OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef WEBKIT_FILEAPI_ISOLATED_CONTEXT_H_ | 5 #ifndef WEBKIT_FILEAPI_ISOLATED_CONTEXT_H_ |
6 #define WEBKIT_FILEAPI_ISOLATED_CONTEXT_H_ | 6 #define WEBKIT_FILEAPI_ISOLATED_CONTEXT_H_ |
7 | 7 |
8 #include <map> | 8 #include <map> |
9 #include <set> | 9 #include <set> |
10 #include <string> | 10 #include <string> |
(...skipping 18 matching lines...) Expand all Loading... |
29 // The instance is lazily created per browser process. | 29 // The instance is lazily created per browser process. |
30 static IsolatedContext* GetInstance(); | 30 static IsolatedContext* GetInstance(); |
31 | 31 |
32 // Registers a new file isolated filesystem with the given set of files | 32 // Registers a new file isolated filesystem with the given set of files |
33 // and returns the new filesystem_id. The files are registered with their | 33 // and returns the new filesystem_id. The files are registered with their |
34 // basenames as their keys so that later we can resolve the full paths | 34 // basenames as their keys so that later we can resolve the full paths |
35 // for the given file name in the isolated filesystem. We only expose the | 35 // for the given file name in the isolated filesystem. We only expose the |
36 // key and the ID for the newly created filesystem to the renderer for | 36 // key and the ID for the newly created filesystem to the renderer for |
37 // the sake of security. | 37 // the sake of security. |
38 // | 38 // |
| 39 // Note that all the given paths in |fileset| must be absolute paths. |
| 40 // |
39 // The renderer will be sending filesystem requests with a virtual path like | 41 // The renderer will be sending filesystem requests with a virtual path like |
40 // '/<filesystem_id>/<relative_path_from_the_basename_of_dropped_path>' | 42 // '/<filesystem_id>/<relative_path_from_the_basename_of_dropped_path>' |
41 // for which we could crack in the browser by calling CrackIsolatedPath to | 43 // for which we could crack in the browser by calling CrackIsolatedPath to |
42 // get the full path. | 44 // get the full path. |
43 // | 45 // |
44 // For example: if a dropped file has a path like '/a/b/foo' we register | 46 // For example: if a dropped file has a path like '/a/b/foo' we register |
45 // the path with the key 'foo' in the newly created filesystem. | 47 // the path with the key 'foo' in the newly created filesystem. |
46 // Later if the context is asked to crack a virtual path like '/<fsid>/foo' | 48 // Later if the context is asked to crack a virtual path like '/<fsid>/foo' |
47 // it can properly return the original path '/a/b/foo' by looking up the | 49 // it can properly return the original path '/a/b/foo' by looking up the |
48 // internal mapping. Similarly if a dropped entry is a directory and its | 50 // internal mapping. Similarly if a dropped entry is a directory and its |
49 // path is like '/a/b/dir' a virtual path like '/<fsid>/dir/foo' can be | 51 // path is like '/a/b/dir' a virtual path like '/<fsid>/dir/foo' can be |
50 // cracked into '/a/b/dir/foo'. | 52 // cracked into '/a/b/dir/foo'. |
51 // | |
52 // This may return an empty string (thus invalid as an ID) if the given | |
53 // file set contains non absolute paths. | |
54 std::string RegisterIsolatedFileSystem(const std::set<FilePath>& fileset); | 53 std::string RegisterIsolatedFileSystem(const std::set<FilePath>& fileset); |
55 | 54 |
56 // Revokes filesystem specified by the given filesystem_id. | 55 // Revokes filesystem specified by the given filesystem_id. |
57 void RevokeIsolatedFileSystem(const std::string& filesystem_id); | 56 void RevokeIsolatedFileSystem(const std::string& filesystem_id); |
58 | 57 |
59 // Cracks the given |virtual_path| (which should look like | 58 // Cracks the given |virtual_path| (which should look like |
60 // "/<filesystem_id>/<relative_path>") and populates the |filesystem_id| | 59 // "/<filesystem_id>/<relative_path>") and populates the |filesystem_id| |
61 // and |platform_path| if the embedded <filesystem_id> is registerred | 60 // and |platform_path| if the embedded <filesystem_id> is registerred |
62 // to this context. |root_path| is also populated to have the platform | 61 // to this context. |root_path| is also populated to have the platform |
63 // root (toplevel) path for the |virtual_path| | 62 // root (toplevel) path for the |virtual_path| |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
117 // Detailed filesystem permission may be provided by an external | 116 // Detailed filesystem permission may be provided by an external |
118 // security policy manager, e.g. ChildProcessSecurityPolicy. | 117 // security policy manager, e.g. ChildProcessSecurityPolicy. |
119 std::set<std::string> writable_ids_; | 118 std::set<std::string> writable_ids_; |
120 | 119 |
121 DISALLOW_COPY_AND_ASSIGN(IsolatedContext); | 120 DISALLOW_COPY_AND_ASSIGN(IsolatedContext); |
122 }; | 121 }; |
123 | 122 |
124 } // namespace fileapi | 123 } // namespace fileapi |
125 | 124 |
126 #endif // WEBKIT_FILEAPI_ISOLATED_CONTEXT_H_ | 125 #endif // WEBKIT_FILEAPI_ISOLATED_CONTEXT_H_ |
OLD | NEW |