Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(141)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/fileapi/browser_file_system_helper.cc

Issue 23760004: ChildProcessSecurityPolicy: Port FileAPIMessageFilter to use new checks (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: apply kinuko suggestions on reducing sloc bloat Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/browser/fileapi/browser_file_system_helper.h ('k') | content/browser/fileapi/fileapi_message_filter.h » ('j') | content/browser/fileapi/fileapi_message_filter.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/fileapi/browser_file_system_helper.h" 5 #include "content/browser/fileapi/browser_file_system_helper.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after
91 91
92 bool FileSystemURLIsValid( 92 bool FileSystemURLIsValid(
93 fileapi::FileSystemContext* context, 93 fileapi::FileSystemContext* context,
94 const fileapi::FileSystemURL& url) { 94 const fileapi::FileSystemURL& url) {
95 if (!url.is_valid()) 95 if (!url.is_valid())
96 return false; 96 return false;
97 97
98 return context->GetFileSystemBackend(url.type()) != NULL; 98 return context->GetFileSystemBackend(url.type()) != NULL;
99 } 99 }
100 100
101 bool CheckFileSystemPermissionsForProcess(
102 fileapi::FileSystemContext* context, int process_id,
103 const fileapi::FileSystemURL& url, int permissions,
104 base::PlatformFileError* error) {
105 DCHECK(error);
106
107 if (!FileSystemURLIsValid(context, url)) {
108 *error = base::PLATFORM_FILE_ERROR_INVALID_URL;
109 return false;
110 }
111
112 if (!ChildProcessSecurityPolicyImpl::GetInstance()->
113 HasPermissionsForFileSystemFile(process_id, url, permissions)) {
114 *error = base::PLATFORM_FILE_ERROR_SECURITY;
115 return false;
116 }
117
118 *error = base::PLATFORM_FILE_OK;
119 return true;
120 }
121
122 void SyncGetPlatformPath(fileapi::FileSystemContext* context, 101 void SyncGetPlatformPath(fileapi::FileSystemContext* context,
123 int process_id, 102 int process_id,
124 const GURL& path, 103 const GURL& path,
125 base::FilePath* platform_path) { 104 base::FilePath* platform_path) {
126 DCHECK(context->default_file_task_runner()-> 105 DCHECK(context->default_file_task_runner()->
127 RunsTasksOnCurrentThread()); 106 RunsTasksOnCurrentThread());
128 DCHECK(platform_path); 107 DCHECK(platform_path);
129 *platform_path = base::FilePath(); 108 *platform_path = base::FilePath();
130 fileapi::FileSystemURL url(context->CrackURL(path)); 109 fileapi::FileSystemURL url(context->CrackURL(path));
131 if (!FileSystemURLIsValid(context, url)) 110 if (!FileSystemURLIsValid(context, url))
(...skipping 10 matching lines...) Expand all
142 context->operation_runner()->SyncGetPlatformPath(url, platform_path); 121 context->operation_runner()->SyncGetPlatformPath(url, platform_path);
143 122
144 // The path is to be attached to URLLoader so we grant read permission 123 // The path is to be attached to URLLoader so we grant read permission
145 // for the file. (We need to check first because a parent directory may 124 // for the file. (We need to check first because a parent directory may
146 // already have the permissions and we don't need to grant it to the file.) 125 // already have the permissions and we don't need to grant it to the file.)
147 if (!policy->CanReadFile(process_id, *platform_path)) 126 if (!policy->CanReadFile(process_id, *platform_path))
148 policy->GrantReadFile(process_id, *platform_path); 127 policy->GrantReadFile(process_id, *platform_path);
149 } 128 }
150 129
151 } // namespace content 130 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/fileapi/browser_file_system_helper.h ('k') | content/browser/fileapi/fileapi_message_filter.h » ('j') | content/browser/fileapi/fileapi_message_filter.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698