Chromium Code Reviews Chromium Code Reviews
Issue 19770009:
PepperFileRefHost: Port to use explicit permission grants in ChildProcessSecurityPolicy. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@0044-write-support-remove-child-process-security-policy-bitmask-usage| Index: content/browser/renderer_host/pepper/pepper_internal_file_ref_backend.cc |
| diff --git a/content/browser/renderer_host/pepper/pepper_internal_file_ref_backend.cc b/content/browser/renderer_host/pepper/pepper_internal_file_ref_backend.cc |
| index 4a5cbb0b29b9f2dafeedb985fca29163f761bd31..337807d34e146da5cb2df4198c7320208253d0af 100644 |
| --- a/content/browser/renderer_host/pepper/pepper_internal_file_ref_backend.cc |
| +++ b/content/browser/renderer_host/pepper/pepper_internal_file_ref_backend.cc |
| @@ -9,6 +9,7 @@ |
| #include "base/callback.h" |
| #include "base/file_util.h" |
| #include "base/files/file_util_proxy.h" |
| +#include "content/browser/child_process_security_policy_impl.h" |
| #include "content/browser/fileapi/browser_file_system_helper.h" |
| #include "content/browser/renderer_host/pepper/pepper_file_system_browser_host.h" |
| #include "content/public/browser/browser_context.h" |
| @@ -256,14 +257,50 @@ int32_t PepperInternalFileRefBackend::GetAbsolutePath( |
| return PP_OK_COMPLETIONPENDING; |
| } |
| -int32_t PepperInternalFileRefBackend::HasPermissions(int permissions) const { |
| - base::PlatformFileError error; |
| - CheckFileSystemPermissionsForProcess(GetFileSystemContext().get(), |
| - render_process_id_, |
| - GetFileSystemURL(), |
| - permissions, |
| - &error); |
| - return ppapi::PlatformFileErrorToPepperError(error); |
| +int32_t PepperInternalFileRefBackend::CanRead() const { |
| + fileapi::FileSystemURL url = GetFileSystemURL(); |
| + if (!FileSystemURLIsValid(GetFileSystemContext().get(), url)) |
| + return PP_ERROR_FAILED; |
|
dmichael (off chromium)
2013/07/24 17:27:44
teravest: Do you know what we would do in the case
teravest
2013/07/24 17:51:21
I'll look into this; the old code would just pass
tommycli
2013/07/24 18:05:30
CheckFileSystemPermissionsForProcess would return
tommycli
2013/07/24 20:53:09
Yeah it's kind of weird. Probably because You have
|
| + if (!ChildProcessSecurityPolicyImpl::GetInstance()-> |
| + CanReadFileSystemFile(render_process_id_, url)) { |
| + return PP_ERROR_NOACCESS; |
| + } |
| + return PP_OK; |
| +} |
| + |
| +int32_t PepperInternalFileRefBackend::CanWrite() const { |
| + fileapi::FileSystemURL url = GetFileSystemURL(); |
| + if (!FileSystemURLIsValid(GetFileSystemContext().get(), url)) |
| + return PP_ERROR_FAILED; |
| + if (!ChildProcessSecurityPolicyImpl::GetInstance()-> |
| + CanWriteFileSystemFile(render_process_id_, url)) { |
| + return PP_ERROR_NOACCESS; |
| + } |
| + return PP_OK; |
| +} |
| + |
| +int32_t PepperInternalFileRefBackend::CanCreate() const { |
| + fileapi::FileSystemURL url = GetFileSystemURL(); |
| + if (!FileSystemURLIsValid(GetFileSystemContext().get(), url)) |
| + return PP_ERROR_FAILED; |
| + if (!ChildProcessSecurityPolicyImpl::GetInstance()-> |
| + CanCreateFileSystemFile(render_process_id_, url)) { |
| + return PP_ERROR_NOACCESS; |
| + } |
| + return PP_OK; |
| +} |
| + |
| +int32_t PepperInternalFileRefBackend::CanReadWrite() const { |
| + fileapi::FileSystemURL url = GetFileSystemURL(); |
| + if (!FileSystemURLIsValid(GetFileSystemContext().get(), url)) |
| + return PP_ERROR_FAILED; |
| + ChildProcessSecurityPolicyImpl* policy = |
| + ChildProcessSecurityPolicyImpl::GetInstance(); |
| + if (!policy->CanReadFileSystemFile(render_process_id_, url) || |
| + !policy->CanWriteFileSystemFile(render_process_id_, url)) { |
| + return PP_ERROR_NOACCESS; |
| + } |
| + return PP_OK; |
| } |
| } // namespace content |
