Google Git
Sign in
chromium / chromium / src.git / 57999817d30c384de8974a2c64c0356e71fde63c / . / content / browser / child_process_security_policy_unittest.cc
blob: a2eed3415539b78ffda2a7b4793e1509d21d106a [file] [log] [blame]
[email protected]b9535422012-02-09 01:47:59[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
license.botbf09a502008-08-24 00:55:55[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]4
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]5#include <set>
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]6#include <string>
7
8#include "base/basictypes.h"
[email protected]57999812013-02-24 05:40:52[diff] [blame^]9#include "base/files/file_path.h"
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]10#include "base/platform_file.h"
[email protected]b9535422012-02-09 01:47:59[diff] [blame]11#include "content/browser/child_process_security_policy_impl.h"
[email protected]a1d29162011-10-14 17:14:03[diff] [blame]12#include "content/public/common/url_constants.h"
[email protected]c6681f32012-06-05 14:43:01[diff] [blame]13#include "content/test/test_content_browser_client.h"
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]14#include "googleurl/src/gurl.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]15#include "testing/gtest/include/gtest/gtest.h"
16
[email protected]46488322012-10-30 03:22:20[diff] [blame]17namespace content {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]18namespace {
19
20const int kRendererID = 42;
21const int kWorkerRendererID = kRendererID + 1;
22
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]23#if defined(FILE_PATH_USES_DRIVE_LETTERS)
24#define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x)
25#else
26#define TEST_PATH(x) FILE_PATH_LITERAL(x)
27#endif
28
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]29class ChildProcessSecurityPolicyTestBrowserClient
[email protected]46488322012-10-30 03:22:20[diff] [blame]30 : public TestContentBrowserClient {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]31 public:
32 ChildProcessSecurityPolicyTestBrowserClient() {}
33
[email protected]c3e35892013-02-12 02:08:01[diff] [blame]34 virtual bool IsHandledURL(const GURL& url) OVERRIDE {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]35 return schemes_.find(url.scheme()) != schemes_.end();
[email protected]e3539402011-07-19 09:31:08[diff] [blame]36 }
37
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]38 void ClearSchemes() {
39 schemes_.clear();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]40 }
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]41
42 void AddScheme(const std::string& scheme) {
43 schemes_.insert(scheme);
44 }
45
46 private:
47 std::set<std::string> schemes_;
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]48};
49
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]50} // namespace
51
52class ChildProcessSecurityPolicyTest : public testing::Test {
53 public:
54 ChildProcessSecurityPolicyTest() : old_browser_client_(NULL) {
55 }
56
57 virtual void SetUp() {
[email protected]46488322012-10-30 03:22:20[diff] [blame]58 old_browser_client_ = GetContentClient()->browser();
59 GetContentClient()->set_browser_for_testing(&test_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]60
61 // Claim to always handle chrome:// URLs because the CPSP's notion of
62 // allowing WebUI bindings is hard-wired to this particular scheme.
63 test_browser_client_.AddScheme("chrome");
64 }
65
66 virtual void TearDown() {
67 test_browser_client_.ClearSchemes();
[email protected]46488322012-10-30 03:22:20[diff] [blame]68 GetContentClient()->set_browser_for_testing(old_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]69 }
70
71 protected:
72 void RegisterTestScheme(const std::string& scheme) {
73 test_browser_client_.AddScheme(scheme);
74 }
75
76 private:
77 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_;
[email protected]46488322012-10-30 03:22:20[diff] [blame]78 ContentBrowserClient* old_browser_client_;
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]79};
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]80
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]81TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]82 ChildProcessSecurityPolicyImpl* p =
83 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]84
[email protected]e0d481582009-09-15 21:06:25[diff] [blame]85 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpScheme));
86 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpsScheme));
87 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFtpScheme));
88 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]89 EXPECT_TRUE(p->IsWebSafeScheme("feed"));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]90 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme));
91 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFileSystemScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]92
93 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme"));
94 p->RegisterWebSafeScheme("registered-web-safe-scheme");
95 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]96
97 EXPECT_FALSE(p->IsWebSafeScheme(chrome::kChromeUIScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]98}
99
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]100TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]101 ChildProcessSecurityPolicyImpl* p =
102 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]103
[email protected]e0d481582009-09-15 21:06:25[diff] [blame]104 EXPECT_TRUE(p->IsPseudoScheme(chrome::kAboutScheme));
105 EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme));
106 EXPECT_TRUE(p->IsPseudoScheme(chrome::kViewSourceScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]107
[email protected]419a0572011-04-18 22:21:46[diff] [blame]108 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme"));
109 p->RegisterPseudoScheme("registered-pseudo-scheme");
110 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]111
112 EXPECT_FALSE(p->IsPseudoScheme(chrome::kChromeUIScheme));
[email protected]419a0572011-04-18 22:21:46[diff] [blame]113}
114
115TEST_F(ChildProcessSecurityPolicyTest, IsDisabledSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]116 ChildProcessSecurityPolicyImpl* p =
117 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]419a0572011-04-18 22:21:46[diff] [blame]118
119 EXPECT_FALSE(p->IsDisabledScheme("evil-scheme"));
120 std::set<std::string> disabled_set;
121 disabled_set.insert("evil-scheme");
122 p->RegisterDisabledSchemes(disabled_set);
123 EXPECT_TRUE(p->IsDisabledScheme("evil-scheme"));
124 EXPECT_FALSE(p->IsDisabledScheme("good-scheme"));
125
126 disabled_set.clear();
127 p->RegisterDisabledSchemes(disabled_set);
128 EXPECT_FALSE(p->IsDisabledScheme("evil-scheme"));
129 EXPECT_FALSE(p->IsDisabledScheme("good-scheme"));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]130}
131
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]132TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]133 ChildProcessSecurityPolicyImpl* p =
134 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]135
136 p->Add(kRendererID);
137
138 // Safe
139 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/")));
140 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/")));
141 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
142 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
143 EXPECT_TRUE(p->CanRequestURL(kRendererID,
144 GURL("view-source:http://www.google.com/")));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]145 EXPECT_TRUE(p->CanRequestURL(
146 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]147
148 // Dangerous
149 EXPECT_FALSE(p->CanRequestURL(kRendererID,
150 GURL("file:///etc/passwd")));
151 EXPECT_FALSE(p->CanRequestURL(kRendererID,
[email protected]60e448982009-05-06 04:21:16[diff] [blame]152 GURL("chrome://foo/bar")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]153
154 p->Remove(kRendererID);
155}
156
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]157TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]158 ChildProcessSecurityPolicyImpl* p =
159 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]160
161 p->Add(kRendererID);
162
163 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank")));
164 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK")));
165 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK")));
166 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank")));
167
[email protected]ed3456f2009-02-26 20:24:48[diff] [blame]168 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory")));
169 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
170 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
171 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]172
173 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory")));
174 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
175 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe")));
176
[email protected]8bf1048012012-02-08 01:22:18[diff] [blame]177 // Requests for about: pages should be denied.
178 p->GrantRequestURL(kRendererID, GURL("about:crash"));
179 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]180
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]181 // These requests for chrome:// pages should be granted.
[email protected]e068c2d2012-10-23 16:45:18[diff] [blame]182 GURL chrome_url("chrome://foo");
183 p->GrantRequestURL(kRendererID, chrome_url);
184 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]185
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]186 p->Remove(kRendererID);
187}
188
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]189TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]190 ChildProcessSecurityPolicyImpl* p =
191 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]192
193 p->Add(kRendererID);
194
195 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
196 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
197 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
198
199 p->Remove(kRendererID);
200}
201
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]202TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]203 ChildProcessSecurityPolicyImpl* p =
204 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]205
206 p->Add(kRendererID);
207
208 // Currently, "asdf" is destined for ShellExecute, so it is allowed.
209 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
210
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]211 // Once we register "asdf", we default to deny.
212 RegisterTestScheme("asdf");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]213 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
214
215 // We can allow new schemes by adding them to the whitelist.
216 p->RegisterWebSafeScheme("asdf");
217 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
218
219 // Cleanup.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]220 p->Remove(kRendererID);
221}
222
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]223TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]224 ChildProcessSecurityPolicyImpl* p =
225 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]226
227 p->Add(kRendererID);
228
229 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
230 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
231 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
232
[email protected]419a0572011-04-18 22:21:46[diff] [blame]233 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path")));
234 std::set<std::string> disabled_set;
235 disabled_set.insert("evil-scheme");
236 p->RegisterDisabledSchemes(disabled_set);
237 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com")));
238 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path")));
239 disabled_set.clear();
240 p->RegisterDisabledSchemes(disabled_set);
241 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com")));
242 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path")));
243
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]244 // We should forget our state if we repeat a renderer id.
245 p->Remove(kRendererID);
246 p->Add(kRendererID);
247 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
248 p->Remove(kRendererID);
249}
250
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]251TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]252 ChildProcessSecurityPolicyImpl* p =
253 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]254
255 p->Add(kRendererID);
256
257 // View source is determined by the embedded scheme.
258 EXPECT_TRUE(p->CanRequestURL(kRendererID,
259 GURL("view-source:http://www.google.com/")));
260 EXPECT_FALSE(p->CanRequestURL(kRendererID,
261 GURL("view-source:file:///etc/passwd")));
262 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
[email protected]690d0a9172010-01-06 00:19:36[diff] [blame]263 EXPECT_FALSE(p->CanRequestURL(
264 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]265
266 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
267 // View source needs to be able to request the embedded scheme.
268 EXPECT_TRUE(p->CanRequestURL(kRendererID,
269 GURL("view-source:file:///etc/passwd")));
270 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
271
272 p->Remove(kRendererID);
273}
274
[email protected]dc67e1c32012-06-08 00:10:40[diff] [blame]275TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
276 ChildProcessSecurityPolicyImpl* p =
277 ChildProcessSecurityPolicyImpl::GetInstance();
278
279 p->Add(kRendererID);
280
281 GURL icon_url("file:///tmp/foo.png");
282 GURL sensitive_url("file:///etc/passwd");
283 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url));
284 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
285
286 p->GrantRequestSpecificFileURL(kRendererID, icon_url);
287 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
288 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
289
290 p->GrantRequestURL(kRendererID, icon_url);
291 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
292 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url));
293
294 p->Remove(kRendererID);
295}
296
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]297TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]298 ChildProcessSecurityPolicyImpl* p =
299 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]300
301 p->Add(kRendererID);
302
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]303 EXPECT_FALSE(p->CanReadFile(kRendererID,
304 base::FilePath(TEST_PATH("/etc/passwd"))));
305 p->GrantReadFile(kRendererID, base::FilePath(TEST_PATH("/etc/passwd")));
306 EXPECT_TRUE(p->CanReadFile(kRendererID,
307 base::FilePath(TEST_PATH("/etc/passwd"))));
308 EXPECT_FALSE(p->CanReadFile(kRendererID,
309 base::FilePath(TEST_PATH("/etc/shadow"))));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]310
311 p->Remove(kRendererID);
312 p->Add(kRendererID);
313
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]314 EXPECT_FALSE(p->CanReadFile(kRendererID,
315 base::FilePath(TEST_PATH("/etc/passwd"))));
316 EXPECT_FALSE(p->CanReadFile(kRendererID,
317 base::FilePath(TEST_PATH("/etc/shadow"))));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]318
319 p->Remove(kRendererID);
320}
321
[email protected]600ea402011-04-12 00:01:51[diff] [blame]322TEST_F(ChildProcessSecurityPolicyTest, CanReadDirectories) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]323 ChildProcessSecurityPolicyImpl* p =
324 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]600ea402011-04-12 00:01:51[diff] [blame]325
326 p->Add(kRendererID);
327
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]328 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
329 base::FilePath(TEST_PATH("/etc/"))));
330 p->GrantReadDirectory(kRendererID,
331 base::FilePath(TEST_PATH("/etc/")));
332 EXPECT_TRUE(p->CanReadDirectory(kRendererID,
333 base::FilePath(TEST_PATH("/etc/"))));
334 EXPECT_TRUE(p->CanReadFile(kRendererID,
335 base::FilePath(TEST_PATH("/etc/passwd"))));
[email protected]600ea402011-04-12 00:01:51[diff] [blame]336
337 p->Remove(kRendererID);
338 p->Add(kRendererID);
339
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]340 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
341 base::FilePath(TEST_PATH("/etc/"))));
342 EXPECT_FALSE(p->CanReadFile(kRendererID,
343 base::FilePath(TEST_PATH("/etc/passwd"))));
[email protected]600ea402011-04-12 00:01:51[diff] [blame]344
345 // Just granting read permission as a file doesn't imply reading as a
346 // directory.
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]347 p->GrantReadFile(kRendererID, base::FilePath(TEST_PATH("/etc/")));
348 EXPECT_TRUE(p->CanReadFile(kRendererID,
349 base::FilePath(TEST_PATH("/etc/passwd"))));
350 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
351 base::FilePath(TEST_PATH("/etc/"))));
[email protected]600ea402011-04-12 00:01:51[diff] [blame]352
353 p->Remove(kRendererID);
354}
355
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]356TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
[email protected]c42de732013-02-16 06:26:31[diff] [blame]357 base::FilePath granted_file = base::FilePath(TEST_PATH("/home/joe"));
358 base::FilePath sibling_file = base::FilePath(TEST_PATH("/home/bob"));
359 base::FilePath child_file = base::FilePath(TEST_PATH("/home/joe/file"));
360 base::FilePath parent_file = base::FilePath(TEST_PATH("/home"));
361 base::FilePath parent_slash_file = base::FilePath(TEST_PATH("/home/"));
362 base::FilePath child_traversal1 =
363 base::FilePath(TEST_PATH("/home/joe/././file"));
364 base::FilePath child_traversal2 = base::FilePath(
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]365 TEST_PATH("/home/joe/file/../otherfile"));
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]366 base::FilePath evil_traversal1 =
[email protected]023ad6ab2013-02-17 05:07:23[diff] [blame]367 base::FilePath(TEST_PATH("/home/joe/../../etc/passwd"));
[email protected]c42de732013-02-16 06:26:31[diff] [blame]368 base::FilePath evil_traversal2 = base::FilePath(
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]369 TEST_PATH("/home/joe/./.././../etc/passwd"));
[email protected]c42de732013-02-16 06:26:31[diff] [blame]370 base::FilePath self_traversal =
371 base::FilePath(TEST_PATH("/home/joe/../joe/file"));
372 base::FilePath relative_file = base::FilePath(FILE_PATH_LITERAL("home/joe"));
[email protected]80838412012-11-20 01:53:59[diff] [blame]373
[email protected]b9535422012-02-09 01:47:59[diff] [blame]374 ChildProcessSecurityPolicyImpl* p =
375 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]376
377 // Grant permissions for a file.
378 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]379 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]380 base::PLATFORM_FILE_OPEN));
381
[email protected]80838412012-11-20 01:53:59[diff] [blame]382 p->GrantPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]383 base::PLATFORM_FILE_OPEN |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]384 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]385 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]386 base::PLATFORM_FILE_WRITE);
[email protected]80838412012-11-20 01:53:59[diff] [blame]387 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]388 base::PLATFORM_FILE_OPEN |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]389 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]390 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]391 base::PLATFORM_FILE_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame]392 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]393 base::PLATFORM_FILE_OPEN |
394 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]395 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]396 base::PLATFORM_FILE_CREATE));
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]397 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, 0));
[email protected]80838412012-11-20 01:53:59[diff] [blame]398 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]399 base::PLATFORM_FILE_CREATE |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]400 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]401 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]402 base::PLATFORM_FILE_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame]403 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file,
404 base::PLATFORM_FILE_OPEN |
405 base::PLATFORM_FILE_READ));
406 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file,
407 base::PLATFORM_FILE_OPEN |
408 base::PLATFORM_FILE_READ));
409 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file,
410 base::PLATFORM_FILE_OPEN |
411 base::PLATFORM_FILE_READ));
412 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1,
413 base::PLATFORM_FILE_OPEN |
414 base::PLATFORM_FILE_READ));
415 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2,
416 base::PLATFORM_FILE_OPEN |
417 base::PLATFORM_FILE_READ));
418 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1,
419 base::PLATFORM_FILE_OPEN |
420 base::PLATFORM_FILE_READ));
421 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2,
422 base::PLATFORM_FILE_OPEN |
423 base::PLATFORM_FILE_READ));
424 // CPSP doesn't allow this case for the sake of simplicity.
425 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal,
426 base::PLATFORM_FILE_OPEN |
427 base::PLATFORM_FILE_READ));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]428 p->Remove(kRendererID);
429
430 // Grant permissions for the directory the file is in.
431 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]432 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]433 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]434 p->GrantPermissionsForFile(kRendererID, parent_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]435 base::PLATFORM_FILE_OPEN |
436 base::PLATFORM_FILE_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]437 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]438 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]439 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]440 base::PLATFORM_FILE_READ |
441 base::PLATFORM_FILE_WRITE));
442 p->Remove(kRendererID);
443
444 // Grant permissions for the directory the file is in (with trailing '/').
445 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]446 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]447 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]448 p->GrantPermissionsForFile(kRendererID, parent_slash_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]449 base::PLATFORM_FILE_OPEN |
450 base::PLATFORM_FILE_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]451 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]452 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]453 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]454 base::PLATFORM_FILE_READ |
455 base::PLATFORM_FILE_WRITE));
456
457 // Grant permissions for the file (should overwrite the permissions granted
458 // for the directory).
[email protected]80838412012-11-20 01:53:59[diff] [blame]459 p->GrantPermissionsForFile(kRendererID, granted_file,
460 base::PLATFORM_FILE_TEMPORARY);
461 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]462 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]463 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]464 base::PLATFORM_FILE_TEMPORARY));
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]465
466 // Revoke all permissions for the file (it should inherit its permissions
467 // from the directory again).
[email protected]80838412012-11-20 01:53:59[diff] [blame]468 p->RevokeAllPermissionsForFile(kRendererID, granted_file);
469 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]470 base::PLATFORM_FILE_OPEN |
471 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]472 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]473 base::PLATFORM_FILE_TEMPORARY));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]474 p->Remove(kRendererID);
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]475
476 // Grant file permissions for the file to main thread renderer process,
477 // make sure its worker thread renderer process inherits those.
478 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]479 p->GrantPermissionsForFile(kRendererID, granted_file,
480 base::PLATFORM_FILE_OPEN |
481 base::PLATFORM_FILE_READ);
482 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]483 base::PLATFORM_FILE_OPEN |
484 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]485 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]486 base::PLATFORM_FILE_WRITE));
487 p->AddWorker(kWorkerRendererID, kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]488 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]489 base::PLATFORM_FILE_OPEN |
490 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]491 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]492 base::PLATFORM_FILE_WRITE));
493 p->Remove(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]494 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]495 base::PLATFORM_FILE_OPEN |
496 base::PLATFORM_FILE_READ));
497 p->Remove(kWorkerRendererID);
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]498
499 p->Add(kRendererID);
500 p->GrantPermissionsForFile(kRendererID, relative_file,
501 base::PLATFORM_FILE_OPEN);
502 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, relative_file,
503 base::PLATFORM_FILE_OPEN));
504 p->Remove(kRendererID);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]505}
506
[email protected]c50008512011-02-03 01:17:27[diff] [blame]507TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]508 ChildProcessSecurityPolicyImpl* p =
509 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]510
[email protected]60e448982009-05-06 04:21:16[diff] [blame]511 GURL url("chrome://thumb/http://www.google.com/");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]512
513 p->Add(kRendererID);
514
[email protected]c50008512011-02-03 01:17:27[diff] [blame]515 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]516 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]517 p->GrantWebUIBindings(kRendererID);
518 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]519 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
520
521 p->Remove(kRendererID);
522}
523
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]524TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]525 ChildProcessSecurityPolicyImpl* p =
526 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]527
528 GURL url("file:///etc/passwd");
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]529 base::FilePath file(TEST_PATH("/etc/passwd"));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]530
531 p->Add(kRendererID);
532
533 p->GrantRequestURL(kRendererID, url);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]534 p->GrantReadFile(kRendererID, file);
[email protected]c50008512011-02-03 01:17:27[diff] [blame]535 p->GrantWebUIBindings(kRendererID);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]536
537 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]538 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]539 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]540
541 p->Remove(kRendererID);
542
543 // Renderers are added and removed on the UI thread, but the policy can be
[email protected]580522632009-08-17 21:55:55[diff] [blame]544 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be
545 // prepared to answer policy questions about renderers who no longer exist.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]546
547 // In this case, we default to secure behavior.
548 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]549 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]550 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]551}
[email protected]46488322012-10-30 03:22:20[diff] [blame]552
553} // namespace content