1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/files/file_util.h"
6
7 #include <dirent.h>
8 #include <errno.h>
9 #include <fcntl.h>
10 #include <libgen.h>
11 #include <limits.h>
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <string.h>
15 #include <sys/errno.h>
16 #include <sys/mman.h>
17 #include <sys/param.h>
18 #include <sys/stat.h>
19 #include <sys/time.h>
20 #include <sys/types.h>
21 #include <time.h>
22 #include <unistd.h>
23
24 #if defined(OS_MACOSX)
25 #include <AvailabilityMacros.h>
26 #include "base/mac/foundation_util.h"
27 #elif !defined(OS_CHROMEOS) && defined(USE_GLIB)
28 #include <glib.h> // for g_get_home_dir()
29 #endif
30
31 #include <fstream>
32
33 #include "base/basictypes.h"
34 #include "base/files/file_enumerator.h"
35 #include "base/files/file_path.h"
36 #include "base/files/scoped_file.h"
37 #include "base/logging.h"
38 #include "base/memory/scoped_ptr.h"
39 #include "base/memory/singleton.h"
40 #include "base/path_service.h"
41 #include "base/posix/eintr_wrapper.h"
42 #include "base/stl_util.h"
43 #include "base/strings/string_util.h"
44 #include "base/strings/stringprintf.h"
45 #include "base/strings/sys_string_conversions.h"
46 #include "base/strings/utf_string_conversions.h"
47 #include "base/sys_info.h"
48 #include "base/threading/thread_restrictions.h"
49 #include "base/time/time.h"
50
51 #if defined(OS_ANDROID)
52 #include "base/android/content_uri_utils.h"
53 #include "base/os_compat_android.h"
54 #endif
55
56 #if !defined(OS_IOS)
57 #include <grp.h>
58 #endif
59
60 namespace base {
61
62 namespace {
63
64 #if defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL)
CallStat(const char * path,stat_wrapper_t * sb)65 static int CallStat(const char *path, stat_wrapper_t *sb) {
66 ThreadRestrictions::AssertIOAllowed();
67 return stat(path, sb);
68 }
CallLstat(const char * path,stat_wrapper_t * sb)69 static int CallLstat(const char *path, stat_wrapper_t *sb) {
70 ThreadRestrictions::AssertIOAllowed();
71 return lstat(path, sb);
72 }
73 #else // defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL)
74 static int CallStat(const char *path, stat_wrapper_t *sb) {
75 ThreadRestrictions::AssertIOAllowed();
76 return stat64(path, sb);
77 }
78 static int CallLstat(const char *path, stat_wrapper_t *sb) {
79 ThreadRestrictions::AssertIOAllowed();
80 return lstat64(path, sb);
81 }
82 #endif // !(defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL))
83
84 // Helper for NormalizeFilePath(), defined below.
RealPath(const FilePath & path,FilePath * real_path)85 bool RealPath(const FilePath& path, FilePath* real_path) {
86 ThreadRestrictions::AssertIOAllowed(); // For realpath().
87 FilePath::CharType buf[PATH_MAX];
88 if (!realpath(path.value().c_str(), buf))
89 return false;
90
91 *real_path = FilePath(buf);
92 return true;
93 }
94
95 // Helper for VerifyPathControlledByUser.
VerifySpecificPathControlledByUser(const FilePath & path,uid_t owner_uid,const std::set<gid_t> & group_gids)96 bool VerifySpecificPathControlledByUser(const FilePath& path,
97 uid_t owner_uid,
98 const std::set<gid_t>& group_gids) {
99 stat_wrapper_t stat_info;
100 if (CallLstat(path.value().c_str(), &stat_info) != 0) {
101 DPLOG(ERROR) << "Failed to get information on path "
102 << path.value();
103 return false;
104 }
105
106 if (S_ISLNK(stat_info.st_mode)) {
107 DLOG(ERROR) << "Path " << path.value()
108 << " is a symbolic link.";
109 return false;
110 }
111
112 if (stat_info.st_uid != owner_uid) {
113 DLOG(ERROR) << "Path " << path.value()
114 << " is owned by the wrong user.";
115 return false;
116 }
117
118 if ((stat_info.st_mode & S_IWGRP) &&
119 !ContainsKey(group_gids, stat_info.st_gid)) {
120 DLOG(ERROR) << "Path " << path.value()
121 << " is writable by an unprivileged group.";
122 return false;
123 }
124
125 if (stat_info.st_mode & S_IWOTH) {
126 DLOG(ERROR) << "Path " << path.value()
127 << " is writable by any user.";
128 return false;
129 }
130
131 return true;
132 }
133
TempFileName()134 std::string TempFileName() {
135 #if defined(OS_MACOSX)
136 return StringPrintf(".%s.XXXXXX", base::mac::BaseBundleID());
137 #endif
138
139 #if defined(GOOGLE_CHROME_BUILD)
140 return std::string(".com.google.Chrome.XXXXXX");
141 #else
142 return std::string(".org.chromium.Chromium.XXXXXX");
143 #endif
144 }
145
146 // Creates and opens a temporary file in |directory|, returning the
147 // file descriptor. |path| is set to the temporary file path.
148 // This function does NOT unlink() the file.
CreateAndOpenFdForTemporaryFile(FilePath directory,FilePath * path)149 int CreateAndOpenFdForTemporaryFile(FilePath directory, FilePath* path) {
150 ThreadRestrictions::AssertIOAllowed(); // For call to mkstemp().
151 *path = directory.Append(base::TempFileName());
152 const std::string& tmpdir_string = path->value();
153 // this should be OK since mkstemp just replaces characters in place
154 char* buffer = const_cast<char*>(tmpdir_string.c_str());
155
156 return HANDLE_EINTR(mkstemp(buffer));
157 }
158
159 #if defined(OS_LINUX)
160 // Determine if /dev/shm files can be mapped and then mprotect'd PROT_EXEC.
161 // This depends on the mount options used for /dev/shm, which vary among
162 // different Linux distributions and possibly local configuration. It also
163 // depends on details of kernel--ChromeOS uses the noexec option for /dev/shm
164 // but its kernel allows mprotect with PROT_EXEC anyway.
DetermineDevShmExecutable()165 bool DetermineDevShmExecutable() {
166 bool result = false;
167 FilePath path;
168
169 ScopedFD fd(CreateAndOpenFdForTemporaryFile(FilePath("/dev/shm"), &path));
170 if (fd.is_valid()) {
171 DeleteFile(path, false);
172 long sysconf_result = sysconf(_SC_PAGESIZE);
173 CHECK_GE(sysconf_result, 0);
174 size_t pagesize = static_cast<size_t>(sysconf_result);
175 CHECK_GE(sizeof(pagesize), sizeof(sysconf_result));
176 void* mapping = mmap(NULL, pagesize, PROT_READ, MAP_SHARED, fd.get(), 0);
177 if (mapping != MAP_FAILED) {
178 if (mprotect(mapping, pagesize, PROT_READ | PROT_EXEC) == 0)
179 result = true;
180 munmap(mapping, pagesize);
181 }
182 }
183 return result;
184 }
185 #endif // defined(OS_LINUX)
186
187 } // namespace
188
MakeAbsoluteFilePath(const FilePath & input)189 FilePath MakeAbsoluteFilePath(const FilePath& input) {
190 ThreadRestrictions::AssertIOAllowed();
191 char full_path[PATH_MAX];
192 if (realpath(input.value().c_str(), full_path) == NULL)
193 return FilePath();
194 return FilePath(full_path);
195 }
196
197 // TODO(erikkay): The Windows version of this accepts paths like "foo/bar/*"
198 // which works both with and without the recursive flag. I'm not sure we need
199 // that functionality. If not, remove from file_util_win.cc, otherwise add it
200 // here.
DeleteFile(const FilePath & path,bool recursive)201 bool DeleteFile(const FilePath& path, bool recursive) {
202 ThreadRestrictions::AssertIOAllowed();
203 const char* path_str = path.value().c_str();
204 stat_wrapper_t file_info;
205 int test = CallLstat(path_str, &file_info);
206 if (test != 0) {
207 // The Windows version defines this condition as success.
208 bool ret = (errno == ENOENT || errno == ENOTDIR);
209 return ret;
210 }
211 if (!S_ISDIR(file_info.st_mode))
212 return (unlink(path_str) == 0);
213 if (!recursive)
214 return (rmdir(path_str) == 0);
215
216 bool success = true;
217 std::stack<std::string> directories;
218 directories.push(path.value());
219 FileEnumerator traversal(path, true,
220 FileEnumerator::FILES | FileEnumerator::DIRECTORIES |
221 FileEnumerator::SHOW_SYM_LINKS);
222 for (FilePath current = traversal.Next(); success && !current.empty();
223 current = traversal.Next()) {
224 if (traversal.GetInfo().IsDirectory())
225 directories.push(current.value());
226 else
227 success = (unlink(current.value().c_str()) == 0);
228 }
229
230 while (success && !directories.empty()) {
231 FilePath dir = FilePath(directories.top());
232 directories.pop();
233 success = (rmdir(dir.value().c_str()) == 0);
234 }
235 return success;
236 }
237
ReplaceFile(const FilePath & from_path,const FilePath & to_path,File::Error * error)238 bool ReplaceFile(const FilePath& from_path,
239 const FilePath& to_path,
240 File::Error* error) {
241 ThreadRestrictions::AssertIOAllowed();
242 if (rename(from_path.value().c_str(), to_path.value().c_str()) == 0)
243 return true;
244 if (error)
245 *error = File::OSErrorToFileError(errno);
246 return false;
247 }
248
CopyDirectory(const FilePath & from_path,const FilePath & to_path,bool recursive)249 bool CopyDirectory(const FilePath& from_path,
250 const FilePath& to_path,
251 bool recursive) {
252 ThreadRestrictions::AssertIOAllowed();
253 // Some old callers of CopyDirectory want it to support wildcards.
254 // After some discussion, we decided to fix those callers.
255 // Break loudly here if anyone tries to do this.
256 DCHECK(to_path.value().find('*') == std::string::npos);
257 DCHECK(from_path.value().find('*') == std::string::npos);
258
259 if (from_path.value().size() >= PATH_MAX) {
260 return false;
261 }
262
263 // This function does not properly handle destinations within the source
264 FilePath real_to_path = to_path;
265 if (PathExists(real_to_path)) {
266 real_to_path = MakeAbsoluteFilePath(real_to_path);
267 if (real_to_path.empty())
268 return false;
269 } else {
270 real_to_path = MakeAbsoluteFilePath(real_to_path.DirName());
271 if (real_to_path.empty())
272 return false;
273 }
274 FilePath real_from_path = MakeAbsoluteFilePath(from_path);
275 if (real_from_path.empty())
276 return false;
277 if (real_to_path.value().size() >= real_from_path.value().size() &&
278 real_to_path.value().compare(0, real_from_path.value().size(),
279 real_from_path.value()) == 0) {
280 return false;
281 }
282
283 int traverse_type = FileEnumerator::FILES | FileEnumerator::SHOW_SYM_LINKS;
284 if (recursive)
285 traverse_type |= FileEnumerator::DIRECTORIES;
286 FileEnumerator traversal(from_path, recursive, traverse_type);
287
288 // We have to mimic windows behavior here. |to_path| may not exist yet,
289 // start the loop with |to_path|.
290 struct stat from_stat;
291 FilePath current = from_path;
292 if (stat(from_path.value().c_str(), &from_stat) < 0) {
293 DLOG(ERROR) << "CopyDirectory() couldn't stat source directory: "
294 << from_path.value() << " errno = " << errno;
295 return false;
296 }
297 struct stat to_path_stat;
298 FilePath from_path_base = from_path;
299 if (recursive && stat(to_path.value().c_str(), &to_path_stat) == 0 &&
300 S_ISDIR(to_path_stat.st_mode)) {
301 // If the destination already exists and is a directory, then the
302 // top level of source needs to be copied.
303 from_path_base = from_path.DirName();
304 }
305
306 // The Windows version of this function assumes that non-recursive calls
307 // will always have a directory for from_path.
308 // TODO(maruel): This is not necessary anymore.
309 DCHECK(recursive || S_ISDIR(from_stat.st_mode));
310
311 bool success = true;
312 while (success && !current.empty()) {
313 // current is the source path, including from_path, so append
314 // the suffix after from_path to to_path to create the target_path.
315 FilePath target_path(to_path);
316 if (from_path_base != current) {
317 if (!from_path_base.AppendRelativePath(current, &target_path)) {
318 success = false;
319 break;
320 }
321 }
322
323 if (S_ISDIR(from_stat.st_mode)) {
324 if (mkdir(target_path.value().c_str(), from_stat.st_mode & 01777) != 0 &&
325 errno != EEXIST) {
326 DLOG(ERROR) << "CopyDirectory() couldn't create directory: "
327 << target_path.value() << " errno = " << errno;
328 success = false;
329 }
330 } else if (S_ISREG(from_stat.st_mode)) {
331 if (!CopyFile(current, target_path)) {
332 DLOG(ERROR) << "CopyDirectory() couldn't create file: "
333 << target_path.value();
334 success = false;
335 }
336 } else {
337 DLOG(WARNING) << "CopyDirectory() skipping non-regular file: "
338 << current.value();
339 }
340
341 current = traversal.Next();
342 if (!current.empty())
343 from_stat = traversal.GetInfo().stat();
344 }
345
346 return success;
347 }
348
PathExists(const FilePath & path)349 bool PathExists(const FilePath& path) {
350 ThreadRestrictions::AssertIOAllowed();
351 #if defined(OS_ANDROID)
352 if (path.IsContentUri()) {
353 return ContentUriExists(path);
354 }
355 #endif
356 return access(path.value().c_str(), F_OK) == 0;
357 }
358
PathIsWritable(const FilePath & path)359 bool PathIsWritable(const FilePath& path) {
360 ThreadRestrictions::AssertIOAllowed();
361 return access(path.value().c_str(), W_OK) == 0;
362 }
363
DirectoryExists(const FilePath & path)364 bool DirectoryExists(const FilePath& path) {
365 ThreadRestrictions::AssertIOAllowed();
366 stat_wrapper_t file_info;
367 if (CallStat(path.value().c_str(), &file_info) == 0)
368 return S_ISDIR(file_info.st_mode);
369 return false;
370 }
371
ReadFromFD(int fd,char * buffer,size_t bytes)372 bool ReadFromFD(int fd, char* buffer, size_t bytes) {
373 size_t total_read = 0;
374 while (total_read < bytes) {
375 ssize_t bytes_read =
376 HANDLE_EINTR(read(fd, buffer + total_read, bytes - total_read));
377 if (bytes_read <= 0)
378 break;
379 total_read += bytes_read;
380 }
381 return total_read == bytes;
382 }
383
CreateSymbolicLink(const FilePath & target_path,const FilePath & symlink_path)384 bool CreateSymbolicLink(const FilePath& target_path,
385 const FilePath& symlink_path) {
386 DCHECK(!symlink_path.empty());
387 DCHECK(!target_path.empty());
388 return ::symlink(target_path.value().c_str(),
389 symlink_path.value().c_str()) != -1;
390 }
391
ReadSymbolicLink(const FilePath & symlink_path,FilePath * target_path)392 bool ReadSymbolicLink(const FilePath& symlink_path, FilePath* target_path) {
393 DCHECK(!symlink_path.empty());
394 DCHECK(target_path);
395 char buf[PATH_MAX];
396 ssize_t count = ::readlink(symlink_path.value().c_str(), buf, arraysize(buf));
397
398 if (count <= 0) {
399 target_path->clear();
400 return false;
401 }
402
403 *target_path = FilePath(FilePath::StringType(buf, count));
404 return true;
405 }
406
GetPosixFilePermissions(const FilePath & path,int * mode)407 bool GetPosixFilePermissions(const FilePath& path, int* mode) {
408 ThreadRestrictions::AssertIOAllowed();
409 DCHECK(mode);
410
411 stat_wrapper_t file_info;
412 // Uses stat(), because on symbolic link, lstat() does not return valid
413 // permission bits in st_mode
414 if (CallStat(path.value().c_str(), &file_info) != 0)
415 return false;
416
417 *mode = file_info.st_mode & FILE_PERMISSION_MASK;
418 return true;
419 }
420
SetPosixFilePermissions(const FilePath & path,int mode)421 bool SetPosixFilePermissions(const FilePath& path,
422 int mode) {
423 ThreadRestrictions::AssertIOAllowed();
424 DCHECK((mode & ~FILE_PERMISSION_MASK) == 0);
425
426 // Calls stat() so that we can preserve the higher bits like S_ISGID.
427 stat_wrapper_t stat_buf;
428 if (CallStat(path.value().c_str(), &stat_buf) != 0)
429 return false;
430
431 // Clears the existing permission bits, and adds the new ones.
432 mode_t updated_mode_bits = stat_buf.st_mode & ~FILE_PERMISSION_MASK;
433 updated_mode_bits |= mode & FILE_PERMISSION_MASK;
434
435 if (HANDLE_EINTR(chmod(path.value().c_str(), updated_mode_bits)) != 0)
436 return false;
437
438 return true;
439 }
440
441 #if !defined(OS_MACOSX)
442 // This is implemented in file_util_mac.mm for Mac.
GetTempDir(FilePath * path)443 bool GetTempDir(FilePath* path) {
444 const char* tmp = getenv("TMPDIR");
445 if (tmp) {
446 *path = FilePath(tmp);
447 } else {
448 #if defined(OS_ANDROID)
449 return PathService::Get(base::DIR_CACHE, path);
450 #else
451 *path = FilePath("/tmp");
452 #endif
453 }
454 return true;
455 }
456 #endif // !defined(OS_MACOSX)
457
458 #if !defined(OS_MACOSX) // Mac implementation is in file_util_mac.mm.
GetHomeDir()459 FilePath GetHomeDir() {
460 #if defined(OS_CHROMEOS)
461 if (SysInfo::IsRunningOnChromeOS()) {
462 // On Chrome OS chrome::DIR_USER_DATA is overridden with a primary user
463 // homedir once it becomes available. Return / as the safe option.
464 return FilePath("/");
465 }
466 #endif
467
468 const char* home_dir = getenv("HOME");
469 if (home_dir && home_dir[0])
470 return FilePath(home_dir);
471
472 #if defined(OS_ANDROID)
473 DLOG(WARNING) << "OS_ANDROID: Home directory lookup not yet implemented.";
474 #elif defined(USE_GLIB) && !defined(OS_CHROMEOS)
475 // g_get_home_dir calls getpwent, which can fall through to LDAP calls so
476 // this may do I/O. However, it should be rare that $HOME is not defined and
477 // this is typically called from the path service which has no threading
478 // restrictions. The path service will cache the result which limits the
479 // badness of blocking on I/O. As a result, we don't have a thread
480 // restriction here.
481 home_dir = g_get_home_dir();
482 if (home_dir && home_dir[0])
483 return FilePath(home_dir);
484 #endif
485
486 FilePath rv;
487 if (GetTempDir(&rv))
488 return rv;
489
490 // Last resort.
491 return FilePath("/tmp");
492 }
493 #endif // !defined(OS_MACOSX)
494
CreateTemporaryFile(FilePath * path)495 bool CreateTemporaryFile(FilePath* path) {
496 ThreadRestrictions::AssertIOAllowed(); // For call to close().
497 FilePath directory;
498 if (!GetTempDir(&directory))
499 return false;
500 int fd = CreateAndOpenFdForTemporaryFile(directory, path);
501 if (fd < 0)
502 return false;
503 close(fd);
504 return true;
505 }
506
CreateAndOpenTemporaryFileInDir(const FilePath & dir,FilePath * path)507 FILE* CreateAndOpenTemporaryFileInDir(const FilePath& dir, FilePath* path) {
508 int fd = CreateAndOpenFdForTemporaryFile(dir, path);
509 if (fd < 0)
510 return NULL;
511
512 FILE* file = fdopen(fd, "a+");
513 if (!file)
514 close(fd);
515 return file;
516 }
517
CreateTemporaryFileInDir(const FilePath & dir,FilePath * temp_file)518 bool CreateTemporaryFileInDir(const FilePath& dir, FilePath* temp_file) {
519 ThreadRestrictions::AssertIOAllowed(); // For call to close().
520 int fd = CreateAndOpenFdForTemporaryFile(dir, temp_file);
521 return ((fd >= 0) && !IGNORE_EINTR(close(fd)));
522 }
523
CreateTemporaryDirInDirImpl(const FilePath & base_dir,const FilePath::StringType & name_tmpl,FilePath * new_dir)524 static bool CreateTemporaryDirInDirImpl(const FilePath& base_dir,
525 const FilePath::StringType& name_tmpl,
526 FilePath* new_dir) {
527 ThreadRestrictions::AssertIOAllowed(); // For call to mkdtemp().
528 DCHECK(name_tmpl.find("XXXXXX") != FilePath::StringType::npos)
529 << "Directory name template must contain \"XXXXXX\".";
530
531 FilePath sub_dir = base_dir.Append(name_tmpl);
532 std::string sub_dir_string = sub_dir.value();
533
534 // this should be OK since mkdtemp just replaces characters in place
535 char* buffer = const_cast<char*>(sub_dir_string.c_str());
536 char* dtemp = mkdtemp(buffer);
537 if (!dtemp) {
538 DPLOG(ERROR) << "mkdtemp";
539 return false;
540 }
541 *new_dir = FilePath(dtemp);
542 return true;
543 }
544
CreateTemporaryDirInDir(const FilePath & base_dir,const FilePath::StringType & prefix,FilePath * new_dir)545 bool CreateTemporaryDirInDir(const FilePath& base_dir,
546 const FilePath::StringType& prefix,
547 FilePath* new_dir) {
548 FilePath::StringType mkdtemp_template = prefix;
549 mkdtemp_template.append(FILE_PATH_LITERAL("XXXXXX"));
550 return CreateTemporaryDirInDirImpl(base_dir, mkdtemp_template, new_dir);
551 }
552
CreateNewTempDirectory(const FilePath::StringType & prefix,FilePath * new_temp_path)553 bool CreateNewTempDirectory(const FilePath::StringType& prefix,
554 FilePath* new_temp_path) {
555 FilePath tmpdir;
556 if (!GetTempDir(&tmpdir))
557 return false;
558
559 return CreateTemporaryDirInDirImpl(tmpdir, TempFileName(), new_temp_path);
560 }
561
CreateDirectoryAndGetError(const FilePath & full_path,File::Error * error)562 bool CreateDirectoryAndGetError(const FilePath& full_path,
563 File::Error* error) {
564 ThreadRestrictions::AssertIOAllowed(); // For call to mkdir().
565 std::vector<FilePath> subpaths;
566
567 // Collect a list of all parent directories.
568 FilePath last_path = full_path;
569 subpaths.push_back(full_path);
570 for (FilePath path = full_path.DirName();
571 path.value() != last_path.value(); path = path.DirName()) {
572 subpaths.push_back(path);
573 last_path = path;
574 }
575
576 // Iterate through the parents and create the missing ones.
577 for (std::vector<FilePath>::reverse_iterator i = subpaths.rbegin();
578 i != subpaths.rend(); ++i) {
579 if (DirectoryExists(*i))
580 continue;
581 if (mkdir(i->value().c_str(), 0700) == 0)
582 continue;
583 // Mkdir failed, but it might have failed with EEXIST, or some other error
584 // due to the the directory appearing out of thin air. This can occur if
585 // two processes are trying to create the same file system tree at the same
586 // time. Check to see if it exists and make sure it is a directory.
587 int saved_errno = errno;
588 if (!DirectoryExists(*i)) {
589 if (error)
590 *error = File::OSErrorToFileError(saved_errno);
591 return false;
592 }
593 }
594 return true;
595 }
596
NormalizeFilePath(const FilePath & path,FilePath * normalized_path)597 bool NormalizeFilePath(const FilePath& path, FilePath* normalized_path) {
598 FilePath real_path_result;
599 if (!RealPath(path, &real_path_result))
600 return false;
601
602 // To be consistant with windows, fail if |real_path_result| is a
603 // directory.
604 stat_wrapper_t file_info;
605 if (CallStat(real_path_result.value().c_str(), &file_info) != 0 ||
606 S_ISDIR(file_info.st_mode))
607 return false;
608
609 *normalized_path = real_path_result;
610 return true;
611 }
612
613 // TODO(rkc): Refactor GetFileInfo and FileEnumerator to handle symlinks
614 // correctly. http://code.google.com/p/chromium-os/issues/detail?id=15948
IsLink(const FilePath & file_path)615 bool IsLink(const FilePath& file_path) {
616 stat_wrapper_t st;
617 // If we can't lstat the file, it's safe to assume that the file won't at
618 // least be a 'followable' link.
619 if (CallLstat(file_path.value().c_str(), &st) != 0)
620 return false;
621
622 if (S_ISLNK(st.st_mode))
623 return true;
624 else
625 return false;
626 }
627
GetFileInfo(const FilePath & file_path,File::Info * results)628 bool GetFileInfo(const FilePath& file_path, File::Info* results) {
629 stat_wrapper_t file_info;
630 #if defined(OS_ANDROID)
631 if (file_path.IsContentUri()) {
632 File file = OpenContentUriForRead(file_path);
633 if (!file.IsValid())
634 return false;
635 return file.GetInfo(results);
636 } else {
637 #endif // defined(OS_ANDROID)
638 if (CallStat(file_path.value().c_str(), &file_info) != 0)
639 return false;
640 #if defined(OS_ANDROID)
641 }
642 #endif // defined(OS_ANDROID)
643
644 results->FromStat(file_info);
645 return true;
646 }
647
OpenFile(const FilePath & filename,const char * mode)648 FILE* OpenFile(const FilePath& filename, const char* mode) {
649 ThreadRestrictions::AssertIOAllowed();
650 FILE* result = NULL;
651 do {
652 result = fopen(filename.value().c_str(), mode);
653 } while (!result && errno == EINTR);
654 return result;
655 }
656
657 // NaCl doesn't implement system calls to open files directly.
658 #if !defined(OS_NACL)
FileToFILE(File file,const char * mode)659 FILE* FileToFILE(File file, const char* mode) {
660 FILE* stream = fdopen(file.GetPlatformFile(), mode);
661 if (stream)
662 file.TakePlatformFile();
663 return stream;
664 }
665 #endif // !defined(OS_NACL)
666
ReadFile(const FilePath & filename,char * data,int max_size)667 int ReadFile(const FilePath& filename, char* data, int max_size) {
668 ThreadRestrictions::AssertIOAllowed();
669 int fd = HANDLE_EINTR(open(filename.value().c_str(), O_RDONLY));
670 if (fd < 0)
671 return -1;
672
673 ssize_t bytes_read = HANDLE_EINTR(read(fd, data, max_size));
674 if (IGNORE_EINTR(close(fd)) < 0)
675 return -1;
676 return bytes_read;
677 }
678
WriteFile(const FilePath & filename,const char * data,int size)679 int WriteFile(const FilePath& filename, const char* data, int size) {
680 ThreadRestrictions::AssertIOAllowed();
681 int fd = HANDLE_EINTR(creat(filename.value().c_str(), 0640));
682 if (fd < 0)
683 return -1;
684
685 int bytes_written = WriteFileDescriptor(fd, data, size);
686 if (IGNORE_EINTR(close(fd)) < 0)
687 return -1;
688 return bytes_written;
689 }
690
WriteFileDescriptor(const int fd,const char * data,int size)691 int WriteFileDescriptor(const int fd, const char* data, int size) {
692 // Allow for partial writes.
693 ssize_t bytes_written_total = 0;
694 for (ssize_t bytes_written_partial = 0; bytes_written_total < size;
695 bytes_written_total += bytes_written_partial) {
696 bytes_written_partial =
697 HANDLE_EINTR(write(fd, data + bytes_written_total,
698 size - bytes_written_total));
699 if (bytes_written_partial < 0)
700 return -1;
701 }
702
703 return bytes_written_total;
704 }
705
AppendToFile(const FilePath & filename,const char * data,int size)706 int AppendToFile(const FilePath& filename, const char* data, int size) {
707 ThreadRestrictions::AssertIOAllowed();
708 int fd = HANDLE_EINTR(open(filename.value().c_str(), O_WRONLY | O_APPEND));
709 if (fd < 0)
710 return -1;
711
712 int bytes_written = WriteFileDescriptor(fd, data, size);
713 if (IGNORE_EINTR(close(fd)) < 0)
714 return -1;
715 return bytes_written;
716 }
717
718 // Gets the current working directory for the process.
GetCurrentDirectory(FilePath * dir)719 bool GetCurrentDirectory(FilePath* dir) {
720 // getcwd can return ENOENT, which implies it checks against the disk.
721 ThreadRestrictions::AssertIOAllowed();
722
723 char system_buffer[PATH_MAX] = "";
724 if (!getcwd(system_buffer, sizeof(system_buffer))) {
725 NOTREACHED();
726 return false;
727 }
728 *dir = FilePath(system_buffer);
729 return true;
730 }
731
732 // Sets the current working directory for the process.
SetCurrentDirectory(const FilePath & path)733 bool SetCurrentDirectory(const FilePath& path) {
734 ThreadRestrictions::AssertIOAllowed();
735 int ret = chdir(path.value().c_str());
736 return !ret;
737 }
738
VerifyPathControlledByUser(const FilePath & base,const FilePath & path,uid_t owner_uid,const std::set<gid_t> & group_gids)739 bool VerifyPathControlledByUser(const FilePath& base,
740 const FilePath& path,
741 uid_t owner_uid,
742 const std::set<gid_t>& group_gids) {
743 if (base != path && !base.IsParent(path)) {
744 DLOG(ERROR) << "|base| must be a subdirectory of |path|. base = \""
745 << base.value() << "\", path = \"" << path.value() << "\"";
746 return false;
747 }
748
749 std::vector<FilePath::StringType> base_components;
750 std::vector<FilePath::StringType> path_components;
751
752 base.GetComponents(&base_components);
753 path.GetComponents(&path_components);
754
755 std::vector<FilePath::StringType>::const_iterator ib, ip;
756 for (ib = base_components.begin(), ip = path_components.begin();
757 ib != base_components.end(); ++ib, ++ip) {
758 // |base| must be a subpath of |path|, so all components should match.
759 // If these CHECKs fail, look at the test that base is a parent of
760 // path at the top of this function.
761 DCHECK(ip != path_components.end());
762 DCHECK(*ip == *ib);
763 }
764
765 FilePath current_path = base;
766 if (!VerifySpecificPathControlledByUser(current_path, owner_uid, group_gids))
767 return false;
768
769 for (; ip != path_components.end(); ++ip) {
770 current_path = current_path.Append(*ip);
771 if (!VerifySpecificPathControlledByUser(
772 current_path, owner_uid, group_gids))
773 return false;
774 }
775 return true;
776 }
777
778 #if defined(OS_MACOSX) && !defined(OS_IOS)
VerifyPathControlledByAdmin(const FilePath & path)779 bool VerifyPathControlledByAdmin(const FilePath& path) {
780 const unsigned kRootUid = 0;
781 const FilePath kFileSystemRoot("/");
782
783 // The name of the administrator group on mac os.
784 const char* const kAdminGroupNames[] = {
785 "admin",
786 "wheel"
787 };
788
789 // Reading the groups database may touch the file system.
790 ThreadRestrictions::AssertIOAllowed();
791
792 std::set<gid_t> allowed_group_ids;
793 for (int i = 0, ie = arraysize(kAdminGroupNames); i < ie; ++i) {
794 struct group *group_record = getgrnam(kAdminGroupNames[i]);
795 if (!group_record) {
796 DPLOG(ERROR) << "Could not get the group ID of group \""
797 << kAdminGroupNames[i] << "\".";
798 continue;
799 }
800
801 allowed_group_ids.insert(group_record->gr_gid);
802 }
803
804 return VerifyPathControlledByUser(
805 kFileSystemRoot, path, kRootUid, allowed_group_ids);
806 }
807 #endif // defined(OS_MACOSX) && !defined(OS_IOS)
808
GetMaximumPathComponentLength(const FilePath & path)809 int GetMaximumPathComponentLength(const FilePath& path) {
810 ThreadRestrictions::AssertIOAllowed();
811 return pathconf(path.value().c_str(), _PC_NAME_MAX);
812 }
813
814 #if !defined(OS_ANDROID)
815 // This is implemented in file_util_android.cc for that platform.
GetShmemTempDir(bool executable,FilePath * path)816 bool GetShmemTempDir(bool executable, FilePath* path) {
817 #if defined(OS_LINUX)
818 bool use_dev_shm = true;
819 if (executable) {
820 static const bool s_dev_shm_executable = DetermineDevShmExecutable();
821 use_dev_shm = s_dev_shm_executable;
822 }
823 if (use_dev_shm) {
824 *path = FilePath("/dev/shm");
825 return true;
826 }
827 #endif
828 return GetTempDir(path);
829 }
830 #endif // !defined(OS_ANDROID)
831
832 // -----------------------------------------------------------------------------
833
834 namespace internal {
835
MoveUnsafe(const FilePath & from_path,const FilePath & to_path)836 bool MoveUnsafe(const FilePath& from_path, const FilePath& to_path) {
837 ThreadRestrictions::AssertIOAllowed();
838 // Windows compatibility: if to_path exists, from_path and to_path
839 // must be the same type, either both files, or both directories.
840 stat_wrapper_t to_file_info;
841 if (CallStat(to_path.value().c_str(), &to_file_info) == 0) {
842 stat_wrapper_t from_file_info;
843 if (CallStat(from_path.value().c_str(), &from_file_info) == 0) {
844 if (S_ISDIR(to_file_info.st_mode) != S_ISDIR(from_file_info.st_mode))
845 return false;
846 } else {
847 return false;
848 }
849 }
850
851 if (rename(from_path.value().c_str(), to_path.value().c_str()) == 0)
852 return true;
853
854 if (!CopyDirectory(from_path, to_path, true))
855 return false;
856
857 DeleteFile(from_path, true);
858 return true;
859 }
860
861 #if !defined(OS_MACOSX)
862 // Mac has its own implementation, this is for all other Posix systems.
CopyFileUnsafe(const FilePath & from_path,const FilePath & to_path)863 bool CopyFileUnsafe(const FilePath& from_path, const FilePath& to_path) {
864 ThreadRestrictions::AssertIOAllowed();
865 int infile = HANDLE_EINTR(open(from_path.value().c_str(), O_RDONLY));
866 if (infile < 0)
867 return false;
868
869 int outfile = HANDLE_EINTR(creat(to_path.value().c_str(), 0666));
870 if (outfile < 0) {
871 close(infile);
872 return false;
873 }
874
875 const size_t kBufferSize = 32768;
876 std::vector<char> buffer(kBufferSize);
877 bool result = true;
878
879 while (result) {
880 ssize_t bytes_read = HANDLE_EINTR(read(infile, &buffer[0], buffer.size()));
881 if (bytes_read < 0) {
882 result = false;
883 break;
884 }
885 if (bytes_read == 0)
886 break;
887 // Allow for partial writes
888 ssize_t bytes_written_per_read = 0;
889 do {
890 ssize_t bytes_written_partial = HANDLE_EINTR(write(
891 outfile,
892 &buffer[bytes_written_per_read],
893 bytes_read - bytes_written_per_read));
894 if (bytes_written_partial < 0) {
895 result = false;
896 break;
897 }
898 bytes_written_per_read += bytes_written_partial;
899 } while (bytes_written_per_read < bytes_read);
900 }
901
902 if (IGNORE_EINTR(close(infile)) < 0)
903 result = false;
904 if (IGNORE_EINTR(close(outfile)) < 0)
905 result = false;
906
907 return result;
908 }
909 #endif // !defined(OS_MACOSX)
910
911 } // namespace internal
912 } // namespace base
913