webkit/fileapi/sandboxed_file_system_operation.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

// Copyright (c) 2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef WEBKIT_FILEAPI_SANDBOXED_FILE_SYSTEM_OPERATION_H_
#define WEBKIT_FILEAPI_SANDBOXED_FILE_SYSTEM_OPERATION_H_

#include "base/scoped_callback_factory.h"
#include "webkit/fileapi/file_system_operation.h"
#include "webkit/fileapi/file_system_types.h"

namespace fileapi {

class SandboxedFileSystemContext;

// This class provides a 'sandboxed' access to the underlying file system,
// that is:
// 1. provides OpenFileSystem method that returns a (hidden) root path
//    that is given by |file_system_context|.
// 2. enforces quota and file names/paths restrictions on each operation
//    via |file_system_context|.
class SandboxedFileSystemOperation : public FileSystemOperation {
 public:
  // This class doesn't hold a reference or ownership of |file_system_context|.
  // It is the caller's responsibility to keep the pointer alive *until*
  // it calls any of the operation methods.  The |file_system_context| won't be
  // used in the callback path and can be deleted after the operation is
  // made (e.g. after one of CreateFile, CreateDirectory, Copy, etc is called).
  SandboxedFileSystemOperation(FileSystemCallbackDispatcher* dispatcher,
                               scoped_refptr<base::MessageLoopProxy> proxy,
                               SandboxedFileSystemContext* file_system_context);

  void OpenFileSystem(const GURL& origin_url,
                      fileapi::FileSystemType type,
                      bool create);

  // FileSystemOperation's methods.
  virtual void CreateFile(const FilePath& path,
                          bool exclusive);
  virtual void CreateDirectory(const FilePath& path,
                               bool exclusive,
                               bool recursive);
  virtual void Copy(const FilePath& src_path,
                    const FilePath& dest_path);
  virtual void Move(const FilePath& src_path,
                    const FilePath& dest_path);
  virtual void DirectoryExists(const FilePath& path);
  virtual void FileExists(const FilePath& path);
  virtual void GetMetadata(const FilePath& path);
  virtual void ReadDirectory(const FilePath& path);
  virtual void Remove(const FilePath& path, bool recursive);
  virtual void Write(
      scoped_refptr<URLRequestContext> url_request_context,
      const FilePath& path, const GURL& blob_url, int64 offset);
  virtual void Truncate(const FilePath& path, int64 length);
  virtual void TouchFile(const FilePath& path,
                 const base::Time& last_access_time,
                 const base::Time& last_modified_time);

 private:
  enum SandboxedFileSystemOperationType {
    kOperationOpenFileSystem = 100,
  };

  // A callback used for OpenFileSystem.
  void DidGetRootPath(bool success,
                      const FilePath& path,
                      const std::string& name);

  // Checks the validity of a given |path| for reading.
  // Returns true if the given |path| is a valid FileSystem path.
  // Otherwise it calls dispatcher's DidFail method with
  // PLATFORM_FILE_ERROR_SECURITY and returns false.
  bool VerifyFileSystemPathForRead(const FilePath& path);

  // Checks the validity of a given |path| for writing.
  // Returns true if the given |path| is a valid FileSystem path, and
  // its origin embedded in the path has the right to write as much as
  // the given |growth|.
  // Otherwise it fires dispatcher's DidFail method with
  // PLATFORM_FILE_ERROR_SECURITY if the path is not valid for writing,
  // or with PLATFORM_FILE_ERROR_NO_SPACE if the origin is not allowed to
  // increase the usage by |growth|.
  // In either case it returns false after firing DidFail.
  // If |create| flag is true this also checks if the |path| contains
  // any restricted names and chars. If it does, the call fires dispatcher's
  // DidFail with PLATFORM_FILE_ERROR_SECURITY and returns false.
  bool VerifyFileSystemPathForWrite(const FilePath& path,
                                    bool create,
                                    int64 growth);

  // Not owned.  See the comment at the constructor.
  SandboxedFileSystemContext* file_system_context_;

  base::ScopedCallbackFactory<SandboxedFileSystemOperation> callback_factory_;

  DISALLOW_COPY_AND_ASSIGN(SandboxedFileSystemOperation);
};

}  // namespace fileapi

#endif  // WEBKIT_FILEAPI_SANDBOXED_FILE_SYSTEM_OPERATION_H_