child_process_security_policy.h revision 7dbb3d5cf0c15f500944d211057644d6a2f37371
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 6#define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 7 8#include <string> 9 10#include "base/basictypes.h" 11#include "content/common/content_export.h" 12 13namespace base { 14class FilePath; 15} 16 17namespace content { 18 19// The ChildProcessSecurityPolicy class is used to grant and revoke security 20// capabilities for child processes. For example, it restricts whether a child 21// process is permitted to load file:// URLs based on whether the process 22// has ever been commanded to load file:// URLs by the browser. 23// 24// ChildProcessSecurityPolicy is a singleton that may be used on any thread. 25// 26class ChildProcessSecurityPolicy { 27 public: 28 virtual ~ChildProcessSecurityPolicy() {} 29 30 // There is one global ChildProcessSecurityPolicy object for the entire 31 // browser process. The object returned by this method may be accessed on 32 // any thread. 33 static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance(); 34 35 // Web-safe schemes can be requested by any child process. Once a web-safe 36 // scheme has been registered, any child process can request URLs with 37 // that scheme. There is no mechanism for revoking web-safe schemes. 38 virtual void RegisterWebSafeScheme(const std::string& scheme) = 0; 39 40 // Returns true iff |scheme| has been registered as a web-safe scheme. 41 virtual bool IsWebSafeScheme(const std::string& scheme) = 0; 42 43 // Before servicing a child process's request to upload a file to the web, the 44 // browser should call this method to determine whether the process has the 45 // capability to upload the requested file. 46 virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0; 47 48 // Whenever the user picks a file from a <input type="file"> element, the 49 // browser should call this function to grant the child process the capability 50 // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY. 51 virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0; 52 53 // This permission grants creation, read, and full write access to a file, 54 // including attributes. 55 virtual void GrantCreateReadWriteFile(int child_id, 56 const base::FilePath& file) = 0; 57 58 // This permission grants creation and write access to a file. 59 virtual void GrantCreateWriteFile(int child_id, 60 const base::FilePath& file) = 0; 61 62 // Grants read access permission to the given isolated file system 63 // identified by |filesystem_id|. An isolated file system can be 64 // created for a set of native files/directories (like dropped files) 65 // using fileapi::IsolatedContext. A child process needs to be granted 66 // permission to the file system to access the files in it using 67 // file system URL. 68 // 69 // Note: to grant read access to the content of files you also need 70 // to give permission directly to the file paths using GrantReadFile. 71 // TODO(kinuko): We should unify this file-level and file-system-level 72 // permission when a file is accessed via a file system. 73 // 74 // Note: files/directories in the same file system share the same 75 // permission as far as they are accessed via the file system, i.e. 76 // using the file system URL (tip: you can create a new file system 77 // to give different permission to part of files). 78 virtual void GrantReadFileSystem(int child_id, 79 const std::string& filesystem_id) = 0; 80 81 // Grants write access permission to the given isolated file system 82 // identified by |filesystem_id|. See comments for GrantReadFileSystem 83 // for more details. For writing you do NOT need to give direct permission 84 // to individual file paths. 85 // 86 // This must be called with a great care as this gives write permission 87 // to all files/directories included in the file system. 88 virtual void GrantWriteFileSystem(int child_id, 89 const std::string& filesystem_id) = 0; 90 91 // Grant create file permission to the given isolated file system identified 92 // by |filesystem_id|. 93 // See comments for GrantReadFileSystem for more details. For creating you 94 // do NOT need to give direct permission to individual file paths. 95 // 96 // This must be called with a great care as this gives create permission 97 // within all directories included in the file system. 98 virtual void GrantCreateFileForFileSystem( 99 int child_id, 100 const std::string& filesystem_id) = 0; 101 102 // Grants the child process the capability to access URLs of the provided 103 // scheme. 104 virtual void GrantScheme(int child_id, const std::string& scheme) = 0; 105 106 // Returns true iff read access has been granted to the file system with 107 // |filesystem_id|. 108 virtual bool CanReadFileSystem(int child_id, 109 const std::string& filesystem_id) = 0; 110 111 // Returns true iff read and write access has been granted to the filesystem 112 // with |filesystem_id|. 113 virtual bool CanReadWriteFileSystem(int child_id, 114 const std::string& filesystem_id) = 0; 115}; 116 117}; // namespace content 118 119#endif // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ 120