ChildProcessSecurityPolicy: Deprecate bitmask-based permissions checks for files.

content/browser/child_process_security_policy_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/child_process_security_policy_impl.h"
 
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
@@ skipping 31 matching lines @@
     base::PLATFORM_FILE_ASYNC |
     base::PLATFORM_FILE_WRITE_ATTRIBUTES;
 
 const int kCreateFilePermissions =
     base::PLATFORM_FILE_CREATE;
 
 const int kEnumerateDirectoryPermissions =
     kReadFilePermissions |
     base::PLATFORM_FILE_ENUMERATE;
 
-const int kReadWriteFilePermissions =
+const int kCreateReadWriteFilePermissions =
     base::PLATFORM_FILE_OPEN |
     base::PLATFORM_FILE_CREATE |
     base::PLATFORM_FILE_OPEN_ALWAYS |
     base::PLATFORM_FILE_CREATE_ALWAYS |
     base::PLATFORM_FILE_OPEN_TRUNCATED |
     base::PLATFORM_FILE_READ |
     base::PLATFORM_FILE_WRITE |
     base::PLATFORM_FILE_EXCLUSIVE_READ |
     base::PLATFORM_FILE_EXCLUSIVE_WRITE |
     base::PLATFORM_FILE_ASYNC |
@@ skipping 362 matching lines @@
     if (net::FileURLToFilePath(url, &path))
       state->second->GrantRequestOfSpecificFile(path);
   }
 }
 
 void ChildProcessSecurityPolicyImpl::GrantReadFile(int child_id,
                                                    const base::FilePath& file) {
   GrantPermissionsForFile(child_id, file, kReadFilePermissions);
 }
 
+void ChildProcessSecurityPolicyImpl::GrantWriteFile(

[vandebo (ex-Chrome), 2013/07/17 21:54:27]

Are these currently used?  I thought Greg's change already handled all the
granting of permissions.

[tommycli, 2013/07/17 22:31:11]

Done: Whoops, guess I got carried away by symmetry.

+    int child_id,
+    const base::FilePath& file) {
+  GrantPermissionsForFile(child_id, file, kWriteFilePermissions);
+}
+
+void ChildProcessSecurityPolicyImpl::GrantCreateFile(
+    int child_id,
+    const base::FilePath& file) {
+  GrantPermissionsForFile(child_id, file, kCreateFilePermissions);
+}
+
 void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFile(
     int child_id, const base::FilePath& file) {
-  GrantPermissionsForFile(child_id, file, kReadWriteFilePermissions);
+  GrantPermissionsForFile(child_id, file, kCreateReadWriteFilePermissions);
 }
 
 void ChildProcessSecurityPolicyImpl::GrantCreateWriteFile(
     int child_id, const base::FilePath& file) {
   GrantPermissionsForFile(child_id, file, kCreateWriteFilePermissions);
 }
 
 void ChildProcessSecurityPolicyImpl::GrantReadDirectory(
     int child_id, const base::FilePath& directory) {
   GrantPermissionsForFile(child_id, directory, kEnumerateDirectoryPermissions);
@@ skipping 146 matching lines @@
     // allowed to request the URL.
     return state->second->CanRequestURL(url);
   }
 }
 
 bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id,
                                                  const base::FilePath& file) {
   return HasPermissionsForFile(child_id, file, kReadFilePermissions);
 }
 
+bool ChildProcessSecurityPolicyImpl::CanWriteFile(int child_id,
+                                                  const base::FilePath& file) {
+  return HasPermissionsForFile(child_id, file, kWriteFilePermissions);
+}
+
+bool ChildProcessSecurityPolicyImpl::CanCreateFile(int child_id,
+                                                   const base::FilePath& file) {
+  return HasPermissionsForFile(child_id, file, kCreateFilePermissions);
+}
+
+bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile(
+    int child_id,
+    const base::FilePath& file) {
+  return HasPermissionsForFile(child_id, file, kCreateReadWriteFilePermissions);
+}
+
 bool ChildProcessSecurityPolicyImpl::CanReadDirectory(
     int child_id, const base::FilePath& directory) {
   return HasPermissionsForFile(child_id,
                                directory,
                                kEnumerateDirectoryPermissions);
 }
 
 bool ChildProcessSecurityPolicyImpl::CanReadFileSystem(
     int child_id, const std::string& filesystem_id) {
   return HasPermissionsForFileSystem(child_id,
@@ skipping 60 matching lines @@
 
   if (found->second & fileapi::FILE_PERMISSION_USE_FILE_PERMISSION)
     return HasPermissionsForFile(child_id, url.path(), permissions);
 
   if (found->second & fileapi::FILE_PERMISSION_SANDBOX)
     return true;
 
   return false;
 }
 
+bool ChildProcessSecurityPolicyImpl::CanReadFileSystemFile(
+    int child_id,
+    const fileapi::FileSystemURL& url) {
+  return HasPermissionsForFileSystemFile(child_id, url, kReadFilePermissions);
+}
+
+bool ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile(
+    int child_id,
+    const fileapi::FileSystemURL& url) {
+  return HasPermissionsForFileSystemFile(child_id, url, kWriteFilePermissions);
+}
+
+bool ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile(
+    int child_id,
+    const fileapi::FileSystemURL& url) {
+  return HasPermissionsForFileSystemFile(child_id, url, kCreateFilePermissions);
+}
+
+bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile(
+    int child_id,
+    const fileapi::FileSystemURL& url) {
+  return HasPermissionsForFileSystemFile(child_id, url,
+                                         kCreateReadWriteFilePermissions);
+}
+
 bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
 
   return state->second->has_web_ui_bindings();
 }
 
@@ skipping 77 matching lines @@
 }
 
 void ChildProcessSecurityPolicyImpl::RegisterFileSystemPermissionPolicy(
     fileapi::FileSystemType type,
     int policy) {
   base::AutoLock lock(lock_);
   file_system_policy_map_[type] = policy;
 }
 
 }  // namespace content