New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 852802 link

Starred by 4 users
Status: WontFix
Owner: ----
Closed: Sep 4
Cc:
roc...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android , Chrome
Pri: 3
Type: Bug
Proj-Servicification



Sign in to add a comment

NetworkService: Need file URL safety checks on ChromeOS and Android

Project Member Reported by mmenke@chromium.org, Jun 14 2018 
On ChromeOS and Android, we have a whitelist of paths file URLs are allowed to access (See ChromeNetworkDelegate::IsAccessAllowedInternal).  It looks to me like those checks are not duplicated in the file url logic when the network service is not disabled.

This should block Canary on those platforms, but not on any other.

Comment 1 by eroman@chromium.org, Sep 4

Cc: roc...@chromium.org
This looks to already be implemented in the code.

FileURL[Directory]Loader calls out to content::ContentBrowserClient::IsFileAccessAllowed, which in Chrome forwards to ChromeNetworkDelegate::IsAccessAllowed.

https://cs.chromium.org/chromium/src/chrome/browser/chrome_content_browser_client.cc?type=cs&q=::IsFileAccessAllowed&sq=package:chromium&g=0&l=1779

@rockot: Can this be marked as fixed?

Comment 2 by roc...@chromium.org, Sep 4 

I think so, but mmenke@ should probably verify that what we have now is in fact sufficient to cover his concerns.

Comment 3 by mmenke@chromium.org, Sep 4

Status: WontFix (was: Untriaged)
What we have looks sufficient to me.

Sign in to add a comment