Factor out core logic from OnCanAccessFile() and add tests for it

chrome/browser/net/chrome_network_delegate.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/net/chrome_network_delegate.h"
 
 #include <stddef.h>
 #include <stdlib.h>
 
 #include <vector>
@@ skipping 433 matching lines @@
                    info->GetWebContentsGetterForRequest(),
                    request.url(), request.first_party_for_cookies(),
                    cookie_line, *options, !allow));
   }
 
   return allow;
 }
 
 bool ChromeNetworkDelegate::OnCanAccessFile(const net::URLRequest& request,
                                             const base::FilePath& path) const {
-#if !defined(OS_CHROMEOS) && !defined(OS_ANDROID)
-  return true;
-#else
 #if defined(OS_CHROMEOS)
   // If we're running Chrome for ChromeOS on Linux, we want to allow file
-  // access.
+  // access. This is checked here to make IsAccessAllowed() unit-testable.
   if (!base::SysInfo::IsRunningOnChromeOS() ||
       base::CommandLine::ForCurrentProcess()->HasSwitch(switches::kTestType)) {
     return true;
   }
+#endif
 
+  return IsAccessAllowed(path, profile_path_);
+}
+
+// static
+bool ChromeNetworkDelegate::IsAccessAllowed(
+    const base::FilePath& path,
+    const base::FilePath& profile_path) {
+#if !defined(OS_CHROMEOS) && !defined(OS_ANDROID)
+  return true;
+#else
+
+#if defined(OS_CHROMEOS)
   // Use a whitelist to only allow access to files residing in the list of
   // directories below.
   static const char* const kLocalAccessWhiteList[] = {
       "/home/chronos/user/Downloads",
       "/home/chronos/user/log",
       "/home/chronos/user/WebRTC Logs",
       "/media",
       "/opt/oem",
       "/usr/share/chromeos-assets",
       "/tmp",
       "/var/log",
   };
 
   // The actual location of "/home/chronos/user/Xyz" is the Xyz directory under
   // the profile path ("/home/chronos/user' is a hard link to current primary
   // logged in profile.) For the support of multi-profile sessions, we are
   // switching to use explicit "$PROFILE_PATH/Xyz" path and here whitelist such
   // access.
-  if (!profile_path_.empty()) {
-    const base::FilePath downloads = profile_path_.AppendASCII("Downloads");
+  if (!profile_path.empty()) {
+    const base::FilePath downloads = profile_path.AppendASCII("Downloads");
     if (downloads == path.StripTrailingSeparators() || downloads.IsParent(path))
       return true;
-    const base::FilePath webrtc_logs = profile_path_.AppendASCII("WebRTC Logs");
+    const base::FilePath webrtc_logs = profile_path.AppendASCII("WebRTC Logs");
     if (webrtc_logs == path.StripTrailingSeparators() ||
         webrtc_logs.IsParent(path)) {
       return true;
     }
   }
 #elif defined(OS_ANDROID)
   // Access to files in external storage is allowed.
   base::FilePath external_storage_path;
   PathService::Get(base::DIR_ANDROID_EXTERNAL_STORAGE, &external_storage_path);
   if (external_storage_path.IsParent(path))
@@ skipping 56 matching lines @@
   if (!data_use_aggregator_)
     return;
 
   if (is_data_usage_off_the_record_) {
     data_use_aggregator_->ReportOffTheRecordDataUse(tx_bytes, rx_bytes);
     return;
   }
 
   data_use_aggregator_->ReportDataUse(request, tx_bytes, rx_bytes);
 }