Fix file access on Chrome for ChromeOS on Linux

net/url_request/url_request_file_job.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // For loading files, we make use of overlapped i/o to ensure that reading from
 // the filesystem (e.g., a network filesystem) does not block the calling
 // thread.  An alternative approach would be to use a background thread or pool
 // of threads, but it seems better to leverage the operating system's ability
 // to do background file reads for us.
 //
@@ skipping 76 matching lines @@
     : URLRequestJob(request),
       file_path_(file_path),
       stream_(NULL),
       is_directory_(false),
       remaining_bytes_(0) {
 }
 
 // static
 URLRequestJob* URLRequestFileJob::Factory(URLRequest* request,
                                           const std::string& scheme) {
-
   FilePath file_path;
   const bool is_file = FileURLToFilePath(request->url(), &file_path);
 
-#if defined(OS_CHROMEOS)
-  // Check file access.
-  if (AccessDisabled(file_path))
+  // Check file access permissions.
+  if (!request->IsFileAccessAllowed(file_path))
     return new URLRequestErrorJob(request, ERR_ACCESS_DENIED);
-#endif
 
   // We need to decide whether to create URLRequestFileJob for file access or
   // URLRequestFileDirJob for directory access. To avoid accessing the
   // filesystem, we only look at the path string here.
   // The code in the URLRequestFileJob::Start() method discovers that a path,
   // which doesn't end with a slash, should really be treated as a directory,
   // and it then redirects to the URLRequestFileDirJob.
   if (is_file &&
       file_util::EndsWithSeparator(file_path) &&
       file_path.IsAbsolute())
     return new URLRequestFileDirJob(request, file_path);
 
   // Use a regular file request job for all non-directories (including invalid
   // file names).
   return new URLRequestFileJob(request, file_path);
 }
 
-#if defined(OS_CHROMEOS)
-static const char* const kLocalAccessWhiteList[] = {
-  "/home/chronos/user/Downloads",
-  "/home/chronos/user/log",
-  "/media",
-  "/opt/oem",
-  "/usr/share/chromeos-assets",
-  "/tmp",
-  "/var/log",
-};
-
-// static
-bool URLRequestFileJob::AccessDisabled(const FilePath& file_path) {
-  if (URLRequest::IsFileAccessAllowed()) {  // for tests.
-    return false;
-  }
-
-  for (size_t i = 0; i < arraysize(kLocalAccessWhiteList); ++i) {
-    const FilePath white_listed_path(kLocalAccessWhiteList[i]);
-    // FilePath::operator== should probably handle trailing seperators.
-    if (white_listed_path == file_path.StripTrailingSeparators() ||
-        white_listed_path.IsParent(file_path)) {
-      return false;
-    }
-  }
-  return true;
-}
-#endif  // OS_CHROMEOS
-
 void URLRequestFileJob::Start() {
   DCHECK(!async_resolver_);
   async_resolver_ = new AsyncResolver(this);
   base::WorkerPool::PostTask(
       FROM_HERE,
       base::Bind(&AsyncResolver::Resolve, async_resolver_.get(), file_path_),
       true);
 }
 
 void URLRequestFileJob::Kill() {
@@ skipping 198 matching lines @@
     NotifyDone(URLRequestStatus(URLRequestStatus::FAILED, result));
   }
 
   remaining_bytes_ -= result;
   DCHECK_GE(remaining_bytes_, 0);
 
   NotifyReadComplete(result);
 }
 
 }  // namespace net