BASELINE: Update Chromium to 114.0.5735.248

Change-Id: Ie7ddd5d87175d4bde196f774c742cdbb9d5d311a
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/495463
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

1 files changed, 67 insertions, 15 deletions

diff --git a/chromium/base/files/file_util.h b/chromium/base/files/file_util.h
index 7ec9f2b6758..0b0c7df1517 100644
--- a/chromium/base/files/file_util.h
+++ b/chromium/base/files/file_util.h
@@ -42,10 +42,28 @@ class Time;
 // Functions that involve filesystem access or modification:
 
 // Returns an absolute version of a relative path. Returns an empty path on
-// error. On POSIX, this function fails if the path does not exist. This
-// function can result in I/O so it can be slow.
+// error. This function can result in I/O so it can be slow.
+//
+// On POSIX, this function calls realpath(), so:
+// 1) it fails if the path does not exist.
+// 2) it expands all symlink components of the path.
+// 3) it removes "." and ".." directory components.
 BASE_EXPORT FilePath MakeAbsoluteFilePath(const FilePath& input);
 
+#if BUILDFLAG(IS_POSIX)
+// Prepends the current working directory if `input` is not already absolute,
+// and removes "/./" and "/../" This is similar to MakeAbsoluteFilePath(), but
+// MakeAbsoluteFilePath() expands all symlinks in the path and this does not.
+//
+// This may block if `input` is a relative path, when calling
+// GetCurrentDirectory().
+//
+// This doesn't return absl::nullopt unless (1) `input` is empty, or (2)
+// `input` is a relative path and GetCurrentDirectory() fails.
+[[nodiscard]] BASE_EXPORT absl::optional<FilePath>
+MakeAbsoluteFilePathNoResolveSymbolicLinks(const FilePath& input);
+#endif
+
 // Returns the total number of bytes used by all the files under |root_path|.
 // If the path does not exist the function returns 0.
 //
@@ -254,6 +272,8 @@ BASE_EXPORT bool ReadFromFD(int fd, char* buffer, size_t bytes);
 // Performs the same function as CreateAndOpenTemporaryStreamInDir(), but
 // returns the file-descriptor wrapped in a ScopedFD, rather than the stream
 // wrapped in a ScopedFILE.
+// The caller is responsible for deleting the file `path` points to, if
+// appropriate.
 BASE_EXPORT ScopedFD CreateAndOpenFdForTemporaryFileInDir(const FilePath& dir,
                                                           FilePath* path);
 
@@ -275,10 +295,21 @@ BASE_EXPORT bool ReadFileToStringNonBlocking(const base::FilePath& file,
 BASE_EXPORT bool CreateSymbolicLink(const FilePath& target,
                                     const FilePath& symlink);
 
-// Reads the given |symlink| and returns where it points to in |target|.
+// Reads the given |symlink| and returns the raw string in |target|.
 // Returns false upon failure.
+// IMPORTANT NOTE: if the string stored in the symlink is a relative file path,
+// it should be interpreted relative to the symlink's directory, NOT the current
+// working directory. ReadSymbolicLinkAbsolute() may be the better choice.
 BASE_EXPORT bool ReadSymbolicLink(const FilePath& symlink, FilePath* target);
 
+// Same as ReadSymbolicLink(), but properly converts it into an absolute path if
+// the link is relative.
+// Can fail if readlink() fails, or if
+// MakeAbsoluteFilePathNoResolveSymbolicLinks() fails on the resulting absolute
+// path.
+BASE_EXPORT absl::optional<FilePath> ReadSymbolicLinkAbsolute(
+    const FilePath& symlink);
+
 // Bits and masks of the file permission.
 enum FilePermissionBits {
   FILE_PERMISSION_MASK              = S_IRWXU | S_IRWXG | S_IRWXO,
@@ -341,18 +372,25 @@ BASE_EXPORT bool GetTempDir(FilePath* path);
 BASE_EXPORT FilePath GetHomeDir();
 
 // Returns a new temporary file in |dir| with a unique name. The file is opened
-// for exclusive read, write, and delete access (note: exclusivity is unique to
-// Windows). On Windows, the returned file supports File::DeleteOnClose.
+// for exclusive read, write, and delete access.
 // On success, |temp_file| is populated with the full path to the created file.
+//
+// NOTE: Exclusivity is unique to Windows. On Windows, the returned file
+// supports File::DeleteOnClose. On other platforms, the caller is responsible
+// for deleting the file `temp_file` points to, if appropriate.
 BASE_EXPORT File CreateAndOpenTemporaryFileInDir(const FilePath& dir,
                                                  FilePath* temp_file);
 
-// Creates a temporary file. The full path is placed in |path|, and the
+// Creates a temporary file. The full path is placed in `path`, and the
 // function returns true if was successful in creating the file. The file will
 // be empty and all handles closed after this function returns.
+// The caller is responsible for deleting the file `path` points to, if
+// appropriate.
 BASE_EXPORT bool CreateTemporaryFile(FilePath* path);
 
-// Same as CreateTemporaryFile but the file is created in |dir|.
+// Same as CreateTemporaryFile() but the file is created in `dir`.
+// The caller is responsible for deleting the file `temp_file` points to, if
+// appropriate.
 BASE_EXPORT bool CreateTemporaryFileInDir(const FilePath& dir,
                                           FilePath* temp_file);
 
@@ -362,14 +400,28 @@ BASE_EXPORT FilePath
 FormatTemporaryFileName(FilePath::StringPieceType identifier);
 
 // Create and open a temporary file stream for exclusive read, write, and delete
-// access (note: exclusivity is unique to Windows). The full path is placed in
-// |path|. Returns the opened file stream, or null in case of error.
+// access. The full path is placed in `path`. Returns the opened file stream, or
+// null in case of error.
+// NOTE: Exclusivity is unique to Windows. On Windows, the returned file
+// supports File::DeleteOnClose. On other platforms, the caller is responsible
+// for deleting the file `path` points to, if appropriate.
 BASE_EXPORT ScopedFILE CreateAndOpenTemporaryStream(FilePath* path);
 
-// Similar to CreateAndOpenTemporaryStream, but the file is created in |dir|.
+// Similar to CreateAndOpenTemporaryStream(), but the file is created in `dir`.
 BASE_EXPORT ScopedFILE CreateAndOpenTemporaryStreamInDir(const FilePath& dir,
                                                          FilePath* path);
 
+#if BUILDFLAG(IS_WIN)
+// Retrieves the path `%systemroot%\SystemTemp`, if available, else retrieves
+// `%programfiles%`.
+// Returns the path in `temp` and `true` if the path is writable by the caller,
+// which is usually only when the caller is running as admin or system.
+// Returns `false` otherwise.
+// Both paths are only accessible to admin and system processes, and are
+// therefore secure.
+BASE_EXPORT bool GetSecureSystemTemp(FilePath* temp);
+#endif  // BUILDFLAG(IS_WIN)
+
 // Do NOT USE in new code. Use ScopedTempDir instead.
 // TODO(crbug.com/561597) Remove existing usage and make this an implementation
 // detail inside ScopedTempDir.
@@ -379,11 +431,11 @@ BASE_EXPORT ScopedFILE CreateAndOpenTemporaryStreamInDir(const FilePath& dir,
 // NOTE: prefix is ignored in the POSIX implementation.
 // If success, return true and output the full path of the directory created.
 //
-// For Windows, this directory is usually created in a secure location under
-// %ProgramFiles% if the caller is admin. This is because the default %TEMP%
-// folder for Windows is insecure, since low privilege users can get the path of
-// folders under %TEMP% after creation and are able to create subfolders and
-// files within these folders which can lead to privilege escalation.
+// For Windows, this directory is usually created in a secure location if the
+// caller is admin. This is because the default %TEMP% folder for Windows is
+// insecure, since low privilege users can get the path of folders under %TEMP%
+// after creation and are able to create subfolders and files within these
+// folders which can lead to privilege escalation.
 BASE_EXPORT bool CreateNewTempDirectory(const FilePath::StringType& prefix,
                                         FilePath* new_temp_path);