Google Git
Sign in
chromium / chromium / src.git / 71f48559772345f1005a0e24eb27b01feada9439 / . / content / browser / child_process_security_policy_unittest.cc
blob: 6b69dd7fe38c692ed5e16b0aca2748c6d9c4e8ab [file] [log] [blame]
[email protected]b9535422012-02-09 01:47:59[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
license.botbf09a502008-08-24 00:55:55[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]4
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]5#include <set>
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]6#include <string>
7
[email protected]57999812013-02-24 05:40:52[diff] [blame]8#include "base/files/file_path.h"
[email protected]b9535422012-02-09 01:47:59[diff] [blame]9#include "content/browser/child_process_security_policy_impl.h"
[email protected]a1d29162011-10-14 17:14:03[diff] [blame]10#include "content/public/common/url_constants.h"
[email protected]c6681f32012-06-05 14:43:01[diff] [blame]11#include "content/test/test_content_browser_client.h"
pilgrime92c5fcd2014-09-10 23:31:23[diff] [blame]12#include "storage/browser/fileapi/file_permission_policy.h"
13#include "storage/browser/fileapi/file_system_url.h"
14#include "storage/browser/fileapi/isolated_context.h"
pilgrim16330552014-09-10 01:32:22[diff] [blame]15#include "storage/common/fileapi/file_system_types.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]16#include "testing/gtest/include/gtest/gtest.h"
[email protected]707e1c42013-07-09 21:18:58[diff] [blame]17#include "url/gurl.h"
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]18#include "url/origin.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]19
[email protected]46488322012-10-30 03:22:20[diff] [blame]20namespace content {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]21namespace {
22
23const int kRendererID = 42;
24const int kWorkerRendererID = kRendererID + 1;
25
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]26#if defined(FILE_PATH_USES_DRIVE_LETTERS)
27#define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x)
28#else
29#define TEST_PATH(x) FILE_PATH_LITERAL(x)
30#endif
31
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]32class ChildProcessSecurityPolicyTestBrowserClient
[email protected]46488322012-10-30 03:22:20[diff] [blame]33 : public TestContentBrowserClient {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]34 public:
35 ChildProcessSecurityPolicyTestBrowserClient() {}
36
dchengc2282aa2014-10-21 12:07:58[diff] [blame]37 bool IsHandledURL(const GURL& url) override {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]38 return schemes_.find(url.scheme()) != schemes_.end();
[email protected]e3539402011-07-19 09:31:08[diff] [blame]39 }
40
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]41 void ClearSchemes() {
42 schemes_.clear();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]43 }
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]44
45 void AddScheme(const std::string& scheme) {
46 schemes_.insert(scheme);
47 }
48
49 private:
50 std::set<std::string> schemes_;
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]51};
52
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]53} // namespace
54
55class ChildProcessSecurityPolicyTest : public testing::Test {
56 public:
57 ChildProcessSecurityPolicyTest() : old_browser_client_(NULL) {
58 }
59
dchengfa85b152014-10-28 01:13:42[diff] [blame]60 void SetUp() override {
[email protected]eabbfb12013-04-05 23:28:35[diff] [blame]61 old_browser_client_ = SetBrowserClientForTesting(&test_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]62
63 // Claim to always handle chrome:// URLs because the CPSP's notion of
64 // allowing WebUI bindings is hard-wired to this particular scheme.
[email protected]2d9748b22014-02-11 00:17:29[diff] [blame]65 test_browser_client_.AddScheme(kChromeUIScheme);
[email protected]e0f35c92013-05-08 16:04:34[diff] [blame]66
67 // Claim to always handle file:// URLs like the browser would.
68 // net::URLRequest::IsHandledURL() no longer claims support for default
69 // protocols as this is the responsibility of the browser (which is
70 // responsible for adding the appropriate ProtocolHandler).
[email protected]cca6f392014-05-28 21:32:26[diff] [blame]71 test_browser_client_.AddScheme(url::kFileScheme);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]72 }
73
dchengfa85b152014-10-28 01:13:42[diff] [blame]74 void TearDown() override {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]75 test_browser_client_.ClearSchemes();
[email protected]eabbfb12013-04-05 23:28:35[diff] [blame]76 SetBrowserClientForTesting(old_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]77 }
78
79 protected:
80 void RegisterTestScheme(const std::string& scheme) {
81 test_browser_client_.AddScheme(scheme);
82 }
83
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]84 void GrantPermissionsForFile(ChildProcessSecurityPolicyImpl* p,
85 int child_id,
86 const base::FilePath& file,
87 int permissions) {
88 p->GrantPermissionsForFile(child_id, file, permissions);
89 }
90
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]91 void CheckHasNoFileSystemPermission(ChildProcessSecurityPolicyImpl* p,
92 const std::string& child_id) {
93 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, child_id));
94 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, child_id));
95 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, child_id));
96 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, child_id));
97 }
98
99 void CheckHasNoFileSystemFilePermission(ChildProcessSecurityPolicyImpl* p,
100 const base::FilePath& file,
[email protected]cd501a72014-08-22 19:58:31[diff] [blame]101 const storage::FileSystemURL& url) {
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]102 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
103 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, file));
104 EXPECT_FALSE(p->CanReadFileSystemFile(kRendererID, url));
105 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, url));
106 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, url));
107 EXPECT_FALSE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
108 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, url));
109 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, url));
110 }
111
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]112 private:
113 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_;
[email protected]46488322012-10-30 03:22:20[diff] [blame]114 ContentBrowserClient* old_browser_client_;
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]115};
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]116
[email protected]9f104312013-07-23 23:18:19[diff] [blame]117
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]118TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]119 ChildProcessSecurityPolicyImpl* p =
120 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]121
[email protected]e8ca69c2014-05-07 15:31:19[diff] [blame]122 EXPECT_TRUE(p->IsWebSafeScheme(url::kHttpScheme));
123 EXPECT_TRUE(p->IsWebSafeScheme(url::kHttpsScheme));
[email protected]cca6f392014-05-28 21:32:26[diff] [blame]124 EXPECT_TRUE(p->IsWebSafeScheme(url::kFtpScheme));
125 EXPECT_TRUE(p->IsWebSafeScheme(url::kDataScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]126 EXPECT_TRUE(p->IsWebSafeScheme("feed"));
[email protected]cca6f392014-05-28 21:32:26[diff] [blame]127 EXPECT_TRUE(p->IsWebSafeScheme(url::kBlobScheme));
128 EXPECT_TRUE(p->IsWebSafeScheme(url::kFileSystemScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]129
130 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme"));
131 p->RegisterWebSafeScheme("registered-web-safe-scheme");
132 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]133
[email protected]2d9748b22014-02-11 00:17:29[diff] [blame]134 EXPECT_FALSE(p->IsWebSafeScheme(kChromeUIScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]135}
136
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]137TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]138 ChildProcessSecurityPolicyImpl* p =
139 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]140
[email protected]8e09c7af2014-06-10 11:46:17[diff] [blame]141 EXPECT_TRUE(p->IsPseudoScheme(url::kAboutScheme));
[email protected]cca6f392014-05-28 21:32:26[diff] [blame]142 EXPECT_TRUE(p->IsPseudoScheme(url::kJavaScriptScheme));
[email protected]dbdda5402013-05-30 22:13:48[diff] [blame]143 EXPECT_TRUE(p->IsPseudoScheme(kViewSourceScheme));
jww04480402016-10-25 02:50:33[diff] [blame]144 EXPECT_TRUE(p->IsPseudoScheme(url::kHttpSuboriginScheme));
145 EXPECT_TRUE(p->IsPseudoScheme(url::kHttpsSuboriginScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]146
[email protected]419a0572011-04-18 22:21:46[diff] [blame]147 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme"));
148 p->RegisterPseudoScheme("registered-pseudo-scheme");
149 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]150
[email protected]2d9748b22014-02-11 00:17:29[diff] [blame]151 EXPECT_FALSE(p->IsPseudoScheme(kChromeUIScheme));
[email protected]419a0572011-04-18 22:21:46[diff] [blame]152}
153
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]154TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]155 ChildProcessSecurityPolicyImpl* p =
156 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]157
158 p->Add(kRendererID);
159
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]160 // Safe to request, redirect or commit.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]161 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/")));
162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/")));
163 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
164 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]165 EXPECT_TRUE(p->CanRequestURL(
166 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]167 EXPECT_TRUE(p->CanRedirectToURL(GURL("http://www.google.com/")));
168 EXPECT_TRUE(p->CanRedirectToURL(GURL("https://www.paypal.com/")));
169 EXPECT_TRUE(p->CanRedirectToURL(GURL("ftp://ftp.gnu.org/")));
170 EXPECT_TRUE(p->CanRedirectToURL(GURL("data:text/html,<b>Hi</b>")));
171 EXPECT_TRUE(
172 p->CanRedirectToURL(GURL("filesystem:http://localhost/temporary/a.gif")));
creis3710b2382015-08-18 00:12:15[diff] [blame]173 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("http://www.google.com/")));
174 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("https://www.paypal.com/")));
175 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
176 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
177 EXPECT_TRUE(p->CanCommitURL(
178 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]179 EXPECT_TRUE(
180 p->CanSetAsOriginHeader(kRendererID, GURL("http://www.google.com/")));
181 EXPECT_TRUE(
182 p->CanSetAsOriginHeader(kRendererID, GURL("https://www.paypal.com/")));
183 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("ftp://ftp.gnu.org/")));
184 EXPECT_TRUE(
185 p->CanSetAsOriginHeader(kRendererID, GURL("data:text/html,<b>Hi</b>")));
186 EXPECT_TRUE(p->CanSetAsOriginHeader(
187 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]188
jww2cdad9e2016-09-24 05:42:02[diff] [blame]189 // Dangerous to request, commit, or set as origin header.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]190 EXPECT_FALSE(p->CanRequestURL(kRendererID,
191 GURL("file:///etc/passwd")));
192 EXPECT_FALSE(p->CanRequestURL(kRendererID,
[email protected]60e448982009-05-06 04:21:16[diff] [blame]193 GURL("chrome://foo/bar")));
meacerce6b66032016-06-02 20:56:05[diff] [blame]194 EXPECT_FALSE(p->CanRequestURL(kRendererID,
195 GURL("view-source:http://www.google.com/")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]196 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
197 EXPECT_TRUE(p->CanRedirectToURL(GURL("chrome://foo/bar")));
198 EXPECT_FALSE(p->CanRedirectToURL(GURL("view-source:http://www.google.com/")));
creis3710b2382015-08-18 00:12:15[diff] [blame]199 EXPECT_FALSE(p->CanCommitURL(kRendererID,
200 GURL("file:///etc/passwd")));
201 EXPECT_FALSE(p->CanCommitURL(kRendererID,
202 GURL("chrome://foo/bar")));
meacerce6b66032016-06-02 20:56:05[diff] [blame]203 EXPECT_FALSE(
204 p->CanCommitURL(kRendererID, GURL("view-source:http://www.google.com/")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]205 EXPECT_FALSE(
206 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
207 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("chrome://foo/bar")));
208 EXPECT_FALSE(p->CanSetAsOriginHeader(
209 kRendererID, GURL("view-source:http://www.google.com/")));
Alex Moshchuk71f485592017-08-16 16:20:00[diff] [blame^]210 EXPECT_FALSE(p->CanRedirectToURL(GURL(kUnreachableWebDataURL)));
211 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL(kUnreachableWebDataURL)));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]212
213 p->Remove(kRendererID);
214}
215
nicka76cc402016-09-22 20:02:59[diff] [blame]216TEST_F(ChildProcessSecurityPolicyTest, BlobSchemeTest) {
217 ChildProcessSecurityPolicyImpl* p =
218 ChildProcessSecurityPolicyImpl::GetInstance();
219
220 p->Add(kRendererID);
221
222 EXPECT_TRUE(
223 p->CanRequestURL(kRendererID, GURL("blob:http://localhost/some-guid")));
224 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("blob:null/some-guid")));
225 EXPECT_TRUE(
226 p->CanRequestURL(kRendererID, GURL("blob:http://localhost/some-guid")));
227 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("blob:NulL/some-guid")));
228 EXPECT_TRUE(
229 p->CanRequestURL(kRendererID, GURL("blob:NulL/some-guid#fragment")));
230 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("blob:NulL/some-guid?query")));
231 EXPECT_TRUE(
232 p->CanRequestURL(kRendererID, GURL("blob:blobinternal://some-guid")));
233 EXPECT_FALSE(p->CanRequestURL(
234 kRendererID, GURL("blob:http://username@localhost/some-guid")));
235 EXPECT_FALSE(p->CanRequestURL(
236 kRendererID, GURL("blob:http://username @localhost/some-guid")));
237 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("blob:blob:some-guid")));
238 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("blob:some-guid")));
239 EXPECT_FALSE(p->CanRequestURL(kRendererID,
240 GURL("blob:filesystem:http://localhost/path")));
241 EXPECT_FALSE(p->CanRequestURL(kRendererID,
242 GURL("filesystem:blob:http://localhost/guid")));
243
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]244 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:http://localhost/some-guid")));
245 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:null/some-guid")));
246 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:http://localhost/some-guid")));
247 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:NulL/some-guid")));
248 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:NulL/some-guid#fragment")));
249 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:NulL/some-guid?query")));
250 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:blobinternal://some-guid")));
251 EXPECT_TRUE(
252 p->CanRedirectToURL(GURL("blob:http://username@localhost/some-guid")));
253 EXPECT_TRUE(p->CanRedirectToURL(
254 GURL("blob:http://username @localhost/some-guid")));
255 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:blob:some-guid")));
256 EXPECT_TRUE(p->CanRedirectToURL(GURL("blob:some-guid")));
257 EXPECT_TRUE(
258 p->CanRedirectToURL(GURL("blob:filesystem:http://localhost/path")));
259 EXPECT_FALSE(
260 p->CanRedirectToURL(GURL("filesystem:blob:http://localhost/guid")));
261
nicka76cc402016-09-22 20:02:59[diff] [blame]262 EXPECT_TRUE(
263 p->CanCommitURL(kRendererID, GURL("blob:http://localhost/some-guid")));
264 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("blob:null/some-guid")));
265 EXPECT_TRUE(
266 p->CanCommitURL(kRendererID, GURL("blob:http://localhost/some-guid")));
267 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("blob:NulL/some-guid")));
268 EXPECT_TRUE(
269 p->CanCommitURL(kRendererID, GURL("blob:NulL/some-guid#fragment")));
270 EXPECT_TRUE(
271 p->CanCommitURL(kRendererID, GURL("blob:blobinternal://some-guid")));
272 EXPECT_FALSE(p->CanCommitURL(
273 kRendererID, GURL("blob:http://username@localhost/some-guid")));
274 EXPECT_FALSE(p->CanCommitURL(
275 kRendererID, GURL("blob:http://username @localhost/some-guid")));
276 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("blob:blob:some-guid")));
277 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("blob:some-guid")));
278 EXPECT_FALSE(p->CanCommitURL(kRendererID,
279 GURL("blob:filesystem:http://localhost/path")));
280 EXPECT_FALSE(p->CanCommitURL(kRendererID,
281 GURL("filesystem:blob:http://localhost/guid")));
282
283 p->Remove(kRendererID);
284}
285
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]286TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]287 ChildProcessSecurityPolicyImpl* p =
288 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]289
290 p->Add(kRendererID);
291
292 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank")));
arthursonzogniee7f43b2016-12-06 10:52:29[diff] [blame]293 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:BlAnK")));
294 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]295 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]296 EXPECT_TRUE(p->CanRedirectToURL(GURL("about:blank")));
297 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:BlAnK")));
298 EXPECT_FALSE(p->CanRedirectToURL(GURL("aBouT:BlAnK")));
299 EXPECT_TRUE(p->CanRedirectToURL(GURL("aBouT:blank")));
creis3710b2382015-08-18 00:12:15[diff] [blame]300 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:blank")));
arthursonzogniee7f43b2016-12-06 10:52:29[diff] [blame]301 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:BlAnK")));
302 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBouT:BlAnK")));
creis3710b2382015-08-18 00:12:15[diff] [blame]303 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("aBouT:blank")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]304 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("about:blank")));
arthursonzogniee7f43b2016-12-06 10:52:29[diff] [blame]305 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:BlAnK")));
306 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:BlAnK")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]307 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("aBouT:blank")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]308
arthursonzogniee7f43b2016-12-06 10:52:29[diff] [blame]309 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:srcdoc")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]310 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:srcdoc")));
arthursonzogniee7f43b2016-12-06 10:52:29[diff] [blame]311 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("about:srcdoc")));
312 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:srcdoc")));
313 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:SRCDOC")));
314 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:SRCDOC")));
315 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:SRCDOC")));
316
[email protected]ed3456f2009-02-26 20:24:48[diff] [blame]317 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
318 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
319 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang")));
asvitkine2c4b4d1a2016-03-19 14:18:07[diff] [blame]320 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:version")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]321 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:crash")));
322 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:cache")));
323 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:hang")));
324 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:version")));
creis3710b2382015-08-18 00:12:15[diff] [blame]325 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash")));
326 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:cache")));
327 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:hang")));
asvitkine2c4b4d1a2016-03-19 14:18:07[diff] [blame]328 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:version")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]329 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash")));
330 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:cache")));
331 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:hang")));
332 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:version")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]333
asvitkine2c4b4d1a2016-03-19 14:18:07[diff] [blame]334 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:version")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]335 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
336 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]337 EXPECT_FALSE(p->CanRedirectToURL(GURL("aBoUt:version")));
338 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:CrASh")));
339 EXPECT_FALSE(p->CanRedirectToURL(GURL("abOuT:cAChe")));
asvitkine2c4b4d1a2016-03-19 14:18:07[diff] [blame]340 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version")));
creis3710b2382015-08-18 00:12:15[diff] [blame]341 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:CrASh")));
342 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("abOuT:cAChe")));
asvitkine2c4b4d1a2016-03-19 14:18:07[diff] [blame]343 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("aBoUt:version")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]344 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version")));
345 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:CrASh")));
346 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("abOuT:cAChe")));
347 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("aBoUt:version")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]348
[email protected]8bf1048012012-02-08 01:22:18[diff] [blame]349 // Requests for about: pages should be denied.
350 p->GrantRequestURL(kRendererID, GURL("about:crash"));
351 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]352 EXPECT_FALSE(p->CanRedirectToURL(GURL("about:crash")));
creis3710b2382015-08-18 00:12:15[diff] [blame]353 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("about:crash")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]354 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("about:crash")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]355
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]356 // These requests for chrome:// pages should be granted.
[email protected]e068c2d2012-10-23 16:45:18[diff] [blame]357 GURL chrome_url("chrome://foo");
358 p->GrantRequestURL(kRendererID, chrome_url);
359 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]360 EXPECT_TRUE(p->CanRedirectToURL(GURL(chrome_url)));
creis3710b2382015-08-18 00:12:15[diff] [blame]361 EXPECT_TRUE(p->CanCommitURL(kRendererID, chrome_url));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]362 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, chrome_url));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]363
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]364 p->Remove(kRendererID);
365}
366
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]367TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]368 ChildProcessSecurityPolicyImpl* p =
369 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]370
371 p->Add(kRendererID);
372
373 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]374 EXPECT_FALSE(p->CanRedirectToURL(GURL("javascript:alert('xss')")));
creis3710b2382015-08-18 00:12:15[diff] [blame]375 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]376 EXPECT_FALSE(
377 p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]378 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
379 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]380 EXPECT_FALSE(p->CanRedirectToURL(GURL("javascript:alert('xss')")));
creis3710b2382015-08-18 00:12:15[diff] [blame]381 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("javascript:alert('xss')")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]382 EXPECT_FALSE(
383 p->CanSetAsOriginHeader(kRendererID, GURL("javascript:alert('xss')")));
384
385 p->Remove(kRendererID);
386}
387
388TEST_F(ChildProcessSecurityPolicyTest, SuboriginTest) {
389 ChildProcessSecurityPolicyImpl* p =
390 ChildProcessSecurityPolicyImpl::GetInstance();
391
392 p->Add(kRendererID);
393
394 // Suborigin URLs are not requestable or committable.
395 EXPECT_FALSE(
396 p->CanRequestURL(kRendererID, GURL("http-so://foobar.example.com")));
397 EXPECT_FALSE(
398 p->CanRequestURL(kRendererID, GURL("https-so://foobar.example.com")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]399 EXPECT_FALSE(p->CanRedirectToURL(GURL("http-so://foobar.example.com")));
400 EXPECT_FALSE(p->CanRedirectToURL(GURL("https-so://foobar.example.com")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]401 EXPECT_FALSE(
402 p->CanCommitURL(kRendererID, GURL("http-so://foobar.example.com")));
403 EXPECT_FALSE(
404 p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com")));
405
406 // It's not possible to grant suborigins requestable status.
407 p->GrantRequestURL(kRendererID, GURL("https-so://foobar.example.com"));
408 EXPECT_FALSE(
409 p->CanCommitURL(kRendererID, GURL("https-so://foobar.example.com")));
410
411 // Suborigin URLs are valid origin headers.
412 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID,
413 GURL("http-so://foobar.example.com")));
414 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID,
415 GURL("https-so://foobar.example.com")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]416
417 p->Remove(kRendererID);
418}
419
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]420TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]421 ChildProcessSecurityPolicyImpl* p =
422 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]423
424 p->Add(kRendererID);
425
creis3710b2382015-08-18 00:12:15[diff] [blame]426 // Currently, "asdf" is destined for ShellExecute, so it is allowed to be
427 // requested but not committed.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]428 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]429 EXPECT_TRUE(p->CanRedirectToURL(GURL("asdf:rockers")));
creis3710b2382015-08-18 00:12:15[diff] [blame]430 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]431 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]432
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]433 // Once we register "asdf", we default to deny.
434 RegisterTestScheme("asdf");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]435 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]436 EXPECT_TRUE(p->CanRedirectToURL(GURL("asdf:rockers")));
creis3710b2382015-08-18 00:12:15[diff] [blame]437 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]438 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]439
440 // We can allow new schemes by adding them to the whitelist.
441 p->RegisterWebSafeScheme("asdf");
442 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]443 EXPECT_TRUE(p->CanRedirectToURL(GURL("asdf:rockers")));
creis3710b2382015-08-18 00:12:15[diff] [blame]444 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("asdf:rockers")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]445 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("asdf:rockers")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]446
447 // Cleanup.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]448 p->Remove(kRendererID);
449}
450
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]451TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]452 ChildProcessSecurityPolicyImpl* p =
453 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]454
455 p->Add(kRendererID);
456
457 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]458 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
creis3710b2382015-08-18 00:12:15[diff] [blame]459 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]460 EXPECT_FALSE(
461 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]462 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
463 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]464 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
creis3710b2382015-08-18 00:12:15[diff] [blame]465 EXPECT_TRUE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]466 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]467
468 // We should forget our state if we repeat a renderer id.
469 p->Remove(kRendererID);
470 p->Add(kRendererID);
471 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]472 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
creis3710b2382015-08-18 00:12:15[diff] [blame]473 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]474 EXPECT_FALSE(
475 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]476 p->Remove(kRendererID);
477}
478
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]479TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]480 ChildProcessSecurityPolicyImpl* p =
481 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]482
483 p->Add(kRendererID);
484
meacerce6b66032016-06-02 20:56:05[diff] [blame]485 // Child processes cannot request view source URLs.
486 EXPECT_FALSE(p->CanRequestURL(kRendererID,
487 GURL("view-source:http://www.google.com/")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]488 EXPECT_FALSE(p->CanRequestURL(kRendererID,
489 GURL("view-source:file:///etc/passwd")));
490 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
[email protected]690d0a9172010-01-06 00:19:36[diff] [blame]491 EXPECT_FALSE(p->CanRequestURL(
492 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]493
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]494 // Child processes cannot be redirected to view source URLs.
495 EXPECT_FALSE(p->CanRedirectToURL(GURL("view-source:http://www.google.com/")));
496 EXPECT_FALSE(p->CanRedirectToURL(GURL("view-source:file:///etc/passwd")));
497 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
498 EXPECT_FALSE(p->CanRedirectToURL(
499 GURL("view-source:view-source:http://www.google.com/")));
500
creis3710b2382015-08-18 00:12:15[diff] [blame]501 // View source URLs don't actually commit; the renderer is put into view
502 // source mode, and the inner URL commits.
503 EXPECT_FALSE(p->CanCommitURL(kRendererID,
504 GURL("view-source:http://www.google.com/")));
505 EXPECT_FALSE(p->CanCommitURL(kRendererID,
506 GURL("view-source:file:///etc/passwd")));
507 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
508 EXPECT_FALSE(p->CanCommitURL(
509 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
510
jww2cdad9e2016-09-24 05:42:02[diff] [blame]511 // View source URLs should not be setable as origin headers
512 EXPECT_FALSE(p->CanSetAsOriginHeader(
513 kRendererID, GURL("view-source:http://www.google.com/")));
514 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID,
515 GURL("view-source:file:///etc/passwd")));
516 EXPECT_FALSE(
517 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
518 EXPECT_FALSE(p->CanSetAsOriginHeader(
519 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
520
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]521 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
meacerce6b66032016-06-02 20:56:05[diff] [blame]522 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]523 EXPECT_TRUE(p->CanRedirectToURL(GURL("file:///etc/passwd")));
meacerce6b66032016-06-02 20:56:05[diff] [blame]524 EXPECT_FALSE(p->CanCommitURL(kRendererID, GURL("file:///etc/passwd")));
525 EXPECT_FALSE(
jww2cdad9e2016-09-24 05:42:02[diff] [blame]526 p->CanSetAsOriginHeader(kRendererID, GURL("file:///etc/passwd")));
527 EXPECT_FALSE(
meacerce6b66032016-06-02 20:56:05[diff] [blame]528 p->CanRequestURL(kRendererID, GURL("view-source:file:///etc/passwd")));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]529 EXPECT_FALSE(p->CanRedirectToURL(GURL("view-source:file:///etc/passwd")));
creis3710b2382015-08-18 00:12:15[diff] [blame]530 EXPECT_FALSE(p->CanCommitURL(kRendererID,
531 GURL("view-source:file:///etc/passwd")));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]532 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID,
533 GURL("view-source:file:///etc/passwd")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]534 p->Remove(kRendererID);
535}
536
[email protected]dc67e1c32012-06-08 00:10:40[diff] [blame]537TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
538 ChildProcessSecurityPolicyImpl* p =
539 ChildProcessSecurityPolicyImpl::GetInstance();
540
541 p->Add(kRendererID);
542
543 GURL icon_url("file:///tmp/foo.png");
544 GURL sensitive_url("file:///etc/passwd");
545 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url));
546 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]547 EXPECT_TRUE(p->CanRedirectToURL(icon_url));
548 EXPECT_TRUE(p->CanRedirectToURL(sensitive_url));
creis3710b2382015-08-18 00:12:15[diff] [blame]549 EXPECT_FALSE(p->CanCommitURL(kRendererID, icon_url));
550 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]551 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, icon_url));
552 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
[email protected]dc67e1c32012-06-08 00:10:40[diff] [blame]553
554 p->GrantRequestSpecificFileURL(kRendererID, icon_url);
555 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
556 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]557 EXPECT_TRUE(p->CanRedirectToURL(icon_url));
558 EXPECT_TRUE(p->CanRedirectToURL(sensitive_url));
creis3710b2382015-08-18 00:12:15[diff] [blame]559 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url));
560 EXPECT_FALSE(p->CanCommitURL(kRendererID, sensitive_url));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]561 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url));
562 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
[email protected]dc67e1c32012-06-08 00:10:40[diff] [blame]563
564 p->GrantRequestURL(kRendererID, icon_url);
565 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
566 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]567 EXPECT_TRUE(p->CanRedirectToURL(icon_url));
568 EXPECT_TRUE(p->CanRedirectToURL(sensitive_url));
creis3710b2382015-08-18 00:12:15[diff] [blame]569 EXPECT_TRUE(p->CanCommitURL(kRendererID, icon_url));
570 EXPECT_TRUE(p->CanCommitURL(kRendererID, sensitive_url));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]571 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, icon_url));
572 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, sensitive_url));
[email protected]dc67e1c32012-06-08 00:10:40[diff] [blame]573
574 p->Remove(kRendererID);
575}
576
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]577TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) {
578 ChildProcessSecurityPolicyImpl* p =
579 ChildProcessSecurityPolicyImpl::GetInstance();
580
581 p->Add(kRendererID);
[email protected]cd501a72014-08-22 19:58:31[diff] [blame]582 std::string read_id =
583 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
584 storage::kFileSystemTypeTest, "read_filesystem", base::FilePath());
585 std::string read_write_id =
586 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
587 storage::kFileSystemTypeTest,
588 "read_write_filesystem",
589 base::FilePath());
590 std::string copy_into_id =
591 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
592 storage::kFileSystemTypeTest,
593 "copy_into_filesystem",
594 base::FilePath());
595 std::string delete_from_id =
596 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
597 storage::kFileSystemTypeTest,
598 "delete_from_filesystem",
599 base::FilePath());
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]600
601 // Test initially having no permissions.
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]602 CheckHasNoFileSystemPermission(p, read_id);
603 CheckHasNoFileSystemPermission(p, read_write_id);
604 CheckHasNoFileSystemPermission(p, copy_into_id);
605 CheckHasNoFileSystemPermission(p, delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]606
607 // Testing varying combinations of grants and checks.
608 p->GrantReadFileSystem(kRendererID, read_id);
609 EXPECT_TRUE(p->CanReadFileSystem(kRendererID, read_id));
610 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, read_id));
611 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, read_id));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]612 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, read_id));
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]613
614 p->GrantReadFileSystem(kRendererID, read_write_id);
615 p->GrantWriteFileSystem(kRendererID, read_write_id);
616 EXPECT_TRUE(p->CanReadFileSystem(kRendererID, read_write_id));
617 EXPECT_TRUE(p->CanReadWriteFileSystem(kRendererID, read_write_id));
618 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, read_write_id));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]619 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, read_write_id));
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]620
621 p->GrantCopyIntoFileSystem(kRendererID, copy_into_id);
622 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, copy_into_id));
623 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, copy_into_id));
624 EXPECT_TRUE(p->CanCopyIntoFileSystem(kRendererID, copy_into_id));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]625 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, copy_into_id));
626
627 p->GrantDeleteFromFileSystem(kRendererID, delete_from_id);
628 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, delete_from_id));
629 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, delete_from_id));
630 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, delete_from_id));
631 EXPECT_TRUE(p->CanDeleteFromFileSystem(kRendererID, delete_from_id));
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]632
633 // Test revoke permissions on renderer ID removal.
634 p->Remove(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]635 CheckHasNoFileSystemPermission(p, read_id);
636 CheckHasNoFileSystemPermission(p, read_write_id);
637 CheckHasNoFileSystemPermission(p, copy_into_id);
638 CheckHasNoFileSystemPermission(p, delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]639
640 // Test having no permissions upon re-adding same renderer ID.
641 p->Add(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]642 CheckHasNoFileSystemPermission(p, read_id);
643 CheckHasNoFileSystemPermission(p, read_write_id);
644 CheckHasNoFileSystemPermission(p, copy_into_id);
645 CheckHasNoFileSystemPermission(p, delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]646
647 // Cleanup.
648 p->Remove(kRendererID);
[email protected]cd501a72014-08-22 19:58:31[diff] [blame]649 storage::IsolatedContext::GetInstance()->RevokeFileSystem(read_id);
650 storage::IsolatedContext::GetInstance()->RevokeFileSystem(read_write_id);
651 storage::IsolatedContext::GetInstance()->RevokeFileSystem(copy_into_id);
652 storage::IsolatedContext::GetInstance()->RevokeFileSystem(delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]653}
654
[email protected]9f104312013-07-23 23:18:19[diff] [blame]655TEST_F(ChildProcessSecurityPolicyTest, FilePermissionGrantingAndRevoking) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]656 ChildProcessSecurityPolicyImpl* p =
657 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]658
[email protected]9f104312013-07-23 23:18:19[diff] [blame]659 p->RegisterFileSystemPermissionPolicy(
[email protected]cd501a72014-08-22 19:58:31[diff] [blame]660 storage::kFileSystemTypeTest,
661 storage::FILE_PERMISSION_USE_FILE_PERMISSION);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]662
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]663 p->Add(kRendererID);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]664 base::FilePath file(TEST_PATH("/dir/testfile"));
665 file = file.NormalizePathSeparators();
[email protected]cd501a72014-08-22 19:58:31[diff] [blame]666 storage::FileSystemURL url = storage::FileSystemURL::CreateForTest(
667 GURL("http://foo/"), storage::kFileSystemTypeTest, file);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]668
[email protected]9f104312013-07-23 23:18:19[diff] [blame]669 // Test initially having no permissions.
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]670 CheckHasNoFileSystemFilePermission(p, file, url);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]671
[email protected]9f104312013-07-23 23:18:19[diff] [blame]672 // Testing every combination of permissions granting and revoking.
673 p->GrantReadFile(kRendererID, file);
674 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]675 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, file));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]676 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, url));
677 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, url));
678 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, url));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]679 EXPECT_FALSE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]680 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, url));
681 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, url));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]682 p->RevokeAllPermissionsForFile(kRendererID, file);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]683 CheckHasNoFileSystemFilePermission(p, file, url);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]684
685 p->GrantCreateReadWriteFile(kRendererID, file);
686 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]687 EXPECT_TRUE(p->CanCreateReadWriteFile(kRendererID, file));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]688 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, url));
689 EXPECT_TRUE(p->CanWriteFileSystemFile(kRendererID, url));
690 EXPECT_TRUE(p->CanCreateFileSystemFile(kRendererID, url));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]691 EXPECT_TRUE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]692 EXPECT_TRUE(p->CanCopyIntoFileSystemFile(kRendererID, url));
693 EXPECT_TRUE(p->CanDeleteFileSystemFile(kRendererID, url));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]694 p->RevokeAllPermissionsForFile(kRendererID, file);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]695 CheckHasNoFileSystemFilePermission(p, file, url);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]696
697 // Test revoke permissions on renderer ID removal.
698 p->GrantCreateReadWriteFile(kRendererID, file);
699 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]700 EXPECT_TRUE(p->CanCreateReadWriteFile(kRendererID, file));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]701 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, url));
702 EXPECT_TRUE(p->CanWriteFileSystemFile(kRendererID, url));
703 EXPECT_TRUE(p->CanCreateFileSystemFile(kRendererID, url));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]704 EXPECT_TRUE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]705 EXPECT_TRUE(p->CanCopyIntoFileSystemFile(kRendererID, url));
706 EXPECT_TRUE(p->CanDeleteFileSystemFile(kRendererID, url));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]707 p->Remove(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]708 CheckHasNoFileSystemFilePermission(p, file, url);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]709
710 // Test having no permissions upon re-adding same renderer ID.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]711 p->Add(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]712 CheckHasNoFileSystemFilePermission(p, file, url);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]713
[email protected]9f104312013-07-23 23:18:19[diff] [blame]714 // Cleanup.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]715 p->Remove(kRendererID);
716}
717
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]718TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
[email protected]c42de732013-02-16 06:26:31[diff] [blame]719 base::FilePath granted_file = base::FilePath(TEST_PATH("/home/joe"));
720 base::FilePath sibling_file = base::FilePath(TEST_PATH("/home/bob"));
721 base::FilePath child_file = base::FilePath(TEST_PATH("/home/joe/file"));
722 base::FilePath parent_file = base::FilePath(TEST_PATH("/home"));
723 base::FilePath parent_slash_file = base::FilePath(TEST_PATH("/home/"));
724 base::FilePath child_traversal1 =
725 base::FilePath(TEST_PATH("/home/joe/././file"));
726 base::FilePath child_traversal2 = base::FilePath(
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]727 TEST_PATH("/home/joe/file/../otherfile"));
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]728 base::FilePath evil_traversal1 =
[email protected]023ad6ab2013-02-17 05:07:23[diff] [blame]729 base::FilePath(TEST_PATH("/home/joe/../../etc/passwd"));
[email protected]c42de732013-02-16 06:26:31[diff] [blame]730 base::FilePath evil_traversal2 = base::FilePath(
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]731 TEST_PATH("/home/joe/./.././../etc/passwd"));
[email protected]c42de732013-02-16 06:26:31[diff] [blame]732 base::FilePath self_traversal =
733 base::FilePath(TEST_PATH("/home/joe/../joe/file"));
734 base::FilePath relative_file = base::FilePath(FILE_PATH_LITERAL("home/joe"));
[email protected]80838412012-11-20 01:53:59[diff] [blame]735
[email protected]b9535422012-02-09 01:47:59[diff] [blame]736 ChildProcessSecurityPolicyImpl* p =
737 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]738
739 // Grant permissions for a file.
740 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]741 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]742 base::File::FLAG_OPEN));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]743
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]744 GrantPermissionsForFile(p, kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]745 base::File::FLAG_OPEN |
746 base::File::FLAG_OPEN_TRUNCATED |
747 base::File::FLAG_READ |
748 base::File::FLAG_WRITE);
[email protected]80838412012-11-20 01:53:59[diff] [blame]749 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]750 base::File::FLAG_OPEN |
751 base::File::FLAG_OPEN_TRUNCATED |
752 base::File::FLAG_READ |
753 base::File::FLAG_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame]754 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]755 base::File::FLAG_OPEN |
756 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]757 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]758 base::File::FLAG_CREATE));
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]759 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, 0));
[email protected]80838412012-11-20 01:53:59[diff] [blame]760 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]761 base::File::FLAG_CREATE |
762 base::File::FLAG_OPEN_TRUNCATED |
763 base::File::FLAG_READ |
764 base::File::FLAG_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame]765 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]766 base::File::FLAG_OPEN |
767 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]768 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]769 base::File::FLAG_OPEN |
770 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]771 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]772 base::File::FLAG_OPEN |
773 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]774 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]775 base::File::FLAG_OPEN |
776 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]777 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]778 base::File::FLAG_OPEN |
779 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]780 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]781 base::File::FLAG_OPEN |
782 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]783 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]784 base::File::FLAG_OPEN |
785 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]786 // CPSP doesn't allow this case for the sake of simplicity.
787 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]788 base::File::FLAG_OPEN |
789 base::File::FLAG_READ));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]790 p->Remove(kRendererID);
791
792 // Grant permissions for the directory the file is in.
793 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]794 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]795 base::File::FLAG_OPEN));
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]796 GrantPermissionsForFile(p, kRendererID, parent_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]797 base::File::FLAG_OPEN |
798 base::File::FLAG_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]799 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]800 base::File::FLAG_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]801 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]802 base::File::FLAG_READ |
803 base::File::FLAG_WRITE));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]804 p->Remove(kRendererID);
805
806 // Grant permissions for the directory the file is in (with trailing '/').
807 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]808 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]809 base::File::FLAG_OPEN));
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]810 GrantPermissionsForFile(p, kRendererID, parent_slash_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]811 base::File::FLAG_OPEN |
812 base::File::FLAG_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]813 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]814 base::File::FLAG_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]815 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]816 base::File::FLAG_READ |
817 base::File::FLAG_WRITE));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]818
819 // Grant permissions for the file (should overwrite the permissions granted
820 // for the directory).
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]821 GrantPermissionsForFile(p, kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]822 base::File::FLAG_TEMPORARY);
[email protected]80838412012-11-20 01:53:59[diff] [blame]823 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]824 base::File::FLAG_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]825 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]826 base::File::FLAG_TEMPORARY));
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]827
828 // Revoke all permissions for the file (it should inherit its permissions
829 // from the directory again).
[email protected]80838412012-11-20 01:53:59[diff] [blame]830 p->RevokeAllPermissionsForFile(kRendererID, granted_file);
831 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]832 base::File::FLAG_OPEN |
833 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]834 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]835 base::File::FLAG_TEMPORARY));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]836 p->Remove(kRendererID);
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]837
838 // Grant file permissions for the file to main thread renderer process,
839 // make sure its worker thread renderer process inherits those.
840 p->Add(kRendererID);
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]841 GrantPermissionsForFile(p, kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]842 base::File::FLAG_OPEN |
843 base::File::FLAG_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]844 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]845 base::File::FLAG_OPEN |
846 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]847 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]848 base::File::FLAG_WRITE));
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]849 p->AddWorker(kWorkerRendererID, kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]850 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]851 base::File::FLAG_OPEN |
852 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]853 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]854 base::File::FLAG_WRITE));
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]855 p->Remove(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]856 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]857 base::File::FLAG_OPEN |
858 base::File::FLAG_READ));
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]859 p->Remove(kWorkerRendererID);
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]860
861 p->Add(kRendererID);
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]862 GrantPermissionsForFile(p, kRendererID, relative_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]863 base::File::FLAG_OPEN);
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]864 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, relative_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]865 base::File::FLAG_OPEN));
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]866 p->Remove(kRendererID);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]867}
868
[email protected]c50008512011-02-03 01:17:27[diff] [blame]869TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]870 ChildProcessSecurityPolicyImpl* p =
871 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]872
[email protected]60e448982009-05-06 04:21:16[diff] [blame]873 GURL url("chrome://thumb/http://www.google.com/");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]874
875 p->Add(kRendererID);
876
[email protected]c50008512011-02-03 01:17:27[diff] [blame]877 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]878 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]879 EXPECT_TRUE(p->CanRedirectToURL(url));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]880 p->GrantWebUIBindings(kRendererID);
881 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]882 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]883 EXPECT_TRUE(p->CanRedirectToURL(url));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]884
885 p->Remove(kRendererID);
886}
887
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]888TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]889 ChildProcessSecurityPolicyImpl* p =
890 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]891
892 GURL url("file:///etc/passwd");
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]893 base::FilePath file(TEST_PATH("/etc/passwd"));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]894
895 p->Add(kRendererID);
896
897 p->GrantRequestURL(kRendererID, url);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]898 p->GrantReadFile(kRendererID, file);
[email protected]c50008512011-02-03 01:17:27[diff] [blame]899 p->GrantWebUIBindings(kRendererID);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]900
901 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]902 EXPECT_TRUE(p->CanRedirectToURL(url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]903 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]904 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]905
906 p->Remove(kRendererID);
907
908 // Renderers are added and removed on the UI thread, but the policy can be
[email protected]580522632009-08-17 21:55:55[diff] [blame]909 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be
910 // prepared to answer policy questions about renderers who no longer exist.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]911
912 // In this case, we default to secure behavior.
913 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]914 EXPECT_TRUE(p->CanRedirectToURL(url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]915 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]916 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]917}
[email protected]46488322012-10-30 03:22:20[diff] [blame]918
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]919// Test the granting of origin permissions, and their interactions with
920// granting scheme permissions.
921TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) {
922 ChildProcessSecurityPolicyImpl* p =
923 ChildProcessSecurityPolicyImpl::GetInstance();
924
925 p->Add(kRendererID);
926
927 GURL url_foo1("chrome://foo/resource1");
928 GURL url_foo2("chrome://foo/resource2");
929 GURL url_bar("chrome://bar/resource3");
930
931 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo1));
932 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_foo2));
933 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]934 EXPECT_TRUE(p->CanRedirectToURL(url_foo1));
935 EXPECT_TRUE(p->CanRedirectToURL(url_foo2));
936 EXPECT_TRUE(p->CanRedirectToURL(url_bar));
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]937 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1));
938 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2));
939 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]940 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
941 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
942 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar));
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]943
944 p->GrantOrigin(kRendererID, url::Origin(url_foo1));
945
946 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1));
947 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2));
948 EXPECT_FALSE(p->CanRequestURL(kRendererID, url_bar));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]949 EXPECT_TRUE(p->CanRedirectToURL(url_foo1));
950 EXPECT_TRUE(p->CanRedirectToURL(url_foo2));
951 EXPECT_TRUE(p->CanRedirectToURL(url_bar));
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]952 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1));
953 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2));
954 EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]955 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
956 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
957 EXPECT_FALSE(p->CanSetAsOriginHeader(kRendererID, url_bar));
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]958
959 p->GrantScheme(kRendererID, kChromeUIScheme);
960
961 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo1));
962 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_foo2));
963 EXPECT_TRUE(p->CanRequestURL(kRendererID, url_bar));
arthursonzogni98e5a232017-07-13 15:18:16[diff] [blame]964 EXPECT_TRUE(p->CanRedirectToURL(url_foo1));
965 EXPECT_TRUE(p->CanRedirectToURL(url_foo2));
966 EXPECT_TRUE(p->CanRedirectToURL(url_bar));
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]967 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1));
968 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2));
969 EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar));
jww2cdad9e2016-09-24 05:42:02[diff] [blame]970 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo1));
971 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_foo2));
972 EXPECT_TRUE(p->CanSetAsOriginHeader(kRendererID, url_bar));
paulmeyer1eefa26e2015-10-01 02:11:13[diff] [blame]973
974 p->Remove(kRendererID);
975}
976
alexmos3b9ad102017-05-26 23:41:08[diff] [blame]977// Verifies parsing logic that extracts origins from --isolate-origins.
978TEST_F(ChildProcessSecurityPolicyTest, IsolateOriginsFromCommandLine) {
979 // Invalid and unique origins are not permitted.
980 auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();
981 policy->AddIsolatedOriginsFromCommandLine("foo");
982 policy->AddIsolatedOriginsFromCommandLine("");
983 policy->AddIsolatedOriginsFromCommandLine("about:blank");
984 EXPECT_EQ(0U, policy->isolated_origins_.size());
985
986 policy->AddIsolatedOriginsFromCommandLine("http://isolated.foo.com");
987 EXPECT_EQ(1U, policy->isolated_origins_.size());
988 EXPECT_TRUE(
989 policy->IsIsolatedOrigin(url::Origin(GURL("http://isolated.foo.com"))));
990
991 policy->AddIsolatedOriginsFromCommandLine(
992 "http://a.com,https://b.com,,https://c.com:8000");
993 EXPECT_EQ(4U, policy->isolated_origins_.size());
994 EXPECT_TRUE(
995 policy->IsIsolatedOrigin(url::Origin(GURL("http://isolated.foo.com"))));
996 EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(GURL("http://a.com"))));
997 EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(GURL("https://b.com"))));
998 EXPECT_TRUE(
999 policy->IsIsolatedOrigin(url::Origin(GURL("https://c.com:8000"))));
1000}
1001
[email protected]46488322012-10-30 03:22:20[diff] [blame]1002} // namespace content