| Index: content/browser/fileapi/fileapi_message_filter.cc
|
| diff --git a/content/browser/fileapi/fileapi_message_filter.cc b/content/browser/fileapi/fileapi_message_filter.cc
|
| index 446cb8f1133c1e7c20ac7403e1d96bd916edb06c..14981da7de898f77174ffbb01208abcfd6c1c2f8 100644
|
| --- a/content/browser/fileapi/fileapi_message_filter.cc
|
| +++ b/content/browser/fileapi/fileapi_message_filter.cc
|
| @@ -54,6 +54,56 @@ void RevokeFilePermission(int child_id, const base::FilePath& path) {
|
| child_id, path);
|
| }
|
|
|
| +// Check whether a process has permission to access the file system URL.
|
| +bool CheckFilePermissionsForProcess(
|
| + fileapi::FileSystemContext* context, int process_id,
|
| + const FileSystemURL& url, int permissions, base::PlatformFileError* error) {
|
| + DCHECK(error);
|
| + *error = base::PLATFORM_FILE_OK;
|
| +
|
| + if (!url.is_valid()) {
|
| + *error = base::PLATFORM_FILE_ERROR_INVALID_URL;
|
| + return false;
|
| + }
|
| +
|
| + FileSystemMountPointProvider* mount_point_provider =
|
| + context->GetMountPointProvider(url.type());
|
| + if (!mount_point_provider) {
|
| + *error = base::PLATFORM_FILE_ERROR_INVALID_URL;
|
| + return false;
|
| + }
|
| +
|
| + base::FilePath file_path;
|
| + ChildProcessSecurityPolicyImpl* policy =
|
| + ChildProcessSecurityPolicyImpl::GetInstance();
|
| +
|
| + switch (mount_point_provider->GetPermissionPolicy(url, permissions)) {
|
| + case fileapi::FILE_PERMISSION_ALWAYS_DENY:
|
| + *error = base::PLATFORM_FILE_ERROR_SECURITY;
|
| + return false;
|
| + case fileapi::FILE_PERMISSION_ALWAYS_ALLOW:
|
| + CHECK(mount_point_provider == context->sandbox_provider());
|
| + return true;
|
| + case fileapi::FILE_PERMISSION_USE_FILE_PERMISSION: {
|
| + const bool success = policy->HasPermissionsForFile(
|
| + process_id, url.path(), permissions);
|
| + if (!success)
|
| + *error = base::PLATFORM_FILE_ERROR_SECURITY;
|
| + return success;
|
| + }
|
| + case fileapi::FILE_PERMISSION_USE_FILESYSTEM_PERMISSION: {
|
| + const bool success = policy->HasPermissionsForFileSystem(
|
| + process_id, url.filesystem_id(), permissions);
|
| + if (!success)
|
| + *error = base::PLATFORM_FILE_ERROR_SECURITY;
|
| + return success;
|
| + }
|
| + }
|
| + NOTREACHED();
|
| + *error = base::PLATFORM_FILE_ERROR_SECURITY;
|
| + return false;
|
| +}
|
| +
|
| } // namespace
|
|
|
| FileAPIMessageFilter::FileAPIMessageFilter(
|
| @@ -295,6 +345,7 @@ void FileAPIMessageFilter::OnCreate(
|
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
|
| base::PlatformFileError error;
|
| FileSystemURL url(context_->CrackURL(path));
|
| +
|
| if (!HasPermissionsForFile(url, fileapi::kCreateFilePermissions, &error)) {
|
| Send(new FileSystemMsg_DidFail(request_id, error));
|
| return;
|
| @@ -504,12 +555,15 @@ void FileAPIMessageFilter::OnDidUpdate(const GURL& path, int64 delta) {
|
| observers->Notify(&FileUpdateObserver::OnEndUpdate, MakeTuple(url));
|
| }
|
|
|
| -void FileAPIMessageFilter::OnSyncGetPlatformPath(
|
| - const GURL& path, base::FilePath* platform_path) {
|
| +void FileAPIMessageFilter::SyncGetPlatformPath(
|
| + fileapi::FileSystemContext* context,
|
| + int process_id,
|
| + const GURL& path,
|
| + base::FilePath* platform_path) {
|
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
|
| DCHECK(platform_path);
|
| *platform_path = base::FilePath();
|
| - FileSystemURL url(context_->CrackURL(path));
|
| + FileSystemURL url(context->CrackURL(path));
|
| if (!url.is_valid())
|
| return;
|
|
|
| @@ -517,7 +571,8 @@ void FileAPIMessageFilter::OnSyncGetPlatformPath(
|
| // which means roughly same as the renderer is allowed to get the platform
|
| // path to the file).
|
| base::PlatformFileError error;
|
| - if (!HasPermissionsForFile(url, fileapi::kReadFilePermissions, &error))
|
| + if (!CheckFilePermissionsForProcess(context, process_id, url,
|
| + fileapi::kReadFilePermissions, &error))
|
| return;
|
|
|
| // This is called only by pepper plugin as of writing to get the
|
| @@ -526,7 +581,7 @@ void FileAPIMessageFilter::OnSyncGetPlatformPath(
|
| // TODO(kinuko): this hack should go away once appropriate upload-stream
|
| // handling based on element types is supported.
|
| LocalFileSystemOperation* operation =
|
| - context_->CreateFileSystemOperation(
|
| + context->CreateFileSystemOperation(
|
| url, NULL)->AsLocalFileSystemOperation();
|
| DCHECK(operation);
|
| if (!operation)
|
| @@ -538,12 +593,18 @@ void FileAPIMessageFilter::OnSyncGetPlatformPath(
|
| // for the file. (We first need to check if it can already be read not to
|
| // overwrite existing permissions)
|
| if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanReadFile(
|
| - process_id_, *platform_path)) {
|
| + process_id, *platform_path)) {
|
| ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
|
| - process_id_, *platform_path);
|
| + process_id, *platform_path);
|
| }
|
| }
|
|
|
| +void FileAPIMessageFilter::OnSyncGetPlatformPath(
|
| + const GURL& path, base::FilePath* platform_path) {
|
| + FileAPIMessageFilter::SyncGetPlatformPath(context_, process_id_,
|
| + path, platform_path);
|
| +}
|
| +
|
| void FileAPIMessageFilter::OnCreateSnapshotFile(
|
| int request_id, const GURL& path) {
|
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
|
| @@ -898,50 +959,8 @@ void FileAPIMessageFilter::RegisterFileAsBlob(
|
|
|
| bool FileAPIMessageFilter::HasPermissionsForFile(
|
| const FileSystemURL& url, int permissions, base::PlatformFileError* error) {
|
| - DCHECK(error);
|
| - *error = base::PLATFORM_FILE_OK;
|
| -
|
| - if (!url.is_valid()) {
|
| - *error = base::PLATFORM_FILE_ERROR_INVALID_URL;
|
| - return false;
|
| - }
|
| -
|
| - FileSystemMountPointProvider* mount_point_provider =
|
| - context_->GetMountPointProvider(url.type());
|
| - if (!mount_point_provider) {
|
| - *error = base::PLATFORM_FILE_ERROR_INVALID_URL;
|
| - return false;
|
| - }
|
| -
|
| - base::FilePath file_path;
|
| - ChildProcessSecurityPolicyImpl* policy =
|
| - ChildProcessSecurityPolicyImpl::GetInstance();
|
| -
|
| - switch (mount_point_provider->GetPermissionPolicy(url, permissions)) {
|
| - case fileapi::FILE_PERMISSION_ALWAYS_DENY:
|
| - *error = base::PLATFORM_FILE_ERROR_SECURITY;
|
| - return false;
|
| - case fileapi::FILE_PERMISSION_ALWAYS_ALLOW:
|
| - CHECK(mount_point_provider == context_->sandbox_provider());
|
| - return true;
|
| - case fileapi::FILE_PERMISSION_USE_FILE_PERMISSION: {
|
| - const bool success = policy->HasPermissionsForFile(
|
| - process_id_, url.path(), permissions);
|
| - if (!success)
|
| - *error = base::PLATFORM_FILE_ERROR_SECURITY;
|
| - return success;
|
| - }
|
| - case fileapi::FILE_PERMISSION_USE_FILESYSTEM_PERMISSION: {
|
| - const bool success = policy->HasPermissionsForFileSystem(
|
| - process_id_, url.filesystem_id(), permissions);
|
| - if (!success)
|
| - *error = base::PLATFORM_FILE_ERROR_SECURITY;
|
| - return success;
|
| - }
|
| - }
|
| - NOTREACHED();
|
| - *error = base::PLATFORM_FILE_ERROR_SECURITY;
|
| - return false;
|
| + return CheckFilePermissionsForProcess(context_, process_id_, url,
|
| + permissions, error);
|
| }
|
|
|
| FileSystemOperation* FileAPIMessageFilter::GetNewOperation(
|
|
|
Chromium Code Reviews
Issue 12595005:
Parsing filesystem url before giving it to media player (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src