child_process_security_policy.h revision 2a99a7e74a7f215066514fe81d2bfa6639d9eddd
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 6#define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 7 8#include <set> 9#include <string> 10 11#include "base/basictypes.h" 12#include "content/common/content_export.h" 13 14namespace base { 15class FilePath; 16} 17 18namespace content { 19 20// The ChildProcessSecurityPolicy class is used to grant and revoke security 21// capabilities for child processes. For example, it restricts whether a child 22// process is permitted to load file:// URLs based on whether the process 23// has ever been commanded to load file:// URLs by the browser. 24// 25// ChildProcessSecurityPolicy is a singleton that may be used on any thread. 26// 27class ChildProcessSecurityPolicy { 28 public: 29 virtual ~ChildProcessSecurityPolicy() {} 30 31 // There is one global ChildProcessSecurityPolicy object for the entire 32 // browser process. The object returned by this method may be accessed on 33 // any thread. 34 static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance(); 35 36 // Web-safe schemes can be requested by any child process. Once a web-safe 37 // scheme has been registered, any child process can request URLs with 38 // that scheme. There is no mechanism for revoking web-safe schemes. 39 virtual void RegisterWebSafeScheme(const std::string& scheme) = 0; 40 41 // Returns true iff |scheme| has been registered as a web-safe scheme. 42 virtual bool IsWebSafeScheme(const std::string& scheme) = 0; 43 44 // Sets the list of disabled schemes. 45 // URLs using these schemes won't be loaded at all. The previous list of 46 // schemes is overwritten. An empty |schemes| disables this feature. 47 // Schemes listed as disabled take precedence over Web-safe schemes. 48 virtual void RegisterDisabledSchemes( 49 const std::set<std::string>& schemes) = 0; 50 51 // Grants certain permissions to a file. |permissions| must be a bit-set of 52 // base::PlatformFileFlags. 53 virtual void GrantPermissionsForFile(int child_id, 54 const base::FilePath& file, 55 int permissions) = 0; 56 57 // Before servicing a child process's request to upload a file to the web, the 58 // browser should call this method to determine whether the process has the 59 // capability to upload the requested file. 60 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0; 61 62 // Whenever the user picks a file from a <input type="file"> element, the 63 // browser should call this function to grant the child process the capability 64 // to upload the file to the web. 65 virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0; 66 67 // Grants read access permission to the given isolated file system 68 // identified by |filesystem_id|. An isolated file system can be 69 // created for a set of native files/directories (like dropped files) 70 // using fileapi::IsolatedContext. A child process needs to be granted 71 // permission to the file system to access the files in it using 72 // file system URL. 73 // 74 // Note: to grant read access to the content of files you also need 75 // to give permission directly to the file paths using GrantReadFile. 76 // TODO(kinuko): We should unify this file-level and file-system-level 77 // permission when a file is accessed via a file system. 78 // 79 // Note: files/directories in the same file system share the same 80 // permission as far as they are accessed via the file system, i.e. 81 // using the file system URL (tip: you can create a new file system 82 // to give different permission to part of files). 83 virtual void GrantReadFileSystem(int child_id, 84 const std::string& filesystem_id) = 0; 85 86 // Grants write access permission to the given isolated file system 87 // identified by |filesystem_id|. See comments for GrantReadFileSystem 88 // for more details. For writing you do NOT need to give direct permission 89 // to individual file paths. 90 // 91 // This must be called with a great care as this gives write permission 92 // to all files/directories included in the file system. 93 virtual void GrantWriteFileSystem(int child_id, 94 const std::string& filesystem_id) = 0; 95 96 // Grant create file permission to the given isolated file system identified 97 // by |filesystem_id|. 98 // See comments for GrantReadFileSystem for more details. For creating you 99 // do NOT need to give direct permission to individual file paths. 100 // 101 // This must be called with a great care as this gives create permission 102 // within all directories included in the file system. 103 virtual void GrantCreateFileForFileSystem( 104 int child_id, 105 const std::string& filesystem_id) = 0; 106 107 // Grants the child process the capability to access URLs of the provided 108 // scheme. 109 virtual void GrantScheme(int child_id, const std::string& scheme) = 0; 110 111 // Returns true iff read access has been granted to the file system with 112 // |filesystem_id|. 113 virtual bool CanReadFileSystem(int child_id, 114 const std::string& filesystem_id) = 0; 115 116 // Returns true iff read and write access has been granted to the filesystem 117 // with |filesystem_id|. 118 virtual bool CanReadWriteFileSystem(int child_id, 119 const std::string& filesystem_id) = 0; 120}; 121 122}; // namespace content 123 124#endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 125