chromeos: Check both original and absolute paths for file: scheme

net/base/network_delegate.h

Index: net/base/network_delegate.h
diff --git a/net/base/network_delegate.h b/net/base/network_delegate.h
index f602f3c26b42f2192ac8f118154c73d14258813d..41afc8f503cc7fde830d2811e3ac36706cfeaa3c 100644
--- a/net/base/network_delegate.h
+++ b/net/base/network_delegate.h
@@ -101,7 +101,8 @@ class NET_EXPORT NetworkDelegate : public base::NonThreadSafe {
                     const std::string& cookie_line,
                     CookieOptions* options);
   bool CanAccessFile(const URLRequest& request,
-                     const base::FilePath& path) const;
+                     const base::FilePath& original_path,
+                     const base::FilePath& absolute_path) const;
   bool CanEnablePrivacyMode(const GURL& url,
                             const GURL& first_party_for_cookies) const;
 
@@ -267,10 +268,13 @@ class NET_EXPORT NetworkDelegate : public base::NonThreadSafe {
                               CookieOptions* options) = 0;
 
   // Called when a file access is attempted to allow the network delegate to
-  // allow or block access to the given file path.  Returns true if access is
-  // allowed.
+  // allow or block access to the given file path, provided in the original
+  // and absolute forms (i.e. symbolic link is resolved). It's up to the sub
+  // class to decide which path to use for checking. Returns true if access
+  // is allowed.

[mmenke, 2017/04/18 17:24:45]

subclass of what?  (Also, subclass is one word)

[satorux1, 2017/04/21 08:05:37]

Done.

   virtual bool OnCanAccessFile(const URLRequest& request,
-                               const base::FilePath& path) const = 0;
+                               const base::FilePath& original_path,
+                               const base::FilePath& absolute_path) const = 0;
 
   // Returns true if the given |url| has to be requested over connection that
   // is not tracked by the server. Usually is false, unless user privacy