child_process_security_policy.h revision 7dbb3d5cf0c15f500944d211057644d6a2f37371 
1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
6#define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
7
8#include <string>
9
10#include "base/basictypes.h"
11#include "content/common/content_export.h"
12
13namespace base {
14class FilePath;
15}
16
17namespace content {
18
19// The ChildProcessSecurityPolicy class is used to grant and revoke security
20// capabilities for child processes.  For example, it restricts whether a child
21// process is permitted to load file:// URLs based on whether the process
22// has ever been commanded to load file:// URLs by the browser.
23//
24// ChildProcessSecurityPolicy is a singleton that may be used on any thread.
25//
26class ChildProcessSecurityPolicy {
27 public:
28  virtual ~ChildProcessSecurityPolicy() {}
29
30  // There is one global ChildProcessSecurityPolicy object for the entire
31  // browser process.  The object returned by this method may be accessed on
32  // any thread.
33  static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance();
34
35  // Web-safe schemes can be requested by any child process.  Once a web-safe
36  // scheme has been registered, any child process can request URLs with
37  // that scheme.  There is no mechanism for revoking web-safe schemes.
38  virtual void RegisterWebSafeScheme(const std::string& scheme) = 0;
39
40  // Returns true iff |scheme| has been registered as a web-safe scheme.
41  virtual bool IsWebSafeScheme(const std::string& scheme) = 0;
42
43  // Before servicing a child process's request to upload a file to the web, the
44  // browser should call this method to determine whether the process has the
45  // capability to upload the requested file.
46  virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0;
47
48  // Whenever the user picks a file from a <input type="file"> element, the
49  // browser should call this function to grant the child process the capability
50  // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY.
51  virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0;
52
53  // This permission grants creation, read, and full write access to a file,
54  // including attributes.
55  virtual void GrantCreateReadWriteFile(int child_id,
56                                        const base::FilePath& file) = 0;
57
58  // This permission grants creation and write access to a file.
59  virtual void GrantCreateWriteFile(int child_id,
60                                    const base::FilePath& file) = 0;
61
62  // Grants read access permission to the given isolated file system
63  // identified by |filesystem_id|. An isolated file system can be
64  // created for a set of native files/directories (like dropped files)
65  // using fileapi::IsolatedContext. A child process needs to be granted
66  // permission to the file system to access the files in it using
67  // file system URL.
68  //
69  // Note: to grant read access to the content of files you also need
70  // to give permission directly to the file paths using GrantReadFile.
71  // TODO(kinuko): We should unify this file-level and file-system-level
72  // permission when a file is accessed via a file system.
73  //
74  // Note: files/directories in the same file system share the same
75  // permission as far as they are accessed via the file system, i.e.
76  // using the file system URL (tip: you can create a new file system
77  // to give different permission to part of files).
78  virtual void GrantReadFileSystem(int child_id,
79                                   const std::string& filesystem_id) = 0;
80
81  // Grants write access permission to the given isolated file system
82  // identified by |filesystem_id|.  See comments for GrantReadFileSystem
83  // for more details.  For writing you do NOT need to give direct permission
84  // to individual file paths.
85  //
86  // This must be called with a great care as this gives write permission
87  // to all files/directories included in the file system.
88  virtual void GrantWriteFileSystem(int child_id,
89                                    const std::string& filesystem_id) = 0;
90
91  // Grant create file permission to the given isolated file system identified
92  // by |filesystem_id|.
93  // See comments for GrantReadFileSystem for more details.  For creating you
94  // do NOT need to give direct permission to individual file paths.
95  //
96  // This must be called with a great care as this gives create permission
97  // within all directories included in the file system.
98  virtual void GrantCreateFileForFileSystem(
99      int child_id,
100      const std::string& filesystem_id) = 0;
101
102  // Grants the child process the capability to access URLs of the provided
103  // scheme.
104  virtual void GrantScheme(int child_id, const std::string& scheme) = 0;
105
106  // Returns true iff read access has been granted to the file system with
107  // |filesystem_id|.
108  virtual bool CanReadFileSystem(int child_id,
109                                 const std::string& filesystem_id) = 0;
110
111  // Returns true iff read and write access has been granted to the filesystem
112  // with |filesystem_id|.
113  virtual bool CanReadWriteFileSystem(int child_id,
114                                      const std::string& filesystem_id) = 0;
115};
116
117};  // namespace content
118
119#endif  // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
120