Move file chooser from RenderView(Host) to RenderFrame(Host).

content/browser/frame_host/render_frame_host_impl.cc

Index: content/browser/frame_host/render_frame_host_impl.cc
diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc
index 7277881884ce4e4c0de2efdce2e64a7cff8bd09b..75086e878234442c32f6f002e6ce8d79432d4298 100644
--- a/content/browser/frame_host/render_frame_host_impl.cc
+++ b/content/browser/frame_host/render_frame_host_impl.cc
@@ -71,6 +71,7 @@
 #include "content/public/browser/permission_type.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_widget_host_view.h"
+#include "content/public/browser/storage_partition.h"
 #include "content/public/browser/stream_handle.h"
 #include "content/public/browser/user_metrics.h"
 #include "content/public/common/browser_side_navigation_policy.h"
@@ -548,6 +549,7 @@ bool RenderFrameHostImpl::OnMessageReceived(const IPC::Message &msg) {
                                     OnRunJavaScriptMessage)
     IPC_MESSAGE_HANDLER_DELAY_REPLY(FrameHostMsg_RunBeforeUnloadConfirm,
                                     OnRunBeforeUnloadConfirm)
+    IPC_MESSAGE_HANDLER(FrameHostMsg_RunFileChooser, OnRunFileChooser)
     IPC_MESSAGE_HANDLER(FrameHostMsg_DidAccessInitialDocument,
                         OnDidAccessInitialDocument)
     IPC_MESSAGE_HANDLER(FrameHostMsg_DidChangeOpener, OnDidChangeOpener)
@@ -1525,6 +1527,19 @@ void RenderFrameHostImpl::OnRunBeforeUnloadConfirm(
   delegate_->RunBeforeUnloadConfirm(this, is_reload, reply_msg);
 }
 
+void RenderFrameHostImpl::OnRunFileChooser(const FileChooserParams& params) {
+  // Do not allow messages with absolute paths in them as this can permit a
+  // renderer to coerce the browser to perform I/O on a renderer controlled
+  // path.
+  if (params.default_file_name != params.default_file_name.BaseName()) {
+    bad_message::ReceivedBadMessage(GetProcess(),
+                                    bad_message::RVH_FILE_CHOOSER_PATH);

[Avi (use Gerrit), 2016/06/10 21:52:54]

Have we renamed bad messages that we move from RVH to RFH?

[nasko, 2016/06/10 22:07:49]

I don't know, but it is a good thing to fix. Done.

+    return;
+  }
+
+  delegate_->RunFileChooser(this, params);
+}
+
 void RenderFrameHostImpl::OnTextSurroundingSelectionResponse(
     const base::string16& content,
     uint32_t start_offset,
@@ -2627,7 +2642,29 @@ int RenderFrameHostImpl::GetProxyCount() {
 void RenderFrameHostImpl::FilesSelectedInChooser(
     const std::vector<content::FileChooserFileInfo>& files,
     FileChooserParams::Mode permissions) {
-  render_view_host_->FilesSelectedInChooser(files, permissions);
+  storage::FileSystemContext* const file_system_context =
+      BrowserContext::GetStoragePartition(GetProcess()->GetBrowserContext(),
+                                          GetSiteInstance())
+          ->GetFileSystemContext();
+  // Grant the security access requested to the given files.
+  for (size_t i = 0; i < files.size(); ++i) {

[Avi (use Gerrit), 2016/06/10 21:52:54]

for (const auto& file : files)

[nasko, 2016/06/10 22:07:49]

Done.

+    const content::FileChooserFileInfo& file = files[i];
+    if (permissions == FileChooserParams::Save) {
+      ChildProcessSecurityPolicyImpl::GetInstance()->GrantCreateReadWriteFile(
+          GetProcess()->GetID(), file.file_path);
+    } else {
+      ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
+          GetProcess()->GetID(), file.file_path);
+    }
+    if (file.file_system_url.is_valid()) {
+      ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFileSystem(
+          GetProcess()->GetID(),
+          file_system_context->CrackURL(file.file_system_url)
+              .mount_filesystem_id());
+    }
+  }
+
+  Send(new FrameMsg_RunFileChooserResponse(routing_id_, files));
 }
 
 #if defined(USE_EXTERNAL_POPUP_MENU)