Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / content / public / browser / child_process_security_policy.h
blob06f3035558dd18bc6a11b51995e42be6843110f3
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
8 #include <string>
10 #include "base/basictypes.h"
11 #include "content/common/content_export.h"
12 #include "url/gurl.h"
14 namespace base {
15 class FilePath;
18 namespace content {
20 // The ChildProcessSecurityPolicy class is used to grant and revoke security
21 // capabilities for child processes. For example, it restricts whether a child
22 // process is permitted to load file:// URLs based on whether the process
23 // has ever been commanded to load file:// URLs by the browser.
25 // ChildProcessSecurityPolicy is a singleton that may be used on any thread.
27 class ChildProcessSecurityPolicy {
28 public:
29 virtual ~ChildProcessSecurityPolicy() {}
31 // There is one global ChildProcessSecurityPolicy object for the entire
32 // browser process. The object returned by this method may be accessed on
33 // any thread.
34 static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance();
36 // Web-safe schemes can be requested by any child process. Once a web-safe
37 // scheme has been registered, any child process can request URLs with
38 // that scheme. There is no mechanism for revoking web-safe schemes.
39 virtual void RegisterWebSafeScheme(const std::string& scheme) = 0;
41 // Returns true iff |scheme| has been registered as a web-safe scheme.
42 virtual bool IsWebSafeScheme(const std::string& scheme) = 0;
44 // This permission grants only read access to a file.
45 // Whenever the user picks a file from a <input type="file"> element, the
46 // browser should call this function to grant the child process the capability
47 // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY.
48 virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0;
50 // This permission grants creation, read, and full write access to a file,
51 // including attributes.
52 virtual void GrantCreateReadWriteFile(int child_id,
53 const base::FilePath& file) = 0;
55 // This permission grants copy-into permission for |dir|.
56 virtual void GrantCopyInto(int child_id, const base::FilePath& dir) = 0;
58 // This permission grants delete permission for |dir|.
59 virtual void GrantDeleteFrom(int child_id, const base::FilePath& dir) = 0;
61 // These methods verify whether or not the child process has been granted
62 // permissions perform these functions on |file|.
64 // Before servicing a child process's request to upload a file to the web, the
65 // browser should call this method to determine whether the process has the
66 // capability to upload the requested file.
67 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0;
68 virtual bool CanCreateReadWriteFile(int child_id,
69 const base::FilePath& file) = 0;
71 // Grants read access permission to the given isolated file system
72 // identified by |filesystem_id|. An isolated file system can be
73 // created for a set of native files/directories (like dropped files)
74 // using storage::IsolatedContext. A child process needs to be granted
75 // permission to the file system to access the files in it using
76 // file system URL. You do NOT need to give direct permission to
77 // individual file paths.
79 // Note: files/directories in the same file system share the same
80 // permission as far as they are accessed via the file system, i.e.
81 // using the file system URL (tip: you can create a new file system
82 // to give different permission to part of files).
83 virtual void GrantReadFileSystem(int child_id,
84 const std::string& filesystem_id) = 0;
86 // Grants write access permission to the given isolated file system
87 // identified by |filesystem_id|. See comments for GrantReadFileSystem
88 // for more details. You do NOT need to give direct permission to
89 // individual file paths.
91 // This must be called with a great care as this gives write permission
92 // to all files/directories included in the file system.
93 virtual void GrantWriteFileSystem(int child_id,
94 const std::string& filesystem_id) = 0;
96 // Grants create file permission to the given isolated file system
97 // identified by |filesystem_id|. See comments for GrantReadFileSystem
98 // for more details. You do NOT need to give direct permission to
99 // individual file paths.
101 // This must be called with a great care as this gives create permission
102 // within all directories included in the file system.
103 virtual void GrantCreateFileForFileSystem(
104 int child_id,
105 const std::string& filesystem_id) = 0;
107 // Grants create, read and write access permissions to the given isolated
108 // file system identified by |filesystem_id|. See comments for
109 // GrantReadFileSystem for more details. You do NOT need to give direct
110 // permission to individual file paths.
112 // This must be called with a great care as this gives create, read and write
113 // permissions to all files/directories included in the file system.
114 virtual void GrantCreateReadWriteFileSystem(
115 int child_id,
116 const std::string& filesystem_id) = 0;
118 // Grants permission to copy-into filesystem |filesystem_id|. 'copy-into'
119 // is used to allow copying files into the destination filesystem without
120 // granting more general create and write permissions.
121 virtual void GrantCopyIntoFileSystem(int child_id,
122 const std::string& filesystem_id) = 0;
124 // Grants permission to delete from filesystem |filesystem_id|. 'delete-from'
125 // is used to allow deleting files into the destination filesystem without
126 // granting more general create and write permissions.
127 virtual void GrantDeleteFromFileSystem(int child_id,
128 const std::string& filesystem_id) = 0;
130 // Grants the child process the capability to access URLs of the provided
131 // scheme.
132 virtual void GrantScheme(int child_id, const std::string& scheme) = 0;
134 // Returns true if read access has been granted to |filesystem_id|.
135 virtual bool CanReadFileSystem(int child_id,
136 const std::string& filesystem_id) = 0;
138 // Returns true if read and write access has been granted to |filesystem_id|.
139 virtual bool CanReadWriteFileSystem(int child_id,
140 const std::string& filesystem_id) = 0;
142 // Returns true if copy-into access has been granted to |filesystem_id|.
143 virtual bool CanCopyIntoFileSystem(int child_id,
144 const std::string& filesystem_id) = 0;
146 // Returns true if delete-from access has been granted to |filesystem_id|.
147 virtual bool CanDeleteFromFileSystem(int child_id,
148 const std::string& filesystem_id) = 0;
150 // Returns true if the specified child_id has been granted WebUI bindings.
151 // The browser should check this property before assuming the child process
152 // is allowed to use WebUI bindings.
153 virtual bool HasWebUIBindings(int child_id) = 0;
155 // Grants permission to send system exclusive message to any MIDI devices.
156 virtual void GrantSendMidiSysExMessage(int child_id) = 0;
158 // Returns true if the process is permitted to read and modify the data for
159 // the given origin. This is currently used for cookies and passwords.
160 // Does not affect cookies attached to or set by network requests.
161 // Only might return false if the --site-per-process flag is used.
162 virtual bool CanAccessDataForOrigin(int child_id, const GURL& gurl) = 0;
165 } // namespace content
167 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_