Google Git
Sign in
chromium / chromium / src.git / dbdda5408e79f9b0a0936743f9c48ee258c08bf5 / . / content / browser / child_process_security_policy_unittest.cc
blob: 2bae39eacd32a88c9cd5ec02b70796e5373924a3 [file] [log] [blame]
[email protected]b9535422012-02-09 01:47:59[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
license.botbf09a502008-08-24 00:55:55[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]4
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]5#include <set>
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]6#include <string>
7
8#include "base/basictypes.h"
[email protected]57999812013-02-24 05:40:52[diff] [blame]9#include "base/files/file_path.h"
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]10#include "base/platform_file.h"
[email protected]b9535422012-02-09 01:47:59[diff] [blame]11#include "content/browser/child_process_security_policy_impl.h"
[email protected]a1d29162011-10-14 17:14:03[diff] [blame]12#include "content/public/common/url_constants.h"
[email protected]c6681f32012-06-05 14:43:01[diff] [blame]13#include "content/test/test_content_browser_client.h"
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]14#include "googleurl/src/gurl.h"
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]15#include "testing/gtest/include/gtest/gtest.h"
16
[email protected]46488322012-10-30 03:22:20[diff] [blame]17namespace content {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]18namespace {
19
20const int kRendererID = 42;
21const int kWorkerRendererID = kRendererID + 1;
22
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]23#if defined(FILE_PATH_USES_DRIVE_LETTERS)
24#define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x)
25#else
26#define TEST_PATH(x) FILE_PATH_LITERAL(x)
27#endif
28
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]29class ChildProcessSecurityPolicyTestBrowserClient
[email protected]46488322012-10-30 03:22:20[diff] [blame]30 : public TestContentBrowserClient {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]31 public:
32 ChildProcessSecurityPolicyTestBrowserClient() {}
33
[email protected]c3e35892013-02-12 02:08:01[diff] [blame]34 virtual bool IsHandledURL(const GURL& url) OVERRIDE {
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]35 return schemes_.find(url.scheme()) != schemes_.end();
[email protected]e3539402011-07-19 09:31:08[diff] [blame]36 }
37
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]38 void ClearSchemes() {
39 schemes_.clear();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]40 }
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]41
42 void AddScheme(const std::string& scheme) {
43 schemes_.insert(scheme);
44 }
45
46 private:
47 std::set<std::string> schemes_;
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]48};
49
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]50} // namespace
51
52class ChildProcessSecurityPolicyTest : public testing::Test {
53 public:
54 ChildProcessSecurityPolicyTest() : old_browser_client_(NULL) {
55 }
56
57 virtual void SetUp() {
[email protected]eabbfb12013-04-05 23:28:35[diff] [blame]58 old_browser_client_ = SetBrowserClientForTesting(&test_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]59
60 // Claim to always handle chrome:// URLs because the CPSP's notion of
61 // allowing WebUI bindings is hard-wired to this particular scheme.
[email protected]e0f35c92013-05-08 16:04:34[diff] [blame]62 test_browser_client_.AddScheme(chrome::kChromeUIScheme);
63
64 // Claim to always handle file:// URLs like the browser would.
65 // net::URLRequest::IsHandledURL() no longer claims support for default
66 // protocols as this is the responsibility of the browser (which is
67 // responsible for adding the appropriate ProtocolHandler).
68 test_browser_client_.AddScheme(chrome::kFileScheme);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]69 }
70
71 virtual void TearDown() {
72 test_browser_client_.ClearSchemes();
[email protected]eabbfb12013-04-05 23:28:35[diff] [blame]73 SetBrowserClientForTesting(old_browser_client_);
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]74 }
75
76 protected:
77 void RegisterTestScheme(const std::string& scheme) {
78 test_browser_client_.AddScheme(scheme);
79 }
80
81 private:
82 ChildProcessSecurityPolicyTestBrowserClient test_browser_client_;
[email protected]46488322012-10-30 03:22:20[diff] [blame]83 ContentBrowserClient* old_browser_client_;
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]84};
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]85
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]86TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]87 ChildProcessSecurityPolicyImpl* p =
88 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]89
[email protected]e0d481582009-09-15 21:06:25[diff] [blame]90 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpScheme));
91 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kHttpsScheme));
92 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFtpScheme));
93 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kDataScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]94 EXPECT_TRUE(p->IsWebSafeScheme("feed"));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]95 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kBlobScheme));
96 EXPECT_TRUE(p->IsWebSafeScheme(chrome::kFileSystemScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]97
98 EXPECT_FALSE(p->IsWebSafeScheme("registered-web-safe-scheme"));
99 p->RegisterWebSafeScheme("registered-web-safe-scheme");
100 EXPECT_TRUE(p->IsWebSafeScheme("registered-web-safe-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]101
102 EXPECT_FALSE(p->IsWebSafeScheme(chrome::kChromeUIScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]103}
104
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]105TEST_F(ChildProcessSecurityPolicyTest, IsPseudoSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]106 ChildProcessSecurityPolicyImpl* p =
107 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]108
[email protected]e0d481582009-09-15 21:06:25[diff] [blame]109 EXPECT_TRUE(p->IsPseudoScheme(chrome::kAboutScheme));
110 EXPECT_TRUE(p->IsPseudoScheme(chrome::kJavaScriptScheme));
[email protected]dbdda5402013-05-30 22:13:48[diff] [blame^]111 EXPECT_TRUE(p->IsPseudoScheme(kViewSourceScheme));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]112
[email protected]419a0572011-04-18 22:21:46[diff] [blame]113 EXPECT_FALSE(p->IsPseudoScheme("registered-pseudo-scheme"));
114 p->RegisterPseudoScheme("registered-pseudo-scheme");
115 EXPECT_TRUE(p->IsPseudoScheme("registered-pseudo-scheme"));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]116
117 EXPECT_FALSE(p->IsPseudoScheme(chrome::kChromeUIScheme));
[email protected]419a0572011-04-18 22:21:46[diff] [blame]118}
119
120TEST_F(ChildProcessSecurityPolicyTest, IsDisabledSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]121 ChildProcessSecurityPolicyImpl* p =
122 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]419a0572011-04-18 22:21:46[diff] [blame]123
124 EXPECT_FALSE(p->IsDisabledScheme("evil-scheme"));
125 std::set<std::string> disabled_set;
126 disabled_set.insert("evil-scheme");
127 p->RegisterDisabledSchemes(disabled_set);
128 EXPECT_TRUE(p->IsDisabledScheme("evil-scheme"));
129 EXPECT_FALSE(p->IsDisabledScheme("good-scheme"));
130
131 disabled_set.clear();
132 p->RegisterDisabledSchemes(disabled_set);
133 EXPECT_FALSE(p->IsDisabledScheme("evil-scheme"));
134 EXPECT_FALSE(p->IsDisabledScheme("good-scheme"));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]135}
136
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]137TEST_F(ChildProcessSecurityPolicyTest, StandardSchemesTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]138 ChildProcessSecurityPolicyImpl* p =
139 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]140
141 p->Add(kRendererID);
142
143 // Safe
144 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com/")));
145 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("https://www.paypal.com/")));
146 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("ftp://ftp.gnu.org/")));
147 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("data:text/html,<b>Hi</b>")));
148 EXPECT_TRUE(p->CanRequestURL(kRendererID,
149 GURL("view-source:http://www.google.com/")));
[email protected]039c7b0b22011-03-04 23:15:42[diff] [blame]150 EXPECT_TRUE(p->CanRequestURL(
151 kRendererID, GURL("filesystem:http://localhost/temporary/a.gif")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]152
153 // Dangerous
154 EXPECT_FALSE(p->CanRequestURL(kRendererID,
155 GURL("file:///etc/passwd")));
156 EXPECT_FALSE(p->CanRequestURL(kRendererID,
[email protected]60e448982009-05-06 04:21:16[diff] [blame]157 GURL("chrome://foo/bar")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]158
159 p->Remove(kRendererID);
160}
161
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]162TEST_F(ChildProcessSecurityPolicyTest, AboutTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]163 ChildProcessSecurityPolicyImpl* p =
164 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]165
166 p->Add(kRendererID);
167
168 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:blank")));
169 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("about:BlAnK")));
170 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:BlAnK")));
171 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("aBouT:blank")));
172
[email protected]ed3456f2009-02-26 20:24:48[diff] [blame]173 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:memory")));
174 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
175 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:cache")));
176 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:hang")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]177
178 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("aBoUt:memory")));
179 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:CrASh")));
180 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("abOuT:cAChe")));
181
[email protected]8bf1048012012-02-08 01:22:18[diff] [blame]182 // Requests for about: pages should be denied.
183 p->GrantRequestURL(kRendererID, GURL("about:crash"));
184 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("about:crash")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]185
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]186 // These requests for chrome:// pages should be granted.
[email protected]e068c2d2012-10-23 16:45:18[diff] [blame]187 GURL chrome_url("chrome://foo");
188 p->GrantRequestURL(kRendererID, chrome_url);
189 EXPECT_TRUE(p->CanRequestURL(kRendererID, chrome_url));
[email protected]89f550b2011-06-08 18:34:03[diff] [blame]190
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]191 p->Remove(kRendererID);
192}
193
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]194TEST_F(ChildProcessSecurityPolicyTest, JavaScriptTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]195 ChildProcessSecurityPolicyImpl* p =
196 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]197
198 p->Add(kRendererID);
199
200 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
201 p->GrantRequestURL(kRendererID, GURL("javascript:alert('xss')"));
202 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("javascript:alert('xss')")));
203
204 p->Remove(kRendererID);
205}
206
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]207TEST_F(ChildProcessSecurityPolicyTest, RegisterWebSafeSchemeTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]208 ChildProcessSecurityPolicyImpl* p =
209 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]210
211 p->Add(kRendererID);
212
213 // Currently, "asdf" is destined for ShellExecute, so it is allowed.
214 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
215
[email protected]46fb9442011-12-09 17:57:47[diff] [blame]216 // Once we register "asdf", we default to deny.
217 RegisterTestScheme("asdf");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]218 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
219
220 // We can allow new schemes by adding them to the whitelist.
221 p->RegisterWebSafeScheme("asdf");
222 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("asdf:rockers")));
223
224 // Cleanup.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]225 p->Remove(kRendererID);
226}
227
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]228TEST_F(ChildProcessSecurityPolicyTest, CanServiceCommandsTest) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]229 ChildProcessSecurityPolicyImpl* p =
230 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]231
232 p->Add(kRendererID);
233
234 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
235 p->GrantRequestURL(kRendererID, GURL("file:///etc/passwd"));
236 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
237
[email protected]419a0572011-04-18 22:21:46[diff] [blame]238 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path")));
239 std::set<std::string> disabled_set;
240 disabled_set.insert("evil-scheme");
241 p->RegisterDisabledSchemes(disabled_set);
242 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com")));
243 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path")));
244 disabled_set.clear();
245 p->RegisterDisabledSchemes(disabled_set);
246 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("http://www.google.com")));
247 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("evil-scheme:/path")));
248
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]249 // We should forget our state if we repeat a renderer id.
250 p->Remove(kRendererID);
251 p->Add(kRendererID);
252 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
253 p->Remove(kRendererID);
254}
255
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]256TEST_F(ChildProcessSecurityPolicyTest, ViewSource) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]257 ChildProcessSecurityPolicyImpl* p =
258 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]259
260 p->Add(kRendererID);
261
262 // View source is determined by the embedded scheme.
263 EXPECT_TRUE(p->CanRequestURL(kRendererID,
264 GURL("view-source:http://www.google.com/")));
265 EXPECT_FALSE(p->CanRequestURL(kRendererID,
266 GURL("view-source:file:///etc/passwd")));
267 EXPECT_FALSE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
[email protected]690d0a9172010-01-06 00:19:36[diff] [blame]268 EXPECT_FALSE(p->CanRequestURL(
269 kRendererID, GURL("view-source:view-source:http://www.google.com/")));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]270
271 p->GrantRequestURL(kRendererID, GURL("view-source:file:///etc/passwd"));
272 // View source needs to be able to request the embedded scheme.
273 EXPECT_TRUE(p->CanRequestURL(kRendererID,
274 GURL("view-source:file:///etc/passwd")));
275 EXPECT_TRUE(p->CanRequestURL(kRendererID, GURL("file:///etc/passwd")));
276
277 p->Remove(kRendererID);
278}
279
[email protected]dc67e1c32012-06-08 00:10:40[diff] [blame]280TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
281 ChildProcessSecurityPolicyImpl* p =
282 ChildProcessSecurityPolicyImpl::GetInstance();
283
284 p->Add(kRendererID);
285
286 GURL icon_url("file:///tmp/foo.png");
287 GURL sensitive_url("file:///etc/passwd");
288 EXPECT_FALSE(p->CanRequestURL(kRendererID, icon_url));
289 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
290
291 p->GrantRequestSpecificFileURL(kRendererID, icon_url);
292 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
293 EXPECT_FALSE(p->CanRequestURL(kRendererID, sensitive_url));
294
295 p->GrantRequestURL(kRendererID, icon_url);
296 EXPECT_TRUE(p->CanRequestURL(kRendererID, icon_url));
297 EXPECT_TRUE(p->CanRequestURL(kRendererID, sensitive_url));
298
299 p->Remove(kRendererID);
300}
301
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]302TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]303 ChildProcessSecurityPolicyImpl* p =
304 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]305
306 p->Add(kRendererID);
307
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]308 EXPECT_FALSE(p->CanReadFile(kRendererID,
309 base::FilePath(TEST_PATH("/etc/passwd"))));
310 p->GrantReadFile(kRendererID, base::FilePath(TEST_PATH("/etc/passwd")));
311 EXPECT_TRUE(p->CanReadFile(kRendererID,
312 base::FilePath(TEST_PATH("/etc/passwd"))));
313 EXPECT_FALSE(p->CanReadFile(kRendererID,
314 base::FilePath(TEST_PATH("/etc/shadow"))));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]315
316 p->Remove(kRendererID);
317 p->Add(kRendererID);
318
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]319 EXPECT_FALSE(p->CanReadFile(kRendererID,
320 base::FilePath(TEST_PATH("/etc/passwd"))));
321 EXPECT_FALSE(p->CanReadFile(kRendererID,
322 base::FilePath(TEST_PATH("/etc/shadow"))));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]323
324 p->Remove(kRendererID);
325}
326
[email protected]600ea402011-04-12 00:01:51[diff] [blame]327TEST_F(ChildProcessSecurityPolicyTest, CanReadDirectories) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]328 ChildProcessSecurityPolicyImpl* p =
329 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]600ea402011-04-12 00:01:51[diff] [blame]330
331 p->Add(kRendererID);
332
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]333 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
334 base::FilePath(TEST_PATH("/etc/"))));
335 p->GrantReadDirectory(kRendererID,
336 base::FilePath(TEST_PATH("/etc/")));
337 EXPECT_TRUE(p->CanReadDirectory(kRendererID,
338 base::FilePath(TEST_PATH("/etc/"))));
339 EXPECT_TRUE(p->CanReadFile(kRendererID,
340 base::FilePath(TEST_PATH("/etc/passwd"))));
[email protected]600ea402011-04-12 00:01:51[diff] [blame]341
342 p->Remove(kRendererID);
343 p->Add(kRendererID);
344
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]345 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
346 base::FilePath(TEST_PATH("/etc/"))));
347 EXPECT_FALSE(p->CanReadFile(kRendererID,
348 base::FilePath(TEST_PATH("/etc/passwd"))));
[email protected]600ea402011-04-12 00:01:51[diff] [blame]349
350 // Just granting read permission as a file doesn't imply reading as a
351 // directory.
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]352 p->GrantReadFile(kRendererID, base::FilePath(TEST_PATH("/etc/")));
353 EXPECT_TRUE(p->CanReadFile(kRendererID,
354 base::FilePath(TEST_PATH("/etc/passwd"))));
355 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
356 base::FilePath(TEST_PATH("/etc/"))));
[email protected]600ea402011-04-12 00:01:51[diff] [blame]357
358 p->Remove(kRendererID);
359}
360
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]361TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
[email protected]c42de732013-02-16 06:26:31[diff] [blame]362 base::FilePath granted_file = base::FilePath(TEST_PATH("/home/joe"));
363 base::FilePath sibling_file = base::FilePath(TEST_PATH("/home/bob"));
364 base::FilePath child_file = base::FilePath(TEST_PATH("/home/joe/file"));
365 base::FilePath parent_file = base::FilePath(TEST_PATH("/home"));
366 base::FilePath parent_slash_file = base::FilePath(TEST_PATH("/home/"));
367 base::FilePath child_traversal1 =
368 base::FilePath(TEST_PATH("/home/joe/././file"));
369 base::FilePath child_traversal2 = base::FilePath(
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]370 TEST_PATH("/home/joe/file/../otherfile"));
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]371 base::FilePath evil_traversal1 =
[email protected]023ad6ab2013-02-17 05:07:23[diff] [blame]372 base::FilePath(TEST_PATH("/home/joe/../../etc/passwd"));
[email protected]c42de732013-02-16 06:26:31[diff] [blame]373 base::FilePath evil_traversal2 = base::FilePath(
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]374 TEST_PATH("/home/joe/./.././../etc/passwd"));
[email protected]c42de732013-02-16 06:26:31[diff] [blame]375 base::FilePath self_traversal =
376 base::FilePath(TEST_PATH("/home/joe/../joe/file"));
377 base::FilePath relative_file = base::FilePath(FILE_PATH_LITERAL("home/joe"));
[email protected]80838412012-11-20 01:53:59[diff] [blame]378
[email protected]b9535422012-02-09 01:47:59[diff] [blame]379 ChildProcessSecurityPolicyImpl* p =
380 ChildProcessSecurityPolicyImpl::GetInstance();
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]381
382 // Grant permissions for a file.
383 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]384 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]385 base::PLATFORM_FILE_OPEN));
386
[email protected]80838412012-11-20 01:53:59[diff] [blame]387 p->GrantPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]388 base::PLATFORM_FILE_OPEN |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]389 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]390 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]391 base::PLATFORM_FILE_WRITE);
[email protected]80838412012-11-20 01:53:59[diff] [blame]392 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]393 base::PLATFORM_FILE_OPEN |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]394 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]395 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]396 base::PLATFORM_FILE_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame]397 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]398 base::PLATFORM_FILE_OPEN |
399 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]400 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]401 base::PLATFORM_FILE_CREATE));
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]402 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, 0));
[email protected]80838412012-11-20 01:53:59[diff] [blame]403 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]404 base::PLATFORM_FILE_CREATE |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]405 base::PLATFORM_FILE_OPEN_TRUNCATED |
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]406 base::PLATFORM_FILE_READ |
[email protected]b2f2308d2011-05-23 22:00:04[diff] [blame]407 base::PLATFORM_FILE_WRITE));
[email protected]80838412012-11-20 01:53:59[diff] [blame]408 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file,
409 base::PLATFORM_FILE_OPEN |
410 base::PLATFORM_FILE_READ));
411 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file,
412 base::PLATFORM_FILE_OPEN |
413 base::PLATFORM_FILE_READ));
414 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file,
415 base::PLATFORM_FILE_OPEN |
416 base::PLATFORM_FILE_READ));
417 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal1,
418 base::PLATFORM_FILE_OPEN |
419 base::PLATFORM_FILE_READ));
420 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_traversal2,
421 base::PLATFORM_FILE_OPEN |
422 base::PLATFORM_FILE_READ));
423 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal1,
424 base::PLATFORM_FILE_OPEN |
425 base::PLATFORM_FILE_READ));
426 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_traversal2,
427 base::PLATFORM_FILE_OPEN |
428 base::PLATFORM_FILE_READ));
429 // CPSP doesn't allow this case for the sake of simplicity.
430 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, self_traversal,
431 base::PLATFORM_FILE_OPEN |
432 base::PLATFORM_FILE_READ));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]433 p->Remove(kRendererID);
434
435 // Grant permissions for the directory the file is in.
436 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]437 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]438 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]439 p->GrantPermissionsForFile(kRendererID, parent_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]440 base::PLATFORM_FILE_OPEN |
441 base::PLATFORM_FILE_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]442 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]443 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]444 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]445 base::PLATFORM_FILE_READ |
446 base::PLATFORM_FILE_WRITE));
447 p->Remove(kRendererID);
448
449 // Grant permissions for the directory the file is in (with trailing '/').
450 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]451 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]452 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]453 p->GrantPermissionsForFile(kRendererID, parent_slash_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]454 base::PLATFORM_FILE_OPEN |
455 base::PLATFORM_FILE_READ);
[email protected]80838412012-11-20 01:53:59[diff] [blame]456 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]457 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]458 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]459 base::PLATFORM_FILE_READ |
460 base::PLATFORM_FILE_WRITE));
461
462 // Grant permissions for the file (should overwrite the permissions granted
463 // for the directory).
[email protected]80838412012-11-20 01:53:59[diff] [blame]464 p->GrantPermissionsForFile(kRendererID, granted_file,
465 base::PLATFORM_FILE_TEMPORARY);
466 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]467 base::PLATFORM_FILE_OPEN));
[email protected]80838412012-11-20 01:53:59[diff] [blame]468 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]469 base::PLATFORM_FILE_TEMPORARY));
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]470
471 // Revoke all permissions for the file (it should inherit its permissions
472 // from the directory again).
[email protected]80838412012-11-20 01:53:59[diff] [blame]473 p->RevokeAllPermissionsForFile(kRendererID, granted_file);
474 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]475 base::PLATFORM_FILE_OPEN |
476 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]477 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]77930fe2010-10-01 22:45:34[diff] [blame]478 base::PLATFORM_FILE_TEMPORARY));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]479 p->Remove(kRendererID);
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]480
481 // Grant file permissions for the file to main thread renderer process,
482 // make sure its worker thread renderer process inherits those.
483 p->Add(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]484 p->GrantPermissionsForFile(kRendererID, granted_file,
485 base::PLATFORM_FILE_OPEN |
486 base::PLATFORM_FILE_READ);
487 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]488 base::PLATFORM_FILE_OPEN |
489 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]490 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]491 base::PLATFORM_FILE_WRITE));
492 p->AddWorker(kWorkerRendererID, kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]493 EXPECT_TRUE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]494 base::PLATFORM_FILE_OPEN |
495 base::PLATFORM_FILE_READ));
[email protected]80838412012-11-20 01:53:59[diff] [blame]496 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]497 base::PLATFORM_FILE_WRITE));
498 p->Remove(kRendererID);
[email protected]80838412012-11-20 01:53:59[diff] [blame]499 EXPECT_FALSE(p->HasPermissionsForFile(kWorkerRendererID, granted_file,
[email protected]cee64fd32011-05-02 18:59:07[diff] [blame]500 base::PLATFORM_FILE_OPEN |
501 base::PLATFORM_FILE_READ));
502 p->Remove(kWorkerRendererID);
[email protected]f0ecca4522013-01-07 21:50:56[diff] [blame]503
504 p->Add(kRendererID);
505 p->GrantPermissionsForFile(kRendererID, relative_file,
506 base::PLATFORM_FILE_OPEN);
507 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, relative_file,
508 base::PLATFORM_FILE_OPEN));
509 p->Remove(kRendererID);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]510}
511
[email protected]c50008512011-02-03 01:17:27[diff] [blame]512TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]513 ChildProcessSecurityPolicyImpl* p =
514 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]515
[email protected]60e448982009-05-06 04:21:16[diff] [blame]516 GURL url("chrome://thumb/http://www.google.com/");
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]517
518 p->Add(kRendererID);
519
[email protected]c50008512011-02-03 01:17:27[diff] [blame]520 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]521 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]522 p->GrantWebUIBindings(kRendererID);
523 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]524 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
525
526 p->Remove(kRendererID);
527}
528
[email protected]f58ddcf2009-05-18 22:22:06[diff] [blame]529TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) {
[email protected]b9535422012-02-09 01:47:59[diff] [blame]530 ChildProcessSecurityPolicyImpl* p =
531 ChildProcessSecurityPolicyImpl::GetInstance();
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]532
533 GURL url("file:///etc/passwd");
[email protected]2dec8ec2013-02-07 19:20:34[diff] [blame]534 base::FilePath file(TEST_PATH("/etc/passwd"));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]535
536 p->Add(kRendererID);
537
538 p->GrantRequestURL(kRendererID, url);
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]539 p->GrantReadFile(kRendererID, file);
[email protected]c50008512011-02-03 01:17:27[diff] [blame]540 p->GrantWebUIBindings(kRendererID);
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]541
542 EXPECT_TRUE(p->CanRequestURL(kRendererID, url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]543 EXPECT_TRUE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]544 EXPECT_TRUE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]545
546 p->Remove(kRendererID);
547
548 // Renderers are added and removed on the UI thread, but the policy can be
[email protected]580522632009-08-17 21:55:55[diff] [blame]549 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be
550 // prepared to answer policy questions about renderers who no longer exist.
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]551
552 // In this case, we default to secure behavior.
553 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
[email protected]e54edc32010-09-28 01:09:19[diff] [blame]554 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
[email protected]c50008512011-02-03 01:17:27[diff] [blame]555 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
initial.commit09911bf2008-07-26 23:55:29[diff] [blame]556}
[email protected]46488322012-10-30 03:22:20[diff] [blame]557
558} // namespace content