OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "webkit/fileapi/sandbox_mount_point_provider.h" | 5 #include "webkit/fileapi/sandbox_mount_point_provider.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/logging.h" | 9 #include "base/logging.h" |
10 #include "base/memory/scoped_callback_factory.h" | 10 #include "base/memory/scoped_callback_factory.h" |
11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
12 #include "base/message_loop.h" | 12 #include "base/message_loop.h" |
13 #include "base/message_loop_proxy.h" | 13 #include "base/message_loop_proxy.h" |
14 #include "base/rand_util.h" | 14 #include "base/rand_util.h" |
15 #include "base/string_util.h" | 15 #include "base/string_util.h" |
16 #include "base/stringprintf.h" | 16 #include "base/stringprintf.h" |
17 #include "base/metrics/histogram.h" | 17 #include "base/metrics/histogram.h" |
18 #include "googleurl/src/gurl.h" | 18 #include "googleurl/src/gurl.h" |
19 #include "net/base/net_util.h" | 19 #include "net/base/net_util.h" |
20 #include "webkit/fileapi/file_system_operation.h" | |
20 #include "webkit/fileapi/file_system_operation_context.h" | 21 #include "webkit/fileapi/file_system_operation_context.h" |
21 #include "webkit/fileapi/file_system_options.h" | 22 #include "webkit/fileapi/file_system_options.h" |
22 #include "webkit/fileapi/file_system_types.h" | 23 #include "webkit/fileapi/file_system_types.h" |
23 #include "webkit/fileapi/file_system_usage_cache.h" | 24 #include "webkit/fileapi/file_system_usage_cache.h" |
24 #include "webkit/fileapi/file_system_util.h" | 25 #include "webkit/fileapi/file_system_util.h" |
25 #include "webkit/fileapi/obfuscated_file_util.h" | 26 #include "webkit/fileapi/obfuscated_file_util.h" |
26 #include "webkit/fileapi/quota_file_util.h" | 27 #include "webkit/fileapi/quota_file_util.h" |
27 #include "webkit/glue/webkit_glue.h" | 28 #include "webkit/glue/webkit_glue.h" |
28 #include "webkit/quota/quota_manager.h" | 29 #include "webkit/quota/quota_manager.h" |
29 | 30 |
(...skipping 234 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
264 const FilePath::CharType SandboxMountPointProvider::kOldFileSystemDirectory[] = | 265 const FilePath::CharType SandboxMountPointProvider::kOldFileSystemDirectory[] = |
265 FILE_PATH_LITERAL("FileSystem"); | 266 FILE_PATH_LITERAL("FileSystem"); |
266 | 267 |
267 const FilePath::CharType SandboxMountPointProvider::kNewFileSystemDirectory[] = | 268 const FilePath::CharType SandboxMountPointProvider::kNewFileSystemDirectory[] = |
268 FILE_PATH_LITERAL("File System"); | 269 FILE_PATH_LITERAL("File System"); |
269 | 270 |
270 const FilePath::CharType | 271 const FilePath::CharType |
271 SandboxMountPointProvider::kRenamedOldFileSystemDirectory[] = | 272 SandboxMountPointProvider::kRenamedOldFileSystemDirectory[] = |
272 FILE_PATH_LITERAL("FS.old"); | 273 FILE_PATH_LITERAL("FS.old"); |
273 | 274 |
274 class SandboxMountPointProvider::GetFileSystemRootPathTask | 275 class ValidateFileSystemRootHelper { |
275 : public base::RefCountedThreadSafe< | |
276 SandboxMountPointProvider::GetFileSystemRootPathTask> { | |
277 public: | 276 public: |
278 GetFileSystemRootPathTask( | 277 typedef FileSystemMountPointProvider::ValidateFileSystemCallback Callback; |
279 scoped_refptr<base::MessageLoopProxy> file_message_loop, | 278 |
280 const GURL& origin_url, | 279 ValidateFileSystemRootHelper( |
281 FileSystemType type, | 280 base::MessageLoopProxy* file_message_loop, |
282 ObfuscatedFileUtil* file_util, | 281 ObfuscatedFileUtil* file_util) |
283 const FilePath& old_base_path, | |
284 const FileSystemMountPointProvider::GetRootPathCallback& callback) | |
285 : file_message_loop_(file_message_loop), | 282 : file_message_loop_(file_message_loop), |
286 origin_message_loop_proxy_( | |
287 base::MessageLoopProxy::current()), | |
288 origin_url_(origin_url), | |
289 type_(type), | |
290 file_util_(file_util), | 283 file_util_(file_util), |
291 old_base_path_(old_base_path), | 284 error_(base::PLATFORM_FILE_OK) { |
292 callback_(callback) { | |
293 } | 285 } |
294 | 286 |
295 virtual ~GetFileSystemRootPathTask() { | 287 ~ValidateFileSystemRootHelper() { |
296 // Just in case we get deleted without running, make sure to clean up the | 288 // Just in case we get deleted without running, make sure to clean up the |
297 // file_util_ on the right thread. | 289 // file_util_ on the right thread. |
298 if (file_util_.get() && !file_message_loop_->BelongsToCurrentThread()) | 290 if (file_util_.get() && !file_message_loop_->BelongsToCurrentThread()) |
299 file_message_loop_->ReleaseSoon(FROM_HERE, file_util_.release()); | 291 file_message_loop_->ReleaseSoon(FROM_HERE, file_util_.release()); |
300 } | 292 } |
301 | 293 |
302 void Start(bool create) { | 294 void RunOnFileThread(const GURL& origin_url, |
303 file_message_loop_->PostTask( | 295 FileSystemType type, |
304 FROM_HERE, | 296 const FilePath& old_base_path, |
305 base::Bind( | 297 bool create) { |
306 &GetFileSystemRootPathTask::GetFileSystemRootPathOnFileThread, this, | 298 MigrateIfNeeded(file_util_, old_base_path); |
307 create)); | 299 FilePath root_path = |
308 } | 300 file_util_->GetDirectoryForOriginAndType(origin_url, type, create); |
309 | 301 if (root_path.empty()) { |
310 private: | 302 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, |
311 void GetFileSystemRootPathOnFileThread(bool create) { | 303 kCreateDirectoryError, |
312 MigrateIfNeeded(file_util_, old_base_path_); | 304 kFileSystemErrorMax); |
313 DispatchCallbackOnCallerThread( | 305 // TODO(kinuko): We should return appropriate error code. |
314 file_util_->GetDirectoryForOriginAndType(origin_url_, type_, create)); | 306 error_ = base::PLATFORM_FILE_ERROR_FAILED; |
307 } else { | |
308 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, kOK, kFileSystemErrorMax); | |
309 error_ = base::PLATFORM_FILE_OK; | |
310 } | |
315 // We must clear the reference on the file thread. | 311 // We must clear the reference on the file thread. |
316 file_util_ = NULL; | 312 file_util_ = NULL; |
317 } | 313 } |
318 | 314 |
319 void DispatchCallbackOnCallerThread(const FilePath& root_path) { | 315 void Reply(const Callback& callback) { |
320 if (root_path.empty()) { | 316 callback.Run(error_); |
321 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, | |
322 kCreateDirectoryError, | |
323 kFileSystemErrorMax); | |
324 } | |
325 origin_message_loop_proxy_->PostTask( | |
326 FROM_HERE, | |
327 base::Bind(&GetFileSystemRootPathTask::DispatchCallback, this, | |
328 root_path)); | |
329 } | 317 } |
330 | 318 |
331 void DispatchCallback(const FilePath& root_path) { | 319 private: |
332 std::string origin_identifier = GetOriginIdentifierFromURL(origin_url_); | |
333 std::string type_string = GetFileSystemTypeString(type_); | |
334 DCHECK(!type_string.empty()); | |
335 std::string name = origin_identifier + ":" + type_string; | |
336 | |
337 if (!root_path.empty()) | |
338 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, kOK, kFileSystemErrorMax); | |
339 | |
340 callback_.Run(!root_path.empty(), root_path, name); | |
341 callback_.Reset(); | |
342 } | |
343 | |
344 scoped_refptr<base::MessageLoopProxy> file_message_loop_; | 320 scoped_refptr<base::MessageLoopProxy> file_message_loop_; |
345 scoped_refptr<base::MessageLoopProxy> origin_message_loop_proxy_; | |
346 GURL origin_url_; | |
347 FileSystemType type_; | |
348 scoped_refptr<ObfuscatedFileUtil> file_util_; | 321 scoped_refptr<ObfuscatedFileUtil> file_util_; |
349 FilePath old_base_path_; | 322 base::PlatformFileError error_; |
350 FileSystemMountPointProvider::GetRootPathCallback callback_; | |
351 }; | 323 }; |
352 | 324 |
353 SandboxMountPointProvider::SandboxMountPointProvider( | 325 SandboxMountPointProvider::SandboxMountPointProvider( |
354 scoped_refptr<base::MessageLoopProxy> file_message_loop, | 326 scoped_refptr<base::MessageLoopProxy> file_message_loop, |
355 const FilePath& profile_path, | 327 const FilePath& profile_path, |
356 FileSystemOptions* file_system_options) | 328 FileSystemOptions* file_system_options) |
357 : FileSystemQuotaUtil(file_message_loop), | 329 : FileSystemQuotaUtil(file_message_loop), |
358 file_message_loop_(file_message_loop), | 330 file_message_loop_(file_message_loop), |
359 profile_path_(profile_path), | 331 profile_path_(profile_path), |
360 file_system_options_(file_system_options), | 332 file_system_options_(file_system_options), |
361 sandbox_file_util_( | 333 sandbox_file_util_( |
362 new ObfuscatedFileUtil( | 334 new ObfuscatedFileUtil( |
363 profile_path.Append(kNewFileSystemDirectory), | 335 profile_path.Append(kNewFileSystemDirectory), |
364 QuotaFileUtil::CreateDefault())) { | 336 QuotaFileUtil::CreateDefault())) { |
365 DCHECK(file_system_options); | 337 DCHECK(file_system_options); |
366 } | 338 } |
367 | 339 |
368 SandboxMountPointProvider::~SandboxMountPointProvider() { | 340 SandboxMountPointProvider::~SandboxMountPointProvider() { |
369 if (!file_message_loop_->BelongsToCurrentThread()) | 341 if (!file_message_loop_->BelongsToCurrentThread()) |
370 file_message_loop_->ReleaseSoon(FROM_HERE, sandbox_file_util_.release()); | 342 file_message_loop_->ReleaseSoon(FROM_HERE, sandbox_file_util_.release()); |
371 } | 343 } |
372 | 344 |
373 bool SandboxMountPointProvider::IsAccessAllowed(const GURL& origin_url, | 345 void SandboxMountPointProvider::ValidateFileSystemRoot( |
374 FileSystemType type, | |
375 const FilePath& unused) { | |
376 if (type != kFileSystemTypeTemporary && type != kFileSystemTypePersistent) | |
377 return false; | |
378 // We essentially depend on quota to do our access controls, so here | |
379 // we only check if the requested scheme is allowed or not. | |
380 return IsAllowedScheme(origin_url); | |
381 } | |
382 | |
383 void SandboxMountPointProvider::ValidateFileSystemRootAndGetURL( | |
384 const GURL& origin_url, fileapi::FileSystemType type, bool create, | 346 const GURL& origin_url, fileapi::FileSystemType type, bool create, |
385 const FileSystemMountPointProvider::GetRootPathCallback& callback) { | 347 const ValidateFileSystemCallback& callback) { |
386 FilePath origin_base_path; | |
387 | |
388 if (file_system_options_->is_incognito()) { | 348 if (file_system_options_->is_incognito()) { |
389 // TODO(kinuko): return an isolated temporary directory. | 349 // TODO(kinuko): return an isolated temporary directory. |
390 callback.Run(false, FilePath(), std::string()); | 350 callback.Run(base::PLATFORM_FILE_ERROR_SECURITY); |
391 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, | 351 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, |
392 kIncognito, | 352 kIncognito, |
393 kFileSystemErrorMax); | 353 kFileSystemErrorMax); |
394 return; | 354 return; |
395 } | 355 } |
396 | 356 |
397 if (!IsAllowedScheme(origin_url)) { | 357 if (!IsAllowedScheme(origin_url)) { |
398 callback.Run(false, FilePath(), std::string()); | 358 callback.Run(base::PLATFORM_FILE_ERROR_SECURITY); |
399 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, | 359 UMA_HISTOGRAM_ENUMERATION(kOpenFileSystem, |
400 kInvalidScheme, | 360 kInvalidScheme, |
401 kFileSystemErrorMax); | 361 kFileSystemErrorMax); |
402 return; | 362 return; |
403 } | 363 } |
404 | 364 |
405 scoped_refptr<GetFileSystemRootPathTask> task( | 365 ValidateFileSystemRootHelper* helper = new ValidateFileSystemRootHelper( |
406 new GetFileSystemRootPathTask( | 366 file_message_loop_, sandbox_file_util_); |
407 file_message_loop_, origin_url, type, sandbox_file_util_.get(), | 367 file_message_loop_->PostTaskAndReply( |
408 old_base_path(), callback)); | 368 FROM_HERE, |
409 task->Start(create); | 369 base::Bind(&ValidateFileSystemRootHelper::RunOnFileThread, |
370 base::Unretained(helper), | |
371 origin_url, type, old_base_path(), create), | |
tzik
2011/12/22 06:49:20
Could we add sandbox_file_util_ as parameter and o
kinuko
2011/12/22 07:04:33
Good point. Done.
| |
372 base::Bind(&ValidateFileSystemRootHelper::Reply, | |
373 base::Owned(helper), | |
374 callback)); | |
410 }; | 375 }; |
411 | 376 |
412 FilePath | 377 FilePath |
413 SandboxMountPointProvider::ValidateFileSystemRootAndGetPathOnFileThread( | 378 SandboxMountPointProvider::GetFileSystemRootPathOnFileThread( |
414 const GURL& origin_url, FileSystemType type, const FilePath& unused, | 379 const GURL& origin_url, FileSystemType type, const FilePath& unused, |
415 bool create) { | 380 bool create) { |
416 if (file_system_options_->is_incognito()) | 381 if (file_system_options_->is_incognito()) |
417 // TODO(kinuko): return an isolated temporary directory. | 382 // TODO(kinuko): return an isolated temporary directory. |
418 return FilePath(); | 383 return FilePath(); |
419 | 384 |
420 if (!IsAllowedScheme(origin_url)) | 385 if (!IsAllowedScheme(origin_url)) |
421 return FilePath(); | 386 return FilePath(); |
422 | 387 |
423 MigrateIfNeeded(sandbox_file_util_, old_base_path()); | 388 MigrateIfNeeded(sandbox_file_util_, old_base_path()); |
424 | 389 |
425 return sandbox_file_util_->GetDirectoryForOriginAndType( | 390 return sandbox_file_util_->GetDirectoryForOriginAndType( |
426 origin_url, type, create); | 391 origin_url, type, create); |
427 } | 392 } |
428 | 393 |
394 bool SandboxMountPointProvider::IsAccessAllowed(const GURL& origin_url, | |
395 FileSystemType type, | |
396 const FilePath& unused) { | |
397 if (type != kFileSystemTypeTemporary && type != kFileSystemTypePersistent) | |
398 return false; | |
399 // We essentially depend on quota to do our access controls, so here | |
400 // we only check if the requested scheme is allowed or not. | |
401 return IsAllowedScheme(origin_url); | |
402 } | |
403 | |
429 bool SandboxMountPointProvider::IsRestrictedFileName(const FilePath& filename) | 404 bool SandboxMountPointProvider::IsRestrictedFileName(const FilePath& filename) |
430 const { | 405 const { |
431 if (filename.value().empty()) | 406 if (filename.value().empty()) |
432 return false; | 407 return false; |
433 | 408 |
434 for (size_t i = 0; i < arraysize(kRestrictedNames); ++i) { | 409 for (size_t i = 0; i < arraysize(kRestrictedNames); ++i) { |
435 // Exact match. | 410 // Exact match. |
436 if (filename.value() == kRestrictedNames[i]) | 411 if (filename.value() == kRestrictedNames[i]) |
437 return true; | 412 return true; |
438 } | 413 } |
(...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
677 i < file_system_options_->additional_allowed_schemes().size(); | 652 i < file_system_options_->additional_allowed_schemes().size(); |
678 ++i) { | 653 ++i) { |
679 if (url.SchemeIs( | 654 if (url.SchemeIs( |
680 file_system_options_->additional_allowed_schemes()[i].c_str())) | 655 file_system_options_->additional_allowed_schemes()[i].c_str())) |
681 return true; | 656 return true; |
682 } | 657 } |
683 return false; | 658 return false; |
684 } | 659 } |
685 | 660 |
686 } // namespace fileapi | 661 } // namespace fileapi |
OLD | NEW |