Replace path blacklisting by filesystem type whitelisting.

This changes the way file entries obtained through
chrome.runtime.getPackageDirectoryEntry() are prevented from becoming
writable by being passed to chrome.fileSystem.getWritableEntry().
Instead of blacklisting certain paths, only file entries returned by the
fileSystem API or through drag and drop can be converted to writable
file entries.

BUG=277966

Review URL: https://chromiumcodereview.appspot.com/22859059

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@219289 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 11 insertions, 164 deletions

diff --git a/chrome/browser/extensions/api/file_system/file_system_api.cc b/chrome/browser/extensions/api/file_system/file_system_api.cc
index 99e761d..785c7c2 100644
--- a/chrome/browser/extensions/api/file_system/file_system_api.cc
+++ b/chrome/browser/extensions/api/file_system/file_system_api.cc
@@ -61,8 +61,6 @@ const char kSecurityError[] = "Security error";
 const char kInvalidCallingPage[] = "Invalid calling page. This function can't "
     "be called from a background page.";
 const char kUserCancelled[] = "User cancelled";
-const char kWritableFileRestrictedLocationError[] =
-    "Cannot write to file in a restricted location";
 const char kWritableFileErrorFormat[] = "Error opening %s";
 const char kRequiresFileSystemWriteError[] =
     "Operation requires fileSystem.write permission";
@@ -75,19 +73,6 @@ namespace ChooseEntry = file_system::ChooseEntry;
 
 namespace {
 
-const int kBlacklistedPaths[] = {
-  chrome::DIR_APP,
-  chrome::DIR_USER_DATA,
-};
-
-#if defined(OS_CHROMEOS)
-// On Chrome OS, the default downloads directory is a subdirectory of user data
-// directory, and should be whitelisted.
-const int kWhitelistedPaths[] = {
-  chrome::DIR_DEFAULT_DOWNLOADS_SAFE,
-};
-#endif
-
 #if defined(OS_MACOSX)
 // Retrieves the localized display name for the base name of the given path.
 // If the path is not localized, this will just return the base name.
@@ -189,10 +174,15 @@ bool GetFileSystemAndPathOfFileEntry(
       base::FilePath::FromUTF8Unsafe(filesystem_path);
   base::FilePath virtual_path = context->CreateVirtualRootPath(*filesystem_id)
       .Append(relative_path);
-  if (!context->CrackVirtualPath(virtual_path,
-                                 filesystem_id,
-                                 NULL,
-                                 file_path)) {
+  fileapi::FileSystemType type;
+  if (!context->CrackVirtualPath(
+          virtual_path, filesystem_id, &type, file_path)) {
+    *error = kInvalidParameters;
+    return false;
+  }
+
+  if (type != fileapi::kFileSystemTypeNativeForPlatformApp &&
+      type != fileapi::kFileSystemTypeDragged) {
     *error = kInvalidParameters;
     return false;
   }
@@ -215,7 +205,6 @@ bool GetFilePathOfFileEntry(const std::string& filesystem_name,
 }
 
 bool DoCheckWritableFile(const base::FilePath& path,
-                         const base::FilePath& extension_directory,
                          std::string* error_message) {
   // Don't allow links.
   if (base::PathExists(path) && file_util::IsLink(path)) {
@@ -224,35 +213,6 @@ bool DoCheckWritableFile(const base::FilePath& path,
     return false;
   }
 
-  if (extension_directory == path || extension_directory.IsParent(path)) {
-    *error_message = kWritableFileRestrictedLocationError;
-    return false;
-  }
-
-  bool is_whitelisted_path = false;
-
-#if defined(OS_CHROMEOS)
-  for (size_t i = 0; i < arraysize(kWhitelistedPaths); i++) {
-    base::FilePath whitelisted_path;
-    if (PathService::Get(kWhitelistedPaths[i], &whitelisted_path) &&
-        (whitelisted_path == path || whitelisted_path.IsParent(path))) {
-      is_whitelisted_path = true;
-      break;
-    }
-  }
-#endif
-
-  if (!is_whitelisted_path) {
-    for (size_t i = 0; i < arraysize(kBlacklistedPaths); i++) {
-      base::FilePath blacklisted_path;
-      if (PathService::Get(kBlacklistedPaths[i], &blacklisted_path) &&
-          (blacklisted_path == path || blacklisted_path.IsParent(path))) {
-        *error_message = kWritableFileRestrictedLocationError;
-        return false;
-      }
-    }
-  }
-
   // Create the file if it doesn't already exist.
   base::PlatformFileError error = base::PLATFORM_FILE_OK;
   int creation_flags = base::PLATFORM_FILE_CREATE |
@@ -283,11 +243,9 @@ class WritableFileChecker
   WritableFileChecker(
       const std::vector<base::FilePath>& paths,
       Profile* profile,
-      const base::FilePath& extension_path,
       const base::Closure& on_success,
       const base::Callback<void(const std::string&)>& on_failure)
       : outstanding_tasks_(1),
-        extension_path_(extension_path),
         on_success_(on_success),
         on_failure_(on_failure) {
 #if defined(OS_CHROMEOS)
@@ -339,7 +297,7 @@ class WritableFileChecker
     std::string error;
     for (std::vector<base::FilePath>::const_iterator it = paths.begin();
          it != paths.end(); ++it) {
-      if (!DoCheckWritableFile(*it, extension_path_, &error)) {
+      if (!DoCheckWritableFile(*it, &error)) {
         content::BrowserThread::PostTask(
             content::BrowserThread::UI,
             FROM_HERE,
@@ -375,7 +333,6 @@ class WritableFileChecker
 #endif
 
   int outstanding_tasks_;
-  const base::FilePath extension_path_;
   std::string error_;
   base::Closure on_success_;
   base::Callback<void(const std::string&)> on_failure_;
@@ -511,7 +468,7 @@ void FileSystemEntryFunction::CheckWritableFiles(
     const std::vector<base::FilePath>& paths) {
   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
   scoped_refptr<WritableFileChecker> helper = new WritableFileChecker(
-      paths, profile_, extension_->path(),
+      paths, profile_,
       base::Bind(
           &FileSystemEntryFunction::RegisterFileSystemsAndSendResponse,
           this, paths),
diff --git a/chrome/browser/extensions/api/file_system/file_system_apitest.cc b/chrome/browser/extensions/api/file_system/file_system_apitest.cc
index 90c90bf..8c21a17 100644
--- a/chrome/browser/extensions/api/file_system/file_system_apitest.cc
+++ b/chrome/browser/extensions/api/file_system/file_system_apitest.cc
@@ -431,47 +431,6 @@ IN_PROC_BROWSER_TEST_F(FileSystemApiTest,
       "api_test/file_system/get_writable_file_entry_with_write")) << message_;
 }
 
-IN_PROC_BROWSER_TEST_F(FileSystemApiTest,
-                       FileSystemApiGetWritableInUserDataDirTest) {
-  base::FilePath test_file =
-      base::MakeAbsoluteFilePath(TempFilePath("test.js", true));
-  ASSERT_FALSE(test_file.empty());
-  FileSystemChooseEntryFunction::SkipPickerAndAlwaysSelectPathForTest(
-      &test_file);
-  ASSERT_TRUE(PathService::OverrideAndCreateIfNeeded(
-      chrome::DIR_USER_DATA, test_file.DirName(), false));
-  ASSERT_TRUE(RunPlatformAppTest(
-      "api_test/file_system/get_writable_file_entry_non_writable_file"))
-      << message_;
-}
-
-IN_PROC_BROWSER_TEST_F(FileSystemApiTest,
-                       FileSystemApiGetWritableInChromeDirTest) {
-  base::FilePath test_file =
-      base::MakeAbsoluteFilePath(TempFilePath("test.js", true));
-  ASSERT_FALSE(test_file.empty());
-  FileSystemChooseEntryFunction::SkipPickerAndAlwaysSelectPathForTest(
-      &test_file);
-  ASSERT_TRUE(PathService::OverrideAndCreateIfNeeded(
-      chrome::DIR_APP, test_file.DirName(), false));
-  ASSERT_TRUE(RunPlatformAppTest(
-      "api_test/file_system/get_writable_file_entry_non_writable_file"))
-      << message_;
-}
-
-IN_PROC_BROWSER_TEST_F(FileSystemApiTest,
-                       FileSystemApiGetWritableInAppDirectory) {
-  FileSystemChooseEntryFunction::SkipPickerAndSelectSuggestedPathForTest();
-  {
-    AppInstallObserver observer(
-        base::Bind(SetLastChooseEntryDirectoryToAppDirectory,
-                   ExtensionPrefs::Get(profile())));
-    ASSERT_TRUE(RunPlatformAppTest(
-        "api_test/file_system/get_writable_file_entry_non_writable_file"))
-        << message_;
-  }
-}
-
 IN_PROC_BROWSER_TEST_F(FileSystemApiTest, FileSystemApiIsWritableTest) {
   base::FilePath test_file = TempFilePath("writable.txt", true);
   ASSERT_FALSE(test_file.empty());
@@ -509,73 +468,4 @@ IN_PROC_BROWSER_TEST_F(FileSystemApiTest, FileSystemApiRestoreEntry) {
   }
 }
 
-IN_PROC_BROWSER_TEST_F(FileSystemApiTest,
-                       FileSystemApiOpenNonWritableFileForRead) {
-  base::FilePath test_file = TempFilePath("open_existing.txt", true);
-  ASSERT_FALSE(test_file.empty());
-  ASSERT_TRUE(PathService::OverrideAndCreateIfNeeded(
-      chrome::DIR_USER_DATA, test_file.DirName(), false));
-  FileSystemChooseEntryFunction::SkipPickerAndAlwaysSelectPathForTest(
-      &test_file);
-  ASSERT_TRUE(RunPlatformAppTest("api_test/file_system/open_existing"))
-      << message_;
-}
-
-IN_PROC_BROWSER_TEST_F(FileSystemApiTest,
-                       FileSystemApiOpenInUserDataDirForWrite) {
-  base::FilePath test_file =
-      base::MakeAbsoluteFilePath(TempFilePath("open_existing.txt", true));
-  ASSERT_FALSE(test_file.empty());
-  ASSERT_TRUE(PathService::OverrideAndCreateIfNeeded(
-      chrome::DIR_USER_DATA, test_file.DirName(), false));
-  FileSystemChooseEntryFunction::SkipPickerAndAlwaysSelectPathForTest(
-      &test_file);
-  ASSERT_TRUE(RunPlatformAppTest(
-      "api_test/file_system/open_writable_existing_non_writable")) << message_;
-}
-
-#if defined(OS_CHROMEOS)
-// In Chrome OS the download directory is whitelisted for write.
-IN_PROC_BROWSER_TEST_F(FileSystemApiTest,
-                       FileSystemApiOpenInDownloadDirForWrite) {
-  base::FilePath test_file =
-      base::MakeAbsoluteFilePath(TempFilePath("writable.txt", true));
-  ASSERT_FALSE(test_file.empty());
-  ASSERT_TRUE(PathService::OverrideAndCreateIfNeeded(
-      chrome::DIR_USER_DATA, test_file.DirName(), false));
-  ASSERT_TRUE(PathService::OverrideAndCreateIfNeeded(
-      chrome::DIR_DEFAULT_DOWNLOADS_SAFE, test_file.DirName(), false));
-  FileSystemChooseEntryFunction::SkipPickerAndAlwaysSelectPathForTest(
-      &test_file);
-  ASSERT_TRUE(RunPlatformAppTest(
-      "api_test/file_system/is_writable_file_entry")) << message_;
-}
-#endif
-
-IN_PROC_BROWSER_TEST_F(FileSystemApiTest,
-                       FileSystemApiOpenInChromeDirForWrite) {
-  base::FilePath test_file =
-      base::MakeAbsoluteFilePath(TempFilePath("open_existing.txt", true));
-  ASSERT_FALSE(test_file.empty());
-  ASSERT_TRUE(PathService::OverrideAndCreateIfNeeded(
-      chrome::DIR_APP, test_file.DirName(), false));
-  FileSystemChooseEntryFunction::SkipPickerAndAlwaysSelectPathForTest(
-      &test_file);
-  ASSERT_TRUE(RunPlatformAppTest(
-      "api_test/file_system/open_writable_existing_non_writable")) << message_;
-}
-
-IN_PROC_BROWSER_TEST_F(FileSystemApiTest,
-                       FileSystemApiOpenInAppDirectoryForWrite) {
-  FileSystemChooseEntryFunction::SkipPickerAndSelectSuggestedPathForTest();
-  {
-    AppInstallObserver observer(
-        base::Bind(SetLastChooseEntryDirectoryToAppDirectory,
-                   ExtensionPrefs::Get(profile())));
-    ASSERT_TRUE(RunPlatformAppTest(
-        "api_test/file_system/open_writable_existing_non_writable"))
-        << message_;
-  }
-}
-
 }  // namespace extensions