From c9a8ff962dc33c73ebca4a7c39606b1c18fbfd0a Mon Sep 17 00:00:00 2001 From: Keeley Hammond Date: Tue, 27 May 2025 23:15:36 -0700 Subject: [PATCH] fixup! 6556022: Reland "FSA: Only normalize the hardcoded rules once during initialization" | https://chromium-review.googlesource.com/c/chromium/src/+/6556022 This partially reverts commit 20d709dd15ba0ff332e24ee314149d642dc5d47c. --- ..._expose_file_system_access_blocklist.patch | 199 ++++++++++++------ .../file_system_access_permission_context.cc | 148 +++++++++---- .../file_system_access_permission_context.h | 24 ++- 3 files changed, 266 insertions(+), 105 deletions(-) diff --git a/patches/chromium/refactor_expose_file_system_access_blocklist.patch b/patches/chromium/refactor_expose_file_system_access_blocklist.patch index 702d94ed23..20dba82deb 100644 --- a/patches/chromium/refactor_expose_file_system_access_blocklist.patch +++ b/patches/chromium/refactor_expose_file_system_access_blocklist.patch @@ -8,38 +8,46 @@ it in Electron and prevent drift from Chrome's blocklist. We should look for a w to upstream this change to Chrome. diff --git a/chrome/browser/file_system_access/chrome_file_system_access_permission_context.cc b/chrome/browser/file_system_access/chrome_file_system_access_permission_context.cc -index 5b543e82abb17cbb91bf37fa6bac016b6053eb93..2c927f5f8e36fe08579eeb2ca49d143339d16424 100644 +index 5b543e82abb17cbb91bf37fa6bac016b6053eb93..117b6b05b3a1c39183a45830b97255cab529c646 100644 --- a/chrome/browser/file_system_access/chrome_file_system_access_permission_context.cc +++ b/chrome/browser/file_system_access/chrome_file_system_access_permission_context.cc -@@ -46,7 +46,6 @@ - #include "chrome/browser/ui/file_system_access/file_system_access_dangerous_file_dialog.h" - #include "chrome/browser/ui/file_system_access/file_system_access_dialogs.h" - #include "chrome/browser/ui/file_system_access/file_system_access_restricted_directory_dialog.h" --#include "chrome/common/chrome_paths.h" - #include "chrome/grit/generated_resources.h" - #include "components/content_settings/core/browser/host_content_settings_map.h" - #include "components/content_settings/core/common/content_settings.h" -@@ -262,9 +261,13 @@ bool MaybeIsLocalUNCPath(const base::FilePath& path) { +@@ -82,11 +82,13 @@ + #include "chrome/browser/ui/browser_window.h" + #include "chrome/browser/ui/tabs/public/tab_features.h" + #include "chrome/browser/ui/views/file_system_access/file_system_access_page_action_controller.h" ++#if 0 + #include "chrome/browser/web_applications/proto/web_app_install_state.pb.h" + #include "chrome/browser/web_applications/web_app_install_manager.h" + #include "chrome/browser/web_applications/web_app_install_manager_observer.h" + #include "chrome/browser/web_applications/web_app_provider.h" + #include "chrome/browser/web_applications/web_app_registrar.h" ++#endif + #include "components/tabs/public/tab_interface.h" + #if BUILDFLAG(ENABLE_PLATFORM_APPS) + #include "extensions/browser/extension_registry.h" // nogncheck +@@ -262,182 +264,10 @@ bool MaybeIsLocalUNCPath(const base::FilePath& path) { } #endif -// Sentinel used to indicate that no PathService key is specified for a path in -// the struct below. -constexpr const int kNoBasePathKey = -1; -+// This patch moves the deleted content from this file over to -+// chrome/browser/file_system_access/chrome_file_system_access_permission_context.h. -+// NOTE IF THERE IS A CONFLICT ABOVE, you will need to copy the changes in the -+// removed block over to chrome_file_system_access_permission_context.h. -+ -+// Describes a rule for blocking a directory, which can be constructed -+// dynamically (based on state) or statically (from kBlockedPaths). - - // A wrapper around `base::NormalizeFilePath` that returns its result instead of - // using an out parameter. -@@ -281,164 +284,6 @@ base::FilePath NormalizeFilePath(const base::FilePath& path) { - return normalized_path; - } - +- +-// A wrapper around `base::NormalizeFilePath` that returns its result instead of +-// using an out parameter. +-base::FilePath NormalizeFilePath(const base::FilePath& path) { +- CHECK(path.IsAbsolute()); +- // TODO(crbug.com/368130513O): On Windows, this call will fail if the target +- // file path is greater than MAX_PATH. We should decide how to handle this +- // scenario. +- base::FilePath normalized_path; +- if (!base::NormalizeFilePath(path, &normalized_path)) { +- return path; +- } +- CHECK_EQ(path.empty(), normalized_path.empty()); +- return normalized_path; +-} +- -using BlockType = ChromeFileSystemAccessPermissionContext::BlockType; - -std::unique_ptr @@ -197,44 +205,121 @@ index 5b543e82abb17cbb91bf37fa6bac016b6053eb93..2c927f5f8e36fe08579eeb2ca49d1433 - - return block_path_rules; -} -- ++// This patch moves the deleted content from this file over to ++// chrome/browser/file_system_access/chrome_file_system_access_permission_context.h. ++// NOTE IF THERE IS A CONFLICT ABOVE, you will need to copy the changes in the ++// removed block over to chrome_file_system_access_permission_context.h. + // Checks if `path` should be blocked by the `rules`. // The BlockType of the nearest ancestor of a path to check is what - // ultimately determines if a path is blocked or not. If a blocked path is a +@@ -1261,16 +1091,6 @@ struct ChromeFileSystemAccessPermissionContext::OriginState { + std::unique_ptr cleanup_timer; + }; + +-ChromeFileSystemAccessPermissionContext::BlockPathRules::BlockPathRules() = +- default; +-ChromeFileSystemAccessPermissionContext::BlockPathRules::~BlockPathRules() = +- default; +-ChromeFileSystemAccessPermissionContext::BlockPathRules::BlockPathRules( +- const BlockPathRules& other) = default; +-ChromeFileSystemAccessPermissionContext::BlockPathRules& +-ChromeFileSystemAccessPermissionContext::BlockPathRules::operator=( +- const BlockPathRules& other) = default; +- + ChromeFileSystemAccessPermissionContext:: + ChromeFileSystemAccessPermissionContext(content::BrowserContext* context, + const base::Clock* clock) +@@ -1289,7 +1109,7 @@ ChromeFileSystemAccessPermissionContext:: + #if BUILDFLAG(IS_ANDROID) + one_time_permissions_tracker_.Observe( + OneTimePermissionsTrackerFactory::GetForBrowserContext(context)); +-#else ++#elif 0 + auto* provider = web_app::WebAppProvider::GetForWebApps( + Profile::FromBrowserContext(profile_)); + if (provider) { +@@ -2551,7 +2371,7 @@ void ChromeFileSystemAccessPermissionContext::OnShutdown() { + one_time_permissions_tracker_.Reset(); + } + +-#if !BUILDFLAG(IS_ANDROID) ++#if 0 + void ChromeFileSystemAccessPermissionContext::OnWebAppInstalled( + const webapps::AppId& app_id) { + if (!base::FeatureList::IsEnabled( +@@ -3108,11 +2928,7 @@ bool ChromeFileSystemAccessPermissionContext::OriginHasExtendedPermission( + const url::Origin& origin) { + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + +-#if BUILDFLAG(IS_ANDROID) +- // TODO(crbug.com/40101963): Enable when android persisted permissions are +- // implemented. +- return false; +-#else ++#if 0 + if (!base::FeatureList::IsEnabled( + features::kFileSystemAccessPersistentPermissions)) { + return false; +@@ -3156,6 +2972,7 @@ bool ChromeFileSystemAccessPermissionContext::OriginHasExtendedPermission( + : WebAppInstallStatus::kUninstalled; + return app_has_os_integration; + #endif // BUILDFLAG(IS_ANDROID) ++ return false; + } + + void ChromeFileSystemAccessPermissionContext::SetOriginExtendedPermissionByUser( diff --git a/chrome/browser/file_system_access/chrome_file_system_access_permission_context.h b/chrome/browser/file_system_access/chrome_file_system_access_permission_context.h -index f647100981fd98d8511d07a6d7e100910e38a0f2..790af0e11f7556f02365d695c245ec70ac709dd2 100644 +index f647100981fd98d8511d07a6d7e100910e38a0f2..14e1b3c8ec78429f5a845f54cc973e7c77ea8bc4 100644 --- a/chrome/browser/file_system_access/chrome_file_system_access_permission_context.h +++ b/chrome/browser/file_system_access/chrome_file_system_access_permission_context.h -@@ -22,7 +22,7 @@ +@@ -9,10 +9,13 @@ + #include + + #include "base/auto_reset.h" ++#include "base/base_paths.h" + #include "base/callback_list.h" + #include "base/files/file_path.h" ++#include "base/files/file_util.h" + #include "base/memory/raw_ptr.h" + #include "base/memory/weak_ptr.h" ++#include "base/path_service.h" + #include "base/scoped_observation.h" + #include "base/sequence_checker.h" + #include "base/time/clock.h" +@@ -22,6 +25,7 @@ #include "chrome/browser/file_system_access/file_system_access_permission_request_manager.h" #include "chrome/browser/permissions/one_time_permissions_tracker.h" #include "chrome/browser/permissions/one_time_permissions_tracker_observer.h" --#include "components/enterprise/buildflags/buildflags.h" +#include "chrome/common/chrome_paths.h" + #include "components/enterprise/buildflags/buildflags.h" #include "components/permissions/features.h" #include "components/permissions/object_permission_context_base.h" - #include "content/public/browser/file_system_access_permission_context.h" -@@ -32,7 +32,7 @@ - #include "chrome/browser/web_applications/web_app_install_manager_observer.h" - #endif - --#if BUILDFLAG(ENTERPRISE_CLOUD_CONTENT_ANALYSIS) -+#if 0 - #include "components/enterprise/common/files_scan_data.h" - #endif - -@@ -402,6 +402,168 @@ class ChromeFileSystemAccessPermissionContext - bool GetIsBlockPathRulesInitCompleteForTesting() { +@@ -403,6 +407,183 @@ class ChromeFileSystemAccessPermissionContext return is_block_path_rules_init_complete_; } -+ + + // Sentinel used to indicate that no PathService key is specified for a path in + // the struct below. -+ constexpr const int kNoBasePathKey = -1; ++ static constexpr const int kNoBasePathKey = -1; ++ ++ // A wrapper around `base::NormalizeFilePath` that returns its result instead of ++ // using an out parameter. ++ static base::FilePath NormalizeFilePath(const base::FilePath& path) { ++ CHECK(path.IsAbsolute()); ++ // TODO(crbug.com/368130513O): On Windows, this call will fail if the target ++ // file path is greater than MAX_PATH. We should decide how to handle this ++ // scenario. ++ base::FilePath normalized_path; ++ if (!base::NormalizeFilePath(path, &normalized_path)) { ++ return path; ++ } ++ CHECK_EQ(path.empty(), normalized_path.empty()); ++ return normalized_path; ++ } + + using BlockType = ChromeFileSystemAccessPermissionContext::BlockType; + -+ std::unique_ptr ++ static std::unique_ptr + GenerateBlockPaths(bool should_normalize_file_path) { + static constexpr ChromeFileSystemAccessPermissionContext::BlockPath + kBlockPaths[] = { @@ -266,7 +351,7 @@ index f647100981fd98d8511d07a6d7e100910e38a0f2..790af0e11f7556f02365d695c245ec70 + // And limit access to ~/.gnupg as well. + {base::DIR_HOME, FILE_PATH_LITERAL(".gnupg"), + BlockType::kBlockAllChildren}, -+#if BUILDFLAG(IS_WIN) ++ #if BUILDFLAG(IS_WIN) + // Some Windows specific directories to block, basically all apps, the + // operating system itself, as well as configuration data for apps. + {base::DIR_PROGRAM_FILES, nullptr, BlockType::kBlockAllChildren}, @@ -283,8 +368,8 @@ index f647100981fd98d8511d07a6d7e100910e38a0f2..790af0e11f7556f02365d695c245ec70 + // directory, but not whole directories. + {base::DIR_IE_INTERNET_CACHE, nullptr, + BlockType::kBlockNestedDirectories}, -+#endif -+#if BUILDFLAG(IS_MAC) ++ #endif ++ #if BUILDFLAG(IS_MAC) + // Similar Mac specific blocks. + {base::DIR_APP_DATA, nullptr, BlockType::kBlockAllChildren}, + // Block access to the current bundle directory. @@ -316,8 +401,8 @@ index f647100981fd98d8511d07a6d7e100910e38a0f2..790af0e11f7556f02365d695c245ec70 + {base::DIR_HOME, + FILE_PATH_LITERAL("Library/Mobile Documents/com~apple~CloudDocs"), + BlockType::kDontBlockChildren}, -+#endif -+#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_ANDROID) ++ #endif ++ #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_ANDROID) + // On Linux also block access to devices via /dev. + {kNoBasePathKey, FILE_PATH_LITERAL("/dev"), + BlockType::kBlockAllChildren}, @@ -341,11 +426,11 @@ index f647100981fd98d8511d07a6d7e100910e38a0f2..790af0e11f7556f02365d695c245ec70 + // a website can do with access to that directory and its contents. + {base::DIR_HOME, FILE_PATH_LITERAL(".dbus"), + BlockType::kBlockAllChildren}, -+#endif -+#if BUILDFLAG(IS_ANDROID) ++ #endif ++ #if BUILDFLAG(IS_ANDROID) + {base::DIR_ANDROID_APP_DATA, nullptr, BlockType::kBlockAllChildren}, + {base::DIR_CACHE, nullptr, BlockType::kBlockAllChildren}, -+#endif ++ #endif + // TODO(crbug.com/40095723): Refine this list, for example add + // XDG_CONFIG_HOME when it is not set ~/.config? + }; @@ -389,15 +474,7 @@ index f647100981fd98d8511d07a6d7e100910e38a0f2..790af0e11f7556f02365d695c245ec70 + + return block_path_rules; + } - ++ protected: SEQUENCE_CHECKER(sequence_checker_); -@@ -422,7 +584,7 @@ class ChromeFileSystemAccessPermissionContext - void PermissionGrantDestroyed(PermissionGrantImpl* grant); - --#if BUILDFLAG(ENTERPRISE_CLOUD_CONTENT_ANALYSIS) -+#if 0 - void OnContentAnalysisComplete( - std::vector entries, - EntriesAllowedByEnterprisePolicyCallback callback, diff --git a/shell/browser/file_system_access/file_system_access_permission_context.cc b/shell/browser/file_system_access/file_system_access_permission_context.cc index 1fb8c1d4a5..383d9a5b67 100644 --- a/shell/browser/file_system_access/file_system_access_permission_context.cc +++ b/shell/browser/file_system_access/file_system_access_permission_context.cc @@ -10,6 +10,7 @@ #include "base/base_paths.h" #include "base/files/file_path.h" +#include "base/files/file_util.h" #include "base/json/values_util.h" #include "base/path_service.h" #include "base/task/bind_post_task.h" @@ -39,6 +40,16 @@ #include "ui/base/l10n/l10n_util.h" #include "url/origin.h" +ChromeFileSystemAccessPermissionContext::BlockPathRules::BlockPathRules() = + default; +ChromeFileSystemAccessPermissionContext::BlockPathRules::~BlockPathRules() = + default; +ChromeFileSystemAccessPermissionContext::BlockPathRules::BlockPathRules( + const BlockPathRules& other) = default; +ChromeFileSystemAccessPermissionContext::BlockPathRules& +ChromeFileSystemAccessPermissionContext::BlockPathRules::operator=( + const BlockPathRules& other) = default; + namespace gin { template <> @@ -141,51 +152,53 @@ bool MaybeIsLocalUNCPath(const base::FilePath& path) { } #endif // BUILDFLAG(IS_WIN) -// Describes a rule for blocking a directory, which can be constructed -// dynamically (based on state) or statically (from kBlockedPaths). -struct BlockPathRule { - base::FilePath path; - BlockType type; -}; - -bool ShouldBlockAccessToPath(const base::FilePath& path, - HandleType handle_type, - std::vector rules) { +bool ShouldBlockAccessToPath( + base::FilePath path, + HandleType handle_type, + std::vector + extra_rules, + ChromeFileSystemAccessPermissionContext::BlockPathRules block_path_rules) { DCHECK(!path.empty()); DCHECK(path.IsAbsolute()); + path = ChromeFileSystemAccessPermissionContext::NormalizeFilePath(path); + for (auto& rule : extra_rules) { + rule.path = + ChromeFileSystemAccessPermissionContext::NormalizeFilePath(rule.path); + } + #if BUILDFLAG(IS_WIN) // On Windows, local UNC paths are rejected, as UNC path can be written in a // way that can bypass the blocklist. - if (MaybeIsLocalUNCPath(path)) + if (MaybeIsLocalUNCPath(path)) { return true; -#endif // BUILDFLAG(IS_WIN) - - // Add the hard-coded rules to the dynamic rules. - for (auto const& [key, rule_path, type] : - ChromeFileSystemAccessPermissionContext::GenerateBlockedPath()) { - if (key == ChromeFileSystemAccessPermissionContext::kNoBasePathKey) { - rules.emplace_back(base::FilePath{rule_path}, type); - } else if (base::FilePath block_path; - base::PathService::Get(key, &block_path)) { - rules.emplace_back(rule_path ? block_path.Append(rule_path) : block_path, - type); - } } +#endif base::FilePath nearest_ancestor; BlockType nearest_ancestor_block_type = BlockType::kDontBlockChildren; - for (const auto& block : rules) { - if (path == block.path || path.IsParent(block.path)) { - DLOG(INFO) << "Blocking access to " << path - << " because it is a parent of " << block.path; + auto should_block_with_rule = [&](const base::FilePath& block_path, + BlockType block_type) -> bool { + if (path == block_path || path.IsParent(block_path)) { + VLOG(1) << "Blocking access to " << path << " because it is a parent of " + << block_path; return true; } - if (block.path.IsParent(path) && - (nearest_ancestor.empty() || nearest_ancestor.IsParent(block.path))) { - nearest_ancestor = block.path; - nearest_ancestor_block_type = block.type; + if (block_path.IsParent(path) && + (nearest_ancestor.empty() || nearest_ancestor.IsParent(block_path))) { + nearest_ancestor = block_path; + nearest_ancestor_block_type = block_type; + } + return false; + }; + + for (const auto* block_rules_ptr : + {&extra_rules, &block_path_rules.block_path_rules_}) { + for (const auto& block : *block_rules_ptr) { + if (should_block_with_rule(block.path, block.type)) { + return true; + } } } @@ -193,6 +206,8 @@ bool ShouldBlockAccessToPath(const base::FilePath& path, // nearest ancestor does not block access to its children. Grant access. if (nearest_ancestor.empty() || nearest_ancestor_block_type == BlockType::kDontBlockChildren) { + VLOG(1) << "Not blocking access to " << path << " because it is inside " + << nearest_ancestor << " and it's kDontBlockChildren"; return false; } @@ -200,12 +215,14 @@ bool ShouldBlockAccessToPath(const base::FilePath& path, // access to directories. Grant access. if (handle_type == HandleType::kFile && nearest_ancestor_block_type == BlockType::kBlockNestedDirectories) { + VLOG(1) << "Not blocking access to " << path << " because it is inside " + << nearest_ancestor << " and it's kBlockNestedDirectories"; return false; } // The nearest ancestor blocks access to its children, so block access. - DLOG(INFO) << "Blocking access to " << path << " because it is inside " - << nearest_ancestor; + VLOG(1) << "Blocking access to " << path << " because it is inside " + << nearest_ancestor << " and it's kBlockAllChildren"; return true; } @@ -446,11 +463,30 @@ FileSystemAccessPermissionContext::FileSystemAccessPermissionContext( const base::Clock* clock) : browser_context_(browser_context), clock_(clock) { DETACH_FROM_SEQUENCE(sequence_checker_); + ResetBlockPaths(); } FileSystemAccessPermissionContext::~FileSystemAccessPermissionContext() = default; +void FileSystemAccessPermissionContext::ResetBlockPaths() { + is_block_path_rules_init_complete_ = false; + base::ThreadPool::PostTaskAndReplyWithResult( + FROM_HERE, {base::MayBlock(), base::TaskPriority::USER_VISIBLE}, + base::BindOnce( + &ChromeFileSystemAccessPermissionContext::GenerateBlockPaths, true), + base::BindOnce(&FileSystemAccessPermissionContext::UpdateBlockPaths, + weak_factory_.GetWeakPtr())); +} + +void FileSystemAccessPermissionContext::UpdateBlockPaths( + std::unique_ptr + block_path_rules) { + block_path_rules_ = std::move(block_path_rules); + is_block_path_rules_init_complete_ = true; + block_rules_check_callbacks_.Notify(*block_path_rules_.get()); +} + scoped_refptr FileSystemAccessPermissionContext::GetReadPermissionGrant( const url::Origin& origin, @@ -604,12 +640,26 @@ void FileSystemAccessPermissionContext::ConfirmSensitiveEntryAccess( std::move(after_blocklist_check_callback)); } +void FileSystemAccessPermissionContext::CheckShouldBlockAccessToPathAndReply( + base::FilePath path, + HandleType handle_type, + std::vector + extra_rules, + base::OnceCallback callback, + ChromeFileSystemAccessPermissionContext::BlockPathRules block_path_rules) { + base::ThreadPool::PostTaskAndReplyWithResult( + FROM_HERE, {base::MayBlock(), base::TaskPriority::USER_VISIBLE}, + base::BindOnce(&ShouldBlockAccessToPath, path, handle_type, extra_rules, + block_path_rules), + std::move(callback)); +} + void FileSystemAccessPermissionContext::CheckPathAgainstBlocklist( const content::PathInfo& path_info, HandleType handle_type, base::OnceCallback callback) { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); - // TODO(https://crbug.com/1009970): Figure out what external paths should be + // TODO(crbug.com/40101272): Figure out what external paths should be // blocked. We could resolve the external path to a local path, and check for // blocked directories based on that, but that doesn't work well. Instead we // should have a separate Chrome OS only code path to block for example the @@ -619,15 +669,27 @@ void FileSystemAccessPermissionContext::CheckPathAgainstBlocklist( return; } - std::vector extra_rules; - extra_rules.emplace_back(browser_context_->GetPath().DirName(), - BlockType::kBlockAllChildren); - - base::ThreadPool::PostTaskAndReplyWithResult( - FROM_HERE, {base::MayBlock(), base::TaskPriority::USER_VISIBLE}, - base::BindOnce(&ShouldBlockAccessToPath, path_info.path, handle_type, - extra_rules), - std::move(callback)); + // Unlike the DIR_USER_DATA check, this handles the --user-data-dir override. + // We check for the user data dir in two different ways: directly, via the + // profile manager, where it exists (it does not in unit tests), and via the + // profile's directory, assuming the profile dir is a child of the user data + // dir. + std::vector + extra_rules; + if (is_block_path_rules_init_complete_) { + // The rules initialization is completed, we can just post the task to a + // anonymous blocking traits. + CheckShouldBlockAccessToPathAndReply(path_info.path, handle_type, + extra_rules, std::move(callback), + *block_path_rules_.get()); + return; + } + // The check must be performed after the rules initialization is done. + block_rules_check_subscription_.push_back(block_rules_check_callbacks_.Add( + base::BindOnce(&FileSystemAccessPermissionContext:: + CheckShouldBlockAccessToPathAndReply, + weak_factory_.GetWeakPtr(), path_info.path, handle_type, + extra_rules, std::move(callback)))); } void FileSystemAccessPermissionContext::PerformAfterWriteChecks( diff --git a/shell/browser/file_system_access/file_system_access_permission_context.h b/shell/browser/file_system_access/file_system_access_permission_context.h index 18d55ad477..591c1288e2 100644 --- a/shell/browser/file_system_access/file_system_access_permission_context.h +++ b/shell/browser/file_system_access/file_system_access_permission_context.h @@ -12,13 +12,14 @@ #include #include +#include "base/callback_list.h" #include "base/functional/callback_forward.h" #include "base/memory/weak_ptr.h" #include "base/time/clock.h" #include "base/time/default_clock.h" #include "base/values.h" +#include "chrome/browser/file_system_access/chrome_file_system_access_permission_context.h" // nogncheck #include "components/keyed_service/core/keyed_service.h" -#include "content/public/browser/file_system_access_permission_context.h" class GURL; @@ -135,6 +136,14 @@ class FileSystemAccessPermissionContext void PermissionGrantDestroyed(PermissionGrantImpl* grant); + void CheckShouldBlockAccessToPathAndReply( + base::FilePath path, + HandleType handle_type, + std::vector + extra_rules, + base::OnceCallback callback, + ChromeFileSystemAccessPermissionContext::BlockPathRules block_path_rules); + void CheckPathAgainstBlocklist(const content::PathInfo& path, HandleType handle_type, base::OnceCallback callback); @@ -159,6 +168,11 @@ class FileSystemAccessPermissionContext const base::FilePath& path, GrantType grant_type) const; + void ResetBlockPaths(); + void UpdateBlockPaths( + std::unique_ptr + block_path_rules); + base::WeakPtr GetWeakPtr(); const raw_ptr browser_context_; @@ -176,6 +190,14 @@ class FileSystemAccessPermissionContext std::map> callback_map_; + std::unique_ptr + block_path_rules_; + bool is_block_path_rules_init_complete_ = false; + std::vector block_rules_check_subscription_; + base::OnceCallbackList + block_rules_check_callbacks_; + base::WeakPtrFactory weak_factory_{this}; };