1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/browser/renderer_host/pepper/pepper_security_helper.h"
7 #include "base/logging.h"
8 #include "content/browser/child_process_security_policy_impl.h"
9 #include "ppapi/c/ppb_file_io.h"
15 template <typename CanRead, typename CanWrite,
16 typename CanCreate, typename CanCreateReadWrite,
18 bool CanOpenFileWithPepperFlags(CanRead can_read,
21 CanCreateReadWrite can_create_read_write,
25 ChildProcessSecurityPolicyImpl* policy =
26 ChildProcessSecurityPolicyImpl::GetInstance();
28 bool pp_read = !!(pp_open_flags & PP_FILEOPENFLAG_READ);
29 bool pp_write = !!(pp_open_flags & PP_FILEOPENFLAG_WRITE);
30 bool pp_create = !!(pp_open_flags & PP_FILEOPENFLAG_CREATE);
31 bool pp_truncate = !!(pp_open_flags & PP_FILEOPENFLAG_TRUNCATE);
32 bool pp_exclusive = !!(pp_open_flags & PP_FILEOPENFLAG_EXCLUSIVE);
33 bool pp_append = !!(pp_open_flags & PP_FILEOPENFLAG_APPEND);
35 if (pp_read && !(policy->*can_read)(child_id, file))
38 if (pp_write && !(policy->*can_write)(child_id, file))
41 // TODO(tommycli): Maybe tighten up required permission. crbug.com/284792
42 if (pp_append && !(policy->*can_create_read_write)(child_id, file))
45 if (pp_truncate && !pp_write)
50 return (policy->*can_create)(child_id, file);
52 // Asks for too much, but this is the only grant that allows overwrite.
53 return (policy->*can_create_read_write)(child_id, file);
55 } else if (pp_truncate) {
56 return (policy->*can_create_read_write)(child_id, file);
64 bool CanOpenWithPepperFlags(int pp_open_flags, int child_id,
65 const base::FilePath& file) {
66 return CanOpenFileWithPepperFlags(
67 &ChildProcessSecurityPolicyImpl::CanReadFile,
68 &ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile,
69 &ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile,
70 &ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile,
71 pp_open_flags, child_id, file);
74 bool CanOpenFileSystemURLWithPepperFlags(int pp_open_flags, int child_id,
75 const fileapi::FileSystemURL& url) {
76 return CanOpenFileWithPepperFlags(
77 &ChildProcessSecurityPolicyImpl::CanReadFileSystemFile,
78 &ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile,
79 &ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile,
80 &ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile,
81 pp_open_flags, child_id, url);
84 } // namespace content