Update the child process security policy to use explicit permission grants.

chrome/browser/chromeos/extensions/file_manager/file_browser_private_api.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/extensions/file_manager/file_browser_private_api.h"
 
 #include <sys/stat.h>
 #include <sys/statvfs.h>
 #include <sys/types.h>
 #include <utime.h>
@@ skipping 183 matching lines @@
     mount_info->SetString("mountPath", relative_mount_path.value());
   }
 
   mount_info->SetString("mountCondition",
       DiskMountManager::MountConditionToString(
           mount_point_info.mount_condition));
 
   return mount_info;
 }
 
-// Gives the extension renderer |host| file |permissions| for the given |path|.
-void GrantFilePermissionsToHost(content::RenderViewHost* host,
-                                const base::FilePath& path,
-                                int permissions) {
-  ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile(
-      host->GetProcess()->GetID(), path, permissions);
-}
-
 void SetDriveMountPointPermissions(
     Profile* profile,
     const std::string& extension_id,
     content::RenderViewHost* render_view_host) {
   if (!render_view_host ||
       !render_view_host->GetSiteInstance() || !render_view_host->GetProcess()) {
     return;
   }
 
   content::SiteInstance* site_instance = render_view_host->GetSiteInstance();
   fileapi::ExternalFileSystemMountPointProvider* provider =
       BrowserContext::GetStoragePartition(profile, site_instance)->
       GetFileSystemContext()->external_provider();
   if (!provider)
     return;
 
   const base::FilePath mount_point = drive::util::GetDriveMountPointPath();
   // Grant R/W permissions to drive 'folder'. File API layer still
   // expects this to be satisfied.
-  GrantFilePermissionsToHost(render_view_host,
-                             mount_point,
-                             file_handler_util::GetReadWritePermissions());
+  ChildProcessSecurityPolicy::GetInstance()->GrantCreateReadWriteFile(
+      render_view_host->GetProcess()->GetID(), mount_point);
 
   base::FilePath mount_point_virtual;
   if (provider->GetVirtualPath(mount_point, &mount_point_virtual))
     provider->GrantFileAccessToExtension(extension_id, mount_point_virtual);
 }
 
 // Finds an icon in the list of icons. If unable to find an icon of the exact
 // size requested, returns one with the next larger size. If all icons are
 // smaller than the preferred size, we'll return the largest one available.
 // Icons must be sorted by the icon size, smallest to largest. If there are no
@@ skipping 301 matching lines @@
   if (!provider)
     return false;
 
   // Grant full access to File API from this component extension.
   provider->GrantFullAccessToExtension(extension_->id());
 
   // Grant R/W file permissions to the renderer hosting component
   // extension for all paths exposed by our local file system provider.
   std::vector<base::FilePath> root_dirs = provider->GetRootDirectories();
   for (size_t i = 0; i < root_dirs.size(); ++i) {
-    ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile(
-        child_id, root_dirs[i],
-        file_handler_util::GetReadWritePermissions());
+    ChildProcessSecurityPolicy::GetInstance()->GrantCreateReadWriteFile(
+        child_id, root_dirs[i]);
   }
   return true;
 }
 
 bool RequestFileSystemFunction::RunImpl() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
   if (!dispatcher() || !render_view_host() || !render_view_host()->GetProcess())
     return false;
 
@@ skipping 2526 matching lines @@
     zoom_type = content::PAGE_ZOOM_OUT;
   } else if (operation == "reset") {
     zoom_type = content::PAGE_ZOOM_RESET;
   } else {
     NOTREACHED();
     return false;
   }
   view_host->Zoom(zoom_type);
   return true;
 }