CRX FileSystem Pepper private API

chrome/browser/renderer_host/pepper/pepper_ext_crx_file_system_browser_host.cc

Index: chrome/browser/renderer_host/pepper/pepper_ext_crx_file_system_browser_host.cc
diff --git a/chrome/browser/renderer_host/pepper/pepper_ext_crx_file_system_browser_host.cc b/chrome/browser/renderer_host/pepper/pepper_ext_crx_file_system_browser_host.cc
new file mode 100644
index 0000000000000000000000000000000000000000..7f365cc947dd7e16ca676a1f12833ca60b7000ac
--- /dev/null
+++ b/chrome/browser/renderer_host/pepper/pepper_ext_crx_file_system_browser_host.cc
@@ -0,0 +1,157 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/renderer_host/pepper/pepper_ext_crx_file_system_browser_host.h"
+
+#include "base/files/file_path.h"
+#include "chrome/browser/browser_process.h"
+#include "chrome/browser/extensions/extension_service.h"
+#include "chrome/browser/extensions/extension_system.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/profiles/profile_manager.h"
+#include "chrome/common/extensions/extension.h"
+#include "content/public/browser/browser_ppapi_host.h"
+#include "content/public/browser/child_process_security_policy.h"
+#include "extensions/common/constants.h"
+#include "googleurl/src/gurl.h"
+#include "ppapi/c/pp_errors.h"
+#include "ppapi/host/dispatch_host_message.h"
+#include "ppapi/host/host_message_context.h"
+#include "ppapi/host/ppapi_host.h"
+#include "ppapi/proxy/ppapi_messages.h"
+#include "ppapi/proxy/resource_message_params.h"

[yzshen1, 2013/04/30 19:31:19]

It is already included in the .h file.

[victorhsieh, 2013/04/30 22:04:32]

Done.

+#include "webkit/fileapi/isolated_context.h"
+
+namespace chrome {
+
+namespace {
+
+// Returns filesystem id of isolated filesystem if valid, or empty string
+// otherwise.  This is expected to run in UI thread as ProfileManager only
+// allows UI thread access.
+std::string CreateIsolatedFileSystem(
+    const base::FilePath& profile_directory,
+    const GURL& url) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
+  if (!url.SchemeIs(extensions::kExtensionScheme))
+    return std::string();
+
+  ProfileManager* profile_manager = g_browser_process->profile_manager();
+  Profile* profile = profile_manager->GetProfile(profile_directory);
+  extensions::ExtensionSystem* extension_system =
+      extensions::ExtensionSystem::Get(profile);
+  if (!extension_system)
+    return std::string();
+
+  const ExtensionService* extension_service =
+      extension_system->extension_service();
+  if (!extension_service)
+    return std::string();
+
+  const extensions::Extension* extension =
+      extension_service->GetExtensionById(url.host(), false);
+  if (!extension)
+    return std::string();
+
+  // First level directory for isolated filesystem to lookup.
+  std::string kFirstLevelDirectory("crxfs");
+  return fileapi::IsolatedContext::GetInstance()->
+      RegisterFileSystemForPath(fileapi::kFileSystemTypeNativeLocal,
+                                extension->path(),
+                                &kFirstLevelDirectory);
+}
+
+}  // namespace
+
+PepperExtCrxFileSystemBrowserHost::PepperExtCrxFileSystemBrowserHost(
+    content::BrowserPpapiHost* host,
+    PP_Instance instance,
+    PP_Resource resource)
+    : ppapi::host::ResourceHost(host->GetPpapiHost(), instance, resource),
+      browser_ppapi_host_(host),
+      weak_ptr_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)) {
+}
+
+PepperExtCrxFileSystemBrowserHost::~PepperExtCrxFileSystemBrowserHost() {
+}
+
+int32_t PepperExtCrxFileSystemBrowserHost::OnResourceMessageReceived(
+    const IPC::Message& msg,
+    ppapi::host::HostMessageContext* context) {
+  IPC_BEGIN_MESSAGE_MAP(PepperExtCrxFileSystemBrowserHost, msg)
+    PPAPI_DISPATCH_HOST_RESOURCE_CALL_0(
+        PpapiBrowserHostMsg_Ext_CrxFileSystem_Open, OnOpenFileSystem);
+  IPC_END_MESSAGE_MAP()
+  return PP_ERROR_FAILED;
+}
+
+int32_t PepperExtCrxFileSystemBrowserHost::OnOpenFileSystem(
+    ppapi::host::HostMessageContext* context) {
+  // In order to reach ExtensionSystem, we need to get ProfileManager first.
+  // ProfileManager lives in UI thread, so we need to PostTask and come back.
+  BrowserThread::PostTaskAndReplyWithResult(
+      BrowserThread::UI, FROM_HERE,
+      base::Bind(
+          &CreateIsolatedFileSystem,
+          browser_ppapi_host_->GetProfileDataDirectory(),
+          browser_ppapi_host_->GetDocumentURLForInstance(pp_instance())),
+      base::Bind(
+          &PepperExtCrxFileSystemBrowserHost::OnIsolatedFileSystemCreated,
+          weak_ptr_factory_.GetWeakPtr(),
+          context->MakeReplyMessageContext()));
+  return PP_OK_COMPLETIONPENDING;
+}
+
+void PepperExtCrxFileSystemBrowserHost::OnIsolatedFileSystemCreated(
+    ppapi::host::ReplyMessageContext reply_context,
+    const std::string& fsid) {
+  // Create an isolated file system for current extension.  Since fsid is sent
+  // by a plugin (which could be malicious), we run a sanity check here before

[yzshen1, 2013/04/30 19:31:19]

fsid is not sent by the plugin, right?

[victorhsieh, 2013/04/30 22:04:32]

It's forwarded by the plugin.  Please see my design doc (CRX FileSystem Pepper
(private) API).

[yzshen1, 2013/05/01 17:45:10]

Please see my comment in the .h file.
On 2013/04/30 22:04:32, victorhsieh wrote:

+  // sending to fileapi.
+  if (LooksLikeAGuid(fsid)) {

[yzshen1, 2013/04/30 19:31:19]

Is the condition inverted?

[victorhsieh, 2013/04/30 22:04:32]

Shame on me to not have a careful test.

+    Reply(&reply_context, PP_ERROR_NOTSUPPORTED, std::string(), std::string());
+    return;
+  }
+
+  // Grant readonly access of isolated filesystem to renderer process.
+  int render_process_id;
+  int unused_render_view_id;
+  browser_ppapi_host_->GetRenderViewIDsForInstance(pp_instance(),
+                                                   &render_process_id,
+                                                   &unused_render_view_id);
+  content::ChildProcessSecurityPolicy* policy =
+      content::ChildProcessSecurityPolicy::GetInstance();
+  policy->GrantReadFileSystem(render_process_id, fsid);
+
+  const GURL& url =
+      browser_ppapi_host_->GetDocumentURLForInstance(pp_instance());
+  Reply(&reply_context, PP_OK, url.host(), fsid);
+}
+
+void PepperExtCrxFileSystemBrowserHost::Reply(
+    ppapi::host::ReplyMessageContext* reply_context,
+    int32_t pp_error,
+    const std::string& extension_id,
+    const std::string& fsid) {
+  reply_context->params.set_result(pp_error);
+  browser_ppapi_host_->GetPpapiHost()->SendReply(
+      *reply_context,
+      PpapiPluginMsg_Ext_CrxFileSystem_BrowserOpenReply(extension_id, fsid));
+}
+
+bool PepperExtCrxFileSystemBrowserHost::LooksLikeAGuid(
+    const std::string& fsid) const {
+  const int kExpectedFsIdSize = 16;

[yzshen1, 2013/04/30 19:31:19]

I don't understand this very well. If it is a GUID, then you could use
base::IsValidGUID(). (But I noticed that this is different from a valid GUID.)

Is there a common place where to put the logic of generating and validating
FSID? It seems this method doesn't belong here.

[palmer, 2013/04/30 20:54:00]

It's not exactly a GUID, it's just a pseudo-random hexadecimal string of a
128-bit value.

Thus, kExpectedFsIdSize should be 32, right?

[victorhsieh, 2013/04/30 22:04:32]

And shame on me again.

+  if (fsid.size() != kExpectedFsIdSize)
+    return false;
+  for (std::string::const_iterator it = fsid.begin(); it != fsid.end(); ++it) {
+    if (('A' <= *it && *it <= 'F') ||
+        ('0' <= *it && *it <= '9'))
+      continue;
+    return false;
+  }
+  return true;
+}
+
+}  // namespace chrome