Google Git
Sign in
chromium / chromium / src.git / 46fb94424addb322c7dfad1e8eba462baf0cdcb7 / . / content / browser / child_process_security_policy_unittest.cc
blob: 032978f53820da06baee1cb08c281029caf2d811 [file] [log] [blame]
[email protected]cbe04ef2011-01-11 00:13:24[diff] [blame]1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
license.botbf09a502008-08-24 00:55:55[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]4
[email protected]46fb9442011-12-09 17:57:47[diff] [blame^]5#include <set>
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]6#include <string>
7
8#include "base/basictypes.h"
[email protected]561abe62009-04-06 18:08:34[diff] [blame]9#include "base/file_path.h"
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]10#include "base/platform_file.h"
[email protected]df8e899b2011-02-22 22:58:22[diff] [blame]11#include "content/browser/child_process_security_policy.h"
[email protected]46fb9442011-12-09 17:57:47[diff] [blame^]12#include "content/browser/mock_content_browser_client.h"
[email protected]a30f7d32011-05-24 19:38:31[diff] [blame]13#include "content/common/test_url_constants.h"
[email protected]a1d29162011-10-14 17:14:03[diff] [blame]14#include "content/public/common/url_constants.h"
[email protected]46fb9442011-12-09 17:57:47[diff] [blame^]15#include "googleurl/src/gurl.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]16#include "testing/gtest/include/gtest/gtest.h"
17
[email protected]46fb9442011-12-09 17:57:47[diff] [blame^]18namespace {
19
20const int kRendererID = 42;
21const int kWorkerRendererID = kRendererID + 1;
22
23class ChildProcessSecurityPolicyTestBrowserClient
24 : public content::MockContentBrowserClient {
25 public:
26 ChildProcessSecurityPolicyTestBrowserClient() {}
27
28 virtual bool IsHandledURL(const GURL& url) {
29 return schemes_.find(url.scheme()) != schemes_.end();
[email protected]e3539402011-07-19 09:31:08[diff] [blame]30 }
31
[email protected]46fb9442011-12-09 17:57:47[diff] [blame^]32 void ClearSchemes() {
33 schemes_.clear();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]34 }
[email protected]46fb9442011-12-09 17:57:47[diff] [blame^]35
36 void AddScheme(const std::string& scheme) {
37 schemes_.insert(scheme);
38 }
39
40 private:
41 std::set<std::string> schemes_;
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]42};
43
[email protected]46fb9442011-12-09 17:57:47[diff] [blame^]44} // namespace
45
46class ChildProcessSecurityPolicyTest : public testing::Test {
47 public:
48 ChildProcessSecurityPolicyTest() : old_browser_client_(NULL) {
49 }
50
51 virtual void SetUp() {
52 old_browser_client_ = content::GetContentClient()->browser();
53 content::GetContentClient()->set_browser(&test_browser_client_);
54
55 // Claim to always handle chrome:// URLs because the CPSP's notion of
56 // allowing WebUI bindings is hard-wired to this particular scheme.
57 test_browser_client_.AddScheme("chrome");
58 }
59
60 virtual void TearDown() {
61 test_browser_client_.ClearSchemes();
62 content::GetContentClient()->set_browser(old_browser_client_);
63 }
64
65 protected:
66 void RegisterTestScheme(const std::string& scheme) {
67 test_browser_client_.AddScheme(scheme);
68 }
69
70 private:
71 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_;
72 content::ContentBrowserClient* old_browser_client_;
73};
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]74
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]75TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) {
76 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]77
[email protected]e0d481582009-09-15 21:06:25[diff] [blame]78 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpScheme));
79 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpsScheme));
80 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFtpScheme));
81 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]82 EXPECT_TRUE(p->IsWebSafeScheme("feed"));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]83 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme));
84 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFileSystemScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]85
86 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme"));
87 p->RegisterWebSafeScheme("registered-web-safe-scheme");
88 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]89
90 EXPECT_FALSE(p->IsWebSafeScheme(chrome::kChromeUIScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]91}
92
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]93TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
94 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]95
[email protected]e0d481582009-09-15 21:06:25[diff] [blame]96 EXPECT_TRUE(p->IsPseudoScheme(chrome::kAboutScheme));
97 EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme));
98 EXPECT_TRUE(p->IsPseudoScheme(chrome::kViewSourceScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]99
[email protected]419a0572011-04-18 22:21:46[diff] [blame]100 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme"));
101 p->RegisterPseudoScheme("registered-pseudo-scheme");
102 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]103
104 EXPECT_FALSE(p->IsPseudoScheme(chrome::kChromeUIScheme));
[email protected]419a0572011-04-18 22:21:46[diff] [blame]105}
106
107TEST_F(ChildProcessSecurityPolicyTest, IsDisabledSchemeTest) {
108 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
109
110 EXPECT_FALSE(p->IsDisabledScheme("evil-scheme"));
111 std::set<std::string> disabled_set;
112 disabled_set.insert("evil-scheme");
113 p->RegisterDisabledSchemes(disabled_set);
114 EXPECT_TRUE(p->IsDisabledScheme("evil-scheme"));
115 EXPECT_FALSE(p->IsDisabledScheme("good-scheme"));
116
117 disabled_set.clear();
118 p->RegisterDisabledSchemes(disabled_set);
119 EXPECT_FALSE(p->IsDisabledScheme("evil-scheme"));
120 EXPECT_FALSE(p->IsDisabledScheme("good-scheme"));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]121}
122
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]123TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
124 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]125
126 p->Add(kRendererID);
127
128 // Safe
129 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/")));
130 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/")));
131 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
132 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
133 EXPECT_TRUE(p->CanRequestURL(kRendererID,
134 GURL("view-source:http://www.google.com/")));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]135 EXPECT_TRUE(p->CanRequestURL(
136 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]137
138 // Dangerous
139 EXPECT_FALSE(p->CanRequestURL(kRendererID,
140 GURL("file:///etc/passwd")));
141 EXPECT_FALSE(p->CanRequestURL(kRendererID,
[email protected]60e448982009-05-06 04:21:16[diff] [blame]142 GURL("chrome://foo/bar")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]143
144 p->Remove(kRendererID);
145}
146
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]147TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
148 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]149
150 p->Add(kRendererID);
151
152 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank")));
153 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK")));
154 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK")));
155 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank")));
156
[email protected]ed3456f2009-02-26 20:24:48[diff] [blame]157 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory")));
158 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
159 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
160 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]161
162 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory")));
163 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
164 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe")));
165
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]166 // These requests for about: pages should be denied.
[email protected]b3adbd02011-11-30 22:23:27[diff] [blame]167 p->GrantRequestURL(kRendererID, GURL(chrome::kTestGpuCleanURL));
168 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kTestGpuCleanURL)));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]169
[email protected]e0d481582009-09-15 21:06:25[diff] [blame]170 p->GrantRequestURL(kRendererID, GURL(chrome::kAboutCrashURL));
171 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kAboutCrashURL)));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]172
[email protected]a30f7d32011-05-24 19:38:31[diff] [blame]173 p->GrantRequestURL(kRendererID, GURL(chrome::kTestCacheURL));
174 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kTestCacheURL)));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]175
[email protected]a30f7d32011-05-24 19:38:31[diff] [blame]176 p->GrantRequestURL(kRendererID, GURL(chrome::kTestHangURL));
177 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL(chrome::kTestHangURL)));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]178
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]179 // These requests for chrome:// pages should be granted.
180 p->GrantRequestURL(kRendererID, GURL(chrome::kTestNewTabURL));
181 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL(chrome::kTestNewTabURL)));
182
183 p->GrantRequestURL(kRendererID, GURL(chrome::kTestHistoryURL));
184 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL(chrome::kTestHistoryURL)));
185
186 p->GrantRequestURL(kRendererID, GURL(chrome::kTestBookmarksURL));
187 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL(chrome::kTestBookmarksURL)));
188
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]189 p->Remove(kRendererID);
190}
191
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]192TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
193 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]194
195 p->Add(kRendererID);
196
197 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
198 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
199 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
200
201 p->Remove(kRendererID);
202}
203
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]204TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
205 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]206
207 p->Add(kRendererID);
208
209 // Currently, "asdf" is destined for ShellExecute, so it is allowed.
210 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
211
[email protected]46fb9442011-12-09 17:57:47[diff] [blame^]212 // Once we register "asdf", we default to deny.
213 RegisterTestScheme("asdf");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]214 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
215
216 // We can allow new schemes by adding them to the whitelist.
217 p->RegisterWebSafeScheme("asdf");
218 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
219
220 // Cleanup.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]221 p->Remove(kRendererID);
222}
223
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]224TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
225 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]226
227 p->Add(kRendererID);
228
229 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
230 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
231 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
232
[email protected]419a0572011-04-18 22:21:46[diff] [blame]233 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path")));
234 std::set<std::string> disabled_set;
235 disabled_set.insert("evil-scheme");
236 p->RegisterDisabledSchemes(disabled_set);
237 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com")));
238 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path")));
239 disabled_set.clear();
240 p->RegisterDisabledSchemes(disabled_set);
241 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com")));
242 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path")));
243
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]244 // We should forget our state if we repeat a renderer id.
245 p->Remove(kRendererID);
246 p->Add(kRendererID);
247 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
248 p->Remove(kRendererID);
249}
250
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]251TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
252 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]253
254 p->Add(kRendererID);
255
256 // View source is determined by the embedded scheme.
257 EXPECT_TRUE(p->CanRequestURL(kRendererID,
258 GURL("view-source:http://www.google.com/")));
259 EXPECT_FALSE(p->CanRequestURL(kRendererID,
260 GURL("view-source:file:///etc/passwd")));
261 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
[email protected]690d0a9172010-01-06 00:19:36[diff] [blame]262 EXPECT_FALSE(p->CanRequestURL(
263 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]264
265 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
266 // View source needs to be able to request the embedded scheme.
267 EXPECT_TRUE(p->CanRequestURL(kRendererID,
268 GURL("view-source:file:///etc/passwd")));
269 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
270
271 p->Remove(kRendererID);
272}
273
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]274TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) {
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]275 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]276
277 p->Add(kRendererID);
278
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]279 EXPECT_FALSE(p->CanReadFile(kRendererID,
[email protected]561abe62009-04-06 18:08:34[diff] [blame]280 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]281 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/passwd")));
282 EXPECT_TRUE(p->CanReadFile(kRendererID,
[email protected]561abe62009-04-06 18:08:34[diff] [blame]283 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]284 EXPECT_FALSE(p->CanReadFile(kRendererID,
[email protected]561abe62009-04-06 18:08:34[diff] [blame]285 FilePath(FILE_PATH_LITERAL("/etc/shadow"))));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]286
287 p->Remove(kRendererID);
288 p->Add(kRendererID);
289
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]290 EXPECT_FALSE(p->CanReadFile(kRendererID,
[email protected]561abe62009-04-06 18:08:34[diff] [blame]291 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]292 EXPECT_FALSE(p->CanReadFile(kRendererID,
[email protected]561abe62009-04-06 18:08:34[diff] [blame]293 FilePath(FILE_PATH_LITERAL("/etc/shadow"))));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]294
295 p->Remove(kRendererID);
296}
297
[email protected]600ea402011-04-12 00:01:51[diff] [blame]298TEST_F(ChildProcessSecurityPolicyTest, CanReadDirectories) {
299 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
300
301 p->Add(kRendererID);
302
303 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
304 FilePath(FILE_PATH_LITERAL("/etc/"))));
305 p->GrantReadDirectory(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")));
306 EXPECT_TRUE(p->CanReadDirectory(kRendererID,
307 FilePath(FILE_PATH_LITERAL("/etc/"))));
308 EXPECT_TRUE(p->CanReadFile(kRendererID,
309 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
310
311 p->Remove(kRendererID);
312 p->Add(kRendererID);
313
314 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
315 FilePath(FILE_PATH_LITERAL("/etc/"))));
316 EXPECT_FALSE(p->CanReadFile(kRendererID,
317 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
318
319 // Just granting read permission as a file doesn't imply reading as a
320 // directory.
321 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")));
322 EXPECT_TRUE(p->CanReadFile(kRendererID,
323 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
324 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
325 FilePath(FILE_PATH_LITERAL("/etc/"))));
326
327 p->Remove(kRendererID);
328}
329
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]330TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
331 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
332
333 // Grant permissions for a file.
334 p->Add(kRendererID);
335 FilePath file = FilePath(FILE_PATH_LITERAL("/etc/passwd"));
336 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
337 base::PLATFORM_FILE_OPEN));
338
339 p->GrantPermissionsForFile(kRendererID, file,
340 base::PLATFORM_FILE_OPEN |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]341 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]342 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]343 base::PLATFORM_FILE_WRITE);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]344 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file,
345 base::PLATFORM_FILE_OPEN |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]346 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]347 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]348 base::PLATFORM_FILE_WRITE));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]349 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file,
350 base::PLATFORM_FILE_OPEN |
351 base::PLATFORM_FILE_READ));
352 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
353 base::PLATFORM_FILE_CREATE));
354 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
355 base::PLATFORM_FILE_CREATE |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]356 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]357 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]358 base::PLATFORM_FILE_WRITE));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]359 p->Remove(kRendererID);
360
361 // Grant permissions for the directory the file is in.
362 p->Add(kRendererID);
363 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
364 base::PLATFORM_FILE_OPEN));
365 p->GrantPermissionsForFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc")),
366 base::PLATFORM_FILE_OPEN |
367 base::PLATFORM_FILE_READ);
368 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file,
369 base::PLATFORM_FILE_OPEN));
370 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
371 base::PLATFORM_FILE_READ |
372 base::PLATFORM_FILE_WRITE));
373 p->Remove(kRendererID);
374
375 // Grant permissions for the directory the file is in (with trailing '/').
376 p->Add(kRendererID);
377 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
378 base::PLATFORM_FILE_OPEN));
379 p->GrantPermissionsForFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")),
380 base::PLATFORM_FILE_OPEN |
381 base::PLATFORM_FILE_READ);
382 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file,
383 base::PLATFORM_FILE_OPEN));
384 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
385 base::PLATFORM_FILE_READ |
386 base::PLATFORM_FILE_WRITE));
387
388 // Grant permissions for the file (should overwrite the permissions granted
389 // for the directory).
390 p->GrantPermissionsForFile(kRendererID, file, base::PLATFORM_FILE_TEMPORARY);
391 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
392 base::PLATFORM_FILE_OPEN));
393 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file,
394 base::PLATFORM_FILE_TEMPORARY));
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]395
396 // Revoke all permissions for the file (it should inherit its permissions
397 // from the directory again).
398 p->RevokeAllPermissionsForFile(kRendererID, file);
399 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file,
400 base::PLATFORM_FILE_OPEN |
401 base::PLATFORM_FILE_READ));
402 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
403 base::PLATFORM_FILE_TEMPORARY));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]404 p->Remove(kRendererID);
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]405
406 // Grant file permissions for the file to main thread renderer process,
407 // make sure its worker thread renderer process inherits those.
408 p->Add(kRendererID);
409 p->GrantPermissionsForFile(kRendererID, file, base::PLATFORM_FILE_OPEN |
410 base::PLATFORM_FILE_READ);
411 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file,
412 base::PLATFORM_FILE_OPEN |
413 base::PLATFORM_FILE_READ));
414 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
415 base::PLATFORM_FILE_WRITE));
416 p->AddWorker(kWorkerRendererID, kRendererID);
417 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, file,
418 base::PLATFORM_FILE_OPEN |
419 base::PLATFORM_FILE_READ));
420 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file,
421 base::PLATFORM_FILE_WRITE));
422 p->Remove(kRendererID);
423 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, file,
424 base::PLATFORM_FILE_OPEN |
425 base::PLATFORM_FILE_READ));
426 p->Remove(kWorkerRendererID);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]427}
428
[email protected]c50008512011-02-03 01:17:27[diff] [blame]429TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) {
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]430 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]431
[email protected]60e448982009-05-06 04:21:16[diff] [blame]432 GURL url("chrome://thumb/http://www.google.com/");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]433
434 p->Add(kRendererID);
435
[email protected]c50008512011-02-03 01:17:27[diff] [blame]436 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]437 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]438 p->GrantWebUIBindings(kRendererID);
439 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]440 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
441
442 p->Remove(kRendererID);
443}
444
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]445TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) {
446 ChildProcessSecurityPolicy* p = ChildProcessSecurityPolicy::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]447
448 GURL url("file:///etc/passwd");
[email protected]561abe62009-04-06 18:08:34[diff] [blame]449 FilePath file(FILE_PATH_LITERAL("/etc/passwd"));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]450
451 p->Add(kRendererID);
452
453 p->GrantRequestURL(kRendererID, url);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]454 p->GrantReadFile(kRendererID, file);
[email protected]c50008512011-02-03 01:17:27[diff] [blame]455 p->GrantWebUIBindings(kRendererID);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]456
457 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]458 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]459 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]460
461 p->Remove(kRendererID);
462
463 // Renderers are added and removed on the UI thread, but the policy can be
[email protected]580522632009-08-17 21:55:55[diff] [blame]464 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be
465 // prepared to answer policy questions about renderers who no longer exist.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]466
467 // In this case, we default to secure behavior.
468 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]469 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]470 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]471}