ChildProcessSecurityPolicy: Port FileAPIMessageFilter to use new checks

content/browser/child_process_security_policy_impl.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_
 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_
 
 
 #include <map>
 #include <set>
@@ skipping 123 matching lines @@
   // the given origin in main frames or subframes.
   // Only might return false if --site-per-process flag is used.
   bool CanLoadPage(int child_id,
                    const GURL& url,
                    ResourceType::Type resource_type);
 
   // Before servicing a child process's request to enumerate a directory
   // the browser should call this method to check for the capability.
   bool CanReadDirectory(int child_id, const base::FilePath& directory);
 
-  // Deprecated: Use CanReadFile, etc. methods instead.
-  // Determines if certain permissions were granted for a file. |permissions|
-  // must be a bitwise-or'd value of base::PlatformFileFlags.
-  bool HasPermissionsForFile(int child_id,
-                             const base::FilePath& file,
-                             int permissions);
-
-  // Deprecated: Use CanReadFileSystemFile, etc. methods instead.
-  // Determines if certain permissions were granted for a file in FileSystem
-  // API. |permissions| must be a bitwise-or'd value of base::PlatformFileFlags.
-  bool HasPermissionsForFileSystemFile(int child_id,
-                                       const fileapi::FileSystemURL& url,
-                                       int permissions);
-
   // Explicit permissions checks for FileSystemURL specified files.
   bool CanReadFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
   bool CanWriteFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
   bool CanCreateFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
   bool CanCreateWriteFileSystemFile(int child_id,
                                     const fileapi::FileSystemURL& url);
 
   // Returns true if the specified child_id has been granted WebUIBindings.
   // The browser should check this property before assuming the child process is
   // allowed to use WebUIBindings.
@@ skipping 36 matching lines @@
       int policy);
 
   // Returns true if sending system exclusive messages is allowed.
   bool CanSendMIDISysExMessage(int child_id);
 
  private:
   friend class ChildProcessSecurityPolicyInProcessBrowserTest;
   friend class ChildProcessSecurityPolicyTest;
   FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyInProcessBrowserTest,
                            NoLeak);
+  FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest, FilePermissions);
 
   class SecurityState;
 
   typedef std::set<std::string> SchemeSet;
   typedef std::map<int, SecurityState*> SecurityStateMap;
   typedef std::map<int, int> WorkerToMainProcessMap;
   typedef std::map<fileapi::FileSystemType, int> FileSystemPermissionPolicyMap;
 
   // Obtain an instance of ChildProcessSecurityPolicyImpl via GetInstance().
   ChildProcessSecurityPolicyImpl();
@@ skipping 16 matching lines @@
                                int permissions);
 
   // Grants access permission to the given isolated file system
   // identified by |filesystem_id|.  See comments for
   // ChildProcessSecurityPolicy::GrantReadFileSystem() for more details.
   void GrantPermissionsForFileSystem(
       int child_id,
       const std::string& filesystem_id,
       int permission);
 
+  // Deprecated: Use CanReadFile, etc. methods instead.
+  // Determines if certain permissions were granted for a file. |permissions|
+  // must be a bitwise-or'd value of base::PlatformFileFlags.
+  bool HasPermissionsForFile(int child_id,
+                             const base::FilePath& file,
+                             int permissions);
+
+  // Deprecated: Use CanReadFileSystemFile, etc. methods instead.
+  // Determines if certain permissions were granted for a file in FileSystem
+  // API. |permissions| must be a bitwise-or'd value of base::PlatformFileFlags.
+  bool HasPermissionsForFileSystemFile(int child_id,
+                                       const fileapi::FileSystemURL& url,
+                                       int permissions);
+
   // You must acquire this lock before reading or writing any members of this
   // class.  You must not block while holding this lock.
   base::Lock lock_;
 
   // These schemes are white-listed for all child processes.  This set is
   // protected by |lock_|.
   SchemeSet web_safe_schemes_;
 
   // These schemes do not actually represent retrievable URLs.  For example,
   // the the URLs in the "about" scheme are aliases to other URLs.  This set is
@@ skipping 11 matching lines @@
   WorkerToMainProcessMap worker_map_;
 
   FileSystemPermissionPolicyMap file_system_policy_map_;
 
   DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicyImpl);
 };
 
 }  // namespace content
 
 #endif  // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_IMPL_H_