Re-subimission of https://codereview.chromium.org/1041213003/
[chromium-blink-merge.git] / content / public / browser / child_process_security_policy.h
blobb2a343f05b142ecd67c37bf9627f989428c05319
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
8 #include <string>
10 #include "base/basictypes.h"
11 #include "content/common/content_export.h"
13 namespace base {
14 class FilePath;
17 namespace content {
19 // The ChildProcessSecurityPolicy class is used to grant and revoke security
20 // capabilities for child processes. For example, it restricts whether a child
21 // process is permitted to load file:// URLs based on whether the process
22 // has ever been commanded to load file:// URLs by the browser.
24 // ChildProcessSecurityPolicy is a singleton that may be used on any thread.
26 class ChildProcessSecurityPolicy {
27 public:
28 virtual ~ChildProcessSecurityPolicy() {}
30 // There is one global ChildProcessSecurityPolicy object for the entire
31 // browser process. The object returned by this method may be accessed on
32 // any thread.
33 static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance();
35 // Web-safe schemes can be requested by any child process. Once a web-safe
36 // scheme has been registered, any child process can request URLs with
37 // that scheme. There is no mechanism for revoking web-safe schemes.
38 virtual void RegisterWebSafeScheme(const std::string& scheme) = 0;
40 // Returns true iff |scheme| has been registered as a web-safe scheme.
41 virtual bool IsWebSafeScheme(const std::string& scheme) = 0;
43 // This permission grants only read access to a file.
44 // Whenever the user picks a file from a <input type="file"> element, the
45 // browser should call this function to grant the child process the capability
46 // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY.
47 virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0;
49 // This permission grants creation, read, and full write access to a file,
50 // including attributes.
51 virtual void GrantCreateReadWriteFile(int child_id,
52 const base::FilePath& file) = 0;
54 // This permission grants copy-into permission for |dir|.
55 virtual void GrantCopyInto(int child_id, const base::FilePath& dir) = 0;
57 // This permission grants delete permission for |dir|.
58 virtual void GrantDeleteFrom(int child_id, const base::FilePath& dir) = 0;
60 // These methods verify whether or not the child process has been granted
61 // permissions perform these functions on |file|.
63 // Before servicing a child process's request to upload a file to the web, the
64 // browser should call this method to determine whether the process has the
65 // capability to upload the requested file.
66 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0;
67 virtual bool CanCreateReadWriteFile(int child_id,
68 const base::FilePath& file) = 0;
70 // Grants read access permission to the given isolated file system
71 // identified by |filesystem_id|. An isolated file system can be
72 // created for a set of native files/directories (like dropped files)
73 // using storage::IsolatedContext. A child process needs to be granted
74 // permission to the file system to access the files in it using
75 // file system URL. You do NOT need to give direct permission to
76 // individual file paths.
78 // Note: files/directories in the same file system share the same
79 // permission as far as they are accessed via the file system, i.e.
80 // using the file system URL (tip: you can create a new file system
81 // to give different permission to part of files).
82 virtual void GrantReadFileSystem(int child_id,
83 const std::string& filesystem_id) = 0;
85 // Grants write access permission to the given isolated file system
86 // identified by |filesystem_id|. See comments for GrantReadFileSystem
87 // for more details. You do NOT need to give direct permission to
88 // individual file paths.
90 // This must be called with a great care as this gives write permission
91 // to all files/directories included in the file system.
92 virtual void GrantWriteFileSystem(int child_id,
93 const std::string& filesystem_id) = 0;
95 // Grants create file permission to the given isolated file system
96 // identified by |filesystem_id|. See comments for GrantReadFileSystem
97 // for more details. You do NOT need to give direct permission to
98 // individual file paths.
100 // This must be called with a great care as this gives create permission
101 // within all directories included in the file system.
102 virtual void GrantCreateFileForFileSystem(
103 int child_id,
104 const std::string& filesystem_id) = 0;
106 // Grants create, read and write access permissions to the given isolated
107 // file system identified by |filesystem_id|. See comments for
108 // GrantReadFileSystem for more details. You do NOT need to give direct
109 // permission to individual file paths.
111 // This must be called with a great care as this gives create, read and write
112 // permissions to all files/directories included in the file system.
113 virtual void GrantCreateReadWriteFileSystem(
114 int child_id,
115 const std::string& filesystem_id) = 0;
117 // Grants permission to copy-into filesystem |filesystem_id|. 'copy-into'
118 // is used to allow copying files into the destination filesystem without
119 // granting more general create and write permissions.
120 virtual void GrantCopyIntoFileSystem(int child_id,
121 const std::string& filesystem_id) = 0;
123 // Grants permission to delete from filesystem |filesystem_id|. 'delete-from'
124 // is used to allow deleting files into the destination filesystem without
125 // granting more general create and write permissions.
126 virtual void GrantDeleteFromFileSystem(int child_id,
127 const std::string& filesystem_id) = 0;
129 // Grants the child process the capability to access URLs of the provided
130 // scheme.
131 virtual void GrantScheme(int child_id, const std::string& scheme) = 0;
133 // Returns true if read access has been granted to |filesystem_id|.
134 virtual bool CanReadFileSystem(int child_id,
135 const std::string& filesystem_id) = 0;
137 // Returns true if read and write access has been granted to |filesystem_id|.
138 virtual bool CanReadWriteFileSystem(int child_id,
139 const std::string& filesystem_id) = 0;
141 // Returns true if copy-into access has been granted to |filesystem_id|.
142 virtual bool CanCopyIntoFileSystem(int child_id,
143 const std::string& filesystem_id) = 0;
145 // Returns true if delete-from access has been granted to |filesystem_id|.
146 virtual bool CanDeleteFromFileSystem(int child_id,
147 const std::string& filesystem_id) = 0;
149 // Returns true if the specified child_id has been granted WebUI bindings.
150 // The browser should check this property before assuming the child process
151 // is allowed to use WebUI bindings.
152 virtual bool HasWebUIBindings(int child_id) = 0;
154 // Grants permission to send system exclusive message to any MIDI devices.
155 virtual void GrantSendMidiSysExMessage(int child_id) = 0;
158 } // namespace content
160 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_