Stop prompting for the file system write permission in packaged apps.

The user has to grant permission to specific files via a file picker, which is considered permission enough. BUG=363399 Review URL: https://codereview.chromium.org/253433002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@267081 0039d316-1c4b-4281-b951-d872f2087c98
hylschwy · Apr 30, 2014 · f81a8b3 · f81a8b3
1 parent 8a7262d
commit f81a8b3
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 23 deletions.
diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
@@ -4382,9 +4382,6 @@ Make sure you do not expose any sensitive information.
       <message name="IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY" desc="Permission string for read access to directories and their contents.">
         Read folders that you open in the application
       </message>
-      <message name="IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE" desc="Permission string for write access to the file system.">
-        Write to files that you open in the application
-      </message>
       <message name="IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY" desc="Permission string for write access to directories and their contents.">
         Write to files and folders that you open in the application
       </message>

diff --git a/chrome/common/extensions/permissions/chrome_api_permissions.cc b/chrome/common/extensions/permissions/chrome_api_permissions.cc
@@ -329,10 +329,7 @@ std::vector<APIPermissionInfo*> ChromeAPIPermissions::GetAllPermissions()
          PermissionMessage::kFileSystemDirectory},
         {APIPermission::kFileSystemProvider, "fileSystemProvider"},
         {APIPermission::kFileSystemRetainEntries, "fileSystem.retainEntries"},
-        {APIPermission::kFileSystemWrite, "fileSystem.write",
-         APIPermissionInfo::kFlagNone,
-         IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE,
-         PermissionMessage::kFileSystemWrite},
+        {APIPermission::kFileSystemWrite, "fileSystem.write"},
         {APIPermission::kFileSystemWriteDirectory, "fileSystem.writeDirectory",
          APIPermissionInfo::kFlagNone,
          IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY,

diff --git a/chrome/common/extensions/permissions/chrome_permission_message_provider.cc b/chrome/common/extensions/permissions/chrome_permission_message_provider.cc
@@ -257,12 +257,8 @@ ChromePermissionMessageProvider::GetAPIPermissionMessages(
   }
 
   // A special hack: If kFileSystemWriteDirectory would be displayed, hide
-  // kFileSystemDirectory and and kFileSystemWrite as the write directory
-  // message implies the other two.
+  // kFileSystemDirectory as the write directory message implies it.
   // TODO(sammc): Remove this. See http://crbug.com/284849.
-  SuppressMessage(messages,
-                  PermissionMessage::kFileSystemWriteDirectory,
-                  PermissionMessage::kFileSystemWrite);
   SuppressMessage(messages,
                   PermissionMessage::kFileSystemWriteDirectory,
                   PermissionMessage::kFileSystemDirectory);
@@ -335,18 +331,14 @@ bool ChromePermissionMessageProvider::IsAPIPrivilegeIncrease(
   PermissionMsgSet delta_warnings =
       base::STLSetDifference<PermissionMsgSet>(new_warnings, old_warnings);
 
-  // A special hack: kFileSystemWriteDirectory implies kFileSystemDirectory and
-  // kFileSystemWrite.
+  // A special hack: kFileSystemWriteDirectory implies kFileSystemDirectory.
   // TODO(sammc): Remove this. See http://crbug.com/284849.
   if (old_warnings.find(PermissionMessage(
           PermissionMessage::kFileSystemWriteDirectory, base::string16())) !=
       old_warnings.end()) {
     delta_warnings.erase(
         PermissionMessage(PermissionMessage::kFileSystemDirectory,
                           base::string16()));
-    delta_warnings.erase(
-        PermissionMessage(PermissionMessage::kFileSystemWrite,
-                          base::string16()));
   }
 
   // It is a privilege increase if there are additional warnings present.

diff --git a/chrome/common/extensions/permissions/permission_set_unittest.cc b/chrome/common/extensions/permissions/permission_set_unittest.cc
@@ -754,6 +754,7 @@ TEST(PermissionsTest, PermissionMessages) {
   skip.insert(APIPermission::kFileSystem);
   skip.insert(APIPermission::kFileSystemProvider);
   skip.insert(APIPermission::kFileSystemRetainEntries);
+  skip.insert(APIPermission::kFileSystemWrite);
   skip.insert(APIPermission::kSocket);
   skip.insert(APIPermission::kUsbDevice);
 
@@ -784,15 +785,14 @@ TEST(PermissionsTest, FileSystemPermissionMessages) {
   PermissionMessages messages =
       PermissionMessageProvider::Get()->GetPermissionMessages(
           permissions, Manifest::TYPE_PLATFORM_APP);
-  ASSERT_EQ(2u, messages.size());
+  ASSERT_EQ(1u, messages.size());
   std::sort(messages.begin(), messages.end());
   std::set<PermissionMessage::ID> ids;
   for (PermissionMessages::const_iterator it = messages.begin();
        it != messages.end(); ++it) {
     ids.insert(it->id());
   }
   EXPECT_TRUE(ContainsKey(ids, PermissionMessage::kFileSystemDirectory));
-  EXPECT_TRUE(ContainsKey(ids, PermissionMessage::kFileSystemWrite));
 }
 
 TEST(PermissionsTest, HiddenFileSystemPermissionMessages) {
@@ -891,9 +891,9 @@ TEST(PermissionsTest, MergedFileSystemPermissionComparison) {
   EXPECT_TRUE(provider->IsPrivilegeIncrease(write_permissions,
                                             write_directory_permissions,
                                             Manifest::TYPE_PLATFORM_APP));
-  EXPECT_TRUE(provider->IsPrivilegeIncrease(directory_permissions,
-                                            write_permissions,
-                                            Manifest::TYPE_PLATFORM_APP));
+  EXPECT_FALSE(provider->IsPrivilegeIncrease(directory_permissions,
+                                             write_permissions,
+                                             Manifest::TYPE_PLATFORM_APP));
   EXPECT_TRUE(provider->IsPrivilegeIncrease(directory_permissions,
                                             write_directory_permissions,
                                             Manifest::TYPE_PLATFORM_APP));

diff --git a/chrome/test/data/extensions/allow_silent_upgrade/platformapp2_new.json b/chrome/test/data/extensions/allow_silent_upgrade/platformapp2_new.json
@@ -6,6 +6,7 @@
   "permissions": [
     "http://example.com",
     "fileSystem",
+    "fileSystem.directory",
     "fileSystem.write"
   ]
 }
diff --git a/extensions/common/permissions/permission_message.h b/extensions/common/permissions/permission_message.h
@@ -47,7 +47,7 @@ class PermissionMessage {
     kAudioCapture,
     kVideoCapture,
     kDownloads,
-    kFileSystemWrite,
+    kDeleted_FileSystemWrite,
     kMediaGalleriesAllGalleriesRead,
     kSerial,
     kSocketAnyHost,