child_process_security_policy.h revision 2a99a7e74a7f215066514fe81d2bfa6639d9eddd 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
6#define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
7
8#include <set>
9#include <string>
10
11#include "base/basictypes.h"
12#include "content/common/content_export.h"
13
14namespace base {
15class FilePath;
16}
17
18namespace content {
19
20// The ChildProcessSecurityPolicy class is used to grant and revoke security
21// capabilities for child processes.  For example, it restricts whether a child
22// process is permitted to load file:// URLs based on whether the process
23// has ever been commanded to load file:// URLs by the browser.
24//
25// ChildProcessSecurityPolicy is a singleton that may be used on any thread.
26//
27class ChildProcessSecurityPolicy {
28 public:
29  virtual ~ChildProcessSecurityPolicy() {}
30
31  // There is one global ChildProcessSecurityPolicy object for the entire
32  // browser process.  The object returned by this method may be accessed on
33  // any thread.
34  static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance();
35
36  // Web-safe schemes can be requested by any child process.  Once a web-safe
37  // scheme has been registered, any child process can request URLs with
38  // that scheme.  There is no mechanism for revoking web-safe schemes.
39  virtual void RegisterWebSafeScheme(const std::string& scheme) = 0;
40
41  // Returns true iff |scheme| has been registered as a web-safe scheme.
42  virtual bool IsWebSafeScheme(const std::string& scheme) = 0;
43
44  // Sets the list of disabled schemes.
45  // URLs using these schemes won't be loaded at all. The previous list of
46  // schemes is overwritten. An empty |schemes| disables this feature.
47  // Schemes listed as disabled take precedence over Web-safe schemes.
48  virtual void RegisterDisabledSchemes(
49      const std::set<std::string>& schemes) = 0;
50
51  // Grants certain permissions to a file. |permissions| must be a bit-set of
52  // base::PlatformFileFlags.
53  virtual void GrantPermissionsForFile(int child_id,
54                                       const base::FilePath& file,
55                                       int permissions) = 0;
56
57  // Before servicing a child process's request to upload a file to the web, the
58  // browser should call this method to determine whether the process has the
59  // capability to upload the requested file.
60  virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0;
61
62  // Whenever the user picks a file from a <input type="file"> element, the
63  // browser should call this function to grant the child process the capability
64  // to upload the file to the web.
65  virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0;
66
67  // Grants read access permission to the given isolated file system
68  // identified by |filesystem_id|. An isolated file system can be
69  // created for a set of native files/directories (like dropped files)
70  // using fileapi::IsolatedContext. A child process needs to be granted
71  // permission to the file system to access the files in it using
72  // file system URL.
73  //
74  // Note: to grant read access to the content of files you also need
75  // to give permission directly to the file paths using GrantReadFile.
76  // TODO(kinuko): We should unify this file-level and file-system-level
77  // permission when a file is accessed via a file system.
78  //
79  // Note: files/directories in the same file system share the same
80  // permission as far as they are accessed via the file system, i.e.
81  // using the file system URL (tip: you can create a new file system
82  // to give different permission to part of files).
83  virtual void GrantReadFileSystem(int child_id,
84                                   const std::string& filesystem_id) = 0;
85
86  // Grants write access permission to the given isolated file system
87  // identified by |filesystem_id|.  See comments for GrantReadFileSystem
88  // for more details.  For writing you do NOT need to give direct permission
89  // to individual file paths.
90  //
91  // This must be called with a great care as this gives write permission
92  // to all files/directories included in the file system.
93  virtual void GrantWriteFileSystem(int child_id,
94                                    const std::string& filesystem_id) = 0;
95
96  // Grant create file permission to the given isolated file system identified
97  // by |filesystem_id|.
98  // See comments for GrantReadFileSystem for more details.  For creating you
99  // do NOT need to give direct permission to individual file paths.
100  //
101  // This must be called with a great care as this gives create permission
102  // within all directories included in the file system.
103  virtual void GrantCreateFileForFileSystem(
104      int child_id,
105      const std::string& filesystem_id) = 0;
106
107  // Grants the child process the capability to access URLs of the provided
108  // scheme.
109  virtual void GrantScheme(int child_id, const std::string& scheme) = 0;
110
111  // Returns true iff read access has been granted to the file system with
112  // |filesystem_id|.
113  virtual bool CanReadFileSystem(int child_id,
114                                 const std::string& filesystem_id) = 0;
115
116  // Returns true iff read and write access has been granted to the filesystem
117  // with |filesystem_id|.
118  virtual bool CanReadWriteFileSystem(int child_id,
119                                      const std::string& filesystem_id) = 0;
120};
121
122};  // namespace content
123
124#endif  // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
125