Home | History | Annotate | Download | only in browser 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
      6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
      7 
      8 #include <string>
      9 
     10 #include "base/basictypes.h"
     11 #include "content/common/content_export.h"
     12 
     13 namespace base {
     14 class FilePath;
     15 }
     16 
     17 namespace content {
     18 
     19 // The ChildProcessSecurityPolicy class is used to grant and revoke security
     20 // capabilities for child processes.  For example, it restricts whether a child
     21 // process is permitted to load file:// URLs based on whether the process
     22 // has ever been commanded to load file:// URLs by the browser.
     23 //
     24 // ChildProcessSecurityPolicy is a singleton that may be used on any thread.
     25 //
     26 class ChildProcessSecurityPolicy {
     27  public:
     28   virtual ~ChildProcessSecurityPolicy() {}
     29 
     30   // There is one global ChildProcessSecurityPolicy object for the entire
     31   // browser process.  The object returned by this method may be accessed on
     32   // any thread.
     33   static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance();
     34 
     35   // Web-safe schemes can be requested by any child process.  Once a web-safe
     36   // scheme has been registered, any child process can request URLs with
     37   // that scheme.  There is no mechanism for revoking web-safe schemes.
     38   virtual void RegisterWebSafeScheme(const std::string& scheme) = 0;
     39 
     40   // Returns true iff |scheme| has been registered as a web-safe scheme.
     41   virtual bool IsWebSafeScheme(const std::string& scheme) = 0;
     42 
     43   // This permission grants only read access to a file.
     44   // Whenever the user picks a file from a <input type="file"> element, the
     45   // browser should call this function to grant the child process the capability
     46   // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY.
     47   virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0;
     48 
     49   // This permission grants creation, read, and full write access to a file,
     50   // including attributes.
     51   virtual void GrantCreateReadWriteFile(int child_id,
     52                                         const base::FilePath& file) = 0;
     53 
     54   // This permission grants creation and write access to a file.
     55   virtual void GrantCreateWriteFile(int child_id,
     56                                     const base::FilePath& file) = 0;
     57 
     58   // These methods verify whether or not the child process has been granted
     59   // permissions perform these functions on |file|.
     60 
     61   // Before servicing a child process's request to upload a file to the web, the
     62   // browser should call this method to determine whether the process has the
     63   // capability to upload the requested file.
     64   virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0;
     65   virtual bool CanWriteFile(int child_id, const base::FilePath& file) = 0;
     66   virtual bool CanCreateFile(int child_id, const base::FilePath& file) = 0;
     67   virtual bool CanCreateWriteFile(int child_id, const base::FilePath& file) = 0;
     68 
     69   // Grants read access permission to the given isolated file system
     70   // identified by |filesystem_id|. An isolated file system can be
     71   // created for a set of native files/directories (like dropped files)
     72   // using fileapi::IsolatedContext. A child process needs to be granted
     73   // permission to the file system to access the files in it using
     74   // file system URL.
     75   //
     76   // Note: to grant read access to the content of files you also need
     77   // to give permission directly to the file paths using GrantReadFile.
     78   // TODO(kinuko): We should unify this file-level and file-system-level
     79   // permission when a file is accessed via a file system.
     80   //
     81   // Note: files/directories in the same file system share the same
     82   // permission as far as they are accessed via the file system, i.e.
     83   // using the file system URL (tip: you can create a new file system
     84   // to give different permission to part of files).
     85   virtual void GrantReadFileSystem(int child_id,
     86                                    const std::string& filesystem_id) = 0;
     87 
     88   // Grants write access permission to the given isolated file system
     89   // identified by |filesystem_id|.  See comments for GrantReadFileSystem
     90   // for more details.  For writing you do NOT need to give direct permission
     91   // to individual file paths.
     92   //
     93   // This must be called with a great care as this gives write permission
     94   // to all files/directories included in the file system.
     95   virtual void GrantWriteFileSystem(int child_id,
     96                                     const std::string& filesystem_id) = 0;
     97 
     98   // Grant create file permission to the given isolated file system identified
     99   // by |filesystem_id|.
    100   // See comments for GrantReadFileSystem for more details.  For creating you
    101   // do NOT need to give direct permission to individual file paths.
    102   //
    103   // This must be called with a great care as this gives create permission
    104   // within all directories included in the file system.
    105   virtual void GrantCreateFileForFileSystem(
    106       int child_id,
    107       const std::string& filesystem_id) = 0;
    108 
    109   // Grants permission to copy-into filesystem |filesystem_id|. 'copy-into'
    110   // is used to allow copying files into the destination filesystem without
    111   // granting more general create and write permissions.
    112   virtual void GrantCopyIntoFileSystem(int child_id,
    113                                        const std::string& filesystem_id) = 0;
    114 
    115   // Grants the child process the capability to access URLs of the provided
    116   // scheme.
    117   virtual void GrantScheme(int child_id, const std::string& scheme) = 0;
    118 
    119   // Returns true if read access has been granted to |filesystem_id|.
    120   virtual bool CanReadFileSystem(int child_id,
    121                                  const std::string& filesystem_id) = 0;
    122 
    123   // Returns true if read and write access has been granted to |filesystem_id|.
    124   virtual bool CanReadWriteFileSystem(int child_id,
    125                                       const std::string& filesystem_id) = 0;
    126 
    127   // Returns true if copy-into access has been granted to |filesystem_id|.
    128   virtual bool CanCopyIntoFileSystem(int child_id,
    129                                      const std::string& filesystem_id) = 0;
    130 };
    131 
    132 };  // namespace content
    133 
    134 #endif  // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
    135