Grant file access permissions for cached file paths to file browsers/handlers.

chrome/browser/chromeos/extensions/file_browser_private_api.cc

Index: chrome/browser/chromeos/extensions/file_browser_private_api.cc
diff --git a/chrome/browser/chromeos/extensions/file_browser_private_api.cc b/chrome/browser/chromeos/extensions/file_browser_private_api.cc
index 349b00db9193be258febf9a736759817c838a110..85072f4db01a909821ea2cdc5b52bd6b12465854 100644
--- a/chrome/browser/chromeos/extensions/file_browser_private_api.cc
+++ b/chrome/browser/chromeos/extensions/file_browser_private_api.cc
@@ -1017,6 +1017,11 @@ bool AddMountFunction::RunImpl() {
   return true;
 }
 
+void AddMountFunction::GrantFilePermissionsToHost(const FilePath& path,
+                                                  int permissions) {
+  ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile(
+      render_view_host()->GetProcess()->GetID(), path, permissions);
+}
 
 void AddMountFunction::AddGDataMountPoint() {
   fileapi::ExternalFileSystemMountPointProvider* provider =
@@ -1027,12 +1032,26 @@ void AddMountFunction::AddGDataMountPoint() {
 
   // Grant R/W permissions to gdata 'folder'. File API layer still
   // expects this to be satisfied.
-  ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile(
-      render_view_host()->GetProcess()->GetID(), mount_point,
-      file_handler_util::GetReadWritePermissions());
+  GrantFilePermissionsToHost(mount_point,
+                             file_handler_util::GetReadWritePermissions());
+
+  const gdata::GDataFileSystem* gdata_file_system =
+      gdata::GDataFileSystemFactory::GetForProfile(profile_);
+
+  // We check permissions for raw cache file paths only for read-only
+  // operations (when fileEntry.file() is called), so read only permissions
+  // should be sufficient for all cache paths. For the rest of supported
+  // operations the file access check is done for gdata/ paths.
+  GrantFilePermissionsToHost(gdata_file_system->GetGDataCacheTmpDirectory(),
+                             file_handler_util::GetReadOnlyPermissions());
+  GrantFilePermissionsToHost(gdata_file_system->GetGDataCachePinnedDirectory(),
+                             file_handler_util::GetReadOnlyPermissions());

[satorux1, 2012/03/22 22:28:29]

PinnedDirectory only contains symlinks, and the real files stay in
PersistentDirectory. shouldn't we grant permissions for the persistent
directory?

Please add GDataFileSystem::GetGDataCachePersistentDirectory() if needed.

[tonibarzic, 2012/03/22 23:38:20]

Yeah, my bad... that should have been Persistent..

 
   provider->AddRemoteMountPoint(mount_point,
                                 new gdata::GDataFileSystemProxy(profile_));
+  FilePath mount_point_virtual;
+  if (provider->GetVirtualPath(mount_point, &mount_point_virtual))
+    provider->GrantFileAccessToExtension(extension_id(), mount_point_virtual);
 }
 
 void AddMountFunction::RaiseGDataMountEvent(gdata::GDataErrorCode error) {