Fix file access on Chrome for ChromeOS on Linux

net/url_request/url_request_file_job.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // For loading files, we make use of overlapped i/o to ensure that reading from
 // the filesystem (e.g., a network filesystem) does not block the calling
 // thread.  An alternative approach would be to use a background thread or pool
 // of threads, but it seems better to leverage the operating system's ability
 // to do background file reads for us.
 //
@@ skipping 18 matching lines @@
 #include "base/threading/thread_restrictions.h"
 #include "build/build_config.h"
 #include "googleurl/src/gurl.h"
 #include "net/base/io_buffer.h"
 #include "net/base/load_flags.h"
 #include "net/base/mime_util.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_util.h"
 #include "net/http/http_util.h"
 #include "net/url_request/url_request.h"
+#include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_error_job.h"
 #include "net/url_request/url_request_file_dir_job.h"
 
 namespace net {
 
+
+// By default we don't allow access to all file:// urls on ChromeOS but we do on
+// other platforms.
+#if defined(OS_CHROMEOS)
+bool URLRequestFileJob::g_allow_file_access_ = false;
+#else
+bool URLRequestFileJob::g_allow_file_access_ = true;
+#endif
+
 class URLRequestFileJob::AsyncResolver
     : public base::RefCountedThreadSafe<URLRequestFileJob::AsyncResolver> {
  public:
   explicit AsyncResolver(URLRequestFileJob* owner)
       : owner_(owner), owner_loop_(MessageLoop::current()) {
   }
 
   void Resolve(const FilePath& file_path) {
     base::PlatformFileInfo file_info;
     bool exists = file_util::GetFileInfo(file_path, &file_info);
@@ skipping 33 matching lines @@
     : URLRequestJob(request),
       file_path_(file_path),
       stream_(NULL),
       is_directory_(false),
       remaining_bytes_(0) {
 }
 
 // static
 URLRequestJob* URLRequestFileJob::Factory(URLRequest* request,
                                           const std::string& scheme) {
-
   FilePath file_path;
   const bool is_file = FileURLToFilePath(request->url(), &file_path);
 
-#if defined(OS_CHROMEOS)
-  // Check file access.
-  if (AccessDisabled(file_path))
+  // Check file access permissions.
+  if (!IsFileAccessAllowed(*request, file_path))
     return new URLRequestErrorJob(request, ERR_ACCESS_DENIED);
-#endif
 
   // We need to decide whether to create URLRequestFileJob for file access or
   // URLRequestFileDirJob for directory access. To avoid accessing the
   // filesystem, we only look at the path string here.
   // The code in the URLRequestFileJob::Start() method discovers that a path,
   // which doesn't end with a slash, should really be treated as a directory,
   // and it then redirects to the URLRequestFileDirJob.
   if (is_file &&
       file_util::EndsWithSeparator(file_path) &&
       file_path.IsAbsolute())
     return new URLRequestFileDirJob(request, file_path);
 
   // Use a regular file request job for all non-directories (including invalid
   // file names).
   return new URLRequestFileJob(request, file_path);
 }
 
-#if defined(OS_CHROMEOS)
-static const char* const kLocalAccessWhiteList[] = {
-  "/home/chronos/user/Downloads",
-  "/home/chronos/user/log",
-  "/media",
-  "/opt/oem",
-  "/usr/share/chromeos-assets",
-  "/tmp",
-  "/var/log",
-};
-
-// static
-bool URLRequestFileJob::AccessDisabled(const FilePath& file_path) {
-  if (URLRequest::IsFileAccessAllowed()) {  // for tests.
-    return false;
-  }
-
-  for (size_t i = 0; i < arraysize(kLocalAccessWhiteList); ++i) {
-    const FilePath white_listed_path(kLocalAccessWhiteList[i]);
-    // FilePath::operator== should probably handle trailing seperators.
-    if (white_listed_path == file_path.StripTrailingSeparators() ||
-        white_listed_path.IsParent(file_path)) {
-      return false;
-    }
-  }
-  return true;
-}
-#endif  // OS_CHROMEOS
-
 void URLRequestFileJob::Start() {
   DCHECK(!async_resolver_);
   async_resolver_ = new AsyncResolver(this);
   base::WorkerPool::PostTask(
       FROM_HERE,
       base::Bind(&AsyncResolver::Resolve, async_resolver_.get(), file_path_),
       true);
 }
 
 void URLRequestFileJob::Kill() {
@@ skipping 112 matching lines @@
         // because we need to do multipart encoding here.
         // TODO(hclam): decide whether we want to support multiple range
         // requests.
         NotifyDone(URLRequestStatus(URLRequestStatus::FAILED,
                                     ERR_REQUEST_RANGE_NOT_SATISFIABLE));
       }
     }
   }
 }
 
+// static
+void URLRequestFileJob::AllowAccessToAllFiles() {
+  g_allow_file_access_ = true;
+}
+
+// static
+bool URLRequestFileJob::IsFileAccessAllowed(const URLRequest& request,
+                                            const FilePath& path) {
+  if (g_allow_file_access_)
+    return true;
+  const URLRequestContext* context = request.context();
+  if (!context)
+    return false;
+  const NetworkDelegate* delegate = context->network_delegate();
+  if (delegate)
+    return delegate->NotifyFileAccessRequested(request, path);
+  return false;
+}
+
 URLRequestFileJob::~URLRequestFileJob() {
   DCHECK(!async_resolver_);
 }
 
 void URLRequestFileJob::DidResolve(
     bool exists, const base::PlatformFileInfo& file_info) {
   async_resolver_ = NULL;
 
   // We may have been orphaned...
   if (!request_)
@@ skipping 66 matching lines @@
     NotifyDone(URLRequestStatus(URLRequestStatus::FAILED, result));
   }
 
   remaining_bytes_ -= result;
   DCHECK_GE(remaining_bytes_, 0);
 
   NotifyReadComplete(result);
 }
 
 }  // namespace net