Google Git
Sign in
chromium / chromium / src.git / 3a4ca9f52450a1f27422978e044d9cc3aa5fd1d7 / . / content / browser / child_process_security_policy_unittest.cc
blob: cfcb80341f9c228201ffb7444b3ca26cb67b9779 [file] [log] [blame]
[email protected]b9535422012-02-09 01:47:59[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
license.botbf09a502008-08-24 00:55:55[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]4
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]5#include <set>
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]6#include <string>
7
[email protected]57999812013-02-24 05:40:52[diff] [blame]8#include "base/files/file_path.h"
Lukasz Anforowicz0672f8a2017-11-30 01:07:06[diff] [blame]9#include "base/logging.h"
10#include "base/test/mock_log.h"
[email protected]b9535422012-02-09 01:47:59[diff] [blame]11#include "content/browser/child_process_security_policy_impl.h"
[email protected]a1d29162011-10-14 17:14:03[diff] [blame]12#include "content/public/common/url_constants.h"
[email protected]c6681f32012-06-05 14:43:01[diff] [blame]13#include "content/test/test_content_browser_client.h"
pilgrime92c5fcd2014-09-10 23:31:23[diff] [blame]14#include "storage/browser/fileapi/file_permission_policy.h"
15#include "storage/browser/fileapi/file_system_url.h"
16#include "storage/browser/fileapi/isolated_context.h"
pilgrim16330552014-09-10 01:32:22[diff] [blame]17#include "storage/common/fileapi/file_system_types.h"
Lukasz Anforowicz0672f8a2017-11-30 01:07:06[diff] [blame]18#include "testing/gmock/include/gmock/gmock.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]19#include "testing/gtest/include/gtest/gtest.h"
[email protected]707e1c42013-07-09 21:18:58[diff] [blame]20#include "url/gurl.h"
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]21#include "url/origin.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]22
[email protected]46488322012-10-30 03:22:20[diff] [blame]23namespace content {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]24namespace {
25
26const int kRendererID = 42;
27const int kWorkerRendererID = kRendererID + 1;
28
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]29#if defined(FILE_PATH_USES_DRIVE_LETTERS)
30#define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x)
31#else
32#define TEST_PATH(x) FILE_PATH_LITERAL(x)
33#endif
34
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]35class ChildProcessSecurityPolicyTestBrowserClient
[email protected]46488322012-10-30 03:22:20[diff] [blame]36 : public TestContentBrowserClient {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]37 public:
38 ChildProcessSecurityPolicyTestBrowserClient() {}
39
dchengc2282aa2014-10-21 12:07:58[diff] [blame]40 bool IsHandledURL(const GURL& url) override {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]41 return schemes_.find(url.scheme()) != schemes_.end();
[email protected]e3539402011-07-19 09:31:08[diff] [blame]42 }
43
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]44 void ClearSchemes() {
45 schemes_.clear();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]46 }
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]47
48 void AddScheme(const std::string& scheme) {
49 schemes_.insert(scheme);
50 }
51
52 private:
53 std::set<std::string> schemes_;
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]54};
55
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]56} // namespace
57
58class ChildProcessSecurityPolicyTest : public testing::Test {
59 public:
Ivan Kotenkov2c0d2bb32017-11-01 15:41:28[diff] [blame]60 ChildProcessSecurityPolicyTest() : old_browser_client_(nullptr) {}
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]61
dchengfa85b152014-10-28 01:13:42[diff] [blame]62 void SetUp() override {
[email protected]eabbfb12013-04-05 23:28:35[diff] [blame]63 old_browser_client_ = SetBrowserClientForTesting(&test_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]64
65 // Claim to always handle chrome:// URLs because the CPSP's notion of
66 // allowing WebUI bindings is hard-wired to this particular scheme.
[email protected]2d9748b22014-02-11 00:17:29[diff] [blame]67 test_browser_client_.AddScheme(kChromeUIScheme);
[email protected]e0f35c92013-05-08 16:04:34[diff] [blame]68
69 // Claim to always handle file:// URLs like the browser would.
70 // net::URLRequest::IsHandledURL() no longer claims support for default
71 // protocols as this is the responsibility of the browser (which is
72 // responsible for adding the appropriate ProtocolHandler).
[email protected]cca6f392014-05-28 21:32:26[diff] [blame]73 test_browser_client_.AddScheme(url::kFileScheme);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]74 }
75
dchengfa85b152014-10-28 01:13:42[diff] [blame]76 void TearDown() override {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]77 test_browser_client_.ClearSchemes();
[email protected]eabbfb12013-04-05 23:28:35[diff] [blame]78 SetBrowserClientForTesting(old_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]79 }
80
81 protected:
82 void RegisterTestScheme(const std::string& scheme) {
83 test_browser_client_.AddScheme(scheme);
84 }
85
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]86 void GrantPermissionsForFile(ChildProcessSecurityPolicyImpl* p,
87 int child_id,
88 const base::FilePath& file,
89 int permissions) {
90 p->GrantPermissionsForFile(child_id, file, permissions);
91 }
92
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]93 void CheckHasNoFileSystemPermission(ChildProcessSecurityPolicyImpl* p,
94 const std::string& child_id) {
95 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, child_id));
96 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, child_id));
97 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, child_id));
98 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, child_id));
99 }
100
101 void CheckHasNoFileSystemFilePermission(ChildProcessSecurityPolicyImpl* p,
102 const base::FilePath& file,
[email protected]cd501a72014-08-22 19:58:31[diff] [blame]103 const storage::FileSystemURL& url) {
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]104 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
105 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, file));
106 EXPECT_FALSE(p->CanReadFileSystemFile(kRendererID, url));
107 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, url));
108 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, url));
109 EXPECT_FALSE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
110 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, url));
111 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, url));
112 }
113
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]114 private:
115 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_;
[email protected]46488322012-10-30 03:22:20[diff] [blame]116 ContentBrowserClient* old_browser_client_;
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]117};
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]118
[email protected]9f104312013-07-23 23:18:19[diff] [blame]119
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]120TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]121 ChildProcessSecurityPolicyImpl* p =
122 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]123
[email protected]e8ca69c2014-05-07 15:31:19[diff] [blame]124 EXPECT_TRUE(p->IsWebSafeScheme(url::kHttpScheme));
125 EXPECT_TRUE(p->IsWebSafeScheme(url::kHttpsScheme));
[email protected]cca6f392014-05-28 21:32:26[diff] [blame]126 EXPECT_TRUE(p->IsWebSafeScheme(url::kFtpScheme));
127 EXPECT_TRUE(p->IsWebSafeScheme(url::kDataScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]128 EXPECT_TRUE(p->IsWebSafeScheme("feed"));
[email protected]cca6f392014-05-28 21:32:26[diff] [blame]129 EXPECT_TRUE(p->IsWebSafeScheme(url::kBlobScheme));
130 EXPECT_TRUE(p->IsWebSafeScheme(url::kFileSystemScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]131
132 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme"));
133 p->RegisterWebSafeScheme("registered-web-safe-scheme");
134 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]135
[email protected]2d9748b22014-02-11 00:17:29[diff] [blame]136 EXPECT_FALSE(p->IsWebSafeScheme(kChromeUIScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]137}
138
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]139TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]140 ChildProcessSecurityPolicyImpl* p =
141 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]142
[email protected]8e09c7af2014-06-10 11:46:17[diff] [blame]143 EXPECT_TRUE(p->IsPseudoScheme(url::kAboutScheme));
[email protected]cca6f392014-05-28 21:32:26[diff] [blame]144 EXPECT_TRUE(p->IsPseudoScheme(url::kJavaScriptScheme));
[email protected]dbdda5402013-05-30 22:13:48[diff] [blame]145 EXPECT_TRUE(p->IsPseudoScheme(kViewSourceScheme));
jww04480402016-10-25 02:50:33[diff] [blame]146 EXPECT_TRUE(p->IsPseudoScheme(url::kHttpSuboriginScheme));
147 EXPECT_TRUE(p->IsPseudoScheme(url::kHttpsSuboriginScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]148
[email protected]419a0572011-04-18 22:21:46[diff] [blame]149 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme"));
150 p->RegisterPseudoScheme("registered-pseudo-scheme");
151 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]152
[email protected]2d9748b22014-02-11 00:17:29[diff] [blame]153 EXPECT_FALSE(p->IsPseudoScheme(kChromeUIScheme));
[email protected]419a0572011-04-18 22:21:46[diff] [blame]154}
155
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]156TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]157 ChildProcessSecurityPolicyImpl* p =
158 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]159
160 p->Add(kRendererID);
161
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]162 // Safe to request, redirect or commit.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]163 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/")));
164 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/")));
165 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
166 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]167 EXPECT_TRUE(p->CanRequestURL(
168 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]169 EXPECT_TRUE(p->CanRedirectToURL(GURL("http://www.google.com/")));
170 EXPECT_TRUE(p->CanRedirectToURL(GURL("https://www.paypal.com/")));
171 EXPECT_TRUE(p->CanRedirectToURL(GURL("ftp://ftp.gnu.org/")));
172 EXPECT_TRUE(p->CanRedirectToURL(GURL("data:text/html,<b>Hi</b>")));
173 EXPECT_TRUE(
174 p->CanRedirectToURL(GURL("filesystem:http://localhost/temporary/a.gif")));
creis3710b2382015-08-18 00:12:15[diff] [blame]175 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/")));
176 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/")));
177 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
178 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
179 EXPECT_TRUE(p->CanCommitURL(
180 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]181 EXPECT_TRUE(
182 p->CanSetAsOriginHeader(kRendererID, GURL("http://www.google.com/")));
183 EXPECT_TRUE(
184 p->CanSetAsOriginHeader(kRendererID, GURL("https://www.paypal.com/")));
185 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("ftp://ftp.gnu.org/")));
186 EXPECT_TRUE(
187 p->CanSetAsOriginHeader(kRendererID, GURL("data:text/html,<b>Hi</b>")));
188 EXPECT_TRUE(p->CanSetAsOriginHeader(
189 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]190
jww2cdad9e2016-09-24 05:42:02[diff] [blame]191 // Dangerous to request, commit, or set as origin header.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]192 EXPECT_FALSE(p->CanRequestURL(kRendererID,
193 GURL("file:///etc/passwd")));
194 EXPECT_FALSE(p->CanRequestURL(kRendererID,
[email protected]60e448982009-05-06 04:21:16[diff] [blame]195 GURL("chrome://foo/bar")));
meacerce6b66032016-06-02 20:56:05[diff] [blame]196 EXPECT_FALSE(p->CanRequestURL(kRendererID,
197 GURL("view-source:http://www.google.com/")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]198 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
199 EXPECT_TRUE(p->CanRedirectToURL(GURL("chrome://foo/bar")));
200 EXPECT_FALSE(p->CanRedirectToURL(GURL("view-source:http://www.google.com/")));
creis3710b2382015-08-18 00:12:15[diff] [blame]201 EXPECT_FALSE(p->CanCommitURL(kRendererID,
202 GURL("file:///etc/passwd")));
203 EXPECT_FALSE(p->CanCommitURL(kRendererID,
204 GURL("chrome://foo/bar")));
meacerce6b66032016-06-02 20:56:05[diff] [blame]205 EXPECT_FALSE(
206 p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]207 EXPECT_FALSE(
208 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
209 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("chrome://foo/bar")));
210 EXPECT_FALSE(p->CanSetAsOriginHeader(
211 kRendererID, GURL("view-source:http://www.google.com/")));
Alex Moshchuk71f485592017-08-16 16:20:00[diff] [blame]212 EXPECT_FALSE(p->CanRedirectToURL(GURL(kUnreachableWebDataURL)));
213 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL(kUnreachableWebDataURL)));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]214
215 p->Remove(kRendererID);
216}
217
nicka76cc402016-09-22 20:02:59[diff] [blame]218TEST_F(ChildProcessSecurityPolicyTest, BlobSchemeTest) {
219 ChildProcessSecurityPolicyImpl* p =
220 ChildProcessSecurityPolicyImpl::GetInstance();
221
222 p->Add(kRendererID);
223
224 EXPECT_TRUE(
225 p->CanRequestURL(kRendererID, GURL("blob:http://localhost/some-guid")));
226 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("blob:null/some-guid")));
227 EXPECT_TRUE(
228 p->CanRequestURL(kRendererID, GURL("blob:http://localhost/some-guid")));
229 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("blob:NulL/some-guid")));
230 EXPECT_TRUE(
231 p->CanRequestURL(kRendererID, GURL("blob:NulL/some-guid#fragment")));
232 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("blob:NulL/some-guid?query")));
233 EXPECT_TRUE(
234 p->CanRequestURL(kRendererID, GURL("blob:blobinternal://some-guid")));
235 EXPECT_FALSE(p->CanRequestURL(
236 kRendererID, GURL("blob:http://username@localhost/some-guid")));
237 EXPECT_FALSE(p->CanRequestURL(
238 kRendererID, GURL("blob:http://username @localhost/some-guid")));
239 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("blob:blob:some-guid")));
240 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("blob:some-guid")));
241 EXPECT_FALSE(p->CanRequestURL(kRendererID,
242 GURL("blob:filesystem:http://localhost/path")));
243 EXPECT_FALSE(p->CanRequestURL(kRendererID,
244 GURL("filesystem:blob:http://localhost/guid")));
245
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]246 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:http://localhost/some-guid")));
247 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:null/some-guid")));
248 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:http://localhost/some-guid")));
249 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:NulL/some-guid")));
250 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:NulL/some-guid#fragment")));
251 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:NulL/some-guid?query")));
252 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:blobinternal://some-guid")));
253 EXPECT_TRUE(
254 p->CanRedirectToURL(GURL("blob:http://username@localhost/some-guid")));
255 EXPECT_TRUE(p->CanRedirectToURL(
256 GURL("blob:http://username @localhost/some-guid")));
257 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:blob:some-guid")));
258 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:some-guid")));
259 EXPECT_TRUE(
260 p->CanRedirectToURL(GURL("blob:filesystem:http://localhost/path")));
261 EXPECT_FALSE(
262 p->CanRedirectToURL(GURL("filesystem:blob:http://localhost/guid")));
263
nicka76cc402016-09-22 20:02:59[diff] [blame]264 EXPECT_TRUE(
265 p->CanCommitURL(kRendererID, GURL("blob:http://localhost/some-guid")));
266 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("blob:null/some-guid")));
267 EXPECT_TRUE(
268 p->CanCommitURL(kRendererID, GURL("blob:http://localhost/some-guid")));
269 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("blob:NulL/some-guid")));
270 EXPECT_TRUE(
271 p->CanCommitURL(kRendererID, GURL("blob:NulL/some-guid#fragment")));
272 EXPECT_TRUE(
273 p->CanCommitURL(kRendererID, GURL("blob:blobinternal://some-guid")));
274 EXPECT_FALSE(p->CanCommitURL(
275 kRendererID, GURL("blob:http://username@localhost/some-guid")));
276 EXPECT_FALSE(p->CanCommitURL(
277 kRendererID, GURL("blob:http://username @localhost/some-guid")));
278 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("blob:blob:some-guid")));
279 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("blob:some-guid")));
280 EXPECT_FALSE(p->CanCommitURL(kRendererID,
281 GURL("blob:filesystem:http://localhost/path")));
282 EXPECT_FALSE(p->CanCommitURL(kRendererID,
283 GURL("filesystem:blob:http://localhost/guid")));
284
285 p->Remove(kRendererID);
286}
287
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]288TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]289 ChildProcessSecurityPolicyImpl* p =
290 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]291
292 p->Add(kRendererID);
293
294 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank")));
arthursonzogniee7f43b2016-12-06 10:52:29[diff] [blame]295 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:BlAnK")));
296 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]297 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]298 EXPECT_TRUE(p->CanRedirectToURL(GURL("about:blank")));
299 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:BlAnK")));
300 EXPECT_FALSE(p->CanRedirectToURL(GURL("aBouT:BlAnK")));
301 EXPECT_TRUE(p->CanRedirectToURL(GURL("aBouT:blank")));
creis3710b2382015-08-18 00:12:15[diff] [blame]302 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:blank")));
arthursonzogniee7f43b2016-12-06 10:52:29[diff] [blame]303 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:BlAnK")));
304 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK")));
creis3710b2382015-08-18 00:12:15[diff] [blame]305 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:blank")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]306 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("about:blank")));
arthursonzogniee7f43b2016-12-06 10:52:29[diff] [blame]307 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:BlAnK")));
308 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:BlAnK")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]309 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:blank")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]310
arthursonzogniee7f43b2016-12-06 10:52:29[diff] [blame]311 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:srcdoc")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]312 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:srcdoc")));
arthursonzogniee7f43b2016-12-06 10:52:29[diff] [blame]313 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:srcdoc")));
314 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:srcdoc")));
315 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:SRCDOC")));
316 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:SRCDOC")));
317 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:SRCDOC")));
318
[email protected]ed3456f2009-02-26 20:24:48[diff] [blame]319 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
320 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
321 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang")));
asvitkine2c4b4d1a2016-03-19 14:18:07[diff] [blame]322 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:version")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]323 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:crash")));
324 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:cache")));
325 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:hang")));
326 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:version")));
creis3710b2382015-08-18 00:12:15[diff] [blame]327 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash")));
328 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:cache")));
329 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:hang")));
asvitkine2c4b4d1a2016-03-19 14:18:07[diff] [blame]330 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:version")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]331 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash")));
332 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:cache")));
333 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:hang")));
334 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:version")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]335
asvitkine2c4b4d1a2016-03-19 14:18:07[diff] [blame]336 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:version")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]337 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
338 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]339 EXPECT_FALSE(p->CanRedirectToURL(GURL("aBoUt:version")));
340 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:CrASh")));
341 EXPECT_FALSE(p->CanRedirectToURL(GURL("abOuT:cAChe")));
asvitkine2c4b4d1a2016-03-19 14:18:07[diff] [blame]342 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version")));
creis3710b2382015-08-18 00:12:15[diff] [blame]343 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:CrASh")));
344 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("abOuT:cAChe")));
asvitkine2c4b4d1a2016-03-19 14:18:07[diff] [blame]345 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]346 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version")));
347 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:CrASh")));
348 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("abOuT:cAChe")));
349 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]350
[email protected]8bf1048012012-02-08 01:22:18[diff] [blame]351 // Requests for about: pages should be denied.
352 p->GrantRequestURL(kRendererID, GURL("about:crash"));
353 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]354 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:crash")));
creis3710b2382015-08-18 00:12:15[diff] [blame]355 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]356 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]357
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]358 // These requests for chrome:// pages should be granted.
[email protected]e068c2d2012-10-23 16:45:18[diff] [blame]359 GURL chrome_url("chrome://foo");
360 p->GrantRequestURL(kRendererID, chrome_url);
361 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]362 EXPECT_TRUE(p->CanRedirectToURL(GURL(chrome_url)));
creis3710b2382015-08-18 00:12:15[diff] [blame]363 EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]364 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, chrome_url));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]365
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]366 p->Remove(kRendererID);
367}
368
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]369TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]370 ChildProcessSecurityPolicyImpl* p =
371 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]372
373 p->Add(kRendererID);
374
375 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]376 EXPECT_FALSE(p->CanRedirectToURL(GURL("javascript:alert('xss')")));
creis3710b2382015-08-18 00:12:15[diff] [blame]377 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]378 EXPECT_FALSE(
379 p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]380 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
381 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]382 EXPECT_FALSE(p->CanRedirectToURL(GURL("javascript:alert('xss')")));
creis3710b2382015-08-18 00:12:15[diff] [blame]383 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]384 EXPECT_FALSE(
385 p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')")));
386
387 p->Remove(kRendererID);
388}
389
390TEST_F(ChildProcessSecurityPolicyTest, SuboriginTest) {
391 ChildProcessSecurityPolicyImpl* p =
392 ChildProcessSecurityPolicyImpl::GetInstance();
393
394 p->Add(kRendererID);
395
396 // Suborigin URLs are not requestable or committable.
397 EXPECT_FALSE(
398 p->CanRequestURL(kRendererID, GURL("http-so://foobar.example.com")));
399 EXPECT_FALSE(
400 p->CanRequestURL(kRendererID, GURL("https-so://foobar.example.com")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]401 EXPECT_FALSE(p->CanRedirectToURL(GURL("http-so://foobar.example.com")));
402 EXPECT_FALSE(p->CanRedirectToURL(GURL("https-so://foobar.example.com")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]403 EXPECT_FALSE(
404 p->CanCommitURL(kRendererID, GURL("http-so://foobar.example.com")));
405 EXPECT_FALSE(
406 p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com")));
407
408 // It's not possible to grant suborigins requestable status.
409 p->GrantRequestURL(kRendererID, GURL("https-so://foobar.example.com"));
410 EXPECT_FALSE(
411 p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com")));
412
413 // Suborigin URLs are valid origin headers.
414 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID,
415 GURL("http-so://foobar.example.com")));
416 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID,
417 GURL("https-so://foobar.example.com")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]418
419 p->Remove(kRendererID);
420}
421
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]422TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]423 ChildProcessSecurityPolicyImpl* p =
424 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]425
426 p->Add(kRendererID);
427
creis3710b2382015-08-18 00:12:15[diff] [blame]428 // Currently, "asdf" is destined for ShellExecute, so it is allowed to be
429 // requested but not committed.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]430 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]431 EXPECT_TRUE(p->CanRedirectToURL(GURL("asdf:rockers")));
creis3710b2382015-08-18 00:12:15[diff] [blame]432 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]433 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]434
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]435 // Once we register "asdf", we default to deny.
436 RegisterTestScheme("asdf");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]437 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]438 EXPECT_TRUE(p->CanRedirectToURL(GURL("asdf:rockers")));
creis3710b2382015-08-18 00:12:15[diff] [blame]439 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]440 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]441
442 // We can allow new schemes by adding them to the whitelist.
443 p->RegisterWebSafeScheme("asdf");
444 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]445 EXPECT_TRUE(p->CanRedirectToURL(GURL("asdf:rockers")));
creis3710b2382015-08-18 00:12:15[diff] [blame]446 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]447 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]448
449 // Cleanup.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]450 p->Remove(kRendererID);
451}
452
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]453TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]454 ChildProcessSecurityPolicyImpl* p =
455 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]456
457 p->Add(kRendererID);
458
459 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]460 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
creis3710b2382015-08-18 00:12:15[diff] [blame]461 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]462 EXPECT_FALSE(
463 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]464 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
465 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]466 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
creis3710b2382015-08-18 00:12:15[diff] [blame]467 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]468 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]469
470 // We should forget our state if we repeat a renderer id.
471 p->Remove(kRendererID);
472 p->Add(kRendererID);
473 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]474 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
creis3710b2382015-08-18 00:12:15[diff] [blame]475 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]476 EXPECT_FALSE(
477 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]478 p->Remove(kRendererID);
479}
480
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]481TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]482 ChildProcessSecurityPolicyImpl* p =
483 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]484
485 p->Add(kRendererID);
486
meacerce6b66032016-06-02 20:56:05[diff] [blame]487 // Child processes cannot request view source URLs.
488 EXPECT_FALSE(p->CanRequestURL(kRendererID,
489 GURL("view-source:http://www.google.com/")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]490 EXPECT_FALSE(p->CanRequestURL(kRendererID,
491 GURL("view-source:file:///etc/passwd")));
492 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
[email protected]690d0a9172010-01-06 00:19:36[diff] [blame]493 EXPECT_FALSE(p->CanRequestURL(
494 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]495
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]496 // Child processes cannot be redirected to view source URLs.
497 EXPECT_FALSE(p->CanRedirectToURL(GURL("view-source:http://www.google.com/")));
498 EXPECT_FALSE(p->CanRedirectToURL(GURL("view-source:file:///etc/passwd")));
499 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
500 EXPECT_FALSE(p->CanRedirectToURL(
501 GURL("view-source:view-source:http://www.google.com/")));
502
creis3710b2382015-08-18 00:12:15[diff] [blame]503 // View source URLs don't actually commit; the renderer is put into view
504 // source mode, and the inner URL commits.
505 EXPECT_FALSE(p->CanCommitURL(kRendererID,
506 GURL("view-source:http://www.google.com/")));
507 EXPECT_FALSE(p->CanCommitURL(kRendererID,
508 GURL("view-source:file:///etc/passwd")));
509 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
510 EXPECT_FALSE(p->CanCommitURL(
511 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
512
jww2cdad9e2016-09-24 05:42:02[diff] [blame]513 // View source URLs should not be setable as origin headers
514 EXPECT_FALSE(p->CanSetAsOriginHeader(
515 kRendererID, GURL("view-source:http://www.google.com/")));
516 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID,
517 GURL("view-source:file:///etc/passwd")));
518 EXPECT_FALSE(
519 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
520 EXPECT_FALSE(p->CanSetAsOriginHeader(
521 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
522
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]523 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
meacerce6b66032016-06-02 20:56:05[diff] [blame]524 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]525 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
meacerce6b66032016-06-02 20:56:05[diff] [blame]526 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
527 EXPECT_FALSE(
jww2cdad9e2016-09-24 05:42:02[diff] [blame]528 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
529 EXPECT_FALSE(
meacerce6b66032016-06-02 20:56:05[diff] [blame]530 p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]531 EXPECT_FALSE(p->CanRedirectToURL(GURL("view-source:file:///etc/passwd")));
creis3710b2382015-08-18 00:12:15[diff] [blame]532 EXPECT_FALSE(p->CanCommitURL(kRendererID,
533 GURL("view-source:file:///etc/passwd")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]534 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID,
535 GURL("view-source:file:///etc/passwd")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]536 p->Remove(kRendererID);
537}
538
[email protected]dc67e1c32012-06-08 00:10:40[diff] [blame]539TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
540 ChildProcessSecurityPolicyImpl* p =
541 ChildProcessSecurityPolicyImpl::GetInstance();
542
543 p->Add(kRendererID);
544
545 GURL icon_url("file:///tmp/foo.png");
546 GURL sensitive_url("file:///etc/passwd");
547 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url));
548 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]549 EXPECT_TRUE(p->CanRedirectToURL(icon_url));
550 EXPECT_TRUE(p->CanRedirectToURL(sensitive_url));
creis3710b2382015-08-18 00:12:15[diff] [blame]551 EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url));
552 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]553 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, icon_url));
554 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
[email protected]dc67e1c32012-06-08 00:10:40[diff] [blame]555
556 p->GrantRequestSpecificFileURL(kRendererID, icon_url);
557 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
558 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]559 EXPECT_TRUE(p->CanRedirectToURL(icon_url));
560 EXPECT_TRUE(p->CanRedirectToURL(sensitive_url));
creis3710b2382015-08-18 00:12:15[diff] [blame]561 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url));
562 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]563 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url));
564 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
[email protected]dc67e1c32012-06-08 00:10:40[diff] [blame]565
566 p->GrantRequestURL(kRendererID, icon_url);
567 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
568 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]569 EXPECT_TRUE(p->CanRedirectToURL(icon_url));
570 EXPECT_TRUE(p->CanRedirectToURL(sensitive_url));
creis3710b2382015-08-18 00:12:15[diff] [blame]571 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url));
572 EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]573 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url));
574 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
[email protected]dc67e1c32012-06-08 00:10:40[diff] [blame]575
576 p->Remove(kRendererID);
577}
578
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]579TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) {
580 ChildProcessSecurityPolicyImpl* p =
581 ChildProcessSecurityPolicyImpl::GetInstance();
582
583 p->Add(kRendererID);
[email protected]cd501a72014-08-22 19:58:31[diff] [blame]584 std::string read_id =
585 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
586 storage::kFileSystemTypeTest, "read_filesystem", base::FilePath());
587 std::string read_write_id =
588 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
589 storage::kFileSystemTypeTest,
590 "read_write_filesystem",
591 base::FilePath());
592 std::string copy_into_id =
593 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
594 storage::kFileSystemTypeTest,
595 "copy_into_filesystem",
596 base::FilePath());
597 std::string delete_from_id =
598 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
599 storage::kFileSystemTypeTest,
600 "delete_from_filesystem",
601 base::FilePath());
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]602
603 // Test initially having no permissions.
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]604 CheckHasNoFileSystemPermission(p, read_id);
605 CheckHasNoFileSystemPermission(p, read_write_id);
606 CheckHasNoFileSystemPermission(p, copy_into_id);
607 CheckHasNoFileSystemPermission(p, delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]608
609 // Testing varying combinations of grants and checks.
610 p->GrantReadFileSystem(kRendererID, read_id);
611 EXPECT_TRUE(p->CanReadFileSystem(kRendererID, read_id));
612 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, read_id));
613 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, read_id));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]614 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, read_id));
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]615
616 p->GrantReadFileSystem(kRendererID, read_write_id);
617 p->GrantWriteFileSystem(kRendererID, read_write_id);
618 EXPECT_TRUE(p->CanReadFileSystem(kRendererID, read_write_id));
619 EXPECT_TRUE(p->CanReadWriteFileSystem(kRendererID, read_write_id));
620 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, read_write_id));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]621 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, read_write_id));
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]622
623 p->GrantCopyIntoFileSystem(kRendererID, copy_into_id);
624 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, copy_into_id));
625 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, copy_into_id));
626 EXPECT_TRUE(p->CanCopyIntoFileSystem(kRendererID, copy_into_id));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]627 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, copy_into_id));
628
629 p->GrantDeleteFromFileSystem(kRendererID, delete_from_id);
630 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, delete_from_id));
631 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, delete_from_id));
632 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, delete_from_id));
633 EXPECT_TRUE(p->CanDeleteFromFileSystem(kRendererID, delete_from_id));
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]634
635 // Test revoke permissions on renderer ID removal.
636 p->Remove(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]637 CheckHasNoFileSystemPermission(p, read_id);
638 CheckHasNoFileSystemPermission(p, read_write_id);
639 CheckHasNoFileSystemPermission(p, copy_into_id);
640 CheckHasNoFileSystemPermission(p, delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]641
642 // Test having no permissions upon re-adding same renderer ID.
643 p->Add(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]644 CheckHasNoFileSystemPermission(p, read_id);
645 CheckHasNoFileSystemPermission(p, read_write_id);
646 CheckHasNoFileSystemPermission(p, copy_into_id);
647 CheckHasNoFileSystemPermission(p, delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]648
649 // Cleanup.
650 p->Remove(kRendererID);
[email protected]cd501a72014-08-22 19:58:31[diff] [blame]651 storage::IsolatedContext::GetInstance()->RevokeFileSystem(read_id);
652 storage::IsolatedContext::GetInstance()->RevokeFileSystem(read_write_id);
653 storage::IsolatedContext::GetInstance()->RevokeFileSystem(copy_into_id);
654 storage::IsolatedContext::GetInstance()->RevokeFileSystem(delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]655}
656
[email protected]9f104312013-07-23 23:18:19[diff] [blame]657TEST_F(ChildProcessSecurityPolicyTest, FilePermissionGrantingAndRevoking) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]658 ChildProcessSecurityPolicyImpl* p =
659 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]660
[email protected]9f104312013-07-23 23:18:19[diff] [blame]661 p->RegisterFileSystemPermissionPolicy(
[email protected]cd501a72014-08-22 19:58:31[diff] [blame]662 storage::kFileSystemTypeTest,
663 storage::FILE_PERMISSION_USE_FILE_PERMISSION);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]664
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]665 p->Add(kRendererID);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]666 base::FilePath file(TEST_PATH("/dir/testfile"));
667 file = file.NormalizePathSeparators();
[email protected]cd501a72014-08-22 19:58:31[diff] [blame]668 storage::FileSystemURL url = storage::FileSystemURL::CreateForTest(
669 GURL("http://foo/"), storage::kFileSystemTypeTest, file);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]670
[email protected]9f104312013-07-23 23:18:19[diff] [blame]671 // Test initially having no permissions.
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]672 CheckHasNoFileSystemFilePermission(p, file, url);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]673
[email protected]9f104312013-07-23 23:18:19[diff] [blame]674 // Testing every combination of permissions granting and revoking.
675 p->GrantReadFile(kRendererID, file);
676 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]677 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, file));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]678 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, url));
679 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, url));
680 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, url));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]681 EXPECT_FALSE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]682 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, url));
683 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, url));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]684 p->RevokeAllPermissionsForFile(kRendererID, file);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]685 CheckHasNoFileSystemFilePermission(p, file, url);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]686
687 p->GrantCreateReadWriteFile(kRendererID, file);
688 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]689 EXPECT_TRUE(p->CanCreateReadWriteFile(kRendererID, file));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]690 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, url));
691 EXPECT_TRUE(p->CanWriteFileSystemFile(kRendererID, url));
692 EXPECT_TRUE(p->CanCreateFileSystemFile(kRendererID, url));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]693 EXPECT_TRUE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]694 EXPECT_TRUE(p->CanCopyIntoFileSystemFile(kRendererID, url));
695 EXPECT_TRUE(p->CanDeleteFileSystemFile(kRendererID, url));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]696 p->RevokeAllPermissionsForFile(kRendererID, file);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]697 CheckHasNoFileSystemFilePermission(p, file, url);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]698
699 // Test revoke permissions on renderer ID removal.
700 p->GrantCreateReadWriteFile(kRendererID, file);
701 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]702 EXPECT_TRUE(p->CanCreateReadWriteFile(kRendererID, file));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]703 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, url));
704 EXPECT_TRUE(p->CanWriteFileSystemFile(kRendererID, url));
705 EXPECT_TRUE(p->CanCreateFileSystemFile(kRendererID, url));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]706 EXPECT_TRUE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]707 EXPECT_TRUE(p->CanCopyIntoFileSystemFile(kRendererID, url));
708 EXPECT_TRUE(p->CanDeleteFileSystemFile(kRendererID, url));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]709 p->Remove(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]710 CheckHasNoFileSystemFilePermission(p, file, url);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]711
712 // Test having no permissions upon re-adding same renderer ID.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]713 p->Add(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]714 CheckHasNoFileSystemFilePermission(p, file, url);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]715
[email protected]9f104312013-07-23 23:18:19[diff] [blame]716 // Cleanup.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]717 p->Remove(kRendererID);
718}
719
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]720TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
[email protected]c42de732013-02-16 06:26:31[diff] [blame]721 base::FilePath granted_file = base::FilePath(TEST_PATH("/home/joe"));
722 base::FilePath sibling_file = base::FilePath(TEST_PATH("/home/bob"));
723 base::FilePath child_file = base::FilePath(TEST_PATH("/home/joe/file"));
724 base::FilePath parent_file = base::FilePath(TEST_PATH("/home"));
725 base::FilePath parent_slash_file = base::FilePath(TEST_PATH("/home/"));
726 base::FilePath child_traversal1 =
727 base::FilePath(TEST_PATH("/home/joe/././file"));
728 base::FilePath child_traversal2 = base::FilePath(
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]729 TEST_PATH("/home/joe/file/../otherfile"));
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]730 base::FilePath evil_traversal1 =
[email protected]023ad6ab2013-02-17 05:07:23[diff] [blame]731 base::FilePath(TEST_PATH("/home/joe/../../etc/passwd"));
[email protected]c42de732013-02-16 06:26:31[diff] [blame]732 base::FilePath evil_traversal2 = base::FilePath(
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]733 TEST_PATH("/home/joe/./.././../etc/passwd"));
[email protected]c42de732013-02-16 06:26:31[diff] [blame]734 base::FilePath self_traversal =
735 base::FilePath(TEST_PATH("/home/joe/../joe/file"));
736 base::FilePath relative_file = base::FilePath(FILE_PATH_LITERAL("home/joe"));
[email protected]80838412012-11-20 01:53:59[diff] [blame]737
[email protected]b9535422012-02-09 01:47:59[diff] [blame]738 ChildProcessSecurityPolicyImpl* p =
739 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]740
741 // Grant permissions for a file.
742 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]743 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]744 base::File::FLAG_OPEN));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]745
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]746 GrantPermissionsForFile(p, kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]747 base::File::FLAG_OPEN |
748 base::File::FLAG_OPEN_TRUNCATED |
749 base::File::FLAG_READ |
750 base::File::FLAG_WRITE);
[email protected]80838412012-11-20 01:53:59[diff] [blame]751 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]752 base::File::FLAG_OPEN |
753 base::File::FLAG_OPEN_TRUNCATED |
754 base::File::FLAG_READ |
755 base::File::FLAG_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame]756 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]757 base::File::FLAG_OPEN |
758 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]759 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]760 base::File::FLAG_CREATE));
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]761 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, 0));
[email protected]80838412012-11-20 01:53:59[diff] [blame]762 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]763 base::File::FLAG_CREATE |
764 base::File::FLAG_OPEN_TRUNCATED |
765 base::File::FLAG_READ |
766 base::File::FLAG_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame]767 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]768 base::File::FLAG_OPEN |
769 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]770 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]771 base::File::FLAG_OPEN |
772 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]773 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]774 base::File::FLAG_OPEN |
775 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]776 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]777 base::File::FLAG_OPEN |
778 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]779 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]780 base::File::FLAG_OPEN |
781 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]782 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]783 base::File::FLAG_OPEN |
784 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]785 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]786 base::File::FLAG_OPEN |
787 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]788 // CPSP doesn't allow this case for the sake of simplicity.
789 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]790 base::File::FLAG_OPEN |
791 base::File::FLAG_READ));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]792 p->Remove(kRendererID);
793
794 // Grant permissions for the directory the file is in.
795 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]796 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]797 base::File::FLAG_OPEN));
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]798 GrantPermissionsForFile(p, kRendererID, parent_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]799 base::File::FLAG_OPEN |
800 base::File::FLAG_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]801 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]802 base::File::FLAG_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]803 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]804 base::File::FLAG_READ |
805 base::File::FLAG_WRITE));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]806 p->Remove(kRendererID);
807
808 // Grant permissions for the directory the file is in (with trailing '/').
809 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]810 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]811 base::File::FLAG_OPEN));
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]812 GrantPermissionsForFile(p, kRendererID, parent_slash_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]813 base::File::FLAG_OPEN |
814 base::File::FLAG_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]815 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]816 base::File::FLAG_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]817 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]818 base::File::FLAG_READ |
819 base::File::FLAG_WRITE));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]820
821 // Grant permissions for the file (should overwrite the permissions granted
822 // for the directory).
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]823 GrantPermissionsForFile(p, kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]824 base::File::FLAG_TEMPORARY);
[email protected]80838412012-11-20 01:53:59[diff] [blame]825 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]826 base::File::FLAG_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]827 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]828 base::File::FLAG_TEMPORARY));
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]829
830 // Revoke all permissions for the file (it should inherit its permissions
831 // from the directory again).
[email protected]80838412012-11-20 01:53:59[diff] [blame]832 p->RevokeAllPermissionsForFile(kRendererID, granted_file);
833 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]834 base::File::FLAG_OPEN |
835 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]836 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]837 base::File::FLAG_TEMPORARY));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]838 p->Remove(kRendererID);
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]839
840 // Grant file permissions for the file to main thread renderer process,
841 // make sure its worker thread renderer process inherits those.
842 p->Add(kRendererID);
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]843 GrantPermissionsForFile(p, kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]844 base::File::FLAG_OPEN |
845 base::File::FLAG_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]846 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]847 base::File::FLAG_OPEN |
848 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]849 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]850 base::File::FLAG_WRITE));
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]851 p->AddWorker(kWorkerRendererID, kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]852 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]853 base::File::FLAG_OPEN |
854 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]855 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]856 base::File::FLAG_WRITE));
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]857 p->Remove(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]858 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]859 base::File::FLAG_OPEN |
860 base::File::FLAG_READ));
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]861 p->Remove(kWorkerRendererID);
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]862
863 p->Add(kRendererID);
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]864 GrantPermissionsForFile(p, kRendererID, relative_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]865 base::File::FLAG_OPEN);
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]866 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, relative_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]867 base::File::FLAG_OPEN));
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]868 p->Remove(kRendererID);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]869}
870
[email protected]c50008512011-02-03 01:17:27[diff] [blame]871TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]872 ChildProcessSecurityPolicyImpl* p =
873 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]874
[email protected]60e448982009-05-06 04:21:16[diff] [blame]875 GURL url("chrome://thumb/http://www.google.com/");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]876
877 p->Add(kRendererID);
878
[email protected]c50008512011-02-03 01:17:27[diff] [blame]879 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]880 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]881 EXPECT_TRUE(p->CanRedirectToURL(url));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]882 p->GrantWebUIBindings(kRendererID);
883 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]884 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]885 EXPECT_TRUE(p->CanRedirectToURL(url));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]886
887 p->Remove(kRendererID);
888}
889
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]890TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]891 ChildProcessSecurityPolicyImpl* p =
892 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]893
894 GURL url("file:///etc/passwd");
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]895 base::FilePath file(TEST_PATH("/etc/passwd"));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]896
897 p->Add(kRendererID);
898
899 p->GrantRequestURL(kRendererID, url);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]900 p->GrantReadFile(kRendererID, file);
[email protected]c50008512011-02-03 01:17:27[diff] [blame]901 p->GrantWebUIBindings(kRendererID);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]902
903 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]904 EXPECT_TRUE(p->CanRedirectToURL(url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]905 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]906 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]907
908 p->Remove(kRendererID);
909
910 // Renderers are added and removed on the UI thread, but the policy can be
[email protected]580522632009-08-17 21:55:55[diff] [blame]911 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be
912 // prepared to answer policy questions about renderers who no longer exist.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]913
914 // In this case, we default to secure behavior.
915 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]916 EXPECT_TRUE(p->CanRedirectToURL(url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]917 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]918 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]919}
[email protected]46488322012-10-30 03:22:20[diff] [blame]920
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]921// Test the granting of origin permissions, and their interactions with
922// granting scheme permissions.
923TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) {
924 ChildProcessSecurityPolicyImpl* p =
925 ChildProcessSecurityPolicyImpl::GetInstance();
926
927 p->Add(kRendererID);
928
929 GURL url_foo1("chrome://foo/resource1");
930 GURL url_foo2("chrome://foo/resource2");
931 GURL url_bar("chrome://bar/resource3");
932
933 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo1));
934 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo2));
935 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]936 EXPECT_TRUE(p->CanRedirectToURL(url_foo1));
937 EXPECT_TRUE(p->CanRedirectToURL(url_foo2));
938 EXPECT_TRUE(p->CanRedirectToURL(url_bar));
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]939 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1));
940 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2));
941 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]942 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
943 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
944 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar));
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]945
Daniel Cheng88186bd52017-10-20 08:14:46[diff] [blame]946 p->GrantOrigin(kRendererID, url::Origin::Create(url_foo1));
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]947
948 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1));
949 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2));
950 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]951 EXPECT_TRUE(p->CanRedirectToURL(url_foo1));
952 EXPECT_TRUE(p->CanRedirectToURL(url_foo2));
953 EXPECT_TRUE(p->CanRedirectToURL(url_bar));
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]954 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1));
955 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2));
956 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]957 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
958 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
959 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar));
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]960
961 p->GrantScheme(kRendererID, kChromeUIScheme);
962
963 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1));
964 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2));
965 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]966 EXPECT_TRUE(p->CanRedirectToURL(url_foo1));
967 EXPECT_TRUE(p->CanRedirectToURL(url_foo2));
968 EXPECT_TRUE(p->CanRedirectToURL(url_bar));
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]969 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1));
970 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2));
971 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]972 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
973 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
974 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_bar));
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]975
976 p->Remove(kRendererID);
977}
Lukasz Anforowicz0672f8a2017-11-30 01:07:06[diff] [blame]978// Verifies ChildProcessSecurityPolicyImpl::AddIsolatedOrigins method.
979TEST_F(ChildProcessSecurityPolicyTest, AddIsolatedOrigins) {
980 url::Origin foo = url::Origin::Create(GURL("https://foo.com/"));
981 url::Origin bar = url::Origin::Create(GURL("https://bar.com/"));
982 url::Origin baz = url::Origin::Create(GURL("https://baz.com/"));
983 url::Origin foobar = url::Origin::Create(GURL("https://foobar.com/"));
984 url::Origin baz_http_8000 = url::Origin::Create(GURL("http://baz.com:8000/"));
985 url::Origin baz_https_8000 =
986 url::Origin::Create(GURL("https://baz.com:8000/"));
987 url::Origin invalid_etld = url::Origin::Create(GURL("https://gov/"));
988 ChildProcessSecurityPolicyImpl* p =
989 ChildProcessSecurityPolicyImpl::GetInstance();
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]990
Lukasz Anforowicz0672f8a2017-11-30 01:07:06[diff] [blame]991 // Initially there should be no isolated origins.
992 EXPECT_THAT(p->isolated_origins_, testing::IsEmpty());
alexmos3b9ad102017-05-26 23:41:08[diff] [blame]993
Lukasz Anforowicz0672f8a2017-11-30 01:07:06[diff] [blame]994 // Verify deduplication of the argument.
995 p->AddIsolatedOrigins({foo, bar, bar});
996 EXPECT_THAT(p->isolated_origins_, testing::UnorderedElementsAre(foo, bar));
alexmos3b9ad102017-05-26 23:41:08[diff] [blame]997
Lukasz Anforowicz0672f8a2017-11-30 01:07:06[diff] [blame]998 // Verify that the old set is extended (not replaced).
999 p->AddIsolatedOrigins({baz});
1000 EXPECT_THAT(p->isolated_origins_,
1001 testing::UnorderedElementsAre(foo, bar, baz));
1002
1003 // Verify deduplication against the old set.
1004 p->AddIsolatedOrigins({foo});
1005 EXPECT_THAT(p->isolated_origins_,
1006 testing::UnorderedElementsAre(foo, bar, baz));
1007
1008 // Verify deduplication considers scheme and port differences.
1009 p->AddIsolatedOrigins({baz, baz_http_8000, baz_https_8000});
1010 EXPECT_THAT(p->isolated_origins_,
1011 testing::UnorderedElementsAre(foo, bar, baz, baz_http_8000,
1012 baz_https_8000));
1013
1014 // Verify that adding an origin that is invalid for isolation will 1) log a
1015 // warning and 2) won't CHECK or crash the browser process, 3) will not add
1016 // the invalid origin, but will add the remaining origins passed to
1017 // AddIsolatedOrigins.
1018 {
1019 base::test::MockLog mock_log;
1020 EXPECT_CALL(mock_log,
1021 Log(::logging::LOG_ERROR, testing::_, testing::_, testing::_,
1022 testing::HasSubstr(invalid_etld.Serialize())))
1023 .Times(1);
1024
1025 mock_log.StartCapturingLogs();
1026 p->AddIsolatedOrigins({foobar, invalid_etld});
1027 EXPECT_THAT(p->isolated_origins_,
1028 testing::UnorderedElementsAre(foo, bar, baz, baz_http_8000,
1029 baz_https_8000, foobar));
1030 }
alexmos3b9ad102017-05-26 23:41:08[diff] [blame]1031}
1032
[email protected]46488322012-10-30 03:22:20[diff] [blame]1033} // namespace content