Give type directory string for given URL from outside ObfuscatedFileUtil

This patch moves FileSystemType to type string map outside
ObfuscatedFileUtil and let it take 'type string' from outside the
ObfuscatedFileUtil (so that we can later utilize the 'type string' field
for plugin/MIME-type private filesystem).

Brief plausible plan:
- Use separate ObfuscatedFileUtil in its own directory for plugin-private
- Utilize type_string field for MIME type (this should be ok since we only store data for PluginPrivate type in this separate directory)
- Record { filesystem_id: mime-type } pair for each OpenPrivateFileSystem() in PluginPrivateFileSystemBackend
- GetTypeStringForURLCallback given in ctor can look up this table to get type_string
- (We need to unregister filesystem_id when it's no longer needed)

BUG=286240
TEST=content_unittests:ObfuscatedFileUtil*,Sandbox*

Review URL: https://codereview.chromium.org/27168004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@229603 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 64 insertions, 16 deletions

diff --git a/webkit/browser/fileapi/obfuscated_file_util.h b/webkit/browser/fileapi/obfuscated_file_util.h
index 266939c0..c5ce737 100644
--- a/webkit/browser/fileapi/obfuscated_file_util.h
+++ b/webkit/browser/fileapi/obfuscated_file_util.h
@@ -6,8 +6,10 @@
 #define WEBKIT_BROWSER_FILEAPI_OBFUSCATED_FILE_UTIL_H_
 
 #include <map>
+#include <set>
 #include <string>
 
+#include "base/callback_forward.h"
 #include "base/files/file_path.h"
 #include "base/files/file_util_proxy.h"
 #include "base/gtest_prod_util.h"
@@ -37,6 +39,21 @@ class FileSystemOperationContext;
 class SandboxOriginDatabaseInterface;
 class TimedTaskHelper;
 
+// This file util stores directory information in LevelDB to obfuscate
+// and to neutralize virtual file paths given by arbitrary apps.
+// Files are stored with two-level isolation: per-origin and per-type.
+// The isolation is done by storing data in separate directory partitions.
+// For example, a file in Temporary file system for origin 'www.example.com'
+// is stored in a different partition for a file in Persistent file system
+// for the same origin, or for Temporary file system for another origin.
+//
+// * Per-origin directory name information is stored in a separate LevelDB,
+//   which is maintained by SandboxOriginDatabase.
+// * Per-type directory name information is given by
+//   GetTypeStringForURLCallback that is given in CTOR.
+//   We use a small static mapping (e.g. 't' for Temporary type) for
+//   regular sandbox filesystems.
+//
 // The overall implementation philosophy of this class is that partial failures
 // should leave us with an intact database; we'd prefer to leak the occasional
 // backing file than have a database entry whose backing file is missing.  When
@@ -58,13 +75,31 @@ class WEBKIT_STORAGE_BROWSER_EXPORT_PRIVATE ObfuscatedFileUtil
     virtual GURL Next() = 0;
 
     // Returns the current origin's information.
-    virtual bool HasFileSystemType(FileSystemType type) const = 0;
+    // |type_string| must be ascii string.
+    virtual bool HasTypeDirectory(const std::string& type_string) const = 0;
   };
 
+  typedef base::Callback<std::string(const FileSystemURL&)>
+      GetTypeStringForURLCallback;
+
+  // |get_type_string_for_url| is user-defined callback that should return
+  // a type string for the given FileSystemURL.  The type string is used
+  // to provide per-type isolation in the sandboxed filesystem directory.
+  // Note that this method is called on file_task_runner.
+  //
+  // |known_type_strings| are known type string names that this file system
+  // should care about.
+  // This info is used to determine whether we could delete the entire
+  // origin directory or not in DeleteDirectoryForOriginAndType. If no directory
+  // for any known type exists the origin directory may get deleted when
+  // one origin/type pair is deleted.
+  //
   ObfuscatedFileUtil(
       quota::SpecialStoragePolicy* special_storage_policy,
       const base::FilePath& file_system_directory,
-      base::SequencedTaskRunner* file_task_runner);
+      base::SequencedTaskRunner* file_task_runner,
+      const GetTypeStringForURLCallback& get_type_string_for_url,
+      const std::set<std::string>& known_type_strings);
   virtual ~ObfuscatedFileUtil();
 
   // FileSystemFileUtil overrides.
@@ -143,26 +178,24 @@ class WEBKIT_STORAGE_BROWSER_EXPORT_PRIVATE ObfuscatedFileUtil
   // Gets the topmost directory specific to this origin and type.  This will
   // contain both the directory database's files and all the backing file
   // subdirectories.
-  // Returns an empty path if the directory is undefined (e.g. because |type|
-  // is invalid). If the directory is defined, it will be returned, even if
+  // Returns the topmost origin directory if |type_string| is empty.
+  // Returns an empty path if the directory is undefined.
+  // If the directory is defined, it will be returned, even if
   // there is a file system error (e.g. the directory doesn't exist on disk and
   // |create| is false). Callers should always check |error_code| to make sure
   // the returned path is usable.
   base::FilePath GetDirectoryForOriginAndType(
       const GURL& origin,
-      FileSystemType type,
+      const std::string& type_string,
       bool create,
       base::PlatformFileError* error_code);
 
   // Deletes the topmost directory specific to this origin and type.  This will
   // delete its directory database.
-  bool DeleteDirectoryForOriginAndType(const GURL& origin, FileSystemType type);
-
-  // TODO(ericu): This doesn't really feel like it belongs in this class.
-  // The previous version lives in FileSystemPathManager, but perhaps
-  // SandboxFileSystemBackend would be better?
-  static base::FilePath::StringType GetDirectoryNameForType(
-      FileSystemType type);
+  // Deletes the topmost origin directory if |type_string| is empty.
+  bool DeleteDirectoryForOriginAndType(
+      const GURL& origin,
+      const std::string& type_string);
 
   // This method and all methods of its returned class must be called only on
   // the FILE thread.  The caller is responsible for deleting the returned
@@ -171,7 +204,8 @@ class WEBKIT_STORAGE_BROWSER_EXPORT_PRIVATE ObfuscatedFileUtil
 
   // Deletes a directory database from the database list in the ObfuscatedFSFU
   // and destroys the database on the disk.
-  bool DestroyDirectoryDatabase(const GURL& origin, FileSystemType type);
+  bool DestroyDirectoryDatabase(const GURL& origin,
+                                const std::string& type_string);
 
   // Computes a cost for storing a given file in the obfuscated FSFU.
   // As the cost of a file is independent of the cost of its parent directories,
@@ -180,13 +214,12 @@ class WEBKIT_STORAGE_BROWSER_EXPORT_PRIVATE ObfuscatedFileUtil
   // on each path segment and add the results.
   static int64 ComputeFilePathCost(const base::FilePath& path);
 
-  void MaybePrepopulateDatabase();
-
  private:
   typedef SandboxDirectoryDatabase::FileId FileId;
   typedef SandboxDirectoryDatabase::FileInfo FileInfo;
 
   friend class ObfuscatedFileEnumerator;
+  friend class ObfuscatedFileUtilTest;
   FRIEND_TEST_ALL_PREFIXES(ObfuscatedFileUtilTest, MaybeDropDatabasesAliveCase);
   FRIEND_TEST_ALL_PREFIXES(ObfuscatedFileUtilTest,
                            MaybeDropDatabasesAlreadyDeletedCase);
@@ -197,11 +230,22 @@ class WEBKIT_STORAGE_BROWSER_EXPORT_PRIVATE ObfuscatedFileUtil
   FRIEND_TEST_ALL_PREFIXES(ObfuscatedFileUtilTest,
                            MigrationBackFromIsolated);
 
+  // Helper method to create an obfuscated file util for regular
+  // (temporary, persistent) file systems. Used only for testing.
+  // Note: this is implemented in sandbox_file_system_backend_delegate.cc.
+  static ObfuscatedFileUtil* CreateForTesting(
+      quota::SpecialStoragePolicy* special_storage_policy,
+      const base::FilePath& file_system_directory,
+      base::SequencedTaskRunner* file_task_runner);
+
   base::FilePath GetDirectoryForURL(
       const FileSystemURL& url,
       bool create,
       base::PlatformFileError* error_code);
 
+  // This just calls get_type_string_for_url_ callback that is given in ctor.
+  std::string CallGetTypeStringForURL(const FileSystemURL& url);
+
   base::PlatformFileError GetFileInfoInternal(
       SandboxDirectoryDatabase* db,
       FileSystemOperationContext* context,
@@ -237,7 +281,8 @@ class WEBKIT_STORAGE_BROWSER_EXPORT_PRIVATE ObfuscatedFileUtil
       const FileSystemURL& url,
       const base::FilePath& data_file_path);
 
-  std::string GetDirectoryDatabaseKey(const GURL& origin, FileSystemType type);
+  std::string GetDirectoryDatabaseKey(const GURL& origin,
+                                      const std::string& type_string);
 
   // This returns NULL if |create| flag is false and a filesystem does not
   // exist for the given |url|.
@@ -286,6 +331,9 @@ class WEBKIT_STORAGE_BROWSER_EXPORT_PRIVATE ObfuscatedFileUtil
   scoped_refptr<base::SequencedTaskRunner> file_task_runner_;
   scoped_ptr<TimedTaskHelper> timer_;
 
+  GetTypeStringForURLCallback get_type_string_for_url_;
+  std::set<std::string> known_type_strings_;
+
   // If this instance is initialized for an isolated partition, this should
   // only see a single origin.
   GURL isolated_origin_;