Pepper Message Filters: Port to use explicit permission grants in ChildProcessSecurityPolicy.

content/public/browser/child_process_security_policy.h

Index: content/public/browser/child_process_security_policy.h
diff --git a/content/public/browser/child_process_security_policy.h b/content/public/browser/child_process_security_policy.h
index 62d90a92eb8658bd13f5dd8838c7249877a96e20..3fd0f768dc8ef32b29e0a0823f245ca111a98ee7 100644
--- a/content/public/browser/child_process_security_policy.h
+++ b/content/public/browser/child_process_security_policy.h
@@ -66,6 +66,11 @@ class ChildProcessSecurityPolicy {
   virtual bool CanCreateFile(int child_id, const base::FilePath& file) = 0;
   virtual bool CanCreateWriteFile(int child_id, const base::FilePath& file) = 0;
 
+  // Special support for Pepper plugin open file requests. Translates the
+  // Pepper open flags to the specific grants supported by the policy.
+  bool HasPermissionsForPepperMode(int child_id, const base::FilePath& file,

[jam, 2013/07/22 23:46:41]

nit: since this is used only by content, put it on
ChildProcessSecurityPolicyImpl and not the interface

[tommycli, 2013/07/23 22:21:35]

Whoops this was just leftover. This has been put into PepperSecurityHelper
class.

+                                   int pp_open_flags);
+
   // Grants read access permission to the given isolated file system
   // identified by |filesystem_id|. An isolated file system can be
   // created for a set of native files/directories (like dropped files)