1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "content/browser/fileapi/browser_file_system_helper.h" 6 7 #include <string> 8 #include <vector> 9 10 #include "base/command_line.h" 11 #include "base/files/file_path.h" 12 #include "base/sequenced_task_runner.h" 13 #include "base/threading/sequenced_worker_pool.h" 14 #include "content/browser/child_process_security_policy_impl.h" 15 #include "content/public/browser/browser_context.h" 16 #include "content/public/browser/browser_thread.h" 17 #include "content/public/browser/content_browser_client.h" 18 #include "content/public/common/content_client.h" 19 #include "content/public/common/content_switches.h" 20 #include "content/public/common/url_constants.h" 21 #include "webkit/browser/fileapi/external_mount_points.h" 22 #include "webkit/browser/fileapi/file_permission_policy.h" 23 #include "webkit/browser/fileapi/file_system_backend.h" 24 #include "webkit/browser/fileapi/file_system_operation_runner.h" 25 #include "webkit/browser/fileapi/file_system_options.h" 26 #include "webkit/browser/quota/quota_manager.h" 27 28 namespace content { 29 30 namespace { 31 32 using fileapi::FileSystemOptions; 33 34 FileSystemOptions CreateBrowserFileSystemOptions(bool is_incognito) { 35 FileSystemOptions::ProfileMode profile_mode = 36 is_incognito ? FileSystemOptions::PROFILE_MODE_INCOGNITO 37 : FileSystemOptions::PROFILE_MODE_NORMAL; 38 std::vector<std::string> additional_allowed_schemes; 39 GetContentClient()->browser()->GetAdditionalAllowedSchemesForFileSystem( 40 &additional_allowed_schemes); 41 if (CommandLine::ForCurrentProcess()->HasSwitch( 42 switches::kAllowFileAccessFromFiles)) { 43 additional_allowed_schemes.push_back(chrome::kFileScheme); 44 } 45 return FileSystemOptions(profile_mode, additional_allowed_schemes); 46 } 47 48 } // namespace 49 50 scoped_refptr<fileapi::FileSystemContext> CreateFileSystemContext( 51 BrowserContext* browser_context, 52 const base::FilePath& profile_path, 53 bool is_incognito, 54 quota::QuotaManagerProxy* quota_manager_proxy) { 55 56 base::SequencedWorkerPool* pool = content::BrowserThread::GetBlockingPool(); 57 scoped_refptr<base::SequencedTaskRunner> file_task_runner = 58 pool->GetSequencedTaskRunnerWithShutdownBehavior( 59 pool->GetNamedSequenceToken("FileAPI"), 60 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); 61 62 // Setting up additional filesystem backends. 63 ScopedVector<fileapi::FileSystemBackend> additional_backends; 64 GetContentClient()->browser()->GetAdditionalFileSystemBackends( 65 browser_context, 66 profile_path, 67 &additional_backends); 68 69 scoped_refptr<fileapi::FileSystemContext> file_system_context = 70 new fileapi::FileSystemContext( 71 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO).get(), 72 file_task_runner.get(), 73 BrowserContext::GetMountPoints(browser_context), 74 browser_context->GetSpecialStoragePolicy(), 75 quota_manager_proxy, 76 additional_backends.Pass(), 77 profile_path, 78 CreateBrowserFileSystemOptions(is_incognito)); 79 80 std::vector<fileapi::FileSystemType> types; 81 file_system_context->GetFileSystemTypes(&types); 82 for (size_t i = 0; i < types.size(); ++i) { 83 ChildProcessSecurityPolicyImpl::GetInstance()-> 84 RegisterFileSystemPermissionPolicy( 85 types[i], 86 fileapi::FileSystemContext::GetPermissionPolicy(types[i])); 87 } 88 89 return file_system_context; 90 } 91 92 bool FileSystemURLIsValid( 93 fileapi::FileSystemContext* context, 94 const fileapi::FileSystemURL& url) { 95 if (!url.is_valid()) 96 return false; 97 98 return context->GetFileSystemBackend(url.type()) != NULL; 99 } 100 101 bool CheckFileSystemPermissionsForProcess( 102 fileapi::FileSystemContext* context, int process_id, 103 const fileapi::FileSystemURL& url, int permissions, 104 base::PlatformFileError* error) { 105 DCHECK(error); 106 107 if (!FileSystemURLIsValid(context, url)) { 108 *error = base::PLATFORM_FILE_ERROR_INVALID_URL; 109 return false; 110 } 111 112 if (!ChildProcessSecurityPolicyImpl::GetInstance()-> 113 HasPermissionsForFileSystemFile(process_id, url, permissions)) { 114 *error = base::PLATFORM_FILE_ERROR_SECURITY; 115 return false; 116 } 117 118 *error = base::PLATFORM_FILE_OK; 119 return true; 120 } 121 122 void SyncGetPlatformPath(fileapi::FileSystemContext* context, 123 int process_id, 124 const GURL& path, 125 base::FilePath* platform_path) { 126 DCHECK(context->default_file_task_runner()-> 127 RunsTasksOnCurrentThread()); 128 DCHECK(platform_path); 129 *platform_path = base::FilePath(); 130 fileapi::FileSystemURL url(context->CrackURL(path)); 131 if (!FileSystemURLIsValid(context, url)) 132 return; 133 134 // Make sure if this file is ok to be read (in the current architecture 135 // which means roughly same as the renderer is allowed to get the platform 136 // path to the file). 137 ChildProcessSecurityPolicyImpl* policy = 138 ChildProcessSecurityPolicyImpl::GetInstance(); 139 if (!policy->CanReadFileSystemFile(process_id, url)) 140 return; 141 142 context->operation_runner()->SyncGetPlatformPath(url, platform_path); 143 144 // The path is to be attached to URLLoader so we grant read permission 145 // for the file. (We need to check first because a parent directory may 146 // already have the permissions and we don't need to grant it to the file.) 147 if (!policy->CanReadFile(process_id, *platform_path)) 148 policy->GrantReadFile(process_id, *platform_path); 149 } 150 151 } // namespace content 152
