Update the child process security policy to use explicit permission grants.

content/public/browser/child_process_security_policy.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
 #define CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_
 
 #include <string>
 
 #include "base/basictypes.h"
@@ skipping 22 matching lines @@
   static CONTENT_EXPORT ChildProcessSecurityPolicy* GetInstance();
 
   // Web-safe schemes can be requested by any child process.  Once a web-safe
   // scheme has been registered, any child process can request URLs with
   // that scheme.  There is no mechanism for revoking web-safe schemes.
   virtual void RegisterWebSafeScheme(const std::string& scheme) = 0;
 
   // Returns true iff |scheme| has been registered as a web-safe scheme.
   virtual bool IsWebSafeScheme(const std::string& scheme) = 0;
 
-  // Grants certain permissions to a file. |permissions| must be a bit-set of
-  // base::PlatformFileFlags.
-  virtual void GrantPermissionsForFile(int child_id,
-                                       const base::FilePath& file,
-                                       int permissions) = 0;
-
   // Before servicing a child process's request to upload a file to the web, the
   // browser should call this method to determine whether the process has the
   // capability to upload the requested file.
   virtual bool CanReadFile(int child_id, const base::FilePath& file) = 0;
 
   // Whenever the user picks a file from a <input type="file"> element, the
   // browser should call this function to grant the child process the capability
-  // to upload the file to the web.
+  // to upload the file to the web. Grants FILE_PERMISSION_READ_ONLY.
   virtual void GrantReadFile(int child_id, const base::FilePath& file) = 0;
 
+  // This permission grants creation, read, and full write access to a file,

[Tom Sepez, 2013/07/09 18:52:50]

nit: maybe this should be called GrantCreateReadWriteFile.

[Greg Billock, 2013/07/09 21:09:50]

Done.

+  // including attributes.
+  virtual void GrantReadWriteFile(int child_id, const base::FilePath& file) = 0;
+
+  // This permission grants creation and write access to a file.
+  virtual void GrantCreateWriteFile(int child_id,
+                                    const base::FilePath& file) = 0;
+
   // Grants read access permission to the given isolated file system
   // identified by |filesystem_id|. An isolated file system can be
   // created for a set of native files/directories (like dropped files)
   // using fileapi::IsolatedContext. A child process needs to be granted
   // permission to the file system to access the files in it using
   // file system URL.
   //
   // Note: to grant read access to the content of files you also need
   // to give permission directly to the file paths using GrantReadFile.
   // TODO(kinuko): We should unify this file-level and file-system-level
@@ skipping 38 matching lines @@
 
   // Returns true iff read and write access has been granted to the filesystem
   // with |filesystem_id|.
   virtual bool CanReadWriteFileSystem(int child_id,
                                       const std::string& filesystem_id) = 0;
 };
 
 };  // namespace content
 
 #endif  // CONTENT_PUBLIC_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_