FileSystem mods: Changes to snapshot file creation to remove dependencies on blobs.

content/browser/fileapi/fileapi_message_filter.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/fileapi/fileapi_message_filter.h"
 
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
@@ skipping 88 matching lines @@
 void FileAPIMessageFilter::OnChannelClosing() {
   BrowserMessageFilter::OnChannelClosing();
 
   // Unregister all the blob URLs that are previously registered in this
   // process.
   for (base::hash_set<std::string>::const_iterator iter = blob_urls_.begin();
        iter != blob_urls_.end(); ++iter) {
     blob_storage_context_->controller()->RemoveBlob(GURL(*iter));
   }
 
+  in_transit_snapshot_files_.clear();
+
   // Close all files that are previously OpenFile()'ed in this process.
   if (!open_filesystem_urls_.empty()) {
     DLOG(INFO)
         << "File API: Renderer process shut down before NotifyCloseFile"
         << " for " << open_filesystem_urls_.size() << " files opened in PPAPI";
   }
   for (std::multiset<GURL>::const_iterator iter =
        open_filesystem_urls_.begin();
        iter != open_filesystem_urls_.end(); ++iter) {
     FileSystemURL url(context_->CrackURL(*iter));
@@ skipping 26 matching lines @@
     IPC_MESSAGE_HANDLER(FileSystemHostMsg_Exists, OnExists)
     IPC_MESSAGE_HANDLER(FileSystemHostMsg_ReadDirectory, OnReadDirectory)
     IPC_MESSAGE_HANDLER(FileSystemHostMsg_Write, OnWrite)
     IPC_MESSAGE_HANDLER(FileSystemHostMsg_Truncate, OnTruncate)
     IPC_MESSAGE_HANDLER(FileSystemHostMsg_TouchFile, OnTouchFile)
     IPC_MESSAGE_HANDLER(FileSystemHostMsg_CancelWrite, OnCancel)
     IPC_MESSAGE_HANDLER(FileSystemHostMsg_OpenFile, OnOpenFile)
     IPC_MESSAGE_HANDLER(FileSystemHostMsg_NotifyCloseFile, OnNotifyCloseFile)
     IPC_MESSAGE_HANDLER(FileSystemHostMsg_CreateSnapshotFile,
                         OnCreateSnapshotFile)
+    IPC_MESSAGE_HANDLER(FileSystemHostMsg_DidReceiveSnapshotFile,
+                        OnDidReceiveSnapshotFile)
+    IPC_MESSAGE_HANDLER(FileSystemHostMsg_CreateSnapshotFile_Deprecated,
+                        OnCreateSnapshotFile_Deprecated)
     IPC_MESSAGE_HANDLER(FileSystemHostMsg_WillUpdate, OnWillUpdate)
     IPC_MESSAGE_HANDLER(FileSystemHostMsg_DidUpdate, OnDidUpdate)
     IPC_MESSAGE_HANDLER(FileSystemHostMsg_SyncGetPlatformPath,
                         OnSyncGetPlatformPath)
     IPC_MESSAGE_HANDLER(BlobHostMsg_StartBuildingBlob, OnStartBuildingBlob)
     IPC_MESSAGE_HANDLER(BlobHostMsg_AppendBlobDataItem, OnAppendBlobDataItem)
     IPC_MESSAGE_HANDLER(BlobHostMsg_SyncAppendSharedMemory,
                         OnAppendSharedMemory)
     IPC_MESSAGE_HANDLER(BlobHostMsg_FinishBuildingBlob, OnFinishBuildingBlob)
     IPC_MESSAGE_HANDLER(BlobHostMsg_CloneBlob, OnCloneBlob)
@@ skipping 367 matching lines @@
   // for the file. (We first need to check if it can already be read not to
   // overwrite existing permissions)
   if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanReadFile(
           process_id_, *platform_path)) {
     ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
         process_id_, *platform_path);
   }
 }
 
 void FileAPIMessageFilter::OnCreateSnapshotFile(
+    int request_id, const GURL& path) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+  FileSystemURL url(context_->CrackURL(path));
+
+  // Make sure if this file can be read by the renderer as this is
+  // called when the renderer is about to create a new File object
+  // (for reading the file).
+  base::PlatformFileError error;
+  if (!HasPermissionsForFile(url, fileapi::kReadFilePermissions, &error)) {
+    Send(new FileSystemMsg_DidFail(request_id, error));
+    return;
+  }
+
+  FileSystemOperation* operation = GetNewOperation(url, request_id);
+  if (!operation)
+    return;
+  operation->CreateSnapshotFile(
+      url,
+      base::Bind(&FileAPIMessageFilter::DidCreateSnapshot,
+                 this, request_id, url));
+}
+
+void FileAPIMessageFilter::OnDidReceiveSnapshotFile(int request_id) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+  in_transit_snapshot_files_.erase(request_id);
+}
+
+void FileAPIMessageFilter::OnCreateSnapshotFile_Deprecated(
     int request_id, const GURL& blob_url, const GURL& path) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   FileSystemURL url(context_->CrackURL(path));
   base::Callback<void(const base::FilePath&)> register_file_callback =
       base::Bind(&FileAPIMessageFilter::RegisterFileAsBlob,
                  this, blob_url, url);
 
   // Make sure if this file can be read by the renderer as this is
   // called when the renderer is about to create a new File object
   // (for reading the file).
   base::PlatformFileError error;
   if (!HasPermissionsForFile(url, fileapi::kReadFilePermissions, &error)) {
     Send(new FileSystemMsg_DidFail(request_id, error));
     return;
   }
 
   FileSystemOperation* operation = GetNewOperation(url, request_id);
   if (!operation)
     return;
   operation->CreateSnapshotFile(
       url,
-      base::Bind(&FileAPIMessageFilter::DidCreateSnapshot,
+      base::Bind(&FileAPIMessageFilter::DidCreateSnapshot_Deprecated,
                  this, request_id, register_file_callback));
 }
 
 void FileAPIMessageFilter::OnStartBuildingBlob(const GURL& url) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   blob_storage_context_->controller()->StartBuildingBlob(url);
   blob_urls_.insert(url.spec());
 }
 
 void FileAPIMessageFilter::OnAppendBlobDataItem(
@@ skipping 155 matching lines @@
   if (result == base::PLATFORM_FILE_OK)
     Send(new FileSystemMsg_DidSucceed(request_id));
   else
     Send(new FileSystemMsg_DidFail(request_id, result));
   // For DeleteFileSystem we do not create a new operation,
   // so no unregister here.
 }
 
 void FileAPIMessageFilter::DidCreateSnapshot(
     int request_id,
+    const fileapi::FileSystemURL& url,
+    base::PlatformFileError result,
+    const base::PlatformFileInfo& info,
+    const base::FilePath& platform_path,
+    const scoped_refptr<webkit_blob::ShareableFileReference>& snapshot_file) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+  if (result != base::PLATFORM_FILE_OK) {
+    Send(new FileSystemMsg_DidFail(request_id, result));
+    return;
+  }
+
+  if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanReadFile(
+          process_id_, platform_path)) {
+    // In order for the renderer to be able to read the file, it must be granted
+    // read permission for the file's platform path. By now, it has already been
+    // verified that the renderer has sufficient permissions to read the file.
+    // It is still possible that ChildProcessSecurityPolicyImpl doesn't reflect
+    // that the renderer can read the file's platform path. If this is the case
+    // the renderer should be granted read permission for the file's platform
+    // path. This can happen in the following situations:
+    // - the file comes from sandboxed filesystem. Reading sandboxed files is
+    //   always permitted, but only implicitly.
+    // - the underlying filesystem returned newly created snapshot file.
+    // - the file comes from an external drive filesystem. The renderer has
+    //   already been granted read permission for the file's nominal path, but
+    //   for drive files, platform paths differ from the nominal paths.
+    DCHECK(snapshot_file ||
+           fileapi::SandboxMountPointProvider::CanHandleType(url.type()) ||
+           url.type() == fileapi::kFileSystemTypeDrive);
+    ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
+        process_id_, platform_path);
+    if (snapshot_file) {
+      // This will revoke all permissions for the file when the last ref
+      // of the file is dropped (assuming it's ok).
+      snapshot_file->AddFinalReleaseCallback(
+          base::Bind(&RevokeFilePermission, process_id_));
+    }
+  }
+
+  if (snapshot_file) {
+    // This ref is held until OnDidReceiveSnapshotFile is called.
+    in_transit_snapshot_files_[request_id] = snapshot_file;
+  }
+
+  // Return the file info and platform_path.
+  Send(new FileSystemMsg_DidCreateSnapshotFile(
+               request_id, info, platform_path));
+}
+
+void FileAPIMessageFilter::DidCreateSnapshot_Deprecated(
+    int request_id,
     const base::Callback<void(const base::FilePath&)>& register_file_callback,
     base::PlatformFileError result,
     const base::PlatformFileInfo& info,
     const base::FilePath& platform_path,
     const scoped_refptr<webkit_blob::ShareableFileReference>& unused) {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   if (result != base::PLATFORM_FILE_OK) {
     Send(new FileSystemMsg_DidFail(request_id, result));
     return;
   }
@@ skipping 117 matching lines @@
     Send(new FileSystemMsg_DidFail(request_id, error_code));
     return NULL;
   }
 
   DCHECK(operation);
   operations_.AddWithID(operation, request_id);
   return operation;
 }
 
 }  // namespace content