Add check for file system access to the sandbox.

chrome/common/chrome_content_client.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/chrome_content_client.h"
 
 #include <stdint.h>
 
 #include <map>
 #include <memory>
@@ skipping 34 matching lines @@
 #include "gpu/config/gpu_info.h"
 #include "net/http/http_util.h"
 #include "ui/base/l10n/l10n_util.h"
 #include "ui/base/layout.h"
 #include "ui/base/resource/resource_bundle.h"
 #include "widevine_cdm_version.h"  // In SHARED_INTERMEDIATE_DIR.
 
 #if defined(OS_LINUX)
 #include <fcntl.h>
 #include "chrome/common/component_flash_hint_file_linux.h"
+#include "sandbox/linux/services/credentials.h"
 #endif  // defined(OS_LINUX)
 
 #if defined(OS_WIN)
 #include "base/win/windows_version.h"
 #endif
 
 #if !defined(DISABLE_NACL)
 #include "components/nacl/common/nacl_constants.h"
 #include "components/nacl/common/nacl_process_type.h"
 #include "components/nacl/common/nacl_sandbox_type.h"
@@ skipping 227 matching lines @@
   std::string flash_version =
       base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
           switches::kPpapiFlashVersion);
 
   plugins->push_back(
       CreatePepperFlashInfo(base::FilePath(flash_path),
                             flash_version, false, true, false));
 }
 
 #if defined(OS_LINUX)
-// This function tests if DIR_USER_DATA can be accessed, as a simple check to
-// see if the zygote has been sandboxed at this point.
-bool IsUserDataDirAvailable() {
-  base::FilePath user_data_dir;
-  return PathService::Get(chrome::DIR_USER_DATA, &user_data_dir);
-}
-
 // This method is used on Linux only because of architectural differences in how
 // it loads the component updated flash plugin, and not because the other
 // platforms do not support component updated flash. On other platforms, the
 // component updater sends an IPC message to all threads, at undefined points in
 // time, with the URL of the component updated flash. Because the linux zygote
 // thread has no access to the file system after it warms up, it must preload
 // the component updated flash.
 bool GetComponentUpdatedPepperFlash(content::PepperPluginInfo* plugin) {
 #if defined(FLAPPER_AVAILABLE)
   if (component_flash_hint_file::DoesHintFileExist()) {
@@ skipping 167 matching lines @@
     std::vector<content::PepperPluginInfo>* plugins) {
 #if defined(ENABLE_PLUGINS)
   ComputeBuiltInPlugins(plugins);
   AddPepperFlashFromCommandLine(plugins);
 
 #if defined(OS_LINUX)
   // Depending on the sandbox configurtion, the user data directory
   // is not always available. If it is not available, do not try and load any
   // flash plugin. The flash player, if any, preloaded before the sandbox
   // initialization will continue to be used.
-  if (!IsUserDataDirAvailable()) {
+  if (!sandbox::Credentials::HasFileSystemAccess()) {
     return;
   }
 #endif  // defined(OS_LINUX)
 
   ScopedVector<content::PepperPluginInfo> flash_versions;
 
 #if defined(OS_LINUX)
   std::unique_ptr<content::PepperPluginInfo> component_flash(
       new content::PepperPluginInfo);
   if (GetComponentUpdatedPepperFlash(component_flash.get()))
@@ skipping 180 matching lines @@
   if (!origin_trial_policy_)
     origin_trial_policy_ = base::MakeUnique<ChromeOriginTrialPolicy>();
   return origin_trial_policy_.get();
 }
 
 #if defined(OS_ANDROID)
 media::MediaClientAndroid* ChromeContentClient::GetMediaClientAndroid() {
   return new ChromeMediaClientAndroid();
 }
 #endif  // OS_ANDROID