Grant file access permissions for cached file paths to file browsers/handlers.

chrome/browser/chromeos/extensions/file_handler_util.cc

Index: chrome/browser/chromeos/extensions/file_handler_util.cc
diff --git a/chrome/browser/chromeos/extensions/file_handler_util.cc b/chrome/browser/chromeos/extensions/file_handler_util.cc
index 71c5fb18ecda384b719f65164458fbb1518b0ba1..28a51a1f73afd9f326ae35d3dc69193dbcd71aa6 100644
--- a/chrome/browser/chromeos/extensions/file_handler_util.cc
+++ b/chrome/browser/chromeos/extensions/file_handler_util.cc
@@ -11,6 +11,8 @@
 #include "base/string_util.h"
 #include "base/stringprintf.h"
 #include "base/utf_string_conversions.h"
+#include "chrome/browser/chromeos/gdata/gdata_file_system.h"
+#include "chrome/browser/chromeos/gdata/gdata_util.h"
 #include "chrome/browser/chromeos/extensions/file_manager_util.h"
 #include "chrome/browser/extensions/extension_event_router.h"
 #include "chrome/browser/extensions/extension_service.h"
@@ -51,6 +53,10 @@ const int kReadWriteFilePermissions = base::PLATFORM_FILE_OPEN |
                                       base::PLATFORM_FILE_ASYNC |
                                       base::PLATFORM_FILE_WRITE_ATTRIBUTES;
 
+const int kReadOnlyFilePermissions = base::PLATFORM_FILE_OPEN |
+                                     base::PLATFORM_FILE_READ |
+                                     base::PLATFORM_FILE_EXCLUSIVE_READ |
+                                     base::PLATFORM_FILE_ASYNC;
 
 // Returns process id of the process the extension is running in.
 int ExtractProcessFromExtensionId(const std::string& extension_id,
@@ -162,12 +168,59 @@ void SortLastUsedHandlerList(LastUsedHandlerList *list) {
   }
 }
 
+void SetPermissionsForGDataCacheFiles(Profile* profile,
+                                       int pid,

[satorux1, 2012/03/22 22:28:29]

indentation is off

[tonibarzic, 2012/03/22 23:38:20]

Done.

+                                       const FilePath& path) {
+  gdata::GDataFileSystem* file_system =
+      gdata::GDataFileSystemFactory::GetForProfile(profile);
+  if (!file_system)
+    return;
+
+  gdata::GDataFileProperties file_properties;
+  file_system->GetFileInfoFromPath(path, &file_properties);
+
+  std::string resource_id = file_properties.resource_id;
+  std::string file_md5 = file_properties.file_md5;
+
+  // We check permissions for raw cache file paths only for read-only
+  // operations (when fileEntry.file() is called), so read only permissions
+  // should be sufficient for all cache paths. For the rest of supported
+  // operations the file access check is done for gdata/ paths.
+  std::vector<std::pair<FilePath, int> > cache_paths;

[zel, 2012/03/22 22:21:53]

please move the block that gives you all file names to gdata_util.cc - that
logic should not be part of extensions layer. - L179-206

[tonibarzic, 2012/03/22 23:38:20]

Done.

+  cache_paths.push_back(std::make_pair(
+      file_system->GetCacheFilePath(resource_id, file_md5,
+          gdata::GDataFileSystem::CACHE_TYPE_PERSISTENT,
+          gdata::GDataFileSystem::CACHED_FILE_FROM_SERVER),
+      GetReadOnlyPermissions()));
+  // TODO(tbarzic): When we start supporting openFile operation, we may have to
+  // change permission for localy modified files to match handler's permissions.
+  cache_paths.push_back(std::make_pair(
+      file_system->GetCacheFilePath(resource_id, file_md5,
+          gdata::GDataFileSystem::CACHE_TYPE_PERSISTENT,
+          gdata::GDataFileSystem::CACHED_FILE_LOCALLY_MODIFIED),
+     GetReadOnlyPermissions()));
+  cache_paths.push_back(std::make_pair(
+      file_system->GetCacheFilePath(resource_id, file_md5,
+          gdata::GDataFileSystem::CACHE_TYPE_TMP,
+          gdata::GDataFileSystem::CACHED_FILE_FROM_SERVER),
+      GetReadOnlyPermissions()));
+
+  for (size_t i = 0; i < cache_paths.size(); i++) {
+    ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile(
+        pid, cache_paths[i].first, cache_paths[i].second);
+  }
+}
+
 }  // namespace
 
 int GetReadWritePermissions() {
   return kReadWriteFilePermissions;
 }
 
+int GetReadOnlyPermissions() {
+  return kReadOnlyFilePermissions;
+}
+
 std::string MakeTaskID(const std::string& extension_id,
                        const std::string& action_id) {
   return base::StringPrintf("%s|%s", extension_id.c_str(), action_id.c_str());
@@ -391,17 +444,24 @@ class FileTaskExecutor::ExecuteTasksFileSystemCallbackDispatcher {
     // Check if this file system entry exists first.
     base::PlatformFileInfo file_info;
 
-    if (!file_util::PathExists(final_file_path) ||
-        file_util::IsLink(final_file_path) ||
-        !file_util::GetFileInfo(final_file_path, &file_info))
-      return false;
+    bool is_gdata_file = gdata::util::IsUnderGDataMountPoint(final_file_path);
 
-    // TODO(zelidrag): Let's just prevent all symlinks for now. We don't want a
-    // USB drive content to point to something in the rest of the file system.
-    // Ideally, we should permit symlinks within the boundary of the same
-    // virtual mount point.
-    if (file_info.is_symbolic_link)
-      return false;
+    // If the file is under gdata mount point, there is no actual file to be
+    // found on the final_file_path.
+    if (!is_gdata_file) {
+      if (!file_util::PathExists(final_file_path) ||
+          file_util::IsLink(final_file_path) ||

[satorux1, 2012/03/22 22:28:29]

Why are we checking IsLink()? we are checking file_info.is_symbolic_link below.
Or we can keep it here, and stop checking file_info.is_symbolic_link

[tonibarzic, 2012/03/22 23:38:20]

I'm not sure why we check that, but removed symbolic link check

+          !file_util::GetFileInfo(final_file_path, &file_info)) {
+        return false;
+      }
+
+      // TODO(zelidrag): Let's just prevent all symlinks for now. We don't want
+      // a USB drive content to point to something in the rest of the file
+      // system. Ideally, we should permit symlinks within the boundary of the
+      // same virtual mount point.
+      if (file_info.is_symbolic_link)
+        return false;
+    }
 
     // TODO(tbarzic): Add explicit R/W + R/O permissions for non-component
     // extensions.
@@ -413,6 +473,9 @@ class FileTaskExecutor::ExecuteTasksFileSystemCallbackDispatcher {
         final_file_path,
         GetReadWritePermissions());
 
+    if (is_gdata_file)
+      SetPermissionsForGDataCacheFiles(profile_, handler_pid_, final_file_path);
+
     // Grant access to this particular file to target extension. This will
     // ensure that the target extension can access only this FS entry and
     // prevent from traversing FS hierarchy upward.