child_process_security_policy.h revision 03b57e008b61dfcb1fbad3aea950ae0e001748b0 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
6#define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
7
8#include <string>
9
10#include "base/basictypes.h"
11#include "content/common/content_export.h"
12
13namespace base {
14class FilePath;
15}
16
17namespace content {
18
19// The ChildProcessSecurityPolicy class is used to grant and revoke security
20// capabilities for child processes.  For example, it restricts whether a child
21// process is permitted to load file:// URLs based on whether the process
22// has ever been commanded to load file:// URLs by the browser.
23//
24// ChildProcessSecurityPolicy is a singleton that may be used on any thread.
25//
26class ChildProcessSecurityPolicy {
27 public:
28  virtual ~ChildProcessSecurityPolicy() {}
29
30  // There is one global ChildProcessSecurityPolicy object for the entire
31  // browser process.  The object returned by this method may be accessed on
32  // any thread.
33  static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance();
34
35  // Web-safe schemes can be requested by any child process.  Once a web-safe
36  // scheme has been registered, any child process can request URLs with
37  // that scheme.  There is no mechanism for revoking web-safe schemes.
38  virtual void RegisterWebSafeScheme(const std::string& scheme) = 0;
39
40  // Returns true iff |scheme| has been registered as a web-safe scheme.
41  virtual bool IsWebSafeScheme(const std::string& scheme) = 0;
42
43  // This permission grants only read access to a file.
44  // Whenever the user picks a file from a <input type="file"> element, the
45  // browser should call this function to grant the child process the capability
46  // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY.
47  virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0;
48
49  // This permission grants creation, read, and full write access to a file,
50  // including attributes.
51  virtual void GrantCreateReadWriteFile(int child_id,
52                                        const base::FilePath& file) = 0;
53
54  // This permission grants copy-into permission for |dir|.
55  virtual void GrantCopyInto(int child_id, const base::FilePath& dir) = 0;
56
57  // This permission grants delete permission for |dir|.
58  virtual void GrantDeleteFrom(int child_id, const base::FilePath& dir) = 0;
59
60  // These methods verify whether or not the child process has been granted
61  // permissions perform these functions on |file|.
62
63  // Before servicing a child process's request to upload a file to the web, the
64  // browser should call this method to determine whether the process has the
65  // capability to upload the requested file.
66  virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0;
67  virtual bool CanCreateReadWriteFile(int child_id,
68                                      const base::FilePath& file) = 0;
69
70  // Grants read access permission to the given isolated file system
71  // identified by |filesystem_id|. An isolated file system can be
72  // created for a set of native files/directories (like dropped files)
73  // using storage::IsolatedContext. A child process needs to be granted
74  // permission to the file system to access the files in it using
75  // file system URL. You do NOT need to give direct permission to
76  // individual file paths.
77  //
78  // Note: files/directories in the same file system share the same
79  // permission as far as they are accessed via the file system, i.e.
80  // using the file system URL (tip: you can create a new file system
81  // to give different permission to part of files).
82  virtual void GrantReadFileSystem(int child_id,
83                                   const std::string& filesystem_id) = 0;
84
85  // Grants write access permission to the given isolated file system
86  // identified by |filesystem_id|.  See comments for GrantReadFileSystem
87  // for more details.  You do NOT need to give direct permission to
88  // individual file paths.
89  //
90  // This must be called with a great care as this gives write permission
91  // to all files/directories included in the file system.
92  virtual void GrantWriteFileSystem(int child_id,
93                                    const std::string& filesystem_id) = 0;
94
95  // Grants create file permission to the given isolated file system
96  // identified by |filesystem_id|.  See comments for GrantReadFileSystem
97  // for more details.  You do NOT need to give direct permission to
98  // individual file paths.
99  //
100  // This must be called with a great care as this gives create permission
101  // within all directories included in the file system.
102  virtual void GrantCreateFileForFileSystem(
103      int child_id,
104      const std::string& filesystem_id) = 0;
105
106  // Grants create, read and write access permissions to the given isolated
107  // file system identified by |filesystem_id|.  See comments for
108  // GrantReadFileSystem for more details.  You do NOT need to give direct
109  // permission to individual file paths.
110  //
111  // This must be called with a great care as this gives create, read and write
112  // permissions to all files/directories included in the file system.
113  virtual void GrantCreateReadWriteFileSystem(
114      int child_id,
115      const std::string& filesystem_id) = 0;
116
117  // Grants permission to copy-into filesystem |filesystem_id|. 'copy-into'
118  // is used to allow copying files into the destination filesystem without
119  // granting more general create and write permissions.
120  virtual void GrantCopyIntoFileSystem(int child_id,
121                                       const std::string& filesystem_id) = 0;
122
123  // Grants permission to delete from filesystem |filesystem_id|. 'delete-from'
124  // is used to allow deleting files into the destination filesystem without
125  // granting more general create and write permissions.
126  virtual void GrantDeleteFromFileSystem(int child_id,
127                                         const std::string& filesystem_id) = 0;
128
129  // Grants the child process the capability to access URLs of the provided
130  // scheme.
131  virtual void GrantScheme(int child_id, const std::string& scheme) = 0;
132
133  // Returns true if read access has been granted to |filesystem_id|.
134  virtual bool CanReadFileSystem(int child_id,
135                                 const std::string& filesystem_id) = 0;
136
137  // Returns true if read and write access has been granted to |filesystem_id|.
138  virtual bool CanReadWriteFileSystem(int child_id,
139                                      const std::string& filesystem_id) = 0;
140
141  // Returns true if copy-into access has been granted to |filesystem_id|.
142  virtual bool CanCopyIntoFileSystem(int child_id,
143                                     const std::string& filesystem_id) = 0;
144
145  // Returns true if delete-from access has been granted to |filesystem_id|.
146  virtual bool CanDeleteFromFileSystem(int child_id,
147                                       const std::string& filesystem_id) = 0;
148
149  // Returns true if the specified child_id has been granted WebUI bindings.
150  // The browser should check this property before assuming the child process
151  // is allowed to use WebUI bindings.
152  virtual bool HasWebUIBindings(int child_id) = 0;
153};
154
155}  // namespace content
156
157#endif  // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
158