Adding file access permissions to fileBrowserHandler manifest.

chrome/browser/chromeos/extensions/file_handler_util.cc

Index: chrome/browser/chromeos/extensions/file_handler_util.cc
diff --git a/chrome/browser/chromeos/extensions/file_handler_util.cc b/chrome/browser/chromeos/extensions/file_handler_util.cc
index 346a3ea1f6d4de5657490a13b151b545ffb8b0f3..8d87579d58c358253a52ce79f3e4490ad0dc495f 100644
--- a/chrome/browser/chromeos/extensions/file_handler_util.cc
+++ b/chrome/browser/chromeos/extensions/file_handler_util.cc
@@ -104,6 +104,34 @@ URLPatternSet GetAllMatchingPatterns(const FileBrowserHandler* handler,
 
 typedef std::set<const FileBrowserHandler*> ActionSet;
 
+const FileBrowserHandler* FindFileBrowserHandler(const Extension* extension,
+                                                 const std::string& action_id) {
+  for (Extension::FileBrowserHandlerList::const_iterator action_iter =
+           extension->file_browser_handlers()->begin();
+       action_iter != extension->file_browser_handlers()->end();
+       ++action_iter) {
+    if (action_iter->get()->id() == action_id)

[Yoyo Zhou, 2012/03/26 22:42:58]

These ids look like they're user-provided, but I don't see what ensures the ids
are unique.

[tbarzic, 2012/03/26 23:22:51]

I don't think there is anything..

[Yoyo Zhou, 2012/03/27 00:54:20]

So you may have unexpected results if the ids are not unique. But this is
probably not a big deal.

[tbarzic, 2012/03/27 01:10:59]

Yeah.. I'll try to address this as I implement new way of specifying file
filters (part 2 of the design doc).. should not be too hard

+      return action_iter->get();
+  }
+  return NULL;
+}
+
+unsigned int GetAccessPermissionsForHandler(const Extension* extension,
+                                            const std::string& action_id) {
+  const FileBrowserHandler* action =
+      FindFileBrowserHandler(extension, action_id);
+  if (!action)
+    return 0;
+  unsigned int result = 0;
+  if (action->CanRead())
+    result |= kReadOnlyFilePermissions;
+  if (action->CanWrite())
+    result |= kReadWriteFilePermissions;
+  // We don't handle Create yet.

[Yoyo Zhou, 2012/03/26 22:42:58]

nit: can you write TODO(tbarzic):

[tbarzic, 2012/03/26 23:22:51]

Done.

+  return result;
+}
+
+
 std::string EscapedUtf8ToLower(const std::string& str) {
   string16 utf16 = UTF8ToUTF16(
       net::UnescapeURLComponent(str, net::UnescapeRule::NORMAL));
@@ -285,12 +313,13 @@ class FileTaskExecutor::ExecuteTasksFileSystemCallbackDispatcher {
       const GURL& source_url,
       scoped_refptr<const Extension> handler_extension,
       int handler_pid,
+      const std::string& action_id,
       const std::vector<GURL>& file_urls) {
     return base::Bind(
         &ExecuteTasksFileSystemCallbackDispatcher::DidOpenFileSystem,
         base::Owned(new ExecuteTasksFileSystemCallbackDispatcher(
             executor, profile, source_url, handler_extension,
-            handler_pid, file_urls)));
+            handler_pid, action_id, file_urls)));
   }
 
   void DidOpenFileSystem(base::PlatformFileError result,
@@ -347,12 +376,14 @@ class FileTaskExecutor::ExecuteTasksFileSystemCallbackDispatcher {
       const GURL& source_url,
       const scoped_refptr<const Extension>& handler_extension,
       int handler_pid,
+      const std::string& action_id,
       const std::vector<GURL>& file_urls)
       : executor_(executor),
         profile_(profile),
         source_url_(source_url),
         handler_extension_(handler_extension),
         handler_pid_(handler_pid),
+        action_id_(action_id),
         origin_file_urls_(file_urls) {
     DCHECK(executor_);
   }
@@ -418,15 +449,10 @@ class FileTaskExecutor::ExecuteTasksFileSystemCallbackDispatcher {
       }
     }
 
-    // TODO(tbarzic): Add explicit R/W + R/O permissions for non-component
-    // extensions.
-
-    // Grant R/O access permission to non-component extension and R/W to
-    // component extensions.
     ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile(
         handler_pid_,
         final_file_path,
-        GetReadWritePermissions());
+        GetAccessPermissionsForHandler(handler_extension_.get(), action_id_));
 
     // Grant access to this particular file to target extension. This will
     // ensure that the target extension can access only this FS entry and
@@ -453,6 +479,7 @@ class FileTaskExecutor::ExecuteTasksFileSystemCallbackDispatcher {
   GURL source_url_;
   scoped_refptr<const Extension> handler_extension_;
   int handler_pid_;
+  std::string action_id_;
   std::vector<GURL> origin_file_urls_;
   DISALLOW_COPY_AND_ASSIGN(ExecuteTasksFileSystemCallbackDispatcher);
 };
@@ -512,6 +539,7 @@ void FileTaskExecutor::RequestFileEntryOnFileThread(
           source_url_,
           handler,
           handler_pid,
+          action_id_,
           file_urls));
 }