diff --git a/DEPS b/DEPS index ec3ebdcc5c51..efc27b930938 100644 --- a/DEPS +++ b/DEPS @@ -2,7 +2,7 @@ gclient_gn_args_from = 'src' vars = { 'chromium_version': - '138.0.7204.49', + '138.0.7204.97', 'node_version': 'v22.17.0', 'nan_version': diff --git a/patches/chromium/refactor_expose_file_system_access_blocklist.patch b/patches/chromium/refactor_expose_file_system_access_blocklist.patch index 20dba82debd1..3d349fdf3f99 100644 --- a/patches/chromium/refactor_expose_file_system_access_blocklist.patch +++ b/patches/chromium/refactor_expose_file_system_access_blocklist.patch @@ -8,10 +8,18 @@ it in Electron and prevent drift from Chrome's blocklist. We should look for a w to upstream this change to Chrome. diff --git a/chrome/browser/file_system_access/chrome_file_system_access_permission_context.cc b/chrome/browser/file_system_access/chrome_file_system_access_permission_context.cc -index 5b543e82abb17cbb91bf37fa6bac016b6053eb93..117b6b05b3a1c39183a45830b97255cab529c646 100644 +index 3514864559de0d2f2f36fda9b0add0b7b88f3b2a..44318ce3bed67e6f83f3687d11500ddfecd4aef4 100644 --- a/chrome/browser/file_system_access/chrome_file_system_access_permission_context.cc +++ b/chrome/browser/file_system_access/chrome_file_system_access_permission_context.cc -@@ -82,11 +82,13 @@ +@@ -45,7 +45,6 @@ + #include "chrome/browser/ui/file_system_access/file_system_access_dangerous_file_dialog.h" + #include "chrome/browser/ui/file_system_access/file_system_access_dialogs.h" + #include "chrome/browser/ui/file_system_access/file_system_access_restricted_directory_dialog.h" +-#include "chrome/common/chrome_paths.h" + #include "chrome/grit/generated_resources.h" + #include "components/content_settings/core/browser/host_content_settings_map.h" + #include "components/content_settings/core/common/content_settings.h" +@@ -81,11 +80,13 @@ #include "chrome/browser/ui/browser_window.h" #include "chrome/browser/ui/tabs/public/tab_features.h" #include "chrome/browser/ui/views/file_system_access/file_system_access_page_action_controller.h" @@ -25,7 +33,7 @@ index 5b543e82abb17cbb91bf37fa6bac016b6053eb93..117b6b05b3a1c39183a45830b97255ca #include "components/tabs/public/tab_interface.h" #if BUILDFLAG(ENABLE_PLATFORM_APPS) #include "extensions/browser/extension_registry.h" // nogncheck -@@ -262,182 +264,10 @@ bool MaybeIsLocalUNCPath(const base::FilePath& path) { +@@ -261,129 +262,10 @@ bool MaybeIsLocalUNCPath(const base::FilePath& path) { } #endif @@ -33,6 +41,111 @@ index 5b543e82abb17cbb91bf37fa6bac016b6053eb93..117b6b05b3a1c39183a45830b97255ca -// the struct below. -constexpr const int kNoBasePathKey = -1; - +-using BlockType = ChromeFileSystemAccessPermissionContext::BlockType; +- +-std::vector +-GenerateBlockedPath() { +- return { +- // Don't allow users to share their entire home directory, entire desktop +- // or entire documents folder, but do allow sharing anything inside those +- // directories not otherwise blocked. +- {base::DIR_HOME, nullptr, BlockType::kDontBlockChildren}, +- {base::DIR_USER_DESKTOP, nullptr, BlockType::kDontBlockChildren}, +- {chrome::DIR_USER_DOCUMENTS, nullptr, BlockType::kDontBlockChildren}, +- // Similar restrictions for the downloads directory. +- {chrome::DIR_DEFAULT_DOWNLOADS, nullptr, BlockType::kDontBlockChildren}, +- {chrome::DIR_DEFAULT_DOWNLOADS_SAFE, nullptr, +- BlockType::kDontBlockChildren}, +- // The Chrome installation itself should not be modified by the web. +- {base::DIR_EXE, nullptr, BlockType::kBlockAllChildren}, +- {base::DIR_MODULE, nullptr, BlockType::kBlockAllChildren}, +- {base::DIR_ASSETS, nullptr, BlockType::kBlockAllChildren}, +- // And neither should the configuration of at least the currently running +- // Chrome instance (note that this does not take --user-data-dir command +- // line overrides into account). +- {chrome::DIR_USER_DATA, nullptr, BlockType::kBlockAllChildren}, +- // ~/.ssh is pretty sensitive on all platforms, so block access to that. +- {base::DIR_HOME, FILE_PATH_LITERAL(".ssh"), BlockType::kBlockAllChildren}, +- // And limit access to ~/.gnupg as well. +- {base::DIR_HOME, FILE_PATH_LITERAL(".gnupg"), +- BlockType::kBlockAllChildren}, +-#if BUILDFLAG(IS_WIN) +- // Some Windows specific directories to block, basically all apps, the +- // operating system itself, as well as configuration data for apps. +- {base::DIR_PROGRAM_FILES, nullptr, BlockType::kBlockAllChildren}, +- {base::DIR_PROGRAM_FILESX86, nullptr, BlockType::kBlockAllChildren}, +- {base::DIR_PROGRAM_FILES6432, nullptr, BlockType::kBlockAllChildren}, +- {base::DIR_WINDOWS, nullptr, BlockType::kBlockAllChildren}, +- {base::DIR_ROAMING_APP_DATA, nullptr, BlockType::kBlockAllChildren}, +- {base::DIR_LOCAL_APP_DATA, nullptr, BlockType::kBlockAllChildren}, +- {base::DIR_COMMON_APP_DATA, nullptr, BlockType::kBlockAllChildren}, +- // Opening a file from an MTP device, such as a smartphone or a camera, is +- // implemented by Windows as opening a file in the temporary internet +- // files directory. To support that, allow opening files in that +- // directory, but not whole directories. +- {base::DIR_IE_INTERNET_CACHE, nullptr, +- BlockType::kBlockNestedDirectories}, +-#endif +-#if BUILDFLAG(IS_MAC) +- // Similar Mac specific blocks. +- {base::DIR_APP_DATA, nullptr, BlockType::kBlockAllChildren}, +- // Block access to the current bundle directory. +- {chrome::DIR_OUTER_BUNDLE, nullptr, BlockType::kBlockAllChildren}, +- // Block access to the user's Applications directory. +- {base::DIR_HOME, FILE_PATH_LITERAL("Applications"), +- BlockType::kBlockAllChildren}, +- // Block access to the root Applications directory. +- {kNoBasePathKey, FILE_PATH_LITERAL("/Applications"), +- BlockType::kBlockAllChildren}, +- {base::DIR_HOME, FILE_PATH_LITERAL("Library"), +- BlockType::kBlockAllChildren}, +- // Allow access to other cloud files, such as Google Drive. +- {base::DIR_HOME, FILE_PATH_LITERAL("Library/CloudStorage"), +- BlockType::kDontBlockChildren}, +- // Allow the site to interact with data from its corresponding natively +- // installed (sandboxed) application. It would be nice to limit a site to +- // access only _its_ corresponding natively installed application, but +- // unfortunately there's no straightforward way to do that. See +- // https://crbug.com/984641#c22. +- {base::DIR_HOME, FILE_PATH_LITERAL("Library/Containers"), +- BlockType::kDontBlockChildren}, +- // Allow access to iCloud files... +- {base::DIR_HOME, FILE_PATH_LITERAL("Library/Mobile Documents"), +- BlockType::kDontBlockChildren}, +- // ... which may also appear at this directory. +- {base::DIR_HOME, +- FILE_PATH_LITERAL("Library/Mobile Documents/com~apple~CloudDocs"), +- BlockType::kDontBlockChildren}, +-#endif +-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_ANDROID) +- // On Linux also block access to devices via /dev. +- {kNoBasePathKey, FILE_PATH_LITERAL("/dev"), BlockType::kBlockAllChildren}, +- // And security sensitive data in /proc and /sys. +- {kNoBasePathKey, FILE_PATH_LITERAL("/proc"), +- BlockType::kBlockAllChildren}, +- {kNoBasePathKey, FILE_PATH_LITERAL("/sys"), BlockType::kBlockAllChildren}, +- // And system files in /boot and /etc. +- {kNoBasePathKey, FILE_PATH_LITERAL("/boot"), +- BlockType::kBlockAllChildren}, +- {kNoBasePathKey, FILE_PATH_LITERAL("/etc"), BlockType::kBlockAllChildren}, +- // And block all of ~/.config, matching the similar restrictions on mac +- // and windows. +- {base::DIR_HOME, FILE_PATH_LITERAL(".config"), +- BlockType::kBlockAllChildren}, +- // Block ~/.dbus as well, just in case, although there probably isn't much +- // a website can do with access to that directory and its contents. +- {base::DIR_HOME, FILE_PATH_LITERAL(".dbus"), +- BlockType::kBlockAllChildren}, +-#endif +-#if BUILDFLAG(IS_ANDROID) +- {base::DIR_ANDROID_APP_DATA, nullptr, BlockType::kBlockAllChildren}, +- {base::DIR_CACHE, nullptr, BlockType::kBlockAllChildren}, +-#endif +- // TODO(crbug.com/40095723): Refine this list, for example add +- // XDG_CONFIG_HOME when it is not set ~/.config? +- }; +-} +- -// A wrapper around `base::NormalizeFilePath` that returns its result instead of -// using an out parameter. -base::FilePath NormalizeFilePath(const base::FilePath& path) { @@ -47,164 +160,6 @@ index 5b543e82abb17cbb91bf37fa6bac016b6053eb93..117b6b05b3a1c39183a45830b97255ca - CHECK_EQ(path.empty(), normalized_path.empty()); - return normalized_path; -} -- --using BlockType = ChromeFileSystemAccessPermissionContext::BlockType; -- --std::unique_ptr --GenerateBlockPaths(bool should_normalize_file_path) { -- static constexpr ChromeFileSystemAccessPermissionContext::BlockPath -- kBlockPaths[] = { -- // Don't allow users to share their entire home directory, entire -- // desktop or entire documents folder, but do allow sharing anything -- // inside those directories not otherwise blocked. -- {base::DIR_HOME, nullptr, BlockType::kDontBlockChildren}, -- {base::DIR_USER_DESKTOP, nullptr, BlockType::kDontBlockChildren}, -- {chrome::DIR_USER_DOCUMENTS, nullptr, BlockType::kDontBlockChildren}, -- // Similar restrictions for the downloads directory. -- {chrome::DIR_DEFAULT_DOWNLOADS, nullptr, -- BlockType::kDontBlockChildren}, -- {chrome::DIR_DEFAULT_DOWNLOADS_SAFE, nullptr, -- BlockType::kDontBlockChildren}, -- // The Chrome installation itself should not be modified by the web. -- {base::DIR_EXE, nullptr, BlockType::kBlockAllChildren}, -- {base::DIR_MODULE, nullptr, BlockType::kBlockAllChildren}, -- {base::DIR_ASSETS, nullptr, BlockType::kBlockAllChildren}, -- // And neither should the configuration of at least the currently -- // running -- // Chrome instance (note that this does not take --user-data-dir -- // command -- // line overrides into account). -- {chrome::DIR_USER_DATA, nullptr, BlockType::kBlockAllChildren}, -- // ~/.ssh is pretty sensitive on all platforms, so block access to -- // that. -- {base::DIR_HOME, FILE_PATH_LITERAL(".ssh"), -- BlockType::kBlockAllChildren}, -- // And limit access to ~/.gnupg as well. -- {base::DIR_HOME, FILE_PATH_LITERAL(".gnupg"), -- BlockType::kBlockAllChildren}, --#if BUILDFLAG(IS_WIN) -- // Some Windows specific directories to block, basically all apps, the -- // operating system itself, as well as configuration data for apps. -- {base::DIR_PROGRAM_FILES, nullptr, BlockType::kBlockAllChildren}, -- {base::DIR_PROGRAM_FILESX86, nullptr, BlockType::kBlockAllChildren}, -- {base::DIR_PROGRAM_FILES6432, nullptr, BlockType::kBlockAllChildren}, -- {base::DIR_WINDOWS, nullptr, BlockType::kBlockAllChildren}, -- {base::DIR_ROAMING_APP_DATA, nullptr, BlockType::kBlockAllChildren}, -- {base::DIR_LOCAL_APP_DATA, nullptr, BlockType::kBlockAllChildren}, -- {base::DIR_COMMON_APP_DATA, nullptr, BlockType::kBlockAllChildren}, -- // Opening a file from an MTP device, such as a smartphone or a -- // camera, is -- // implemented by Windows as opening a file in the temporary internet -- // files directory. To support that, allow opening files in that -- // directory, but not whole directories. -- {base::DIR_IE_INTERNET_CACHE, nullptr, -- BlockType::kBlockNestedDirectories}, --#endif --#if BUILDFLAG(IS_MAC) -- // Similar Mac specific blocks. -- {base::DIR_APP_DATA, nullptr, BlockType::kBlockAllChildren}, -- // Block access to the current bundle directory. -- {chrome::DIR_OUTER_BUNDLE, nullptr, BlockType::kBlockAllChildren}, -- // Block access to the user's Applications directory. -- {base::DIR_HOME, FILE_PATH_LITERAL("Applications"), -- BlockType::kBlockAllChildren}, -- // Block access to the root Applications directory. -- {kNoBasePathKey, FILE_PATH_LITERAL("/Applications"), -- BlockType::kBlockAllChildren}, -- {base::DIR_HOME, FILE_PATH_LITERAL("Library"), -- BlockType::kBlockAllChildren}, -- // Allow access to other cloud files, such as Google Drive. -- {base::DIR_HOME, FILE_PATH_LITERAL("Library/CloudStorage"), -- BlockType::kDontBlockChildren}, -- // Allow the site to interact with data from its corresponding -- // natively -- // installed (sandboxed) application. It would be nice to limit a site -- // to -- // access only _its_ corresponding natively installed application, but -- // unfortunately there's no straightforward way to do that. See -- // https://crbug.com/984641#c22. -- {base::DIR_HOME, FILE_PATH_LITERAL("Library/Containers"), -- BlockType::kDontBlockChildren}, -- // Allow access to iCloud files... -- {base::DIR_HOME, FILE_PATH_LITERAL("Library/Mobile Documents"), -- BlockType::kDontBlockChildren}, -- // ... which may also appear at this directory. -- {base::DIR_HOME, -- FILE_PATH_LITERAL("Library/Mobile Documents/com~apple~CloudDocs"), -- BlockType::kDontBlockChildren}, --#endif --#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_ANDROID) -- // On Linux also block access to devices via /dev. -- {kNoBasePathKey, FILE_PATH_LITERAL("/dev"), -- BlockType::kBlockAllChildren}, -- // And security sensitive data in /proc and /sys. -- {kNoBasePathKey, FILE_PATH_LITERAL("/proc"), -- BlockType::kBlockAllChildren}, -- {kNoBasePathKey, FILE_PATH_LITERAL("/sys"), -- BlockType::kBlockAllChildren}, -- // And system files in /boot and /etc. -- {kNoBasePathKey, FILE_PATH_LITERAL("/boot"), -- BlockType::kBlockAllChildren}, -- {kNoBasePathKey, FILE_PATH_LITERAL("/etc"), -- BlockType::kBlockAllChildren}, -- // And block all of ~/.config, matching the similar restrictions on -- // mac -- // and windows. -- {base::DIR_HOME, FILE_PATH_LITERAL(".config"), -- BlockType::kBlockAllChildren}, -- // Block ~/.dbus as well, just in case, although there probably isn't -- // much -- // a website can do with access to that directory and its contents. -- {base::DIR_HOME, FILE_PATH_LITERAL(".dbus"), -- BlockType::kBlockAllChildren}, --#endif --#if BUILDFLAG(IS_ANDROID) -- {base::DIR_ANDROID_APP_DATA, nullptr, BlockType::kBlockAllChildren}, -- {base::DIR_CACHE, nullptr, BlockType::kBlockAllChildren}, --#endif -- // TODO(crbug.com/40095723): Refine this list, for example add -- // XDG_CONFIG_HOME when it is not set ~/.config? -- }; -- -- // ChromeOS supports multi-user sign-in. base::DIR_HOME only returns the -- // profile path for the primary user, the first user to sign in. We want to -- // use the `profile_path` instead since that's associated with user that -- // initiated this blocklist check. -- // -- // TODO(crbug.com/375490221): Improve the ChromeOS blocklist logic. -- constexpr bool kUseProfilePathForDirHome = BUILDFLAG(IS_CHROMEOS); -- // Populate the hard-coded rules. -- auto block_path_rules = std::make_unique< -- ChromeFileSystemAccessPermissionContext::BlockPathRules>(); -- -- for (const auto& blocked_path : kBlockPaths) { -- base::FilePath path; -- if (blocked_path.base_path_key != kNoBasePathKey) { -- if (kUseProfilePathForDirHome && -- blocked_path.base_path_key == base::DIR_HOME) { -- block_path_rules->profile_based_block_path_rules_.emplace_back( -- blocked_path.path, blocked_path.type); -- continue; -- } -- -- if (!base::PathService::Get(blocked_path.base_path_key, &path)) { -- continue; -- } -- -- if (blocked_path.path) { -- path = path.Append(blocked_path.path); -- } -- } else { -- DCHECK(blocked_path.path); -- path = base::FilePath(blocked_path.path); -- } -- block_path_rules->block_path_rules_.emplace_back( -- should_normalize_file_path ? NormalizeFilePath(path) : path, -- blocked_path.type); -- } -- -- return block_path_rules; --} +// This patch moves the deleted content from this file over to +// chrome/browser/file_system_access/chrome_file_system_access_permission_context.h. +// NOTE IF THERE IS A CONFLICT ABOVE, you will need to copy the changes in the @@ -212,24 +167,7 @@ index 5b543e82abb17cbb91bf37fa6bac016b6053eb93..117b6b05b3a1c39183a45830b97255ca // Checks if `path` should be blocked by the `rules`. // The BlockType of the nearest ancestor of a path to check is what -@@ -1261,16 +1091,6 @@ struct ChromeFileSystemAccessPermissionContext::OriginState { - std::unique_ptr cleanup_timer; - }; - --ChromeFileSystemAccessPermissionContext::BlockPathRules::BlockPathRules() = -- default; --ChromeFileSystemAccessPermissionContext::BlockPathRules::~BlockPathRules() = -- default; --ChromeFileSystemAccessPermissionContext::BlockPathRules::BlockPathRules( -- const BlockPathRules& other) = default; --ChromeFileSystemAccessPermissionContext::BlockPathRules& --ChromeFileSystemAccessPermissionContext::BlockPathRules::operator=( -- const BlockPathRules& other) = default; -- - ChromeFileSystemAccessPermissionContext:: - ChromeFileSystemAccessPermissionContext(content::BrowserContext* context, - const base::Clock* clock) -@@ -1289,7 +1109,7 @@ ChromeFileSystemAccessPermissionContext:: +@@ -1237,7 +1119,7 @@ ChromeFileSystemAccessPermissionContext:: #if BUILDFLAG(IS_ANDROID) one_time_permissions_tracker_.Observe( OneTimePermissionsTrackerFactory::GetForBrowserContext(context)); @@ -238,7 +176,7 @@ index 5b543e82abb17cbb91bf37fa6bac016b6053eb93..117b6b05b3a1c39183a45830b97255ca auto* provider = web_app::WebAppProvider::GetForWebApps( Profile::FromBrowserContext(profile_)); if (provider) { -@@ -2551,7 +2371,7 @@ void ChromeFileSystemAccessPermissionContext::OnShutdown() { +@@ -2443,7 +2325,7 @@ void ChromeFileSystemAccessPermissionContext::OnShutdown() { one_time_permissions_tracker_.Reset(); } @@ -247,7 +185,7 @@ index 5b543e82abb17cbb91bf37fa6bac016b6053eb93..117b6b05b3a1c39183a45830b97255ca void ChromeFileSystemAccessPermissionContext::OnWebAppInstalled( const webapps::AppId& app_id) { if (!base::FeatureList::IsEnabled( -@@ -3108,11 +2928,7 @@ bool ChromeFileSystemAccessPermissionContext::OriginHasExtendedPermission( +@@ -3000,11 +2882,7 @@ bool ChromeFileSystemAccessPermissionContext::OriginHasExtendedPermission( const url::Origin& origin) { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); @@ -260,7 +198,7 @@ index 5b543e82abb17cbb91bf37fa6bac016b6053eb93..117b6b05b3a1c39183a45830b97255ca if (!base::FeatureList::IsEnabled( features::kFileSystemAccessPersistentPermissions)) { return false; -@@ -3156,6 +2972,7 @@ bool ChromeFileSystemAccessPermissionContext::OriginHasExtendedPermission( +@@ -3048,6 +2926,7 @@ bool ChromeFileSystemAccessPermissionContext::OriginHasExtendedPermission( : WebAppInstallStatus::kUninstalled; return app_has_os_integration; #endif // BUILDFLAG(IS_ANDROID) @@ -269,10 +207,10 @@ index 5b543e82abb17cbb91bf37fa6bac016b6053eb93..117b6b05b3a1c39183a45830b97255ca void ChromeFileSystemAccessPermissionContext::SetOriginExtendedPermissionByUser( diff --git a/chrome/browser/file_system_access/chrome_file_system_access_permission_context.h b/chrome/browser/file_system_access/chrome_file_system_access_permission_context.h -index f647100981fd98d8511d07a6d7e100910e38a0f2..14e1b3c8ec78429f5a845f54cc973e7c77ea8bc4 100644 +index 46a2019587b534add3c89f464cdf7261a67e7cce..57e3f7c966a45114b17701a851b191be88d72e7c 100644 --- a/chrome/browser/file_system_access/chrome_file_system_access_permission_context.h +++ b/chrome/browser/file_system_access/chrome_file_system_access_permission_context.h -@@ -9,10 +9,13 @@ +@@ -9,9 +9,12 @@ #include #include "base/auto_reset.h" @@ -281,30 +219,144 @@ index f647100981fd98d8511d07a6d7e100910e38a0f2..14e1b3c8ec78429f5a845f54cc973e7c #include "base/files/file_path.h" +#include "base/files/file_util.h" #include "base/memory/raw_ptr.h" - #include "base/memory/weak_ptr.h" +#include "base/path_service.h" #include "base/scoped_observation.h" #include "base/sequence_checker.h" #include "base/time/clock.h" -@@ -22,6 +25,7 @@ +@@ -21,7 +24,7 @@ #include "chrome/browser/file_system_access/file_system_access_permission_request_manager.h" #include "chrome/browser/permissions/one_time_permissions_tracker.h" #include "chrome/browser/permissions/one_time_permissions_tracker_observer.h" +-#include "components/enterprise/buildflags/buildflags.h" +#include "chrome/common/chrome_paths.h" - #include "components/enterprise/buildflags/buildflags.h" #include "components/permissions/features.h" #include "components/permissions/object_permission_context_base.h" -@@ -403,6 +407,183 @@ class ChromeFileSystemAccessPermissionContext - return is_block_path_rules_init_complete_; - } + #include "content/public/browser/file_system_access_permission_context.h" +@@ -31,7 +34,7 @@ + #include "chrome/browser/web_applications/web_app_install_manager_observer.h" + #endif + +-#if BUILDFLAG(ENTERPRISE_CLOUD_CONTENT_ANALYSIS) ++#if 0 + #include "components/enterprise/common/files_scan_data.h" + #endif + +@@ -371,6 +374,130 @@ class ChromeFileSystemAccessPermissionContext + // KeyedService: + void Shutdown() override; + // Sentinel used to indicate that no PathService key is specified for a path in + // the struct below. + static constexpr const int kNoBasePathKey = -1; + ++ using BlockType = ChromeFileSystemAccessPermissionContext::BlockType; ++ ++ static std::vector ++ GenerateBlockedPath() { ++ return { ++ // Don't allow users to share their entire home directory, entire desktop ++ // or entire documents folder, but do allow sharing anything inside those ++ // directories not otherwise blocked. ++ {base::DIR_HOME, nullptr, BlockType::kDontBlockChildren}, ++ {base::DIR_USER_DESKTOP, nullptr, BlockType::kDontBlockChildren}, ++ {chrome::DIR_USER_DOCUMENTS, nullptr, BlockType::kDontBlockChildren}, ++ // Similar restrictions for the downloads directory. ++ {chrome::DIR_DEFAULT_DOWNLOADS, nullptr, BlockType::kDontBlockChildren}, ++ {chrome::DIR_DEFAULT_DOWNLOADS_SAFE, nullptr, ++ BlockType::kDontBlockChildren}, ++ // The Chrome installation itself should not be modified by the web. ++ {base::DIR_EXE, nullptr, BlockType::kBlockAllChildren}, ++ {base::DIR_MODULE, nullptr, BlockType::kBlockAllChildren}, ++ {base::DIR_ASSETS, nullptr, BlockType::kBlockAllChildren}, ++ // And neither should the configuration of at least the currently running ++ // Chrome instance (note that this does not take --user-data-dir command ++ // line overrides into account). ++ {chrome::DIR_USER_DATA, nullptr, BlockType::kBlockAllChildren}, ++ // ~/.ssh is pretty sensitive on all platforms, so block access to that. ++ {base::DIR_HOME, FILE_PATH_LITERAL(".ssh"), BlockType::kBlockAllChildren}, ++ // And limit access to ~/.gnupg as well. ++ {base::DIR_HOME, FILE_PATH_LITERAL(".gnupg"), ++ BlockType::kBlockAllChildren}, ++ #if BUILDFLAG(IS_WIN) ++ // Some Windows specific directories to block, basically all apps, the ++ // operating system itself, as well as configuration data for apps. ++ {base::DIR_PROGRAM_FILES, nullptr, BlockType::kBlockAllChildren}, ++ {base::DIR_PROGRAM_FILESX86, nullptr, BlockType::kBlockAllChildren}, ++ {base::DIR_PROGRAM_FILES6432, nullptr, BlockType::kBlockAllChildren}, ++ {base::DIR_WINDOWS, nullptr, BlockType::kBlockAllChildren}, ++ {base::DIR_ROAMING_APP_DATA, nullptr, BlockType::kBlockAllChildren}, ++ {base::DIR_LOCAL_APP_DATA, nullptr, BlockType::kBlockAllChildren}, ++ {base::DIR_COMMON_APP_DATA, nullptr, BlockType::kBlockAllChildren}, ++ // Opening a file from an MTP device, such as a smartphone or a camera, is ++ // implemented by Windows as opening a file in the temporary internet ++ // files directory. To support that, allow opening files in that ++ // directory, but not whole directories. ++ {base::DIR_IE_INTERNET_CACHE, nullptr, ++ BlockType::kBlockNestedDirectories}, ++ #endif ++ #if BUILDFLAG(IS_MAC) ++ // Similar Mac specific blocks. ++ {base::DIR_APP_DATA, nullptr, BlockType::kBlockAllChildren}, ++ // Block access to the current bundle directory. ++ {chrome::DIR_OUTER_BUNDLE, nullptr, BlockType::kBlockAllChildren}, ++ // Block access to the user's Applications directory. ++ {base::DIR_HOME, FILE_PATH_LITERAL("Applications"), ++ BlockType::kBlockAllChildren}, ++ // Block access to the root Applications directory. ++ {kNoBasePathKey, FILE_PATH_LITERAL("/Applications"), ++ BlockType::kBlockAllChildren}, ++ {base::DIR_HOME, FILE_PATH_LITERAL("Library"), ++ BlockType::kBlockAllChildren}, ++ // Allow access to other cloud files, such as Google Drive. ++ {base::DIR_HOME, FILE_PATH_LITERAL("Library/CloudStorage"), ++ BlockType::kDontBlockChildren}, ++ // Allow the site to interact with data from its corresponding natively ++ // installed (sandboxed) application. It would be nice to limit a site to ++ // access only _its_ corresponding natively installed application, but ++ // unfortunately there's no straightforward way to do that. See ++ // https://crbug.com/984641#c22. ++ {base::DIR_HOME, FILE_PATH_LITERAL("Library/Containers"), ++ BlockType::kDontBlockChildren}, ++ // Allow access to iCloud files... ++ {base::DIR_HOME, FILE_PATH_LITERAL("Library/Mobile Documents"), ++ BlockType::kDontBlockChildren}, ++ // ... which may also appear at this directory. ++ {base::DIR_HOME, ++ FILE_PATH_LITERAL("Library/Mobile Documents/com~apple~CloudDocs"), ++ BlockType::kDontBlockChildren}, ++ #endif ++ #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_ANDROID) ++ // On Linux also block access to devices via /dev. ++ {kNoBasePathKey, FILE_PATH_LITERAL("/dev"), BlockType::kBlockAllChildren}, ++ // And security sensitive data in /proc and /sys. ++ {kNoBasePathKey, FILE_PATH_LITERAL("/proc"), ++ BlockType::kBlockAllChildren}, ++ {kNoBasePathKey, FILE_PATH_LITERAL("/sys"), BlockType::kBlockAllChildren}, ++ // And system files in /boot and /etc. ++ {kNoBasePathKey, FILE_PATH_LITERAL("/boot"), ++ BlockType::kBlockAllChildren}, ++ {kNoBasePathKey, FILE_PATH_LITERAL("/etc"), BlockType::kBlockAllChildren}, ++ // And block all of ~/.config, matching the similar restrictions on mac ++ // and windows. ++ {base::DIR_HOME, FILE_PATH_LITERAL(".config"), ++ BlockType::kBlockAllChildren}, ++ // Block ~/.dbus as well, just in case, although there probably isn't much ++ // a website can do with access to that directory and its contents. ++ {base::DIR_HOME, FILE_PATH_LITERAL(".dbus"), ++ BlockType::kBlockAllChildren}, ++ #endif ++ #if BUILDFLAG(IS_ANDROID) ++ {base::DIR_ANDROID_APP_DATA, nullptr, BlockType::kBlockAllChildren}, ++ {base::DIR_CACHE, nullptr, BlockType::kBlockAllChildren}, ++ #endif ++ // TODO(crbug.com/40095723): Refine this list, for example add ++ // XDG_CONFIG_HOME when it is not set ~/.config? ++ }; ++ } ++ + // A wrapper around `base::NormalizeFilePath` that returns its result instead of + // using an out parameter. -+ static base::FilePath NormalizeFilePath(const base::FilePath& path) { ++ base::FilePath NormalizeFilePath(const base::FilePath& path) { + CHECK(path.IsAbsolute()); + // TODO(crbug.com/368130513O): On Windows, this call will fail if the target + // file path is greater than MAX_PATH. We should decide how to handle this @@ -316,165 +368,16 @@ index f647100981fd98d8511d07a6d7e100910e38a0f2..14e1b3c8ec78429f5a845f54cc973e7c + CHECK_EQ(path.empty(), normalized_path.empty()); + return normalized_path; + } -+ -+ using BlockType = ChromeFileSystemAccessPermissionContext::BlockType; -+ -+ static std::unique_ptr -+ GenerateBlockPaths(bool should_normalize_file_path) { -+ static constexpr ChromeFileSystemAccessPermissionContext::BlockPath -+ kBlockPaths[] = { -+ // Don't allow users to share their entire home directory, entire -+ // desktop or entire documents folder, but do allow sharing anything -+ // inside those directories not otherwise blocked. -+ {base::DIR_HOME, nullptr, BlockType::kDontBlockChildren}, -+ {base::DIR_USER_DESKTOP, nullptr, BlockType::kDontBlockChildren}, -+ {chrome::DIR_USER_DOCUMENTS, nullptr, BlockType::kDontBlockChildren}, -+ // Similar restrictions for the downloads directory. -+ {chrome::DIR_DEFAULT_DOWNLOADS, nullptr, -+ BlockType::kDontBlockChildren}, -+ {chrome::DIR_DEFAULT_DOWNLOADS_SAFE, nullptr, -+ BlockType::kDontBlockChildren}, -+ // The Chrome installation itself should not be modified by the web. -+ {base::DIR_EXE, nullptr, BlockType::kBlockAllChildren}, -+ {base::DIR_MODULE, nullptr, BlockType::kBlockAllChildren}, -+ {base::DIR_ASSETS, nullptr, BlockType::kBlockAllChildren}, -+ // And neither should the configuration of at least the currently -+ // running -+ // Chrome instance (note that this does not take --user-data-dir -+ // command -+ // line overrides into account). -+ {chrome::DIR_USER_DATA, nullptr, BlockType::kBlockAllChildren}, -+ // ~/.ssh is pretty sensitive on all platforms, so block access to -+ // that. -+ {base::DIR_HOME, FILE_PATH_LITERAL(".ssh"), -+ BlockType::kBlockAllChildren}, -+ // And limit access to ~/.gnupg as well. -+ {base::DIR_HOME, FILE_PATH_LITERAL(".gnupg"), -+ BlockType::kBlockAllChildren}, -+ #if BUILDFLAG(IS_WIN) -+ // Some Windows specific directories to block, basically all apps, the -+ // operating system itself, as well as configuration data for apps. -+ {base::DIR_PROGRAM_FILES, nullptr, BlockType::kBlockAllChildren}, -+ {base::DIR_PROGRAM_FILESX86, nullptr, BlockType::kBlockAllChildren}, -+ {base::DIR_PROGRAM_FILES6432, nullptr, BlockType::kBlockAllChildren}, -+ {base::DIR_WINDOWS, nullptr, BlockType::kBlockAllChildren}, -+ {base::DIR_ROAMING_APP_DATA, nullptr, BlockType::kBlockAllChildren}, -+ {base::DIR_LOCAL_APP_DATA, nullptr, BlockType::kBlockAllChildren}, -+ {base::DIR_COMMON_APP_DATA, nullptr, BlockType::kBlockAllChildren}, -+ // Opening a file from an MTP device, such as a smartphone or a -+ // camera, is -+ // implemented by Windows as opening a file in the temporary internet -+ // files directory. To support that, allow opening files in that -+ // directory, but not whole directories. -+ {base::DIR_IE_INTERNET_CACHE, nullptr, -+ BlockType::kBlockNestedDirectories}, -+ #endif -+ #if BUILDFLAG(IS_MAC) -+ // Similar Mac specific blocks. -+ {base::DIR_APP_DATA, nullptr, BlockType::kBlockAllChildren}, -+ // Block access to the current bundle directory. -+ {chrome::DIR_OUTER_BUNDLE, nullptr, BlockType::kBlockAllChildren}, -+ // Block access to the user's Applications directory. -+ {base::DIR_HOME, FILE_PATH_LITERAL("Applications"), -+ BlockType::kBlockAllChildren}, -+ // Block access to the root Applications directory. -+ {kNoBasePathKey, FILE_PATH_LITERAL("/Applications"), -+ BlockType::kBlockAllChildren}, -+ {base::DIR_HOME, FILE_PATH_LITERAL("Library"), -+ BlockType::kBlockAllChildren}, -+ // Allow access to other cloud files, such as Google Drive. -+ {base::DIR_HOME, FILE_PATH_LITERAL("Library/CloudStorage"), -+ BlockType::kDontBlockChildren}, -+ // Allow the site to interact with data from its corresponding -+ // natively -+ // installed (sandboxed) application. It would be nice to limit a site -+ // to -+ // access only _its_ corresponding natively installed application, but -+ // unfortunately there's no straightforward way to do that. See -+ // https://crbug.com/984641#c22. -+ {base::DIR_HOME, FILE_PATH_LITERAL("Library/Containers"), -+ BlockType::kDontBlockChildren}, -+ // Allow access to iCloud files... -+ {base::DIR_HOME, FILE_PATH_LITERAL("Library/Mobile Documents"), -+ BlockType::kDontBlockChildren}, -+ // ... which may also appear at this directory. -+ {base::DIR_HOME, -+ FILE_PATH_LITERAL("Library/Mobile Documents/com~apple~CloudDocs"), -+ BlockType::kDontBlockChildren}, -+ #endif -+ #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_ANDROID) -+ // On Linux also block access to devices via /dev. -+ {kNoBasePathKey, FILE_PATH_LITERAL("/dev"), -+ BlockType::kBlockAllChildren}, -+ // And security sensitive data in /proc and /sys. -+ {kNoBasePathKey, FILE_PATH_LITERAL("/proc"), -+ BlockType::kBlockAllChildren}, -+ {kNoBasePathKey, FILE_PATH_LITERAL("/sys"), -+ BlockType::kBlockAllChildren}, -+ // And system files in /boot and /etc. -+ {kNoBasePathKey, FILE_PATH_LITERAL("/boot"), -+ BlockType::kBlockAllChildren}, -+ {kNoBasePathKey, FILE_PATH_LITERAL("/etc"), -+ BlockType::kBlockAllChildren}, -+ // And block all of ~/.config, matching the similar restrictions on -+ // mac -+ // and windows. -+ {base::DIR_HOME, FILE_PATH_LITERAL(".config"), -+ BlockType::kBlockAllChildren}, -+ // Block ~/.dbus as well, just in case, although there probably isn't -+ // much -+ // a website can do with access to that directory and its contents. -+ {base::DIR_HOME, FILE_PATH_LITERAL(".dbus"), -+ BlockType::kBlockAllChildren}, -+ #endif -+ #if BUILDFLAG(IS_ANDROID) -+ {base::DIR_ANDROID_APP_DATA, nullptr, BlockType::kBlockAllChildren}, -+ {base::DIR_CACHE, nullptr, BlockType::kBlockAllChildren}, -+ #endif -+ // TODO(crbug.com/40095723): Refine this list, for example add -+ // XDG_CONFIG_HOME when it is not set ~/.config? -+ }; -+ -+ // ChromeOS supports multi-user sign-in. base::DIR_HOME only returns the -+ // profile path for the primary user, the first user to sign in. We want to -+ // use the `profile_path` instead since that's associated with user that -+ // initiated this blocklist check. -+ // -+ // TODO(crbug.com/375490221): Improve the ChromeOS blocklist logic. -+ constexpr bool kUseProfilePathForDirHome = BUILDFLAG(IS_CHROMEOS); -+ // Populate the hard-coded rules. -+ auto block_path_rules = std::make_unique< -+ ChromeFileSystemAccessPermissionContext::BlockPathRules>(); -+ -+ for (const auto& blocked_path : kBlockPaths) { -+ base::FilePath path; -+ if (blocked_path.base_path_key != kNoBasePathKey) { -+ if (kUseProfilePathForDirHome && -+ blocked_path.base_path_key == base::DIR_HOME) { -+ block_path_rules->profile_based_block_path_rules_.emplace_back( -+ blocked_path.path, blocked_path.type); -+ continue; -+ } -+ -+ if (!base::PathService::Get(blocked_path.base_path_key, &path)) { -+ continue; -+ } -+ -+ if (blocked_path.path) { -+ path = path.Append(blocked_path.path); -+ } -+ } else { -+ DCHECK(blocked_path.path); -+ path = base::FilePath(blocked_path.path); -+ } -+ block_path_rules->block_path_rules_.emplace_back( -+ should_normalize_file_path ? NormalizeFilePath(path) : path, -+ blocked_path.type); -+ } -+ -+ return block_path_rules; -+ } + protected: SEQUENCE_CHECKER(sequence_checker_); +@@ -390,7 +517,7 @@ class ChromeFileSystemAccessPermissionContext + + void PermissionGrantDestroyed(PermissionGrantImpl* grant); + +-#if BUILDFLAG(ENTERPRISE_CLOUD_CONTENT_ANALYSIS) ++#if 0 + void OnContentAnalysisComplete( + std::vector entries, + EntriesAllowedByEnterprisePolicyCallback callback, diff --git a/shell/browser/file_system_access/file_system_access_permission_context.cc b/shell/browser/file_system_access/file_system_access_permission_context.cc index 383d9a5b6789..1fb8c1d4a57a 100644 --- a/shell/browser/file_system_access/file_system_access_permission_context.cc +++ b/shell/browser/file_system_access/file_system_access_permission_context.cc @@ -10,7 +10,6 @@ #include "base/base_paths.h" #include "base/files/file_path.h" -#include "base/files/file_util.h" #include "base/json/values_util.h" #include "base/path_service.h" #include "base/task/bind_post_task.h" @@ -40,16 +39,6 @@ #include "ui/base/l10n/l10n_util.h" #include "url/origin.h" -ChromeFileSystemAccessPermissionContext::BlockPathRules::BlockPathRules() = - default; -ChromeFileSystemAccessPermissionContext::BlockPathRules::~BlockPathRules() = - default; -ChromeFileSystemAccessPermissionContext::BlockPathRules::BlockPathRules( - const BlockPathRules& other) = default; -ChromeFileSystemAccessPermissionContext::BlockPathRules& -ChromeFileSystemAccessPermissionContext::BlockPathRules::operator=( - const BlockPathRules& other) = default; - namespace gin { template <> @@ -152,53 +141,51 @@ bool MaybeIsLocalUNCPath(const base::FilePath& path) { } #endif // BUILDFLAG(IS_WIN) -bool ShouldBlockAccessToPath( - base::FilePath path, - HandleType handle_type, - std::vector - extra_rules, - ChromeFileSystemAccessPermissionContext::BlockPathRules block_path_rules) { +// Describes a rule for blocking a directory, which can be constructed +// dynamically (based on state) or statically (from kBlockedPaths). +struct BlockPathRule { + base::FilePath path; + BlockType type; +}; + +bool ShouldBlockAccessToPath(const base::FilePath& path, + HandleType handle_type, + std::vector rules) { DCHECK(!path.empty()); DCHECK(path.IsAbsolute()); - path = ChromeFileSystemAccessPermissionContext::NormalizeFilePath(path); - for (auto& rule : extra_rules) { - rule.path = - ChromeFileSystemAccessPermissionContext::NormalizeFilePath(rule.path); - } - #if BUILDFLAG(IS_WIN) // On Windows, local UNC paths are rejected, as UNC path can be written in a // way that can bypass the blocklist. - if (MaybeIsLocalUNCPath(path)) { + if (MaybeIsLocalUNCPath(path)) return true; +#endif // BUILDFLAG(IS_WIN) + + // Add the hard-coded rules to the dynamic rules. + for (auto const& [key, rule_path, type] : + ChromeFileSystemAccessPermissionContext::GenerateBlockedPath()) { + if (key == ChromeFileSystemAccessPermissionContext::kNoBasePathKey) { + rules.emplace_back(base::FilePath{rule_path}, type); + } else if (base::FilePath block_path; + base::PathService::Get(key, &block_path)) { + rules.emplace_back(rule_path ? block_path.Append(rule_path) : block_path, + type); + } } -#endif base::FilePath nearest_ancestor; BlockType nearest_ancestor_block_type = BlockType::kDontBlockChildren; - auto should_block_with_rule = [&](const base::FilePath& block_path, - BlockType block_type) -> bool { - if (path == block_path || path.IsParent(block_path)) { - VLOG(1) << "Blocking access to " << path << " because it is a parent of " - << block_path; + for (const auto& block : rules) { + if (path == block.path || path.IsParent(block.path)) { + DLOG(INFO) << "Blocking access to " << path + << " because it is a parent of " << block.path; return true; } - if (block_path.IsParent(path) && - (nearest_ancestor.empty() || nearest_ancestor.IsParent(block_path))) { - nearest_ancestor = block_path; - nearest_ancestor_block_type = block_type; - } - return false; - }; - - for (const auto* block_rules_ptr : - {&extra_rules, &block_path_rules.block_path_rules_}) { - for (const auto& block : *block_rules_ptr) { - if (should_block_with_rule(block.path, block.type)) { - return true; - } + if (block.path.IsParent(path) && + (nearest_ancestor.empty() || nearest_ancestor.IsParent(block.path))) { + nearest_ancestor = block.path; + nearest_ancestor_block_type = block.type; } } @@ -206,8 +193,6 @@ bool ShouldBlockAccessToPath( // nearest ancestor does not block access to its children. Grant access. if (nearest_ancestor.empty() || nearest_ancestor_block_type == BlockType::kDontBlockChildren) { - VLOG(1) << "Not blocking access to " << path << " because it is inside " - << nearest_ancestor << " and it's kDontBlockChildren"; return false; } @@ -215,14 +200,12 @@ bool ShouldBlockAccessToPath( // access to directories. Grant access. if (handle_type == HandleType::kFile && nearest_ancestor_block_type == BlockType::kBlockNestedDirectories) { - VLOG(1) << "Not blocking access to " << path << " because it is inside " - << nearest_ancestor << " and it's kBlockNestedDirectories"; return false; } // The nearest ancestor blocks access to its children, so block access. - VLOG(1) << "Blocking access to " << path << " because it is inside " - << nearest_ancestor << " and it's kBlockAllChildren"; + DLOG(INFO) << "Blocking access to " << path << " because it is inside " + << nearest_ancestor; return true; } @@ -463,30 +446,11 @@ FileSystemAccessPermissionContext::FileSystemAccessPermissionContext( const base::Clock* clock) : browser_context_(browser_context), clock_(clock) { DETACH_FROM_SEQUENCE(sequence_checker_); - ResetBlockPaths(); } FileSystemAccessPermissionContext::~FileSystemAccessPermissionContext() = default; -void FileSystemAccessPermissionContext::ResetBlockPaths() { - is_block_path_rules_init_complete_ = false; - base::ThreadPool::PostTaskAndReplyWithResult( - FROM_HERE, {base::MayBlock(), base::TaskPriority::USER_VISIBLE}, - base::BindOnce( - &ChromeFileSystemAccessPermissionContext::GenerateBlockPaths, true), - base::BindOnce(&FileSystemAccessPermissionContext::UpdateBlockPaths, - weak_factory_.GetWeakPtr())); -} - -void FileSystemAccessPermissionContext::UpdateBlockPaths( - std::unique_ptr - block_path_rules) { - block_path_rules_ = std::move(block_path_rules); - is_block_path_rules_init_complete_ = true; - block_rules_check_callbacks_.Notify(*block_path_rules_.get()); -} - scoped_refptr FileSystemAccessPermissionContext::GetReadPermissionGrant( const url::Origin& origin, @@ -640,26 +604,12 @@ void FileSystemAccessPermissionContext::ConfirmSensitiveEntryAccess( std::move(after_blocklist_check_callback)); } -void FileSystemAccessPermissionContext::CheckShouldBlockAccessToPathAndReply( - base::FilePath path, - HandleType handle_type, - std::vector - extra_rules, - base::OnceCallback callback, - ChromeFileSystemAccessPermissionContext::BlockPathRules block_path_rules) { - base::ThreadPool::PostTaskAndReplyWithResult( - FROM_HERE, {base::MayBlock(), base::TaskPriority::USER_VISIBLE}, - base::BindOnce(&ShouldBlockAccessToPath, path, handle_type, extra_rules, - block_path_rules), - std::move(callback)); -} - void FileSystemAccessPermissionContext::CheckPathAgainstBlocklist( const content::PathInfo& path_info, HandleType handle_type, base::OnceCallback callback) { DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); - // TODO(crbug.com/40101272): Figure out what external paths should be + // TODO(https://crbug.com/1009970): Figure out what external paths should be // blocked. We could resolve the external path to a local path, and check for // blocked directories based on that, but that doesn't work well. Instead we // should have a separate Chrome OS only code path to block for example the @@ -669,27 +619,15 @@ void FileSystemAccessPermissionContext::CheckPathAgainstBlocklist( return; } - // Unlike the DIR_USER_DATA check, this handles the --user-data-dir override. - // We check for the user data dir in two different ways: directly, via the - // profile manager, where it exists (it does not in unit tests), and via the - // profile's directory, assuming the profile dir is a child of the user data - // dir. - std::vector - extra_rules; - if (is_block_path_rules_init_complete_) { - // The rules initialization is completed, we can just post the task to a - // anonymous blocking traits. - CheckShouldBlockAccessToPathAndReply(path_info.path, handle_type, - extra_rules, std::move(callback), - *block_path_rules_.get()); - return; - } - // The check must be performed after the rules initialization is done. - block_rules_check_subscription_.push_back(block_rules_check_callbacks_.Add( - base::BindOnce(&FileSystemAccessPermissionContext:: - CheckShouldBlockAccessToPathAndReply, - weak_factory_.GetWeakPtr(), path_info.path, handle_type, - extra_rules, std::move(callback)))); + std::vector extra_rules; + extra_rules.emplace_back(browser_context_->GetPath().DirName(), + BlockType::kBlockAllChildren); + + base::ThreadPool::PostTaskAndReplyWithResult( + FROM_HERE, {base::MayBlock(), base::TaskPriority::USER_VISIBLE}, + base::BindOnce(&ShouldBlockAccessToPath, path_info.path, handle_type, + extra_rules), + std::move(callback)); } void FileSystemAccessPermissionContext::PerformAfterWriteChecks( diff --git a/shell/browser/file_system_access/file_system_access_permission_context.h b/shell/browser/file_system_access/file_system_access_permission_context.h index 591c1288e2dd..18d55ad47710 100644 --- a/shell/browser/file_system_access/file_system_access_permission_context.h +++ b/shell/browser/file_system_access/file_system_access_permission_context.h @@ -12,14 +12,13 @@ #include #include -#include "base/callback_list.h" #include "base/functional/callback_forward.h" #include "base/memory/weak_ptr.h" #include "base/time/clock.h" #include "base/time/default_clock.h" #include "base/values.h" -#include "chrome/browser/file_system_access/chrome_file_system_access_permission_context.h" // nogncheck #include "components/keyed_service/core/keyed_service.h" +#include "content/public/browser/file_system_access_permission_context.h" class GURL; @@ -136,14 +135,6 @@ class FileSystemAccessPermissionContext void PermissionGrantDestroyed(PermissionGrantImpl* grant); - void CheckShouldBlockAccessToPathAndReply( - base::FilePath path, - HandleType handle_type, - std::vector - extra_rules, - base::OnceCallback callback, - ChromeFileSystemAccessPermissionContext::BlockPathRules block_path_rules); - void CheckPathAgainstBlocklist(const content::PathInfo& path, HandleType handle_type, base::OnceCallback callback); @@ -168,11 +159,6 @@ class FileSystemAccessPermissionContext const base::FilePath& path, GrantType grant_type) const; - void ResetBlockPaths(); - void UpdateBlockPaths( - std::unique_ptr - block_path_rules); - base::WeakPtr GetWeakPtr(); const raw_ptr browser_context_; @@ -190,14 +176,6 @@ class FileSystemAccessPermissionContext std::map> callback_map_; - std::unique_ptr - block_path_rules_; - bool is_block_path_rules_init_complete_ = false; - std::vector block_rules_check_subscription_; - base::OnceCallbackList - block_rules_check_callbacks_; - base::WeakPtrFactory weak_factory_{this}; };