Integrated obfuscation with quota; all unit tests now pass

webkit/fileapi/sandbox_mount_point_provider.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "webkit/fileapi/sandbox_mount_point_provider.h"
 
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/memory/scoped_callback_factory.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop.h"
 #include "base/message_loop_proxy.h"
 #include "base/rand_util.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
-#include "base/utf_string_conversions.h"
 #include "googleurl/src/gurl.h"
 #include "net/base/net_util.h"
-#include "third_party/WebKit/Source/WebKit/chromium/public/WebCString.h"
-#include "third_party/WebKit/Source/WebKit/chromium/public/WebSecurityOrigin.h"
-#include "third_party/WebKit/Source/WebKit/chromium/public/WebString.h"
 #include "webkit/fileapi/file_system_path_manager.h"
 #include "webkit/fileapi/file_system_types.h"
 #include "webkit/fileapi/file_system_usage_cache.h"
 #include "webkit/fileapi/file_system_util.h"
 #include "webkit/fileapi/local_file_system_file_util.h"
 #include "webkit/fileapi/obfuscated_file_system_file_util.h"
 #include "webkit/fileapi/sandbox_mount_point_provider.h"
 #include "webkit/glue/webkit_glue.h"
 #include "webkit/quota/quota_manager.h"
 
@@ skipping 24 matching lines @@
 
 inline std::string FilePathStringToASCII(
     const FilePath::StringType& path_string) {
 #if defined(OS_WIN)
   return WideToASCII(path_string);
 #elif defined(OS_POSIX)
   return path_string;
 #endif
 }
 
-// TODO(kinuko): Merge these two methods (conversion methods between
-// origin url <==> identifier) with the ones in the database module.
-std::string GetOriginIdentifierFromURL(const GURL& url) {
-  WebKit::WebSecurityOrigin web_security_origin =
-      WebKit::WebSecurityOrigin::createFromString(UTF8ToUTF16(url.spec()));
-  return web_security_origin.databaseIdentifier().utf8();
-}
-
-GURL GetOriginURLFromIdentifier(const std::string& origin_identifier) {
-  WebKit::WebSecurityOrigin web_security_origin =
-      WebKit::WebSecurityOrigin::createFromDatabaseIdentifier(
-          UTF8ToUTF16(origin_identifier));
-  GURL origin_url(web_security_origin.toString());
-
-  // We need this work-around for file:/// URIs as
-  // createFromDatabaseIdentifier returns empty origin_url for them.
-  if (origin_url.spec().empty() &&
-      origin_identifier.find("file__") == 0)
-    return GURL("file:///");
-  return origin_url;
-}
-
 FilePath::StringType CreateUniqueDirectoryName(const GURL& origin_url) {
   // This can be anything but need to be unpredictable.
   static const FilePath::CharType letters[] = FILE_PATH_LITERAL(
     "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
   FilePath::StringType unique(kFileSystemUniqueNamePrefix);
   for (int i = 0; i < kFileSystemUniqueLength; ++i)
     unique += letters[base::RandInt(0, arraysize(letters) - 2)];
   return unique;
 }
 
@@ skipping 33 matching lines @@
     return FilePath();
 
   // Creates the root directory.
   root = origin_base_path.Append(CreateUniqueDirectoryName(origin_url));
   if (!file_util::CreateDirectory(root))
     return FilePath();
 
   return root;
 }
 
+class ObfuscatedOriginEnumerator
+    : public fileapi::SandboxMountPointProvider::OriginEnumerator {
+ public:
+  explicit ObfuscatedOriginEnumerator(
+      fileapi::ObfuscatedFileSystemFileUtil* file_util) {
+    enum_.reset(file_util->CreateOriginEnumerator());
+  }
+  virtual ~ObfuscatedOriginEnumerator() {}
+
+  virtual GURL Next() OVERRIDE {
+    return enum_->Next();
+  }
+
+  virtual bool HasFileSystemType(fileapi::FileSystemType type) const OVERRIDE {
+    return enum_->HasFileSystemType(type);
+  }
+
+ private:
+  scoped_ptr<fileapi::ObfuscatedFileSystemFileUtil::AbstractOriginEnumerator>
+      enum_;
+};
+
 class SandboxOriginEnumerator
     : public fileapi::SandboxMountPointProvider::OriginEnumerator {
  public:
   explicit SandboxOriginEnumerator(const FilePath& base_path)
       : enumerator_(base_path, false /* recursive */,
                     file_util::FileEnumerator::DIRECTORIES) {}
   virtual ~SandboxOriginEnumerator() {}
 
   virtual GURL Next() OVERRIDE {
     current_ = enumerator_.Next();
     if (current_.empty())
       return GURL();
-    return GetOriginURLFromIdentifier(
+    return fileapi::GetOriginURLFromIdentifier(
         FilePathStringToASCII(current_.BaseName().value()));
   }
 
   virtual bool HasFileSystemType(fileapi::FileSystemType type) const OVERRIDE {
     if (current_.empty())
       return false;
     std::string directory =
         fileapi::FileSystemPathManager::GetFileSystemTypeString(type);
     DCHECK(!directory.empty());
     return file_util::DirectoryExists(current_.AppendASCII(directory));
@@ skipping 94 matching lines @@
 
   scoped_refptr<base::MessageLoopProxy> file_message_loop_;
   scoped_refptr<base::MessageLoopProxy> origin_message_loop_proxy_;
   GURL origin_url_;
   FilePath origin_base_path_;
   FileSystemType type_;
   scoped_refptr<ObfuscatedFileSystemFileUtil> file_util_;
   scoped_ptr<FileSystemPathManager::GetRootPathCallback> callback_;
 };
 
-FilePath SandboxMountPointProvider::GetFileSystemRootPathOnFileThread(
-    const GURL& origin_url, FileSystemType type, bool create) {
-  if (CommandLine::ForCurrentProcess()->HasSwitch(kObfuscationFlag))
-    return sandbox_file_util_->GetDirectoryForOriginAndType(
-        origin_url, type, create);
-
-  std::string name;
-  FilePath origin_base_path;
-  if (!GetOriginBasePathAndName(origin_url, &origin_base_path, type, &name))
-    return FilePath();
-
-  return GetFileSystemRootPathOnFileThreadHelper(
-      origin_url, origin_base_path, create);
-}
-
 bool SandboxMountPointProvider::IsRestrictedFileName(const FilePath& filename)
     const {
   if (filename.value().empty())
     return false;
 
   if (IsWhitespace(filename.value()[filename.value().size() - 1]) ||
       filename.value()[filename.value().size() - 1] == '.')
     return true;
 
   std::string filename_lower = StringToLowerASCII(
@@ skipping 20 matching lines @@
 std::vector<FilePath> SandboxMountPointProvider::GetRootDirectories() const {
   NOTREACHED();
   // TODO(ericu): Implement this method and check for access permissions as
   // fileBrowserPrivate extension API does. We currently have another mechanism,
   // but we should switch over.
   return  std::vector<FilePath>();
 }
 
 SandboxMountPointProvider::OriginEnumerator*
 SandboxMountPointProvider::CreateOriginEnumerator() const {
+  if (CommandLine::ForCurrentProcess()->HasSwitch(kObfuscationFlag))
+    return new ObfuscatedOriginEnumerator(sandbox_file_util_.get());
   return new SandboxOriginEnumerator(base_path_);
 }
 
 void SandboxMountPointProvider::ValidateFileSystemRootAndGetURL(
     const GURL& origin_url, fileapi::FileSystemType type,
     bool create, FileSystemPathManager::GetRootPathCallback* callback_ptr) {
   scoped_ptr<FileSystemPathManager::GetRootPathCallback> callback(callback_ptr);
   ObfuscatedFileSystemFileUtil* file_util = NULL;
   FilePath origin_base_path;
+
+  if (path_manager_->is_incognito()) {
+    // TODO(kinuko): return an isolated temporary directory.
+    callback->Run(false, FilePath(), std::string());
+    return;
+  }
+
+  if (!path_manager_->IsAllowedScheme(origin_url)) {
+    callback->Run(false, FilePath(), std::string());
+    return;
+  }
+
   if (CommandLine::ForCurrentProcess()->HasSwitch(kObfuscationFlag)) {
     file_util = sandbox_file_util_.get();
   } else {
     std::string name;
     if (!GetOriginBasePathAndName(origin_url, &origin_base_path, type, &name)) {
       callback->Run(false, FilePath(), std::string());
       return;
     }
   }
 
   scoped_refptr<GetFileSystemRootPathTask> task(
       new GetFileSystemRootPathTask(file_message_loop_,
                                     origin_url,
                                     origin_base_path,
                                     type,
                                     file_util,
                                     callback.release()));
   task->Start(create);
 };
 
 FilePath
 SandboxMountPointProvider::ValidateFileSystemRootAndGetPathOnFileThread(
     const GURL& origin_url, FileSystemType type, const FilePath& unused,
     bool create) {
-  return GetFileSystemRootPathOnFileThread(origin_url, type, create);
+  if (path_manager_->is_incognito())
+    // TODO(kinuko): return an isolated temporary directory.
+    return FilePath();
+
+  if (!path_manager_->IsAllowedScheme(origin_url))
+    return FilePath();
+
+  if (CommandLine::ForCurrentProcess()->HasSwitch(kObfuscationFlag))
+    return sandbox_file_util_->GetDirectoryForOriginAndType(
+        origin_url, type, create);
+
+  std::string name;
+  FilePath origin_base_path;
+  if (!GetOriginBasePathAndName(origin_url, &origin_base_path, type, &name))
+    return FilePath();
+
+  return GetFileSystemRootPathOnFileThreadHelper(
+      origin_url, origin_base_path, create);
 }
 
 FilePath SandboxMountPointProvider::GetBaseDirectoryForOrigin(
-    const GURL& origin_url) const {
+    const GURL& origin_url, bool create) const {
+  if (CommandLine::ForCurrentProcess()->HasSwitch(kObfuscationFlag))
+    return sandbox_file_util_->GetDirectoryForOrigin(
+      origin_url, create);
   return base_path_.AppendASCII(GetOriginIdentifierFromURL(origin_url));
 }
 
 // Needed for the old way of doing things.
 FilePath SandboxMountPointProvider::GetBaseDirectoryForOriginAndType(
-    const GURL& origin_url, fileapi::FileSystemType type) const {
+    const GURL& origin_url, fileapi::FileSystemType type, bool create) const {
+  if (CommandLine::ForCurrentProcess()->HasSwitch(kObfuscationFlag))
+    return sandbox_file_util_->GetDirectoryForOriginAndType(
+      origin_url, type, create);
   std::string type_string =
       FileSystemPathManager::GetFileSystemTypeString(type);
   if (type_string.empty()) {
     LOG(WARNING) << "Unknown filesystem type is requested:" << type;
     return FilePath();
   }
-  return GetBaseDirectoryForOrigin(origin_url).AppendASCII(type_string);
+  return GetBaseDirectoryForOrigin(origin_url, create).AppendASCII(type_string);
 }
 
 bool SandboxMountPointProvider::DeleteOriginDataOnFileThread(
     QuotaManagerProxy* proxy, const GURL& origin_url,
     fileapi::FileSystemType type) {
-  FilePath path_for_origin = GetBaseDirectoryForOriginAndType(origin_url,
-                                                              type);
+  FilePath path_for_origin =
+      GetBaseDirectoryForOriginAndType(origin_url, type, false);
   if (!file_util::PathExists(path_for_origin))
     return true;
 
   int64 usage = GetOriginUsageOnFileThread(origin_url, type);
   bool result = file_util::Delete(path_for_origin, true /* recursive */);
   if (result && proxy) {
     proxy->NotifyStorageModified(
         quota::QuotaClient::kFileSystem,
         origin_url,
         FileSystemTypeToQuotaStorageType(type),
@@ skipping 27 matching lines @@
     if (host == net::GetHostOrSpecFromURL(origin) &&
         enumerator->HasFileSystemType(type))
       origins->insert(origin);
   }
 }
 
 int64 SandboxMountPointProvider::GetOriginUsageOnFileThread(
     const GURL& origin_url, fileapi::FileSystemType type) {
   DCHECK(type == fileapi::kFileSystemTypeTemporary ||
          type == fileapi::kFileSystemTypePersistent);
-  FilePath base_path = GetBaseDirectoryForOriginAndType(origin_url, type);
+  FilePath base_path =
+      GetBaseDirectoryForOriginAndType(origin_url, type, false);
   if (!file_util::DirectoryExists(base_path))
     return 0;
 
   FilePath usage_file_path = base_path.AppendASCII(
       FileSystemUsageCache::kUsageFileName);
   int32 dirty_status = FileSystemUsageCache::GetDirty(usage_file_path);
   bool visited = (visited_origins_.find(origin_url) != visited_origins_.end());
   visited_origins_.insert(origin_url);
   if (dirty_status == 0 || (dirty_status > 0 && visited)) {
     // The usage cache is clean (dirty == 0) or the origin is already
@@ skipping 66 matching lines @@
   return LocalFileSystemFileUtil::GetInstance();
 }
 
 // Needed for the old way of doing things.
 bool SandboxMountPointProvider::GetOriginBasePathAndName(
     const GURL& origin_url,
     FilePath* origin_base_path,
     FileSystemType type,
     std::string* name) {
 
-//  TODO(ericu): Put the incognito and allowed scheme checks somewhere in the
-//  obfuscated code as well.
-  if (path_manager_->is_incognito())
-    // TODO(kinuko): return an isolated temporary directory.
-    return false;
-
-  if (!path_manager_->IsAllowedScheme(origin_url))
-    return false;
-
-  *origin_base_path = GetBaseDirectoryForOriginAndType(origin_url, type);
+  *origin_base_path = GetBaseDirectoryForOriginAndType(origin_url, type, false);
   if (origin_base_path->empty())
     return false;
 
   std::string origin_identifier = GetOriginIdentifierFromURL(origin_url);
   std::string type_string =
       FileSystemPathManager::GetFileSystemTypeString(type);
   DCHECK(!type_string.empty());
   if (name)
     *name = origin_identifier + ":" + type_string;
   return true;
 }
 
 FilePath SandboxMountPointProvider::GetUsageCachePathForOriginAndType(
     const GURL& origin_url, fileapi::FileSystemType type) const {
-  FilePath base_path = GetBaseDirectoryForOriginAndType(origin_url, type);
+  FilePath base_path =
+      GetBaseDirectoryForOriginAndType(origin_url, type, false);
   return base_path.AppendASCII(FileSystemUsageCache::kUsageFileName);

[kinuko, 2011/05/23 05:15:41]

In obfuscated cases we create this file under the origin/{'t', 'p'} directory
but since it's not added to the db it won't be visible to the users... correct? 
(If fsck code may become a bit complicated because of this we can create a file
under the origin directory with a name like '.usage-t' '.usage-p' or something
like that.  If that's not the case lgtm for this particular part)

[ericu, 2011/05/23 05:23:26]

Right, the usage file is FileSystem/[origin #]/t/[usage file name], and since
it's not in the database, it's invisible to the user.
The data files are e.g. FileSystem/000/t/01/00000102 [or
FileSystem/000/t/Legacy/path/to/file.txt for migrated files], so it will be easy
for the fsck code to tell them apart from FileSystem/000/t/.usage.

[kinuko, 2011/05/23 05:54:28]

thx, sgtm.

 }
 
 }  // namespace fileapi