Restrict file protocol on chromeos to certain whitelisted directories. Disable this for tests.

BUG=chromium-os:3412
TEST=Access file: directories on chromeos. browser, ui, interactive ui and unit tests should continue to pass.

Review URL: http://codereview.chromium.org/4160003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@65866 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 40 insertions, 3 deletions

diff --git a/net/url_request/url_request_file_job.cc b/net/url_request/url_request_file_job.cc
index fff85c3..526dabf 100644
--- a/net/url_request/url_request_file_job.cc
+++ b/net/url_request/url_request_file_job.cc
@@ -33,6 +33,7 @@
 #include "net/base/net_util.h"
 #include "net/http/http_util.h"
 #include "net/url_request/url_request.h"
+#include "net/url_request/url_request_error_job.h"
 #include "net/url_request/url_request_file_dir_job.h"
 
 #if defined(OS_WIN)
@@ -40,8 +41,8 @@
 #endif
 
 #if defined(OS_WIN)
-class URLRequestFileJob::AsyncResolver :
-    public base::RefCountedThreadSafe<URLRequestFileJob::AsyncResolver> {
+class URLRequestFileJob::AsyncResolver
+    : public base::RefCountedThreadSafe<URLRequestFileJob::AsyncResolver> {
  public:
   explicit AsyncResolver(URLRequestFileJob* owner)
       : owner_(owner), owner_loop_(MessageLoop::current()) {
@@ -84,7 +85,15 @@ class URLRequestFileJob::AsyncResolver :
 // static
 URLRequestJob* URLRequestFileJob::Factory(
     URLRequest* request, const std::string& scheme) {
+
   FilePath file_path;
+  const bool is_file = net::FileURLToFilePath(request->url(), &file_path);
+
+#if defined(OS_CHROMEOS)
+  // Check file access.
+  if (AccessDisabled(file_path))
+    return new URLRequestErrorJob(request, net::ERR_ACCESS_DENIED);
+#endif
 
   // We need to decide whether to create URLRequestFileJob for file access or
   // URLRequestFileDirJob for directory access. To avoid accessing the
@@ -92,7 +101,7 @@ URLRequestJob* URLRequestFileJob::Factory(
   // The code in the URLRequestFileJob::Start() method discovers that a path,
   // which doesn't end with a slash, should really be treated as a directory,
   // and it then redirects to the URLRequestFileDirJob.
-  if (net::FileURLToFilePath(request->url(), &file_path) &&
+  if (is_file &&
       file_util::EndsWithSeparator(file_path) &&
       file_path.IsAbsolute())
     return new URLRequestFileDirJob(request, file_path);
@@ -346,3 +355,31 @@ bool URLRequestFileJob::IsRedirectResponse(GURL* location,
   return false;
 #endif
 }
+
+#if defined(OS_CHROMEOS)
+static const char* const kLocalAccessWhiteList[] = {
+  "/home/chronos/user/Downloads",
+  "/mnt/partner_partition",
+  "/usr/share/chromeos-assets",
+  "/tmp",
+  "/var/log",
+};
+
+// static
+bool URLRequestFileJob::AccessDisabled(const FilePath& file_path) {
+  if (URLRequest::IsFileAccessAllowed()) {  // for tests.
+    return false;
+  }
+
+  for (size_t i = 0; i < arraysize(kLocalAccessWhiteList); ++i) {
+    const FilePath white_listed_path(kLocalAccessWhiteList[i]);
+    // FilePath::operator== should probably handle trailing seperators.
+    if (white_listed_path == file_path.StripTrailingSeparators() ||
+        white_listed_path.IsParent(file_path)) {
+      return false;
+    }
+  }
+  return true;
+}
+#endif
+