PepperFileRefHost: Port to use explicit permission grants in ChildProcessSecurityPolicy.

content/browser/fileapi/browser_file_system_helper.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/fileapi/browser_file_system_helper.h"
 
 #include <string>
 #include <vector>
 
 #include "base/command_line.h"
@@ skipping 74 matching lines @@
   for (size_t i = 0; i < types.size(); ++i) {
     ChildProcessSecurityPolicyImpl::GetInstance()->
         RegisterFileSystemPermissionPolicy(
             types[i],
             fileapi::FileSystemContext::GetPermissionPolicy(types[i]));
   }
 
   return file_system_context;
 }
 
+bool FileSystemURLIsValid(
+    fileapi::FileSystemContext* context,
+    const fileapi::FileSystemURL& url) {
+  if (!url.is_valid())
+    return false;
+
+  return context->GetFileSystemBackend(url.type()) != NULL;
+}
+
 bool CheckFileSystemPermissionsForProcess(
     fileapi::FileSystemContext* context, int process_id,
     const fileapi::FileSystemURL& url, int permissions,
     base::PlatformFileError* error) {
   DCHECK(error);
-  *error = base::PLATFORM_FILE_OK;
 
-  if (!url.is_valid()) {
+  if (!FileSystemURLIsValid(context, url)) {
     *error = base::PLATFORM_FILE_ERROR_INVALID_URL;
     return false;
   }
 
-  fileapi::FileSystemBackend* mount_point_provider =
-      context->GetFileSystemBackend(url.type());
-  if (!mount_point_provider) {
-    *error = base::PLATFORM_FILE_ERROR_INVALID_URL;
+  if (!ChildProcessSecurityPolicyImpl::GetInstance()->
+          HasPermissionsForFileSystemFile(process_id, url, permissions)) {
+    *error = base::PLATFORM_FILE_ERROR_SECURITY;
     return false;
   }
 
-  base::FilePath file_path;
-  ChildProcessSecurityPolicyImpl* policy =
-      ChildProcessSecurityPolicyImpl::GetInstance();
-
-  if (policy->HasPermissionsForFileSystemFile(process_id, url, permissions))
-    return true;
-
-  *error = base::PLATFORM_FILE_ERROR_SECURITY;
-  return false;
+  *error = base::PLATFORM_FILE_OK;
+  return true;
 }
 
 void SyncGetPlatformPath(fileapi::FileSystemContext* context,
                          int process_id,
                          const GURL& path,
                          base::FilePath* platform_path) {
   DCHECK(context->task_runners()->file_task_runner()->
          RunsTasksOnCurrentThread());
   DCHECK(platform_path);
   *platform_path = base::FilePath();
   fileapi::FileSystemURL url(context->CrackURL(path));
-  if (!url.is_valid())
+  if (!FileSystemURLIsValid(context, url))
     return;
 
   // Make sure if this file is ok to be read (in the current architecture
   // which means roughly same as the renderer is allowed to get the platform
   // path to the file).
-  base::PlatformFileError error;
-  if (!CheckFileSystemPermissionsForProcess(
-      context, process_id, url, fileapi::kReadFilePermissions, &error))
+  ChildProcessSecurityPolicyImpl* policy =
+      ChildProcessSecurityPolicyImpl::GetInstance();
+  if (!policy->CanReadFileSystemFile(process_id, url))
     return;
 
   context->operation_runner()->SyncGetPlatformPath(url, platform_path);
 
   // The path is to be attached to URLLoader so we grant read permission
-  // for the file. (We first need to check if it can already be read not to
-  // overwrite existing permissions)
-  if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanReadFile(
-          process_id, *platform_path)) {
-    ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
-        process_id, *platform_path);
-  }
+  // for the file.
+  policy->GrantReadFile(process_id, *platform_path);

[kinuko, 2013/07/24 09:25:23]

Has situation changed so that we don't need to check it's readable first?

[tommycli, 2013/07/24 14:38:00]

Yes. It used to simply replace the granted permission. Now it does a bitwise OR
and adds the permission.

 }
 
 }  // namespace content