Update the child process security policy to use explicit permission grants.

content/browser/child_process_security_policy_impl.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_
 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_
 
 
 #include <map>
 #include <set>
@@ skipping 19 matching lines @@
  public:
   // Object can only be created through GetInstance() so the constructor is
   // private.
   virtual ~ChildProcessSecurityPolicyImpl();
 
   static ChildProcessSecurityPolicyImpl* GetInstance();
 
   // ChildProcessSecurityPolicy implementation.
   virtual void RegisterWebSafeScheme(const std::string& scheme) OVERRIDE;
   virtual bool IsWebSafeScheme(const std::string& scheme) OVERRIDE;
-  virtual void GrantPermissionsForFile(int child_id,
-                                       const base::FilePath& file,
-                                       int permissions) OVERRIDE;
   virtual void GrantReadFile(int child_id, const base::FilePath& file) OVERRIDE;
+  virtual void GrantReadWriteFile(int child_id,
+                                  const base::FilePath& file) OVERRIDE;
+  virtual void GrantCreateWriteFile(int child_id,
+                                    const base::FilePath& file) OVERRIDE;
   virtual void GrantReadFileSystem(
       int child_id,
       const std::string& filesystem_id) OVERRIDE;
   virtual void GrantWriteFileSystem(
       int child_id,
       const std::string& filesystem_id) OVERRIDE;
   virtual void GrantCreateFileForFileSystem(
       int child_id,
       const std::string& filesystem_id) OVERRIDE;
   virtual void GrantScheme(int child_id, const std::string& scheme) OVERRIDE;
@@ skipping 95 matching lines @@
   // Only might return false if the very experimental
   // --enable-strict-site-isolation or --site-per-process flags are used.
   bool CanSendCookiesForOrigin(int child_id, const GURL& gurl);
 
   // Sets the process as only permitted to use and see the cookies for the
   // given origin.
   // Only used if the very experimental --enable-strict-site-isolation or
   // --site-per-process flags are used.
   void LockToOrigin(int child_id, const GURL& gurl);
 
-  // Grants access permission to the given isolated file system
-  // identified by |filesystem_id|.  See comments for
-  // ChildProcessSecurityPolicy::GrantReadFileSystem() for more details.
-  void GrantPermissionsForFileSystem(
-      int child_id,
-      const std::string& filesystem_id,
-      int permission);
-
   // Determines if certain permissions were granted for a file fystem.
   // |permissions| must be a bit-set of base::PlatformFileFlags.
   bool HasPermissionsForFileSystem(
       int child_id,
       const std::string& filesystem_id,
       int permission);
 
  private:
   friend class ChildProcessSecurityPolicyInProcessBrowserTest;
+  friend class ChildProcessSecurityPolicyTest;
   FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyInProcessBrowserTest,
                            NoLeak);
 
   class SecurityState;
 
   typedef std::set<std::string> SchemeSet;
   typedef std::map<int, SecurityState*> SecurityStateMap;
   typedef std::map<int, int> WorkerToMainProcessMap;
 
   // Obtain an instance of ChildProcessSecurityPolicyImpl via GetInstance().
   ChildProcessSecurityPolicyImpl();
   friend struct DefaultSingletonTraits<ChildProcessSecurityPolicyImpl>;
 
   // Adds child process during registration.
   void AddChild(int child_id);
 
   // Determines if certain permissions were granted for a file to given child
   // process. |permissions| must be a bit-set of base::PlatformFileFlags.
   bool ChildProcessHasPermissionsForFile(int child_id,
                                          const base::FilePath& file,
                                          int permissions);
 
+  // Grant a particular permission set for a file. |permissions| is a bit-set
+  // of base::PlatformFileFlags.
+  void GrantPermissionsForFile(int child_id,
+                               const base::FilePath& file,
+                               int permissions);
+
+  // Grants access permission to the given isolated file system
+  // identified by |filesystem_id|.  See comments for
+  // ChildProcessSecurityPolicy::GrantReadFileSystem() for more details.
+  void GrantPermissionsForFileSystem(
+      int child_id,
+      const std::string& filesystem_id,
+      int permission);
+
   // You must acquire this lock before reading or writing any members of this
   // class.  You must not block while holding this lock.
   base::Lock lock_;
 
   // These schemes are white-listed for all child processes.  This set is
   // protected by |lock_|.
   SchemeSet web_safe_schemes_;
 
   // These schemes do not actually represent retrievable URLs.  For example,
   // the the URLs in the "about" scheme are aliases to other URLs.  This set is
   // protected by |lock_|.
   SchemeSet pseudo_schemes_;
 
   // This map holds a SecurityState for each child process.  The key for the
   // map is the ID of the ChildProcessHost.  The SecurityState objects are
   // owned by this object and are protected by |lock_|.  References to them must
   // not escape this class.
   SecurityStateMap security_state_;
 
   // This maps keeps the record of which js worker thread child process
   // corresponds to which main js thread child process.
   WorkerToMainProcessMap worker_map_;
 
   DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl);
 };
 
 }  // namespace content
 
 #endif  // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_