commit bee16c0bf837e872690db347d42a183e0daa6eb0
author tommycli@chromium.org <tommycli@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> Mon Sep 16 20:30:48 2013
committer tommycli@chromium.org <tommycli@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> Mon Sep 16 20:30:48 2013
tree c1b33759bebece5db613b0404455fdabb231e107
parent c971d4c019f5d62a03be2e889bf7f73103ee3f83

ChildProcessSecurityPolicy: Port FileAPIMessageFilter to use new checks

This CL: 
 * Closes the P1 security hole described in http://crbug.com/284792 by changing the message contents to contain Pepper file open flags instead of base::PlatformFileFlags and checking those in FileAPIMessageFilter.
 * Ports the rest of FileAPIMessageFilter to use new CPSP calls.
 * Ports one call in ResourceDispatcherHostImpl.
 * Makes base::PlatformFileFlags-based methods private in CPSP.

Refactoring document / plans here:
https://docs.google.com/a/google.com/document/d/1QGkGWuwgSuaRqovz4wyb0upqPKDVsgYOFKt44E7gmOE/edit?usp=sharing 

BUG=262142,284792

Review URL: https://chromiumcodereview.appspot.com/23760004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@223399 0039d316-1c4b-4281-b951-d872f2087c98

content/browser/child_process_security_policy_impl.h

diff --git a/content/browser/child_process_security_policy_impl.h b/content/browser/child_process_security_policy_impl.h
index 580552a..0a874b3 100644
--- a/content/browser/child_process_security_policy_impl.h
+++ b/content/browser/child_process_security_policy_impl.h
@@ -141,20 +141,6 @@
   // the browser should call this method to check for the capability.
   bool CanReadDirectory(int child_id, const base::FilePath& directory);
 
-  // Deprecated: Use CanReadFile, etc. methods instead.
-  // Determines if certain permissions were granted for a file. |permissions|
-  // must be a bitwise-or'd value of base::PlatformFileFlags.
-  bool HasPermissionsForFile(int child_id,
-                             const base::FilePath& file,
-                             int permissions);
-
-  // Deprecated: Use CanReadFileSystemFile, etc. methods instead.
-  // Determines if certain permissions were granted for a file in FileSystem
-  // API. |permissions| must be a bitwise-or'd value of base::PlatformFileFlags.
-  bool HasPermissionsForFileSystemFile(int child_id,
-                                       const fileapi::FileSystemURL& url,
-                                       int permissions);
-
   // Explicit permissions checks for FileSystemURL specified files.
   bool CanReadFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
   bool CanWriteFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
@@ -211,6 +197,7 @@
   friend class ChildProcessSecurityPolicyTest;
   FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyInProcessBrowserTest,
                            NoLeak);
+  FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest, FilePermissions);
 
   class SecurityState;
 
@@ -247,6 +234,20 @@
       const std::string& filesystem_id,
       int permission);
 
+  // Deprecated: Use CanReadFile, etc. methods instead.
+  // Determines if certain permissions were granted for a file. |permissions|
+  // must be a bitwise-or'd value of base::PlatformFileFlags.
+  bool HasPermissionsForFile(int child_id,
+                             const base::FilePath& file,
+                             int permissions);
+
+  // Deprecated: Use CanReadFileSystemFile, etc. methods instead.
+  // Determines if certain permissions were granted for a file in FileSystem
+  // API. |permissions| must be a bitwise-or'd value of base::PlatformFileFlags.
+  bool HasPermissionsForFileSystemFile(int child_id,
+                                       const fileapi::FileSystemURL& url,
+                                       int permissions);
+
   // You must acquire this lock before reading or writing any members of this
   // class.  You must not block while holding this lock.
   base::Lock lock_;