Update the child process security policy to use explicit permission grants.

chrome/browser/chromeos/extensions/file_manager/file_handler_util.cc

Index: chrome/browser/chromeos/extensions/file_manager/file_handler_util.cc
diff --git a/chrome/browser/chromeos/extensions/file_manager/file_handler_util.cc b/chrome/browser/chromeos/extensions/file_manager/file_handler_util.cc
index 37fbecebb735b34634aac81f112e187cd08ef9b1..1e1aba3d94cc67f4411fb6be2d4ad425e4a63f21 100644
--- a/chrome/browser/chromeos/extensions/file_manager/file_handler_util.cc
+++ b/chrome/browser/chromeos/extensions/file_manager/file_handler_util.cc
@@ -62,23 +62,6 @@ const char kDriveTaskExtensionPrefix[] = "drive-app:";
 const size_t kDriveTaskExtensionPrefixLength =
     arraysize(kDriveTaskExtensionPrefix) - 1;
 
-const int kReadWriteFilePermissions = base::PLATFORM_FILE_OPEN |
-                                      base::PLATFORM_FILE_CREATE |
-                                      base::PLATFORM_FILE_OPEN_ALWAYS |
-                                      base::PLATFORM_FILE_CREATE_ALWAYS |
-                                      base::PLATFORM_FILE_OPEN_TRUNCATED |
-                                      base::PLATFORM_FILE_READ |
-                                      base::PLATFORM_FILE_WRITE |
-                                      base::PLATFORM_FILE_EXCLUSIVE_READ |
-                                      base::PLATFORM_FILE_EXCLUSIVE_WRITE |
-                                      base::PLATFORM_FILE_ASYNC |
-                                      base::PLATFORM_FILE_WRITE_ATTRIBUTES;
-
-const int kReadOnlyFilePermissions = base::PLATFORM_FILE_OPEN |
-                                     base::PLATFORM_FILE_READ |
-                                     base::PLATFORM_FILE_EXCLUSIVE_READ |
-                                     base::PLATFORM_FILE_ASYNC;
-
 // Returns process id of the process the extension is running in.
 int ExtractProcessFromExtensionId(Profile* profile,
                                   const std::string& extension_id) {
@@ -109,22 +92,6 @@ const FileBrowserHandler* FindFileBrowserHandler(const Extension* extension,
   return NULL;
 }
 
-unsigned int GetAccessPermissionsForFileBrowserHandler(
-    const Extension* extension,
-    const std::string& action_id) {
-  const FileBrowserHandler* action =
-      FindFileBrowserHandler(extension, action_id);
-  if (!action)
-    return 0;
-  unsigned int result = 0;
-  if (action->CanRead())
-    result |= kReadOnlyFilePermissions;
-  if (action->CanWrite())
-    result |= kReadWriteFilePermissions;
-  // TODO(tbarzic): We don't handle Create yet.
-  return result;
-}
-
 std::string EscapedUtf8ToLower(const std::string& str) {
   string16 utf16 = UTF8ToUTF16(
       net::UnescapeURLComponent(str, net::UnescapeRule::NORMAL));
@@ -270,14 +237,6 @@ std::string GetDefaultTaskIdFromPrefs(Profile* profile,
   return task_id;
 }
 
-int GetReadWritePermissions() {
-  return kReadWriteFilePermissions;
-}
-
-int GetReadOnlyPermissions() {
-  return kReadOnlyFilePermissions;
-}
-
 std::string MakeTaskID(const std::string& extension_id,
                        const std::string& task_type,
                        const std::string& action_id) {
@@ -881,13 +840,21 @@ void ExtensionTaskExecutor::SetupHandlerHostFileAccessPermissions(
     const FileDefinitionList& file_list,
     const Extension* extension,
     int handler_pid) {
+  const FileBrowserHandler* action = FindFileBrowserHandler(extension_,
+                                                            action_id_);
   for (FileDefinitionList::const_iterator iter = file_list.begin();
        iter != file_list.end();
        ++iter) {
-    content::ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile(
-        handler_pid,
-        iter->absolute_path,
-        GetAccessPermissionsForFileBrowserHandler(extension_, action_id_));
+    if (!action)
+      continue;
+    if (action->CanRead()) {
+      content::ChildProcessSecurityPolicy::GetInstance()->GrantReadFile(

[vandebo (ex-Chrome), 2013/06/27 22:35:17]

read is a subset of readwrite, so we really only need to do one or the other
here.  How about:

if (action->CanWrite()) {
  grant read write
} else if (action->CanRead()) {
  grant read
}

?

[Greg Billock, 2013/06/28 18:40:33]

I saw this, but decided to preserve the calls since we'll likely move to
specific security-policy permissions that might not be direct subsets.

On 2013/06/27 22:35:17, vandebo wrote:

+          handler_pid, iter->absolute_path);
+    }
+    if (action->CanWrite()) {
+      content::ChildProcessSecurityPolicy::GetInstance()->GrantReadWriteFile(
+          handler_pid, iter->absolute_path);
+    }
   }
 }