl::GrantReadFileSystem(
466 int child_id, const std::string& filesystem_id) {
467 GrantPermissionsForFileSystem(child_id, filesystem_id, READ_FILE_GRANT);
470 void ChildProcessSecurityPolicyImpl::GrantWriteFileSystem(
471 int child_id, const std::string& filesystem_id) {
472 GrantPermissionsForFileSystem(child_id, filesystem_id, WRITE_FILE_GRANT);
475 void ChildProcessSecurityPolicyImpl::GrantCreateFileForFileSystem(
476 int child_id, const std::string& filesystem_id) {
477 GrantPermissionsForFileSystem(child_id, filesystem_id, CREATE_NEW_FILE_GRANT);
480 void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFileSystem(
481 int child_id, const std::string& filesystem_id) {
482 GrantPermissionsForFileSystem(
483 child_id, filesystem_id, CREATE_READ_WRITE_FILE_GRANT);
486 void ChildProcessSecurityPolicyImpl::GrantCopyIntoFileSystem(
487 int child_id, const std::string& filesystem_id) {
488 GrantPermissionsForFileSystem(child_id, filesystem_id, COPY_INTO_FILE_GRANT);
491 void ChildProcessSecurityPolicyImpl::GrantDeleteFromFileSystem(
492 int child_id, const std::string& filesystem_id) {
493 GrantPermissionsForFileSystem(child_id, filesystem_id, DELETE_FILE_GRANT);
496 void ChildProcessSecurityPolicyImpl::GrantSendMidiSysExMessage(int child_id) {
497 base::AutoLock lock(lock_);
499 SecurityStateMap::iterator state = security_state_.find(child_id);
500 if (state == security_state_.end())
501 return;
503 state->second->GrantPermissionForMidiSysEx();
506 void ChildProcessSecurityPolicyImpl::GrantScheme(int child_id,
507 const std::string& scheme) {
508 base::AutoLock lock(lock_);
510 SecurityStateMap::iterator state = security_state_.find(child_id);
511 if (state == security_state_.end())
512 return;
514 state->second->GrantScheme(scheme);
517 void ChildProcessSecurityPolicyImpl::GrantWebUIBindings(int child_id) {
518 base::AutoLock lock(lock_);
520 SecurityStateMap::iterator state = security_state_.find(child_id);
521 if (state == security_state_.end())
522 return;
524 state->second->GrantBindings(BINDINGS_POLICY_WEB_UI);
526 // Web UI bindings need the ability to request chrome: URLs.
527 state->second->GrantScheme(kChromeUIScheme);
529 // Web UI pages can contain links to file:// URLs.
530 state->second->GrantScheme(url::kFileScheme);
533 void ChildProcessSecurityPolicyImpl::GrantReadRawCookies(int child_id) {
534 base::AutoLock lock(lock_);
536 SecurityStateMap::iterator state = security_state_.find(child_id);
537 if (state == security_state_.end())
538 return;
540 state->second->GrantReadRawCookies();
543 void ChildProcessSecurityPolicyImpl::RevokeReadRawCookies(int child_id) {
544 base::AutoLock lock(lock_);
546 SecurityStateMap::iterator state = security_state_.find(child_id);
547 if (state == security_state_.end())
548 return;
550 state->second->RevokeReadRawCookies();
553 bool ChildProcessSecurityPolicyImpl::CanRequestURL(
554 int child_id, const GURL& url) {
555 if (!url.is_valid())
556 return false; // Can't request invalid URLs.
558 if (IsWebSafeScheme(url.scheme()))
559 return true; // The scheme has been white-listed for every child process.
561 if (IsPseudoScheme(url.scheme())) {
562 // There are a number of special cases for pseudo schemes.
564 if (url.SchemeIs(kViewSourceScheme)) {
565 // A view-source URL is allowed if the child process is permitted to
566 // request the embedded URL. Careful to avoid pointless recursion.
567 GURL child_url(url.GetContent());
568 if (child_url.SchemeIs(kViewSourceScheme) &&
569 url.SchemeIs(kViewSourceScheme))
570 return false;
572 return CanRequestURL(child_id, child_url);
575 if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL))
576 return true; // Every child process can request <about:blank>.
578 // URLs like <about:memory> and <about:crash> shouldn't be requestable by
579 // any child process. Also, this case covers <javascript:...>, which should
580 // be handled internally by the process and not kicked up to the browser.
581 return false;
584 if (!GetContentClient()->browser()->IsHandledURL(url) &&
585 !net::URLRequest::IsHandledURL(url)) {
586 return true; // This URL request is destined for ShellExecute.
590 base::AutoLock lock(lock_);
592 SecurityStateMap::iterator state = security_state_.find(child_id);
593 if (state == security_state_.end())
594 return false;
596 // Otherwise, we consult the child process's security state to see if it is
597 // allowed to request the URL.
598 return state->second->CanRequestURL(url);
602 bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id,
603 const base::FilePath& file) {
604 return HasPermissionsForFile(child_id, file, READ_FILE_GRANT);
607 bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile(
608 int child_id,
609 const base::FilePath& file) {
610 return HasPermissionsForFile(child_id, file, CREATE_READ_WRITE_FILE_GRANT);
613 bool ChildProcessSecurityPolicyImpl::CanReadFileSystem(
614 int child_id, const std::string& filesystem_id) {
615 return HasPermissionsForFileSystem(child_id, filesystem_id, READ_FILE_GRANT);
618 bool ChildProcessSecurityPolicyImpl::CanReadWriteFileSystem(
619 int child_id, const std::string& filesystem_id) {
620 return HasPermissionsForFileSystem(child_id, filesystem_id,
621 READ_FILE_GRANT | WRITE_FILE_GRANT);
624 bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystem(
625 int child_id, const std::string& filesystem_id) {
626 return HasPermissionsForFileSystem(child_id, filesystem_id,
627 COPY_INTO_FILE_GRANT);
630 bool ChildProcessSecurityPolicyImpl::CanDeleteFromFileSystem(
631 int child_id, const std::string& filesystem_id) {
632 return HasPermissionsForFileSystem(child_id, filesystem_id,
633 DELETE_FILE_GRANT);
636 bool ChildProcessSecurityPolicyImpl::HasPermissionsForFile(
637 int child_id, const base::FilePath& file, int permissions) {
638 base::AutoLock lock(lock_);
639 bool result = ChildProcessHasPermissionsForFile(child_id, file, permissions);
640 if (!result) {
641 // If this is a worker thread that has no access to a given file,
642 // let's check that its renderer process has access to that file instead.
643 WorkerToMainProcessMap::iterator iter = worker_map_.find(child_id);
644 if (iter != worker_map_.end() && iter->second != 0) {
645 result = ChildProcessHasPermissionsForFile(iter->second,
646 file,
647 permissions);
650 return result;
653 bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile(
654 int child_id,
655 const storage::FileSystemURL& url,
656 int permissions) {
657 if (!url.is_valid())
658 return false;
660 if (url.path().ReferencesParent())
661 return false;
663 // Any write access is disallowed on the root path.
664 if (storage::VirtualPath::IsRootPath(url.path()) &&
665 (permissions & ~READ_FILE_GRANT)) {
666 return false;
669 if (url.mount_type() == storage::kFileSystemTypeIsolated) {
670 // When Isolated filesystems is overlayed on top of another filesystem,
671 // its per-filesystem permission overrides the underlying filesystem
672 // permissions).
673 return HasPermissionsForFileSystem(
674 child_id, url.mount_filesystem_id(), permissions);
677 FileSystemPermissionPolicyMap::iterator found =
678 file_system_policy_map_.find(url.type());
679 if (found == file_system_policy_map_.end())
680 return false;
682 if ((found->second & storage::FILE_PERMISSION_READ_ONLY) &&
683 permissions & ~READ_FILE_GRANT) {
684 return false;
687 if (found->second & storage::FILE_PERMISSION_USE_FILE_PERMISSION)
688 return HasPermissionsForFile(child_id, url.path(), permissions);
690 if (found->second & storage::FILE_PERMISSION_SANDBOX)
691 return true;
693 return false;
696 bool ChildProcessSecurityPolicyImpl::CanReadFileSystemFile(
697 int child_id,
698 const storage::FileSystemURL& url) {
699 return HasPermissionsForFileSystemFile(child_id, url, READ_FILE_GRANT);
702 bool ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile(
703 int child_id,
704 const storage::FileSystemURL& url) {
705 return HasPermissionsForFileSystemFile(child_id, url, WRITE_FILE_GRANT);
708 bool ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile(
709 int child_id,
710 const storage::FileSystemURL& url) {
711 return HasPermissionsForFileSystemFile(child_id, url, CREATE_NEW_FILE_GRANT);
714 bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile(
715 int child_id,
716 const storage::FileSystemURL& url) {
717 return HasPermissionsForFileSystemFile(child_id, url,
718 CREATE_READ_WRITE_FILE_GRANT);
721 bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystemFile(
722 int child_id,
723 const storage::FileSystemURL& url) {
724 return HasPermissionsForFileSystemFile(child_id, url, COPY_INTO_FILE_GRANT);
727 bool ChildProcessSecurityPolicyImpl::CanDeleteFileSystemFile(
728 int child_id,
729 const storage::FileSystemURL& url) {
730 return HasPermissionsForFileSystemFile(child_id, url, DELETE_FILE_GRANT);
733 bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) {
734 base::AutoLock lock(lock_);
736 SecurityStateMap::iterator state = security_state_.find(child_id);
737 if (state == security_state_.end())
738 return false;
740 return state->second->has_web_ui_bindings();
743 bool ChildProcessSecurityPolicyImpl::CanReadRawCookies(int child_id) {
744 base::AutoLock lock(lock_);
746 SecurityStateMap::iterator state = security_state_.find(child_id);
747 if (state == security_state_.end())
748 return false;
750 return state->second->can_read_raw_cookies();
753 void ChildProcessSecurityPolicyImpl::AddChild(int child_id) {
754 if (security_state_.count(child_id) != 0) {
755 NOTREACHED() << "Add child process at most once.";
756 return;
759 security_state_[child_id] = new SecurityState();
762 bool ChildProcessSecurityPolicyImpl::ChildProcessHasPermissionsForFile(
763 int child_id, const base::FilePath& file, int permissions) {
764 SecurityStateMap::iterator state = security_state_.find(child_id);
765 if (state == security_state_.end())
766 return false;
767 return state->second->HasPermissionsForFile(file, permissions);
770 bool ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin(int child_id,
771 const GURL& gurl) {
772 base::AutoLock lock(lock_);
773 SecurityStateMap::iterator state = security_state_.find(child_id);
774 if (state == security_state_.end())
775 return false;
776 return state->second->CanAccessDataForOrigin(gurl);
779 void ChildProcessSecurityPolicyImpl::LockToOrigin(int child_id,
780 const GURL& gurl) {
781 // "gurl" can be currently empty in some cases, such as file://blah.
782 DCHECK(SiteInstanceImpl::GetSiteForURL(NULL, gurl) == gurl);
783 base::AutoLock lock(lock_);
784 SecurityStateMap::iterator state = security_state_.find(child_id);
785 DCHECK(state != security_state_.end());
786 state->second->LockToOrigin(gurl);
789 void ChildProcessSecurityPolicyImpl::GrantPermissionsForFileSystem(
790 int child_id,
791 const std::string& filesystem_id,
792 int permission) {
793 base::AutoLock lock(lock_);
795 SecurityStateMap::iterator state = security_state_.find(child_id);
796 if (state == security_state_.end())
797 return;
798 state->second->GrantPermissionsForFileSystem(filesystem_id, permission);
801 bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystem(
802 int child_id,
803 const std::string& filesystem_id,
804 int permission) {
805 base::AutoLock lock(lock_);
807 SecurityStateMap::iterator state = security_state_.find(child_id);
808 if (state == security_state_.end())
809 return false;
810 return state->second->HasPermissionsForFileSystem(filesystem_id, permission);
813 void ChildProcessSecurityPolicyImpl::RegisterFileSystemPermissionPolicy(
814 storage::FileSystemType type,
815 int policy) {
816 base::AutoLock lock(lock_);
817 file_system_policy_map_[type] = policy;
820 bool ChildProcessSecurityPolicyImpl::CanSendMidiSysExMessage(int child_id) {
821 base::AutoLock lock(lock_);
823 SecurityStateMap::iterator state = security_state_.find(child_id);
824 if (state == security_state_.end())
825 return false;
827 return state->second->can_send_midi_sysex();
830 } // namespace content