Enterprise policy: Ignore the deprecated ForceSafeSearch if ForceGoogleSafeSearch...
[chromium-blink-merge.git] / base / files / file_util_posix.cc
blobb4a64ba9eeee8c0aee3d37cbb498eb0420961dbb
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/files/file_util.h"
7 #include <dirent.h>
8 #include <errno.h>
9 #include <fcntl.h>
10 #include <libgen.h>
11 #include <limits.h>
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <string.h>
15 #include <sys/errno.h>
16 #include <sys/mman.h>
17 #include <sys/param.h>
18 #include <sys/stat.h>
19 #include <sys/time.h>
20 #include <sys/types.h>
21 #include <time.h>
22 #include <unistd.h>
24 #if defined(OS_MACOSX)
25 #include <AvailabilityMacros.h>
26 #include "base/mac/foundation_util.h"
27 #elif !defined(OS_CHROMEOS) && defined(USE_GLIB)
28 #include <glib.h> // for g_get_home_dir()
29 #endif
31 #include "base/basictypes.h"
32 #include "base/files/file_enumerator.h"
33 #include "base/files/file_path.h"
34 #include "base/files/scoped_file.h"
35 #include "base/logging.h"
36 #include "base/memory/scoped_ptr.h"
37 #include "base/memory/singleton.h"
38 #include "base/path_service.h"
39 #include "base/posix/eintr_wrapper.h"
40 #include "base/stl_util.h"
41 #include "base/strings/string_util.h"
42 #include "base/strings/stringprintf.h"
43 #include "base/strings/sys_string_conversions.h"
44 #include "base/strings/utf_string_conversions.h"
45 #include "base/sys_info.h"
46 #include "base/threading/thread_restrictions.h"
47 #include "base/time/time.h"
49 #if defined(OS_ANDROID)
50 #include "base/android/content_uri_utils.h"
51 #include "base/os_compat_android.h"
52 #endif
54 #if !defined(OS_IOS)
55 #include <grp.h>
56 #endif
58 namespace base {
60 namespace {
62 #if defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL)
63 static int CallStat(const char *path, stat_wrapper_t *sb) {
64 ThreadRestrictions::AssertIOAllowed();
65 return stat(path, sb);
67 static int CallLstat(const char *path, stat_wrapper_t *sb) {
68 ThreadRestrictions::AssertIOAllowed();
69 return lstat(path, sb);
71 #else // defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL)
72 static int CallStat(const char *path, stat_wrapper_t *sb) {
73 ThreadRestrictions::AssertIOAllowed();
74 return stat64(path, sb);
76 static int CallLstat(const char *path, stat_wrapper_t *sb) {
77 ThreadRestrictions::AssertIOAllowed();
78 return lstat64(path, sb);
80 #endif // !(defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL))
82 #if !defined(OS_NACL_NONSFI)
83 // Helper for NormalizeFilePath(), defined below.
84 bool RealPath(const FilePath& path, FilePath* real_path) {
85 ThreadRestrictions::AssertIOAllowed(); // For realpath().
86 FilePath::CharType buf[PATH_MAX];
87 if (!realpath(path.value().c_str(), buf))
88 return false;
90 *real_path = FilePath(buf);
91 return true;
94 // Helper for VerifyPathControlledByUser.
95 bool VerifySpecificPathControlledByUser(const FilePath& path,
96 uid_t owner_uid,
97 const std::set<gid_t>& group_gids) {
98 stat_wrapper_t stat_info;
99 if (CallLstat(path.value().c_str(), &stat_info) != 0) {
100 DPLOG(ERROR) << "Failed to get information on path "
101 << path.value();
102 return false;
105 if (S_ISLNK(stat_info.st_mode)) {
106 DLOG(ERROR) << "Path " << path.value()
107 << " is a symbolic link.";
108 return false;
111 if (stat_info.st_uid != owner_uid) {
112 DLOG(ERROR) << "Path " << path.value()
113 << " is owned by the wrong user.";
114 return false;
117 if ((stat_info.st_mode & S_IWGRP) &&
118 !ContainsKey(group_gids, stat_info.st_gid)) {
119 DLOG(ERROR) << "Path " << path.value()
120 << " is writable by an unprivileged group.";
121 return false;
124 if (stat_info.st_mode & S_IWOTH) {
125 DLOG(ERROR) << "Path " << path.value()
126 << " is writable by any user.";
127 return false;
130 return true;
133 std::string TempFileName() {
134 #if defined(OS_MACOSX)
135 return StringPrintf(".%s.XXXXXX", base::mac::BaseBundleID());
136 #endif
138 #if defined(GOOGLE_CHROME_BUILD)
139 return std::string(".com.google.Chrome.XXXXXX");
140 #else
141 return std::string(".org.chromium.Chromium.XXXXXX");
142 #endif
145 // Creates and opens a temporary file in |directory|, returning the
146 // file descriptor. |path| is set to the temporary file path.
147 // This function does NOT unlink() the file.
148 int CreateAndOpenFdForTemporaryFile(FilePath directory, FilePath* path) {
149 ThreadRestrictions::AssertIOAllowed(); // For call to mkstemp().
150 *path = directory.Append(base::TempFileName());
151 const std::string& tmpdir_string = path->value();
152 // this should be OK since mkstemp just replaces characters in place
153 char* buffer = const_cast<char*>(tmpdir_string.c_str());
155 return HANDLE_EINTR(mkstemp(buffer));
158 #if defined(OS_LINUX)
159 // Determine if /dev/shm files can be mapped and then mprotect'd PROT_EXEC.
160 // This depends on the mount options used for /dev/shm, which vary among
161 // different Linux distributions and possibly local configuration. It also
162 // depends on details of kernel--ChromeOS uses the noexec option for /dev/shm
163 // but its kernel allows mprotect with PROT_EXEC anyway.
164 bool DetermineDevShmExecutable() {
165 bool result = false;
166 FilePath path;
168 ScopedFD fd(CreateAndOpenFdForTemporaryFile(FilePath("/dev/shm"), &path));
169 if (fd.is_valid()) {
170 DeleteFile(path, false);
171 long sysconf_result = sysconf(_SC_PAGESIZE);
172 CHECK_GE(sysconf_result, 0);
173 size_t pagesize = static_cast<size_t>(sysconf_result);
174 CHECK_GE(sizeof(pagesize), sizeof(sysconf_result));
175 void* mapping = mmap(NULL, pagesize, PROT_READ, MAP_SHARED, fd.get(), 0);
176 if (mapping != MAP_FAILED) {
177 if (mprotect(mapping, pagesize, PROT_READ | PROT_EXEC) == 0)
178 result = true;
179 munmap(mapping, pagesize);
182 return result;
184 #endif // defined(OS_LINUX)
185 #endif // !defined(OS_NACL_NONSFI)
187 } // namespace
189 #if !defined(OS_NACL_NONSFI)
190 FilePath MakeAbsoluteFilePath(const FilePath& input) {
191 ThreadRestrictions::AssertIOAllowed();
192 char full_path[PATH_MAX];
193 if (realpath(input.value().c_str(), full_path) == NULL)
194 return FilePath();
195 return FilePath(full_path);
198 // TODO(erikkay): The Windows version of this accepts paths like "foo/bar/*"
199 // which works both with and without the recursive flag. I'm not sure we need
200 // that functionality. If not, remove from file_util_win.cc, otherwise add it
201 // here.
202 bool DeleteFile(const FilePath& path, bool recursive) {
203 ThreadRestrictions::AssertIOAllowed();
204 const char* path_str = path.value().c_str();
205 stat_wrapper_t file_info;
206 int test = CallLstat(path_str, &file_info);
207 if (test != 0) {
208 // The Windows version defines this condition as success.
209 bool ret = (errno == ENOENT || errno == ENOTDIR);
210 return ret;
212 if (!S_ISDIR(file_info.st_mode))
213 return (unlink(path_str) == 0);
214 if (!recursive)
215 return (rmdir(path_str) == 0);
217 bool success = true;
218 std::stack<std::string> directories;
219 directories.push(path.value());
220 FileEnumerator traversal(path, true,
221 FileEnumerator::FILES | FileEnumerator::DIRECTORIES |
222 FileEnumerator::SHOW_SYM_LINKS);
223 for (FilePath current = traversal.Next(); success && !current.empty();
224 current = traversal.Next()) {
225 if (traversal.GetInfo().IsDirectory())
226 directories.push(current.value());
227 else
228 success = (unlink(current.value().c_str()) == 0);
231 while (success && !directories.empty()) {
232 FilePath dir = FilePath(directories.top());
233 directories.pop();
234 success = (rmdir(dir.value().c_str()) == 0);
236 return success;
239 bool ReplaceFile(const FilePath& from_path,
240 const FilePath& to_path,
241 File::Error* error) {
242 ThreadRestrictions::AssertIOAllowed();
243 if (rename(from_path.value().c_str(), to_path.value().c_str()) == 0)
244 return true;
245 if (error)
246 *error = File::OSErrorToFileError(errno);
247 return false;
250 bool CopyDirectory(const FilePath& from_path,
251 const FilePath& to_path,
252 bool recursive) {
253 ThreadRestrictions::AssertIOAllowed();
254 // Some old callers of CopyDirectory want it to support wildcards.
255 // After some discussion, we decided to fix those callers.
256 // Break loudly here if anyone tries to do this.
257 DCHECK(to_path.value().find('*') == std::string::npos);
258 DCHECK(from_path.value().find('*') == std::string::npos);
260 if (from_path.value().size() >= PATH_MAX) {
261 return false;
264 // This function does not properly handle destinations within the source
265 FilePath real_to_path = to_path;
266 if (PathExists(real_to_path)) {
267 real_to_path = MakeAbsoluteFilePath(real_to_path);
268 if (real_to_path.empty())
269 return false;
270 } else {
271 real_to_path = MakeAbsoluteFilePath(real_to_path.DirName());
272 if (real_to_path.empty())
273 return false;
275 FilePath real_from_path = MakeAbsoluteFilePath(from_path);
276 if (real_from_path.empty())
277 return false;
278 if (real_to_path.value().size() >= real_from_path.value().size() &&
279 real_to_path.value().compare(0, real_from_path.value().size(),
280 real_from_path.value()) == 0) {
281 return false;
284 int traverse_type = FileEnumerator::FILES | FileEnumerator::SHOW_SYM_LINKS;
285 if (recursive)
286 traverse_type |= FileEnumerator::DIRECTORIES;
287 FileEnumerator traversal(from_path, recursive, traverse_type);
289 // We have to mimic windows behavior here. |to_path| may not exist yet,
290 // start the loop with |to_path|.
291 struct stat from_stat;
292 FilePath current = from_path;
293 if (stat(from_path.value().c_str(), &from_stat) < 0) {
294 DLOG(ERROR) << "CopyDirectory() couldn't stat source directory: "
295 << from_path.value() << " errno = " << errno;
296 return false;
298 struct stat to_path_stat;
299 FilePath from_path_base = from_path;
300 if (recursive && stat(to_path.value().c_str(), &to_path_stat) == 0 &&
301 S_ISDIR(to_path_stat.st_mode)) {
302 // If the destination already exists and is a directory, then the
303 // top level of source needs to be copied.
304 from_path_base = from_path.DirName();
307 // The Windows version of this function assumes that non-recursive calls
308 // will always have a directory for from_path.
309 // TODO(maruel): This is not necessary anymore.
310 DCHECK(recursive || S_ISDIR(from_stat.st_mode));
312 bool success = true;
313 while (success && !current.empty()) {
314 // current is the source path, including from_path, so append
315 // the suffix after from_path to to_path to create the target_path.
316 FilePath target_path(to_path);
317 if (from_path_base != current) {
318 if (!from_path_base.AppendRelativePath(current, &target_path)) {
319 success = false;
320 break;
324 if (S_ISDIR(from_stat.st_mode)) {
325 if (mkdir(target_path.value().c_str(),
326 (from_stat.st_mode & 01777) | S_IRUSR | S_IXUSR | S_IWUSR) !=
327 0 &&
328 errno != EEXIST) {
329 DLOG(ERROR) << "CopyDirectory() couldn't create directory: "
330 << target_path.value() << " errno = " << errno;
331 success = false;
333 } else if (S_ISREG(from_stat.st_mode)) {
334 if (!CopyFile(current, target_path)) {
335 DLOG(ERROR) << "CopyDirectory() couldn't create file: "
336 << target_path.value();
337 success = false;
339 } else {
340 DLOG(WARNING) << "CopyDirectory() skipping non-regular file: "
341 << current.value();
344 current = traversal.Next();
345 if (!current.empty())
346 from_stat = traversal.GetInfo().stat();
349 return success;
351 #endif // !defined(OS_NACL_NONSFI)
353 bool PathExists(const FilePath& path) {
354 ThreadRestrictions::AssertIOAllowed();
355 #if defined(OS_ANDROID)
356 if (path.IsContentUri()) {
357 return ContentUriExists(path);
359 #endif
360 return access(path.value().c_str(), F_OK) == 0;
363 #if !defined(OS_NACL_NONSFI)
364 bool PathIsWritable(const FilePath& path) {
365 ThreadRestrictions::AssertIOAllowed();
366 return access(path.value().c_str(), W_OK) == 0;
368 #endif // !defined(OS_NACL_NONSFI)
370 bool DirectoryExists(const FilePath& path) {
371 ThreadRestrictions::AssertIOAllowed();
372 stat_wrapper_t file_info;
373 if (CallStat(path.value().c_str(), &file_info) == 0)
374 return S_ISDIR(file_info.st_mode);
375 return false;
378 bool ReadFromFD(int fd, char* buffer, size_t bytes) {
379 size_t total_read = 0;
380 while (total_read < bytes) {
381 ssize_t bytes_read =
382 HANDLE_EINTR(read(fd, buffer + total_read, bytes - total_read));
383 if (bytes_read <= 0)
384 break;
385 total_read += bytes_read;
387 return total_read == bytes;
390 #if !defined(OS_NACL_NONSFI)
391 bool CreateSymbolicLink(const FilePath& target_path,
392 const FilePath& symlink_path) {
393 DCHECK(!symlink_path.empty());
394 DCHECK(!target_path.empty());
395 return ::symlink(target_path.value().c_str(),
396 symlink_path.value().c_str()) != -1;
399 bool ReadSymbolicLink(const FilePath& symlink_path, FilePath* target_path) {
400 DCHECK(!symlink_path.empty());
401 DCHECK(target_path);
402 char buf[PATH_MAX];
403 ssize_t count = ::readlink(symlink_path.value().c_str(), buf, arraysize(buf));
405 if (count <= 0) {
406 target_path->clear();
407 return false;
410 *target_path = FilePath(FilePath::StringType(buf, count));
411 return true;
414 bool GetPosixFilePermissions(const FilePath& path, int* mode) {
415 ThreadRestrictions::AssertIOAllowed();
416 DCHECK(mode);
418 stat_wrapper_t file_info;
419 // Uses stat(), because on symbolic link, lstat() does not return valid
420 // permission bits in st_mode
421 if (CallStat(path.value().c_str(), &file_info) != 0)
422 return false;
424 *mode = file_info.st_mode & FILE_PERMISSION_MASK;
425 return true;
428 bool SetPosixFilePermissions(const FilePath& path,
429 int mode) {
430 ThreadRestrictions::AssertIOAllowed();
431 DCHECK_EQ(mode & ~FILE_PERMISSION_MASK, 0);
433 // Calls stat() so that we can preserve the higher bits like S_ISGID.
434 stat_wrapper_t stat_buf;
435 if (CallStat(path.value().c_str(), &stat_buf) != 0)
436 return false;
438 // Clears the existing permission bits, and adds the new ones.
439 mode_t updated_mode_bits = stat_buf.st_mode & ~FILE_PERMISSION_MASK;
440 updated_mode_bits |= mode & FILE_PERMISSION_MASK;
442 if (HANDLE_EINTR(chmod(path.value().c_str(), updated_mode_bits)) != 0)
443 return false;
445 return true;
448 #if !defined(OS_MACOSX)
449 // This is implemented in file_util_mac.mm for Mac.
450 bool GetTempDir(FilePath* path) {
451 const char* tmp = getenv("TMPDIR");
452 if (tmp) {
453 *path = FilePath(tmp);
454 } else {
455 #if defined(OS_ANDROID)
456 return PathService::Get(base::DIR_CACHE, path);
457 #else
458 *path = FilePath("/tmp");
459 #endif
461 return true;
463 #endif // !defined(OS_MACOSX)
465 #if !defined(OS_MACOSX) // Mac implementation is in file_util_mac.mm.
466 FilePath GetHomeDir() {
467 #if defined(OS_CHROMEOS)
468 if (SysInfo::IsRunningOnChromeOS()) {
469 // On Chrome OS chrome::DIR_USER_DATA is overridden with a primary user
470 // homedir once it becomes available. Return / as the safe option.
471 return FilePath("/");
473 #endif
475 const char* home_dir = getenv("HOME");
476 if (home_dir && home_dir[0])
477 return FilePath(home_dir);
479 #if defined(OS_ANDROID)
480 DLOG(WARNING) << "OS_ANDROID: Home directory lookup not yet implemented.";
481 #elif defined(USE_GLIB) && !defined(OS_CHROMEOS)
482 // g_get_home_dir calls getpwent, which can fall through to LDAP calls so
483 // this may do I/O. However, it should be rare that $HOME is not defined and
484 // this is typically called from the path service which has no threading
485 // restrictions. The path service will cache the result which limits the
486 // badness of blocking on I/O. As a result, we don't have a thread
487 // restriction here.
488 home_dir = g_get_home_dir();
489 if (home_dir && home_dir[0])
490 return FilePath(home_dir);
491 #endif
493 FilePath rv;
494 if (GetTempDir(&rv))
495 return rv;
497 // Last resort.
498 return FilePath("/tmp");
500 #endif // !defined(OS_MACOSX)
502 bool CreateTemporaryFile(FilePath* path) {
503 ThreadRestrictions::AssertIOAllowed(); // For call to close().
504 FilePath directory;
505 if (!GetTempDir(&directory))
506 return false;
507 int fd = CreateAndOpenFdForTemporaryFile(directory, path);
508 if (fd < 0)
509 return false;
510 close(fd);
511 return true;
514 FILE* CreateAndOpenTemporaryFileInDir(const FilePath& dir, FilePath* path) {
515 int fd = CreateAndOpenFdForTemporaryFile(dir, path);
516 if (fd < 0)
517 return NULL;
519 FILE* file = fdopen(fd, "a+");
520 if (!file)
521 close(fd);
522 return file;
525 bool CreateTemporaryFileInDir(const FilePath& dir, FilePath* temp_file) {
526 ThreadRestrictions::AssertIOAllowed(); // For call to close().
527 int fd = CreateAndOpenFdForTemporaryFile(dir, temp_file);
528 return ((fd >= 0) && !IGNORE_EINTR(close(fd)));
531 static bool CreateTemporaryDirInDirImpl(const FilePath& base_dir,
532 const FilePath::StringType& name_tmpl,
533 FilePath* new_dir) {
534 ThreadRestrictions::AssertIOAllowed(); // For call to mkdtemp().
535 DCHECK(name_tmpl.find("XXXXXX") != FilePath::StringType::npos)
536 << "Directory name template must contain \"XXXXXX\".";
538 FilePath sub_dir = base_dir.Append(name_tmpl);
539 std::string sub_dir_string = sub_dir.value();
541 // this should be OK since mkdtemp just replaces characters in place
542 char* buffer = const_cast<char*>(sub_dir_string.c_str());
543 char* dtemp = mkdtemp(buffer);
544 if (!dtemp) {
545 DPLOG(ERROR) << "mkdtemp";
546 return false;
548 *new_dir = FilePath(dtemp);
549 return true;
552 bool CreateTemporaryDirInDir(const FilePath& base_dir,
553 const FilePath::StringType& prefix,
554 FilePath* new_dir) {
555 FilePath::StringType mkdtemp_template = prefix;
556 mkdtemp_template.append(FILE_PATH_LITERAL("XXXXXX"));
557 return CreateTemporaryDirInDirImpl(base_dir, mkdtemp_template, new_dir);
560 bool CreateNewTempDirectory(const FilePath::StringType& prefix,
561 FilePath* new_temp_path) {
562 FilePath tmpdir;
563 if (!GetTempDir(&tmpdir))
564 return false;
566 return CreateTemporaryDirInDirImpl(tmpdir, TempFileName(), new_temp_path);
569 bool CreateDirectoryAndGetError(const FilePath& full_path,
570 File::Error* error) {
571 ThreadRestrictions::AssertIOAllowed(); // For call to mkdir().
572 std::vector<FilePath> subpaths;
574 // Collect a list of all parent directories.
575 FilePath last_path = full_path;
576 subpaths.push_back(full_path);
577 for (FilePath path = full_path.DirName();
578 path.value() != last_path.value(); path = path.DirName()) {
579 subpaths.push_back(path);
580 last_path = path;
583 // Iterate through the parents and create the missing ones.
584 for (std::vector<FilePath>::reverse_iterator i = subpaths.rbegin();
585 i != subpaths.rend(); ++i) {
586 if (DirectoryExists(*i))
587 continue;
588 if (mkdir(i->value().c_str(), 0700) == 0)
589 continue;
590 // Mkdir failed, but it might have failed with EEXIST, or some other error
591 // due to the the directory appearing out of thin air. This can occur if
592 // two processes are trying to create the same file system tree at the same
593 // time. Check to see if it exists and make sure it is a directory.
594 int saved_errno = errno;
595 if (!DirectoryExists(*i)) {
596 if (error)
597 *error = File::OSErrorToFileError(saved_errno);
598 return false;
601 return true;
604 bool NormalizeFilePath(const FilePath& path, FilePath* normalized_path) {
605 FilePath real_path_result;
606 if (!RealPath(path, &real_path_result))
607 return false;
609 // To be consistant with windows, fail if |real_path_result| is a
610 // directory.
611 stat_wrapper_t file_info;
612 if (CallStat(real_path_result.value().c_str(), &file_info) != 0 ||
613 S_ISDIR(file_info.st_mode))
614 return false;
616 *normalized_path = real_path_result;
617 return true;
620 // TODO(rkc): Refactor GetFileInfo and FileEnumerator to handle symlinks
621 // correctly. http://code.google.com/p/chromium-os/issues/detail?id=15948
622 bool IsLink(const FilePath& file_path) {
623 stat_wrapper_t st;
624 // If we can't lstat the file, it's safe to assume that the file won't at
625 // least be a 'followable' link.
626 if (CallLstat(file_path.value().c_str(), &st) != 0)
627 return false;
629 if (S_ISLNK(st.st_mode))
630 return true;
631 else
632 return false;
635 bool GetFileInfo(const FilePath& file_path, File::Info* results) {
636 stat_wrapper_t file_info;
637 #if defined(OS_ANDROID)
638 if (file_path.IsContentUri()) {
639 File file = OpenContentUriForRead(file_path);
640 if (!file.IsValid())
641 return false;
642 return file.GetInfo(results);
643 } else {
644 #endif // defined(OS_ANDROID)
645 if (CallStat(file_path.value().c_str(), &file_info) != 0)
646 return false;
647 #if defined(OS_ANDROID)
649 #endif // defined(OS_ANDROID)
651 results->FromStat(file_info);
652 return true;
655 FILE* OpenFile(const FilePath& filename, const char* mode) {
656 ThreadRestrictions::AssertIOAllowed();
657 FILE* result = NULL;
658 do {
659 result = fopen(filename.value().c_str(), mode);
660 } while (!result && errno == EINTR);
661 return result;
664 // NaCl doesn't implement system calls to open files directly.
665 #if !defined(OS_NACL)
666 FILE* FileToFILE(File file, const char* mode) {
667 FILE* stream = fdopen(file.GetPlatformFile(), mode);
668 if (stream)
669 file.TakePlatformFile();
670 return stream;
672 #endif // !defined(OS_NACL)
674 int ReadFile(const FilePath& filename, char* data, int max_size) {
675 ThreadRestrictions::AssertIOAllowed();
676 int fd = HANDLE_EINTR(open(filename.value().c_str(), O_RDONLY));
677 if (fd < 0)
678 return -1;
680 ssize_t bytes_read = HANDLE_EINTR(read(fd, data, max_size));
681 if (IGNORE_EINTR(close(fd)) < 0)
682 return -1;
683 return bytes_read;
686 int WriteFile(const FilePath& filename, const char* data, int size) {
687 ThreadRestrictions::AssertIOAllowed();
688 int fd = HANDLE_EINTR(creat(filename.value().c_str(), 0640));
689 if (fd < 0)
690 return -1;
692 int bytes_written = WriteFileDescriptor(fd, data, size) ? size : -1;
693 if (IGNORE_EINTR(close(fd)) < 0)
694 return -1;
695 return bytes_written;
698 bool WriteFileDescriptor(const int fd, const char* data, int size) {
699 // Allow for partial writes.
700 ssize_t bytes_written_total = 0;
701 for (ssize_t bytes_written_partial = 0; bytes_written_total < size;
702 bytes_written_total += bytes_written_partial) {
703 bytes_written_partial =
704 HANDLE_EINTR(write(fd, data + bytes_written_total,
705 size - bytes_written_total));
706 if (bytes_written_partial < 0)
707 return false;
710 return true;
713 bool AppendToFile(const FilePath& filename, const char* data, int size) {
714 ThreadRestrictions::AssertIOAllowed();
715 bool ret = true;
716 int fd = HANDLE_EINTR(open(filename.value().c_str(), O_WRONLY | O_APPEND));
717 if (fd < 0) {
718 VPLOG(1) << "Unable to create file " << filename.value();
719 return false;
722 // This call will either write all of the data or return false.
723 if (!WriteFileDescriptor(fd, data, size)) {
724 VPLOG(1) << "Error while writing to file " << filename.value();
725 ret = false;
728 if (IGNORE_EINTR(close(fd)) < 0) {
729 VPLOG(1) << "Error while closing file " << filename.value();
730 return false;
733 return ret;
736 // Gets the current working directory for the process.
737 bool GetCurrentDirectory(FilePath* dir) {
738 // getcwd can return ENOENT, which implies it checks against the disk.
739 ThreadRestrictions::AssertIOAllowed();
741 char system_buffer[PATH_MAX] = "";
742 if (!getcwd(system_buffer, sizeof(system_buffer))) {
743 NOTREACHED();
744 return false;
746 *dir = FilePath(system_buffer);
747 return true;
750 // Sets the current working directory for the process.
751 bool SetCurrentDirectory(const FilePath& path) {
752 ThreadRestrictions::AssertIOAllowed();
753 int ret = chdir(path.value().c_str());
754 return !ret;
757 bool VerifyPathControlledByUser(const FilePath& base,
758 const FilePath& path,
759 uid_t owner_uid,
760 const std::set<gid_t>& group_gids) {
761 if (base != path && !base.IsParent(path)) {
762 DLOG(ERROR) << "|base| must be a subdirectory of |path|. base = \""
763 << base.value() << "\", path = \"" << path.value() << "\"";
764 return false;
767 std::vector<FilePath::StringType> base_components;
768 std::vector<FilePath::StringType> path_components;
770 base.GetComponents(&base_components);
771 path.GetComponents(&path_components);
773 std::vector<FilePath::StringType>::const_iterator ib, ip;
774 for (ib = base_components.begin(), ip = path_components.begin();
775 ib != base_components.end(); ++ib, ++ip) {
776 // |base| must be a subpath of |path|, so all components should match.
777 // If these CHECKs fail, look at the test that base is a parent of
778 // path at the top of this function.
779 DCHECK(ip != path_components.end());
780 DCHECK(*ip == *ib);
783 FilePath current_path = base;
784 if (!VerifySpecificPathControlledByUser(current_path, owner_uid, group_gids))
785 return false;
787 for (; ip != path_components.end(); ++ip) {
788 current_path = current_path.Append(*ip);
789 if (!VerifySpecificPathControlledByUser(
790 current_path, owner_uid, group_gids))
791 return false;
793 return true;
796 #if defined(OS_MACOSX) && !defined(OS_IOS)
797 bool VerifyPathControlledByAdmin(const FilePath& path) {
798 const unsigned kRootUid = 0;
799 const FilePath kFileSystemRoot("/");
801 // The name of the administrator group on mac os.
802 const char* const kAdminGroupNames[] = {
803 "admin",
804 "wheel"
807 // Reading the groups database may touch the file system.
808 ThreadRestrictions::AssertIOAllowed();
810 std::set<gid_t> allowed_group_ids;
811 for (int i = 0, ie = arraysize(kAdminGroupNames); i < ie; ++i) {
812 struct group *group_record = getgrnam(kAdminGroupNames[i]);
813 if (!group_record) {
814 DPLOG(ERROR) << "Could not get the group ID of group \""
815 << kAdminGroupNames[i] << "\".";
816 continue;
819 allowed_group_ids.insert(group_record->gr_gid);
822 return VerifyPathControlledByUser(
823 kFileSystemRoot, path, kRootUid, allowed_group_ids);
825 #endif // defined(OS_MACOSX) && !defined(OS_IOS)
827 int GetMaximumPathComponentLength(const FilePath& path) {
828 ThreadRestrictions::AssertIOAllowed();
829 return pathconf(path.value().c_str(), _PC_NAME_MAX);
832 #if !defined(OS_ANDROID)
833 // This is implemented in file_util_android.cc for that platform.
834 bool GetShmemTempDir(bool executable, FilePath* path) {
835 #if defined(OS_LINUX)
836 bool use_dev_shm = true;
837 if (executable) {
838 static const bool s_dev_shm_executable = DetermineDevShmExecutable();
839 use_dev_shm = s_dev_shm_executable;
841 if (use_dev_shm) {
842 *path = FilePath("/dev/shm");
843 return true;
845 #endif
846 return GetTempDir(path);
848 #endif // !defined(OS_ANDROID)
850 #if !defined(OS_MACOSX)
851 // Mac has its own implementation, this is for all other Posix systems.
852 bool CopyFile(const FilePath& from_path, const FilePath& to_path) {
853 ThreadRestrictions::AssertIOAllowed();
854 File infile;
855 #if defined(OS_ANDROID)
856 if (from_path.IsContentUri()) {
857 infile = OpenContentUriForRead(from_path);
858 } else {
859 infile = File(from_path, File::FLAG_OPEN | File::FLAG_READ);
861 #else
862 infile = File(from_path, File::FLAG_OPEN | File::FLAG_READ);
863 #endif
864 if (!infile.IsValid())
865 return false;
867 File outfile(to_path, File::FLAG_WRITE | File::FLAG_CREATE_ALWAYS);
868 if (!outfile.IsValid())
869 return false;
871 const size_t kBufferSize = 32768;
872 std::vector<char> buffer(kBufferSize);
873 bool result = true;
875 while (result) {
876 ssize_t bytes_read = infile.ReadAtCurrentPos(&buffer[0], buffer.size());
877 if (bytes_read < 0) {
878 result = false;
879 break;
881 if (bytes_read == 0)
882 break;
883 // Allow for partial writes
884 ssize_t bytes_written_per_read = 0;
885 do {
886 ssize_t bytes_written_partial = outfile.WriteAtCurrentPos(
887 &buffer[bytes_written_per_read], bytes_read - bytes_written_per_read);
888 if (bytes_written_partial < 0) {
889 result = false;
890 break;
892 bytes_written_per_read += bytes_written_partial;
893 } while (bytes_written_per_read < bytes_read);
896 return result;
898 #endif // !defined(OS_MACOSX)
900 // -----------------------------------------------------------------------------
902 namespace internal {
904 bool MoveUnsafe(const FilePath& from_path, const FilePath& to_path) {
905 ThreadRestrictions::AssertIOAllowed();
906 // Windows compatibility: if to_path exists, from_path and to_path
907 // must be the same type, either both files, or both directories.
908 stat_wrapper_t to_file_info;
909 if (CallStat(to_path.value().c_str(), &to_file_info) == 0) {
910 stat_wrapper_t from_file_info;
911 if (CallStat(from_path.value().c_str(), &from_file_info) == 0) {
912 if (S_ISDIR(to_file_info.st_mode) != S_ISDIR(from_file_info.st_mode))
913 return false;
914 } else {
915 return false;
919 if (rename(from_path.value().c_str(), to_path.value().c_str()) == 0)
920 return true;
922 if (!CopyDirectory(from_path, to_path, true))
923 return false;
925 DeleteFile(from_path, true);
926 return true;
929 } // namespace internal
931 #endif // !defined(OS_NACL_NONSFI)
932 } // namespace base