[Backport] CVE-2022-0305: Inappropriate implementation in Service Worker API

Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/3379268:
ServiceWorkerContainerHost::EnsureFileAccess: abort request processing if the requesting process lacks file access

Bug: 1282354
Change-Id: Ia37ef5b97eedb0d2ad25ffe2869844a40e5be862
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Commit-Queue: Chris Bookholt <bookholt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#957344}
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

1 files changed, 3 insertions, 1 deletions

diff --git a/chromium/content/browser/service_worker/service_worker_container_host.cc b/chromium/content/browser/service_worker/service_worker_container_host.cc
index 9a2193ac5a4..74abd00dc0f 100644
--- a/chromium/content/browser/service_worker/service_worker_container_host.cc
+++ b/chromium/content/browser/service_worker/service_worker_container_host.cc
@@ -349,10 +349,12 @@ void ServiceWorkerContainerHost::EnsureFileAccess(
     ChildProcessSecurityPolicyImpl* policy =
         ChildProcessSecurityPolicyImpl::GetInstance();
     for (const auto& file : file_paths) {
-      if (!policy->CanReadFile(process_id_, file))
+      if (!policy->CanReadFile(process_id_, file)) {
         mojo::ReportBadMessage(
             "The renderer doesn't have access to the file "
             "but it tried to grant access to the controller.");
+        return;
+      }
 
       if (!policy->CanReadFile(controller_process_id, file))
         policy->GrantReadFile(controller_process_id, file);