-
Paul Miller authored
Context.getDir() creates Chrome's data directory, app_chrome/, with rwxrwx--x. ChromeMainDelegateAndroid::RunProcess() then limits this to rwx------. RunProcess() goes out of its way to avoid granting any user permissions that weren't already present, but this seems like a mistake; it shouldn't be possible for app_chrome/ to have fewer permissions than rwx------. So RunProcess is simplified to set the permissions to exactly rwx------. Also don't print data_path in the error message because if PathService::Get() failed, data_path is empty. Also restrict WebView's directory, app_webview/, using Os.chown(). Doing this in PathUtils covers both Chrome and WebView. However, Os.chown() requires API >= 21, which is the case for WebView but not Chrome, so Chrome's RunProcess() code must stay for now. Rehabilitate //chrome/test:chrome_app_unittests to run on Android (crbug 609855 says it was broken but it seems to work now) and add a unit test for the simplified native code. BUG=832388,609855 internal bug b/19993402 Change-Id: I1bcfe72940ddc1fb23f2b0bef50775853843ea76 Reviewed-on: https://chromium-review.googlesource.com/984773 Commit-Queue: Paul Miller <paulmiller@chromium.org> Reviewed-by:
Tao Bai <michaelbai@chromium.org> Reviewed-by:
Richard Coles <torne@chromium.org> Cr-Commit-Position: refs/heads/master@{#551795}
5e34d9d2
