chromeos: Check both original and absolute paths for file: scheme

net/base/network_delegate.h

Index: net/base/network_delegate.h
diff --git a/net/base/network_delegate.h b/net/base/network_delegate.h
index f602f3c26b42f2192ac8f118154c73d14258813d..f4a189545ccd98855097ec2e967c74bb4aa53a43 100644
--- a/net/base/network_delegate.h
+++ b/net/base/network_delegate.h
@@ -101,7 +101,8 @@ class NET_EXPORT NetworkDelegate : public base::NonThreadSafe {
                     const std::string& cookie_line,
                     CookieOptions* options);
   bool CanAccessFile(const URLRequest& request,
-                     const base::FilePath& path) const;
+                     const base::FilePath& original_path,
+                     const base::FilePath& absolute_path) const;
   bool CanEnablePrivacyMode(const GURL& url,
                             const GURL& first_party_for_cookies) const;
 
@@ -267,10 +268,13 @@ class NET_EXPORT NetworkDelegate : public base::NonThreadSafe {
                               CookieOptions* options) = 0;
 
   // Called when a file access is attempted to allow the network delegate to
-  // allow or block access to the given file path.  Returns true if access is
-  // allowed.
+  // allow or block access to the given file path, provided in the original
+  // and absolute forms (i.e. symbolic link is resolved). It's up to
+  // subclasses of NetworkDelegate to decide which path to use for
+  // checking. Returns true if access is allowed.
   virtual bool OnCanAccessFile(const URLRequest& request,
-                               const base::FilePath& path) const = 0;
+                               const base::FilePath& original_path,
+                               const base::FilePath& absolute_path) const = 0;
 
   // Returns true if the given |url| has to be requested over connection that
   // is not tracked by the server. Usually is false, unless user privacy