Add external extensions json source in proper mac location.

base/file_util_posix.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/file_util.h"
 
 #include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <fnmatch.h>
+#include <grp.h>
 #include <libgen.h>
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/errno.h>
 #include <sys/mman.h>
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <sys/time.h>
@@ skipping 24 matching lines @@
 #include "base/utf_string_conversions.h"
 
 #if defined(OS_ANDROID)
 #include "base/os_compat_android.h"
 #endif
 
 namespace file_util {
 
 namespace {
 
-// Helper for NormalizeFilePath(), defined below.
-bool RealPath(const FilePath& path, FilePath* real_path) {
-  base::ThreadRestrictions::AssertIOAllowed();  // For realpath().
-  FilePath::CharType buf[PATH_MAX];
-  if (!realpath(path.value().c_str(), buf))
-    return false;
-
-  *real_path = FilePath(buf);
-  return true;
-}
-
-}  // namespace
-
 #if defined(OS_OPENBSD) || defined(OS_FREEBSD) || \
     (defined(OS_MACOSX) && \
      MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_5)
 typedef struct stat stat_wrapper_t;
 static int CallStat(const char *path, stat_wrapper_t *sb) {
   base::ThreadRestrictions::AssertIOAllowed();
   return stat(path, sb);
 }
+static int CallLstat(const char *path, stat_wrapper_t *sb) {
+  base::ThreadRestrictions::AssertIOAllowed();
+  return lstat(path, sb);
+}
 #else
 typedef struct stat64 stat_wrapper_t;
 static int CallStat(const char *path, stat_wrapper_t *sb) {
   base::ThreadRestrictions::AssertIOAllowed();
   return stat64(path, sb);
 }
+static int CallLstat(const char *path, stat_wrapper_t *sb) {
+  base::ThreadRestrictions::AssertIOAllowed();
+  return lstat64(path, sb);
+}
 #endif
 
+// Helper for NormalizeFilePath(), defined below.
+bool RealPath(const FilePath& path, FilePath* real_path) {
+  base::ThreadRestrictions::AssertIOAllowed();  // For realpath().
+  FilePath::CharType buf[PATH_MAX];
+  if (!realpath(path.value().c_str(), buf))
+    return false;
+
+  *real_path = FilePath(buf);
+  return true;
+}
+
+// Helper for VerifyPathControlledByUser.
+bool VerifySpecificPathControlledByUser(const FilePath& path,
+                                        uid_t owner_uid,
+                                        gid_t group_gid) {
+  stat_wrapper_t stat_info;
+  if (CallLstat(path.value().c_str(), &stat_info) != 0) {
+    PLOG(ERROR) << "Failed to get information on path "
+                << path.value();
+    return false;
+  }
+
+  if (S_ISLNK(stat_info.st_mode)) {
+    LOG(ERROR) << "Path " << path.value()
+               << " is a symbolic link.";
+    return false;
+  }
+
+  if (stat_info.st_uid != owner_uid) {
+    LOG(ERROR) << "Path " << path.value()
+               << " is owned by the wrong user.";
+    return false;
+  }
+
+  if (stat_info.st_gid != group_gid) {
+    LOG(ERROR) << "Path " << path.value()
+               << " is owned by the wrong group.";
+    return false;
+  }
+
+  if (stat_info.st_mode & S_IWOTH) {
+    LOG(ERROR) << "Path " << path.value()
+               << " is writable by any user.";
+    return false;
+  }
+
+  return true;
+}
+
+}  // namespace
+
 static std::string TempFileName() {
 #if defined(OS_MACOSX)
   return StringPrintf(".%s.XXXXXX", base::mac::BaseBundleID());
 #endif
 
 #if defined(GOOGLE_CHROME_BUILD)
   return std::string(".com.google.Chrome.XXXXXX");
 #else
   return std::string(".org.chromium.Chromium.XXXXXX");
 #endif
@@ skipping 839 matching lines @@
 
   if (HANDLE_EINTR(close(infile)) < 0)
     result = false;
   if (HANDLE_EINTR(close(outfile)) < 0)
     result = false;
 
   return result;
 }
 #endif  // defined(OS_MACOSX)
 
+bool VerifyPathControlledByUser(const FilePath& base,
+                                const FilePath& path,
+                                uid_t owner_uid,
+                                gid_t group_gid) {
+  if (base != path && !base.IsParent(path)) {
+     LOG(ERROR) << "|base| must be a subdirectory of |path|.  base = \""
+                << base.value() << "\", path = \"" << path.value() << "\"";
+     return false;
+  }
+
+  std::vector<FilePath::StringType> base_components;
+  std::vector<FilePath::StringType> path_components;
+
+  base.GetComponents(&base_components);
+  path.GetComponents(&path_components);
+
+  std::vector<FilePath::StringType>::const_iterator ib, ip;
+  for (ib = base_components.begin(), ip = path_components.begin();
+       ib != base_components.end(); ++ib, ++ip) {
+    // |base| must be a subpath of |path|, so all components should match.
+    // If these CHECKs fail, look at the test that base is a parent of
+    // path at the top of this function.
+    CHECK(ip != path_components.end());
+    CHECK(*ip == *ib);
+  }
+
+  FilePath current_path = base;
+  if (!VerifySpecificPathControlledByUser(current_path, owner_uid, group_gid))
+    return false;
+
+  for (; ip != path_components.end(); ++ip) {
+    current_path = current_path.Append(*ip);
+    if (!VerifySpecificPathControlledByUser(current_path, owner_uid, group_gid))
+      return false;
+  }
+  return true;
+}
+
+#if defined(OS_MACOSX)
+bool VerifyPathControlledByAdmin(const FilePath& path) {
+  const unsigned kRootUid = 0;
+  const FilePath kFileSystemRoot("/");
+
+  // The name of the administrator group on mac os.
+  const char kAdminGroupName[] = "admin";
+
+  // Reading the groups database may touch the file system.
+  base::ThreadRestrictions::AssertIOAllowed();
+
+  struct group *group_record = getgrnam(kAdminGroupName);
+  if (!group_record) {
+    PLOG(ERROR) << "Could not get the group ID of group \""
+                << kAdminGroupName << "\".";
+    return false;
+  }
+
+  return VerifyPathControlledByUser(
+      kFileSystemRoot, path, kRootUid, group_record->gr_gid);
+}
+#endif  // defined(OS_MACOSX)
+
 }  // namespace file_util