ChildProcessSecurityPolicy: Add DeleteFromFileSystem permission.

content/browser/child_process_security_policy_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/child_process_security_policy_impl.h"
 
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
@@ skipping 20 matching lines @@
 
 namespace {
 
 // Used internally only. These bit positions have no relationship to any
 // underlying OS and can be changed to accommodate finer-grained permissions.
 enum ChildProcessSecurityPermissions {
   READ_FILE_PERMISSION             = 1 << 0,
   WRITE_FILE_PERMISSION            = 1 << 1,
   CREATE_NEW_FILE_PERMISSION       = 1 << 2,
   CREATE_OVERWRITE_FILE_PERMISSION = 1 << 3,
+  DELETE_FILE_PERMISSION           = 1 << 4,
 
   // Used by Media Galleries API
-  COPY_INTO_FILE_PERMISSION        = 1 << 4,
+  COPY_INTO_FILE_PERMISSION        = 1 << 5,
 };
 
 // Used internally only. Bitmasks that are actually used by the Grant* and Can*
 // methods. These contain one or more ChildProcessSecurityPermissions.
 enum ChildProcessSecurityGrants {
   READ_FILE_GRANT              = READ_FILE_PERMISSION,
   WRITE_FILE_GRANT             = WRITE_FILE_PERMISSION,
 
   CREATE_NEW_FILE_GRANT        = CREATE_NEW_FILE_PERMISSION |
                                  COPY_INTO_FILE_PERMISSION,
 
   CREATE_READ_WRITE_FILE_GRANT = CREATE_NEW_FILE_PERMISSION |
                                  CREATE_OVERWRITE_FILE_PERMISSION |
                                  READ_FILE_PERMISSION |
                                  WRITE_FILE_PERMISSION |
-                                 COPY_INTO_FILE_PERMISSION,
+                                 COPY_INTO_FILE_PERMISSION |
+                                 DELETE_FILE_PERMISSION,
 
   COPY_INTO_FILE_GRANT         = COPY_INTO_FILE_PERMISSION,
+  DELETE_FILE_GRANT            = DELETE_FILE_PERMISSION,
 };
 
 }  // namespace
 
 // The SecurityState class is used to maintain per-child process security state
 // information.
 class ChildProcessSecurityPolicyImpl::SecurityState {
  public:
   SecurityState()
     : enabled_bindings_(0),
@@ skipping 399 matching lines @@
 void ChildProcessSecurityPolicyImpl::GrantCreateFileForFileSystem(
     int child_id, const std::string& filesystem_id) {
   GrantPermissionsForFileSystem(child_id, filesystem_id, CREATE_NEW_FILE_GRANT);
 }
 
 void ChildProcessSecurityPolicyImpl::GrantCopyIntoFileSystem(
     int child_id, const std::string& filesystem_id) {
   GrantPermissionsForFileSystem(child_id, filesystem_id, COPY_INTO_FILE_GRANT);
 }
 
+void ChildProcessSecurityPolicyImpl::GrantDeleteFromFileSystem(
+    int child_id, const std::string& filesystem_id) {
+  GrantPermissionsForFileSystem(child_id, filesystem_id, DELETE_FILE_GRANT);
+}
+
 void ChildProcessSecurityPolicyImpl::GrantSendMIDISysExMessage(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return;
 
   state->second->GrantPermissionForMIDISysEx();
 }
 
@@ skipping 129 matching lines @@
   return HasPermissionsForFileSystem(child_id, filesystem_id,
                                      READ_FILE_GRANT | WRITE_FILE_GRANT);
 }
 
 bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystem(
     int child_id, const std::string& filesystem_id) {
   return HasPermissionsForFileSystem(child_id, filesystem_id,
                                      COPY_INTO_FILE_GRANT);
 }
 
+bool ChildProcessSecurityPolicyImpl::CanDeleteFromFileSystem(
+    int child_id, const std::string& filesystem_id) {
+  return HasPermissionsForFileSystem(child_id, filesystem_id,
+                                     DELETE_FILE_GRANT);
+}
+
 bool ChildProcessSecurityPolicyImpl::HasPermissionsForFile(
     int child_id, const base::FilePath& file, int permissions) {
   base::AutoLock lock(lock_);
   bool result = ChildProcessHasPermissionsForFile(child_id, file, permissions);
   if (!result) {
     // If this is a worker thread that has no access to a given file,
     // let's check that its renderer process has access to that file instead.
     WorkerToMainProcessMap::iterator iter = worker_map_.find(child_id);
     if (iter != worker_map_.end() && iter->second != 0) {
       result = ChildProcessHasPermissionsForFile(iter->second,
@@ skipping 69 matching lines @@
   return HasPermissionsForFileSystemFile(child_id, url,
                                          CREATE_READ_WRITE_FILE_GRANT);
 }
 
 bool ChildProcessSecurityPolicyImpl::CanCopyIntoFileSystemFile(
     int child_id,
     const fileapi::FileSystemURL& url) {
   return HasPermissionsForFileSystemFile(child_id, url, COPY_INTO_FILE_GRANT);
 }
 
+bool ChildProcessSecurityPolicyImpl::CanDeleteFileSystemFile(
+    int child_id,
+    const fileapi::FileSystemURL& url) {
+  return HasPermissionsForFileSystemFile(child_id, url, DELETE_FILE_GRANT);
+}
+
 bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
 
   return state->second->has_web_ui_bindings();
 }
 
@@ skipping 98 matching lines @@
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
 
   return state->second->can_send_midi_sysex();
 }
 
 }  // namespace content