chromeos: Replace "/tmp" with a call to PathService::Get()

chrome/browser/net/chrome_network_delegate.cc

Index: chrome/browser/net/chrome_network_delegate.cc
diff --git a/chrome/browser/net/chrome_network_delegate.cc b/chrome/browser/net/chrome_network_delegate.cc
index b11644ada43c790b34cb4af8c7a96256a6d5a193..cc3f1f260a6cec0bd59e4b32f0e51ca631c73fd4 100644
--- a/chrome/browser/net/chrome_network_delegate.cc
+++ b/chrome/browser/net/chrome_network_delegate.cc
@@ -476,20 +476,24 @@ bool ChromeNetworkDelegate::IsAccessAllowed(
   return true;
 #else
 
+  std::vector<base::FilePath> whitelist;
 #if defined(OS_CHROMEOS)
   // Use a whitelist to only allow access to files residing in the list of
   // directories below.
-  static const char* const kLocalAccessWhiteList[] = {
+  static const base::FilePath::CharType* const kLocalAccessWhiteList[] = {
       "/home/chronos/user/Downloads",

[satorux1, 2017/06/06 08:19:05]

tried to replace this with DIR_DEFAULT_DOWNLOADS or DIR_DEFAULT_DOWNLOADS_SAFE
but didn't work. In production these constants are mapped to:

DIR_DEFAULT_DOWNLOADS => /home/chronos/user
DIR_DEFAULT_DOWNLOADS_SAFE => /home/chronos/u-<hash>/Downloads

       "/home/chronos/user/log",
       "/home/chronos/user/WebRTC Logs",
       "/media",
       "/opt/oem",
       "/usr/share/chromeos-assets",
-      "/tmp",
       "/var/log",
   };
 
+  base::FilePath temp_dir;
+  if (PathService::Get(base::DIR_TEMP, &temp_dir))
+    whitelist.push_back(temp_dir);
+
   // The actual location of "/home/chronos/user/Xyz" is the Xyz directory under
   // the profile path ("/home/chronos/user' is a hard link to current primary
   // logged in profile.) For the support of multi-profile sessions, we are
@@ -497,13 +501,9 @@ bool ChromeNetworkDelegate::IsAccessAllowed(
   // access.
   if (!profile_path.empty()) {
     const base::FilePath downloads = profile_path.AppendASCII("Downloads");
-    if (downloads == path.StripTrailingSeparators() || downloads.IsParent(path))
-      return true;
+    whitelist.push_back(downloads);
     const base::FilePath webrtc_logs = profile_path.AppendASCII("WebRTC Logs");
-    if (webrtc_logs == path.StripTrailingSeparators() ||
-        webrtc_logs.IsParent(path)) {
-      return true;
-    }
+    whitelist.push_back(webrtc_logs);
   }
 #elif defined(OS_ANDROID)
   // Access to files in external storage is allowed.
@@ -513,14 +513,15 @@ bool ChromeNetworkDelegate::IsAccessAllowed(
     return true;
 
   // Whitelist of other allowed directories.
-  static const char* const kLocalAccessWhiteList[] = {
-      "/sdcard",
-      "/mnt/sdcard",
+  static const base::FilePath::CharType* const kLocalAccessWhiteList[] = {
+      "/sdcard", "/mnt/sdcard",

[satorux1, 2017/06/06 08:19:05]

by clang format.

   };
 #endif
 
-  for (size_t i = 0; i < arraysize(kLocalAccessWhiteList); ++i) {
-    const base::FilePath white_listed_path(kLocalAccessWhiteList[i]);
+  for (size_t i = 0; i < arraysize(kLocalAccessWhiteList); ++i)

[mmenke, 2017/06/06 15:49:07]

optional:  Could switch this to something like "for (const auto& path :
kLocalAccessWhiteList)"

[satorux1, 2017/06/08 02:13:44]

Done.

+    whitelist.push_back(base::FilePath(kLocalAccessWhiteList[i]));
+
+  for (const auto& white_listed_path : whitelist) {
     // base::FilePath::operator== should probably handle trailing separators.
     if (white_listed_path == path.StripTrailingSeparators() ||
         white_listed_path.IsParent(path)) {