Chromium Code Reviews Chromium Code Reviews| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "content/browser/loader/temporary_file_manager.h" | |
| 6 | |
| 7 #include "base/files/file_util_proxy.h" | |
| 8 #include "content/browser/child_process_security_policy_impl.h" | |
| 9 #include "content/public/browser/browser_thread.h" | |
| 10 #include "net/base/file_stream.h" | |
| 11 #include "webkit/common/blob/shareable_file_reference.h" | |
| 12 | |
| 13 using webkit_blob::ShareableFileReference; | |
| 14 | |
| 15 namespace content { | |
| 16 | |
| 17 namespace { | |
| 18 | |
| 19 void RemoveDownloadFileFromChildSecurityPolicy(int child_id, | |
| 20 const base::FilePath& path) { | |
| 21 ChildProcessSecurityPolicyImpl::GetInstance()->RevokeAllPermissionsForFile( | |
| 22 child_id, path); | |
| 23 } | |
| 24 | |
| 25 } // namespace | |
| 26 | |
| 27 TemporaryFileManager::TemporaryFileManager() : weak_factory_(this) { | |
| 28 } | |
| 29 | |
| 30 TemporaryFileManager::~TemporaryFileManager() { | |
| 31 } | |
| 32 | |
| 33 void TemporaryFileManager::UnregisterDownloadedTempFile( | |
| 34 int child_id, int request_id) { | |
| 35 registered_temp_files_[child_id].erase(request_id); | |
| 36 | |
| 37 // Note that we don't remove the security bits here. This will be done | |
| 38 // when all file refs are deleted (see RegisterDownloadedTempFile). | |
| 39 } | |
| 40 | |
| 41 void TemporaryFileManager::UnregisterFilesForChild(int child_id) { | |
| 42 registered_temp_files_.erase(child_id); | |
| 43 } | |
| 44 | |
| 45 void TemporaryFileManager::CreateTemporary( | |
| 46 int child_id, | |
| 47 int request_id, | |
| 48 base::WeakPtr<RedirectToFileResourceHandler> handler) { | |
|
darin (slow to review)
2013/12/06 17:56:07
It would be nice from a unit-testing point of view
davidben
2013/12/19 22:21:01
Done.
| |
| 49 base::FileUtilProxy::CreateTemporary( | |
| 50 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::FILE).get(), | |
| 51 base::PLATFORM_FILE_ASYNC, | |
| 52 base::Bind(&TemporaryFileManager::DidCreateTemporaryFile, | |
| 53 weak_factory_.GetWeakPtr(), | |
| 54 child_id, request_id, handler)); | |
| 55 } | |
| 56 | |
| 57 void TemporaryFileManager::DidCreateTemporaryFile( | |
| 58 int child_id, | |
| 59 int request_id, | |
| 60 base::WeakPtr<RedirectToFileResourceHandler> handler, | |
| 61 base::PlatformFileError error_code, | |
| 62 base::PassPlatformFile file_handle, | |
| 63 const base::FilePath& file_path) { | |
| 64 if (error_code != base::PLATFORM_FILE_OK) { | |
| 65 if (handler) { | |
| 66 handler->DidCreateTemporaryFile( | |
| 67 error_code, scoped_ptr<net::FileStream>(), NULL); | |
| 68 } | |
| 69 return; | |
| 70 } | |
| 71 | |
| 72 // Cancelled or not, create the deletable_file so the temporary is cleaned up. | |
| 73 scoped_refptr<ShareableFileReference> deletable_file = | |
| 74 ShareableFileReference::GetOrCreate( | |
| 75 file_path, | |
| 76 ShareableFileReference::DELETE_ON_FINAL_RELEASE, | |
| 77 BrowserThread::GetMessageLoopProxyForThread( | |
| 78 BrowserThread::FILE).get()); | |
| 79 | |
| 80 // Check if the handler has since been destroyed. If so, skip the rest. | |
| 81 if (!handler) | |
| 82 return; | |
| 83 | |
| 84 scoped_ptr<net::FileStream> file_stream(new net::FileStream( | |
| 85 file_handle.ReleaseValue(), | |
| 86 base::PLATFORM_FILE_WRITE | base::PLATFORM_FILE_ASYNC, | |
| 87 NULL)); | |
| 88 | |
| 89 RegisterDownloadedTempFile(child_id, request_id, deletable_file.get()); | |
| 90 handler->DidCreateTemporaryFile( | |
| 91 error_code, file_stream.Pass(), deletable_file); | |
| 92 } | |
| 93 | |
| 94 void TemporaryFileManager::RegisterDownloadedTempFile( | |
| 95 int child_id, int request_id, ShareableFileReference* reference) { | |
| 96 registered_temp_files_[child_id][request_id] = reference; | |
| 97 ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile( | |
| 98 child_id, reference->path()); | |
| 99 | |
| 100 // When the temp file is deleted, revoke permissions that the renderer has | |
| 101 // to that file. This covers an edge case where the file is deleted and then | |
| 102 // the same name is re-used for some other purpose, we don't want the old | |
| 103 // renderer to still have access to it. | |
| 104 // | |
| 105 // This is delayed until the file is deleted because the renderer can take a | |
| 106 // blob reference to the temp file that outlives the url loaded that it was | |
| 107 // loaded with to keep the file (and permissions) alive. | |
| 108 reference->AddFinalReleaseCallback( | |
| 109 base::Bind(&RemoveDownloadFileFromChildSecurityPolicy, | |
| 110 child_id)); | |
| 111 } | |
| 112 | |
| 113 } // namespace content | |
| OLD | NEW |
