From bbb9e2f6486cccadde4dc2fa077af8f694105eaa Mon Sep 17 00:00:00 2001
From: erg <erg@chromium.org>
Date: Mon, 6 Jul 2015 15:15:21 -0700
Subject: mandoline filesystem: Save cookie data to the mojo:filesystem.

This makes the network service use the sql vfs to proxy writing the
cookies to the filesystem service. This means mojo:network_service does
not directly write its data to the OS filesystem, which will allow us to
sandbox it.

BUG=493311

Review URL: https://codereview.chromium.org/1179413010

Cr-Commit-Position: refs/heads/master@{#337491}
---
 sql/mojo/mojo_vfs.cc     | 18 +++++++++++++++++-
 sql/mojo/vfs_unittest.cc | 13 +++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

(limited to 'sql')

diff --git a/sql/mojo/mojo_vfs.cc b/sql/mojo/mojo_vfs.cc
index 6e38af9..3ef67a1 100644
--- a/sql/mojo/mojo_vfs.cc
+++ b/sql/mojo/mojo_vfs.cc
@@ -6,6 +6,7 @@
 
 #include "base/logging.h"
 #include "base/rand_util.h"
+#include "base/strings/stringprintf.h"
 #include "components/filesystem/public/interfaces/file.mojom.h"
 #include "components/filesystem/public/interfaces/file_system.mojom.h"
 #include "components/filesystem/public/interfaces/types.mojom.h"
@@ -245,10 +246,25 @@ int MojoVFSOpen(sqlite3_vfs* mojo_vfs,
   if (flags & SQLITE_OPEN_DELETEONCLOSE)
     open_flags |= filesystem::kDeleteOnClose;
 
+  mojo::String mojo_name;
+  if (name) {
+    // Don't let callers open the pattern of our temporary databases. When we
+    // open with a null name and SQLITE_OPEN_DELETEONCLOSE, we unlink the
+    // database after we open it. If we create a database here, close it
+    // normally, and then open the same file through the other path, we could
+    // delete the database.
+    CHECK(strncmp("Temp_", name, 5) != 0);
+    mojo_name = name;
+  } else {
+    DCHECK(flags & SQLITE_OPEN_DELETEONCLOSE);
+    static int temp_number = 0;
+    mojo_name = base::StringPrintf("Temp_%d.db", temp_number++);
+  }
+
   // Grab the incoming file
   filesystem::FilePtr file_ptr;
   filesystem::FileError error = filesystem::FILE_ERROR_FAILED;
-  GetRootDirectory(mojo_vfs)->OpenFile(mojo::String(name), GetProxy(&file_ptr),
+  GetRootDirectory(mojo_vfs)->OpenFile(mojo_name, GetProxy(&file_ptr),
                                        open_flags, Capture(&error));
   GetRootDirectory(mojo_vfs).WaitForIncomingResponse();
   if (error != filesystem::FILE_ERROR_OK) {
diff --git a/sql/mojo/vfs_unittest.cc b/sql/mojo/vfs_unittest.cc
index 8ca7c5c..db16638 100644
--- a/sql/mojo/vfs_unittest.cc
+++ b/sql/mojo/vfs_unittest.cc
@@ -115,6 +115,19 @@ TEST_F(VFSTest, NonexclusiveOpen) {
   file->pMethods->xClose(file2.get());
 }
 
+TEST_F(VFSTest, NullFilenameOpen) {
+  // Opening a file with a null filename should return a valid file object.
+  scoped_ptr<sqlite3_file> file(MakeFile());
+  int out_flags;
+  int rc = vfs()->xOpen(
+      vfs(), nullptr, file.get(),
+      SQLITE_OPEN_DELETEONCLOSE | SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE,
+      &out_flags);
+  EXPECT_EQ(SQLITE_OK, rc);
+
+  file->pMethods->xClose(file.get());
+}
+
 TEST_F(VFSTest, DeleteOnClose) {
   {
     scoped_ptr<sqlite3_file> file(MakeFile());
-- 
cgit v1.1