webkit/browser/fileapi/obfuscated_file_util.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef WEBKIT_BROWSER_FILEAPI_OBFUSCATED_FILE_UTIL_H_
   6 #define WEBKIT_BROWSER_FILEAPI_OBFUSCATED_FILE_UTIL_H_
   7
   8 #include <map>
   9 #include <set>
  10 #include <string>
  11 #include <vector>
  12
  13 #include "base/callback_forward.h"
  14 #include "base/files/file.h"
  15 #include "base/files/file_path.h"
  16 #include "base/files/file_util_proxy.h"
  17 #include "base/gtest_prod_util.h"
  18 #include "base/memory/scoped_ptr.h"
  19 #include "webkit/browser/fileapi/file_system_file_util.h"
  20 #include "webkit/browser/fileapi/file_system_url.h"
  21 #include "webkit/browser/fileapi/sandbox_directory_database.h"
  22 #include "webkit/browser/fileapi/sandbox_file_system_backend_delegate.h"
  23 #include "webkit/browser/webkit_storage_browser_export.h"
  24 #include "webkit/common/blob/shareable_file_reference.h"
  25 #include "webkit/common/fileapi/file_system_types.h"
  26
  27 namespace base {
  28 class SequencedTaskRunner;
  29 class TimeTicks;
  30 }
  31
  32 namespace content {
  33 class ObfuscatedFileUtilTest;
  34 class QuotaBackendImplTest;
  35 }
  36
  37 namespace quota {
  38 class SpecialStoragePolicy;
  39 }
  40
  41 class GURL;
  42
  43 namespace fileapi {
  44
  45 class FileSystemOperationContext;
  46 class SandboxOriginDatabaseInterface;
  47 class TimedTaskHelper;
  48
  49 // This file util stores directory information in LevelDB to obfuscate
  50 // and to neutralize virtual file paths given by arbitrary apps.
  51 // Files are stored with two-level isolation: per-origin and per-type.
  52 // The isolation is done by storing data in separate directory partitions.
  53 // For example, a file in Temporary file system for origin 'www.example.com'
  54 // is stored in a different partition for a file in Persistent file system
  55 // for the same origin, or for Temporary file system for another origin.
  56 //
  57 // * Per-origin directory name information is stored in a separate LevelDB,
  58 //   which is maintained by SandboxOriginDatabase.
  59 // * Per-type directory name information is given by
  60 //   GetTypeStringForURLCallback that is given in CTOR.
  61 //   We use a small static mapping (e.g. 't' for Temporary type) for
  62 //   regular sandbox filesystems.
  63 //
  64 // The overall implementation philosophy of this class is that partial failures
  65 // should leave us with an intact database; we'd prefer to leak the occasional
  66 // backing file than have a database entry whose backing file is missing.  When
  67 // doing FSCK operations, if you find a loose backing file with no reference,
  68 // you may safely delete it.
  69 //
  70 // This class must be deleted on the FILE thread, because that's where
  71 // DropDatabases needs to be called.
  72 class WEBKIT_STORAGE_BROWSER_EXPORT_PRIVATE ObfuscatedFileUtil
  73     : public FileSystemFileUtil {
  74  public:
  75   // Origin enumerator interface.
  76   // An instance of this interface is assumed to be called on the file thread.
  77   class AbstractOriginEnumerator {
  78    public:
  79     virtual ~AbstractOriginEnumerator() {}
  80
  81     // Returns the next origin.  Returns empty if there are no more origins.
  82     virtual GURL Next() = 0;
  83
  84     // Returns the current origin's information.
  85     // |type_string| must be ascii string.
  86     virtual bool HasTypeDirectory(const std::string& type_string) const = 0;
  87   };
  88
  89   typedef base::Callback<std::string(const FileSystemURL&)>
  90       GetTypeStringForURLCallback;
  91
  92   // |get_type_string_for_url| is user-defined callback that should return
  93   // a type string for the given FileSystemURL.  The type string is used
  94   // to provide per-type isolation in the sandboxed filesystem directory.
  95   // Note that this method is called on file_task_runner.
  96   //
  97   // |known_type_strings| are known type string names that this file system
  98   // should care about.
  99   // This info is used to determine whether we could delete the entire
 100   // origin directory or not in DeleteDirectoryForOriginAndType. If no directory
 101   // for any known type exists the origin directory may get deleted when
 102   // one origin/type pair is deleted.
 103   //
 104   ObfuscatedFileUtil(
 105       quota::SpecialStoragePolicy* special_storage_policy,
 106       const base::FilePath& file_system_directory,
 107       leveldb::Env* env_override,
 108       base::SequencedTaskRunner* file_task_runner,
 109       const GetTypeStringForURLCallback& get_type_string_for_url,
 110       const std::set<std::string>& known_type_strings,
 111       SandboxFileSystemBackendDelegate* sandbox_delegate);
 112   virtual ~ObfuscatedFileUtil();
 113
 114   // FileSystemFileUtil overrides.
 115   virtual base::File CreateOrOpen(
 116       FileSystemOperationContext* context,
 117       const FileSystemURL& url,
 118       int file_flags) OVERRIDE;
 119   virtual base::File::Error EnsureFileExists(
 120       FileSystemOperationContext* context,
 121       const FileSystemURL& url, bool* created) OVERRIDE;
 122   virtual base::File::Error CreateDirectory(
 123       FileSystemOperationContext* context,
 124       const FileSystemURL& url,
 125       bool exclusive,
 126       bool recursive) OVERRIDE;
 127   virtual base::File::Error GetFileInfo(
 128       FileSystemOperationContext* context,
 129       const FileSystemURL& url,
 130       base::File::Info* file_info,
 131       base::FilePath* platform_file) OVERRIDE;
 132   virtual scoped_ptr<AbstractFileEnumerator> CreateFileEnumerator(
 133       FileSystemOperationContext* context,
 134       const FileSystemURL& root_url) OVERRIDE;
 135   virtual base::File::Error GetLocalFilePath(
 136       FileSystemOperationContext* context,
 137       const FileSystemURL& file_system_url,
 138       base::FilePath* local_path) OVERRIDE;
 139   virtual base::File::Error Touch(
 140       FileSystemOperationContext* context,
 141       const FileSystemURL& url,
 142       const base::Time& last_access_time,
 143       const base::Time& last_modified_time) OVERRIDE;
 144   virtual base::File::Error Truncate(
 145       FileSystemOperationContext* context,
 146       const FileSystemURL& url,
 147       int64 length) OVERRIDE;
 148   virtual base::File::Error CopyOrMoveFile(
 149       FileSystemOperationContext* context,
 150       const FileSystemURL& src_url,
 151       const FileSystemURL& dest_url,
 152       CopyOrMoveOption option,
 153       bool copy) OVERRIDE;
 154   virtual base::File::Error CopyInForeignFile(
 155         FileSystemOperationContext* context,
 156         const base::FilePath& src_file_path,
 157         const FileSystemURL& dest_url) OVERRIDE;
 158   virtual base::File::Error DeleteFile(
 159       FileSystemOperationContext* context,
 160       const FileSystemURL& url) OVERRIDE;
 161   virtual base::File::Error DeleteDirectory(
 162       FileSystemOperationContext* context,
 163       const FileSystemURL& url) OVERRIDE;
 164   virtual webkit_blob::ScopedFile CreateSnapshotFile(
 165       FileSystemOperationContext* context,
 166       const FileSystemURL& url,
 167       base::File::Error* error,
 168       base::File::Info* file_info,
 169       base::FilePath* platform_path) OVERRIDE;
 170
 171   // Same as the other CreateFileEnumerator, but with recursive support.
 172   scoped_ptr<AbstractFileEnumerator> CreateFileEnumerator(
 173       FileSystemOperationContext* context,
 174       const FileSystemURL& root_url,
 175       bool recursive);
 176
 177   // Returns true if the directory |url| is empty.
 178   bool IsDirectoryEmpty(
 179       FileSystemOperationContext* context,
 180       const FileSystemURL& url);
 181
 182   // Gets the topmost directory specific to this origin and type.  This will
 183   // contain both the directory database's files and all the backing file
 184   // subdirectories.
 185   // Returns the topmost origin directory if |type_string| is empty.
 186   // Returns an empty path if the directory is undefined.
 187   // If the directory is defined, it will be returned, even if
 188   // there is a file system error (e.g. the directory doesn't exist on disk and
 189   // |create| is false). Callers should always check |error_code| to make sure
 190   // the returned path is usable.
 191   base::FilePath GetDirectoryForOriginAndType(
 192       const GURL& origin,
 193       const std::string& type_string,
 194       bool create,
 195       base::File::Error* error_code);
 196
 197   // Deletes the topmost directory specific to this origin and type.  This will
 198   // delete its directory database.
 199   // Deletes the topmost origin directory if |type_string| is empty.
 200   bool DeleteDirectoryForOriginAndType(
 201       const GURL& origin,
 202       const std::string& type_string);
 203
 204   // This method and all methods of its returned class must be called only on
 205   // the FILE thread.  The caller is responsible for deleting the returned
 206   // object.
 207   AbstractOriginEnumerator* CreateOriginEnumerator();
 208
 209   // Deletes a directory database from the database list in the ObfuscatedFSFU
 210   // and destroys the database on the disk.
 211   bool DestroyDirectoryDatabase(const GURL& origin,
 212                                 const std::string& type_string);
 213
 214   // Computes a cost for storing a given file in the obfuscated FSFU.
 215   // As the cost of a file is independent of the cost of its parent directories,
 216   // this ignores all but the BaseName of the supplied path.  In order to
 217   // compute the cost of adding a multi-segment directory recursively, call this
 218   // on each path segment and add the results.
 219   static int64 ComputeFilePathCost(const base::FilePath& path);
 220
 221   // Tries to prepopulate directory database for the given type strings.
 222   // This tries from the first one in the given type_strings and stops
 223   // once it succeeds to do so for one database (i.e. it prepopulates
 224   // at most one database).
 225   void MaybePrepopulateDatabase(
 226       const std::vector<std::string>& type_strings_to_prepopulate);
 227
 228  private:
 229   typedef SandboxDirectoryDatabase::FileId FileId;
 230   typedef SandboxDirectoryDatabase::FileInfo FileInfo;
 231
 232   friend class ObfuscatedFileEnumerator;
 233   friend class content::ObfuscatedFileUtilTest;
 234   friend class content::QuotaBackendImplTest;
 235
 236   // Helper method to create an obfuscated file util for regular
 237   // (temporary, persistent) file systems. Used only for testing.
 238   // Note: this is implemented in sandbox_file_system_backend_delegate.cc.
 239   static ObfuscatedFileUtil* CreateForTesting(
 240       quota::SpecialStoragePolicy* special_storage_policy,
 241       const base::FilePath& file_system_directory,
 242       leveldb::Env* env_override,
 243       base::SequencedTaskRunner* file_task_runner);
 244
 245   base::FilePath GetDirectoryForURL(
 246       const FileSystemURL& url,
 247       bool create,
 248       base::File::Error* error_code);
 249
 250   // This just calls get_type_string_for_url_ callback that is given in ctor.
 251   std::string CallGetTypeStringForURL(const FileSystemURL& url);
 252
 253   base::File::Error GetFileInfoInternal(
 254       SandboxDirectoryDatabase* db,
 255       FileSystemOperationContext* context,
 256       const FileSystemURL& url,
 257       FileId file_id,
 258       FileInfo* local_info,
 259       base::File::Info* file_info,
 260       base::FilePath* platform_file_path);
 261
 262   // Creates a new file, both the underlying backing file and the entry in the
 263   // database.  |dest_file_info| is an in-out parameter.  Supply the name and
 264   // parent_id; data_path is ignored.  On success, data_path will
 265   // always be set to the relative path [from the root of the type-specific
 266   // filesystem directory] of a NEW backing file.  Returns the new file.
 267   base::File CreateAndOpenFile(
 268       FileSystemOperationContext* context,
 269       const FileSystemURL& dest_url,
 270       FileInfo* dest_file_info,
 271       int file_flags);
 272
 273   // The same as CreateAndOpenFile except that a file is not returned and if a
 274   // path is provided in |source_path|, it will be used as a source from which
 275   // to COPY data.
 276   base::File::Error CreateFile(
 277       FileSystemOperationContext* context,
 278       const base::FilePath& source_file_path,
 279       const FileSystemURL& dest_url,
 280       FileInfo* dest_file_info);
 281
 282   // Updates |db| and |dest_file_info| at the end of creating a new file.
 283   base::File::Error CommitCreateFile(
 284     const base::FilePath& root,
 285     const base::FilePath& local_path,
 286     SandboxDirectoryDatabase* db,
 287     FileInfo* dest_file_info);
 288
 289   // This converts from a relative path [as is stored in the FileInfo.data_path
 290   // field] to an absolute platform path that can be given to the native
 291   // filesystem.
 292   base::FilePath DataPathToLocalPath(
 293       const FileSystemURL& url,
 294       const base::FilePath& data_file_path);
 295
 296   std::string GetDirectoryDatabaseKey(const GURL& origin,
 297                                       const std::string& type_string);
 298
 299   // This returns NULL if |create| flag is false and a filesystem does not
 300   // exist for the given |url|.
 301   // For read operations |create| should be false.
 302   SandboxDirectoryDatabase* GetDirectoryDatabase(const FileSystemURL& url,
 303                                                  bool create);
 304
 305   // Gets the topmost directory specific to this origin.  This will
 306   // contain both the filesystem type subdirectories.
 307   base::FilePath GetDirectoryForOrigin(const GURL& origin,
 308                                        bool create,
 309                                        base::File::Error* error_code);
 310
 311   void InvalidateUsageCache(FileSystemOperationContext* context,
 312                             const GURL& origin,
 313                             FileSystemType type);
 314
 315   void MarkUsed();
 316   void DropDatabases();
 317
 318   // Initializes the origin database. |origin_hint| may be used as a hint
 319   // for initializing database if it's not empty.
 320   bool InitOriginDatabase(const GURL& origin_hint, bool create);
 321
 322   base::File::Error GenerateNewLocalPath(
 323       SandboxDirectoryDatabase* db,
 324       FileSystemOperationContext* context,
 325       const FileSystemURL& url,
 326       base::FilePath* root,
 327       base::FilePath* local_path);
 328
 329   base::File CreateOrOpenInternal(
 330       FileSystemOperationContext* context,
 331       const FileSystemURL& url,
 332       int file_flags);
 333
 334   bool HasIsolatedStorage(const GURL& origin);
 335
 336   typedef std::map<std::string, SandboxDirectoryDatabase*> DirectoryMap;
 337   DirectoryMap directories_;
 338   scoped_ptr<SandboxOriginDatabaseInterface> origin_database_;
 339   scoped_refptr<quota::SpecialStoragePolicy> special_storage_policy_;
 340   base::FilePath file_system_directory_;
 341   leveldb::Env* env_override_;
 342
 343   // Used to delete database after a certain period of inactivity.
 344   int64 db_flush_delay_seconds_;
 345
 346   scoped_refptr<base::SequencedTaskRunner> file_task_runner_;
 347   scoped_ptr<TimedTaskHelper> timer_;
 348
 349   GetTypeStringForURLCallback get_type_string_for_url_;
 350   std::set<std::string> known_type_strings_;
 351
 352   // Not owned.
 353   SandboxFileSystemBackendDelegate* sandbox_delegate_;
 354
 355   DISALLOW_COPY_AND_ASSIGN(ObfuscatedFileUtil);
 356 };
 357
 358 }  // namespace fileapi
 359
 360 #endif  // WEBKIT_BROWSER_FILEAPI_OBFUSCATED_FILE_UTIL_H_