Create file systems restricted to volumes.

Before, on Chrome OS, JS Entry objects were holding the same DOMFileSystem 
object, and they were attached to the same big root. All of the mount points 
were first-level directories. This looks like a Linux approach. 

However, for better isolation a different approach has been suggested. To have 
a separate DOMFileSystem object per every volume on Chrome OS. So, Downloads 
and Drive files would be separate, and the filesystem's root would be one of 
the mount points. 

What is more, restricting DOMFileSystem objects to a mount point is not enough. 
In case of `archive` and `removable`, we have two level mount points. The first 
level is either `archive` or `removable`. Either of them contains mounted 
volumes - archives or removable devices. 

This patch restricts DOMFileSystem objects (and thereof Entry objects) to the 
inner most mount point. For example: /Downloads, /drive, /archive/archive-1, 
/archive/archive-2, /removable/disk-1, /removable/disk-2. 

Having this solution it is impossible to access the grand root containing all 
of the outer mount points, which was until now restricted in JavaScript. Also, 
it doesn't allow to get an Entry for /archive and /removable, which was also 
filtered out in JS layer. 

Moreover, and what is the most important, this approach allows to map a C++ 
VolumeInfo to a DOMFileSystem object with 1:1 relationship. 

To achieve that, the OpenFileSystem has been renamed to ResolveURL, since this 
method has been always used to Resolving a file system URL. Opening the file 
system was a side effect. This allowed to unify the code paths for sandboxed 
and non-sandboxed file systems. Before, for non-sandboxed file systems, the 
root url (and the name) were manually computed using a deprecated utility 
function fileapi::GetFileSystemInfoForChromeOS(), which is removed in this 
patch. 

The drawback of this change was that the root_url and the fs name resolution 
became asynchonous. The reason for that is that sandboxed file systems may 
perform operations on different threads, therefore they have to be 
asynchronous. To simplify migration a utility function has been introduced to 
convert FileDefinition vectors to EntryDefinition vectors. 

Finally, this change will allow simplifying Files app volumes logic 
significantly. The JS VolumeInfo will match C++ VolumeInfo 1:1, as well as 
either VolumeInfo will match a DOMFileSystem object 1:1. As a result, we will 
be able to remove special cases for inner mount points (for archives and 
removables). Another advantage is simple way to pass names of JS-provided file 
systems. 

The permission management is currently simplified, but the next step will be to 
grant permissions per inner-most mount point, which will clean up security 
policy comparing to the former implementation. 

TBR=phajdan.jr@chromium.org
BUG=318021
TEST=Tested manually.

Review URL: https://codereview.chromium.org/162963003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@253351 0039d316-1c4b-4281-b951-d872f2087c98

10 files changed, 46 insertions, 83 deletions

diff --git a/webkit/browser/fileapi/file_system_backend.h b/webkit/browser/fileapi/file_system_backend.h
index e506550..52c0ec6 100644
--- a/webkit/browser/fileapi/file_system_backend.h
+++ b/webkit/browser/fileapi/file_system_backend.h
@@ -57,17 +57,15 @@ class WEBKIT_STORAGE_BROWSER_EXPORT FileSystemBackend {
   // do additional initialization which depends on FileSystemContext here.
   virtual void Initialize(FileSystemContext* context) = 0;
 
-  // Opens the filesystem for the given |origin_url| and |type|.
-  // This verifies if it is allowed to request (or create) the filesystem
-  // and if it can access (or create) the root directory.
-  // If |mode| is CREATE_IF_NONEXISTENT calling this may also create
-  // the root directory (and/or related database entries etc) for
-  // the filesystem if it doesn't exist.
-  virtual void OpenFileSystem(
-      const GURL& origin_url,
-      FileSystemType type,
-      OpenFileSystemMode mode,
-      const OpenFileSystemCallback& callback) = 0;
+  // Resolves the filesystem root URL and the name for the given |url|.
+  // This verifies if it is allowed to request (or create) the filesystem and if
+  // it can access (or create) the root directory.
+  // If |mode| is CREATE_IF_NONEXISTENT calling this may also create the root
+  // directory (and/or related database entries etc) for the filesystem if it
+  // doesn't exist.
+  virtual void ResolveURL(const FileSystemURL& url,
+                          OpenFileSystemMode mode,
+                          const OpenFileSystemCallback& callback) = 0;
 
   // Returns the specialized AsyncFileUtil for this backend.
   virtual AsyncFileUtil* GetAsyncFileUtil(FileSystemType type) = 0;
diff --git a/webkit/browser/fileapi/file_system_context.cc b/webkit/browser/fileapi/file_system_context.cc
index 17f9cf8..c42eadb 100644
--- a/webkit/browser/fileapi/file_system_context.cc
+++ b/webkit/browser/fileapi/file_system_context.cc
@@ -307,31 +307,20 @@ void FileSystemContext::OpenFileSystem(
     return;
   }
 
-  backend->OpenFileSystem(origin_url, type, mode, callback);
+  backend->ResolveURL(
+      CreateCrackedFileSystemURL(origin_url, type, base::FilePath()),
+      mode,
+      callback);
 }
 
 void FileSystemContext::ResolveURL(
     const FileSystemURL& url,
     const ResolveURLCallback& callback) {
+  // TODO(nhiroki, kinuko): Remove this thread restriction, so it can be called
+  // on either UI or IO thread.
   DCHECK(io_task_runner_->RunsTasksOnCurrentThread());
   DCHECK(!callback.is_null());
 
-  if (!FileSystemContext::IsSandboxFileSystem(url.type())) {
-#ifdef OS_CHROMEOS
-    // Do not have to open a non-sandboxed filesystem.
-    // TODO(nhiroki): For now we assume this path is called only on ChromeOS,
-    // but this assumption may be broken in the future and we should handle
-    // more generally. http://crbug.com/304062.
-    FileSystemInfo info = GetFileSystemInfoForChromeOS(url.origin());
-    DidOpenFileSystemForResolveURL(
-        url, callback, info.root_url, info.name, base::File::FILE_OK);
-    return;
-#endif
-    callback.Run(base::File::FILE_ERROR_SECURITY,
-                 FileSystemInfo(), base::FilePath(), false);
-    return;
-  }
-
   FileSystemBackend* backend = GetFileSystemBackend(url.type());
   if (!backend) {
     callback.Run(base::File::FILE_ERROR_SECURITY,
@@ -339,11 +328,13 @@ void FileSystemContext::ResolveURL(
     return;
   }
 
-  backend->OpenFileSystem(
-      url.origin(), url.type(),
+  backend->ResolveURL(
+      url,
       OPEN_FILE_SYSTEM_FAIL_IF_NONEXISTENT,
       base::Bind(&FileSystemContext::DidOpenFileSystemForResolveURL,
-                 this, url, callback));
+                 this,
+                 url,
+                 callback));
 }
 
 void FileSystemContext::DeleteFileSystem(
diff --git a/webkit/browser/fileapi/isolated_file_system_backend.cc b/webkit/browser/fileapi/isolated_file_system_backend.cc
index 06050f8..a8acffb 100644
--- a/webkit/browser/fileapi/isolated_file_system_backend.cc
+++ b/webkit/browser/fileapi/isolated_file_system_backend.cc
@@ -57,17 +57,16 @@ bool IsolatedFileSystemBackend::CanHandleType(FileSystemType type) const {
 void IsolatedFileSystemBackend::Initialize(FileSystemContext* context) {
 }
 
-void IsolatedFileSystemBackend::OpenFileSystem(
-    const GURL& origin_url,
-    FileSystemType type,
+void IsolatedFileSystemBackend::ResolveURL(
+    const FileSystemURL& url,
     OpenFileSystemMode mode,
     const OpenFileSystemCallback& callback) {
-  // We never allow opening a new isolated FileSystem via usual OpenFileSystem.
+  // We never allow opening a new isolated FileSystem via usual ResolveURL.
   base::MessageLoopProxy::current()->PostTask(
       FROM_HERE,
       base::Bind(callback,
-                 GetFileSystemRootURI(origin_url, type),
-                 GetFileSystemName(origin_url, type),
+                 GURL(),
+                 std::string(),
                  base::File::FILE_ERROR_SECURITY));
 }
 
diff --git a/webkit/browser/fileapi/isolated_file_system_backend.h b/webkit/browser/fileapi/isolated_file_system_backend.h
index ca266e8..1c2edfdd 100644
--- a/webkit/browser/fileapi/isolated_file_system_backend.h
+++ b/webkit/browser/fileapi/isolated_file_system_backend.h
@@ -20,11 +20,9 @@ class IsolatedFileSystemBackend : public FileSystemBackend {
   // FileSystemBackend implementation.
   virtual bool CanHandleType(FileSystemType type) const OVERRIDE;
   virtual void Initialize(FileSystemContext* context) OVERRIDE;
-  virtual void OpenFileSystem(
-      const GURL& origin_url,
-      FileSystemType type,
-      OpenFileSystemMode mode,
-      const OpenFileSystemCallback& callback) OVERRIDE;
+  virtual void ResolveURL(const FileSystemURL& url,
+                          OpenFileSystemMode mode,
+                          const OpenFileSystemCallback& callback) OVERRIDE;
   virtual AsyncFileUtil* GetAsyncFileUtil(FileSystemType type) OVERRIDE;
   virtual CopyOrMoveFileValidatorFactory* GetCopyOrMoveFileValidatorFactory(
       FileSystemType type,
diff --git a/webkit/browser/fileapi/plugin_private_file_system_backend.cc b/webkit/browser/fileapi/plugin_private_file_system_backend.cc
index 35ad8eb..2c8ed3b 100644
--- a/webkit/browser/fileapi/plugin_private_file_system_backend.cc
+++ b/webkit/browser/fileapi/plugin_private_file_system_backend.cc
@@ -143,13 +143,12 @@ bool PluginPrivateFileSystemBackend::CanHandleType(FileSystemType type) const {
 void PluginPrivateFileSystemBackend::Initialize(FileSystemContext* context) {
 }
 
-void PluginPrivateFileSystemBackend::OpenFileSystem(
-    const GURL& origin_url,
-    FileSystemType type,
+void PluginPrivateFileSystemBackend::ResolveURL(
+    const FileSystemURL& url,
     OpenFileSystemMode mode,
     const OpenFileSystemCallback& callback) {
   // We never allow opening a new plugin-private filesystem via usual
-  // OpenFileSystem.
+  // ResolveURL.
   base::MessageLoopProxy::current()->PostTask(
       FROM_HERE,
       base::Bind(callback, GURL(), std::string(),
diff --git a/webkit/browser/fileapi/plugin_private_file_system_backend.h b/webkit/browser/fileapi/plugin_private_file_system_backend.h
index 7dc2e13..35612b1 100644
--- a/webkit/browser/fileapi/plugin_private_file_system_backend.h
+++ b/webkit/browser/fileapi/plugin_private_file_system_backend.h
@@ -61,11 +61,9 @@ class WEBKIT_STORAGE_BROWSER_EXPORT PluginPrivateFileSystemBackend
   // FileSystemBackend overrides.
   virtual bool CanHandleType(FileSystemType type) const OVERRIDE;
   virtual void Initialize(FileSystemContext* context) OVERRIDE;
-  virtual void OpenFileSystem(
-      const GURL& origin_url,
-      FileSystemType type,
-      OpenFileSystemMode mode,
-      const OpenFileSystemCallback& callback) OVERRIDE;
+  virtual void ResolveURL(const FileSystemURL& url,
+                          OpenFileSystemMode mode,
+                          const OpenFileSystemCallback& callback) OVERRIDE;
   virtual AsyncFileUtil* GetAsyncFileUtil(FileSystemType type) OVERRIDE;
   virtual CopyOrMoveFileValidatorFactory* GetCopyOrMoveFileValidatorFactory(
       FileSystemType type,
diff --git a/webkit/browser/fileapi/sandbox_file_system_backend.cc b/webkit/browser/fileapi/sandbox_file_system_backend.cc
index 62f91de..cb288aa 100644
--- a/webkit/browser/fileapi/sandbox_file_system_backend.cc
+++ b/webkit/browser/fileapi/sandbox_file_system_backend.cc
@@ -60,24 +60,25 @@ void SandboxFileSystemBackend::Initialize(FileSystemContext* context) {
       delegate_->quota_observer(), NULL);
 }
 
-void SandboxFileSystemBackend::OpenFileSystem(
-    const GURL& origin_url,
-    fileapi::FileSystemType type,
+void SandboxFileSystemBackend::ResolveURL(
+    const FileSystemURL& url,
     OpenFileSystemMode mode,
     const OpenFileSystemCallback& callback) {
-  DCHECK(CanHandleType(type));
+  DCHECK(CanHandleType(url.type()));
   DCHECK(delegate_);
   if (delegate_->file_system_options().is_incognito() &&
-      !(type == kFileSystemTypeTemporary &&
+      !(url.type() == kFileSystemTypeTemporary &&
         enable_temporary_file_system_in_incognito_)) {
     // TODO(kinuko): return an isolated temporary directory.
     callback.Run(GURL(), std::string(), base::File::FILE_ERROR_SECURITY);
     return;
   }
 
-  delegate_->OpenFileSystem(
-      origin_url, type, mode, callback,
-      GetFileSystemRootURI(origin_url, type));
+  delegate_->OpenFileSystem(url.origin(),
+                            url.type(),
+                            mode,
+                            callback,
+                            GetFileSystemRootURI(url.origin(), url.type()));
 }
 
 AsyncFileUtil* SandboxFileSystemBackend::GetAsyncFileUtil(
diff --git a/webkit/browser/fileapi/sandbox_file_system_backend.h b/webkit/browser/fileapi/sandbox_file_system_backend.h
index 7dd7eb8..f82c294 100644
--- a/webkit/browser/fileapi/sandbox_file_system_backend.h
+++ b/webkit/browser/fileapi/sandbox_file_system_backend.h
@@ -21,7 +21,6 @@
 
 namespace fileapi {
 
-// An interface to construct or crack sandboxed filesystem paths for
 // TEMPORARY or PERSISTENT filesystems, which are placed under the user's
 // profile directory in a sandboxed way.
 // This interface also lets one enumerate and remove storage for the origins
@@ -35,11 +34,9 @@ class WEBKIT_STORAGE_BROWSER_EXPORT SandboxFileSystemBackend
   // FileSystemBackend overrides.
   virtual bool CanHandleType(FileSystemType type) const OVERRIDE;
   virtual void Initialize(FileSystemContext* context) OVERRIDE;
-  virtual void OpenFileSystem(
-      const GURL& origin_url,
-      FileSystemType type,
-      OpenFileSystemMode mode,
-      const OpenFileSystemCallback& callback) OVERRIDE;
+  virtual void ResolveURL(const FileSystemURL& url,
+                          OpenFileSystemMode mode,
+                          const OpenFileSystemCallback& callback) OVERRIDE;
   virtual AsyncFileUtil* GetAsyncFileUtil(FileSystemType type) OVERRIDE;
   virtual CopyOrMoveFileValidatorFactory* GetCopyOrMoveFileValidatorFactory(
       FileSystemType type,
diff --git a/webkit/common/fileapi/file_system_util.cc b/webkit/common/fileapi/file_system_util.cc
index 9f01b3e..07136e6 100644
--- a/webkit/common/fileapi/file_system_util.cc
+++ b/webkit/common/fileapi/file_system_util.cc
@@ -445,13 +445,4 @@ base::File::Error NetErrorToFileError(int error) {
   }
 }
 
-#if defined(OS_CHROMEOS)
-FileSystemInfo GetFileSystemInfoForChromeOS(const GURL& origin_url) {
-  FileSystemType mount_type = fileapi::kFileSystemTypeExternal;
-  return FileSystemInfo(fileapi::GetFileSystemName(origin_url, mount_type),
-                        fileapi::GetFileSystemRootURI(origin_url, mount_type),
-                        mount_type);
-}
-#endif
-
 }  // namespace fileapi
diff --git a/webkit/common/fileapi/file_system_util.h b/webkit/common/fileapi/file_system_util.h
index 3ed3769..32463bd 100644
--- a/webkit/common/fileapi/file_system_util.h
+++ b/webkit/common/fileapi/file_system_util.h
@@ -168,15 +168,6 @@ WEBKIT_STORAGE_COMMON_EXPORT std::string GetExternalFileSystemRootURIString(
 WEBKIT_STORAGE_COMMON_EXPORT base::File::Error
 NetErrorToFileError(int error);
 
-#if defined(OS_CHROMEOS)
-// Returns the filesystem info that can be specified by |origin_url|.
-// TODO(nhiroki): This should be deprecated and use
-// GetExternalFileSystemRootURIString() to get separate file systems for each
-// mount type. http://crbug.com/284963.
-WEBKIT_STORAGE_COMMON_EXPORT FileSystemInfo
-GetFileSystemInfoForChromeOS(const GURL& origin_url);
-#endif
-
 }  // namespace fileapi
 
 #endif  // WEBKIT_COMMON_FILEAPI_FILE_SYSTEM_UTIL_H_