chromeos: Check both original and absolute paths for file: scheme

net/base/network_delegate.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_BASE_NETWORK_DELEGATE_H_
 #define NET_BASE_NETWORK_DELEGATE_H_
 
 #include <stdint.h>
 
 #include <string>
@@ skipping 83 matching lines @@
   AuthRequiredResponse NotifyAuthRequired(URLRequest* request,
                                           const AuthChallengeInfo& auth_info,
                                           const AuthCallback& callback,
                                           AuthCredentials* credentials);
   bool CanGetCookies(const URLRequest& request,
                      const CookieList& cookie_list);
   bool CanSetCookie(const URLRequest& request,
                     const std::string& cookie_line,
                     CookieOptions* options);
   bool CanAccessFile(const URLRequest& request,
-                     const base::FilePath& path) const;
+                     const base::FilePath& original_path,
+                     const base::FilePath& absolute_path) const;
   bool CanEnablePrivacyMode(const GURL& url,
                             const GURL& first_party_for_cookies) const;
 
   bool AreExperimentalCookieFeaturesEnabled() const;
 
   bool CancelURLRequestWithPolicyViolatingReferrerHeader(
       const URLRequest& request,
       const GURL& target_url,
       const GURL& referrer_url) const;
 
@@ skipping 145 matching lines @@
                                const CookieList& cookie_list) = 0;
 
   // Called when a cookie is set to allow the network delegate to block access
   // to the cookie. This method will never be invoked when
   // LOAD_DO_NOT_SAVE_COOKIES is specified.
   virtual bool OnCanSetCookie(const URLRequest& request,
                               const std::string& cookie_line,
                               CookieOptions* options) = 0;
 
   // Called when a file access is attempted to allow the network delegate to
-  // allow or block access to the given file path.  Returns true if access is
-  // allowed.
+  // allow or block access to the given file path, provided in the original
+  // and absolute forms (i.e. symbolic link is resolved). It's up to the sub
+  // class to decide which path to use for checking. Returns true if access
+  // is allowed.

[mmenke, 2017/04/18 17:24:45]

subclass of what?  (Also, subclass is one word)

[satorux1, 2017/04/21 08:05:37]

Done.

   virtual bool OnCanAccessFile(const URLRequest& request,
-                               const base::FilePath& path) const = 0;
+                               const base::FilePath& original_path,
+                               const base::FilePath& absolute_path) const = 0;
 
   // Returns true if the given |url| has to be requested over connection that
   // is not tracked by the server. Usually is false, unless user privacy
   // settings block cookies from being get or set.
   virtual bool OnCanEnablePrivacyMode(
       const GURL& url,
       const GURL& first_party_for_cookies) const = 0;
 
   // Returns true if the embedder has enabled the experimental features, and
   // false otherwise.
   virtual bool OnAreExperimentalCookieFeaturesEnabled() const = 0;
 
   // Called when the |referrer_url| for requesting |target_url| during handling
   // of the |request| is does not comply with the referrer policy (e.g. a
   // secure referrer for an insecure initial target).
   // Returns true if the request should be cancelled. Otherwise, the referrer
   // header is stripped from the request.
   virtual bool OnCancelURLRequestWithPolicyViolatingReferrerHeader(
       const URLRequest& request,
       const GURL& target_url,
       const GURL& referrer_url) const = 0;
 };
 
 }  // namespace net
 
 #endif  // NET_BASE_NETWORK_DELEGATE_H_