1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef WEBKIT_BROWSER_FILEAPI_OBFUSCATED_FILE_UTIL_H_ 6 #define WEBKIT_BROWSER_FILEAPI_OBFUSCATED_FILE_UTIL_H_ 7 8 #include <map> 9 #include <set> 10 #include <string> 11 #include <vector> 12 13 #include "base/callback_forward.h" 14 #include "base/files/file.h" 15 #include "base/files/file_path.h" 16 #include "base/files/file_util_proxy.h" 17 #include "base/gtest_prod_util.h" 18 #include "base/memory/scoped_ptr.h" 19 #include "webkit/browser/fileapi/file_system_file_util.h" 20 #include "webkit/browser/fileapi/file_system_url.h" 21 #include "webkit/browser/fileapi/sandbox_directory_database.h" 22 #include "webkit/browser/fileapi/sandbox_file_system_backend_delegate.h" 23 #include "webkit/browser/webkit_storage_browser_export.h" 24 #include "webkit/common/blob/shareable_file_reference.h" 25 #include "webkit/common/fileapi/file_system_types.h" 26 27 namespace base { 28 class SequencedTaskRunner; 29 class TimeTicks; 30 } 31 32 namespace content { 33 class ObfuscatedFileUtilTest; 34 class QuotaBackendImplTest; 35 } 36 37 namespace quota { 38 class SpecialStoragePolicy; 39 } 40 41 class GURL; 42 43 namespace fileapi { 44 45 class FileSystemOperationContext; 46 class SandboxOriginDatabaseInterface; 47 class TimedTaskHelper; 48 49 // This file util stores directory information in LevelDB to obfuscate 50 // and to neutralize virtual file paths given by arbitrary apps. 51 // Files are stored with two-level isolation: per-origin and per-type. 52 // The isolation is done by storing data in separate directory partitions. 53 // For example, a file in Temporary file system for origin 'www.example.com' 54 // is stored in a different partition for a file in Persistent file system 55 // for the same origin, or for Temporary file system for another origin. 56 // 57 // * Per-origin directory name information is stored in a separate LevelDB, 58 // which is maintained by SandboxOriginDatabase. 59 // * Per-type directory name information is given by 60 // GetTypeStringForURLCallback that is given in CTOR. 61 // We use a small static mapping (e.g. 't' for Temporary type) for 62 // regular sandbox filesystems. 63 // 64 // The overall implementation philosophy of this class is that partial failures 65 // should leave us with an intact database; we'd prefer to leak the occasional 66 // backing file than have a database entry whose backing file is missing. When 67 // doing FSCK operations, if you find a loose backing file with no reference, 68 // you may safely delete it. 69 // 70 // This class must be deleted on the FILE thread, because that's where 71 // DropDatabases needs to be called. 72 class WEBKIT_STORAGE_BROWSER_EXPORT_PRIVATE ObfuscatedFileUtil 73 : public FileSystemFileUtil { 74 public: 75 // Origin enumerator interface. 76 // An instance of this interface is assumed to be called on the file thread. 77 class AbstractOriginEnumerator { 78 public: ~AbstractOriginEnumerator()79 virtual ~AbstractOriginEnumerator() {} 80 81 // Returns the next origin. Returns empty if there are no more origins. 82 virtual GURL Next() = 0; 83 84 // Returns the current origin's information. 85 // |type_string| must be ascii string. 86 virtual bool HasTypeDirectory(const std::string& type_string) const = 0; 87 }; 88 89 typedef base::Callback<std::string(const FileSystemURL&)> 90 GetTypeStringForURLCallback; 91 92 // |get_type_string_for_url| is user-defined callback that should return 93 // a type string for the given FileSystemURL. The type string is used 94 // to provide per-type isolation in the sandboxed filesystem directory. 95 // Note that this method is called on file_task_runner. 96 // 97 // |known_type_strings| are known type string names that this file system 98 // should care about. 99 // This info is used to determine whether we could delete the entire 100 // origin directory or not in DeleteDirectoryForOriginAndType. If no directory 101 // for any known type exists the origin directory may get deleted when 102 // one origin/type pair is deleted. 103 // 104 ObfuscatedFileUtil( 105 quota::SpecialStoragePolicy* special_storage_policy, 106 const base::FilePath& file_system_directory, 107 leveldb::Env* env_override, 108 base::SequencedTaskRunner* file_task_runner, 109 const GetTypeStringForURLCallback& get_type_string_for_url, 110 const std::set<std::string>& known_type_strings, 111 SandboxFileSystemBackendDelegate* sandbox_delegate); 112 virtual ~ObfuscatedFileUtil(); 113 114 // FileSystemFileUtil overrides. 115 virtual base::File CreateOrOpen( 116 FileSystemOperationContext* context, 117 const FileSystemURL& url, 118 int file_flags) OVERRIDE; 119 virtual base::File::Error EnsureFileExists( 120 FileSystemOperationContext* context, 121 const FileSystemURL& url, bool* created) OVERRIDE; 122 virtual base::File::Error CreateDirectory( 123 FileSystemOperationContext* context, 124 const FileSystemURL& url, 125 bool exclusive, 126 bool recursive) OVERRIDE; 127 virtual base::File::Error GetFileInfo( 128 FileSystemOperationContext* context, 129 const FileSystemURL& url, 130 base::File::Info* file_info, 131 base::FilePath* platform_file) OVERRIDE; 132 virtual scoped_ptr<AbstractFileEnumerator> CreateFileEnumerator( 133 FileSystemOperationContext* context, 134 const FileSystemURL& root_url) OVERRIDE; 135 virtual base::File::Error GetLocalFilePath( 136 FileSystemOperationContext* context, 137 const FileSystemURL& file_system_url, 138 base::FilePath* local_path) OVERRIDE; 139 virtual base::File::Error Touch( 140 FileSystemOperationContext* context, 141 const FileSystemURL& url, 142 const base::Time& last_access_time, 143 const base::Time& last_modified_time) OVERRIDE; 144 virtual base::File::Error Truncate( 145 FileSystemOperationContext* context, 146 const FileSystemURL& url, 147 int64 length) OVERRIDE; 148 virtual base::File::Error CopyOrMoveFile( 149 FileSystemOperationContext* context, 150 const FileSystemURL& src_url, 151 const FileSystemURL& dest_url, 152 CopyOrMoveOption option, 153 bool copy) OVERRIDE; 154 virtual base::File::Error CopyInForeignFile( 155 FileSystemOperationContext* context, 156 const base::FilePath& src_file_path, 157 const FileSystemURL& dest_url) OVERRIDE; 158 virtual base::File::Error DeleteFile( 159 FileSystemOperationContext* context, 160 const FileSystemURL& url) OVERRIDE; 161 virtual base::File::Error DeleteDirectory( 162 FileSystemOperationContext* context, 163 const FileSystemURL& url) OVERRIDE; 164 virtual webkit_blob::ScopedFile CreateSnapshotFile( 165 FileSystemOperationContext* context, 166 const FileSystemURL& url, 167 base::File::Error* error, 168 base::File::Info* file_info, 169 base::FilePath* platform_path) OVERRIDE; 170 171 // Same as the other CreateFileEnumerator, but with recursive support. 172 scoped_ptr<AbstractFileEnumerator> CreateFileEnumerator( 173 FileSystemOperationContext* context, 174 const FileSystemURL& root_url, 175 bool recursive); 176 177 // Returns true if the directory |url| is empty. 178 bool IsDirectoryEmpty( 179 FileSystemOperationContext* context, 180 const FileSystemURL& url); 181 182 // Gets the topmost directory specific to this origin and type. This will 183 // contain both the directory database's files and all the backing file 184 // subdirectories. 185 // Returns the topmost origin directory if |type_string| is empty. 186 // Returns an empty path if the directory is undefined. 187 // If the directory is defined, it will be returned, even if 188 // there is a file system error (e.g. the directory doesn't exist on disk and 189 // |create| is false). Callers should always check |error_code| to make sure 190 // the returned path is usable. 191 base::FilePath GetDirectoryForOriginAndType( 192 const GURL& origin, 193 const std::string& type_string, 194 bool create, 195 base::File::Error* error_code); 196 197 // Deletes the topmost directory specific to this origin and type. This will 198 // delete its directory database. 199 // Deletes the topmost origin directory if |type_string| is empty. 200 bool DeleteDirectoryForOriginAndType( 201 const GURL& origin, 202 const std::string& type_string); 203 204 // This method and all methods of its returned class must be called only on 205 // the FILE thread. The caller is responsible for deleting the returned 206 // object. 207 AbstractOriginEnumerator* CreateOriginEnumerator(); 208 209 // Deletes a directory database from the database list in the ObfuscatedFSFU 210 // and destroys the database on the disk. 211 bool DestroyDirectoryDatabase(const GURL& origin, 212 const std::string& type_string); 213 214 // Computes a cost for storing a given file in the obfuscated FSFU. 215 // As the cost of a file is independent of the cost of its parent directories, 216 // this ignores all but the BaseName of the supplied path. In order to 217 // compute the cost of adding a multi-segment directory recursively, call this 218 // on each path segment and add the results. 219 static int64 ComputeFilePathCost(const base::FilePath& path); 220 221 // Tries to prepopulate directory database for the given type strings. 222 // This tries from the first one in the given type_strings and stops 223 // once it succeeds to do so for one database (i.e. it prepopulates 224 // at most one database). 225 void MaybePrepopulateDatabase( 226 const std::vector<std::string>& type_strings_to_prepopulate); 227 228 private: 229 typedef SandboxDirectoryDatabase::FileId FileId; 230 typedef SandboxDirectoryDatabase::FileInfo FileInfo; 231 232 friend class ObfuscatedFileEnumerator; 233 friend class content::ObfuscatedFileUtilTest; 234 friend class content::QuotaBackendImplTest; 235 236 // Helper method to create an obfuscated file util for regular 237 // (temporary, persistent) file systems. Used only for testing. 238 // Note: this is implemented in sandbox_file_system_backend_delegate.cc. 239 static ObfuscatedFileUtil* CreateForTesting( 240 quota::SpecialStoragePolicy* special_storage_policy, 241 const base::FilePath& file_system_directory, 242 leveldb::Env* env_override, 243 base::SequencedTaskRunner* file_task_runner); 244 245 base::FilePath GetDirectoryForURL( 246 const FileSystemURL& url, 247 bool create, 248 base::File::Error* error_code); 249 250 // This just calls get_type_string_for_url_ callback that is given in ctor. 251 std::string CallGetTypeStringForURL(const FileSystemURL& url); 252 253 base::File::Error GetFileInfoInternal( 254 SandboxDirectoryDatabase* db, 255 FileSystemOperationContext* context, 256 const FileSystemURL& url, 257 FileId file_id, 258 FileInfo* local_info, 259 base::File::Info* file_info, 260 base::FilePath* platform_file_path); 261 262 // Creates a new file, both the underlying backing file and the entry in the 263 // database. |dest_file_info| is an in-out parameter. Supply the name and 264 // parent_id; data_path is ignored. On success, data_path will 265 // always be set to the relative path [from the root of the type-specific 266 // filesystem directory] of a NEW backing file. Returns the new file. 267 base::File CreateAndOpenFile( 268 FileSystemOperationContext* context, 269 const FileSystemURL& dest_url, 270 FileInfo* dest_file_info, 271 int file_flags); 272 273 // The same as CreateAndOpenFile except that a file is not returned and if a 274 // path is provided in |source_path|, it will be used as a source from which 275 // to COPY data. 276 base::File::Error CreateFile( 277 FileSystemOperationContext* context, 278 const base::FilePath& source_file_path, 279 const FileSystemURL& dest_url, 280 FileInfo* dest_file_info); 281 282 // Updates |db| and |dest_file_info| at the end of creating a new file. 283 base::File::Error CommitCreateFile( 284 const base::FilePath& root, 285 const base::FilePath& local_path, 286 SandboxDirectoryDatabase* db, 287 FileInfo* dest_file_info); 288 289 // This converts from a relative path [as is stored in the FileInfo.data_path 290 // field] to an absolute platform path that can be given to the native 291 // filesystem. 292 base::FilePath DataPathToLocalPath( 293 const FileSystemURL& url, 294 const base::FilePath& data_file_path); 295 296 std::string GetDirectoryDatabaseKey(const GURL& origin, 297 const std::string& type_string); 298 299 // This returns NULL if |create| flag is false and a filesystem does not 300 // exist for the given |url|. 301 // For read operations |create| should be false. 302 SandboxDirectoryDatabase* GetDirectoryDatabase(const FileSystemURL& url, 303 bool create); 304 305 // Gets the topmost directory specific to this origin. This will 306 // contain both the filesystem type subdirectories. 307 base::FilePath GetDirectoryForOrigin(const GURL& origin, 308 bool create, 309 base::File::Error* error_code); 310 311 void InvalidateUsageCache(FileSystemOperationContext* context, 312 const GURL& origin, 313 FileSystemType type); 314 315 void MarkUsed(); 316 void DropDatabases(); 317 318 // Initializes the origin database. |origin_hint| may be used as a hint 319 // for initializing database if it's not empty. 320 bool InitOriginDatabase(const GURL& origin_hint, bool create); 321 322 base::File::Error GenerateNewLocalPath( 323 SandboxDirectoryDatabase* db, 324 FileSystemOperationContext* context, 325 const FileSystemURL& url, 326 base::FilePath* root, 327 base::FilePath* local_path); 328 329 base::File CreateOrOpenInternal( 330 FileSystemOperationContext* context, 331 const FileSystemURL& url, 332 int file_flags); 333 334 bool HasIsolatedStorage(const GURL& origin); 335 336 typedef std::map<std::string, SandboxDirectoryDatabase*> DirectoryMap; 337 DirectoryMap directories_; 338 scoped_ptr<SandboxOriginDatabaseInterface> origin_database_; 339 scoped_refptr<quota::SpecialStoragePolicy> special_storage_policy_; 340 base::FilePath file_system_directory_; 341 leveldb::Env* env_override_; 342 343 // Used to delete database after a certain period of inactivity. 344 int64 db_flush_delay_seconds_; 345 346 scoped_refptr<base::SequencedTaskRunner> file_task_runner_; 347 scoped_ptr<TimedTaskHelper> timer_; 348 349 GetTypeStringForURLCallback get_type_string_for_url_; 350 std::set<std::string> known_type_strings_; 351 352 // Not owned. 353 SandboxFileSystemBackendDelegate* sandbox_delegate_; 354 355 DISALLOW_COPY_AND_ASSIGN(ObfuscatedFileUtil); 356 }; 357 358 } // namespace fileapi 359 360 #endif // WEBKIT_BROWSER_FILEAPI_OBFUSCATED_FILE_UTIL_H_ 361