Home | History | Annotate | Download | only in browser 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
      6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
      7 
      8 #include <string>
      9 
     10 #include "base/basictypes.h"
     11 #include "content/common/content_export.h"
     12 
     13 namespace base {
     14 class FilePath;
     15 }
     16 
     17 namespace content {
     18 
     19 // The ChildProcessSecurityPolicy class is used to grant and revoke security
     20 // capabilities for child processes.  For example, it restricts whether a child
     21 // process is permitted to load file:// URLs based on whether the process
     22 // has ever been commanded to load file:// URLs by the browser.
     23 //
     24 // ChildProcessSecurityPolicy is a singleton that may be used on any thread.
     25 //
     26 class ChildProcessSecurityPolicy {
     27  public:
     28   virtual ~ChildProcessSecurityPolicy() {}
     29 
     30   // There is one global ChildProcessSecurityPolicy object for the entire
     31   // browser process.  The object returned by this method may be accessed on
     32   // any thread.
     33   static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance();
     34 
     35   // Web-safe schemes can be requested by any child process.  Once a web-safe
     36   // scheme has been registered, any child process can request URLs with
     37   // that scheme.  There is no mechanism for revoking web-safe schemes.
     38   virtual void RegisterWebSafeScheme(const std::string& scheme) = 0;
     39 
     40   // Returns true iff |scheme| has been registered as a web-safe scheme.
     41   virtual bool IsWebSafeScheme(const std::string& scheme) = 0;
     42 
     43   // This permission grants only read access to a file.
     44   // Whenever the user picks a file from a <input type="file"> element, the
     45   // browser should call this function to grant the child process the capability
     46   // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY.
     47   virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0;
     48 
     49   // This permission grants creation, read, and full write access to a file,
     50   // including attributes.
     51   virtual void GrantCreateReadWriteFile(int child_id,
     52                                         const base::FilePath& file) = 0;
     53 
     54   // These methods verify whether or not the child process has been granted
     55   // permissions perform these functions on |file|.
     56 
     57   // Before servicing a child process's request to upload a file to the web, the
     58   // browser should call this method to determine whether the process has the
     59   // capability to upload the requested file.
     60   virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0;
     61   virtual bool CanCreateReadWriteFile(int child_id,
     62                                       const base::FilePath& file) = 0;
     63 
     64   // Grants read access permission to the given isolated file system
     65   // identified by |filesystem_id|. An isolated file system can be
     66   // created for a set of native files/directories (like dropped files)
     67   // using fileapi::IsolatedContext. A child process needs to be granted
     68   // permission to the file system to access the files in it using
     69   // file system URL. You do NOT need to give direct permission to
     70   // individual file paths.
     71   //
     72   // Note: files/directories in the same file system share the same
     73   // permission as far as they are accessed via the file system, i.e.
     74   // using the file system URL (tip: you can create a new file system
     75   // to give different permission to part of files).
     76   virtual void GrantReadFileSystem(int child_id,
     77                                    const std::string& filesystem_id) = 0;
     78 
     79   // Grants write access permission to the given isolated file system
     80   // identified by |filesystem_id|.  See comments for GrantReadFileSystem
     81   // for more details.  You do NOT need to give direct permission to
     82   // individual file paths.
     83   //
     84   // This must be called with a great care as this gives write permission
     85   // to all files/directories included in the file system.
     86   virtual void GrantWriteFileSystem(int child_id,
     87                                     const std::string& filesystem_id) = 0;
     88 
     89   // Grants create file permission to the given isolated file system
     90   // identified by |filesystem_id|.  See comments for GrantReadFileSystem
     91   // for more details.  You do NOT need to give direct permission to
     92   // individual file paths.
     93   //
     94   // This must be called with a great care as this gives create permission
     95   // within all directories included in the file system.
     96   virtual void GrantCreateFileForFileSystem(
     97       int child_id,
     98       const std::string& filesystem_id) = 0;
     99 
    100   // Grants create, read and write access permissions to the given isolated
    101   // file system identified by |filesystem_id|.  See comments for
    102   // GrantReadFileSystem for more details.  You do NOT need to give direct
    103   // permission to individual file paths.
    104   //
    105   // This must be called with a great care as this gives create, read and write
    106   // permissions to all files/directories included in the file system.
    107   virtual void GrantCreateReadWriteFileSystem(
    108       int child_id,
    109       const std::string& filesystem_id) = 0;
    110 
    111   // Grants permission to copy-into filesystem |filesystem_id|. 'copy-into'
    112   // is used to allow copying files into the destination filesystem without
    113   // granting more general create and write permissions.
    114   virtual void GrantCopyIntoFileSystem(int child_id,
    115                                        const std::string& filesystem_id) = 0;
    116 
    117   // Grants permission to delete from filesystem |filesystem_id|. 'delete-from'
    118   // is used to allow deleting files into the destination filesystem without
    119   // granting more general create and write permissions.
    120   virtual void GrantDeleteFromFileSystem(int child_id,
    121                                          const std::string& filesystem_id) = 0;
    122 
    123   // Grants the child process the capability to access URLs of the provided
    124   // scheme.
    125   virtual void GrantScheme(int child_id, const std::string& scheme) = 0;
    126 
    127   // Returns true if read access has been granted to |filesystem_id|.
    128   virtual bool CanReadFileSystem(int child_id,
    129                                  const std::string& filesystem_id) = 0;
    130 
    131   // Returns true if read and write access has been granted to |filesystem_id|.
    132   virtual bool CanReadWriteFileSystem(int child_id,
    133                                       const std::string& filesystem_id) = 0;
    134 
    135   // Returns true if copy-into access has been granted to |filesystem_id|.
    136   virtual bool CanCopyIntoFileSystem(int child_id,
    137                                      const std::string& filesystem_id) = 0;
    138 
    139   // Returns true if delete-from access has been granted to |filesystem_id|.
    140   virtual bool CanDeleteFromFileSystem(int child_id,
    141                                        const std::string& filesystem_id) = 0;
    142 };
    143 
    144 }  // namespace content
    145 
    146 #endif  // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
    147