1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 6 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 7 8 #include <string> 9 10 #include "base/basictypes.h" 11 #include "content/common/content_export.h" 12 13 namespace base { 14 class FilePath; 15 } 16 17 namespace content { 18 19 // The ChildProcessSecurityPolicy class is used to grant and revoke security 20 // capabilities for child processes. For example, it restricts whether a child 21 // process is permitted to load file:// URLs based on whether the process 22 // has ever been commanded to load file:// URLs by the browser. 23 // 24 // ChildProcessSecurityPolicy is a singleton that may be used on any thread. 25 // 26 class ChildProcessSecurityPolicy { 27 public: 28 virtual ~ChildProcessSecurityPolicy() {} 29 30 // There is one global ChildProcessSecurityPolicy object for the entire 31 // browser process. The object returned by this method may be accessed on 32 // any thread. 33 static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance(); 34 35 // Web-safe schemes can be requested by any child process. Once a web-safe 36 // scheme has been registered, any child process can request URLs with 37 // that scheme. There is no mechanism for revoking web-safe schemes. 38 virtual void RegisterWebSafeScheme(const std::string& scheme) = 0; 39 40 // Returns true iff |scheme| has been registered as a web-safe scheme. 41 virtual bool IsWebSafeScheme(const std::string& scheme) = 0; 42 43 // This permission grants only read access to a file. 44 // Whenever the user picks a file from a <input type="file"> element, the 45 // browser should call this function to grant the child process the capability 46 // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY. 47 virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0; 48 49 // This permission grants creation, read, and full write access to a file, 50 // including attributes. 51 virtual void GrantCreateReadWriteFile(int child_id, 52 const base::FilePath& file) = 0; 53 54 // This permission grants copy-into permission for |dir|. 55 virtual void GrantCopyInto(int child_id, const base::FilePath& dir) = 0; 56 57 // This permission grants delete permission for |dir|. 58 virtual void GrantDeleteFrom(int child_id, const base::FilePath& dir) = 0; 59 60 // These methods verify whether or not the child process has been granted 61 // permissions perform these functions on |file|. 62 63 // Before servicing a child process's request to upload a file to the web, the 64 // browser should call this method to determine whether the process has the 65 // capability to upload the requested file. 66 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0; 67 virtual bool CanCreateReadWriteFile(int child_id, 68 const base::FilePath& file) = 0; 69 70 // Grants read access permission to the given isolated file system 71 // identified by |filesystem_id|. An isolated file system can be 72 // created for a set of native files/directories (like dropped files) 73 // using fileapi::IsolatedContext. A child process needs to be granted 74 // permission to the file system to access the files in it using 75 // file system URL. You do NOT need to give direct permission to 76 // individual file paths. 77 // 78 // Note: files/directories in the same file system share the same 79 // permission as far as they are accessed via the file system, i.e. 80 // using the file system URL (tip: you can create a new file system 81 // to give different permission to part of files). 82 virtual void GrantReadFileSystem(int child_id, 83 const std::string& filesystem_id) = 0; 84 85 // Grants write access permission to the given isolated file system 86 // identified by |filesystem_id|. See comments for GrantReadFileSystem 87 // for more details. You do NOT need to give direct permission to 88 // individual file paths. 89 // 90 // This must be called with a great care as this gives write permission 91 // to all files/directories included in the file system. 92 virtual void GrantWriteFileSystem(int child_id, 93 const std::string& filesystem_id) = 0; 94 95 // Grants create file permission to the given isolated file system 96 // identified by |filesystem_id|. See comments for GrantReadFileSystem 97 // for more details. You do NOT need to give direct permission to 98 // individual file paths. 99 // 100 // This must be called with a great care as this gives create permission 101 // within all directories included in the file system. 102 virtual void GrantCreateFileForFileSystem( 103 int child_id, 104 const std::string& filesystem_id) = 0; 105 106 // Grants create, read and write access permissions to the given isolated 107 // file system identified by |filesystem_id|. See comments for 108 // GrantReadFileSystem for more details. You do NOT need to give direct 109 // permission to individual file paths. 110 // 111 // This must be called with a great care as this gives create, read and write 112 // permissions to all files/directories included in the file system. 113 virtual void GrantCreateReadWriteFileSystem( 114 int child_id, 115 const std::string& filesystem_id) = 0; 116 117 // Grants permission to copy-into filesystem |filesystem_id|. 'copy-into' 118 // is used to allow copying files into the destination filesystem without 119 // granting more general create and write permissions. 120 virtual void GrantCopyIntoFileSystem(int child_id, 121 const std::string& filesystem_id) = 0; 122 123 // Grants permission to delete from filesystem |filesystem_id|. 'delete-from' 124 // is used to allow deleting files into the destination filesystem without 125 // granting more general create and write permissions. 126 virtual void GrantDeleteFromFileSystem(int child_id, 127 const std::string& filesystem_id) = 0; 128 129 // Grants the child process the capability to access URLs of the provided 130 // scheme. 131 virtual void GrantScheme(int child_id, const std::string& scheme) = 0; 132 133 // Returns true if read access has been granted to |filesystem_id|. 134 virtual bool CanReadFileSystem(int child_id, 135 const std::string& filesystem_id) = 0; 136 137 // Returns true if read and write access has been granted to |filesystem_id|. 138 virtual bool CanReadWriteFileSystem(int child_id, 139 const std::string& filesystem_id) = 0; 140 141 // Returns true if copy-into access has been granted to |filesystem_id|. 142 virtual bool CanCopyIntoFileSystem(int child_id, 143 const std::string& filesystem_id) = 0; 144 145 // Returns true if delete-from access has been granted to |filesystem_id|. 146 virtual bool CanDeleteFromFileSystem(int child_id, 147 const std::string& filesystem_id) = 0; 148 }; 149 150 } // namespace content 151 152 #endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 153
