Google Git
Sign in
chromium / chromium / src.git / 707e1c46640eb5399c7dc328a6f9f29b6b0f735e / . / content / browser / child_process_security_policy_unittest.cc
blob: 55750bf0843016bf1f5d10746b35722ba90601ea [file] [log] [blame]
[email protected]b9535422012-02-09 01:47:59[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
license.botbf09a502008-08-24 00:55:55[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]4
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]5#include <set>
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]6#include <string>
7
8#include "base/basictypes.h"
[email protected]57999812013-02-24 05:40:52[diff] [blame]9#include "base/files/file_path.h"
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]10#include "base/platform_file.h"
[email protected]b9535422012-02-09 01:47:59[diff] [blame]11#include "content/browser/child_process_security_policy_impl.h"
[email protected]a1d29162011-10-14 17:14:03[diff] [blame]12#include "content/public/common/url_constants.h"
[email protected]c6681f32012-06-05 14:43:01[diff] [blame]13#include "content/test/test_content_browser_client.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]14#include "testing/gtest/include/gtest/gtest.h"
[email protected]707e1c42013-07-09 21:18:58[diff] [blame^]15#include "url/gurl.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]16
[email protected]46488322012-10-30 03:22:20[diff] [blame]17namespace content {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]18namespace {
19
20const int kRendererID = 42;
21const int kWorkerRendererID = kRendererID + 1;
22
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]23#if defined(FILE_PATH_USES_DRIVE_LETTERS)
24#define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x)
25#else
26#define TEST_PATH(x) FILE_PATH_LITERAL(x)
27#endif
28
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]29class ChildProcessSecurityPolicyTestBrowserClient
[email protected]46488322012-10-30 03:22:20[diff] [blame]30 : public TestContentBrowserClient {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]31 public:
32 ChildProcessSecurityPolicyTestBrowserClient() {}
33
[email protected]c3e35892013-02-12 02:08:01[diff] [blame]34 virtual bool IsHandledURL(const GURL& url) OVERRIDE {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]35 return schemes_.find(url.scheme()) != schemes_.end();
[email protected]e3539402011-07-19 09:31:08[diff] [blame]36 }
37
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]38 void ClearSchemes() {
39 schemes_.clear();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]40 }
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]41
42 void AddScheme(const std::string& scheme) {
43 schemes_.insert(scheme);
44 }
45
46 private:
47 std::set<std::string> schemes_;
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]48};
49
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]50} // namespace
51
52class ChildProcessSecurityPolicyTest : public testing::Test {
53 public:
54 ChildProcessSecurityPolicyTest() : old_browser_client_(NULL) {
55 }
56
57 virtual void SetUp() {
[email protected]eabbfb12013-04-05 23:28:35[diff] [blame]58 old_browser_client_ = SetBrowserClientForTesting(&test_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]59
60 // Claim to always handle chrome:// URLs because the CPSP's notion of
61 // allowing WebUI bindings is hard-wired to this particular scheme.
[email protected]e0f35c92013-05-08 16:04:34[diff] [blame]62 test_browser_client_.AddScheme(chrome::kChromeUIScheme);
63
64 // Claim to always handle file:// URLs like the browser would.
65 // net::URLRequest::IsHandledURL() no longer claims support for default
66 // protocols as this is the responsibility of the browser (which is
67 // responsible for adding the appropriate ProtocolHandler).
68 test_browser_client_.AddScheme(chrome::kFileScheme);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]69 }
70
71 virtual void TearDown() {
72 test_browser_client_.ClearSchemes();
[email protected]eabbfb12013-04-05 23:28:35[diff] [blame]73 SetBrowserClientForTesting(old_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]74 }
75
76 protected:
77 void RegisterTestScheme(const std::string& scheme) {
78 test_browser_client_.AddScheme(scheme);
79 }
80
81 private:
82 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_;
[email protected]46488322012-10-30 03:22:20[diff] [blame]83 ContentBrowserClient* old_browser_client_;
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]84};
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]85
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]86TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]87 ChildProcessSecurityPolicyImpl* p =
88 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]89
[email protected]e0d481582009-09-15 21:06:25[diff] [blame]90 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpScheme));
91 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpsScheme));
92 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFtpScheme));
93 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]94 EXPECT_TRUE(p->IsWebSafeScheme("feed"));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]95 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme));
96 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFileSystemScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]97
98 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme"));
99 p->RegisterWebSafeScheme("registered-web-safe-scheme");
100 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]101
102 EXPECT_FALSE(p->IsWebSafeScheme(chrome::kChromeUIScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]103}
104
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]105TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]106 ChildProcessSecurityPolicyImpl* p =
107 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]108
[email protected]e0d481582009-09-15 21:06:25[diff] [blame]109 EXPECT_TRUE(p->IsPseudoScheme(chrome::kAboutScheme));
110 EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme));
[email protected]dbdda5402013-05-30 22:13:48[diff] [blame]111 EXPECT_TRUE(p->IsPseudoScheme(kViewSourceScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]112
[email protected]419a0572011-04-18 22:21:46[diff] [blame]113 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme"));
114 p->RegisterPseudoScheme("registered-pseudo-scheme");
115 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]116
117 EXPECT_FALSE(p->IsPseudoScheme(chrome::kChromeUIScheme));
[email protected]419a0572011-04-18 22:21:46[diff] [blame]118}
119
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]120TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]121 ChildProcessSecurityPolicyImpl* p =
122 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]123
124 p->Add(kRendererID);
125
126 // Safe
127 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/")));
128 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/")));
129 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
130 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
131 EXPECT_TRUE(p->CanRequestURL(kRendererID,
132 GURL("view-source:http://www.google.com/")));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]133 EXPECT_TRUE(p->CanRequestURL(
134 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]135
136 // Dangerous
137 EXPECT_FALSE(p->CanRequestURL(kRendererID,
138 GURL("file:///etc/passwd")));
139 EXPECT_FALSE(p->CanRequestURL(kRendererID,
[email protected]60e448982009-05-06 04:21:16[diff] [blame]140 GURL("chrome://foo/bar")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]141
142 p->Remove(kRendererID);
143}
144
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]145TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]146 ChildProcessSecurityPolicyImpl* p =
147 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]148
149 p->Add(kRendererID);
150
151 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank")));
152 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK")));
153 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK")));
154 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank")));
155
[email protected]ed3456f2009-02-26 20:24:48[diff] [blame]156 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory")));
157 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
158 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
159 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]160
161 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory")));
162 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
163 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe")));
164
[email protected]8bf1048012012-02-08 01:22:18[diff] [blame]165 // Requests for about: pages should be denied.
166 p->GrantRequestURL(kRendererID, GURL("about:crash"));
167 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]168
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]169 // These requests for chrome:// pages should be granted.
[email protected]e068c2d2012-10-23 16:45:18[diff] [blame]170 GURL chrome_url("chrome://foo");
171 p->GrantRequestURL(kRendererID, chrome_url);
172 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]173
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]174 p->Remove(kRendererID);
175}
176
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]177TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]178 ChildProcessSecurityPolicyImpl* p =
179 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]180
181 p->Add(kRendererID);
182
183 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
184 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
185 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
186
187 p->Remove(kRendererID);
188}
189
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]190TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]191 ChildProcessSecurityPolicyImpl* p =
192 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]193
194 p->Add(kRendererID);
195
196 // Currently, "asdf" is destined for ShellExecute, so it is allowed.
197 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
198
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]199 // Once we register "asdf", we default to deny.
200 RegisterTestScheme("asdf");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]201 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
202
203 // We can allow new schemes by adding them to the whitelist.
204 p->RegisterWebSafeScheme("asdf");
205 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
206
207 // Cleanup.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]208 p->Remove(kRendererID);
209}
210
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]211TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]212 ChildProcessSecurityPolicyImpl* p =
213 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]214
215 p->Add(kRendererID);
216
217 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
218 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
219 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
220
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]221 // We should forget our state if we repeat a renderer id.
222 p->Remove(kRendererID);
223 p->Add(kRendererID);
224 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
225 p->Remove(kRendererID);
226}
227
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]228TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]229 ChildProcessSecurityPolicyImpl* p =
230 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]231
232 p->Add(kRendererID);
233
234 // View source is determined by the embedded scheme.
235 EXPECT_TRUE(p->CanRequestURL(kRendererID,
236 GURL("view-source:http://www.google.com/")));
237 EXPECT_FALSE(p->CanRequestURL(kRendererID,
238 GURL("view-source:file:///etc/passwd")));
239 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
[email protected]690d0a9172010-01-06 00:19:36[diff] [blame]240 EXPECT_FALSE(p->CanRequestURL(
241 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]242
243 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
244 // View source needs to be able to request the embedded scheme.
245 EXPECT_TRUE(p->CanRequestURL(kRendererID,
246 GURL("view-source:file:///etc/passwd")));
247 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
248
249 p->Remove(kRendererID);
250}
251
[email protected]dc67e1c32012-06-08 00:10:40[diff] [blame]252TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
253 ChildProcessSecurityPolicyImpl* p =
254 ChildProcessSecurityPolicyImpl::GetInstance();
255
256 p->Add(kRendererID);
257
258 GURL icon_url("file:///tmp/foo.png");
259 GURL sensitive_url("file:///etc/passwd");
260 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url));
261 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
262
263 p->GrantRequestSpecificFileURL(kRendererID, icon_url);
264 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
265 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
266
267 p->GrantRequestURL(kRendererID, icon_url);
268 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
269 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url));
270
271 p->Remove(kRendererID);
272}
273
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]274TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]275 ChildProcessSecurityPolicyImpl* p =
276 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]277
278 p->Add(kRendererID);
279
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]280 EXPECT_FALSE(p->CanReadFile(kRendererID,
281 base::FilePath(TEST_PATH("/etc/passwd"))));
282 p->GrantReadFile(kRendererID, base::FilePath(TEST_PATH("/etc/passwd")));
283 EXPECT_TRUE(p->CanReadFile(kRendererID,
284 base::FilePath(TEST_PATH("/etc/passwd"))));
285 EXPECT_FALSE(p->CanReadFile(kRendererID,
286 base::FilePath(TEST_PATH("/etc/shadow"))));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]287
288 p->Remove(kRendererID);
289 p->Add(kRendererID);
290
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]291 EXPECT_FALSE(p->CanReadFile(kRendererID,
292 base::FilePath(TEST_PATH("/etc/passwd"))));
293 EXPECT_FALSE(p->CanReadFile(kRendererID,
294 base::FilePath(TEST_PATH("/etc/shadow"))));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]295
296 p->Remove(kRendererID);
297}
298
[email protected]600ea402011-04-12 00:01:51[diff] [blame]299TEST_F(ChildProcessSecurityPolicyTest, CanReadDirectories) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]300 ChildProcessSecurityPolicyImpl* p =
301 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]600ea402011-04-12 00:01:51[diff] [blame]302
303 p->Add(kRendererID);
304
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]305 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
306 base::FilePath(TEST_PATH("/etc/"))));
307 p->GrantReadDirectory(kRendererID,
308 base::FilePath(TEST_PATH("/etc/")));
309 EXPECT_TRUE(p->CanReadDirectory(kRendererID,
310 base::FilePath(TEST_PATH("/etc/"))));
311 EXPECT_TRUE(p->CanReadFile(kRendererID,
312 base::FilePath(TEST_PATH("/etc/passwd"))));
[email protected]600ea402011-04-12 00:01:51[diff] [blame]313
314 p->Remove(kRendererID);
315 p->Add(kRendererID);
316
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]317 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
318 base::FilePath(TEST_PATH("/etc/"))));
319 EXPECT_FALSE(p->CanReadFile(kRendererID,
320 base::FilePath(TEST_PATH("/etc/passwd"))));
[email protected]600ea402011-04-12 00:01:51[diff] [blame]321
322 // Just granting read permission as a file doesn't imply reading as a
323 // directory.
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]324 p->GrantReadFile(kRendererID, base::FilePath(TEST_PATH("/etc/")));
325 EXPECT_TRUE(p->CanReadFile(kRendererID,
326 base::FilePath(TEST_PATH("/etc/passwd"))));
327 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
328 base::FilePath(TEST_PATH("/etc/"))));
[email protected]600ea402011-04-12 00:01:51[diff] [blame]329
330 p->Remove(kRendererID);
331}
332
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]333TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
[email protected]c42de732013-02-16 06:26:31[diff] [blame]334 base::FilePath granted_file = base::FilePath(TEST_PATH("/home/joe"));
335 base::FilePath sibling_file = base::FilePath(TEST_PATH("/home/bob"));
336 base::FilePath child_file = base::FilePath(TEST_PATH("/home/joe/file"));
337 base::FilePath parent_file = base::FilePath(TEST_PATH("/home"));
338 base::FilePath parent_slash_file = base::FilePath(TEST_PATH("/home/"));
339 base::FilePath child_traversal1 =
340 base::FilePath(TEST_PATH("/home/joe/././file"));
341 base::FilePath child_traversal2 = base::FilePath(
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]342 TEST_PATH("/home/joe/file/../otherfile"));
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]343 base::FilePath evil_traversal1 =
[email protected]023ad6ab2013-02-17 05:07:23[diff] [blame]344 base::FilePath(TEST_PATH("/home/joe/../../etc/passwd"));
[email protected]c42de732013-02-16 06:26:31[diff] [blame]345 base::FilePath evil_traversal2 = base::FilePath(
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]346 TEST_PATH("/home/joe/./.././../etc/passwd"));
[email protected]c42de732013-02-16 06:26:31[diff] [blame]347 base::FilePath self_traversal =
348 base::FilePath(TEST_PATH("/home/joe/../joe/file"));
349 base::FilePath relative_file = base::FilePath(FILE_PATH_LITERAL("home/joe"));
[email protected]80838412012-11-20 01:53:59[diff] [blame]350
[email protected]b9535422012-02-09 01:47:59[diff] [blame]351 ChildProcessSecurityPolicyImpl* p =
352 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]353
354 // Grant permissions for a file.
355 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]356 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]357 base::PLATFORM_FILE_OPEN));
358
[email protected]80838412012-11-20 01:53:59[diff] [blame]359 p->GrantPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]360 base::PLATFORM_FILE_OPEN |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]361 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]362 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]363 base::PLATFORM_FILE_WRITE);
[email protected]80838412012-11-20 01:53:59[diff] [blame]364 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]365 base::PLATFORM_FILE_OPEN |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]366 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]367 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]368 base::PLATFORM_FILE_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame]369 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]370 base::PLATFORM_FILE_OPEN |
371 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]372 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]373 base::PLATFORM_FILE_CREATE));
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]374 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, 0));
[email protected]80838412012-11-20 01:53:59[diff] [blame]375 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]376 base::PLATFORM_FILE_CREATE |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]377 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]378 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]379 base::PLATFORM_FILE_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame]380 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file,
381 base::PLATFORM_FILE_OPEN |
382 base::PLATFORM_FILE_READ));
383 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file,
384 base::PLATFORM_FILE_OPEN |
385 base::PLATFORM_FILE_READ));
386 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file,
387 base::PLATFORM_FILE_OPEN |
388 base::PLATFORM_FILE_READ));
389 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1,
390 base::PLATFORM_FILE_OPEN |
391 base::PLATFORM_FILE_READ));
392 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2,
393 base::PLATFORM_FILE_OPEN |
394 base::PLATFORM_FILE_READ));
395 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1,
396 base::PLATFORM_FILE_OPEN |
397 base::PLATFORM_FILE_READ));
398 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2,
399 base::PLATFORM_FILE_OPEN |
400 base::PLATFORM_FILE_READ));
401 // CPSP doesn't allow this case for the sake of simplicity.
402 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal,
403 base::PLATFORM_FILE_OPEN |
404 base::PLATFORM_FILE_READ));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]405 p->Remove(kRendererID);
406
407 // Grant permissions for the directory the file is in.
408 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]409 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]410 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]411 p->GrantPermissionsForFile(kRendererID, parent_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]412 base::PLATFORM_FILE_OPEN |
413 base::PLATFORM_FILE_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]414 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]415 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]416 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]417 base::PLATFORM_FILE_READ |
418 base::PLATFORM_FILE_WRITE));
419 p->Remove(kRendererID);
420
421 // Grant permissions for the directory the file is in (with trailing '/').
422 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]423 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]424 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]425 p->GrantPermissionsForFile(kRendererID, parent_slash_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]426 base::PLATFORM_FILE_OPEN |
427 base::PLATFORM_FILE_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]428 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]429 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]430 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]431 base::PLATFORM_FILE_READ |
432 base::PLATFORM_FILE_WRITE));
433
434 // Grant permissions for the file (should overwrite the permissions granted
435 // for the directory).
[email protected]80838412012-11-20 01:53:59[diff] [blame]436 p->GrantPermissionsForFile(kRendererID, granted_file,
437 base::PLATFORM_FILE_TEMPORARY);
438 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]439 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]440 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]441 base::PLATFORM_FILE_TEMPORARY));
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]442
443 // Revoke all permissions for the file (it should inherit its permissions
444 // from the directory again).
[email protected]80838412012-11-20 01:53:59[diff] [blame]445 p->RevokeAllPermissionsForFile(kRendererID, granted_file);
446 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]447 base::PLATFORM_FILE_OPEN |
448 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]449 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]450 base::PLATFORM_FILE_TEMPORARY));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]451 p->Remove(kRendererID);
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]452
453 // Grant file permissions for the file to main thread renderer process,
454 // make sure its worker thread renderer process inherits those.
455 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]456 p->GrantPermissionsForFile(kRendererID, granted_file,
457 base::PLATFORM_FILE_OPEN |
458 base::PLATFORM_FILE_READ);
459 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]460 base::PLATFORM_FILE_OPEN |
461 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]462 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]463 base::PLATFORM_FILE_WRITE));
464 p->AddWorker(kWorkerRendererID, kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]465 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]466 base::PLATFORM_FILE_OPEN |
467 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]468 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]469 base::PLATFORM_FILE_WRITE));
470 p->Remove(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]471 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]472 base::PLATFORM_FILE_OPEN |
473 base::PLATFORM_FILE_READ));
474 p->Remove(kWorkerRendererID);
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]475
476 p->Add(kRendererID);
477 p->GrantPermissionsForFile(kRendererID, relative_file,
478 base::PLATFORM_FILE_OPEN);
479 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, relative_file,
480 base::PLATFORM_FILE_OPEN));
481 p->Remove(kRendererID);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]482}
483
[email protected]c50008512011-02-03 01:17:27[diff] [blame]484TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]485 ChildProcessSecurityPolicyImpl* p =
486 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]487
[email protected]60e448982009-05-06 04:21:16[diff] [blame]488 GURL url("chrome://thumb/http://www.google.com/");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]489
490 p->Add(kRendererID);
491
[email protected]c50008512011-02-03 01:17:27[diff] [blame]492 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]493 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]494 p->GrantWebUIBindings(kRendererID);
495 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]496 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
497
498 p->Remove(kRendererID);
499}
500
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]501TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]502 ChildProcessSecurityPolicyImpl* p =
503 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]504
505 GURL url("file:///etc/passwd");
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]506 base::FilePath file(TEST_PATH("/etc/passwd"));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]507
508 p->Add(kRendererID);
509
510 p->GrantRequestURL(kRendererID, url);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]511 p->GrantReadFile(kRendererID, file);
[email protected]c50008512011-02-03 01:17:27[diff] [blame]512 p->GrantWebUIBindings(kRendererID);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]513
514 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]515 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]516 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]517
518 p->Remove(kRendererID);
519
520 // Renderers are added and removed on the UI thread, but the policy can be
[email protected]580522632009-08-17 21:55:55[diff] [blame]521 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be
522 // prepared to answer policy questions about renderers who no longer exist.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]523
524 // In this case, we default to secure behavior.
525 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]526 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]527 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]528}
[email protected]46488322012-10-30 03:22:20[diff] [blame]529
530} // namespace content