mirror of
https://bitbucket.org/chromiumembedded/cef
synced 2025-06-05 21:39:12 +02:00
Enforce cache_path requirements for NetworkService (see issue #2622).
This change adds a new CefSettings.root_cache_path value that must be either equal to or a parent directory of all CefSettings.cache_path and CefRequestContextSettings.cache_path values. The sandbox may block read/write access from the NetworkService to directories that do not meet this requirement. To test: Run cefclient with a combination of the following flags: --cache-path=c:\temp\cache Cache data should be persisted to the specified directory. --request-context-per-browser A separate numbered cache directory should be created underneath the cache-path directory for each new browser instance. --enable-network-service --disable-extensions Same tests, but with NetworkService enabled. Known issues: - When NetworkService is enabled a C:\temp\cache\cache\Cache directory is created (should be C:\temp\cache\Cache).
This commit is contained in:
@@ -22,6 +22,7 @@
|
||||
#include "base/files/file_util.h"
|
||||
#include "base/run_loop.h"
|
||||
#include "base/synchronization/waitable_event.h"
|
||||
#include "base/threading/thread_restrictions.h"
|
||||
#include "components/network_session_configurator/common/network_switches.h"
|
||||
#include "content/app/content_service_manager_main_delegate.h"
|
||||
#include "content/browser/startup_helper.h"
|
||||
@@ -370,6 +371,18 @@ bool CefContext::Initialize(const CefMainArgs& args,
|
||||
SignalChromeElf();
|
||||
#endif
|
||||
|
||||
base::FilePath cache_path = base::FilePath(CefString(&settings_.cache_path));
|
||||
if (!ValidateCachePath(cache_path)) {
|
||||
// Reset to in-memory storage.
|
||||
CefString(&settings_.cache_path).clear();
|
||||
cache_path = base::FilePath();
|
||||
}
|
||||
const base::FilePath& root_cache_path =
|
||||
base::FilePath(CefString(&settings_.root_cache_path));
|
||||
if (root_cache_path.empty() && !cache_path.empty()) {
|
||||
CefString(&settings_.root_cache_path) = CefString(&settings_.cache_path);
|
||||
}
|
||||
|
||||
main_delegate_.reset(new CefMainDelegate(application));
|
||||
browser_info_manager_.reset(new CefBrowserInfoManager);
|
||||
|
||||
@@ -533,6 +546,31 @@ void CefContext::PopulateRequestContextSettings(
|
||||
CefString(&settings_.accept_language_list);
|
||||
}
|
||||
|
||||
bool CefContext::ValidateCachePath(const base::FilePath& cache_path) {
|
||||
if (cache_path.empty())
|
||||
return true;
|
||||
|
||||
const base::FilePath& root_cache_path =
|
||||
base::FilePath(CefString(&settings_.root_cache_path));
|
||||
if (!root_cache_path.empty() && root_cache_path != cache_path &&
|
||||
!root_cache_path.IsParent(cache_path)) {
|
||||
LOG(ERROR) << "The cache_path directory (" << cache_path.value()
|
||||
<< ") is not a child of the root_cache_path directory ("
|
||||
<< root_cache_path.value() << ")";
|
||||
return false;
|
||||
}
|
||||
|
||||
base::ThreadRestrictions::ScopedAllowIO allow_io;
|
||||
if (!base::DirectoryExists(cache_path) &&
|
||||
!base::CreateDirectory(cache_path)) {
|
||||
LOG(ERROR) << "The cache_path directory (" << cache_path.value()
|
||||
<< ") could not be created.";
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
void CefContext::OnContextInitialized() {
|
||||
CEF_REQUIRE_UIT();
|
||||
|
||||
|
Reference in New Issue
Block a user