ChildProcessSecurityPolicy: Deprecate bitmask-based permissions checks for files.

content/browser/child_process_security_policy_impl.cc

Index: content/browser/child_process_security_policy_impl.cc
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
index f9ba44eb79319ee4432e788c6c9ff7bac2bab330..0a95bfb8025e4837d4ddbc61419a11fdb8a5b640 100644
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -49,7 +49,7 @@ const int kEnumerateDirectoryPermissions =
     kReadFilePermissions |
     base::PLATFORM_FILE_ENUMERATE;
 
-const int kReadWriteFilePermissions =
+const int kCreateReadWriteFilePermissions =
     base::PLATFORM_FILE_OPEN |
     base::PLATFORM_FILE_CREATE |
     base::PLATFORM_FILE_OPEN_ALWAYS |
@@ -432,9 +432,21 @@ void ChildProcessSecurityPolicyImpl::GrantReadFile(int child_id,
   GrantPermissionsForFile(child_id, file, kReadFilePermissions);
 }
 
+void ChildProcessSecurityPolicyImpl::GrantWriteFile(

[vandebo (ex-Chrome), 2013/07/17 21:54:27]

Are these currently used?  I thought Greg's change already handled all the
granting of permissions.

[tommycli, 2013/07/17 22:31:11]

Done: Whoops, guess I got carried away by symmetry.

+    int child_id,
+    const base::FilePath& file) {
+  GrantPermissionsForFile(child_id, file, kWriteFilePermissions);
+}
+
+void ChildProcessSecurityPolicyImpl::GrantCreateFile(
+    int child_id,
+    const base::FilePath& file) {
+  GrantPermissionsForFile(child_id, file, kCreateFilePermissions);
+}
+
 void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFile(
     int child_id, const base::FilePath& file) {
-  GrantPermissionsForFile(child_id, file, kReadWriteFilePermissions);
+  GrantPermissionsForFile(child_id, file, kCreateReadWriteFilePermissions);
 }
 
 void ChildProcessSecurityPolicyImpl::GrantCreateWriteFile(
@@ -601,6 +613,22 @@ bool ChildProcessSecurityPolicyImpl::CanReadFile(int child_id,
   return HasPermissionsForFile(child_id, file, kReadFilePermissions);
 }
 
+bool ChildProcessSecurityPolicyImpl::CanWriteFile(int child_id,
+                                                  const base::FilePath& file) {
+  return HasPermissionsForFile(child_id, file, kWriteFilePermissions);
+}
+
+bool ChildProcessSecurityPolicyImpl::CanCreateFile(int child_id,
+                                                   const base::FilePath& file) {
+  return HasPermissionsForFile(child_id, file, kCreateFilePermissions);
+}
+
+bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile(
+    int child_id,
+    const base::FilePath& file) {
+  return HasPermissionsForFile(child_id, file, kCreateReadWriteFilePermissions);
+}
+
 bool ChildProcessSecurityPolicyImpl::CanReadDirectory(
     int child_id, const base::FilePath& directory) {
   return HasPermissionsForFile(child_id,
@@ -681,6 +709,31 @@ bool ChildProcessSecurityPolicyImpl::HasPermissionsForFileSystemFile(
   return false;
 }
 
+bool ChildProcessSecurityPolicyImpl::CanReadFileSystemFile(
+    int child_id,
+    const fileapi::FileSystemURL& url) {
+  return HasPermissionsForFileSystemFile(child_id, url, kReadFilePermissions);
+}
+
+bool ChildProcessSecurityPolicyImpl::CanWriteFileSystemFile(
+    int child_id,
+    const fileapi::FileSystemURL& url) {
+  return HasPermissionsForFileSystemFile(child_id, url, kWriteFilePermissions);
+}
+
+bool ChildProcessSecurityPolicyImpl::CanCreateFileSystemFile(
+    int child_id,
+    const fileapi::FileSystemURL& url) {
+  return HasPermissionsForFileSystemFile(child_id, url, kCreateFilePermissions);
+}
+
+bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFileSystemFile(
+    int child_id,
+    const fileapi::FileSystemURL& url) {
+  return HasPermissionsForFileSystemFile(child_id, url,
+                                         kCreateReadWriteFilePermissions);
+}
+
 bool ChildProcessSecurityPolicyImpl::HasWebUIBindings(int child_id) {
   base::AutoLock lock(lock_);