FileSystem: Modify ObfucatedFileUtil to delete contents of the plugin private filesystem

storage/browser/fileapi/obfuscated_file_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "storage/browser/fileapi/obfuscated_file_util.h"
 
 #include <queue>
 #include <string>
 #include <vector>
 
 #include "base/files/file_util.h"
 #include "base/format_macros.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop.h"
 #include "base/metrics/histogram.h"
 #include "base/stl_util.h"
 #include "base/strings/string_number_conversions.h"
+#include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/sys_string_conversions.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/time/time.h"
 #include "storage/browser/fileapi/file_observers.h"
 #include "storage/browser/fileapi/file_system_context.h"
 #include "storage/browser/fileapi/file_system_operation_context.h"
 #include "storage/browser/fileapi/file_system_url.h"
 #include "storage/browser/fileapi/native_file_util.h"
 #include "storage/browser/fileapi/sandbox_file_system_backend.h"
@@ skipping 32 matching lines @@
 }
 
 // Costs computed as per crbug.com/86114, based on the LevelDB implementation of
 // path storage under Linux.  It's not clear if that will differ on Windows, on
 // which base::FilePath uses wide chars [since they're converted to UTF-8 for
 // storage anyway], but as long as the cost is high enough that one can't cheat
 // on quota by storing data in paths, it doesn't need to be all that accurate.
 const int64 kPathCreationQuotaCost = 146;  // Bytes per inode, basically.
 const int64 kPathByteQuotaCost = 2;  // Bytes per byte of path length in UTF-8.
 
+const char kDirectoryDatabaseKeySeparator = ' ';
+
 int64 UsageForPath(size_t length) {
   return kPathCreationQuotaCost +
       static_cast<int64>(length) * kPathByteQuotaCost;
 }
 
 bool AllocateQuota(FileSystemOperationContext* context, int64 growth) {
   if (context->allowed_bytes_growth() == storage::QuotaManager::kNoLimit)
     return true;
 
   int64 new_quota = context->allowed_bytes_growth() - growth;
@@ skipping 770 matching lines @@
   }
 
   if (error_code)
     *error_code = error;
   return path;
 }
 
 bool ObfuscatedFileUtil::DeleteDirectoryForOriginAndType(
     const GURL& origin,
     const std::string& type_string) {
-  base::File::Error error = base::File::FILE_OK;
-  base::FilePath origin_type_path = GetDirectoryForOriginAndType(
-      origin, type_string, false, &error);
-  if (origin_type_path.empty())
-    return true;
-  if (error != base::File::FILE_ERROR_NOT_FOUND) {
-    // TODO(dmikurube): Consider the return value of DestroyDirectoryDatabase.
-    // We ignore its error now since 1) it doesn't matter the final result, and
-    // 2) it always returns false in Windows because of LevelDB's
-    // implementation.
-    // Information about failure would be useful for debugging.
-    if (!type_string.empty())
-      DestroyDirectoryDatabase(origin, type_string);
-    if (!base::DeleteFile(origin_type_path, true /* recursive */))
+  if (!DestroyDirectoryDatabase(origin, type_string))
+    return false;
+
+  const base::FilePath origin_path = GetDirectoryForOrigin(origin, false, NULL);
+  if (!type_string.empty()) {
+    // Delete the filesystem type directory.
+    base::File::Error error = base::File::FILE_OK;
+    const base::FilePath origin_type_path =
+        GetDirectoryForOriginAndType(origin, type_string, false, &error);
+    if (error == base::File::FILE_ERROR_FAILED)
       return false;
-  }
+    if (error == base::File::FILE_OK &&
+        !origin_type_path.empty() &&
+        !base::DeleteFile(origin_type_path, true /* recursive */)) {
+      return false;
+    }
 
-  base::FilePath origin_path = VirtualPath::DirName(origin_type_path);
-  DCHECK_EQ(origin_path.value(),
-            GetDirectoryForOrigin(origin, false, NULL).value());
+    DCHECK_EQ(origin_path.value(),
+              GetDirectoryForOrigin(origin, false, NULL).value());

[kinuko, 2014/09/25 16:33:00]

nit: This is checking the return val of GetDirectoryForOrigin() to the same
value.

[nhiroki, 2014/11/07 08:15:42]

Done.

 
-  if (!type_string.empty()) {
     // At this point we are sure we had successfully deleted the origin/type
     // directory (i.e. we're ready to just return true).
     // See if we have other directories in this origin directory.
     for (std::set<std::string>::iterator iter = known_type_strings_.begin();
          iter != known_type_strings_.end();
          ++iter) {
       if (*iter == type_string)
         continue;
       if (base::DirectoryExists(origin_path.AppendASCII(*iter))) {
         // Other type's directory exists; just return true here.
         return true;
       }
     }
   }
 
   // No other directories seem exist. Try deleting the entire origin directory.
   InitOriginDatabase(origin, false);
   if (origin_database_) {
     origin_database_->RemovePathForOrigin(
         storage::GetIdentifierFromOrigin(origin));
   }
-  if (!base::DeleteFile(origin_path, true /* recursive */))
-    return false;
-
-  return true;
+  return base::DeleteFile(origin_path, true /* recursive */);
 }
 
 ObfuscatedFileUtil::AbstractOriginEnumerator*
 ObfuscatedFileUtil::CreateOriginEnumerator() {
   std::vector<SandboxOriginDatabase::OriginRecord> origins;
 
   InitOriginDatabase(GURL(), false);
   return new ObfuscatedOriginEnumerator(
       origin_database_.get(), file_system_directory_);
 }
 
 bool ObfuscatedFileUtil::DestroyDirectoryDatabase(
     const GURL& origin,
     const std::string& type_string) {
-  std::string key = GetDirectoryDatabaseKey(origin, type_string);
-  if (key.empty())
-    return true;
-  DirectoryMap::iterator iter = directories_.find(key);
-  if (iter == directories_.end())
-    return true;
-  scoped_ptr<SandboxDirectoryDatabase> database(iter->second);
-  directories_.erase(iter);
-  return database->DestroyDatabase();
+  // If |type_string| is empty, delete all filesystem types under |origin|.

[kinuko, 2014/09/25 16:33:00]

Probably we could add a test to make sure this doesn't delete
"http://example.com:1234" for "http://example.com:12"?

[nhiroki, 2014/11/07 08:15:42]

Added.

+  const std::string key_prefix = GetDirectoryDatabaseKey(origin, type_string);
+  for (DirectoryMap::iterator iter = directories_.lower_bound(key_prefix);
+       iter != directories_.end();) {
+    if (!StartsWithASCII(iter->first, key_prefix, true))
+      break;
+    DCHECK(type_string.empty() || iter->first == key_prefix);
+    scoped_ptr<SandboxDirectoryDatabase> database(iter->second);
+    directories_.erase(iter++);
+    if (!database->DestroyDatabase())
+      return false;

[kinuko, 2014/09/25 16:33:00]

It's a bit hard to say what we should do when we could destroy some of the DBs
but not all...

[nhiroki, 2014/11/07 08:15:42]

I see... I made DestroyDatabase() ignore the failure as the original code is
because this failure does not affect subsequent operations and the final result.

+  }
+  return true;
 }
 
 // static
 int64 ObfuscatedFileUtil::ComputeFilePathCost(const base::FilePath& path) {
   return UsageForPath(VirtualPath::BaseName(path).value().size());
 }
 
 void ObfuscatedFileUtil::MaybePrepopulateDatabase(
     const std::vector<std::string>& type_strings_to_prepopulate) {
   SandboxPrioritizedOriginDatabase database(file_system_directory_,
@@ skipping 191 matching lines @@
     const FileSystemURL& url, const base::FilePath& data_path) {
   base::File::Error error = base::File::FILE_OK;
   base::FilePath root = GetDirectoryForURL(url, false, &error);
   if (error != base::File::FILE_OK)
     return base::FilePath();
   return root.Append(data_path);
 }
 
 std::string ObfuscatedFileUtil::GetDirectoryDatabaseKey(
     const GURL& origin, const std::string& type_string) {
-  if (type_string.empty()) {
-    LOG(WARNING) << "Unknown filesystem type requested:" << type_string;
-    return std::string();
-  }
   // For isolated origin we just use a type string as a key.
-  return storage::GetIdentifierFromOrigin(origin) + type_string;
+  return storage::GetIdentifierFromOrigin(origin) +
+      kDirectoryDatabaseKeySeparator + type_string;
 }
 
 // TODO(ericu): How to do the whole validation-without-creation thing?
 // We may not have quota even to create the database.
 // Ah, in that case don't even get here?
 // Still doesn't answer the quota issue, though.
 SandboxDirectoryDatabase* ObfuscatedFileUtil::GetDirectoryDatabase(
     const FileSystemURL& url, bool create) {
   std::string key = GetDirectoryDatabaseKey(
       url.origin(), CallGetTypeStringForURL(url));
@@ skipping 251 matching lines @@
   }
   return file.Pass();
 }
 
 bool ObfuscatedFileUtil::HasIsolatedStorage(const GURL& origin) {
   return special_storage_policy_.get() &&
       special_storage_policy_->HasIsolatedStorage(origin);
 }
 
 }  // namespace storage