Fix chrome upload with content uri

content/browser/child_process_security_policy_impl.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_
 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_
 
 
 #include <map>
 #include <set>
@@ skipping 56 matching lines @@
   virtual bool CanReadFileSystem(int child_id,
                                  const std::string& filesystem_id) OVERRIDE;
   virtual bool CanReadWriteFileSystem(
       int child_id,
       const std::string& filesystem_id) OVERRIDE;
   virtual bool CanCopyIntoFileSystem(int child_id,
                                      const std::string& filesystem_id) OVERRIDE;
   virtual bool CanDeleteFromFileSystem(
       int child_id,
       const std::string& filesystem_id) OVERRIDE;
+#if defined(OS_ANDROID)
+  virtual void GrantReadContentUrl(int child_id,
+                                   const GURL& content_url) OVERRIDE;
+  virtual bool CanReadContentUrl(int child_id,
+                                 const GURL& content_url) OVERRIDE;
+#endif
 
   // Pseudo schemes are treated differently than other schemes because they
   // cannot be requested like normal URLs.  There is no mechanism for revoking
   // pseudo schemes.
   void RegisterPseudoScheme(const std::string& scheme);
 
   // Returns true iff |scheme| has been registered as pseudo scheme.
   bool IsPseudoScheme(const std::string& scheme);
 
   // Upon creation, child processes should register themselves by calling this
@@ skipping 152 matching lines @@
                              const base::FilePath& file,
                              int permissions);
 
   // Deprecated: Use CanReadFileSystemFile, etc. methods instead.
   // Determines if certain permissions were granted for a file in FileSystem
   // API. |permissions| must be a bitwise-or'd value of base::PlatformFileFlags.
   bool HasPermissionsForFileSystemFile(int child_id,
                                        const fileapi::FileSystemURL& url,
                                        int permissions);
 
+#if defined(OS_ANDROID)
+  // Grant a particular permission set for a content url. |permissions| is a
+  // bit-set of base::PlatformFileFlags.

[kinuko, 2013/10/29 02:52:31]

nit: we no longer use base::PlatformFileFlags for these methods but use internal
ChildProcessSecurityPermissions values. Can we fix these comments while you're
there?

[qinmin, 2013/10/29 19:14:21]

Done.

+  void GrantPermissionsForContentUrl(int child_id,
+                                     const GURL& content_url,
+                                     int permissions);
+
+  // Determines if certain permissions were granted for a content url to given
+  // child process. |permissions| must be a bitwise-or'd value of
+  // base::PlatformFileFlags.
+  bool ChildProcessHasPermissionsForContentUrl(int child_id,
+                                               const GURL& content_url,
+                                               int permissions);
+#endif
+
   // You must acquire this lock before reading or writing any members of this
   // class.  You must not block while holding this lock.
   base::Lock lock_;
 
   // These schemes are white-listed for all child processes.  This set is
   // protected by |lock_|.
   SchemeSet web_safe_schemes_;
 
   // These schemes do not actually represent retrievable URLs.  For example,
   // the the URLs in the "about" scheme are aliases to other URLs.  This set is
@@ skipping 11 matching lines @@
   WorkerToMainProcessMap worker_map_;
 
   FileSystemPermissionPolicyMap file_system_policy_map_;
 
   DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl);
 };
 
 }  // namespace content
 
 #endif  // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_