Merge 170159

content/browser/fileapi/fileapi_message_filter.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/fileapi/fileapi_message_filter.h"
 
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
@@ skipping 506 matching lines @@
 
 void FileAPIMessageFilter::OnSyncGetPlatformPath(
     const GURL& path, FilePath* platform_path) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
   DCHECK(platform_path);
   *platform_path = FilePath();
   FileSystemURL url(path);
   if (!url.is_valid())
     return;
 
+  // Make sure if this file is ok to be read (in the current architecture
+  // which means roughly same as the renderer is allowed to get the platform
+  // path to the file).
+  base::PlatformFileError error;
+  if (!HasPermissionsForFile(url, kReadFilePermissions, &error))
+    return;
+
   // This is called only by pepper plugin as of writing to get the
   // underlying platform path to upload a file in the sandboxed filesystem
   // (e.g. TEMPORARY or PERSISTENT).
   // TODO(kinuko): this hack should go away once appropriate upload-stream
   // handling based on element types is supported.
   LocalFileSystemOperation* operation =
       context_->CreateFileSystemOperation(
           url, NULL)->AsLocalFileSystemOperation();
   DCHECK(operation);
-  if (operation)
-    operation->SyncGetPlatformPath(url, platform_path);
+  if (!operation)
+    return;
+
+  operation->SyncGetPlatformPath(url, platform_path);
+
+  // The path is to be attached to URLLoader so we grant read permission
+  // for the file. (We first need to check if it can already be read not to
+  // overwrite existing permissions)
+  if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanReadFile(
+          process_id_, *platform_path)) {
+    ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
+        process_id_, *platform_path);
+  }
 }
 
 void FileAPIMessageFilter::OnCreateSnapshotFile(
     int request_id, const GURL& blob_url, const GURL& path) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   FileSystemURL url(path);
   base::Callback<void(const FilePath&)> register_file_callback =
       base::Bind(&FileAPIMessageFilter::RegisterFileAsBlob,
                  this, blob_url, url.path());
 
@@ skipping 264 matching lines @@
 
     // Access permission to the file system overrides the file permission
     // (if and only if they accessed via an isolated file system).
     bool success = policy->HasPermissionsForFileSystem(
         process_id_, url.filesystem_id(), permissions);
     if (!success)
       *error = base::PLATFORM_FILE_ERROR_SECURITY;
     return success;
   }
 
+  if (fileapi::SandboxMountPointProvider::CanHandleType(url.type())) {
+    // Sandboxed file system permissions should be implicitly granted.
+    // (And the application should not be given direct permission to the actual
+    // data directory in the sandboxed area.)
+    CHECK(mount_point_provider == context_->sandbox_provider());
+    return true;
+  }
+
   file_path = mount_point_provider->GetPathForPermissionsCheck(url.path());
   if (file_path.empty()) {
     *error = base::PLATFORM_FILE_ERROR_SECURITY;
     return false;
   }
 
   bool success = policy->HasPermissionsForFile(
       process_id_, file_path, permissions);
   if (!success)
     *error = base::PLATFORM_FILE_ERROR_SECURITY;
@@ skipping 10 matching lines @@
     Send(new FileSystemMsg_DidFail(request_id, error_code));
     return NULL;
   }
 
   DCHECK(operation);
   operations_.AddWithID(operation, request_id);
   return operation;
 }
 
 }  // namespace content