OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "webkit/fileapi/sandbox_mount_point_provider.h" | 5 #include "webkit/fileapi/sandbox_mount_point_provider.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
11 #include "base/message_loop.h" | 11 #include "base/message_loop.h" |
12 #include "base/message_loop_proxy.h" | 12 #include "base/message_loop_proxy.h" |
13 #include "base/rand_util.h" | 13 #include "base/rand_util.h" |
14 #include "base/string_util.h" | 14 #include "base/string_util.h" |
15 #include "base/stringprintf.h" | 15 #include "base/stringprintf.h" |
16 #include "base/metrics/histogram.h" | 16 #include "base/metrics/histogram.h" |
17 #include "googleurl/src/gurl.h" | 17 #include "googleurl/src/gurl.h" |
18 #include "net/base/net_util.h" | 18 #include "net/base/net_util.h" |
19 #include "webkit/fileapi/file_system_operation.h" | |
19 #include "webkit/fileapi/file_system_operation_context.h" | 20 #include "webkit/fileapi/file_system_operation_context.h" |
20 #include "webkit/fileapi/file_system_options.h" | 21 #include "webkit/fileapi/file_system_options.h" |
21 #include "webkit/fileapi/file_system_types.h" | 22 #include "webkit/fileapi/file_system_types.h" |
22 #include "webkit/fileapi/file_system_usage_cache.h" | 23 #include "webkit/fileapi/file_system_usage_cache.h" |
23 #include "webkit/fileapi/file_system_util.h" | 24 #include "webkit/fileapi/file_system_util.h" |
24 #include "webkit/fileapi/obfuscated_file_util.h" | 25 #include "webkit/fileapi/obfuscated_file_util.h" |
25 #include "webkit/fileapi/quota_file_util.h" | 26 #include "webkit/fileapi/quota_file_util.h" |
26 #include "webkit/glue/webkit_glue.h" | 27 #include "webkit/glue/webkit_glue.h" |
27 #include "webkit/quota/quota_manager.h" | 28 #include "webkit/quota/quota_manager.h" |
28 | 29 |
29 using quota::QuotaManagerProxy; | 30 using quota::QuotaManagerProxy; |
30 | 31 |
32 namespace fileapi { | |
ericu
2012/01/09 18:44:44
Please remove all the "fileapi::" that are now unn
kinuko
2012/01/10 09:48:53
Done.
| |
33 | |
31 namespace { | 34 namespace { |
32 | 35 |
33 const char kChromeScheme[] = "chrome"; | 36 const char kChromeScheme[] = "chrome"; |
34 const char kExtensionScheme[] = "chrome-extension"; | 37 const char kExtensionScheme[] = "chrome-extension"; |
35 | 38 |
36 const FilePath::CharType kOldFileSystemUniqueNamePrefix[] = | 39 const FilePath::CharType kOldFileSystemUniqueNamePrefix[] = |
37 FILE_PATH_LITERAL("chrome-"); | 40 FILE_PATH_LITERAL("chrome-"); |
38 const size_t kOldFileSystemUniqueLength = 16; | 41 const size_t kOldFileSystemUniqueLength = 16; |
39 const size_t kOldFileSystemUniqueDirectoryNameLength = | 42 const size_t kOldFileSystemUniqueDirectoryNameLength = |
40 kOldFileSystemUniqueLength + arraysize(kOldFileSystemUniqueNamePrefix) - 1; | 43 kOldFileSystemUniqueLength + arraysize(kOldFileSystemUniqueNamePrefix) - 1; |
(...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
249 // done before anyone looks up a filesystem. Most entry points start by trying | 252 // done before anyone looks up a filesystem. Most entry points start by trying |
250 // to look up the filesystem's root, so we can take care of most of them by | 253 // to look up the filesystem's root, so we can take care of most of them by |
251 // putting a check there. | 254 // putting a check there. |
252 void MigrateIfNeeded( | 255 void MigrateIfNeeded( |
253 fileapi::ObfuscatedFileUtil* file_util, | 256 fileapi::ObfuscatedFileUtil* file_util, |
254 const FilePath& old_base_path) { | 257 const FilePath& old_base_path) { |
255 if (file_util::DirectoryExists(old_base_path)) | 258 if (file_util::DirectoryExists(old_base_path)) |
256 MigrateAllOldFileSystems(file_util, old_base_path); | 259 MigrateAllOldFileSystems(file_util, old_base_path); |
257 } | 260 } |
258 | 261 |
262 void PassPointerErrorByValue( | |
263 const base::Callback<void(PlatformFileError)>& callback, | |
264 PlatformFileError* error_ptr) { | |
265 DCHECK(error_ptr); | |
266 callback.Run(*error_ptr); | |
267 } | |
268 | |
269 void ValidateRootOnFileThread(ObfuscatedFileUtil* file_util, | |
270 const GURL& origin_url, | |
271 FileSystemType type, | |
272 const FilePath& old_base_path, | |
273 bool create, | |
274 base::PlatformFileError* error_ptr) { | |
275 DCHECK(error_ptr); | |
276 MigrateIfNeeded(file_util, old_base_path); | |
277 FilePath root_path = | |
278 file_util->GetDirectoryForOriginAndType(origin_url, type, create); | |
279 if (root_path.empty()) { | |
280 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, | |
281 kCreateDirectoryError, | |
282 kFileSystemErrorMax); | |
283 // TODO(kinuko): We should return appropriate error code. | |
284 *error_ptr = base::PLATFORM_FILE_ERROR_FAILED; | |
285 } else { | |
286 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, kOK, kFileSystemErrorMax); | |
287 *error_ptr = base::PLATFORM_FILE_OK; | |
288 } | |
289 // The reference of file_util will be derefed on the FILE thread | |
290 // when the storage of this callback gets deleted regardless of whether | |
291 // this method is called or not. | |
292 } | |
293 | |
259 } // anonymous namespace | 294 } // anonymous namespace |
260 | 295 |
261 namespace fileapi { | |
262 | |
263 const FilePath::CharType SandboxMountPointProvider::kOldFileSystemDirectory[] = | 296 const FilePath::CharType SandboxMountPointProvider::kOldFileSystemDirectory[] = |
264 FILE_PATH_LITERAL("FileSystem"); | 297 FILE_PATH_LITERAL("FileSystem"); |
265 | 298 |
266 const FilePath::CharType SandboxMountPointProvider::kNewFileSystemDirectory[] = | 299 const FilePath::CharType SandboxMountPointProvider::kNewFileSystemDirectory[] = |
267 FILE_PATH_LITERAL("File System"); | 300 FILE_PATH_LITERAL("File System"); |
268 | 301 |
269 const FilePath::CharType | 302 const FilePath::CharType |
270 SandboxMountPointProvider::kRenamedOldFileSystemDirectory[] = | 303 SandboxMountPointProvider::kRenamedOldFileSystemDirectory[] = |
271 FILE_PATH_LITERAL("FS.old"); | 304 FILE_PATH_LITERAL("FS.old"); |
272 | 305 |
273 class SandboxMountPointProvider::GetFileSystemRootPathTask | |
274 : public base::RefCountedThreadSafe< | |
275 SandboxMountPointProvider::GetFileSystemRootPathTask> { | |
276 public: | |
277 GetFileSystemRootPathTask( | |
278 scoped_refptr<base::MessageLoopProxy> file_message_loop, | |
279 const GURL& origin_url, | |
280 FileSystemType type, | |
281 ObfuscatedFileUtil* file_util, | |
282 const FilePath& old_base_path, | |
283 const FileSystemMountPointProvider::GetRootPathCallback& callback) | |
284 : file_message_loop_(file_message_loop), | |
285 origin_message_loop_proxy_( | |
286 base::MessageLoopProxy::current()), | |
287 origin_url_(origin_url), | |
288 type_(type), | |
289 file_util_(file_util), | |
290 old_base_path_(old_base_path), | |
291 callback_(callback) { | |
292 } | |
293 | |
294 virtual ~GetFileSystemRootPathTask() { | |
295 // Just in case we get deleted without running, make sure to clean up the | |
296 // file_util_ on the right thread. | |
297 if (file_util_.get() && !file_message_loop_->BelongsToCurrentThread()) | |
298 file_message_loop_->ReleaseSoon(FROM_HERE, file_util_.release()); | |
299 } | |
300 | |
301 void Start(bool create) { | |
302 file_message_loop_->PostTask( | |
303 FROM_HERE, | |
304 base::Bind( | |
305 &GetFileSystemRootPathTask::GetFileSystemRootPathOnFileThread, this, | |
306 create)); | |
307 } | |
308 | |
309 private: | |
310 void GetFileSystemRootPathOnFileThread(bool create) { | |
311 MigrateIfNeeded(file_util_, old_base_path_); | |
312 DispatchCallbackOnCallerThread( | |
313 file_util_->GetDirectoryForOriginAndType(origin_url_, type_, create)); | |
314 // We must clear the reference on the file thread. | |
315 file_util_ = NULL; | |
316 } | |
317 | |
318 void DispatchCallbackOnCallerThread(const FilePath& root_path) { | |
319 if (root_path.empty()) { | |
320 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, | |
321 kCreateDirectoryError, | |
322 kFileSystemErrorMax); | |
323 } | |
324 origin_message_loop_proxy_->PostTask( | |
325 FROM_HERE, | |
326 base::Bind(&GetFileSystemRootPathTask::DispatchCallback, this, | |
327 root_path)); | |
328 } | |
329 | |
330 void DispatchCallback(const FilePath& root_path) { | |
331 std::string origin_identifier = GetOriginIdentifierFromURL(origin_url_); | |
332 std::string type_string = GetFileSystemTypeString(type_); | |
333 DCHECK(!type_string.empty()); | |
334 std::string name = origin_identifier + ":" + type_string; | |
335 | |
336 if (!root_path.empty()) | |
337 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, kOK, kFileSystemErrorMax); | |
338 | |
339 callback_.Run(!root_path.empty(), root_path, name); | |
340 callback_.Reset(); | |
341 } | |
342 | |
343 scoped_refptr<base::MessageLoopProxy> file_message_loop_; | |
344 scoped_refptr<base::MessageLoopProxy> origin_message_loop_proxy_; | |
345 GURL origin_url_; | |
346 FileSystemType type_; | |
347 scoped_refptr<ObfuscatedFileUtil> file_util_; | |
348 FilePath old_base_path_; | |
349 FileSystemMountPointProvider::GetRootPathCallback callback_; | |
350 }; | |
351 | |
352 SandboxMountPointProvider::SandboxMountPointProvider( | 306 SandboxMountPointProvider::SandboxMountPointProvider( |
353 scoped_refptr<base::MessageLoopProxy> file_message_loop, | 307 scoped_refptr<base::MessageLoopProxy> file_message_loop, |
354 const FilePath& profile_path, | 308 const FilePath& profile_path, |
355 const FileSystemOptions& file_system_options) | 309 const FileSystemOptions& file_system_options) |
356 : FileSystemQuotaUtil(file_message_loop), | 310 : FileSystemQuotaUtil(file_message_loop), |
357 file_message_loop_(file_message_loop), | 311 file_message_loop_(file_message_loop), |
358 profile_path_(profile_path), | 312 profile_path_(profile_path), |
359 file_system_options_(file_system_options), | 313 file_system_options_(file_system_options), |
360 sandbox_file_util_( | 314 sandbox_file_util_( |
361 new ObfuscatedFileUtil( | 315 new ObfuscatedFileUtil( |
362 profile_path.Append(kNewFileSystemDirectory), | 316 profile_path.Append(kNewFileSystemDirectory), |
363 QuotaFileUtil::CreateDefault())) { | 317 QuotaFileUtil::CreateDefault())) { |
364 } | 318 } |
365 | 319 |
366 SandboxMountPointProvider::~SandboxMountPointProvider() { | 320 SandboxMountPointProvider::~SandboxMountPointProvider() { |
367 if (!file_message_loop_->BelongsToCurrentThread()) | 321 if (!file_message_loop_->BelongsToCurrentThread()) |
368 file_message_loop_->ReleaseSoon(FROM_HERE, sandbox_file_util_.release()); | 322 file_message_loop_->ReleaseSoon(FROM_HERE, sandbox_file_util_.release()); |
369 } | 323 } |
370 | 324 |
371 bool SandboxMountPointProvider::IsAccessAllowed(const GURL& origin_url, | 325 void SandboxMountPointProvider::ValidateFileSystemRoot( |
372 FileSystemType type, | |
373 const FilePath& unused) { | |
374 if (type != kFileSystemTypeTemporary && type != kFileSystemTypePersistent) | |
375 return false; | |
376 // We essentially depend on quota to do our access controls, so here | |
377 // we only check if the requested scheme is allowed or not. | |
378 return IsAllowedScheme(origin_url); | |
379 } | |
380 | |
381 void SandboxMountPointProvider::ValidateFileSystemRootAndGetURL( | |
382 const GURL& origin_url, fileapi::FileSystemType type, bool create, | 326 const GURL& origin_url, fileapi::FileSystemType type, bool create, |
383 const FileSystemMountPointProvider::GetRootPathCallback& callback) { | 327 const ValidateFileSystemCallback& callback) { |
384 FilePath origin_base_path; | |
385 | |
386 if (file_system_options_.is_incognito()) { | 328 if (file_system_options_.is_incognito()) { |
387 // TODO(kinuko): return an isolated temporary directory. | 329 // TODO(kinuko): return an isolated temporary directory. |
388 callback.Run(false, FilePath(), std::string()); | 330 callback.Run(base::PLATFORM_FILE_ERROR_SECURITY); |
389 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, | 331 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, |
390 kIncognito, | 332 kIncognito, |
391 kFileSystemErrorMax); | 333 kFileSystemErrorMax); |
392 return; | 334 return; |
393 } | 335 } |
394 | 336 |
395 if (!IsAllowedScheme(origin_url)) { | 337 if (!IsAllowedScheme(origin_url)) { |
396 callback.Run(false, FilePath(), std::string()); | 338 callback.Run(base::PLATFORM_FILE_ERROR_SECURITY); |
397 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, | 339 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, |
398 kInvalidScheme, | 340 kInvalidScheme, |
399 kFileSystemErrorMax); | 341 kFileSystemErrorMax); |
400 return; | 342 return; |
401 } | 343 } |
402 | 344 |
403 scoped_refptr<GetFileSystemRootPathTask> task( | 345 base::PlatformFileError* error_ptr = new base::PlatformFileError; |
404 new GetFileSystemRootPathTask( | 346 file_message_loop_->PostTaskAndReply( |
405 file_message_loop_, origin_url, type, sandbox_file_util_.get(), | 347 FROM_HERE, |
406 old_base_path(), callback)); | 348 base::Bind(&ValidateRootOnFileThread, |
407 task->Start(create); | 349 sandbox_file_util_, |
350 origin_url, type, old_base_path(), create, | |
351 base::Unretained(error_ptr)), | |
352 base::Bind(base::Bind(&PassPointerErrorByValue, callback), | |
353 base::Owned(error_ptr))); | |
408 }; | 354 }; |
409 | 355 |
410 FilePath | 356 FilePath |
411 SandboxMountPointProvider::ValidateFileSystemRootAndGetPathOnFileThread( | 357 SandboxMountPointProvider::GetFileSystemRootPathOnFileThread( |
412 const GURL& origin_url, FileSystemType type, const FilePath& unused, | 358 const GURL& origin_url, FileSystemType type, const FilePath& unused, |
413 bool create) { | 359 bool create) { |
414 if (file_system_options_.is_incognito()) | 360 if (file_system_options_.is_incognito()) |
415 // TODO(kinuko): return an isolated temporary directory. | 361 // TODO(kinuko): return an isolated temporary directory. |
416 return FilePath(); | 362 return FilePath(); |
417 | 363 |
418 if (!IsAllowedScheme(origin_url)) | 364 if (!IsAllowedScheme(origin_url)) |
419 return FilePath(); | 365 return FilePath(); |
420 | 366 |
421 MigrateIfNeeded(sandbox_file_util_, old_base_path()); | 367 MigrateIfNeeded(sandbox_file_util_, old_base_path()); |
422 | 368 |
423 return sandbox_file_util_->GetDirectoryForOriginAndType( | 369 return sandbox_file_util_->GetDirectoryForOriginAndType( |
424 origin_url, type, create); | 370 origin_url, type, create); |
425 } | 371 } |
426 | 372 |
373 bool SandboxMountPointProvider::IsAccessAllowed(const GURL& origin_url, | |
374 FileSystemType type, | |
375 const FilePath& unused) { | |
376 if (type != kFileSystemTypeTemporary && type != kFileSystemTypePersistent) | |
377 return false; | |
378 // We essentially depend on quota to do our access controls, so here | |
379 // we only check if the requested scheme is allowed or not. | |
380 return IsAllowedScheme(origin_url); | |
381 } | |
382 | |
427 bool SandboxMountPointProvider::IsRestrictedFileName(const FilePath& filename) | 383 bool SandboxMountPointProvider::IsRestrictedFileName(const FilePath& filename) |
428 const { | 384 const { |
429 if (filename.value().empty()) | 385 if (filename.value().empty()) |
430 return false; | 386 return false; |
431 | 387 |
432 for (size_t i = 0; i < arraysize(kRestrictedNames); ++i) { | 388 for (size_t i = 0; i < arraysize(kRestrictedNames); ++i) { |
433 // Exact match. | 389 // Exact match. |
434 if (filename.value() == kRestrictedNames[i]) | 390 if (filename.value() == kRestrictedNames[i]) |
435 return true; | 391 return true; |
436 } | 392 } |
(...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
675 i < file_system_options_.additional_allowed_schemes().size(); | 631 i < file_system_options_.additional_allowed_schemes().size(); |
676 ++i) { | 632 ++i) { |
677 if (url.SchemeIs( | 633 if (url.SchemeIs( |
678 file_system_options_.additional_allowed_schemes()[i].c_str())) | 634 file_system_options_.additional_allowed_schemes()[i].c_str())) |
679 return true; | 635 return true; |
680 } | 636 } |
681 return false; | 637 return false; |
682 } | 638 } |
683 | 639 |
684 } // namespace fileapi | 640 } // namespace fileapi |
OLD | NEW |