ChildProcessSecurityPolicy: Remove CanReadDirectory (special directory enumeration grant).

Per discussion with kinuko here (https://codereview.chromium.org/24631002/), there is no longer a need for a special directory enumeration permission grant.

This is part of Step 4 of this refactoring plan:
https://docs.google.com/a/google.com/document/d/1QGkGWuwgSuaRqovz4wyb0upqPKDVsgYOFKt44E7gmOE/edit?usp=sharing

BUG=262142, 263150

Review URL: https://codereview.chromium.org/25601002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@227304 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 8 insertions, 72 deletions

diff --git a/base/platform_file.h b/base/platform_file.h
index e94c7ed..3d69ae7 100644
--- a/base/platform_file.h
+++ b/base/platform_file.h
@@ -44,14 +44,13 @@ enum PlatformFileFlags {
   PLATFORM_FILE_DELETE_ON_CLOSE = 1 << 13,
 
   PLATFORM_FILE_WRITE_ATTRIBUTES = 1 << 14,  // Used on Windows only
-  PLATFORM_FILE_ENUMERATE = 1 << 15,         // May enumerate directory
 
-  PLATFORM_FILE_SHARE_DELETE = 1 << 16,      // Used on Windows only
+  PLATFORM_FILE_SHARE_DELETE = 1 << 15,      // Used on Windows only
 
-  PLATFORM_FILE_TERMINAL_DEVICE = 1 << 17,   // Serial port flags
-  PLATFORM_FILE_BACKUP_SEMANTICS = 1 << 18,  // Used on Windows only
+  PLATFORM_FILE_TERMINAL_DEVICE = 1 << 16,   // Serial port flags
+  PLATFORM_FILE_BACKUP_SEMANTICS = 1 << 17,  // Used on Windows only
 
-  PLATFORM_FILE_EXECUTE = 1 << 19,           // Used on Windows only
+  PLATFORM_FILE_EXECUTE = 1 << 18,           // Used on Windows only
 };
 
 // PLATFORM_FILE_ERROR_ACCESS_DENIED is returned when a call fails because of
diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc
index b725f7e..291005e 100644
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -49,10 +49,6 @@ const int kWriteFilePermissions =
 const int kCreateNewFilePermissions =
     base::PLATFORM_FILE_CREATE;
 
-const int kEnumerateDirectoryPermissions =
-    kReadFilePermissions |
-    base::PLATFORM_FILE_ENUMERATE;
-
 const int kCreateOverwriteFilePermissions =
     base::PLATFORM_FILE_OPEN_ALWAYS |
     base::PLATFORM_FILE_CREATE_ALWAYS;
@@ -438,11 +434,6 @@ void ChildProcessSecurityPolicyImpl::GrantCreateReadWriteFile(
   GrantPermissionsForFile(child_id, file, kCreateReadWriteFilePermissions);
 }
 
-void ChildProcessSecurityPolicyImpl::GrantReadDirectory(
-    int child_id, const base::FilePath& directory) {
-  GrantPermissionsForFile(child_id, directory, kEnumerateDirectoryPermissions);
-}
-
 void ChildProcessSecurityPolicyImpl::GrantPermissionsForFile(
     int child_id, const base::FilePath& file, int permissions) {
   base::AutoLock lock(lock_);
@@ -621,13 +612,6 @@ bool ChildProcessSecurityPolicyImpl::CanCreateReadWriteFile(
   return HasPermissionsForFile(child_id, file, kCreateReadWriteFilePermissions);
 }
 
-bool ChildProcessSecurityPolicyImpl::CanReadDirectory(
-    int child_id, const base::FilePath& directory) {
-  return HasPermissionsForFile(child_id,
-                               directory,
-                               kEnumerateDirectoryPermissions);
-}
-
 bool ChildProcessSecurityPolicyImpl::CanReadFileSystem(
     int child_id, const std::string& filesystem_id) {
   return HasPermissionsForFileSystem(child_id,
diff --git a/content/browser/child_process_security_policy_impl.h b/content/browser/child_process_security_policy_impl.h
index b1f68e4..dec309c 100644
--- a/content/browser/child_process_security_policy_impl.h
+++ b/content/browser/child_process_security_policy_impl.h
@@ -102,10 +102,6 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
   // file:// URL, but not all urls of the file:// scheme.
   void GrantRequestSpecificFileURL(int child_id, const GURL& url);
 
-  // Grants the child process permission to enumerate all the files in
-  // this directory and read those files.
-  void GrantReadDirectory(int child_id, const base::FilePath& directory);
-
   // Revokes all permissions granted to the given file.
   void RevokeAllPermissionsForFile(int child_id, const base::FilePath& file);
 
@@ -133,10 +129,6 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
                    const GURL& url,
                    ResourceType::Type resource_type);
 
-  // Before servicing a child process's request to enumerate a directory
-  // the browser should call this method to check for the capability.
-  bool CanReadDirectory(int child_id, const base::FilePath& directory);
-
   // Explicit permissions checks for FileSystemURL specified files.
   bool CanReadFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
   bool CanWriteFileSystemFile(int child_id, const fileapi::FileSystemURL& url);
diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc
index 9f574c5..2e68b18 100644
--- a/content/browser/child_process_security_policy_unittest.cc
+++ b/content/browser/child_process_security_policy_unittest.cc
@@ -448,40 +448,6 @@ TEST_F(ChildProcessSecurityPolicyTest, FilePermissionGrantingAndRevoking) {
   p->Remove(kRendererID);
 }
 
-TEST_F(ChildProcessSecurityPolicyTest, CanReadDirectories) {
-  ChildProcessSecurityPolicyImpl* p =
-      ChildProcessSecurityPolicyImpl::GetInstance();
-
-  p->Add(kRendererID);
-
-  EXPECT_FALSE(p->CanReadDirectory(kRendererID,
-                                   base::FilePath(TEST_PATH("/etc/"))));
-  p->GrantReadDirectory(kRendererID,
-                        base::FilePath(TEST_PATH("/etc/")));
-  EXPECT_TRUE(p->CanReadDirectory(kRendererID,
-                                  base::FilePath(TEST_PATH("/etc/"))));
-  EXPECT_TRUE(p->CanReadFile(kRendererID,
-                             base::FilePath(TEST_PATH("/etc/passwd"))));
-
-  p->Remove(kRendererID);
-  p->Add(kRendererID);
-
-  EXPECT_FALSE(p->CanReadDirectory(kRendererID,
-                                   base::FilePath(TEST_PATH("/etc/"))));
-  EXPECT_FALSE(p->CanReadFile(kRendererID,
-                              base::FilePath(TEST_PATH("/etc/passwd"))));
-
-  // Just granting read permission as a file doesn't imply reading as a
-  // directory.
-  p->GrantReadFile(kRendererID, base::FilePath(TEST_PATH("/etc/")));
-  EXPECT_TRUE(p->CanReadFile(kRendererID,
-                             base::FilePath(TEST_PATH("/etc/passwd"))));
-  EXPECT_FALSE(p->CanReadDirectory(kRendererID,
-                                   base::FilePath(TEST_PATH("/etc/"))));
-
-  p->Remove(kRendererID);
-}
-
 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
   base::FilePath granted_file = base::FilePath(TEST_PATH("/home/joe"));
   base::FilePath sibling_file = base::FilePath(TEST_PATH("/home/bob"));
diff --git a/content/browser/renderer_host/render_view_host_impl.cc b/content/browser/renderer_host/render_view_host_impl.cc
index 11888c6..689ceed 100644
--- a/content/browser/renderer_host/render_view_host_impl.cc
+++ b/content/browser/renderer_host/render_view_host_impl.cc
@@ -627,12 +627,8 @@ void RenderViewHostImpl::DragTargetDragEnter(
     // directories, but dragging a file would cause the read/write access to be
     // overwritten with read-only access, making them impossible to delete or
     // rename until the renderer was killed.
-    if (!policy->CanReadFile(renderer_id, path)) {
+    if (!policy->CanReadFile(renderer_id, path))
       policy->GrantReadFile(renderer_id, path);
-      // Allow dragged directories to be enumerated by the child process.
-      // Note that we can't tell a file from a directory at this point.
-      policy->GrantReadDirectory(renderer_id, path);
-    }
   }
 
   fileapi::IsolatedContext* isolated_context =
diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
index a3aa086..b2d98cf 100644
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -2452,7 +2452,7 @@ void WebContentsImpl::OnEnumerateDirectory(int request_id,
 
   ChildProcessSecurityPolicyImpl* policy =
       ChildProcessSecurityPolicyImpl::GetInstance();
-  if (policy->CanReadDirectory(GetRenderProcessHost()->GetID(), path))
+  if (policy->CanReadFile(GetRenderProcessHost()->GetID(), path))
     delegate_->EnumerateDirectory(this, request_id, path);
 }
 
diff --git a/webkit/browser/fileapi/file_system_operation_impl.cc b/webkit/browser/fileapi/file_system_operation_impl.cc
index 3a62679..3b4dbaf 100644
--- a/webkit/browser/fileapi/file_system_operation_impl.cc
+++ b/webkit/browser/fileapi/file_system_operation_impl.cc
@@ -204,9 +204,8 @@ void FileSystemOperationImpl::OpenFile(const FileSystemURL& url,
   DCHECK(SetPendingOperationType(kOperationOpenFile));
   peer_handle_ = peer_handle;
 
-  if (file_flags & (
-      (base::PLATFORM_FILE_ENUMERATE | base::PLATFORM_FILE_TEMPORARY |
-       base::PLATFORM_FILE_HIDDEN))) {
+  if (file_flags &
+      (base::PLATFORM_FILE_TEMPORARY | base::PLATFORM_FILE_HIDDEN)) {
     callback.Run(base::PLATFORM_FILE_ERROR_FAILED,
                  base::kInvalidPlatformFileValue,
                  base::Closure(),