Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(470)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 14864004: Fix security errors when accessing files and volumes in Files.app V2 due to using unregistered hand… (Closed)

Created:
7 years, 7 months ago by mtomasz
Modified:
7 years, 7 months ago
Reviewers:
hashimoto
CC:
chromium-reviews, nkostylev+watch_chromium.org, Aaron Boodman, rginda+watch_chromium.org, arv+watch_chromium.org, oshima+watch_chromium.org, chromium-apps-reviews_chromium.org, stevenjb+watch_chromium.org, davemoore+watch_chromium.org
Visibility:
Public.

Description

Fix security errors when accessing files and volumes in Files.app V2 due to using unregistered handlers. The security errors were caused by revoking permissions to a file, directory or a root directory of a volume caused by launching Files.app using a handler not declared in the manifest. This patch fixes this issue by declaring all used handlers in the manifests and disallowing of calling undeclared handlers. TEST=Check these bugs' repro steps. BUG=233641, 237134, 236743, 238239, 234056 Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=198744

Patch Set 1 #

Total comments: 2

Patch Set 2 : Addressed comments. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+72 lines, -9 lines) Patch
M chrome/browser/chromeos/extensions/file_manager/file_handler_util.cc View 3 chunks +14 lines, -9 lines 0 comments Download
M chrome/browser/resources/file_manager/manifest.json View 1 1 chunk +29 lines, -0 lines 0 comments Download
M chrome/browser/resources/file_manager/manifest_new_ui.json View 1 1 chunk +29 lines, -0 lines 0 comments Download

Messages

Total messages: 9 (0 generated)
mtomasz
@hashimoto: PTAL. Thanks.
7 years, 7 months ago (2013-05-07 08:07:24 UTC) #1
hashimoto
lgtm https://codereview.chromium.org/14864004/diff/1/chrome/browser/resources/file_manager/manifest_new_ui.json File chrome/browser/resources/file_manager/manifest_new_ui.json (right): https://codereview.chromium.org/14864004/diff/1/chrome/browser/resources/file_manager/manifest_new_ui.json#newcode35 chrome/browser/resources/file_manager/manifest_new_ui.json:35: // Automatically open a volume and later close ...
7 years, 7 months ago (2013-05-07 09:17:19 UTC) #2
mtomasz
https://codereview.chromium.org/14864004/diff/1/chrome/browser/resources/file_manager/manifest_new_ui.json File chrome/browser/resources/file_manager/manifest_new_ui.json (right): https://codereview.chromium.org/14864004/diff/1/chrome/browser/resources/file_manager/manifest_new_ui.json#newcode35 chrome/browser/resources/file_manager/manifest_new_ui.json:35: // Automatically open a volume and later close Files.app ...
7 years, 7 months ago (2013-05-07 10:16:15 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mtomasz@chromium.org/14864004/5001
7 years, 7 months ago (2013-05-07 10:16:30 UTC) #4
commit-bot: I haz the power
Sorry for I got bad news for ya. Compile failed with a clobber build on ...
7 years, 7 months ago (2013-05-07 10:23:43 UTC) #5
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mtomasz@chromium.org/14864004/5001
7 years, 7 months ago (2013-05-07 10:25:23 UTC) #6
commit-bot: I haz the power
Sorry for I got bad news for ya. Compile failed with a clobber build on ...
7 years, 7 months ago (2013-05-07 10:28:06 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mtomasz@chromium.org/14864004/5001
7 years, 7 months ago (2013-05-07 10:29:58 UTC) #8
commit-bot: I haz the power
7 years, 7 months ago (2013-05-07 16:55:04 UTC) #9
Message was sent while issue was closed. 
Change committed as 198744

Powered by Google App Engine
This is Rietveld 408576698