Loosen permission on extension temp dir when a flag is used.

base/file_util_win.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/file_util.h"
 
 #include <windows.h>
 #include <propvarutil.h>
 #include <psapi.h>
 #include <shellapi.h>
@@ skipping 45 matching lines @@
     // Move to the next drive letter string, which starts one
     // increment after the '\0' that terminates the current string.
     while(*drive_map_ptr++);
   }
 
   // No drive matched.  The path does not start with a device junction.
   *drive_letter_path = device_path;
   return true;
 }
 
+// Build a security descriptor with the weakest possible file permissions.
+bool InitLooseSecurityDescriptor(SECURITY_ATTRIBUTES *sa,
+                                 SECURITY_DESCRIPTOR *sd) {
+  DWORD last_error;
+
+  if (!InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION)) {
+    last_error = GetLastError();
+    LOG(ERROR) << "InitializeSecurityDescriptor failed: GetLastError() = "
+               << last_error;
+    return false;
+  }
+
+  if (!SetSecurityDescriptorDacl(sd,
+                                 TRUE,  // bDaclPresent: Add one to |sd|.
+                                 NULL,  // pDacl: NULL means allow all access.
+                                 FALSE  // bDaclDefaulted: Not defaulted.
+                                 )) {
+    last_error = GetLastError();
+    LOG(ERROR) << "SetSecurityDescriptorDacl() failed: GetLastError() = "
+               << last_error;
+    return false;
+  }
+
+  if (!SetSecurityDescriptorGroup(sd,
+                                  NULL,  // pGroup: No no primary group.
+                                  FALSE  // bGroupDefaulted: Not defaulted.
+                                  )) {
+    last_error = GetLastError();
+    LOG(ERROR) << "SetSecurityDescriptorGroup() failed: GetLastError() = "
+               << last_error;
+    return false;
+  }
+
+  if (!SetSecurityDescriptorSacl(sd,
+                                 FALSE,  // bSaclPresent: No SACL.
+                                 NULL,
+                                 FALSE
+                                 )) {
+    last_error = GetLastError();
+    LOG(ERROR) << "SetSecurityDescriptorSacl() failed: GetLastError() = "
+               << last_error;
+    return false;
+  }
+
+  sa->nLength = sizeof(SECURITY_ATTRIBUTES);
+  sa->lpSecurityDescriptor = sd;
+  sa->bInheritHandle = TRUE;
+  return true;
+}
+
 }  // namespace
 
 std::wstring GetDirectoryFromPath(const std::wstring& path) {
   wchar_t path_buffer[MAX_PATH];
   wchar_t* file_ptr = NULL;
   if (GetFullPathName(path.c_str(), MAX_PATH, path_buffer, &file_ptr) == 0)
     return L"";
 
   std::wstring::size_type length =
       file_ptr ? file_ptr - path_buffer : path.length();
@@ skipping 467 matching lines @@
   }
 
   std::wstring temp_file_str;
   temp_file_str.assign(temp_name, path_len);
   *temp_file = FilePath(temp_file_str);
   return true;
 }
 
 bool CreateTemporaryDirInDir(const FilePath& base_dir,
                              const FilePath::StringType& prefix,
+                             bool loosen_permissions,
                              FilePath* new_dir) {
+  SECURITY_ATTRIBUTES sa;
+  SECURITY_DESCRIPTOR sd;
+
+  LPSECURITY_ATTRIBUTES directory_security_attributes = NULL;
+  if (loosen_permissions) {
+    if (InitLooseSecurityDescriptor(&sa, &sd))
+      directory_security_attributes = &sa;
+    else
+      LOG(ERROR) << "Failed to init security attributes, fall back to NULL.";
+  }
+
   FilePath path_to_create;
   srand(static_cast<uint32>(time(NULL)));
 
   int count = 0;
   while (count < 50) {
     // Try create a new temporary directory with random generated name. If
     // the one exists, keep trying another path name until we reach some limit.
     path_to_create = base_dir;
 
     std::wstring new_dir_name;
     new_dir_name.assign(prefix);
     new_dir_name.append(IntToWString(rand() % kint16max));
 
     path_to_create = path_to_create.Append(new_dir_name);
-    if (::CreateDirectory(path_to_create.value().c_str(), NULL))
+    if (::CreateDirectory(path_to_create.value().c_str(),
+                          directory_security_attributes))
       break;
     count++;
   }
 
   if (count == 50) {
     return false;
   }
 
   *new_dir = path_to_create;
+
   return true;
 }
 
 bool CreateNewTempDirectory(const FilePath::StringType& prefix,
                             FilePath* new_temp_path) {
   FilePath system_temp_dir;
   if (!GetTempDir(&system_temp_dir))
     return false;
 
-  return CreateTemporaryDirInDir(system_temp_dir, prefix, new_temp_path);
+  return CreateTemporaryDirInDir(system_temp_dir,
+                                 prefix,
+                                 false,
+                                 new_temp_path);
 }
 
 bool CreateDirectory(const FilePath& full_path) {
   return file_util::CreateDirectoryExtraLogging(full_path, LOG(INFO));
 }
 
 // TODO(skerner): Extra logging has been added to understand crbug/35198 .
 // Remove it once we get a log from a user who can reproduce the issue.
 bool CreateDirectoryExtraLogging(const FilePath& full_path,
                                  std::ostream& log) {
@@ skipping 429 matching lines @@
     // will find a drive letter which maps to the path's device, so
     // that we return a path starting with a drive letter.
     FilePath mapped_file(mapped_file_path);
     success = DevicePathToDriveLetterPath(mapped_file, real_path);
   }
   UnmapViewOfFile(file_view);
   return success;
 }
 
 }  // namespace file_util