Fix granted file access after local/remote access cleanup

We forgot to check for files specifically granted access to. This blocked a number of features including dropping local files. Task-number: QTBUG-102192 Change-Id: I5d34d9ba5351ec179df5896e64cc95c5481c7dc2 Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io> (cherry picked from commit 9a44b6ea5c60f83d841881b5ddbbaba79228fdea) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2022-04-01 14:30:16 +0200
committer: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> 2022-04-14 10:16:55 +0000
commit: 03b8141000bf3bb2a661694956bf67e89fc72339 (patch)
tree: 6659cc29f675b535ee57748d04e1484d0ec6f781
parent: 8cc10f1d353bae0b25f6864054743d58225acc69 (diff)
3 files changed, 49 insertions, 3 deletions
diff --git a/src/core/net/proxying_url_loader_factory_qt.cpp b/src/core/net/proxying_url_loader_factory_qt.cpp
index 9bdebf6be..a5b732a4f 100644
--- a/src/core/net/proxying_url_loader_factory_qt.cpp
+++ b/src/core/net/proxying_url_loader_factory_qt.cpp
@@ -48,6 +48,7 @@
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/content_switches.h"
+#include "net/base/filename_util.h"
 #include "net/http/http_status_code.h"
 #include "services/network/public/cpp/cors/cors.h"
 #include "services/network/public/mojom/early_hints.mojom.h"
@@ -283,9 +284,21 @@ void InterceptedRequest::Restart()
     }
     // Check if local access is allowed
     if (!allow_local_ && local_access_) {
-        target_client_->OnComplete(network::URLLoaderCompletionStatus(net::ERR_ACCESS_DENIED));
-        delete this;
-        return;
+        bool granted_special_access = false;
+        // Check for specifically granted file access:
+        if (auto *frame_tree = content::FrameTreeNode::GloballyFindByID(frame_tree_node_id_)) {
+            const int renderer_id = frame_tree->current_frame_host()->GetProcess()->GetID();
+            base::FilePath file_path;
+            if (net::FileURLToFilePath(request_.url, &file_path)) {
+                if (content::ChildProcessSecurityPolicy::GetInstance()->CanReadFile(renderer_id, file_path))
+                    granted_special_access = true;
+            }
+        }
+        if (!granted_special_access) {
+            target_client_->OnComplete(network::URLLoaderCompletionStatus(net::ERR_ACCESS_DENIED));
+            delete this;
+            return;
+        }
     }
 
     // MEMO since all codepatch leading to Restart scheduled and executed as asynchronous tasks in main thread,
diff --git a/tests/auto/widgets/qwebengineview/BLACKLIST b/tests/auto/widgets/qwebengineview/BLACKLIST
index eccf02971..99161a591 100644
--- a/tests/auto/widgets/qwebengineview/BLACKLIST
+++ b/tests/auto/widgets/qwebengineview/BLACKLIST
@@ -12,3 +12,6 @@ osx
 
 [reusePage]
 b2qt arm
+
+[navigateOnDrop]
+windows
diff --git a/tests/auto/widgets/qwebengineview/tst_qwebengineview.cpp b/tests/auto/widgets/qwebengineview/tst_qwebengineview.cpp
index e4df3f711..07d43a9b8 100644
--- a/tests/auto/widgets/qwebengineview/tst_qwebengineview.cpp
+++ b/tests/auto/widgets/qwebengineview/tst_qwebengineview.cpp
@@ -34,10 +34,12 @@
 #include <qtemporarydir.h>
 #include <QClipboard>
 #include <QCompleter>
+#include <QDropEvent>
 #include <QLabel>
 #include <QLineEdit>
 #include <QHBoxLayout>
 #include <QMenu>
+#include <QMimeData>
 #include <QQuickItem>
 #include <QQuickWidget>
 #include <QtWebEngineCore/qwebenginehttprequest.h>
@@ -174,6 +176,7 @@ private Q_SLOTS:
     void closeDiscardsPage();
     void loadAfterRendererCrashed();
     void inspectElement();
+    void navigateOnDrop();
 };
 
 // This will be called before the first test function is executed.
@@ -3513,5 +3516,32 @@ void tst_QWebEngineView::inspectElement()
     QTest::qWait(100);
 }
 
+void tst_QWebEngineView::navigateOnDrop()
+{
+    struct WebEngineView : QWebEngineView {
+        QWebEngineView* createWindow(QWebEnginePage::WebWindowType /* type */) override { return this; }
+    } view;
+    view.resize(640, 480);
+    view.show();
+    QVERIFY(QTest::qWaitForWindowExposed(&view));
+
+    QSignalSpy loadSpy(&view, &QWebEngineView::loadFinished);
+    auto url = QUrl::fromLocalFile(QDir(QT_TESTCASE_SOURCEDIR).absoluteFilePath("resources/dummy.html"));
+    QMimeData mimeData;
+    mimeData.setUrls({ url });
+
+    auto sendEvents = [&] () {
+        QDragEnterEvent dee(view.rect().center(), Qt::CopyAction, &mimeData, Qt::LeftButton, Qt::NoModifier);
+        QApplication::sendEvent(&view, &dee);
+        QDropEvent de(view.rect().center(), Qt::CopyAction, &mimeData, Qt::LeftButton, Qt::NoModifier);
+        QApplication::sendEvent(&view, &de);
+    };
+
+    sendEvents();
+    QTRY_COMPARE(loadSpy.count(), 1);
+    QVERIFY(loadSpy.first().first().toBool());
+    QCOMPARE(view.url(), url);
+}
+
 QTEST_MAIN(tst_QWebEngineView)
 #include "tst_qwebengineview.moc"
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2022-04-01 14:30:16 +0200
committer	Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>	2022-04-14 10:16:55 +0000
commit	03b8141000bf3bb2a661694956bf67e89fc72339 (patch)
tree	6659cc29f675b535ee57748d04e1484d0ec6f781
parent	8cc10f1d353bae0b25f6864054743d58225acc69 (diff)