Pepper/Flapper: Add an interface to do sync file ops on FileRefs.

Such FileRefs are typically obtained from the Pepper file chooser. The interface corresponds exactly to the one for module-local files. (The implementation is only enabled if Flapper hacks are enabled.) BUG=none TEST=Flapper file uploads work for me Review URL: http://codereview.chromium.org/6592071 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@76446 0039d316-1c4b-4281-b951-d872f2087c98
author: viettrungluu@chromium.org <viettrungluu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-03-01 22:28:01 +0000
committer: viettrungluu@chromium.org <viettrungluu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-03-01 22:28:01 +0000
commit: ce8096fb4b6d739d8ddf63b3841392d1bb7ef447 (patch)
tree: c5a223eee8ced80c0fc78f873fd3d9b5f0b47699 /content
parent: 8f11d754152acfba2086a61b05c66c4f7019eacf (diff)
download: chromium_src-ce8096fb4b6d739d8ddf63b3841392d1bb7ef447.zip
chromium_src-ce8096fb4b6d739d8ddf63b3841392d1bb7ef447.tar.gz
chromium_src-ce8096fb4b6d739d8ddf63b3841392d1bb7ef447.tar.bz2
2 files changed, 68 insertions, 33 deletions
diff --git a/content/browser/renderer_host/pepper_file_message_filter.cc b/content/browser/renderer_host/pepper_file_message_filter.cc
index fc551df..2a1e5d8 100644
--- a/content/browser/renderer_host/pepper_file_message_filter.cc
+++ b/content/browser/renderer_host/pepper_file_message_filter.cc
@@ -7,12 +7,13 @@
 #include "base/callback.h"
 #include "base/file_path.h"
 #include "base/file_util.h"
+#include "base/platform_file.h"
 #include "base/process_util.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/renderer_host/browser_render_process_host.h"
-#include "chrome/common/child_process_host.h"
 #include "chrome/common/pepper_file_messages.h"
 #include "content/browser/browser_thread.h"
+#include "content/browser/child_process_security_policy.h"
 #include "ipc/ipc_platform_file.h"
 #include "webkit/plugins/ppapi/file_path.h"
 
@@ -20,31 +21,23 @@
 #include "base/file_descriptor_posix.h"
 #endif
 
-namespace {
-
-FilePath ConvertPepperFilePath(
-    const webkit::ppapi::PepperFilePath& pepper_path) {
-  FilePath file_path;
-  switch(pepper_path.domain()) {
-    case webkit::ppapi::PepperFilePath::DOMAIN_ABSOLUTE:
-      NOTIMPLEMENTED();
-      break;
-    case webkit::ppapi::PepperFilePath::DOMAIN_MODULE_LOCAL:
-      if (!pepper_path.path().IsAbsolute() &&
-          !pepper_path.path().ReferencesParent())
-        file_path = pepper_path.path();
-      break;
-    default:
-      NOTREACHED();
-      break;
-  }
-  return file_path;
-}
-
-}  // namespace
-
-PepperFileMessageFilter::PepperFileMessageFilter(
-    int child_id, Profile* profile) {
+// Used to check if the renderer has permission for the requested operation.
+// TODO(viettrungluu): Verify these. They don't necessarily quite make sense,
+// but it seems to be approximately what the file system code does.
+const int kReadPermissions = base::PLATFORM_FILE_OPEN |
+                             base::PLATFORM_FILE_READ |
+                             base::PLATFORM_FILE_EXCLUSIVE_READ;
+const int kWritePermissions = base::PLATFORM_FILE_OPEN |
+                              base::PLATFORM_FILE_CREATE |
+                              base::PLATFORM_FILE_CREATE_ALWAYS |
+                              base::PLATFORM_FILE_WRITE |
+                              base::PLATFORM_FILE_EXCLUSIVE_WRITE |
+                              base::PLATFORM_FILE_TRUNCATE |
+                              base::PLATFORM_FILE_WRITE_ATTRIBUTES;
+
+PepperFileMessageFilter::PepperFileMessageFilter(int child_id,
+                                                 Profile* profile)
+    : child_id_(child_id) {
   pepper_path_ = profile->GetPath().Append(FILE_PATH_LITERAL("Pepper Data"));
 }
 
@@ -85,7 +78,7 @@ void PepperFileMessageFilter::OnOpenFile(
     int flags,
     base::PlatformFileError* error,
     IPC::PlatformFileForTransit* file) {
-  FilePath full_path = ConvertPepperFilePath(path);
+  FilePath full_path = ValidateAndConvertPepperFilePath(path, flags);
   if (full_path.empty()) {
     *error = base::PLATFORM_FILE_ERROR_ACCESS_DENIED;
     *file = IPC::InvalidPlatformFileForTransit();
@@ -128,8 +121,10 @@ void PepperFileMessageFilter::OnRenameFile(
     const webkit::ppapi::PepperFilePath& from_path,
     const webkit::ppapi::PepperFilePath& to_path,
     base::PlatformFileError* error) {
-  FilePath from_full_path = ConvertPepperFilePath(from_path);
-  FilePath to_full_path = ConvertPepperFilePath(to_path);
+  FilePath from_full_path = ValidateAndConvertPepperFilePath(from_path,
+                                                             kWritePermissions);
+  FilePath to_full_path = ValidateAndConvertPepperFilePath(to_path,
+                                                           kWritePermissions);
   if (from_full_path.empty() || to_full_path.empty()) {
     *error = base::PLATFORM_FILE_ERROR_ACCESS_DENIED;
     return;
@@ -144,7 +139,8 @@ void PepperFileMessageFilter::OnDeleteFileOrDir(
     const webkit::ppapi::PepperFilePath& path,
     bool recursive,
     base::PlatformFileError* error) {
-  FilePath full_path = ConvertPepperFilePath(path);
+  FilePath full_path = ValidateAndConvertPepperFilePath(path,
+                                                        kWritePermissions);
   if (full_path.empty()) {
     *error = base::PLATFORM_FILE_ERROR_ACCESS_DENIED;
     return;
@@ -158,7 +154,8 @@ void PepperFileMessageFilter::OnDeleteFileOrDir(
 void PepperFileMessageFilter::OnCreateDir(
     const webkit::ppapi::PepperFilePath& path,
     base::PlatformFileError* error) {
-  FilePath full_path = ConvertPepperFilePath(path);
+  FilePath full_path = ValidateAndConvertPepperFilePath(path,
+                                                        kWritePermissions);
   if (full_path.empty()) {
     *error = base::PLATFORM_FILE_ERROR_ACCESS_DENIED;
     return;
@@ -173,7 +170,7 @@ void PepperFileMessageFilter::OnQueryFile(
     const webkit::ppapi::PepperFilePath& path,
     base::PlatformFileInfo* info,
     base::PlatformFileError* error) {
-  FilePath full_path = ConvertPepperFilePath(path);
+  FilePath full_path = ValidateAndConvertPepperFilePath(path, kReadPermissions);
   if (full_path.empty()) {
     *error = base::PLATFORM_FILE_ERROR_ACCESS_DENIED;
     return;
@@ -188,7 +185,7 @@ void PepperFileMessageFilter::OnGetDirContents(
     const webkit::ppapi::PepperFilePath& path,
     webkit::ppapi::DirContents* contents,
     base::PlatformFileError* error) {
-  FilePath full_path = ConvertPepperFilePath(path);
+  FilePath full_path = ValidateAndConvertPepperFilePath(path, kReadPermissions);
   if (full_path.empty()) {
     *error = base::PLATFORM_FILE_ERROR_ACCESS_DENIED;
     return;
@@ -215,3 +212,31 @@ void PepperFileMessageFilter::OnGetDirContents(
 
   *error = base::PLATFORM_FILE_OK;
 }
+
+FilePath PepperFileMessageFilter::ValidateAndConvertPepperFilePath(
+    const webkit::ppapi::PepperFilePath& pepper_path, int flags) {
+  FilePath file_path;  // Empty path returned on error.
+  switch(pepper_path.domain()) {
+    case webkit::ppapi::PepperFilePath::DOMAIN_ABSOLUTE:
+// TODO(viettrungluu): This could be dangerous if not 100% right, so let's be
+// conservative and only enable it when requested.
+#if defined(ENABLE_FLAPPER_HACKS)
+      if (pepper_path.path().IsAbsolute() &&
+          ChildProcessSecurityPolicy::GetInstance()->HasPermissionsForFile(
+              child_id(), pepper_path.path(), flags))
+        file_path = pepper_path.path();
+#else
+      NOTIMPLEMENTED();
+#endif  // ENABLE_FLAPPER_HACKS
+      break;
+    case webkit::ppapi::PepperFilePath::DOMAIN_MODULE_LOCAL:
+      if (!pepper_path.path().IsAbsolute() &&
+          !pepper_path.path().ReferencesParent())
+        file_path = pepper_path.path();
+      break;
+    default:
+      NOTREACHED();
+      break;
+  }
+  return file_path;
+}
diff --git a/content/browser/renderer_host/pepper_file_message_filter.h b/content/browser/renderer_host/pepper_file_message_filter.h
index 530d9c6..7fa0212 100644
--- a/content/browser/renderer_host/pepper_file_message_filter.h
+++ b/content/browser/renderer_host/pepper_file_message_filter.h
@@ -38,6 +38,8 @@ class PepperFileMessageFilter : public BrowserMessageFilter {
                                  bool* message_was_ok);
   virtual void OnDestruct() const;
 
+  int child_id() const { return child_id_; }
+
  private:
   friend class BrowserThread;
   friend class DeleteTask<PepperFileMessageFilter>;
@@ -63,6 +65,14 @@ class PepperFileMessageFilter : public BrowserMessageFilter {
                         webkit::ppapi::DirContents* contents,
                         base::PlatformFileError* error);
 
+  // Validate and convert the Pepper file path to a "real" |FilePath|. Returns
+  // an empty |FilePath| on error.
+  FilePath ValidateAndConvertPepperFilePath(
+      const webkit::ppapi::PepperFilePath& pepper_path, int flags);
+
+  // The ID of the child process.
+  const int child_id_;
+
   // The channel associated with the renderer connection. This pointer is not
   // owned by this class.
   IPC::Channel* channel_;
author	viettrungluu@chromium.org <viettrungluu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-03-01 22:28:01 +0000
committer	viettrungluu@chromium.org <viettrungluu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-03-01 22:28:01 +0000
commit	ce8096fb4b6d739d8ddf63b3841392d1bb7ef447 (patch)
tree	c5a223eee8ced80c0fc78f873fd3d9b5f0b47699 /content
parent	8f11d754152acfba2086a61b05c66c4f7019eacf (diff)
download	chromium_src-ce8096fb4b6d739d8ddf63b3841392d1bb7ef447.zip chromium_src-ce8096fb4b6d739d8ddf63b3841392d1bb7ef447.tar.gz chromium_src-ce8096fb4b6d739d8ddf63b3841392d1bb7ef447.tar.bz2