Loosen permission on extension temp dir when a flag is used.

chrome/browser/extensions/sandboxed_extension_unpacker.cc

 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/sandboxed_extension_unpacker.h"
 
 #include <set>
 
 #include "base/base64.h"
 #include "base/crypto/signature_verifier.h"
@@ skipping 24 matching lines @@
     : crx_path_(crx_path), temp_path_(temp_path),
       thread_identifier_(ChromeThread::ID_COUNT),
       rdh_(rdh), client_(client), got_response_(false) {
 }
 
 void SandboxedExtensionUnpacker::Start() {
   // We assume that we are started on the thread that the client wants us to do
   // file IO on.
   CHECK(ChromeThread::GetCurrentThreadIdentifier(&thread_identifier_));
 
+  // To understand crbug/35198, allow users who can reproduce the bug
+  // to loosen permissions on the scoped directory.
+  bool loosen_permissions = false;
+#if defined (OS_WIN)
+  loosen_permissions = CommandLine::ForCurrentProcess()->HasSwitch(
+      switches::kIssue35198Permission);
+  LOG(INFO) << "loosen_permissions = " << loosen_permissions;
+#endif
+
   // Create a temporary directory to work in.
-  if (!temp_dir_.CreateUniqueTempDirUnderPath(temp_path_)) {
+  if (!temp_dir_.CreateUniqueTempDirUnderPath(temp_path_,
+                                              loosen_permissions)) {
     ReportFailure("Could not create temporary directory.");
     return;
   }
 
   // Initialize the path that will eventually contain the unpacked extension.
   extension_root_ = temp_dir_.path().AppendASCII(
       extension_filenames::kTempExtensionName);
 
+  // To understand crbug/35198, allow users who can reproduce the bug to
+  // create the unpack directory in the browser process.
+  bool crxdir_in_browser = CommandLine::ForCurrentProcess()->HasSwitch(
+      switches::kIssue35198CrxDirBrowser);
+  LOG(INFO) << "crxdir_in_browser = " << crxdir_in_browser;
+  if (crxdir_in_browser && !file_util::CreateDirectory(extension_root_)) {
+    LOG(ERROR) << "Failed to create directory " << extension_root_.value();
+  }
+
   // Extract the public key and validate the package.
   if (!ValidateSignature())
     return;  // ValidateSignature() already reported the error.
 
   // Copy the crx file into our working directory.
   FilePath temp_crx_path = temp_dir_.path().Append(crx_path_.BaseName());
   if (!file_util::CopyFile(crx_path_, temp_crx_path)) {
     ReportFailure("Failed to copy extension file to temporary directory.");
     return;
   }
 
   // The utility process will have access to the directory passed to
   // SandboxedExtensionUnpacker.  That directory should not contain a
   // symlink or NTFS junction, because when the path is used, following
   // the link will cause file system access outside the sandbox path.
   FilePath normalized_crx_path;
   if (!file_util::NormalizeFilePath(temp_crx_path, &normalized_crx_path)) {
-    // TODO(skerner): Remove this logging once crbug/13044 is fixed.
-    // This bug is starred by many users who have some kind of link.
-    // If NormalizeFilePath() fails we want to see it in the logs they send.
     LOG(ERROR) << "Could not get the normalized path of "
                << temp_crx_path.value();
     normalized_crx_path = temp_crx_path;
   } else {
     LOG(INFO) << "RealFilePath: from " << temp_crx_path.value()
               << " to " << normalized_crx_path.value();
   }
 
   // If we are supposed to use a subprocess, kick off the subprocess.
   //
@@ skipping 307 matching lines @@
     if (!file_util::WriteFile(path,
                               catalog_json.c_str(),
                               catalog_json.size())) {
       ReportFailure("Error saving catalog.");
       return false;
     }
   }
 
   return true;
 }