PepperFileRefHost: Port to use explicit permission grants in ChildProcessSecurityPolicy.

content/browser/fileapi/browser_file_system_helper.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/fileapi/browser_file_system_helper.h"
 
 #include <string>
 #include <vector>
 
 #include "base/command_line.h"
@@ skipping 74 matching lines @@
   for (size_t i = 0; i < types.size(); ++i) {
     ChildProcessSecurityPolicyImpl::GetInstance()->
         RegisterFileSystemPermissionPolicy(
             types[i],
             fileapi::FileSystemContext::GetPermissionPolicy(types[i]));
   }
 
   return file_system_context;
 }
 
+bool FileSystemURLIsValid(
+    fileapi::FileSystemContext* context,
+    const fileapi::FileSystemURL& url) {
+  if (!url.is_valid())
+    return false;
+
+  return context->GetFileSystemBackend(url.type()) != NULL;
+}
+
 bool CheckFileSystemPermissionsForProcess(
     fileapi::FileSystemContext* context, int process_id,
     const fileapi::FileSystemURL& url, int permissions,
     base::PlatformFileError* error) {
   DCHECK(error);
   *error = base::PLATFORM_FILE_OK;
 
-  if (!url.is_valid()) {
+  if (!FileSystemURLIsValid(context, url)) {
     *error = base::PLATFORM_FILE_ERROR_INVALID_URL;
     return false;
   }
-
-  fileapi::FileSystemBackend* mount_point_provider =
-      context->GetFileSystemBackend(url.type());
-  if (!mount_point_provider) {
-    *error = base::PLATFORM_FILE_ERROR_INVALID_URL;
-    return false;
-  }
 
   base::FilePath file_path;
   ChildProcessSecurityPolicyImpl* policy =
       ChildProcessSecurityPolicyImpl::GetInstance();
 
   if (policy->HasPermissionsForFileSystemFile(process_id, url, permissions))

[Tom Sepez, 2013/07/19 18:39:28]

nit: I'd prefer inverting this check, setting error and returning, making the
success path fall through to the end of the function.  Adding additional checks
later on gets easier this way.

[tommycli, 2013/07/23 21:12:35]

Done.

     return true;
 
   *error = base::PLATFORM_FILE_ERROR_SECURITY;
   return false;
 }
 
 void SyncGetPlatformPath(fileapi::FileSystemContext* context,
                          int process_id,
                          const GURL& path,
                          base::FilePath* platform_path) {
   DCHECK(context->task_runners()->file_task_runner()->
          RunsTasksOnCurrentThread());
   DCHECK(platform_path);
   *platform_path = base::FilePath();
   fileapi::FileSystemURL url(context->CrackURL(path));
-  if (!url.is_valid())
+  if (!FileSystemURLIsValid(context, url))
     return;
 
   // Make sure if this file is ok to be read (in the current architecture
   // which means roughly same as the renderer is allowed to get the platform
   // path to the file).
-  base::PlatformFileError error;
-  if (!CheckFileSystemPermissionsForProcess(
-      context, process_id, url, fileapi::kReadFilePermissions, &error))
+  ChildProcessSecurityPolicyImpl* policy =
+      ChildProcessSecurityPolicyImpl::GetInstance();
+  if (!policy->CanReadFileSystemFile(process_id, url))
     return;
 
   context->operation_runner()->SyncGetPlatformPath(url, platform_path);
 
   // The path is to be attached to URLLoader so we grant read permission
   // for the file. (We first need to check if it can already be read not to
   // overwrite existing permissions)
-  if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanReadFile(
-          process_id, *platform_path)) {
-    ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
-        process_id, *platform_path);
-  }
+  if (!policy->CanReadFile(process_id, *platform_path))

[Tom Sepez, 2013/07/19 18:39:28]

Is this still the case?  Don't the permissions have to or with each other now?
Considering each one of these is a lock get, I'd like to just set it
irrespectively.

[tommycli, 2013/07/23 21:12:35]

Done. I see no harm in setting it irrespectively.

+    policy->GrantReadFile(process_id, *platform_path);
 }
 
 }  // namespace content