ChildProcessSecurityPolicy: Deprecate bitmask-based permissions checks for files.

content/browser/child_process_security_policy_impl.h

Index: content/browser/child_process_security_policy_impl.h
diff --git a/content/browser/child_process_security_policy_impl.h b/content/browser/child_process_security_policy_impl.h
index acf74cd1d59b3ccd6cd312a8d62aedf50b188bf7..cb466a3df07dc14dd2ac0a235c8dc95c53a88803 100644
--- a/content/browser/child_process_security_policy_impl.h
+++ b/content/browser/child_process_security_policy_impl.h
@@ -42,11 +42,6 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
   // ChildProcessSecurityPolicy implementation.
   virtual void RegisterWebSafeScheme(const std::string& scheme) OVERRIDE;
   virtual bool IsWebSafeScheme(const std::string& scheme) OVERRIDE;
-  virtual void GrantReadFile(int child_id, const base::FilePath& file) OVERRIDE;
-  virtual void GrantCreateReadWriteFile(int child_id,
-                                  const base::FilePath& file) OVERRIDE;
-  virtual void GrantCreateWriteFile(int child_id,
-                                    const base::FilePath& file) OVERRIDE;
   virtual void GrantReadFileSystem(
       int child_id,
       const std::string& filesystem_id) OVERRIDE;
@@ -58,6 +53,19 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
       const std::string& filesystem_id) OVERRIDE;
   virtual void GrantScheme(int child_id, const std::string& scheme) OVERRIDE;
   virtual bool CanReadFile(int child_id, const base::FilePath& file) OVERRIDE;

[vandebo (ex-Chrome), 2013/07/17 21:54:27]

File stuff is probably more generally interesting than file system first, so
leave it first.

[tommycli, 2013/07/17 22:31:11]

Done.

+  virtual bool CanWriteFile(int child_id, const base::FilePath& file) OVERRIDE;
+  virtual bool CanCreateFile(int child_id, const base::FilePath& file) OVERRIDE;
+  virtual bool CanCreateReadWriteFile(int child_id,
+                                      const base::FilePath& file) OVERRIDE;
+  virtual void GrantReadFile(int child_id, const base::FilePath& file) OVERRIDE;
+  virtual void GrantWriteFile(int child_id,
+                              const base::FilePath& file) OVERRIDE;
+  virtual void GrantCreateFile(int child_id,
+                               const base::FilePath& file) OVERRIDE;
+  virtual void GrantCreateReadWriteFile(int child_id,
+                                        const base::FilePath& file) OVERRIDE;
+  virtual void GrantCreateWriteFile(int child_id,
+                                    const base::FilePath& file) OVERRIDE;
   virtual bool CanReadFileSystem(int child_id,
                                  const std::string& filesystem_id) OVERRIDE;
   virtual bool CanReadWriteFileSystem(
@@ -129,18 +137,27 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
   // the browser should call this method to check for the capability.
   bool CanReadDirectory(int child_id, const base::FilePath& directory);
 
+  // Deprecated: Use CanReadFile, etc. methods instead.

[vandebo (ex-Chrome), 2013/07/17 21:54:27]

I presume these will go away by the time you're done?

[tommycli, 2013/07/17 22:31:11]

Yes these will go away... after a long time.

   // Determines if certain permissions were granted for a file. |permissions|
   // must be a bitwise-or'd value of base::PlatformFileFlags.
   bool HasPermissionsForFile(int child_id,
                              const base::FilePath& file,
                              int permissions);
 
+  // Deprecated: Use CanReadFileSystemFile, etc. methods instead.
   // Determines if certain permissions were granted for a file in FileSystem
   // API. |permissions| must be a bitwise-or'd value of base::PlatformFileFlags.
   bool HasPermissionsForFileSystemFile(int child_id,
                                        const fileapi::FileSystemURL& url,
                                        int permissions);
 
+  // Explicit permissions checks for FileSystemURL specified files.
+  bool CanReadFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
+  bool CanWriteFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
+  bool CanCreateFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
+  bool CanCreateReadWriteFileSystemFile(int child_id,
+                                        const fileapi::FileSystemURL& url);
+
   // Returns true if the specified child_id has been granted WebUIBindings.
   // The browser should check this property before assuming the child process is
   // allowed to use WebUIBindings.