chrome/browser/chromeos/extensions/file_manager/file_handler_util.cc - Issue 18129002: Update the child process security policy to use explicit permission grants.

Unified Diff: chrome/browser/chromeos/extensions/file_manager/file_handler_util.cc

Issue 18129002: Update the child process security policy to use explicit permission grants. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Change RVH to use FileChooserParam mode Created 7 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/browser/chromeos/extensions/file_manager/file_handler_util.cc

diff --git a/chrome/browser/chromeos/extensions/file_manager/file_handler_util.cc b/chrome/browser/chromeos/extensions/file_manager/file_handler_util.cc

index 2381079ec9268912ced58a7e9210640deeacd388..7f97e8487c59919be6d273f027cd602d190d38dc 100644

--- a/chrome/browser/chromeos/extensions/file_manager/file_handler_util.cc

+++ b/chrome/browser/chromeos/extensions/file_manager/file_handler_util.cc

@@ -62,23 +62,6 @@ const char kDriveTaskExtensionPrefix[] = "drive-app:";

const size_t kDriveTaskExtensionPrefixLength =

arraysize(kDriveTaskExtensionPrefix) - 1;

-const int kReadWriteFilePermissions = base::PLATFORM_FILE_OPEN |

- base::PLATFORM_FILE_CREATE |

- base::PLATFORM_FILE_OPEN_ALWAYS |

- base::PLATFORM_FILE_CREATE_ALWAYS |

- base::PLATFORM_FILE_OPEN_TRUNCATED |

- base::PLATFORM_FILE_READ |

- base::PLATFORM_FILE_WRITE |

- base::PLATFORM_FILE_EXCLUSIVE_READ |

- base::PLATFORM_FILE_EXCLUSIVE_WRITE |

- base::PLATFORM_FILE_ASYNC |

- base::PLATFORM_FILE_WRITE_ATTRIBUTES;

-const int kReadOnlyFilePermissions = base::PLATFORM_FILE_OPEN |

- base::PLATFORM_FILE_READ |

- base::PLATFORM_FILE_EXCLUSIVE_READ |

- base::PLATFORM_FILE_ASYNC;

// Returns process id of the process the extension is running in.

int ExtractProcessFromExtensionId(Profile* profile,

const std::string& extension_id) {

@@ -109,22 +92,6 @@ const FileBrowserHandler* FindFileBrowserHandler(const Extension* extension,

return NULL;

}

-unsigned int GetAccessPermissionsForFileBrowserHandler(

- const Extension* extension,

- const std::string& action_id) {

- const FileBrowserHandler* action =

- FindFileBrowserHandler(extension, action_id);

- if (!action)

- return 0;

- unsigned int result = 0;

- if (action->CanRead())

- result |= kReadOnlyFilePermissions;

- if (action->CanWrite())

- result |= kReadWriteFilePermissions;

- // TODO(tbarzic): We don't handle Create yet.

- return result;

std::string EscapedUtf8ToLower(const std::string& str) {

string16 utf16 = UTF8ToUTF16(

net::UnescapeURLComponent(str, net::UnescapeRule::NORMAL));

@@ -276,14 +243,6 @@ std::string GetDefaultTaskIdFromPrefs(Profile* profile,

return task_id;

}

-int GetReadWritePermissions() {

- return kReadWriteFilePermissions;

-int GetReadOnlyPermissions() {

- return kReadOnlyFilePermissions;

std::string MakeTaskID(const std::string& extension_id,

const std::string& task_type,

const std::string& action_id) {

@@ -833,14 +792,21 @@ void ExtensionTaskExecutor::SetupHandlerHostFileAccessPermissions(

const FileDefinitionList& file_list,

const Extension* extension,

int handler_pid) {

+ const FileBrowserHandler* action = FindFileBrowserHandler(extension_,

+ action_id_);

for (FileDefinitionList::const_iterator iter = file_list.begin();

iter != file_list.end();

++iter) {

- content::ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile(

- handler_pid,

- iter->absolute_path,

- GetAccessPermissionsForFileBrowserHandler(extension_.get(),

- action_id_));

+ if (!action)

+ continue;

+ if (action->CanRead()) {

+ content::ChildProcessSecurityPolicy::GetInstance()->GrantReadFile(

+ handler_pid, iter->absolute_path);

+ }

+ if (action->CanWrite()) {

+ content::ChildProcessSecurityPolicy::GetInstance()->

+ GrantCreateReadWriteFile(handler_pid, iter->absolute_path);

+ }

}

« no previous file with comments | « chrome/browser/chromeos/extensions/file_manager/file_handler_util.h ('k') | chrome/browser/file_select_helper.h » ('j') | no next file with comments »