1710632d07b13609444626367bebd34c0af3acb6aMikhail Glushenkov// Copyright 2013 The Chromium Authors. All rights reserved.
26091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer// Use of this source code is governed by a BSD-style license that can be
36091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer// found in the LICENSE file.
46091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer
57ed47a13356daed2a34cd2209a31f92552e3bdd8Chris Lattner#include "chrome/browser/renderer_host/pepper/pepper_isolated_file_system_message_filter.h"
67ed47a13356daed2a34cd2209a31f92552e3bdd8Chris Lattner
76091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer#include "chrome/browser/browser_process.h"
86091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer#include "chrome/browser/extensions/extension_service.h"
927107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling#include "chrome/browser/profiles/profile.h"
1027107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling#include "chrome/browser/profiles/profile_manager.h"
1127107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling#include "chrome/common/chrome_switches.h"
1227107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling#include "chrome/common/pepper_permission_util.h"
1327107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling#include "content/public/browser/browser_ppapi_host.h"
146091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer#include "content/public/browser/browser_thread.h"
156091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer#include "content/public/browser/child_process_security_policy.h"
16674be02d525d4e24bc6943ed9274958c580bcfbcJakub Staszak#include "content/public/browser/render_view_host.h"
17674be02d525d4e24bc6943ed9274958c580bcfbcJakub Staszak#include "extensions/browser/extension_system.h"
186091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer#include "extensions/common/constants.h"
19d509d0b532ec2358b3f341d4a4cd1411cb8b5db2Chris Lattner#include "extensions/common/extension.h"
200319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling#include "extensions/common/extension_set.h"
213467e30edf63b6d8a8d446186674ba9e4b7885a9Bill Wendling#include "ppapi/c/pp_errors.h"
2222bd64173981bf1251c4b3bfc684207340534ba3Bill Wendling#include "ppapi/host/dispatch_host_message.h"
23ea59f896a672c2e1ef9f02277bce60257aa60989Bill Wendling#include "ppapi/host/host_message_context.h"
2458d74910c6b82e622ecbb57d6644d48fec5a5c0fChris Lattner#include "ppapi/host/ppapi_host.h"
256091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer#include "ppapi/proxy/ppapi_messages.h"
266091ebd172a16a10f1ea66061a5fa7cbf5139e56Reid Spencer#include "ppapi/shared_impl/file_system_util.h"
27d426a642a23a234547cbc7061f5bfec157673249Bill Wendling#include "storage/browser/fileapi/isolated_context.h"
28702cc91aa1bd41540e8674921ae7ac89a4ff061fBill Wendling
29f6670729aabc1fab85238d2b306a1c1767a807bbBill Wendlingnamespace chrome {
30817abdd8b055059e5930a15704b9f52da4236456Bill Wendling
31817abdd8b055059e5930a15704b9f52da4236456Bill Wendlingnamespace {
326dc3781d44e56f0addf28b06232a50f3f9e6b1afBill Wendling
332c79ecbd704c656178ffa43d5a58ebe3ca188b40Bill Wendlingconst char* kPredefinedAllowedCrxFsOrigins[] = {
34ad9a9e15595bc9d5ba1ed752caf8572957f77a3dDuncan Sands    "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F",  // see crbug.com/234789
35ad9a9e15595bc9d5ba1ed752caf8572957f77a3dDuncan Sands    "4EB74897CB187C7633357C2FE832E0AD6A44883A"   // see crbug.com/234789
361d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling};
3727107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling
3827107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling}  // namespace
391d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling
401d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling// static
411d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill WendlingPepperIsolatedFileSystemMessageFilter*
42034b94b17006f51722886b0f2283fb6fb19aca1fBill WendlingPepperIsolatedFileSystemMessageFilter::Create(PP_Instance instance,
436765834754cbb3cb0f15b4b15e98c5e73fa50066Bill Wendling                                              content::BrowserPpapiHost* host) {
441d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling  int render_process_id;
4573dee180c836270644dfa7d90f9c5ba877567999Bill Wendling  int unused_render_frame_id;
46f3d1500ab2c7364d3d0fb73a7e1b8c6339ab48b1Bill Wendling  if (!host->GetRenderFrameIDsForInstance(
4773dee180c836270644dfa7d90f9c5ba877567999Bill Wendling          instance, &render_process_id, &unused_render_frame_id)) {
4873dee180c836270644dfa7d90f9c5ba877567999Bill Wendling    return NULL;
4973dee180c836270644dfa7d90f9c5ba877567999Bill Wendling  }
50f3d1500ab2c7364d3d0fb73a7e1b8c6339ab48b1Bill Wendling  return new PepperIsolatedFileSystemMessageFilter(
5173dee180c836270644dfa7d90f9c5ba877567999Bill Wendling      render_process_id,
5211d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling      host->GetProfileDataDirectory(),
5311d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling      host->GetDocumentURLForInstance(instance),
54f3d1500ab2c7364d3d0fb73a7e1b8c6339ab48b1Bill Wendling      host->GetPpapiHost());
5511d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling}
5611d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling
5711d00420e42ba88c3b48cab997965a7be79315e2Bill WendlingPepperIsolatedFileSystemMessageFilter::PepperIsolatedFileSystemMessageFilter(
5811d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling    int render_process_id,
5911d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling    const base::FilePath& profile_directory,
6011d00420e42ba88c3b48cab997965a7be79315e2Bill Wendling    const GURL& document_url,
61629fb82419d9bfff6ae475363bcce66192dfcc8eBill Wendling    ppapi::host::PpapiHost* ppapi_host)
625a0eeb5a9d727940b1dbe8dff6e9aa292ada0f6aBill Wendling    : render_process_id_(render_process_id),
63480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling      profile_directory_(profile_directory),
64480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling      document_url_(document_url),
65480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling      ppapi_host_(ppapi_host) {
666765834754cbb3cb0f15b4b15e98c5e73fa50066Bill Wendling  for (size_t i = 0; i < arraysize(kPredefinedAllowedCrxFsOrigins); ++i)
67f6670729aabc1fab85238d2b306a1c1767a807bbBill Wendling    allowed_crxfs_origins_.insert(kPredefinedAllowedCrxFsOrigins[i]);
68480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling}
69480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling
70480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill WendlingPepperIsolatedFileSystemMessageFilter::
71480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling    ~PepperIsolatedFileSystemMessageFilter() {}
729a419f656e278b96e9dfe739cd63c7bff9a4e1fdQuentin Colombet
73480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendlingscoped_refptr<base::TaskRunner>
74480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill WendlingPepperIsolatedFileSystemMessageFilter::OverrideTaskRunnerForMessage(
75480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling    const IPC::Message& msg) {
76480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling  // In order to reach ExtensionSystem, we need to get ProfileManager first.
7767ae13575900e8efd056672987249fd0adbf5e73James Molloy  // ProfileManager lives in UI thread, so we need to do this in UI thread.
78480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling  return content::BrowserThread::GetMessageLoopProxyForThread(
79480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling      content::BrowserThread::UI);
80480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling}
813a106e60366a51b4594ec303ff8dbbc58913227fBill Wendling
82480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendlingint32_t PepperIsolatedFileSystemMessageFilter::OnResourceMessageReceived(
83480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling    const IPC::Message& msg,
84480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling    ppapi::host::HostMessageContext* context) {
85480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling  PPAPI_BEGIN_MESSAGE_MAP(PepperIsolatedFileSystemMessageFilter, msg)
86480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling    PPAPI_DISPATCH_HOST_RESOURCE_CALL(
87480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling      PpapiHostMsg_IsolatedFileSystem_BrowserOpen,
88480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling      OnOpenFileSystem)
89480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling  PPAPI_END_MESSAGE_MAP()
90480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling  return PP_ERROR_FAILED;
916765834754cbb3cb0f15b4b15e98c5e73fa50066Bill Wendling}
926765834754cbb3cb0f15b4b15e98c5e73fa50066Bill Wendling
93f6670729aabc1fab85238d2b306a1c1767a807bbBill WendlingProfile* PepperIsolatedFileSystemMessageFilter::GetProfile() {
94480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
95480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling  ProfileManager* profile_manager = g_browser_process->profile_manager();
96114baee1fa017daefad2339c77b45b9ca3d79a41Bill Wendling  return profile_manager->GetProfile(profile_directory_);
97480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling}
98480b1b28ea6fc1bb5c78d99472df624cfd3fce47Bill Wendling
990319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendlingstd::string PepperIsolatedFileSystemMessageFilter::CreateCrxFileSystem(
1000319888773b36dd61d7d2283cb9a26cac1e5abe8Bill Wendling    Profile* profile) {
1013a4779a9211281a1d0c27c97037342329035a185NAKAMURA Takumi#if defined(ENABLE_EXTENSIONS)
1023a4779a9211281a1d0c27c97037342329035a185NAKAMURA Takumi  extensions::ExtensionSystem* extension_system =
1036f78fbbc630d2b86fb752574f5ad74473f57dfb1Chandler Carruth      extensions::ExtensionSystem::Get(profile);
1046f78fbbc630d2b86fb752574f5ad74473f57dfb1Chandler Carruth  if (!extension_system)
1056765834754cbb3cb0f15b4b15e98c5e73fa50066Bill Wendling    return std::string();
1066765834754cbb3cb0f15b4b15e98c5e73fa50066Bill Wendling
10727107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling  const ExtensionService* extension_service =
10827107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling      extension_system->extension_service();
109d426a642a23a234547cbc7061f5bfec157673249Bill Wendling  if (!extension_service)
11027107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling    return std::string();
1112c79ecbd704c656178ffa43d5a58ebe3ca188b40Bill Wendling
112c22f4aa886443507f8406d30d118fdeeac6a8c6cBill Wendling  const extensions::Extension* extension =
113c22f4aa886443507f8406d30d118fdeeac6a8c6cBill Wendling      extension_service->GetExtensionById(document_url_.host(), false);
114c22f4aa886443507f8406d30d118fdeeac6a8c6cBill Wendling  if (!extension)
115c22f4aa886443507f8406d30d118fdeeac6a8c6cBill Wendling    return std::string();
116c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling
1178c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling  // First level directory for isolated filesystem to lookup.
1188c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling  std::string kFirstLevelDirectory("crxfs");
1198c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling  return storage::IsolatedContext::GetInstance()->RegisterFileSystemForPath(
1202c79ecbd704c656178ffa43d5a58ebe3ca188b40Bill Wendling      storage::kFileSystemTypeNativeLocal,
121c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling      std::string(),
122c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling      extension->path(),
123c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling      &kFirstLevelDirectory);
124c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling#else
125c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling  return std::string();
126c22f4aa886443507f8406d30d118fdeeac6a8c6cBill Wendling#endif
127c22f4aa886443507f8406d30d118fdeeac6a8c6cBill Wendling}
128c22f4aa886443507f8406d30d118fdeeac6a8c6cBill Wendling
129c22f4aa886443507f8406d30d118fdeeac6a8c6cBill Wendlingint32_t PepperIsolatedFileSystemMessageFilter::OnOpenFileSystem(
1308c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling    ppapi::host::HostMessageContext* context,
1318c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling    PP_IsolatedFileSystemType_Private type) {
1328c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling  switch (type) {
1338c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling    case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_INVALID:
1348c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling      break;
1358c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling    case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_CRX:
1368c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling      return OpenCrxFileSystem(context);
1378c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling    case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_PLUGINPRIVATE:
1388c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling      return OpenPluginPrivateFileSystem(context);
1398c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling  }
140eddab1550ee10cce3bb26a26e88529cb19451aa3NAKAMURA Takumi  NOTREACHED();
141eddab1550ee10cce3bb26a26e88529cb19451aa3NAKAMURA Takumi  context->reply_msg =
142eddab1550ee10cce3bb26a26e88529cb19451aa3NAKAMURA Takumi      PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(std::string());
14364754f499058b5dc748ea6d06a084af0ed539ec4Bill Wendling  return PP_ERROR_FAILED;
14464754f499058b5dc748ea6d06a084af0ed539ec4Bill Wendling}
14564754f499058b5dc748ea6d06a084af0ed539ec4Bill Wendling
1468c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendlingint32_t PepperIsolatedFileSystemMessageFilter::OpenCrxFileSystem(
1478c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling    ppapi::host::HostMessageContext* context) {
1488c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling#if defined(ENABLE_EXTENSIONS)
1496dc3781d44e56f0addf28b06232a50f3f9e6b1afBill Wendling  Profile* profile = GetProfile();
1508c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling  const extensions::ExtensionSet* extension_set = NULL;
1518c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling  if (profile) {
1528c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling    extension_set = extensions::ExtensionSystem::Get(profile)
1538c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling                        ->extension_service()
1548c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling                        ->extensions();
1558c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling  }
1568c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling  if (!IsExtensionOrSharedModuleWhitelisted(
1578c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling          document_url_, extension_set, allowed_crxfs_origins_) &&
1588c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling      !IsHostAllowedByCommandLine(
1598c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling          document_url_, extension_set, switches::kAllowNaClCrxFsAPI)) {
1608c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling    LOG(ERROR) << "Host " << document_url_.host() << " cannot use CrxFs API.";
1616dc3781d44e56f0addf28b06232a50f3f9e6b1afBill Wendling    return PP_ERROR_NOACCESS;
1621d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling  }
163ef99fe8efaa6cb74c66e570a6ef467debca92911Bill Wendling
164e66f3d3ba0ea9f82f65a29c47fc37e997cbf0aceBill Wendling  // TODO(raymes): When we remove FileSystem from the renderer, we should create
165ef99fe8efaa6cb74c66e570a6ef467debca92911Bill Wendling  // a pending PepperFileSystemBrowserHost here with the fsid and send the
1661d3dcfe4246b4d45fa78a8dfd0a11c7fff842c15Bill Wendling  // pending host ID back to the plugin.
167943c29135e03e55f9a5dab393786171a4a536482Bill Wendling  const std::string fsid = CreateCrxFileSystem(profile);
168e66f3d3ba0ea9f82f65a29c47fc37e997cbf0aceBill Wendling  if (fsid.empty()) {
16930b483c94001927b3593ed200e823104bab51660Bill Wendling    context->reply_msg =
170c22f4aa886443507f8406d30d118fdeeac6a8c6cBill Wendling        PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(std::string());
171c22f4aa886443507f8406d30d118fdeeac6a8c6cBill Wendling    return PP_ERROR_NOTSUPPORTED;
172c22f4aa886443507f8406d30d118fdeeac6a8c6cBill Wendling  }
173c22f4aa886443507f8406d30d118fdeeac6a8c6cBill Wendling
1748c74ecfbddabe89e150abff4fdff0a27108874b9Bill Wendling  // Grant readonly access of isolated filesystem to renderer process.
1752d5be6c313c0f9e23e56620fa8f8ae8d9b539bf0Bill Wendling  content::ChildProcessSecurityPolicy* policy =
1762d5be6c313c0f9e23e56620fa8f8ae8d9b539bf0Bill Wendling      content::ChildProcessSecurityPolicy::GetInstance();
1772d5be6c313c0f9e23e56620fa8f8ae8d9b539bf0Bill Wendling  policy->GrantReadFileSystem(render_process_id_, fsid);
178c08a5ef6581f2c7550e92d31f63cd65ec29c39e0Bill Wendling
1793467e30edf63b6d8a8d446186674ba9e4b7885a9Bill Wendling  context->reply_msg = PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(fsid);
1803467e30edf63b6d8a8d446186674ba9e4b7885a9Bill Wendling  return PP_OK;
181bb08593980b16fbd9758da6ca4fa9c7964f2f926Bill Wendling#else
182bb08593980b16fbd9758da6ca4fa9c7964f2f926Bill Wendling  return PP_ERROR_NOTSUPPORTED;
183bb08593980b16fbd9758da6ca4fa9c7964f2f926Bill Wendling#endif
184827cde1c8319e51463007078a7ce3660ebc93036Duncan Sands}
185827cde1c8319e51463007078a7ce3660ebc93036Duncan Sands
186e66f3d3ba0ea9f82f65a29c47fc37e997cbf0aceBill Wendlingint32_t PepperIsolatedFileSystemMessageFilter::OpenPluginPrivateFileSystem(
18727107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling    ppapi::host::HostMessageContext* context) {
18827107f6ab4627fa38bcacad6757ed6d52910f880Bill Wendling  DCHECK(ppapi_host_);
18918e7211068c9d2c6204512f9c468ee179818a4b6Bill Wendling  // Only plugins with private permission can open the filesystem.
19099faa3b4ec6d03ac7808fe4ff3fbf3d04e375502Bill Wendling  if (!ppapi_host_->permissions().HasPermission(ppapi::PERMISSION_PRIVATE))
19107aae2e7d58fe23e370e0cbb9e1a3def99434c36Bill Wendling    return PP_ERROR_NOACCESS;
19207aae2e7d58fe23e370e0cbb9e1a3def99434c36Bill Wendling
19307aae2e7d58fe23e370e0cbb9e1a3def99434c36Bill Wendling  const std::string& root_name = ppapi::IsolatedFileSystemTypeToRootName(
19407aae2e7d58fe23e370e0cbb9e1a3def99434c36Bill Wendling      PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_PLUGINPRIVATE);
19507aae2e7d58fe23e370e0cbb9e1a3def99434c36Bill Wendling  const std::string& fsid =
19607aae2e7d58fe23e370e0cbb9e1a3def99434c36Bill Wendling      storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
197a90a99a82b9c5c39fc6dbee9c266dcd7b107fe2fBill Wendling          storage::kFileSystemTypePluginPrivate, root_name, base::FilePath());
1987d38c109aab8654e63e9071c7d948661f6b58433Bill Wendling
199a90a99a82b9c5c39fc6dbee9c266dcd7b107fe2fBill Wendling  // Grant full access of isolated filesystem to renderer process.
20073dee180c836270644dfa7d90f9c5ba877567999Bill Wendling  content::ChildProcessSecurityPolicy* policy =
2010976e00fd1cbf4128daeb72efd8957d00383fda9Bill Wendling      content::ChildProcessSecurityPolicy::GetInstance();
202ec2589863b32da169240c4fa120ef1e3798615d4Bill Wendling  policy->GrantCreateReadWriteFileSystem(render_process_id_, fsid);
2030976e00fd1cbf4128daeb72efd8957d00383fda9Bill Wendling
20473dee180c836270644dfa7d90f9c5ba877567999Bill Wendling  context->reply_msg = PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(fsid);
205606c8e36dfdd28fc589356addd3e2cbb89a32e4dBill Wendling  return PP_OK;
2060976e00fd1cbf4128daeb72efd8957d00383fda9Bill Wendling}
20787e10dfefa94f77937c37b0eb51095540d675cbcBill Wendling
20887e10dfefa94f77937c37b0eb51095540d675cbcBill Wendling}  // namespace chrome
2096bdbf061c353295669b6bfc271b948158602d1bcBill Wendling