Google Git
Sign in
chromium / chromium / src.git / 5a65fde3eed81247f89429e963d7393fb8dc7341 / . / content / browser / child_process_security_policy_unittest.cc
blob: 670848fa48f96b9dea8189bce7ed876881563d57 [file] [log] [blame]
[email protected]b9535422012-02-09 01:47:59[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
license.botbf09a502008-08-24 00:55:55[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]4
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]5#include <set>
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]6#include <string>
7
8#include "base/basictypes.h"
[email protected]57999812013-02-24 05:40:52[diff] [blame]9#include "base/files/file_path.h"
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]10#include "base/platform_file.h"
[email protected]b9535422012-02-09 01:47:59[diff] [blame]11#include "content/browser/child_process_security_policy_impl.h"
[email protected]a1d29162011-10-14 17:14:03[diff] [blame]12#include "content/public/common/url_constants.h"
[email protected]c6681f32012-06-05 14:43:01[diff] [blame]13#include "content/test/test_content_browser_client.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]14#include "testing/gtest/include/gtest/gtest.h"
[email protected]707e1c42013-07-09 21:18:58[diff] [blame]15#include "url/gurl.h"
[email protected]9f104312013-07-23 23:18:19[diff] [blame]16#include "webkit/browser/fileapi/file_permission_policy.h"
17#include "webkit/browser/fileapi/file_system_url.h"
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]18#include "webkit/browser/fileapi/isolated_context.h"
[email protected]9f104312013-07-23 23:18:19[diff] [blame]19#include "webkit/common/fileapi/file_system_types.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]20
[email protected]46488322012-10-30 03:22:20[diff] [blame]21namespace content {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]22namespace {
23
24const int kRendererID = 42;
25const int kWorkerRendererID = kRendererID + 1;
26
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]27#if defined(FILE_PATH_USES_DRIVE_LETTERS)
28#define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x)
29#else
30#define TEST_PATH(x) FILE_PATH_LITERAL(x)
31#endif
32
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]33class ChildProcessSecurityPolicyTestBrowserClient
[email protected]46488322012-10-30 03:22:20[diff] [blame]34 : public TestContentBrowserClient {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]35 public:
36 ChildProcessSecurityPolicyTestBrowserClient() {}
37
[email protected]c3e35892013-02-12 02:08:01[diff] [blame]38 virtual bool IsHandledURL(const GURL& url) OVERRIDE {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]39 return schemes_.find(url.scheme()) != schemes_.end();
[email protected]e3539402011-07-19 09:31:08[diff] [blame]40 }
41
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]42 void ClearSchemes() {
43 schemes_.clear();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]44 }
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]45
46 void AddScheme(const std::string& scheme) {
47 schemes_.insert(scheme);
48 }
49
50 private:
51 std::set<std::string> schemes_;
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]52};
53
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]54} // namespace
55
56class ChildProcessSecurityPolicyTest : public testing::Test {
57 public:
58 ChildProcessSecurityPolicyTest() : old_browser_client_(NULL) {
59 }
60
61 virtual void SetUp() {
[email protected]eabbfb12013-04-05 23:28:35[diff] [blame]62 old_browser_client_ = SetBrowserClientForTesting(&test_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]63
64 // Claim to always handle chrome:// URLs because the CPSP's notion of
65 // allowing WebUI bindings is hard-wired to this particular scheme.
[email protected]e0f35c92013-05-08 16:04:34[diff] [blame]66 test_browser_client_.AddScheme(chrome::kChromeUIScheme);
67
68 // Claim to always handle file:// URLs like the browser would.
69 // net::URLRequest::IsHandledURL() no longer claims support for default
70 // protocols as this is the responsibility of the browser (which is
71 // responsible for adding the appropriate ProtocolHandler).
72 test_browser_client_.AddScheme(chrome::kFileScheme);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]73 }
74
75 virtual void TearDown() {
76 test_browser_client_.ClearSchemes();
[email protected]eabbfb12013-04-05 23:28:35[diff] [blame]77 SetBrowserClientForTesting(old_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]78 }
79
80 protected:
81 void RegisterTestScheme(const std::string& scheme) {
82 test_browser_client_.AddScheme(scheme);
83 }
84
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]85 void GrantPermissionsForFile(ChildProcessSecurityPolicyImpl* p,
86 int child_id,
87 const base::FilePath& file,
88 int permissions) {
89 p->GrantPermissionsForFile(child_id, file, permissions);
90 }
91
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]92 void CheckHasNoFileSystemPermission(ChildProcessSecurityPolicyImpl* p,
93 const std::string& child_id) {
94 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, child_id));
95 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, child_id));
96 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, child_id));
97 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, child_id));
98 }
99
100 void CheckHasNoFileSystemFilePermission(ChildProcessSecurityPolicyImpl* p,
101 const base::FilePath& file,
102 const fileapi::FileSystemURL& url) {
103 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
104 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, file));
105 EXPECT_FALSE(p->CanReadFileSystemFile(kRendererID, url));
106 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, url));
107 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, url));
108 EXPECT_FALSE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
109 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, url));
110 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, url));
111 }
112
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]113 private:
114 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_;
[email protected]46488322012-10-30 03:22:20[diff] [blame]115 ContentBrowserClient* old_browser_client_;
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]116};
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]117
[email protected]9f104312013-07-23 23:18:19[diff] [blame]118
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]119TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]120 ChildProcessSecurityPolicyImpl* p =
121 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]122
[email protected]e9a82042013-09-15 03:38:29[diff] [blame]123 EXPECT_TRUE(p->IsWebSafeScheme(kHttpScheme));
[email protected]4654bfe2013-08-26 03:36:58[diff] [blame]124 EXPECT_TRUE(p->IsWebSafeScheme(kHttpsScheme));
[email protected]e0d481582009-09-15 21:06:25[diff] [blame]125 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFtpScheme));
126 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]127 EXPECT_TRUE(p->IsWebSafeScheme("feed"));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]128 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme));
129 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFileSystemScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]130
131 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme"));
132 p->RegisterWebSafeScheme("registered-web-safe-scheme");
133 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]134
135 EXPECT_FALSE(p->IsWebSafeScheme(chrome::kChromeUIScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]136}
137
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]138TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]139 ChildProcessSecurityPolicyImpl* p =
140 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]141
[email protected]e0d481582009-09-15 21:06:25[diff] [blame]142 EXPECT_TRUE(p->IsPseudoScheme(chrome::kAboutScheme));
[email protected]44b05812013-08-19 07:59:35[diff] [blame]143 EXPECT_TRUE(p->IsPseudoScheme(kJavaScriptScheme));
[email protected]dbdda5402013-05-30 22:13:48[diff] [blame]144 EXPECT_TRUE(p->IsPseudoScheme(kViewSourceScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]145
[email protected]419a0572011-04-18 22:21:46[diff] [blame]146 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme"));
147 p->RegisterPseudoScheme("registered-pseudo-scheme");
148 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]149
150 EXPECT_FALSE(p->IsPseudoScheme(chrome::kChromeUIScheme));
[email protected]419a0572011-04-18 22:21:46[diff] [blame]151}
152
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]153TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]154 ChildProcessSecurityPolicyImpl* p =
155 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]156
157 p->Add(kRendererID);
158
159 // Safe
160 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/")));
161 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/")));
162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
163 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
164 EXPECT_TRUE(p->CanRequestURL(kRendererID,
165 GURL("view-source:http://www.google.com/")));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]166 EXPECT_TRUE(p->CanRequestURL(
167 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]168
169 // Dangerous
170 EXPECT_FALSE(p->CanRequestURL(kRendererID,
171 GURL("file:///etc/passwd")));
172 EXPECT_FALSE(p->CanRequestURL(kRendererID,
[email protected]60e448982009-05-06 04:21:16[diff] [blame]173 GURL("chrome://foo/bar")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]174
175 p->Remove(kRendererID);
176}
177
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]178TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]179 ChildProcessSecurityPolicyImpl* p =
180 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]181
182 p->Add(kRendererID);
183
184 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank")));
185 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK")));
186 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK")));
187 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank")));
188
[email protected]ed3456f2009-02-26 20:24:48[diff] [blame]189 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory")));
190 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
191 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
192 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]193
194 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory")));
195 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
196 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe")));
197
[email protected]8bf1048012012-02-08 01:22:18[diff] [blame]198 // Requests for about: pages should be denied.
199 p->GrantRequestURL(kRendererID, GURL("about:crash"));
200 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]201
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]202 // These requests for chrome:// pages should be granted.
[email protected]e068c2d2012-10-23 16:45:18[diff] [blame]203 GURL chrome_url("chrome://foo");
204 p->GrantRequestURL(kRendererID, chrome_url);
205 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]206
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]207 p->Remove(kRendererID);
208}
209
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]210TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]211 ChildProcessSecurityPolicyImpl* p =
212 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]213
214 p->Add(kRendererID);
215
216 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
217 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
218 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
219
220 p->Remove(kRendererID);
221}
222
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]223TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]224 ChildProcessSecurityPolicyImpl* p =
225 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]226
227 p->Add(kRendererID);
228
229 // Currently, "asdf" is destined for ShellExecute, so it is allowed.
230 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
231
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]232 // Once we register "asdf", we default to deny.
233 RegisterTestScheme("asdf");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]234 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
235
236 // We can allow new schemes by adding them to the whitelist.
237 p->RegisterWebSafeScheme("asdf");
238 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
239
240 // Cleanup.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]241 p->Remove(kRendererID);
242}
243
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]244TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]245 ChildProcessSecurityPolicyImpl* p =
246 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]247
248 p->Add(kRendererID);
249
250 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
251 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
252 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
253
254 // We should forget our state if we repeat a renderer id.
255 p->Remove(kRendererID);
256 p->Add(kRendererID);
257 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
258 p->Remove(kRendererID);
259}
260
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]261TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]262 ChildProcessSecurityPolicyImpl* p =
263 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]264
265 p->Add(kRendererID);
266
267 // View source is determined by the embedded scheme.
268 EXPECT_TRUE(p->CanRequestURL(kRendererID,
269 GURL("view-source:http://www.google.com/")));
270 EXPECT_FALSE(p->CanRequestURL(kRendererID,
271 GURL("view-source:file:///etc/passwd")));
272 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
[email protected]690d0a9172010-01-06 00:19:36[diff] [blame]273 EXPECT_FALSE(p->CanRequestURL(
274 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]275
276 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
277 // View source needs to be able to request the embedded scheme.
278 EXPECT_TRUE(p->CanRequestURL(kRendererID,
279 GURL("view-source:file:///etc/passwd")));
280 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
281
282 p->Remove(kRendererID);
283}
284
[email protected]dc67e1c32012-06-08 00:10:40[diff] [blame]285TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
286 ChildProcessSecurityPolicyImpl* p =
287 ChildProcessSecurityPolicyImpl::GetInstance();
288
289 p->Add(kRendererID);
290
291 GURL icon_url("file:///tmp/foo.png");
292 GURL sensitive_url("file:///etc/passwd");
293 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url));
294 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
295
296 p->GrantRequestSpecificFileURL(kRendererID, icon_url);
297 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
298 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
299
300 p->GrantRequestURL(kRendererID, icon_url);
301 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
302 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url));
303
304 p->Remove(kRendererID);
305}
306
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]307TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) {
308 ChildProcessSecurityPolicyImpl* p =
309 ChildProcessSecurityPolicyImpl::GetInstance();
310
311 p->Add(kRendererID);
312 std::string read_id = fileapi::IsolatedContext::GetInstance()->
313 RegisterFileSystemForVirtualPath(fileapi::kFileSystemTypeTest,
314 "read_filesystem",
315 base::FilePath());
316 std::string read_write_id = fileapi::IsolatedContext::GetInstance()->
317 RegisterFileSystemForVirtualPath(fileapi::kFileSystemTypeTest,
318 "read_write_filesystem",
319 base::FilePath());
320 std::string copy_into_id = fileapi::IsolatedContext::GetInstance()->
321 RegisterFileSystemForVirtualPath(fileapi::kFileSystemTypeTest,
322 "copy_into_filesystem",
323 base::FilePath());
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]324 std::string delete_from_id = fileapi::IsolatedContext::GetInstance()->
325 RegisterFileSystemForVirtualPath(fileapi::kFileSystemTypeTest,
326 "delete_from_filesystem",
327 base::FilePath());
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]328
329 // Test initially having no permissions.
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]330 CheckHasNoFileSystemPermission(p, read_id);
331 CheckHasNoFileSystemPermission(p, read_write_id);
332 CheckHasNoFileSystemPermission(p, copy_into_id);
333 CheckHasNoFileSystemPermission(p, delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]334
335 // Testing varying combinations of grants and checks.
336 p->GrantReadFileSystem(kRendererID, read_id);
337 EXPECT_TRUE(p->CanReadFileSystem(kRendererID, read_id));
338 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, read_id));
339 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, read_id));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]340 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, read_id));
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]341
342 p->GrantReadFileSystem(kRendererID, read_write_id);
343 p->GrantWriteFileSystem(kRendererID, read_write_id);
344 EXPECT_TRUE(p->CanReadFileSystem(kRendererID, read_write_id));
345 EXPECT_TRUE(p->CanReadWriteFileSystem(kRendererID, read_write_id));
346 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, read_write_id));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]347 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, read_write_id));
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]348
349 p->GrantCopyIntoFileSystem(kRendererID, copy_into_id);
350 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, copy_into_id));
351 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, copy_into_id));
352 EXPECT_TRUE(p->CanCopyIntoFileSystem(kRendererID, copy_into_id));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]353 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, copy_into_id));
354
355 p->GrantDeleteFromFileSystem(kRendererID, delete_from_id);
356 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, delete_from_id));
357 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, delete_from_id));
358 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, delete_from_id));
359 EXPECT_TRUE(p->CanDeleteFromFileSystem(kRendererID, delete_from_id));
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]360
361 // Test revoke permissions on renderer ID removal.
362 p->Remove(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]363 CheckHasNoFileSystemPermission(p, read_id);
364 CheckHasNoFileSystemPermission(p, read_write_id);
365 CheckHasNoFileSystemPermission(p, copy_into_id);
366 CheckHasNoFileSystemPermission(p, delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]367
368 // Test having no permissions upon re-adding same renderer ID.
369 p->Add(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]370 CheckHasNoFileSystemPermission(p, read_id);
371 CheckHasNoFileSystemPermission(p, read_write_id);
372 CheckHasNoFileSystemPermission(p, copy_into_id);
373 CheckHasNoFileSystemPermission(p, delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]374
375 // Cleanup.
376 p->Remove(kRendererID);
377 fileapi::IsolatedContext::GetInstance()->RevokeFileSystem(read_id);
378 fileapi::IsolatedContext::GetInstance()->RevokeFileSystem(read_write_id);
379 fileapi::IsolatedContext::GetInstance()->RevokeFileSystem(copy_into_id);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]380 fileapi::IsolatedContext::GetInstance()->RevokeFileSystem(delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]381}
382
[email protected]9f104312013-07-23 23:18:19[diff] [blame]383TEST_F(ChildProcessSecurityPolicyTest, FilePermissionGrantingAndRevoking) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]384 ChildProcessSecurityPolicyImpl* p =
385 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]386
[email protected]9f104312013-07-23 23:18:19[diff] [blame]387 p->RegisterFileSystemPermissionPolicy(
388 fileapi::kFileSystemTypeTest,
389 fileapi::FILE_PERMISSION_USE_FILE_PERMISSION);
390
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]391 p->Add(kRendererID);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]392 base::FilePath file(TEST_PATH("/dir/testfile"));
393 file = file.NormalizePathSeparators();
394 fileapi::FileSystemURL url = fileapi::FileSystemURL::CreateForTest(
395 GURL("http://foo/"), fileapi::kFileSystemTypeTest, file);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]396
[email protected]9f104312013-07-23 23:18:19[diff] [blame]397 // Test initially having no permissions.
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]398 CheckHasNoFileSystemFilePermission(p, file, url);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]399
[email protected]9f104312013-07-23 23:18:19[diff] [blame]400 // Testing every combination of permissions granting and revoking.
401 p->GrantReadFile(kRendererID, file);
402 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]403 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, file));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]404 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, url));
405 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, url));
406 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, url));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]407 EXPECT_FALSE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]408 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, url));
409 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, url));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]410 p->RevokeAllPermissionsForFile(kRendererID, file);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]411 CheckHasNoFileSystemFilePermission(p, file, url);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]412
413 p->GrantCreateReadWriteFile(kRendererID, file);
414 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]415 EXPECT_TRUE(p->CanCreateReadWriteFile(kRendererID, file));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]416 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, url));
417 EXPECT_TRUE(p->CanWriteFileSystemFile(kRendererID, url));
418 EXPECT_TRUE(p->CanCreateFileSystemFile(kRendererID, url));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]419 EXPECT_TRUE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]420 EXPECT_TRUE(p->CanCopyIntoFileSystemFile(kRendererID, url));
421 EXPECT_TRUE(p->CanDeleteFileSystemFile(kRendererID, url));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]422 p->RevokeAllPermissionsForFile(kRendererID, file);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]423 CheckHasNoFileSystemFilePermission(p, file, url);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]424
425 // Test revoke permissions on renderer ID removal.
426 p->GrantCreateReadWriteFile(kRendererID, file);
427 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]428 EXPECT_TRUE(p->CanCreateReadWriteFile(kRendererID, file));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]429 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, url));
430 EXPECT_TRUE(p->CanWriteFileSystemFile(kRendererID, url));
431 EXPECT_TRUE(p->CanCreateFileSystemFile(kRendererID, url));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]432 EXPECT_TRUE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]433 EXPECT_TRUE(p->CanCopyIntoFileSystemFile(kRendererID, url));
434 EXPECT_TRUE(p->CanDeleteFileSystemFile(kRendererID, url));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]435 p->Remove(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]436 CheckHasNoFileSystemFilePermission(p, file, url);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]437
438 // Test having no permissions upon re-adding same renderer ID.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]439 p->Add(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame^]440 CheckHasNoFileSystemFilePermission(p, file, url);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]441
[email protected]9f104312013-07-23 23:18:19[diff] [blame]442 // Cleanup.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]443 p->Remove(kRendererID);
444}
445
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]446TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
[email protected]c42de732013-02-16 06:26:31[diff] [blame]447 base::FilePath granted_file = base::FilePath(TEST_PATH("/home/joe"));
448 base::FilePath sibling_file = base::FilePath(TEST_PATH("/home/bob"));
449 base::FilePath child_file = base::FilePath(TEST_PATH("/home/joe/file"));
450 base::FilePath parent_file = base::FilePath(TEST_PATH("/home"));
451 base::FilePath parent_slash_file = base::FilePath(TEST_PATH("/home/"));
452 base::FilePath child_traversal1 =
453 base::FilePath(TEST_PATH("/home/joe/././file"));
454 base::FilePath child_traversal2 = base::FilePath(
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]455 TEST_PATH("/home/joe/file/../otherfile"));
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]456 base::FilePath evil_traversal1 =
[email protected]023ad6ab2013-02-17 05:07:23[diff] [blame]457 base::FilePath(TEST_PATH("/home/joe/../../etc/passwd"));
[email protected]c42de732013-02-16 06:26:31[diff] [blame]458 base::FilePath evil_traversal2 = base::FilePath(
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]459 TEST_PATH("/home/joe/./.././../etc/passwd"));
[email protected]c42de732013-02-16 06:26:31[diff] [blame]460 base::FilePath self_traversal =
461 base::FilePath(TEST_PATH("/home/joe/../joe/file"));
462 base::FilePath relative_file = base::FilePath(FILE_PATH_LITERAL("home/joe"));
[email protected]80838412012-11-20 01:53:59[diff] [blame]463
[email protected]b9535422012-02-09 01:47:59[diff] [blame]464 ChildProcessSecurityPolicyImpl* p =
465 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]466
467 // Grant permissions for a file.
468 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]469 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]470 base::PLATFORM_FILE_OPEN));
471
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]472 GrantPermissionsForFile(p, kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]473 base::PLATFORM_FILE_OPEN |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]474 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]475 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]476 base::PLATFORM_FILE_WRITE);
[email protected]80838412012-11-20 01:53:59[diff] [blame]477 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]478 base::PLATFORM_FILE_OPEN |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]479 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]480 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]481 base::PLATFORM_FILE_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame]482 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]483 base::PLATFORM_FILE_OPEN |
484 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]485 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]486 base::PLATFORM_FILE_CREATE));
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]487 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, 0));
[email protected]80838412012-11-20 01:53:59[diff] [blame]488 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]489 base::PLATFORM_FILE_CREATE |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]490 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]491 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]492 base::PLATFORM_FILE_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame]493 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file,
494 base::PLATFORM_FILE_OPEN |
495 base::PLATFORM_FILE_READ));
496 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file,
497 base::PLATFORM_FILE_OPEN |
498 base::PLATFORM_FILE_READ));
499 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file,
500 base::PLATFORM_FILE_OPEN |
501 base::PLATFORM_FILE_READ));
502 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1,
503 base::PLATFORM_FILE_OPEN |
504 base::PLATFORM_FILE_READ));
505 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2,
506 base::PLATFORM_FILE_OPEN |
507 base::PLATFORM_FILE_READ));
508 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1,
509 base::PLATFORM_FILE_OPEN |
510 base::PLATFORM_FILE_READ));
511 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2,
512 base::PLATFORM_FILE_OPEN |
513 base::PLATFORM_FILE_READ));
514 // CPSP doesn't allow this case for the sake of simplicity.
515 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal,
516 base::PLATFORM_FILE_OPEN |
517 base::PLATFORM_FILE_READ));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]518 p->Remove(kRendererID);
519
520 // Grant permissions for the directory the file is in.
521 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]522 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]523 base::PLATFORM_FILE_OPEN));
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]524 GrantPermissionsForFile(p, kRendererID, parent_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]525 base::PLATFORM_FILE_OPEN |
526 base::PLATFORM_FILE_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]527 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]528 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]529 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]530 base::PLATFORM_FILE_READ |
531 base::PLATFORM_FILE_WRITE));
532 p->Remove(kRendererID);
533
534 // Grant permissions for the directory the file is in (with trailing '/').
535 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]536 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]537 base::PLATFORM_FILE_OPEN));
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]538 GrantPermissionsForFile(p, kRendererID, parent_slash_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]539 base::PLATFORM_FILE_OPEN |
540 base::PLATFORM_FILE_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]541 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]542 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]543 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]544 base::PLATFORM_FILE_READ |
545 base::PLATFORM_FILE_WRITE));
546
547 // Grant permissions for the file (should overwrite the permissions granted
548 // for the directory).
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]549 GrantPermissionsForFile(p, kRendererID, granted_file,
[email protected]80838412012-11-20 01:53:59[diff] [blame]550 base::PLATFORM_FILE_TEMPORARY);
551 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]552 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]553 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]554 base::PLATFORM_FILE_TEMPORARY));
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]555
556 // Revoke all permissions for the file (it should inherit its permissions
557 // from the directory again).
[email protected]80838412012-11-20 01:53:59[diff] [blame]558 p->RevokeAllPermissionsForFile(kRendererID, granted_file);
559 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]560 base::PLATFORM_FILE_OPEN |
561 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]562 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]563 base::PLATFORM_FILE_TEMPORARY));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]564 p->Remove(kRendererID);
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]565
566 // Grant file permissions for the file to main thread renderer process,
567 // make sure its worker thread renderer process inherits those.
568 p->Add(kRendererID);
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]569 GrantPermissionsForFile(p, kRendererID, granted_file,
[email protected]80838412012-11-20 01:53:59[diff] [blame]570 base::PLATFORM_FILE_OPEN |
571 base::PLATFORM_FILE_READ);
572 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]573 base::PLATFORM_FILE_OPEN |
574 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]575 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]576 base::PLATFORM_FILE_WRITE));
577 p->AddWorker(kWorkerRendererID, kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]578 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]579 base::PLATFORM_FILE_OPEN |
580 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]581 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]582 base::PLATFORM_FILE_WRITE));
583 p->Remove(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]584 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]585 base::PLATFORM_FILE_OPEN |
586 base::PLATFORM_FILE_READ));
587 p->Remove(kWorkerRendererID);
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]588
589 p->Add(kRendererID);
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]590 GrantPermissionsForFile(p, kRendererID, relative_file,
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]591 base::PLATFORM_FILE_OPEN);
592 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, relative_file,
593 base::PLATFORM_FILE_OPEN));
594 p->Remove(kRendererID);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]595}
596
[email protected]c50008512011-02-03 01:17:27[diff] [blame]597TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]598 ChildProcessSecurityPolicyImpl* p =
599 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]600
[email protected]60e448982009-05-06 04:21:16[diff] [blame]601 GURL url("chrome://thumb/http://www.google.com/");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]602
603 p->Add(kRendererID);
604
[email protected]c50008512011-02-03 01:17:27[diff] [blame]605 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]606 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]607 p->GrantWebUIBindings(kRendererID);
608 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]609 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
610
611 p->Remove(kRendererID);
612}
613
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]614TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]615 ChildProcessSecurityPolicyImpl* p =
616 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]617
618 GURL url("file:///etc/passwd");
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]619 base::FilePath file(TEST_PATH("/etc/passwd"));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]620
621 p->Add(kRendererID);
622
623 p->GrantRequestURL(kRendererID, url);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]624 p->GrantReadFile(kRendererID, file);
[email protected]c50008512011-02-03 01:17:27[diff] [blame]625 p->GrantWebUIBindings(kRendererID);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]626
627 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]628 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]629 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]630
631 p->Remove(kRendererID);
632
633 // Renderers are added and removed on the UI thread, but the policy can be
[email protected]580522632009-08-17 21:55:55[diff] [blame]634 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be
635 // prepared to answer policy questions about renderers who no longer exist.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]636
637 // In this case, we default to secure behavior.
638 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]639 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]640 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]641}
[email protected]46488322012-10-30 03:22:20[diff] [blame]642
643} // namespace content