blob: fa6d0a9ef0011d81c969f509eb0e3b6778611f34 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef WEBKIT_FILEAPI_ISOLATED_CONTEXT_H_
#define WEBKIT_FILEAPI_ISOLATED_CONTEXT_H_
#include <map>
#include <set>
#include <string>
#include <vector>
#include "base/basictypes.h"
#include "base/file_path.h"
#include "base/memory/singleton.h"
#include "base/synchronization/lock.h"
#include "base/lazy_instance.h"
#include "webkit/fileapi/fileapi_export.h"
namespace fileapi {
// Manages isolated filename namespaces. A namespace is simply defined as a
// set of file paths and corresponding filesystem ID. This context class is
// a singleton and access to the context is thread-safe (protected with a
// lock).
// Some methods of this class are virtual just for mocking.
class FILEAPI_EXPORT IsolatedContext {
public:
// The instance is lazily created per browser process.
static IsolatedContext* GetInstance();
// Registers a new file isolated filesystem with the given set of files
// and returns the new filesystem_id. The files are registered with their
// basenames as their keys so that later we can resolve the full paths
// for the given file name in the isolated filesystem. We only expose the
// key and the ID for the newly created filesystem to the renderer for
// the sake of security.
//
// The renderer will be sending filesystem requests with a virtual path like
// '/<filesystem_id>/<relative_path_from_the_basename_of_dropped_path>'
// for which we could crack in the browser by calling CrackIsolatedPath to
// get the full path.
//
// For example: if a dropped file has a path like '/a/b/foo' we register
// the path with the key 'foo' in the newly created filesystem.
// Later if the context is asked to crack a virtual path like '/<fsid>/foo'
// it can properly return the original path '/a/b/foo' by looking up the
// internal mapping. Similarly if a dropped entry is a directory and its
// path is like '/a/b/dir' a virtual path like '/<fsid>/dir/foo' can be
// cracked into '/a/b/dir/foo'.
//
// This may return an empty string (thus invalid as an ID) if the given
// file set contains non absolute paths.
std::string RegisterIsolatedFileSystem(const std::set<FilePath>& fileset);
// Revokes filesystem specified by the given filesystem_id.
void RevokeIsolatedFileSystem(const std::string& filesystem_id);
// Cracks the given |virtual_path| (which should look like
// "/<filesystem_id>/<relative_path>") and populates the |filesystem_id|
// and |platform_path| if the embedded <filesystem_id> is registerred
// to this context. |root_path| is also populated to have the platform
// root (toplevel) path for the |virtual_path|
// (i.e. |platform_path| = |root_path| + <relative_path>).
//
// Returns false if the given virtual_path or the cracked filesystem_id
// is not valid.
//
// Note that |root_path| and |platform_path| are set to empty paths if
// |virtual_path| has no <relative_path> part (i.e. pointing to
// the virtual root).
bool CrackIsolatedPath(const FilePath& virtual_path,
std::string* filesystem_id,
FilePath* root_path,
FilePath* platform_path) const;
// Returns a vector of the full paths of the top-level entry paths
// registered for the |filesystem_id|. Returns false if the
// |filesystem_is| is not valid.
bool GetTopLevelPaths(const std::string& filesystem_id,
std::vector<FilePath>* paths) const;
// Returns the virtual path that looks like /<filesystem_id>/<relative_path>.
FilePath CreateVirtualPath(const std::string& filesystem_id,
const FilePath& relative_path) const;
// Set the filesystem writable if |writable| is true, non-writable
// if it is false. Returns false if the |filesystem_id| is not valid.
bool SetWritable(const std::string& filesystem_id, bool writable);
// Returns true if the |filesystem_id| is writable.
bool IsWritable(const std::string& filesystem_id) const;
private:
friend struct base::DefaultLazyInstanceTraits<IsolatedContext>;
// Maps from filesystem id to a path conversion map for top-level entries.
typedef std::map<FilePath, FilePath> PathMap;
typedef std::map<std::string, PathMap> IDToPathMap;
// Obtain an instance of this class via GetInstance().
IsolatedContext();
~IsolatedContext();
// Returns a new filesystem_id. Called with lock.
std::string GetNewFileSystemId() const;
// This lock needs to be obtained when accessing the toplevel_map_.
mutable base::Lock lock_;
// Maps the toplevel entries to the filesystem id.
IDToPathMap toplevel_map_;
// Holds a set of writable ids.
// Isolated file systems are created read-only by default, and this set
// holds a list of exceptions.
// Detailed filesystem permission may be provided by an external
// security policy manager, e.g. ChildProcessSecurityPolicy.
std::set<std::string> writable_ids_;
DISALLOW_COPY_AND_ASSIGN(IsolatedContext);
};
} // namespace fileapi
#endif // WEBKIT_FILEAPI_ISOLATED_CONTEXT_H_
|
