diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2022-04-01 14:30:16 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2022-04-30 12:33:58 +0200 |
commit | d17818da1244f862959bb0bd6f60be0d866609f3 (patch) | |
tree | f0011e7f930b2fbfa0a12aeb56f313bc46e527a1 /src/core | |
parent | 6b1ee57fc293a755b3cbeb55e67cadf90ce74904 (diff) |
Fix granted file access after local/remote access cleanup
We forgot to check for files specifically granted access to.
This blocked a number of features including dropping local files.
Task-number: QTBUG-102192
Change-Id: I5d34d9ba5351ec179df5896e64cc95c5481c7dc2
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
(cherry picked from commit 9a44b6ea5c60f83d841881b5ddbbaba79228fdea)
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/net/proxying_url_loader_factory_qt.cpp | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/core/net/proxying_url_loader_factory_qt.cpp b/src/core/net/proxying_url_loader_factory_qt.cpp index 117ace394..94faff545 100644 --- a/src/core/net/proxying_url_loader_factory_qt.cpp +++ b/src/core/net/proxying_url_loader_factory_qt.cpp @@ -46,8 +46,10 @@ #include "content/browser/web_contents/web_contents_impl.h" #include "content/public/browser/browser_task_traits.h" #include "content/public/browser/browser_thread.h" +#include "content/public/browser/child_process_security_policy.h" #include "content/public/browser/web_contents.h" #include "content/public/common/content_switches.h" +#include "net/base/filename_util.h" #include "net/http/http_status_code.h" #include "services/network/public/cpp/cors/cors.h" #include "third_party/blink/public/mojom/loader/resource_load_info.mojom-shared.h" @@ -286,9 +288,21 @@ void InterceptedRequest::Restart() } // Check if local access is allowed if (!allow_local_ && local_access_) { - target_client_->OnComplete(network::URLLoaderCompletionStatus(net::ERR_ACCESS_DENIED)); - delete this; - return; + bool granted_special_access = false; + // Check for specifically granted file access: + if (auto *frame_tree = content::FrameTreeNode::GloballyFindByID(request_.render_frame_id)) { + const int renderer_id = frame_tree->current_frame_host()->GetProcess()->GetID(); + base::FilePath file_path; + if (net::FileURLToFilePath(request_.url, &file_path)) { + if (content::ChildProcessSecurityPolicy::GetInstance()->CanReadFile(renderer_id, file_path)) + granted_special_access = true; + } + } + if (!granted_special_access) { + target_client_->OnComplete(network::URLLoaderCompletionStatus(net::ERR_ACCESS_DENIED)); + delete this; + return; + } } // MEMO since all codepatch leading to Restart scheduled and executed as asynchronous tasks in main thread, |