Google Git
Sign in
chromium / chromium / src.git / 8083841913b8eb8018ae52f67c923f0b3d66c466 / . / content / browser / child_process_security_policy_unittest.cc
blob: 90befd6d8aae9587de14c67cbef773c03d6b356b [file] [log] [blame]
[email protected]b9535422012-02-09 01:47:59[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
license.botbf09a502008-08-24 00:55:55[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]4
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]5#include <set>
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]6#include <string>
7
8#include "base/basictypes.h"
[email protected]561abe62009-04-06 18:08:34[diff] [blame]9#include "base/file_path.h"
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]10#include "base/platform_file.h"
[email protected]b9535422012-02-09 01:47:59[diff] [blame]11#include "content/browser/child_process_security_policy_impl.h"
[email protected]a1d29162011-10-14 17:14:03[diff] [blame]12#include "content/public/common/url_constants.h"
[email protected]c6681f32012-06-05 14:43:01[diff] [blame]13#include "content/test/test_content_browser_client.h"
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]14#include "googleurl/src/gurl.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]15#include "testing/gtest/include/gtest/gtest.h"
16
[email protected]46488322012-10-30 03:22:20[diff] [blame]17namespace content {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]18namespace {
19
20const int kRendererID = 42;
21const int kWorkerRendererID = kRendererID + 1;
22
23class ChildProcessSecurityPolicyTestBrowserClient
[email protected]46488322012-10-30 03:22:20[diff] [blame]24 : public TestContentBrowserClient {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]25 public:
26 ChildProcessSecurityPolicyTestBrowserClient() {}
27
28 virtual bool IsHandledURL(const GURL& url) {
29 return schemes_.find(url.scheme()) != schemes_.end();
[email protected]e3539402011-07-19 09:31:08[diff] [blame]30 }
31
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]32 void ClearSchemes() {
33 schemes_.clear();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]34 }
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]35
36 void AddScheme(const std::string& scheme) {
37 schemes_.insert(scheme);
38 }
39
40 private:
41 std::set<std::string> schemes_;
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]42};
43
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]44} // namespace
45
46class ChildProcessSecurityPolicyTest : public testing::Test {
47 public:
48 ChildProcessSecurityPolicyTest() : old_browser_client_(NULL) {
49 }
50
51 virtual void SetUp() {
[email protected]46488322012-10-30 03:22:20[diff] [blame]52 old_browser_client_ = GetContentClient()->browser();
53 GetContentClient()->set_browser_for_testing(&test_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]54
55 // Claim to always handle chrome:// URLs because the CPSP's notion of
56 // allowing WebUI bindings is hard-wired to this particular scheme.
57 test_browser_client_.AddScheme("chrome");
58 }
59
60 virtual void TearDown() {
61 test_browser_client_.ClearSchemes();
[email protected]46488322012-10-30 03:22:20[diff] [blame]62 GetContentClient()->set_browser_for_testing(old_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]63 }
64
65 protected:
66 void RegisterTestScheme(const std::string& scheme) {
67 test_browser_client_.AddScheme(scheme);
68 }
69
70 private:
71 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_;
[email protected]46488322012-10-30 03:22:20[diff] [blame]72 ContentBrowserClient* old_browser_client_;
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]73};
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]74
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]75TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]76 ChildProcessSecurityPolicyImpl* p =
77 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]78
[email protected]e0d481582009-09-15 21:06:25[diff] [blame]79 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpScheme));
80 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpsScheme));
81 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFtpScheme));
82 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]83 EXPECT_TRUE(p->IsWebSafeScheme("feed"));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]84 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme));
85 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFileSystemScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]86
87 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme"));
88 p->RegisterWebSafeScheme("registered-web-safe-scheme");
89 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]90
91 EXPECT_FALSE(p->IsWebSafeScheme(chrome::kChromeUIScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]92}
93
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]94TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]95 ChildProcessSecurityPolicyImpl* p =
96 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]97
[email protected]e0d481582009-09-15 21:06:25[diff] [blame]98 EXPECT_TRUE(p->IsPseudoScheme(chrome::kAboutScheme));
99 EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme));
100 EXPECT_TRUE(p->IsPseudoScheme(chrome::kViewSourceScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]101
[email protected]419a0572011-04-18 22:21:46[diff] [blame]102 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme"));
103 p->RegisterPseudoScheme("registered-pseudo-scheme");
104 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]105
106 EXPECT_FALSE(p->IsPseudoScheme(chrome::kChromeUIScheme));
[email protected]419a0572011-04-18 22:21:46[diff] [blame]107}
108
109TEST_F(ChildProcessSecurityPolicyTest, IsDisabledSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]110 ChildProcessSecurityPolicyImpl* p =
111 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]419a0572011-04-18 22:21:46[diff] [blame]112
113 EXPECT_FALSE(p->IsDisabledScheme("evil-scheme"));
114 std::set<std::string> disabled_set;
115 disabled_set.insert("evil-scheme");
116 p->RegisterDisabledSchemes(disabled_set);
117 EXPECT_TRUE(p->IsDisabledScheme("evil-scheme"));
118 EXPECT_FALSE(p->IsDisabledScheme("good-scheme"));
119
120 disabled_set.clear();
121 p->RegisterDisabledSchemes(disabled_set);
122 EXPECT_FALSE(p->IsDisabledScheme("evil-scheme"));
123 EXPECT_FALSE(p->IsDisabledScheme("good-scheme"));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]124}
125
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]126TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]127 ChildProcessSecurityPolicyImpl* p =
128 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]129
130 p->Add(kRendererID);
131
132 // Safe
133 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/")));
134 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/")));
135 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
136 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
137 EXPECT_TRUE(p->CanRequestURL(kRendererID,
138 GURL("view-source:http://www.google.com/")));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]139 EXPECT_TRUE(p->CanRequestURL(
140 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]141
142 // Dangerous
143 EXPECT_FALSE(p->CanRequestURL(kRendererID,
144 GURL("file:///etc/passwd")));
145 EXPECT_FALSE(p->CanRequestURL(kRendererID,
[email protected]60e448982009-05-06 04:21:16[diff] [blame]146 GURL("chrome://foo/bar")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]147
148 p->Remove(kRendererID);
149}
150
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]151TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]152 ChildProcessSecurityPolicyImpl* p =
153 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]154
155 p->Add(kRendererID);
156
157 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank")));
158 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK")));
159 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK")));
160 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank")));
161
[email protected]ed3456f2009-02-26 20:24:48[diff] [blame]162 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory")));
163 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
164 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
165 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]166
167 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory")));
168 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
169 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe")));
170
[email protected]8bf1048012012-02-08 01:22:18[diff] [blame]171 // Requests for about: pages should be denied.
172 p->GrantRequestURL(kRendererID, GURL("about:crash"));
173 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]174
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]175 // These requests for chrome:// pages should be granted.
[email protected]e068c2d2012-10-23 16:45:18[diff] [blame]176 GURL chrome_url("chrome://foo");
177 p->GrantRequestURL(kRendererID, chrome_url);
178 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]179
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]180 p->Remove(kRendererID);
181}
182
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]183TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]184 ChildProcessSecurityPolicyImpl* p =
185 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]186
187 p->Add(kRendererID);
188
189 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
190 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
191 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
192
193 p->Remove(kRendererID);
194}
195
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]196TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]197 ChildProcessSecurityPolicyImpl* p =
198 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]199
200 p->Add(kRendererID);
201
202 // Currently, "asdf" is destined for ShellExecute, so it is allowed.
203 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
204
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]205 // Once we register "asdf", we default to deny.
206 RegisterTestScheme("asdf");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]207 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
208
209 // We can allow new schemes by adding them to the whitelist.
210 p->RegisterWebSafeScheme("asdf");
211 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
212
213 // Cleanup.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]214 p->Remove(kRendererID);
215}
216
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]217TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]218 ChildProcessSecurityPolicyImpl* p =
219 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]220
221 p->Add(kRendererID);
222
223 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
224 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
225 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
226
[email protected]419a0572011-04-18 22:21:46[diff] [blame]227 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path")));
228 std::set<std::string> disabled_set;
229 disabled_set.insert("evil-scheme");
230 p->RegisterDisabledSchemes(disabled_set);
231 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com")));
232 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path")));
233 disabled_set.clear();
234 p->RegisterDisabledSchemes(disabled_set);
235 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com")));
236 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path")));
237
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]238 // We should forget our state if we repeat a renderer id.
239 p->Remove(kRendererID);
240 p->Add(kRendererID);
241 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
242 p->Remove(kRendererID);
243}
244
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]245TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]246 ChildProcessSecurityPolicyImpl* p =
247 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]248
249 p->Add(kRendererID);
250
251 // View source is determined by the embedded scheme.
252 EXPECT_TRUE(p->CanRequestURL(kRendererID,
253 GURL("view-source:http://www.google.com/")));
254 EXPECT_FALSE(p->CanRequestURL(kRendererID,
255 GURL("view-source:file:///etc/passwd")));
256 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
[email protected]690d0a9172010-01-06 00:19:36[diff] [blame]257 EXPECT_FALSE(p->CanRequestURL(
258 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]259
260 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
261 // View source needs to be able to request the embedded scheme.
262 EXPECT_TRUE(p->CanRequestURL(kRendererID,
263 GURL("view-source:file:///etc/passwd")));
264 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
265
266 p->Remove(kRendererID);
267}
268
[email protected]dc67e1c32012-06-08 00:10:40[diff] [blame]269TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
270 ChildProcessSecurityPolicyImpl* p =
271 ChildProcessSecurityPolicyImpl::GetInstance();
272
273 p->Add(kRendererID);
274
275 GURL icon_url("file:///tmp/foo.png");
276 GURL sensitive_url("file:///etc/passwd");
277 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url));
278 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
279
280 p->GrantRequestSpecificFileURL(kRendererID, icon_url);
281 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
282 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
283
284 p->GrantRequestURL(kRendererID, icon_url);
285 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
286 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url));
287
288 p->Remove(kRendererID);
289}
290
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]291TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]292 ChildProcessSecurityPolicyImpl* p =
293 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]294
295 p->Add(kRendererID);
296
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]297 EXPECT_FALSE(p->CanReadFile(kRendererID,
[email protected]561abe62009-04-06 18:08:34[diff] [blame]298 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]299 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/passwd")));
300 EXPECT_TRUE(p->CanReadFile(kRendererID,
[email protected]561abe62009-04-06 18:08:34[diff] [blame]301 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]302 EXPECT_FALSE(p->CanReadFile(kRendererID,
[email protected]561abe62009-04-06 18:08:34[diff] [blame]303 FilePath(FILE_PATH_LITERAL("/etc/shadow"))));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]304
305 p->Remove(kRendererID);
306 p->Add(kRendererID);
307
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]308 EXPECT_FALSE(p->CanReadFile(kRendererID,
[email protected]561abe62009-04-06 18:08:34[diff] [blame]309 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]310 EXPECT_FALSE(p->CanReadFile(kRendererID,
[email protected]561abe62009-04-06 18:08:34[diff] [blame]311 FilePath(FILE_PATH_LITERAL("/etc/shadow"))));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]312
313 p->Remove(kRendererID);
314}
315
[email protected]600ea402011-04-12 00:01:51[diff] [blame]316TEST_F(ChildProcessSecurityPolicyTest, CanReadDirectories) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]317 ChildProcessSecurityPolicyImpl* p =
318 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]600ea402011-04-12 00:01:51[diff] [blame]319
320 p->Add(kRendererID);
321
322 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
323 FilePath(FILE_PATH_LITERAL("/etc/"))));
324 p->GrantReadDirectory(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")));
325 EXPECT_TRUE(p->CanReadDirectory(kRendererID,
326 FilePath(FILE_PATH_LITERAL("/etc/"))));
327 EXPECT_TRUE(p->CanReadFile(kRendererID,
328 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
329
330 p->Remove(kRendererID);
331 p->Add(kRendererID);
332
333 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
334 FilePath(FILE_PATH_LITERAL("/etc/"))));
335 EXPECT_FALSE(p->CanReadFile(kRendererID,
336 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
337
338 // Just granting read permission as a file doesn't imply reading as a
339 // directory.
340 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")));
341 EXPECT_TRUE(p->CanReadFile(kRendererID,
342 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
343 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
344 FilePath(FILE_PATH_LITERAL("/etc/"))));
345
346 p->Remove(kRendererID);
347}
348
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]349TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
[email protected]80838412012-11-20 01:53:59[diff] [blame^]350 FilePath granted_file = FilePath(FILE_PATH_LITERAL("/home/joe"));
351 FilePath sibling_file = FilePath(FILE_PATH_LITERAL("/home/bob"));
352 FilePath child_file = FilePath(FILE_PATH_LITERAL("/home/joe/file"));
353 FilePath parent_file = FilePath(FILE_PATH_LITERAL("/home"));
354 FilePath parent_slash_file = FilePath(FILE_PATH_LITERAL("/home/"));
355 FilePath child_traversal1 = FilePath(
356 FILE_PATH_LITERAL("/home/joe/././file"));
357 FilePath child_traversal2 = FilePath(
358 FILE_PATH_LITERAL("/home/joe/file/../otherfile"));
359 FilePath evil_traversal1 = FilePath(
360 FILE_PATH_LITERAL("/home/joe/../../etc/passwd"));
361 FilePath evil_traversal2 = FilePath(
362 FILE_PATH_LITERAL("/home/joe/./.././../etc/passwd"));
363 FilePath self_traversal = FilePath(
364 FILE_PATH_LITERAL("/home/joe/../joe/file"));
365
[email protected]b9535422012-02-09 01:47:59[diff] [blame]366 ChildProcessSecurityPolicyImpl* p =
367 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]368
369 // Grant permissions for a file.
370 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame^]371 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]372 base::PLATFORM_FILE_OPEN));
373
[email protected]80838412012-11-20 01:53:59[diff] [blame^]374 p->GrantPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]375 base::PLATFORM_FILE_OPEN |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]376 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]377 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]378 base::PLATFORM_FILE_WRITE);
[email protected]80838412012-11-20 01:53:59[diff] [blame^]379 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]380 base::PLATFORM_FILE_OPEN |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]381 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]382 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]383 base::PLATFORM_FILE_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame^]384 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]385 base::PLATFORM_FILE_OPEN |
386 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame^]387 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]388 base::PLATFORM_FILE_CREATE));
[email protected]80838412012-11-20 01:53:59[diff] [blame^]389 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]390 base::PLATFORM_FILE_CREATE |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]391 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]392 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]393 base::PLATFORM_FILE_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame^]394 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file,
395 base::PLATFORM_FILE_OPEN |
396 base::PLATFORM_FILE_READ));
397 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file,
398 base::PLATFORM_FILE_OPEN |
399 base::PLATFORM_FILE_READ));
400 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file,
401 base::PLATFORM_FILE_OPEN |
402 base::PLATFORM_FILE_READ));
403 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1,
404 base::PLATFORM_FILE_OPEN |
405 base::PLATFORM_FILE_READ));
406 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2,
407 base::PLATFORM_FILE_OPEN |
408 base::PLATFORM_FILE_READ));
409 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1,
410 base::PLATFORM_FILE_OPEN |
411 base::PLATFORM_FILE_READ));
412 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2,
413 base::PLATFORM_FILE_OPEN |
414 base::PLATFORM_FILE_READ));
415 // CPSP doesn't allow this case for the sake of simplicity.
416 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal,
417 base::PLATFORM_FILE_OPEN |
418 base::PLATFORM_FILE_READ));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]419 p->Remove(kRendererID);
420
421 // Grant permissions for the directory the file is in.
422 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame^]423 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]424 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame^]425 p->GrantPermissionsForFile(kRendererID, parent_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]426 base::PLATFORM_FILE_OPEN |
427 base::PLATFORM_FILE_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame^]428 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]429 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame^]430 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]431 base::PLATFORM_FILE_READ |
432 base::PLATFORM_FILE_WRITE));
433 p->Remove(kRendererID);
434
435 // Grant permissions for the directory the file is in (with trailing '/').
436 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame^]437 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]438 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame^]439 p->GrantPermissionsForFile(kRendererID, parent_slash_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]440 base::PLATFORM_FILE_OPEN |
441 base::PLATFORM_FILE_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame^]442 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]443 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame^]444 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]445 base::PLATFORM_FILE_READ |
446 base::PLATFORM_FILE_WRITE));
447
448 // Grant permissions for the file (should overwrite the permissions granted
449 // for the directory).
[email protected]80838412012-11-20 01:53:59[diff] [blame^]450 p->GrantPermissionsForFile(kRendererID, granted_file,
451 base::PLATFORM_FILE_TEMPORARY);
452 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]453 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame^]454 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]455 base::PLATFORM_FILE_TEMPORARY));
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]456
457 // Revoke all permissions for the file (it should inherit its permissions
458 // from the directory again).
[email protected]80838412012-11-20 01:53:59[diff] [blame^]459 p->RevokeAllPermissionsForFile(kRendererID, granted_file);
460 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]461 base::PLATFORM_FILE_OPEN |
462 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame^]463 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]464 base::PLATFORM_FILE_TEMPORARY));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]465 p->Remove(kRendererID);
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]466
467 // Grant file permissions for the file to main thread renderer process,
468 // make sure its worker thread renderer process inherits those.
469 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame^]470 p->GrantPermissionsForFile(kRendererID, granted_file,
471 base::PLATFORM_FILE_OPEN |
472 base::PLATFORM_FILE_READ);
473 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]474 base::PLATFORM_FILE_OPEN |
475 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame^]476 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]477 base::PLATFORM_FILE_WRITE));
478 p->AddWorker(kWorkerRendererID, kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame^]479 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]480 base::PLATFORM_FILE_OPEN |
481 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame^]482 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]483 base::PLATFORM_FILE_WRITE));
484 p->Remove(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame^]485 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]486 base::PLATFORM_FILE_OPEN |
487 base::PLATFORM_FILE_READ));
488 p->Remove(kWorkerRendererID);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]489}
490
[email protected]c50008512011-02-03 01:17:27[diff] [blame]491TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]492 ChildProcessSecurityPolicyImpl* p =
493 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]494
[email protected]60e448982009-05-06 04:21:16[diff] [blame]495 GURL url("chrome://thumb/http://www.google.com/");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]496
497 p->Add(kRendererID);
498
[email protected]c50008512011-02-03 01:17:27[diff] [blame]499 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]500 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]501 p->GrantWebUIBindings(kRendererID);
502 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]503 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
504
505 p->Remove(kRendererID);
506}
507
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]508TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]509 ChildProcessSecurityPolicyImpl* p =
510 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]511
512 GURL url("file:///etc/passwd");
[email protected]561abe62009-04-06 18:08:34[diff] [blame]513 FilePath file(FILE_PATH_LITERAL("/etc/passwd"));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]514
515 p->Add(kRendererID);
516
517 p->GrantRequestURL(kRendererID, url);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]518 p->GrantReadFile(kRendererID, file);
[email protected]c50008512011-02-03 01:17:27[diff] [blame]519 p->GrantWebUIBindings(kRendererID);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]520
521 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]522 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]523 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]524
525 p->Remove(kRendererID);
526
527 // Renderers are added and removed on the UI thread, but the policy can be
[email protected]580522632009-08-17 21:55:55[diff] [blame]528 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be
529 // prepared to answer policy questions about renderers who no longer exist.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]530
531 // In this case, we default to secure behavior.
532 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]533 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]534 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]535}
[email protected]46488322012-10-30 03:22:20[diff] [blame]536
537} // namespace content