| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/policy/core/common/cloud/resource_cache.h" | 5 #include "components/policy/core/common/cloud/resource_cache.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/file_util.h" | 9 #include "base/file_util.h" |
| 10 #include "base/files/file_enumerator.h" | 10 #include "base/files/file_enumerator.h" |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 78 // cache directory. The mechanism is meant to foil file-system-level attacks | 78 // cache directory. The mechanism is meant to foil file-system-level attacks |
| 79 // where a symlink is planted in the cache directory before Chrome has | 79 // where a symlink is planted in the cache directory before Chrome has |
| 80 // started. An attacker controlling a process running concurrently with Chrome | 80 // started. An attacker controlling a process running concurrently with Chrome |
| 81 // would be able to race against the protection by re-creating the symlink | 81 // would be able to race against the protection by re-creating the symlink |
| 82 // between these two calls. There is nothing in file_util that could be used | 82 // between these two calls. There is nothing in file_util that could be used |
| 83 // to protect against such races, especially as the cache is cross-platform | 83 // to protect against such races, especially as the cache is cross-platform |
| 84 // and therefore cannot use any POSIX-only tricks. | 84 // and therefore cannot use any POSIX-only tricks. |
| 85 int size = base::checked_cast<int>(data.size()); | 85 int size = base::checked_cast<int>(data.size()); |
| 86 return VerifyKeyPathAndGetSubkeyPath(key, true, subkey, &subkey_path) && | 86 return VerifyKeyPathAndGetSubkeyPath(key, true, subkey, &subkey_path) && |
| 87 base::DeleteFile(subkey_path, false) && | 87 base::DeleteFile(subkey_path, false) && |
| 88 (file_util::WriteFile(subkey_path, data.data(), size) == size); | 88 (base::WriteFile(subkey_path, data.data(), size) == size); |
| 89 } | 89 } |
| 90 | 90 |
| 91 bool ResourceCache::Load(const std::string& key, | 91 bool ResourceCache::Load(const std::string& key, |
| 92 const std::string& subkey, | 92 const std::string& subkey, |
| 93 std::string* data) { | 93 std::string* data) { |
| 94 DCHECK(task_runner_->RunsTasksOnCurrentThread()); | 94 DCHECK(task_runner_->RunsTasksOnCurrentThread()); |
| 95 base::FilePath subkey_path; | 95 base::FilePath subkey_path; |
| 96 // Only read from |subkey_path| if it is not a symlink. | 96 // Only read from |subkey_path| if it is not a symlink. |
| 97 if (!VerifyKeyPathAndGetSubkeyPath(key, false, subkey, &subkey_path) || | 97 if (!VerifyKeyPathAndGetSubkeyPath(key, false, subkey, &subkey_path) || |
| 98 base::IsLink(subkey_path)) { | 98 base::IsLink(subkey_path)) { |
| (...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 232 if (!VerifyKeyPath(key, allow_create_key, &key_path) || | 232 if (!VerifyKeyPath(key, allow_create_key, &key_path) || |
| 233 !Base64Encode(subkey, &encoded)) { | 233 !Base64Encode(subkey, &encoded)) { |
| 234 return false; | 234 return false; |
| 235 } | 235 } |
| 236 *path = key_path.AppendASCII(encoded); | 236 *path = key_path.AppendASCII(encoded); |
| 237 return true; | 237 return true; |
| 238 } | 238 } |
| 239 | 239 |
| 240 | 240 |
| 241 } // namespace policy | 241 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 184563006:
Move WriteFile and WriteFileDescriptor from file_util to base namespace. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src