• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
7 
8 #include <string>
9 
10 #include "base/basictypes.h"
11 #include "content/common/content_export.h"
12 
13 namespace base {
14 class FilePath;
15 }
16 
17 namespace content {
18 
19 // The ChildProcessSecurityPolicy class is used to grant and revoke security
20 // capabilities for child processes.  For example, it restricts whether a child
21 // process is permitted to load file:// URLs based on whether the process
22 // has ever been commanded to load file:// URLs by the browser.
23 //
24 // ChildProcessSecurityPolicy is a singleton that may be used on any thread.
25 //
26 class ChildProcessSecurityPolicy {
27  public:
~ChildProcessSecurityPolicy()28   virtual ~ChildProcessSecurityPolicy() {}
29 
30   // There is one global ChildProcessSecurityPolicy object for the entire
31   // browser process.  The object returned by this method may be accessed on
32   // any thread.
33   static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance();
34 
35   // Web-safe schemes can be requested by any child process.  Once a web-safe
36   // scheme has been registered, any child process can request URLs with
37   // that scheme.  There is no mechanism for revoking web-safe schemes.
38   virtual void RegisterWebSafeScheme(const std::string& scheme) = 0;
39 
40   // Returns true iff |scheme| has been registered as a web-safe scheme.
41   virtual bool IsWebSafeScheme(const std::string& scheme) = 0;
42 
43   // This permission grants only read access to a file.
44   // Whenever the user picks a file from a <input type="file"> element, the
45   // browser should call this function to grant the child process the capability
46   // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY.
47   virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0;
48 
49   // This permission grants creation, read, and full write access to a file,
50   // including attributes.
51   virtual void GrantCreateReadWriteFile(int child_id,
52                                         const base::FilePath& file) = 0;
53 
54   // These methods verify whether or not the child process has been granted
55   // permissions perform these functions on |file|.
56 
57   // Before servicing a child process's request to upload a file to the web, the
58   // browser should call this method to determine whether the process has the
59   // capability to upload the requested file.
60   virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0;
61   virtual bool CanCreateReadWriteFile(int child_id,
62                                       const base::FilePath& file) = 0;
63 
64   // Grants read access permission to the given isolated file system
65   // identified by |filesystem_id|. An isolated file system can be
66   // created for a set of native files/directories (like dropped files)
67   // using fileapi::IsolatedContext. A child process needs to be granted
68   // permission to the file system to access the files in it using
69   // file system URL. You do NOT need to give direct permission to
70   // individual file paths.
71   //
72   // Note: files/directories in the same file system share the same
73   // permission as far as they are accessed via the file system, i.e.
74   // using the file system URL (tip: you can create a new file system
75   // to give different permission to part of files).
76   virtual void GrantReadFileSystem(int child_id,
77                                    const std::string& filesystem_id) = 0;
78 
79   // Grants write access permission to the given isolated file system
80   // identified by |filesystem_id|.  See comments for GrantReadFileSystem
81   // for more details.  You do NOT need to give direct permission to
82   // individual file paths.
83   //
84   // This must be called with a great care as this gives write permission
85   // to all files/directories included in the file system.
86   virtual void GrantWriteFileSystem(int child_id,
87                                     const std::string& filesystem_id) = 0;
88 
89   // Grants create file permission to the given isolated file system
90   // identified by |filesystem_id|.  See comments for GrantReadFileSystem
91   // for more details.  You do NOT need to give direct permission to
92   // individual file paths.
93   //
94   // This must be called with a great care as this gives create permission
95   // within all directories included in the file system.
96   virtual void GrantCreateFileForFileSystem(
97       int child_id,
98       const std::string& filesystem_id) = 0;
99 
100   // Grants create, read and write access permissions to the given isolated
101   // file system identified by |filesystem_id|.  See comments for
102   // GrantReadFileSystem for more details.  You do NOT need to give direct
103   // permission to individual file paths.
104   //
105   // This must be called with a great care as this gives create, read and write
106   // permissions to all files/directories included in the file system.
107   virtual void GrantCreateReadWriteFileSystem(
108       int child_id,
109       const std::string& filesystem_id) = 0;
110 
111   // Grants permission to copy-into filesystem |filesystem_id|. 'copy-into'
112   // is used to allow copying files into the destination filesystem without
113   // granting more general create and write permissions.
114   virtual void GrantCopyIntoFileSystem(int child_id,
115                                        const std::string& filesystem_id) = 0;
116 
117   // Grants permission to delete from filesystem |filesystem_id|. 'delete-from'
118   // is used to allow deleting files into the destination filesystem without
119   // granting more general create and write permissions.
120   virtual void GrantDeleteFromFileSystem(int child_id,
121                                          const std::string& filesystem_id) = 0;
122 
123   // Grants the child process the capability to access URLs of the provided
124   // scheme.
125   virtual void GrantScheme(int child_id, const std::string& scheme) = 0;
126 
127   // Returns true if read access has been granted to |filesystem_id|.
128   virtual bool CanReadFileSystem(int child_id,
129                                  const std::string& filesystem_id) = 0;
130 
131   // Returns true if read and write access has been granted to |filesystem_id|.
132   virtual bool CanReadWriteFileSystem(int child_id,
133                                       const std::string& filesystem_id) = 0;
134 
135   // Returns true if copy-into access has been granted to |filesystem_id|.
136   virtual bool CanCopyIntoFileSystem(int child_id,
137                                      const std::string& filesystem_id) = 0;
138 
139   // Returns true if delete-from access has been granted to |filesystem_id|.
140   virtual bool CanDeleteFromFileSystem(int child_id,
141                                        const std::string& filesystem_id) = 0;
142 };
143 
144 }  // namespace content
145 
146 #endif  // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
147