Google Git
Sign in
chromium / chromium / src.git / 8e09c7af875d86eb8174c5fb5a12ddec9ac8c38e / . / content / browser / child_process_security_policy_unittest.cc
blob: 97c1889b3d7875f5116f1af86a0ecccb3e686457 [file] [log] [blame]
[email protected]b9535422012-02-09 01:47:59[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
license.botbf09a502008-08-24 00:55:55[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]4
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]5#include <set>
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]6#include <string>
7
8#include "base/basictypes.h"
[email protected]57999812013-02-24 05:40:52[diff] [blame]9#include "base/files/file_path.h"
[email protected]b9535422012-02-09 01:47:59[diff] [blame]10#include "content/browser/child_process_security_policy_impl.h"
[email protected]a1d29162011-10-14 17:14:03[diff] [blame]11#include "content/public/common/url_constants.h"
[email protected]c6681f32012-06-05 14:43:01[diff] [blame]12#include "content/test/test_content_browser_client.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]13#include "testing/gtest/include/gtest/gtest.h"
[email protected]707e1c42013-07-09 21:18:58[diff] [blame]14#include "url/gurl.h"
[email protected]9f104312013-07-23 23:18:19[diff] [blame]15#include "webkit/browser/fileapi/file_permission_policy.h"
16#include "webkit/browser/fileapi/file_system_url.h"
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]17#include "webkit/browser/fileapi/isolated_context.h"
[email protected]9f104312013-07-23 23:18:19[diff] [blame]18#include "webkit/common/fileapi/file_system_types.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]19
[email protected]46488322012-10-30 03:22:20[diff] [blame]20namespace content {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]21namespace {
22
23const int kRendererID = 42;
24const int kWorkerRendererID = kRendererID + 1;
25
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]26#if defined(FILE_PATH_USES_DRIVE_LETTERS)
27#define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x)
28#else
29#define TEST_PATH(x) FILE_PATH_LITERAL(x)
30#endif
31
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]32class ChildProcessSecurityPolicyTestBrowserClient
[email protected]46488322012-10-30 03:22:20[diff] [blame]33 : public TestContentBrowserClient {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]34 public:
35 ChildProcessSecurityPolicyTestBrowserClient() {}
36
[email protected]c3e35892013-02-12 02:08:01[diff] [blame]37 virtual bool IsHandledURL(const GURL& url) OVERRIDE {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]38 return schemes_.find(url.scheme()) != schemes_.end();
[email protected]e3539402011-07-19 09:31:08[diff] [blame]39 }
40
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]41 void ClearSchemes() {
42 schemes_.clear();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]43 }
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]44
45 void AddScheme(const std::string& scheme) {
46 schemes_.insert(scheme);
47 }
48
49 private:
50 std::set<std::string> schemes_;
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]51};
52
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]53} // namespace
54
55class ChildProcessSecurityPolicyTest : public testing::Test {
56 public:
57 ChildProcessSecurityPolicyTest() : old_browser_client_(NULL) {
58 }
59
60 virtual void SetUp() {
[email protected]eabbfb12013-04-05 23:28:35[diff] [blame]61 old_browser_client_ = SetBrowserClientForTesting(&test_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]62
63 // Claim to always handle chrome:// URLs because the CPSP's notion of
64 // allowing WebUI bindings is hard-wired to this particular scheme.
[email protected]2d9748b22014-02-11 00:17:29[diff] [blame]65 test_browser_client_.AddScheme(kChromeUIScheme);
[email protected]e0f35c92013-05-08 16:04:34[diff] [blame]66
67 // Claim to always handle file:// URLs like the browser would.
68 // net::URLRequest::IsHandledURL() no longer claims support for default
69 // protocols as this is the responsibility of the browser (which is
70 // responsible for adding the appropriate ProtocolHandler).
[email protected]cca6f392014-05-28 21:32:26[diff] [blame]71 test_browser_client_.AddScheme(url::kFileScheme);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]72 }
73
74 virtual void TearDown() {
75 test_browser_client_.ClearSchemes();
[email protected]eabbfb12013-04-05 23:28:35[diff] [blame]76 SetBrowserClientForTesting(old_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]77 }
78
79 protected:
80 void RegisterTestScheme(const std::string& scheme) {
81 test_browser_client_.AddScheme(scheme);
82 }
83
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]84 void GrantPermissionsForFile(ChildProcessSecurityPolicyImpl* p,
85 int child_id,
86 const base::FilePath& file,
87 int permissions) {
88 p->GrantPermissionsForFile(child_id, file, permissions);
89 }
90
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]91 void CheckHasNoFileSystemPermission(ChildProcessSecurityPolicyImpl* p,
92 const std::string& child_id) {
93 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, child_id));
94 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, child_id));
95 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, child_id));
96 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, child_id));
97 }
98
99 void CheckHasNoFileSystemFilePermission(ChildProcessSecurityPolicyImpl* p,
100 const base::FilePath& file,
101 const fileapi::FileSystemURL& url) {
102 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
103 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, file));
104 EXPECT_FALSE(p->CanReadFileSystemFile(kRendererID, url));
105 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, url));
106 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, url));
107 EXPECT_FALSE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
108 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, url));
109 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, url));
110 }
111
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]112 private:
113 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_;
[email protected]46488322012-10-30 03:22:20[diff] [blame]114 ContentBrowserClient* old_browser_client_;
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]115};
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]116
[email protected]9f104312013-07-23 23:18:19[diff] [blame]117
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]118TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]119 ChildProcessSecurityPolicyImpl* p =
120 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]121
[email protected]e8ca69c2014-05-07 15:31:19[diff] [blame]122 EXPECT_TRUE(p->IsWebSafeScheme(url::kHttpScheme));
123 EXPECT_TRUE(p->IsWebSafeScheme(url::kHttpsScheme));
[email protected]cca6f392014-05-28 21:32:26[diff] [blame]124 EXPECT_TRUE(p->IsWebSafeScheme(url::kFtpScheme));
125 EXPECT_TRUE(p->IsWebSafeScheme(url::kDataScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]126 EXPECT_TRUE(p->IsWebSafeScheme("feed"));
[email protected]cca6f392014-05-28 21:32:26[diff] [blame]127 EXPECT_TRUE(p->IsWebSafeScheme(url::kBlobScheme));
128 EXPECT_TRUE(p->IsWebSafeScheme(url::kFileSystemScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]129
130 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme"));
131 p->RegisterWebSafeScheme("registered-web-safe-scheme");
132 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]133
[email protected]2d9748b22014-02-11 00:17:29[diff] [blame]134 EXPECT_FALSE(p->IsWebSafeScheme(kChromeUIScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]135}
136
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]137TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]138 ChildProcessSecurityPolicyImpl* p =
139 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]140
[email protected]8e09c7af2014-06-10 11:46:17[diff] [blame^]141 EXPECT_TRUE(p->IsPseudoScheme(url::kAboutScheme));
[email protected]cca6f392014-05-28 21:32:26[diff] [blame]142 EXPECT_TRUE(p->IsPseudoScheme(url::kJavaScriptScheme));
[email protected]dbdda5402013-05-30 22:13:48[diff] [blame]143 EXPECT_TRUE(p->IsPseudoScheme(kViewSourceScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]144
[email protected]419a0572011-04-18 22:21:46[diff] [blame]145 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme"));
146 p->RegisterPseudoScheme("registered-pseudo-scheme");
147 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]148
[email protected]2d9748b22014-02-11 00:17:29[diff] [blame]149 EXPECT_FALSE(p->IsPseudoScheme(kChromeUIScheme));
[email protected]419a0572011-04-18 22:21:46[diff] [blame]150}
151
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]152TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]153 ChildProcessSecurityPolicyImpl* p =
154 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]155
156 p->Add(kRendererID);
157
158 // Safe
159 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/")));
160 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/")));
161 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
162 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
163 EXPECT_TRUE(p->CanRequestURL(kRendererID,
164 GURL("view-source:http://www.google.com/")));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]165 EXPECT_TRUE(p->CanRequestURL(
166 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]167
168 // Dangerous
169 EXPECT_FALSE(p->CanRequestURL(kRendererID,
170 GURL("file:///etc/passwd")));
171 EXPECT_FALSE(p->CanRequestURL(kRendererID,
[email protected]60e448982009-05-06 04:21:16[diff] [blame]172 GURL("chrome://foo/bar")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]173
174 p->Remove(kRendererID);
175}
176
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]177TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]178 ChildProcessSecurityPolicyImpl* p =
179 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]180
181 p->Add(kRendererID);
182
183 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank")));
184 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK")));
185 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK")));
186 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank")));
187
[email protected]ed3456f2009-02-26 20:24:48[diff] [blame]188 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory")));
189 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
190 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
191 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]192
193 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory")));
194 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
195 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe")));
196
[email protected]8bf1048012012-02-08 01:22:18[diff] [blame]197 // Requests for about: pages should be denied.
198 p->GrantRequestURL(kRendererID, GURL("about:crash"));
199 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]200
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]201 // These requests for chrome:// pages should be granted.
[email protected]e068c2d2012-10-23 16:45:18[diff] [blame]202 GURL chrome_url("chrome://foo");
203 p->GrantRequestURL(kRendererID, chrome_url);
204 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]205
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]206 p->Remove(kRendererID);
207}
208
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]209TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]210 ChildProcessSecurityPolicyImpl* p =
211 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]212
213 p->Add(kRendererID);
214
215 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
216 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
217 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
218
219 p->Remove(kRendererID);
220}
221
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]222TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]223 ChildProcessSecurityPolicyImpl* p =
224 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]225
226 p->Add(kRendererID);
227
228 // Currently, "asdf" is destined for ShellExecute, so it is allowed.
229 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
230
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]231 // Once we register "asdf", we default to deny.
232 RegisterTestScheme("asdf");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]233 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
234
235 // We can allow new schemes by adding them to the whitelist.
236 p->RegisterWebSafeScheme("asdf");
237 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
238
239 // Cleanup.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]240 p->Remove(kRendererID);
241}
242
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]243TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]244 ChildProcessSecurityPolicyImpl* p =
245 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]246
247 p->Add(kRendererID);
248
249 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
250 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
251 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
252
253 // We should forget our state if we repeat a renderer id.
254 p->Remove(kRendererID);
255 p->Add(kRendererID);
256 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
257 p->Remove(kRendererID);
258}
259
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]260TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]261 ChildProcessSecurityPolicyImpl* p =
262 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]263
264 p->Add(kRendererID);
265
266 // View source is determined by the embedded scheme.
267 EXPECT_TRUE(p->CanRequestURL(kRendererID,
268 GURL("view-source:http://www.google.com/")));
269 EXPECT_FALSE(p->CanRequestURL(kRendererID,
270 GURL("view-source:file:///etc/passwd")));
271 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
[email protected]690d0a9172010-01-06 00:19:36[diff] [blame]272 EXPECT_FALSE(p->CanRequestURL(
273 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]274
275 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
276 // View source needs to be able to request the embedded scheme.
277 EXPECT_TRUE(p->CanRequestURL(kRendererID,
278 GURL("view-source:file:///etc/passwd")));
279 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
280
281 p->Remove(kRendererID);
282}
283
[email protected]dc67e1c32012-06-08 00:10:40[diff] [blame]284TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
285 ChildProcessSecurityPolicyImpl* p =
286 ChildProcessSecurityPolicyImpl::GetInstance();
287
288 p->Add(kRendererID);
289
290 GURL icon_url("file:///tmp/foo.png");
291 GURL sensitive_url("file:///etc/passwd");
292 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url));
293 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
294
295 p->GrantRequestSpecificFileURL(kRendererID, icon_url);
296 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
297 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
298
299 p->GrantRequestURL(kRendererID, icon_url);
300 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
301 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url));
302
303 p->Remove(kRendererID);
304}
305
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]306TEST_F(ChildProcessSecurityPolicyTest, FileSystemGrantsTest) {
307 ChildProcessSecurityPolicyImpl* p =
308 ChildProcessSecurityPolicyImpl::GetInstance();
309
310 p->Add(kRendererID);
311 std::string read_id = fileapi::IsolatedContext::GetInstance()->
312 RegisterFileSystemForVirtualPath(fileapi::kFileSystemTypeTest,
313 "read_filesystem",
314 base::FilePath());
315 std::string read_write_id = fileapi::IsolatedContext::GetInstance()->
316 RegisterFileSystemForVirtualPath(fileapi::kFileSystemTypeTest,
317 "read_write_filesystem",
318 base::FilePath());
319 std::string copy_into_id = fileapi::IsolatedContext::GetInstance()->
320 RegisterFileSystemForVirtualPath(fileapi::kFileSystemTypeTest,
321 "copy_into_filesystem",
322 base::FilePath());
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]323 std::string delete_from_id = fileapi::IsolatedContext::GetInstance()->
324 RegisterFileSystemForVirtualPath(fileapi::kFileSystemTypeTest,
325 "delete_from_filesystem",
326 base::FilePath());
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]327
328 // Test initially having no permissions.
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]329 CheckHasNoFileSystemPermission(p, read_id);
330 CheckHasNoFileSystemPermission(p, read_write_id);
331 CheckHasNoFileSystemPermission(p, copy_into_id);
332 CheckHasNoFileSystemPermission(p, delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]333
334 // Testing varying combinations of grants and checks.
335 p->GrantReadFileSystem(kRendererID, read_id);
336 EXPECT_TRUE(p->CanReadFileSystem(kRendererID, read_id));
337 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, read_id));
338 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, read_id));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]339 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, read_id));
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]340
341 p->GrantReadFileSystem(kRendererID, read_write_id);
342 p->GrantWriteFileSystem(kRendererID, read_write_id);
343 EXPECT_TRUE(p->CanReadFileSystem(kRendererID, read_write_id));
344 EXPECT_TRUE(p->CanReadWriteFileSystem(kRendererID, read_write_id));
345 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, read_write_id));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]346 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, read_write_id));
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]347
348 p->GrantCopyIntoFileSystem(kRendererID, copy_into_id);
349 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, copy_into_id));
350 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, copy_into_id));
351 EXPECT_TRUE(p->CanCopyIntoFileSystem(kRendererID, copy_into_id));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]352 EXPECT_FALSE(p->CanDeleteFromFileSystem(kRendererID, copy_into_id));
353
354 p->GrantDeleteFromFileSystem(kRendererID, delete_from_id);
355 EXPECT_FALSE(p->CanReadFileSystem(kRendererID, delete_from_id));
356 EXPECT_FALSE(p->CanReadWriteFileSystem(kRendererID, delete_from_id));
357 EXPECT_FALSE(p->CanCopyIntoFileSystem(kRendererID, delete_from_id));
358 EXPECT_TRUE(p->CanDeleteFromFileSystem(kRendererID, delete_from_id));
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]359
360 // Test revoke permissions on renderer ID removal.
361 p->Remove(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]362 CheckHasNoFileSystemPermission(p, read_id);
363 CheckHasNoFileSystemPermission(p, read_write_id);
364 CheckHasNoFileSystemPermission(p, copy_into_id);
365 CheckHasNoFileSystemPermission(p, delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]366
367 // Test having no permissions upon re-adding same renderer ID.
368 p->Add(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]369 CheckHasNoFileSystemPermission(p, read_id);
370 CheckHasNoFileSystemPermission(p, read_write_id);
371 CheckHasNoFileSystemPermission(p, copy_into_id);
372 CheckHasNoFileSystemPermission(p, delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]373
374 // Cleanup.
375 p->Remove(kRendererID);
376 fileapi::IsolatedContext::GetInstance()->RevokeFileSystem(read_id);
377 fileapi::IsolatedContext::GetInstance()->RevokeFileSystem(read_write_id);
378 fileapi::IsolatedContext::GetInstance()->RevokeFileSystem(copy_into_id);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]379 fileapi::IsolatedContext::GetInstance()->RevokeFileSystem(delete_from_id);
[email protected]b78c188fa62013-07-23 18:04:45[diff] [blame]380}
381
[email protected]9f104312013-07-23 23:18:19[diff] [blame]382TEST_F(ChildProcessSecurityPolicyTest, FilePermissionGrantingAndRevoking) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]383 ChildProcessSecurityPolicyImpl* p =
384 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]385
[email protected]9f104312013-07-23 23:18:19[diff] [blame]386 p->RegisterFileSystemPermissionPolicy(
387 fileapi::kFileSystemTypeTest,
388 fileapi::FILE_PERMISSION_USE_FILE_PERMISSION);
389
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]390 p->Add(kRendererID);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]391 base::FilePath file(TEST_PATH("/dir/testfile"));
392 file = file.NormalizePathSeparators();
393 fileapi::FileSystemURL url = fileapi::FileSystemURL::CreateForTest(
394 GURL("http://foo/"), fileapi::kFileSystemTypeTest, file);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]395
[email protected]9f104312013-07-23 23:18:19[diff] [blame]396 // Test initially having no permissions.
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]397 CheckHasNoFileSystemFilePermission(p, file, url);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]398
[email protected]9f104312013-07-23 23:18:19[diff] [blame]399 // Testing every combination of permissions granting and revoking.
400 p->GrantReadFile(kRendererID, file);
401 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]402 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, file));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]403 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, url));
404 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, url));
405 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, url));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]406 EXPECT_FALSE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]407 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, url));
408 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, url));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]409 p->RevokeAllPermissionsForFile(kRendererID, file);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]410 CheckHasNoFileSystemFilePermission(p, file, url);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]411
412 p->GrantCreateReadWriteFile(kRendererID, file);
413 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]414 EXPECT_TRUE(p->CanCreateReadWriteFile(kRendererID, file));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]415 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, url));
416 EXPECT_TRUE(p->CanWriteFileSystemFile(kRendererID, url));
417 EXPECT_TRUE(p->CanCreateFileSystemFile(kRendererID, url));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]418 EXPECT_TRUE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]419 EXPECT_TRUE(p->CanCopyIntoFileSystemFile(kRendererID, url));
420 EXPECT_TRUE(p->CanDeleteFileSystemFile(kRendererID, url));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]421 p->RevokeAllPermissionsForFile(kRendererID, file);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]422 CheckHasNoFileSystemFilePermission(p, file, url);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]423
424 // Test revoke permissions on renderer ID removal.
425 p->GrantCreateReadWriteFile(kRendererID, file);
426 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]427 EXPECT_TRUE(p->CanCreateReadWriteFile(kRendererID, file));
[email protected]9f104312013-07-23 23:18:19[diff] [blame]428 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, url));
429 EXPECT_TRUE(p->CanWriteFileSystemFile(kRendererID, url));
430 EXPECT_TRUE(p->CanCreateFileSystemFile(kRendererID, url));
[email protected]d4c797f2013-09-26 08:18:53[diff] [blame]431 EXPECT_TRUE(p->CanCreateReadWriteFileSystemFile(kRendererID, url));
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]432 EXPECT_TRUE(p->CanCopyIntoFileSystemFile(kRendererID, url));
433 EXPECT_TRUE(p->CanDeleteFileSystemFile(kRendererID, url));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]434 p->Remove(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]435 CheckHasNoFileSystemFilePermission(p, file, url);
[email protected]9f104312013-07-23 23:18:19[diff] [blame]436
437 // Test having no permissions upon re-adding same renderer ID.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]438 p->Add(kRendererID);
[email protected]5a65fde32013-10-22 05:15:34[diff] [blame]439 CheckHasNoFileSystemFilePermission(p, file, url);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]440
[email protected]9f104312013-07-23 23:18:19[diff] [blame]441 // Cleanup.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]442 p->Remove(kRendererID);
443}
444
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]445TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
[email protected]c42de732013-02-16 06:26:31[diff] [blame]446 base::FilePath granted_file = base::FilePath(TEST_PATH("/home/joe"));
447 base::FilePath sibling_file = base::FilePath(TEST_PATH("/home/bob"));
448 base::FilePath child_file = base::FilePath(TEST_PATH("/home/joe/file"));
449 base::FilePath parent_file = base::FilePath(TEST_PATH("/home"));
450 base::FilePath parent_slash_file = base::FilePath(TEST_PATH("/home/"));
451 base::FilePath child_traversal1 =
452 base::FilePath(TEST_PATH("/home/joe/././file"));
453 base::FilePath child_traversal2 = base::FilePath(
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]454 TEST_PATH("/home/joe/file/../otherfile"));
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]455 base::FilePath evil_traversal1 =
[email protected]023ad6ab2013-02-17 05:07:23[diff] [blame]456 base::FilePath(TEST_PATH("/home/joe/../../etc/passwd"));
[email protected]c42de732013-02-16 06:26:31[diff] [blame]457 base::FilePath evil_traversal2 = base::FilePath(
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]458 TEST_PATH("/home/joe/./.././../etc/passwd"));
[email protected]c42de732013-02-16 06:26:31[diff] [blame]459 base::FilePath self_traversal =
460 base::FilePath(TEST_PATH("/home/joe/../joe/file"));
461 base::FilePath relative_file = base::FilePath(FILE_PATH_LITERAL("home/joe"));
[email protected]80838412012-11-20 01:53:59[diff] [blame]462
[email protected]b9535422012-02-09 01:47:59[diff] [blame]463 ChildProcessSecurityPolicyImpl* p =
464 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]465
466 // Grant permissions for a file.
467 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]468 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]469 base::File::FLAG_OPEN));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]470
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]471 GrantPermissionsForFile(p, kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]472 base::File::FLAG_OPEN |
473 base::File::FLAG_OPEN_TRUNCATED |
474 base::File::FLAG_READ |
475 base::File::FLAG_WRITE);
[email protected]80838412012-11-20 01:53:59[diff] [blame]476 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]477 base::File::FLAG_OPEN |
478 base::File::FLAG_OPEN_TRUNCATED |
479 base::File::FLAG_READ |
480 base::File::FLAG_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame]481 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]482 base::File::FLAG_OPEN |
483 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]484 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]485 base::File::FLAG_CREATE));
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]486 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, 0));
[email protected]80838412012-11-20 01:53:59[diff] [blame]487 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]488 base::File::FLAG_CREATE |
489 base::File::FLAG_OPEN_TRUNCATED |
490 base::File::FLAG_READ |
491 base::File::FLAG_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame]492 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]493 base::File::FLAG_OPEN |
494 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]495 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]496 base::File::FLAG_OPEN |
497 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]498 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]499 base::File::FLAG_OPEN |
500 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]501 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]502 base::File::FLAG_OPEN |
503 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]504 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]505 base::File::FLAG_OPEN |
506 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]507 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]508 base::File::FLAG_OPEN |
509 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]510 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]511 base::File::FLAG_OPEN |
512 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]513 // CPSP doesn't allow this case for the sake of simplicity.
514 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]515 base::File::FLAG_OPEN |
516 base::File::FLAG_READ));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]517 p->Remove(kRendererID);
518
519 // Grant permissions for the directory the file is in.
520 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]521 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]522 base::File::FLAG_OPEN));
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]523 GrantPermissionsForFile(p, kRendererID, parent_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]524 base::File::FLAG_OPEN |
525 base::File::FLAG_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]526 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]527 base::File::FLAG_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]528 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]529 base::File::FLAG_READ |
530 base::File::FLAG_WRITE));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]531 p->Remove(kRendererID);
532
533 // Grant permissions for the directory the file is in (with trailing '/').
534 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]535 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]536 base::File::FLAG_OPEN));
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]537 GrantPermissionsForFile(p, kRendererID, parent_slash_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]538 base::File::FLAG_OPEN |
539 base::File::FLAG_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]540 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]541 base::File::FLAG_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]542 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]543 base::File::FLAG_READ |
544 base::File::FLAG_WRITE));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]545
546 // Grant permissions for the file (should overwrite the permissions granted
547 // for the directory).
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]548 GrantPermissionsForFile(p, kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]549 base::File::FLAG_TEMPORARY);
[email protected]80838412012-11-20 01:53:59[diff] [blame]550 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]551 base::File::FLAG_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]552 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]553 base::File::FLAG_TEMPORARY));
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]554
555 // Revoke all permissions for the file (it should inherit its permissions
556 // from the directory again).
[email protected]80838412012-11-20 01:53:59[diff] [blame]557 p->RevokeAllPermissionsForFile(kRendererID, granted_file);
558 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]559 base::File::FLAG_OPEN |
560 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]561 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]562 base::File::FLAG_TEMPORARY));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]563 p->Remove(kRendererID);
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]564
565 // Grant file permissions for the file to main thread renderer process,
566 // make sure its worker thread renderer process inherits those.
567 p->Add(kRendererID);
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]568 GrantPermissionsForFile(p, kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]569 base::File::FLAG_OPEN |
570 base::File::FLAG_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]571 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]572 base::File::FLAG_OPEN |
573 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]574 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]575 base::File::FLAG_WRITE));
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]576 p->AddWorker(kWorkerRendererID, kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]577 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]578 base::File::FLAG_OPEN |
579 base::File::FLAG_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]580 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]581 base::File::FLAG_WRITE));
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]582 p->Remove(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]583 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]584 base::File::FLAG_OPEN |
585 base::File::FLAG_READ));
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]586 p->Remove(kWorkerRendererID);
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]587
588 p->Add(kRendererID);
[email protected]bfcf1e92013-07-11 04:37:25[diff] [blame]589 GrantPermissionsForFile(p, kRendererID, relative_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]590 base::File::FLAG_OPEN);
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]591 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, relative_file,
[email protected]2c288ed2014-06-05 22:07:41[diff] [blame]592 base::File::FLAG_OPEN));
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]593 p->Remove(kRendererID);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]594}
595
[email protected]c50008512011-02-03 01:17:27[diff] [blame]596TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]597 ChildProcessSecurityPolicyImpl* p =
598 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]599
[email protected]60e448982009-05-06 04:21:16[diff] [blame]600 GURL url("chrome://thumb/http://www.google.com/");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]601
602 p->Add(kRendererID);
603
[email protected]c50008512011-02-03 01:17:27[diff] [blame]604 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]605 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]606 p->GrantWebUIBindings(kRendererID);
607 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]608 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
609
610 p->Remove(kRendererID);
611}
612
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]613TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]614 ChildProcessSecurityPolicyImpl* p =
615 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]616
617 GURL url("file:///etc/passwd");
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]618 base::FilePath file(TEST_PATH("/etc/passwd"));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]619
620 p->Add(kRendererID);
621
622 p->GrantRequestURL(kRendererID, url);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]623 p->GrantReadFile(kRendererID, file);
[email protected]c50008512011-02-03 01:17:27[diff] [blame]624 p->GrantWebUIBindings(kRendererID);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]625
626 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]627 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]628 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]629
630 p->Remove(kRendererID);
631
632 // Renderers are added and removed on the UI thread, but the policy can be
[email protected]580522632009-08-17 21:55:55[diff] [blame]633 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be
634 // prepared to answer policy questions about renderers who no longer exist.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]635
636 // In this case, we default to secure behavior.
637 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]638 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]639 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]640}
[email protected]46488322012-10-30 03:22:20[diff] [blame]641
642} // namespace content