Make Isolated file system writable only if it is configured so

webkit/fileapi/isolated_context.h

Index: webkit/fileapi/isolated_context.h
diff --git a/webkit/fileapi/isolated_context.h b/webkit/fileapi/isolated_context.h
index 6024ab3f4cee9557877d92167ee53135311a58c3..fa6d0a9ef0011d81c969f509eb0e3b6778611f34 100644
--- a/webkit/fileapi/isolated_context.h
+++ b/webkit/fileapi/isolated_context.h
@@ -77,13 +77,20 @@ class FILEAPI_EXPORT IsolatedContext {
   // Returns a vector of the full paths of the top-level entry paths
   // registered for the |filesystem_id|.  Returns false if the
   // |filesystem_is| is not valid.
-  bool GetTopLevelPaths(std::string filesystem_id,
+  bool GetTopLevelPaths(const std::string& filesystem_id,
                         std::vector<FilePath>* paths) const;
 
   // Returns the virtual path that looks like /<filesystem_id>/<relative_path>.
   FilePath CreateVirtualPath(const std::string& filesystem_id,
                              const FilePath& relative_path) const;
 
+  // Set the filesystem writable if |writable| is true, non-writable
+  // if it is false. Returns false if the |filesystem_id| is not valid.
+  bool SetWritable(const std::string& filesystem_id, bool writable);
+
+  // Returns true if the |filesystem_id| is writable.
+  bool IsWritable(const std::string& filesystem_id) const;
+
  private:
   friend struct base::DefaultLazyInstanceTraits<IsolatedContext>;
 
@@ -104,6 +111,13 @@ class FILEAPI_EXPORT IsolatedContext {
   // Maps the toplevel entries to the filesystem id.
   IDToPathMap toplevel_map_;
 
+  // Holds a set of writable ids.
+  // Isolated file systems are created read-only by default, and this set
+  // holds a list of exceptions.
+  // Detailed filesystem permission may be provided by an external
+  // security policy manager, e.g. ChildProcessSecurityPolicy.
+  std::set<std::string> writable_ids_;
+
   DISALLOW_COPY_AND_ASSIGN(IsolatedContext);
 };