search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert 268405 "Make sure that ScratchBuffer::Allocate() always r..."
[chromium-blink-merge.git] / content / browser / renderer_host / pepper / pepper_file_io_host.cc
blob56b6d922ac3103e71e49e69d62aedbad12aab2a6
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/browser/renderer_host/pepper/pepper_file_io_host.h"
6
7 #include "base/bind.h"
8 #include "base/callback.h"
9 #include "base/callback_helpers.h"
10 #include "base/files/file_util_proxy.h"
11 #include "base/memory/weak_ptr.h"
12 #include "content/browser/renderer_host/pepper/pepper_file_ref_host.h"
13 #include "content/browser/renderer_host/pepper/pepper_file_system_browser_host.h"
14 #include "content/browser/renderer_host/pepper/pepper_security_helper.h"
15 #include "content/common/fileapi/file_system_messages.h"
16 #include "content/common/sandbox_util.h"
17 #include "content/common/view_messages.h"
18 #include "content/public/browser/browser_thread.h"
19 #include "content/public/browser/content_browser_client.h"
20 #include "content/public/browser/render_process_host.h"
21 #include "content/public/browser/storage_partition.h"
22 #include "content/public/common/content_client.h"
23 #include "ppapi/c/pp_errors.h"
24 #include "ppapi/c/ppb_file_io.h"
25 #include "ppapi/host/dispatch_host_message.h"
26 #include "ppapi/host/ppapi_host.h"
27 #include "ppapi/proxy/ppapi_messages.h"
28 #include "ppapi/shared_impl/file_system_util.h"
29 #include "ppapi/shared_impl/file_type_conversion.h"
30 #include "ppapi/shared_impl/time_conversion.h"
31 #include "webkit/browser/fileapi/file_observers.h"
32 #include "webkit/browser/fileapi/file_system_context.h"
33 #include "webkit/browser/fileapi/file_system_operation_runner.h"
34 #include "webkit/browser/fileapi/task_runner_bound_observer_list.h"
35 #include "webkit/common/fileapi/file_system_util.h"
36
37 namespace content {
38
39 using ppapi::FileIOStateManager;
40 using ppapi::PPTimeToTime;
41
42 namespace {
43
44 PepperFileIOHost::UIThreadStuff GetUIThreadStuffForInternalFileSystems(
45 int render_process_id) {
46 PepperFileIOHost::UIThreadStuff stuff;
47 DCHECK_CURRENTLY_ON(BrowserThread::UI);
48 RenderProcessHost* host = RenderProcessHost::FromID(render_process_id);
49 if (host) {
50 stuff.resolved_render_process_id = base::GetProcId(host->GetHandle());
51 StoragePartition* storage_partition = host->GetStoragePartition();
52 if (storage_partition)
53 stuff.file_system_context = storage_partition->GetFileSystemContext();
54 }
55 return stuff;
56 }
57
58 base::ProcessId GetResolvedRenderProcessId(int render_process_id) {
59 DCHECK_CURRENTLY_ON(BrowserThread::UI);
60 RenderProcessHost* host = RenderProcessHost::FromID(render_process_id);
61 if (!host)
62 return base::kNullProcessId;
63 return base::GetProcId(host->GetHandle());
64 }
65
66 bool GetPluginAllowedToCallRequestOSFileHandle(int render_process_id,
67 const GURL& document_url) {
68 DCHECK_CURRENTLY_ON(BrowserThread::UI);
69 ContentBrowserClient* client = GetContentClient()->browser();
70 RenderProcessHost* host = RenderProcessHost::FromID(render_process_id);
71 if (!host)
72 return false;
73 return client->IsPluginAllowedToCallRequestOSFileHandle(
74 host->GetBrowserContext(), document_url);
75 }
76
77 bool FileOpenForWrite(int32_t open_flags) {
78 return (open_flags & (PP_FILEOPENFLAG_WRITE | PP_FILEOPENFLAG_APPEND)) != 0;
79 }
80
81 } // namespace
82
83 PepperFileIOHost::PepperFileIOHost(BrowserPpapiHostImpl* host,
84 PP_Instance instance,
85 PP_Resource resource)
86 : ResourceHost(host->GetPpapiHost(), instance, resource),
87 browser_ppapi_host_(host),
88 render_process_host_(NULL),
89 file_(base::kInvalidPlatformFileValue),
90 open_flags_(0),
91 file_system_type_(PP_FILESYSTEMTYPE_INVALID),
92 max_written_offset_(0),
93 check_quota_(false),
94 weak_factory_(this) {
95 int unused;
96 if (!host->GetRenderFrameIDsForInstance(
97 instance, &render_process_id_, &unused)) {
98 render_process_id_ = -1;
99 }
100 file_message_loop_ =
101 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::FILE);
102 }
103
104 PepperFileIOHost::~PepperFileIOHost() {}
105
106 int32_t PepperFileIOHost::OnResourceMessageReceived(
107 const IPC::Message& msg,
108 ppapi::host::HostMessageContext* context) {
109 IPC_BEGIN_MESSAGE_MAP(PepperFileIOHost, msg)
110 PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_FileIO_Open, OnHostMsgOpen)
111 PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_FileIO_Touch, OnHostMsgTouch)
112 PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_FileIO_SetLength,
113 OnHostMsgSetLength)
114 PPAPI_DISPATCH_HOST_RESOURCE_CALL_0(PpapiHostMsg_FileIO_Flush, OnHostMsgFlush)
115 PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_FileIO_Close, OnHostMsgClose)
116 PPAPI_DISPATCH_HOST_RESOURCE_CALL_0(PpapiHostMsg_FileIO_RequestOSFileHandle,
117 OnHostMsgRequestOSFileHandle)
118 IPC_END_MESSAGE_MAP()
119 return PP_ERROR_FAILED;
120 }
121
122 PepperFileIOHost::UIThreadStuff::UIThreadStuff() {
123 resolved_render_process_id = base::kNullProcessId;
124 }
125
126 PepperFileIOHost::UIThreadStuff::~UIThreadStuff() {}
127
128 int32_t PepperFileIOHost::OnHostMsgOpen(
129 ppapi::host::HostMessageContext* context,
130 PP_Resource file_ref_resource,
131 int32_t open_flags) {
132 int32_t rv = state_manager_.CheckOperationState(
133 FileIOStateManager::OPERATION_EXCLUSIVE, false);
134 if (rv != PP_OK)
135 return rv;
136
137 int platform_file_flags = 0;
138 if (!ppapi::PepperFileOpenFlagsToPlatformFileFlags(open_flags,
139 &platform_file_flags))
140 return PP_ERROR_BADARGUMENT;
141
142 ppapi::host::ResourceHost* resource_host =
143 host()->GetResourceHost(file_ref_resource);
144 if (!resource_host || !resource_host->IsFileRefHost())
145 return PP_ERROR_BADRESOURCE;
146 PepperFileRefHost* file_ref_host =
147 static_cast<PepperFileRefHost*>(resource_host);
148 if (file_ref_host->GetFileSystemType() == PP_FILESYSTEMTYPE_INVALID)
149 return PP_ERROR_FAILED;
150
151 file_system_host_ = file_ref_host->GetFileSystemHost();
152
153 open_flags_ = open_flags;
154 file_system_type_ = file_ref_host->GetFileSystemType();
155 file_system_url_ = file_ref_host->GetFileSystemURL();
156
157 // For external file systems, if there is a valid FileSystemURL, then treat
158 // it like internal file systems and access it via the FileSystemURL.
159 bool is_internal_type = (file_system_type_ != PP_FILESYSTEMTYPE_EXTERNAL) ||
160 file_system_url_.is_valid();
161
162 if (is_internal_type) {
163 if (!file_system_url_.is_valid())
164 return PP_ERROR_BADARGUMENT;
165
166 // Not all external file systems are fully supported yet.
167 // Whitelist the supported ones.
168 if (file_system_url_.mount_type() == fileapi::kFileSystemTypeExternal) {
169 switch (file_system_url_.type()) {
170 case fileapi::kFileSystemTypeNativeMedia:
171 case fileapi::kFileSystemTypeDeviceMedia:
172 case fileapi::kFileSystemTypePicasa:
173 case fileapi::kFileSystemTypeItunes:
174 case fileapi::kFileSystemTypeIphoto:
175 break;
176 default:
177 return PP_ERROR_NOACCESS;
178 }
179 }
180 if (!CanOpenFileSystemURLWithPepperFlags(
181 open_flags, render_process_id_, file_system_url_))
182 return PP_ERROR_NOACCESS;
183 BrowserThread::PostTaskAndReplyWithResult(
184 BrowserThread::UI,
185 FROM_HERE,
186 base::Bind(&GetUIThreadStuffForInternalFileSystems, render_process_id_),
187 base::Bind(&PepperFileIOHost::GotUIThreadStuffForInternalFileSystems,
188 weak_factory_.GetWeakPtr(),
189 context->MakeReplyMessageContext(),
190 platform_file_flags));
191 } else {
192 base::FilePath path = file_ref_host->GetExternalFilePath();
193 if (!CanOpenWithPepperFlags(open_flags, render_process_id_, path))
194 return PP_ERROR_NOACCESS;
195 BrowserThread::PostTaskAndReplyWithResult(
196 BrowserThread::UI,
197 FROM_HERE,
198 base::Bind(&GetResolvedRenderProcessId, render_process_id_),
199 base::Bind(&PepperFileIOHost::GotResolvedRenderProcessId,
200 weak_factory_.GetWeakPtr(),
201 context->MakeReplyMessageContext(),
202 path,
203 platform_file_flags));
204 }
205 state_manager_.SetPendingOperation(FileIOStateManager::OPERATION_EXCLUSIVE);
206 return PP_OK_COMPLETIONPENDING;
207 }
208
209 void PepperFileIOHost::GotUIThreadStuffForInternalFileSystems(
210 ppapi::host::ReplyMessageContext reply_context,
211 int platform_file_flags,
212 UIThreadStuff ui_thread_stuff) {
213 DCHECK_CURRENTLY_ON(BrowserThread::IO);
214 file_system_context_ = ui_thread_stuff.file_system_context;
215 resolved_render_process_id_ = ui_thread_stuff.resolved_render_process_id;
216 if (resolved_render_process_id_ == base::kNullProcessId ||
217 !file_system_context_.get()) {
218 reply_context.params.set_result(PP_ERROR_FAILED);
219 SendOpenErrorReply(reply_context);
220 return;
221 }
222
223 if (!file_system_context_->GetFileSystemBackend(file_system_url_.type())) {
224 reply_context.params.set_result(PP_ERROR_FAILED);
225 SendOpenErrorReply(reply_context);
226 return;
227 }
228
229 DCHECK(file_system_host_.get());
230 DCHECK(file_system_host_->GetFileSystemOperationRunner());
231 file_system_host_->GetFileSystemOperationRunner()->OpenFile(
232 file_system_url_,
233 platform_file_flags,
234 base::Bind(&PepperFileIOHost::DidOpenInternalFile,
235 weak_factory_.GetWeakPtr(),
236 reply_context));
237 }
238
239 void PepperFileIOHost::DidOpenInternalFile(
240 ppapi::host::ReplyMessageContext reply_context,
241 base::File::Error result,
242 base::PlatformFile file,
243 const base::Closure& on_close_callback) {
244 if (result == base::File::FILE_OK) {
245 on_close_callback_ = on_close_callback;
246
247 if (FileOpenForWrite(open_flags_) && file_system_host_->ChecksQuota()) {
248 check_quota_ = true;
249 file_system_host_->OpenQuotaFile(
250 this,
251 file_system_url_,
252 base::Bind(&PepperFileIOHost::DidOpenQuotaFile,
253 weak_factory_.GetWeakPtr(),
254 reply_context,
255 file));
256 return;
257 }
258 }
259
260 ExecutePlatformOpenFileCallback(
261 reply_context, result, base::PassPlatformFile(&file), true);
262 }
263
264 void PepperFileIOHost::GotResolvedRenderProcessId(
265 ppapi::host::ReplyMessageContext reply_context,
266 base::FilePath path,
267 int platform_file_flags,
268 base::ProcessId resolved_render_process_id) {
269 DCHECK_CURRENTLY_ON(BrowserThread::IO);
270 resolved_render_process_id_ = resolved_render_process_id;
271 base::FileUtilProxy::CreateOrOpen(
272 file_message_loop_,
273 path,
274 platform_file_flags,
275 base::Bind(&PepperFileIOHost::ExecutePlatformOpenFileCallback,
276 weak_factory_.GetWeakPtr(),
277 reply_context));
278 }
279
280 int32_t PepperFileIOHost::OnHostMsgTouch(
281 ppapi::host::HostMessageContext* context,
282 PP_Time last_access_time,
283 PP_Time last_modified_time) {
284 int32_t rv = state_manager_.CheckOperationState(
285 FileIOStateManager::OPERATION_EXCLUSIVE, true);
286 if (rv != PP_OK)
287 return rv;
288
289 if (!base::FileUtilProxy::Touch(
290 file_message_loop_,
291 file_,
292 PPTimeToTime(last_access_time),
293 PPTimeToTime(last_modified_time),
294 base::Bind(&PepperFileIOHost::ExecutePlatformGeneralCallback,
295 weak_factory_.GetWeakPtr(),
296 context->MakeReplyMessageContext())))
297 return PP_ERROR_FAILED;
298
299 state_manager_.SetPendingOperation(FileIOStateManager::OPERATION_EXCLUSIVE);
300 return PP_OK_COMPLETIONPENDING;
301 }
302
303 int32_t PepperFileIOHost::OnHostMsgSetLength(
304 ppapi::host::HostMessageContext* context,
305 int64_t length) {
306 int32_t rv = state_manager_.CheckOperationState(
307 FileIOStateManager::OPERATION_EXCLUSIVE, true);
308 if (rv != PP_OK)
309 return rv;
310 if (length < 0)
311 return PP_ERROR_BADARGUMENT;
312
313 // Quota checks are performed on the plugin side, in order to use the same
314 // quota reservation and request system as Write.
315
316 if (!base::FileUtilProxy::Truncate(
317 file_message_loop_,
318 file_,
319 length,
320 base::Bind(&PepperFileIOHost::ExecutePlatformGeneralCallback,
321 weak_factory_.GetWeakPtr(),
322 context->MakeReplyMessageContext())))
323 return PP_ERROR_FAILED;
324
325 state_manager_.SetPendingOperation(FileIOStateManager::OPERATION_EXCLUSIVE);
326 return PP_OK_COMPLETIONPENDING;
327 }
328
329 int32_t PepperFileIOHost::OnHostMsgFlush(
330 ppapi::host::HostMessageContext* context) {
331 int32_t rv = state_manager_.CheckOperationState(
332 FileIOStateManager::OPERATION_EXCLUSIVE, true);
333 if (rv != PP_OK)
334 return rv;
335
336 if (!base::FileUtilProxy::Flush(
337 file_message_loop_,
338 file_,
339 base::Bind(&PepperFileIOHost::ExecutePlatformGeneralCallback,
340 weak_factory_.GetWeakPtr(),
341 context->MakeReplyMessageContext())))
342 return PP_ERROR_FAILED;
343
344 state_manager_.SetPendingOperation(FileIOStateManager::OPERATION_EXCLUSIVE);
345 return PP_OK_COMPLETIONPENDING;
346 }
347
348 int32_t PepperFileIOHost::OnHostMsgClose(
349 ppapi::host::HostMessageContext* context,
350 const ppapi::FileGrowth& file_growth) {
351 if (check_quota_) {
352 file_system_host_->CloseQuotaFile(this, file_growth);
353 check_quota_ = false;
354 }
355
356 if (file_ != base::kInvalidPlatformFileValue) {
357 base::FileUtilProxy::Close(file_message_loop_,
358 file_,
359 base::Bind(&PepperFileIOHost::DidCloseFile,
360 weak_factory_.GetWeakPtr()));
361 file_ = base::kInvalidPlatformFileValue;
362 }
363 return PP_OK;
364 }
365
366 void PepperFileIOHost::DidOpenQuotaFile(
367 ppapi::host::ReplyMessageContext reply_context,
368 base::PlatformFile file,
369 int64_t max_written_offset) {
370 max_written_offset_ = max_written_offset;
371
372 ExecutePlatformOpenFileCallback(
373 reply_context, base::File::FILE_OK, base::PassPlatformFile(&file), true);
374 }
375
376 void PepperFileIOHost::DidCloseFile(base::File::Error /*error*/) {
377 // Silently ignore if we fail to close the file.
378 if (!on_close_callback_.is_null()) {
379 on_close_callback_.Run();
380 on_close_callback_.Reset();
381 }
382 }
383
384 int32_t PepperFileIOHost::OnHostMsgRequestOSFileHandle(
385 ppapi::host::HostMessageContext* context) {
386 if (open_flags_ != PP_FILEOPENFLAG_READ && file_system_host_->ChecksQuota())
387 return PP_ERROR_FAILED;
388
389 GURL document_url =
390 browser_ppapi_host_->GetDocumentURLForInstance(pp_instance());
391 BrowserThread::PostTaskAndReplyWithResult(
392 BrowserThread::UI,
393 FROM_HERE,
394 base::Bind(&GetPluginAllowedToCallRequestOSFileHandle,
395 render_process_id_,
396 document_url),
397 base::Bind(&PepperFileIOHost::GotPluginAllowedToCallRequestOSFileHandle,
398 weak_factory_.GetWeakPtr(),
399 context->MakeReplyMessageContext()));
400 return PP_OK_COMPLETIONPENDING;
401 }
402
403 void PepperFileIOHost::GotPluginAllowedToCallRequestOSFileHandle(
404 ppapi::host::ReplyMessageContext reply_context,
405 bool plugin_allowed) {
406 DCHECK_CURRENTLY_ON(BrowserThread::IO);
407 if (!browser_ppapi_host_->external_plugin() ||
408 host()->permissions().HasPermission(ppapi::PERMISSION_PRIVATE) ||
409 plugin_allowed) {
410 if (!AddFileToReplyContext(open_flags_, &reply_context))
411 reply_context.params.set_result(PP_ERROR_FAILED);
412 } else {
413 reply_context.params.set_result(PP_ERROR_NOACCESS);
414 }
415 host()->SendReply(reply_context,
416 PpapiPluginMsg_FileIO_RequestOSFileHandleReply());
417 }
418
419 void PepperFileIOHost::ExecutePlatformGeneralCallback(
420 ppapi::host::ReplyMessageContext reply_context,
421 base::File::Error error_code) {
422 reply_context.params.set_result(ppapi::FileErrorToPepperError(error_code));
423 host()->SendReply(reply_context, PpapiPluginMsg_FileIO_GeneralReply());
424 state_manager_.SetOperationFinished();
425 }
426
427 void PepperFileIOHost::ExecutePlatformOpenFileCallback(
428 ppapi::host::ReplyMessageContext reply_context,
429 base::File::Error error_code,
430 base::PassPlatformFile file,
431 bool unused_created) {
432 int32_t pp_error = ppapi::FileErrorToPepperError(error_code);
433 DCHECK(file_ == base::kInvalidPlatformFileValue);
434 file_ = file.ReleaseValue();
435
436 if (file_ != base::kInvalidPlatformFileValue &&
437 !AddFileToReplyContext(open_flags_, &reply_context))
438 pp_error = PP_ERROR_FAILED;
439
440 PP_Resource quota_file_system = 0;
441 if (pp_error == PP_OK) {
442 state_manager_.SetOpenSucceed();
443 // A non-zero resource id signals the plugin side to check quota.
444 if (check_quota_)
445 quota_file_system = file_system_host_->pp_resource();
446 }
447
448 reply_context.params.set_result(pp_error);
449 host()->SendReply(
450 reply_context,
451 PpapiPluginMsg_FileIO_OpenReply(quota_file_system, max_written_offset_));
452 state_manager_.SetOperationFinished();
453 }
454
455 void PepperFileIOHost::SendOpenErrorReply(
456 ppapi::host::ReplyMessageContext reply_context) {
457 host()->SendReply(reply_context, PpapiPluginMsg_FileIO_OpenReply(0, 0));
458 }
459
460 bool PepperFileIOHost::AddFileToReplyContext(
461 int32_t open_flags,
462 ppapi::host::ReplyMessageContext* reply_context) const {
463 base::ProcessId plugin_process_id =
464 base::GetProcId(browser_ppapi_host_->GetPluginProcessHandle());
465 if (plugin_process_id == base::kNullProcessId)
466 plugin_process_id = resolved_render_process_id_;
467
468 IPC::PlatformFileForTransit transit_file =
469 BrokerGetFileHandleForProcess(file_, plugin_process_id, false);
470 if (transit_file == IPC::InvalidPlatformFileForTransit())
471 return false;
472
473 ppapi::proxy::SerializedHandle file_handle;
474 // A non-zero resource id signals NaClIPCAdapter to create a NaClQuotaDesc.
475 PP_Resource quota_file_io = check_quota_ ? pp_resource() : 0;
476 file_handle.set_file_handle(transit_file, open_flags, quota_file_io);
477 reply_context->params.AppendHandle(file_handle);
478 return true;
479 }
480
481 } // namespace content