Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1479)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/extensions/file_browser_private_api.cc

Issue 9808023: Grant file access permissions for cached file paths to file browsers/handlers. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: another rebase Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/chromeos/extensions/file_browser_private_api.h ('k') | chrome/browser/chromeos/extensions/file_handler_util.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/extensions/file_browser_private_api.cc
diff --git a/chrome/browser/chromeos/extensions/file_browser_private_api.cc b/chrome/browser/chromeos/extensions/file_browser_private_api.cc
index 0db316fba9fb6481d49be785be7f3d2d756a8738..c2fe26f324a50b1dbe15997884115d91ff5d1496 100644
--- a/chrome/browser/chromeos/extensions/file_browser_private_api.cc
+++ b/chrome/browser/chromeos/extensions/file_browser_private_api.cc
@@ -1018,6 +1018,11 @@ bool AddMountFunction::RunImpl() {
return true;
}
+void AddMountFunction::GrantFilePermissionsToHost(const FilePath& path,
+ int permissions) {
+ ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile(
+ render_view_host()->GetProcess()->GetID(), path, permissions);
+}
void AddMountFunction::AddGDataMountPoint() {
fileapi::ExternalFileSystemMountPointProvider* provider =
@@ -1028,16 +1033,32 @@ void AddMountFunction::AddGDataMountPoint() {
// Grant R/W permissions to gdata 'folder'. File API layer still
// expects this to be satisfied.
- ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile(
- render_view_host()->GetProcess()->GetID(), mount_point,
- file_handler_util::GetReadWritePermissions());
+ GrantFilePermissionsToHost(mount_point,
+ file_handler_util::GetReadWritePermissions());
+ // Grant R/W permission for tmp and pinned cache folder.
gdata::GDataSystemService* system_service =
gdata::GDataSystemServiceFactory::GetForProfile(profile_);
DCHECK(system_service);
+ gdata::GDataFileSystem* gdata_file_system = system_service->file_system();
+
+ // We check permissions for raw cache file paths only for read-only
+ // operations (when fileEntry.file() is called), so read only permissions
+ // should be sufficient for all cache paths. For the rest of supported
+ // operations the file access check is done for gdata/ paths.
+ GrantFilePermissionsToHost(gdata_file_system->GetGDataCacheTmpDirectory(),
+ file_handler_util::GetReadOnlyPermissions());
+ GrantFilePermissionsToHost(
+ gdata_file_system->GetGDataCachePersistentDirectory(),
+ file_handler_util::GetReadOnlyPermissions());
+
provider->AddRemoteMountPoint(
mount_point,
- new gdata::GDataFileSystemProxy(system_service->file_system()));
+ new gdata::GDataFileSystemProxy(gdata_file_system));
+
+ FilePath mount_point_virtual;
+ if (provider->GetVirtualPath(mount_point, &mount_point_virtual))
+ provider->GrantFileAccessToExtension(extension_id(), mount_point_virtual);
}
void AddMountFunction::RaiseGDataMountEvent(gdata::GDataErrorCode error) {
« no previous file with comments | « chrome/browser/chromeos/extensions/file_browser_private_api.h ('k') | chrome/browser/chromeos/extensions/file_handler_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698