From 69084e439c5e193403abd7c43bb1a5fee4a96605 Mon Sep 17 00:00:00 2001
From: Marijn Kruisselbrink <mek@chromium.org>
Date: Tue, 8 Dec 2020 19:07:00 +0000
Subject: [Backport] Security bug 1155710
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Cherry-pick of patch originally reviewed on:
https://chromium-review.googlesource.com/c/chromium/src/+/2575392:
Make sure to check read permission when iterating a directory.

Also adds unit tests for that case and a couple of other cases.

Bug: 1155710
Change-Id: Ibb6818e9608c9334641212a3f8514d963117333d
Commit-Queue: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#834787}
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
---
 .../native_file_system_directory_handle_impl.cc                   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/chromium/content/browser/file_system_access/native_file_system_directory_handle_impl.cc b/chromium/content/browser/file_system_access/native_file_system_directory_handle_impl.cc
index 8b97a1e0156..2992957115d 100644
--- a/chromium/content/browser/file_system_access/native_file_system_directory_handle_impl.cc
+++ b/chromium/content/browser/file_system_access/native_file_system_directory_handle_impl.cc
@@ -158,6 +158,14 @@ void NativeFileSystemDirectoryHandleImpl::GetEntries(
           base::OnTaskRunnerDeleter(base::SequencedTaskRunnerHandle::Get()));
   listener->reset_on_disconnect();
 
+  if (GetReadPermissionStatus() != PermissionStatus::GRANTED) {
+    (*listener)->DidReadDirectory(
+        native_file_system_error::FromStatus(
+            NativeFileSystemStatus::kPermissionDenied),
+        {}, false);
+    return;
+  }
+
   DoFileSystemOperation(
       FROM_HERE, &FileSystemOperationRunner::ReadDirectory,
       base::BindRepeating(
-- 
cgit v1.2.3