Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(609)

Unified Diff: content/browser/fileapi/browser_file_system_helper.cc

Issue 19770009: PepperFileRefHost: Port to use explicit permission grants in ChildProcessSecurityPolicy. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@0044-write-support-remove-child-process-security-policy-bitmask-usage
Patch Set: Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/browser/fileapi/browser_file_system_helper.cc
diff --git a/content/browser/fileapi/browser_file_system_helper.cc b/content/browser/fileapi/browser_file_system_helper.cc
index e8e81ce12362aa51871e5bc12a3da4d6705d8200..56f47bdb6e4968133944f05e9469d83d1862388c 100644
--- a/content/browser/fileapi/browser_file_system_helper.cc
+++ b/content/browser/fileapi/browser_file_system_helper.cc
@@ -92,6 +92,15 @@ scoped_refptr<fileapi::FileSystemContext> CreateFileSystemContext(
return file_system_context;
}
+bool FileSystemURLIsValid(
+ fileapi::FileSystemContext* context,
+ const fileapi::FileSystemURL& url) {
+ if (!url.is_valid())
+ return false;
+
+ return context->GetFileSystemBackend(url.type()) != NULL;
+}
+
bool CheckFileSystemPermissionsForProcess(
fileapi::FileSystemContext* context, int process_id,
const fileapi::FileSystemURL& url, int permissions,
@@ -99,14 +108,7 @@ bool CheckFileSystemPermissionsForProcess(
DCHECK(error);
*error = base::PLATFORM_FILE_OK;
- if (!url.is_valid()) {
- *error = base::PLATFORM_FILE_ERROR_INVALID_URL;
- return false;
- }
-
- fileapi::FileSystemBackend* mount_point_provider =
- context->GetFileSystemBackend(url.type());
- if (!mount_point_provider) {
+ if (!FileSystemURLIsValid(context, url)) {
*error = base::PLATFORM_FILE_ERROR_INVALID_URL;
return false;
}
@@ -131,15 +133,15 @@ void SyncGetPlatformPath(fileapi::FileSystemContext* context,
DCHECK(platform_path);
*platform_path = base::FilePath();
fileapi::FileSystemURL url(context->CrackURL(path));
- if (!url.is_valid())
+ if (!FileSystemURLIsValid(context, url))
return;
// Make sure if this file is ok to be read (in the current architecture
// which means roughly same as the renderer is allowed to get the platform
// path to the file).
- base::PlatformFileError error;
- if (!CheckFileSystemPermissionsForProcess(
- context, process_id, url, fileapi::kReadFilePermissions, &error))
+ ChildProcessSecurityPolicyImpl* policy =
+ ChildProcessSecurityPolicyImpl::GetInstance();
+ if (!policy->CanReadFileSystemFile(process_id, url))
return;
context->operation_runner()->SyncGetPlatformPath(url, platform_path);
@@ -147,11 +149,8 @@ void SyncGetPlatformPath(fileapi::FileSystemContext* context,
// The path is to be attached to URLLoader so we grant read permission
// for the file. (We first need to check if it can already be read not to
// overwrite existing permissions)
- if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanReadFile(
- process_id, *platform_path)) {
- ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
- process_id, *platform_path);
- }
+ if (!policy->CanReadFile(process_id, *platform_path))
Tom Sepez 2013/07/19 18:39:28 Is this still the case? Don't the permissions hav
tommycli 2013/07/23 21:12:35 Done. I see no harm in setting it irrespectively.
+ policy->GrantReadFile(process_id, *platform_path);
}
} // namespace content

Powered by Google App Engine
This is Rietveld 408576698