Changeset 74093 in webkit
- Timestamp:
- Dec 14, 2010 7:01:58 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 15 edited
- 2 moved
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/storage/private-browsing-noread-nowrite-expected.txt
r74092 r74093 10 10 Private browsing statement 4 completed with an error 11 11 not authorized 12 Private browsing statement 5 completed with an error 13 access to PrivateTest1.randomData is prohibited 12 14 Test ended 13 15 -
trunk/LayoutTests/storage/private-browsing-noread-nowrite.html
r74092 r74093 17 17 "DELETE FROM PrivateTest1", 18 18 "DROP TABLE PrivateTest1", 19 "INSERT INTO PrivateTest1 VALUES ('somedata')" 19 "INSERT INTO PrivateTest1 VALUES ('somedata')", 20 "SELECT * FROM PrivateTest1" 20 21 ]; 21 22 … … 89 90 } 90 91 91 var database = openDatabase("PrivateBrowsing ReadOnlyTest", "1.0", "Test private browsing read-onlysafety", 1);92 var database = openDatabase("PrivateBrowsingNoReadNoWriteTest", "1.0", "Test private browsing no read/write safety", 1); 92 93 database.transaction(runSetup, endTest, endTest); 93 94 } -
trunk/WebCore/ChangeLog
r74089 r74093 1 2010-12-14 Anton D'Auria <adauria@apple.com> 2 3 Reviewed by Darin Adler. 4 5 Do not allow access to existing HTML5 databases in private browsing 6 mode https://bugs.webkit.org/show_bug.cgi?id=49332 7 8 Test: storage/private-browsing-noread-nowrite.html 9 10 Previously, read-only transactions and private browsing mode were 11 represented by the same SQLStatement and DatabaseAuthorizer states. 12 This patch removes the m_readOnly member variable from SQLStatement and 13 DatabaseAuthorizer, and replaces it with m_permissions whose bit fields 14 are initialized by a DatabaseAuthorizer enum Permissions (ReadWrite, 15 ReadOnly, NoAccess). A read-only transaction sets permissions to 16 ReadOnly, and if !m_database->scriptExecutionContext()->allowDatabaseAccess(), 17 then permissions also set to NoAccess. 18 19 * dom/Document.cpp: 20 (WebCore::Document::allowDatabaseAccess): this method was previously 21 called isDatabaseReadOnly. It checks if private browsing preference is 22 set. This method is renamed because it is used to check if private 23 browsing restricts access to databases. 24 * dom/Document.h: 25 * dom/ScriptExecutionContext.h: 26 * storage/AbstractDatabase.cpp: 27 (WebCore::AbstractDatabase::setAuthorizerPermissions): 28 * storage/AbstractDatabase.h: 29 * storage/DatabaseAuthorizer.cpp: 30 (WebCore::DatabaseAuthorizer::reset): 31 (WebCore::DatabaseAuthorizer::createTable): 32 (WebCore::DatabaseAuthorizer::createTempTable): 33 (WebCore::DatabaseAuthorizer::dropTable): 34 (WebCore::DatabaseAuthorizer::dropTempTable): 35 (WebCore::DatabaseAuthorizer::allowAlterTable): 36 (WebCore::DatabaseAuthorizer::createIndex): 37 (WebCore::DatabaseAuthorizer::createTempIndex): 38 (WebCore::DatabaseAuthorizer::dropIndex): 39 (WebCore::DatabaseAuthorizer::dropTempIndex): 40 (WebCore::DatabaseAuthorizer::createTrigger): 41 (WebCore::DatabaseAuthorizer::createTempTrigger): 42 (WebCore::DatabaseAuthorizer::dropTrigger): 43 (WebCore::DatabaseAuthorizer::dropTempTrigger): 44 (WebCore::DatabaseAuthorizer::createView): 45 (WebCore::DatabaseAuthorizer::createTempView): 46 (WebCore::DatabaseAuthorizer::dropView): 47 (WebCore::DatabaseAuthorizer::dropTempView): 48 (WebCore::DatabaseAuthorizer::createVTable): 49 (WebCore::DatabaseAuthorizer::dropVTable): 50 (WebCore::DatabaseAuthorizer::allowDelete): 51 (WebCore::DatabaseAuthorizer::allowInsert): 52 (WebCore::DatabaseAuthorizer::allowUpdate): 53 (WebCore::DatabaseAuthorizer::allowRead): 54 (WebCore::DatabaseAuthorizer::allowReindex): 55 (WebCore::DatabaseAuthorizer::allowWrite): a new private method that 56 checks if DatabaseAuthorizer is enabled and if it is in ReadOnly or 57 NoAccess mode. 58 (WebCore::DatabaseAuthorizer::setReadOnly): 59 (WebCore::DatabaseAuthorizer::setPermissions): 60 * storage/DatabaseAuthorizer.h: 61 * storage/SQLStatement.cpp: 62 (WebCore::SQLStatement::create): 63 (WebCore::SQLStatement::SQLStatement): 64 (WebCore::SQLStatement::execute): 65 * storage/SQLStatement.h: 66 * storage/SQLStatementSync.cpp: 67 (WebCore::SQLStatementSync::SQLStatementSync): 68 (WebCore::SQLStatementSync::execute): 69 * storage/SQLStatementSync.h: 70 * storage/SQLTransaction.cpp: 71 (WebCore::SQLTransaction::executeSQL): 72 * storage/SQLTransactionSync.cpp: 73 (WebCore::SQLTransactionSync::executeSQL): 74 * workers/WorkerContext.h: 75 (WebCore::WorkerContext::allowDatabaseAccess): 76 1 77 2010-12-02 MORITA Hajime <morrita@google.com> 2 78 -
trunk/WebCore/dom/Document.cpp
r74062 r74093 4497 4497 #if ENABLE(DATABASE) 4498 4498 4499 bool Document:: isDatabaseReadOnly() const4499 bool Document::allowDatabaseAccess() const 4500 4500 { 4501 4501 if (!page() || page()->settings()->privateBrowsingEnabled()) 4502 return true;4503 return false;4502 return false; 4503 return true; 4504 4504 } 4505 4505 -
trunk/WebCore/dom/Document.h
r74062 r74093 1007 1007 1008 1008 #if ENABLE(DATABASE) 1009 virtual bool isDatabaseReadOnly() const;1009 virtual bool allowDatabaseAccess() const; 1010 1010 virtual void databaseExceededQuota(const String& name); 1011 1011 #endif -
trunk/WebCore/dom/ScriptExecutionContext.h
r73939 r74093 71 71 72 72 #if ENABLE(DATABASE) 73 virtual bool isDatabaseReadOnly() const = 0;73 virtual bool allowDatabaseAccess() const = 0; 74 74 virtual void databaseExceededQuota(const String& name) = 0; 75 75 DatabaseThread* databaseThread(); -
trunk/WebCore/storage/AbstractDatabase.cpp
r67619 r74093 433 433 } 434 434 435 void AbstractDatabase::setAuthorizerPermissions(int permissions) 436 { 437 ASSERT(m_databaseAuthorizer); 438 m_databaseAuthorizer->setPermissions(permissions); 439 } 440 435 441 bool AbstractDatabase::lastActionChangedDatabase() 436 442 { -
trunk/WebCore/storage/AbstractDatabase.h
r64384 r74093 81 81 void enableAuthorizer(); 82 82 void setAuthorizerReadOnly(); 83 void setAuthorizerPermissions(int permissions); 83 84 bool lastActionChangedDatabase(); 84 85 bool lastActionWasInsert(); -
trunk/WebCore/storage/DatabaseAuthorizer.cpp
r66717 r74093 54 54 m_lastActionWasInsert = false; 55 55 m_lastActionChangedDatabase = false; 56 m_ readOnly = false;56 m_permissions = ReadWriteMask; 57 57 } 58 58 … … 128 128 int DatabaseAuthorizer::createTable(const String& tableName) 129 129 { 130 if ( m_readOnly && m_securityEnabled)130 if (!allowWrite()) 131 131 return SQLAuthDeny; 132 132 … … 140 140 // allowed in read-only transactions or private browsing, so we might as 141 141 // well disallow SQLITE_CREATE_TEMP_TABLE in these cases 142 if ( m_readOnly && m_securityEnabled)142 if (!allowWrite()) 143 143 return SQLAuthDeny; 144 144 … … 148 148 int DatabaseAuthorizer::dropTable(const String& tableName) 149 149 { 150 if ( m_readOnly && m_securityEnabled)150 if (!allowWrite()) 151 151 return SQLAuthDeny; 152 152 … … 159 159 // allowed in read-only transactions or private browsing, so we might as 160 160 // well disallow SQLITE_DROP_TEMP_TABLE in these cases 161 if ( m_readOnly && m_securityEnabled)161 if (!allowWrite()) 162 162 return SQLAuthDeny; 163 163 … … 167 167 int DatabaseAuthorizer::allowAlterTable(const String&, const String& tableName) 168 168 { 169 if ( m_readOnly && m_securityEnabled)169 if (!allowWrite()) 170 170 return SQLAuthDeny; 171 171 … … 176 176 int DatabaseAuthorizer::createIndex(const String&, const String& tableName) 177 177 { 178 if ( m_readOnly && m_securityEnabled)178 if (!allowWrite()) 179 179 return SQLAuthDeny; 180 180 … … 188 188 // which is not allowed in read-only transactions or private browsing, 189 189 // so we might as well disallow SQLITE_CREATE_TEMP_INDEX in these cases 190 if ( m_readOnly && m_securityEnabled)190 if (!allowWrite()) 191 191 return SQLAuthDeny; 192 192 … … 196 196 int DatabaseAuthorizer::dropIndex(const String&, const String& tableName) 197 197 { 198 if ( m_readOnly && m_securityEnabled)198 if (!allowWrite()) 199 199 return SQLAuthDeny; 200 200 … … 207 207 // not allowed in read-only transactions or private browsing, so we might 208 208 // as well disallow SQLITE_DROP_TEMP_INDEX in these cases 209 if ( m_readOnly && m_securityEnabled)209 if (!allowWrite()) 210 210 return SQLAuthDeny; 211 211 … … 215 215 int DatabaseAuthorizer::createTrigger(const String&, const String& tableName) 216 216 { 217 if ( m_readOnly && m_securityEnabled)217 if (!allowWrite()) 218 218 return SQLAuthDeny; 219 219 … … 227 227 // allowed in read-only transactions or private browsing, so we might as 228 228 // well disallow SQLITE_CREATE_TEMP_TRIGGER in these cases 229 if ( m_readOnly && m_securityEnabled)229 if (!allowWrite()) 230 230 return SQLAuthDeny; 231 231 … … 235 235 int DatabaseAuthorizer::dropTrigger(const String&, const String& tableName) 236 236 { 237 if ( m_readOnly && m_securityEnabled)237 if (!allowWrite()) 238 238 return SQLAuthDeny; 239 239 … … 246 246 // allowed in read-only transactions or private browsing, so we might as 247 247 // well disallow SQLITE_DROP_TEMP_TRIGGER in these cases 248 if ( m_readOnly && m_securityEnabled)248 if (!allowWrite()) 249 249 return SQLAuthDeny; 250 250 … … 254 254 int DatabaseAuthorizer::createView(const String&) 255 255 { 256 return ( m_readOnly && m_securityEnabled? SQLAuthDeny : SQLAuthAllow);256 return (!allowWrite() ? SQLAuthDeny : SQLAuthAllow); 257 257 } 258 258 … … 262 262 // allowed in read-only transactions or private browsing, so we might as 263 263 // well disallow SQLITE_CREATE_TEMP_VIEW in these cases 264 return ( m_readOnly && m_securityEnabled? SQLAuthDeny : SQLAuthAllow);264 return (!allowWrite() ? SQLAuthDeny : SQLAuthAllow); 265 265 } 266 266 267 267 int DatabaseAuthorizer::dropView(const String&) 268 268 { 269 if ( m_readOnly && m_securityEnabled)269 if (!allowWrite()) 270 270 return SQLAuthDeny; 271 271 … … 279 279 // allowed in read-only transactions or private browsing, so we might as 280 280 // well disallow SQLITE_DROP_TEMP_VIEW in these cases 281 if ( m_readOnly && m_securityEnabled)281 if (!allowWrite()) 282 282 return SQLAuthDeny; 283 283 … … 288 288 int DatabaseAuthorizer::createVTable(const String& tableName, const String& moduleName) 289 289 { 290 if ( m_readOnly && m_securityEnabled)290 if (!allowWrite()) 291 291 return SQLAuthDeny; 292 292 … … 301 301 int DatabaseAuthorizer::dropVTable(const String& tableName, const String& moduleName) 302 302 { 303 if ( m_readOnly && m_securityEnabled)303 if (!allowWrite()) 304 304 return SQLAuthDeny; 305 305 … … 313 313 int DatabaseAuthorizer::allowDelete(const String& tableName) 314 314 { 315 if ( m_readOnly && m_securityEnabled)315 if (!allowWrite()) 316 316 return SQLAuthDeny; 317 317 … … 321 321 int DatabaseAuthorizer::allowInsert(const String& tableName) 322 322 { 323 if ( m_readOnly && m_securityEnabled)323 if (!allowWrite()) 324 324 return SQLAuthDeny; 325 325 … … 331 331 int DatabaseAuthorizer::allowUpdate(const String& tableName, const String&) 332 332 { 333 if ( m_readOnly && m_securityEnabled)333 if (!allowWrite()) 334 334 return SQLAuthDeny; 335 335 … … 345 345 int DatabaseAuthorizer::allowRead(const String& tableName, const String&) 346 346 { 347 if (m_permissions & NoAccessMask && m_securityEnabled) 348 return SQLAuthDeny; 349 347 350 return denyBasedOnTableName(tableName); 348 351 } … … 350 353 int DatabaseAuthorizer::allowReindex(const String&) 351 354 { 352 return ( m_readOnly && m_securityEnabled? SQLAuthDeny : SQLAuthAllow);355 return (!allowWrite() ? SQLAuthDeny : SQLAuthAllow); 353 356 } 354 357 … … 391 394 } 392 395 396 bool DatabaseAuthorizer::allowWrite() 397 { 398 return !(m_securityEnabled && (m_permissions & ReadOnlyMask || m_permissions & NoAccessMask)); 399 } 400 393 401 void DatabaseAuthorizer::setReadOnly() 394 402 { 395 m_readOnly = true; 403 m_permissions |= ReadOnlyMask; 404 } 405 406 void DatabaseAuthorizer::setPermissions(int permissions) 407 { 408 m_permissions = permissions; 396 409 } 397 410 -
trunk/WebCore/storage/DatabaseAuthorizer.h
r65077 r74093 43 43 class DatabaseAuthorizer : public ThreadSafeShared<DatabaseAuthorizer> { 44 44 public: 45 46 enum Permissions { 47 ReadWriteMask = 0, 48 ReadOnlyMask = 1 << 1, 49 NoAccessMask = 1 << 2 50 }; 51 45 52 static PassRefPtr<DatabaseAuthorizer> create(const String& databaseInfoTableName); 46 53 … … 88 95 void enable(); 89 96 void setReadOnly(); 97 void setPermissions(int permissions); 90 98 91 99 void reset(); … … 101 109 int denyBasedOnTableName(const String&) const; 102 110 int updateDeletesBasedOnTableName(const String&); 111 bool allowWrite(); 103 112 113 int m_permissions; 104 114 bool m_securityEnabled : 1; 105 115 bool m_lastActionWasInsert : 1; 106 116 bool m_lastActionChangedDatabase : 1; 107 bool m_readOnly : 1;108 117 bool m_hadDeletes : 1; 109 118 -
trunk/WebCore/storage/SQLStatement.cpp
r65344 r74093 44 44 namespace WebCore { 45 45 46 PassRefPtr<SQLStatement> SQLStatement::create(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, bool readOnly)47 { 48 return adoptRef(new SQLStatement(statement, arguments, callback, errorCallback, readOnly));49 } 50 51 SQLStatement::SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, bool readOnly)46 PassRefPtr<SQLStatement> SQLStatement::create(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, int permissions) 47 { 48 return adoptRef(new SQLStatement(statement, arguments, callback, errorCallback, permissions)); 49 } 50 51 SQLStatement::SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback> callback, PassRefPtr<SQLStatementErrorCallback> errorCallback, int permissions) 52 52 : m_statement(statement.crossThreadString()) 53 53 , m_arguments(arguments) 54 54 , m_statementCallback(callback) 55 55 , m_statementErrorCallback(errorCallback) 56 , m_ readOnly(readOnly)56 , m_permissions(permissions) 57 57 { 58 58 } … … 70 70 return false; 71 71 72 if (m_readOnly) 73 db->setAuthorizerReadOnly(); 72 db->setAuthorizerPermissions(m_permissions); 74 73 75 74 SQLiteDatabase* database = &db->sqliteDatabase(); -
trunk/WebCore/storage/SQLStatement.h
r60508 r74093 47 47 class SQLStatement : public ThreadSafeShared<SQLStatement> { 48 48 public: 49 static PassRefPtr<SQLStatement> create(const String&, const Vector<SQLValue>&, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, bool readOnly);49 static PassRefPtr<SQLStatement> create(const String&, const Vector<SQLValue>&, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, int permissions); 50 50 51 51 bool execute(Database*); … … 62 62 SQLError* sqlError() const { return m_error.get(); } 63 63 private: 64 SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, bool readOnly);64 SQLStatement(const String& statement, const Vector<SQLValue>& arguments, PassRefPtr<SQLStatementCallback>, PassRefPtr<SQLStatementErrorCallback>, int permissions); 65 65 66 66 void setFailureDueToQuota(); … … 75 75 RefPtr<SQLResultSet> m_resultSet; 76 76 77 bool m_readOnly;77 int m_permissions; 78 78 }; 79 79 -
trunk/WebCore/storage/SQLStatementSync.cpp
r64384 r74093 44 44 namespace WebCore { 45 45 46 SQLStatementSync::SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, bool readOnly)46 SQLStatementSync::SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, int permissions) 47 47 : m_statement(statement) 48 48 , m_arguments(arguments) 49 , m_ readOnly(readOnly)49 , m_permissions(permissions) 50 50 { 51 51 ASSERT(!m_statement.isEmpty()); … … 54 54 PassRefPtr<SQLResultSet> SQLStatementSync::execute(DatabaseSync* db, ExceptionCode& ec) 55 55 { 56 if (m_readOnly) 57 db->setAuthorizerReadOnly(); 56 db->setAuthorizerPermissions(m_permissions); 58 57 59 58 SQLiteDatabase* database = &db->sqliteDatabase(); -
trunk/WebCore/storage/SQLStatementSync.h
r63278 r74093 47 47 class SQLStatementSync { 48 48 public: 49 SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, bool readOnly);49 SQLStatementSync(const String& statement, const Vector<SQLValue>& arguments, int permissions); 50 50 51 51 PassRefPtr<SQLResultSet> execute(DatabaseSync*, ExceptionCode&); … … 54 54 String m_statement; 55 55 Vector<SQLValue> m_arguments; 56 bool m_readOnly;56 int m_permissions; 57 57 }; 58 58 -
trunk/WebCore/storage/SQLTransaction.cpp
r65871 r74093 33 33 34 34 #include "Database.h" 35 #include "DatabaseAuthorizer.h" 35 36 #include "DatabaseThread.h" 36 37 #include "Logging.h" … … 94 95 } 95 96 96 bool readOnlyMode = m_readOnly;97 if (! readOnlyMode) {98 if (m_database->scriptExecutionContext()->isDatabaseReadOnly())99 readOnlyMode = true;100 }101 102 RefPtr<SQLStatement> statement = SQLStatement::create(sqlStatement, arguments, callback, callbackError, readOnlyMode);97 int permissions = DatabaseAuthorizer::ReadWriteMask; 98 if (!m_database->scriptExecutionContext()->allowDatabaseAccess()) 99 permissions |= DatabaseAuthorizer::NoAccessMask; 100 else if (m_readOnly) 101 permissions |= DatabaseAuthorizer::ReadOnlyMask; 102 103 RefPtr<SQLStatement> statement = SQLStatement::create(sqlStatement, arguments, callback, callbackError, permissions); 103 104 104 105 if (m_database->deleted()) -
trunk/WebCore/storage/SQLTransactionSync.cpp
r65871 r74093 34 34 #if ENABLE(DATABASE) 35 35 36 #include "DatabaseAuthorizer.h" 36 37 #include "DatabaseSync.h" 37 38 #include "PlatformString.h" … … 87 88 return 0; 88 89 89 bool readOnlyMode = m_readOnly || m_database->scriptExecutionContext()->isDatabaseReadOnly(); 90 SQLStatementSync statement(sqlStatement, arguments, readOnlyMode); 90 int permissions = DatabaseAuthorizer::ReadWriteMask; 91 if (!m_database->scriptExecutionContext()->allowDatabaseAccess()) 92 permissions |= DatabaseAuthorizer::NoAccessMask; 93 else if (m_readOnly) 94 permissions |= DatabaseAuthorizer::ReadOnlyMask; 95 96 SQLStatementSync statement(sqlStatement, arguments, permissions); 91 97 92 98 m_database->resetAuthorizer(); -
trunk/WebCore/workers/WorkerContext.h
r73939 r74093 114 114 115 115 // Not implemented yet. 116 virtual bool isDatabaseReadOnly() const { return false; }116 virtual bool allowDatabaseAccess() const { return true; } 117 117 // Not implemented for real yet. 118 118 virtual void databaseExceededQuota(const String&);
Note: See TracChangeset
for help on using the changeset viewer.