Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1245)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webkit/fileapi/local_file_system_operation.cc

Issue 12193007: Deprecate MountPointProvider::IsAccessAllowed in favor of GetPermissionPolicy (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: base::FilePath fix Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « webkit/fileapi/isolated_mount_point_provider.cc ('k') | webkit/fileapi/sandbox_mount_point_provider.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "webkit/fileapi/local_file_system_operation.h" 5 #include "webkit/fileapi/local_file_system_operation.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/single_thread_task_runner.h" 8 #include "base/single_thread_task_runner.h"
9 #include "base/time.h" 9 #include "base/time.h"
10 #include "base/utf_string_conversions.h" 10 #include "base/utf_string_conversions.h"
(...skipping 817 matching lines...) Expand 10 before | Expand all | Expand 10 after
828 file_ref = ShareableFileReference::GetOrCreate( 828 file_ref = ShareableFileReference::GetOrCreate(
829 platform_path, ShareableFileReference::DELETE_ON_FINAL_RELEASE, 829 platform_path, ShareableFileReference::DELETE_ON_FINAL_RELEASE,
830 file_system_context()->task_runners()->file_task_runner()); 830 file_system_context()->task_runners()->file_task_runner());
831 } 831 }
832 callback.Run(result, file_info, platform_path, file_ref); 832 callback.Run(result, file_info, platform_path, file_ref);
833 } 833 }
834 834
835 base::PlatformFileError LocalFileSystemOperation::SetUp( 835 base::PlatformFileError LocalFileSystemOperation::SetUp(
836 const FileSystemURL& url, 836 const FileSystemURL& url,
837 SetUpMode mode) { 837 SetUpMode mode) {
838 if (!url.is_valid()) 838 DCHECK(url.is_valid());
839 return base::PLATFORM_FILE_ERROR_INVALID_URL;
840
841 // Restricted file system is read-only.
842 if (url.type() == fileapi::kFileSystemTypeRestrictedNativeLocal &&
843 mode != SETUP_FOR_READ)
844 return base::PLATFORM_FILE_ERROR_SECURITY;
845 839
846 async_file_util_ = file_system_context()->GetAsyncFileUtil(url.type()); 840 async_file_util_ = file_system_context()->GetAsyncFileUtil(url.type());
847 if (!async_file_util_) 841 if (!async_file_util_)
848 return base::PLATFORM_FILE_ERROR_SECURITY; 842 return base::PLATFORM_FILE_ERROR_SECURITY;
849 843
850 // If this operation is created for recursive sub-operations (i.e. 844 // If this operation is created for recursive sub-operations (i.e.
851 // operation context is overridden from another operation) we skip 845 // operation context is overridden from another operation) we skip
852 // some duplicated security checks. 846 // some duplicated notifications.
853 if (overriding_operation_context_) 847 if (overriding_operation_context_)
854 return base::PLATFORM_FILE_OK; 848 return base::PLATFORM_FILE_OK;
855 849
856 if (!file_system_context()->GetMountPointProvider( 850 // Notify / set up observers.
857 url.type())->IsAccessAllowed(url))
858 return base::PLATFORM_FILE_ERROR_SECURITY;
859
860 if (mode == SETUP_FOR_READ) { 851 if (mode == SETUP_FOR_READ) {
861 operation_context()->access_observers()->Notify( 852 operation_context()->access_observers()->Notify(
862 &FileAccessObserver::OnAccess, MakeTuple(url)); 853 &FileAccessObserver::OnAccess, MakeTuple(url));
863 return base::PLATFORM_FILE_OK; 854 } else {
864 } 855 DCHECK(mode == SETUP_FOR_WRITE || mode == SETUP_FOR_CREATE);
865 856 scoped_update_notifiers_.push_back(new ScopedUpdateNotifier(
866 DCHECK(mode == SETUP_FOR_WRITE || mode == SETUP_FOR_CREATE); 857 operation_context(), url));
867
868 scoped_update_notifiers_.push_back(new ScopedUpdateNotifier(
869 operation_context(), url));
870
871 // Any write access is disallowed on the root path.
872 if (url.path().value().length() == 0 ||
873 url.path().DirName().value() == url.path().value())
874 return base::PLATFORM_FILE_ERROR_SECURITY;
875
876 if (mode == SETUP_FOR_CREATE) {
877 FileSystemMountPointProvider* provider = file_system_context()->
878 GetMountPointProvider(url.type());
879
880 // Check if the cracked file name looks good to create.
881 if (provider->IsRestrictedFileName(VirtualPath::BaseName(url.path())))
882 return base::PLATFORM_FILE_ERROR_SECURITY;
883 } 858 }
884 859
885 return base::PLATFORM_FILE_OK; 860 return base::PLATFORM_FILE_OK;
886 } 861 }
887 862
888 bool LocalFileSystemOperation::SetPendingOperationType(OperationType type) { 863 bool LocalFileSystemOperation::SetPendingOperationType(OperationType type) {
889 if (pending_operation_ != kOperationNone) 864 if (pending_operation_ != kOperationNone)
890 return false; 865 return false;
891 pending_operation_ = type; 866 pending_operation_ = type;
892 return true; 867 return true;
893 } 868 }
894 869
895 } // namespace fileapi 870 } // namespace fileapi
OLDNEW
« no previous file with comments | « webkit/fileapi/isolated_mount_point_provider.cc ('k') | webkit/fileapi/sandbox_mount_point_provider.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698