| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/extensions/file_handler_util.h" | 5 #include "chrome/browser/chromeos/extensions/file_handler_util.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/file_util.h" | 8 #include "base/file_util.h" |
| 9 #include "base/i18n/case_conversion.h" | 9 #include "base/i18n/case_conversion.h" |
| 10 #include "base/json/json_writer.h" | 10 #include "base/json/json_writer.h" |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 97 break; | 97 break; |
| 98 } | 98 } |
| 99 } | 99 } |
| 100 } | 100 } |
| 101 | 101 |
| 102 return matching_patterns; | 102 return matching_patterns; |
| 103 } | 103 } |
| 104 | 104 |
| 105 typedef std::set<const FileBrowserHandler*> ActionSet; | 105 typedef std::set<const FileBrowserHandler*> ActionSet; |
| 106 | 106 |
| 107 const FileBrowserHandler* FindFileBrowserHandler(const Extension* extension, |
| 108 const std::string& action_id) { |
| 109 for (Extension::FileBrowserHandlerList::const_iterator action_iter = |
| 110 extension->file_browser_handlers()->begin(); |
| 111 action_iter != extension->file_browser_handlers()->end(); |
| 112 ++action_iter) { |
| 113 if (action_iter->get()->id() == action_id) |
| 114 return action_iter->get(); |
| 115 } |
| 116 return NULL; |
| 117 } |
| 118 |
| 119 unsigned int GetAccessPermissionsForHandler(const Extension* extension, |
| 120 const std::string& action_id) { |
| 121 const FileBrowserHandler* action = |
| 122 FindFileBrowserHandler(extension, action_id); |
| 123 if (!action) |
| 124 return 0; |
| 125 unsigned int result = 0; |
| 126 if (action->CanRead()) |
| 127 result |= kReadOnlyFilePermissions; |
| 128 if (action->CanWrite()) |
| 129 result |= kReadWriteFilePermissions; |
| 130 // TODO(tbarzic): We don't handle Create yet. |
| 131 return result; |
| 132 } |
| 133 |
| 134 |
| 107 std::string EscapedUtf8ToLower(const std::string& str) { | 135 std::string EscapedUtf8ToLower(const std::string& str) { |
| 108 string16 utf16 = UTF8ToUTF16( | 136 string16 utf16 = UTF8ToUTF16( |
| 109 net::UnescapeURLComponent(str, net::UnescapeRule::NORMAL)); | 137 net::UnescapeURLComponent(str, net::UnescapeRule::NORMAL)); |
| 110 return net::EscapeUrlEncodedData( | 138 return net::EscapeUrlEncodedData( |
| 111 UTF16ToUTF8(base::i18n::ToLower(utf16)), | 139 UTF16ToUTF8(base::i18n::ToLower(utf16)), |
| 112 false /* do not replace space with plus */); | 140 false /* do not replace space with plus */); |
| 113 } | 141 } |
| 114 | 142 |
| 115 bool GetFileBrowserHandlers(Profile* profile, | 143 bool GetFileBrowserHandlers(Profile* profile, |
| 116 const GURL& selected_file_url, | 144 const GURL& selected_file_url, |
| (...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 278 } | 306 } |
| 279 | 307 |
| 280 class FileTaskExecutor::ExecuteTasksFileSystemCallbackDispatcher { | 308 class FileTaskExecutor::ExecuteTasksFileSystemCallbackDispatcher { |
| 281 public: | 309 public: |
| 282 static fileapi::FileSystemContext::OpenFileSystemCallback CreateCallback( | 310 static fileapi::FileSystemContext::OpenFileSystemCallback CreateCallback( |
| 283 FileTaskExecutor* executor, | 311 FileTaskExecutor* executor, |
| 284 Profile* profile, | 312 Profile* profile, |
| 285 const GURL& source_url, | 313 const GURL& source_url, |
| 286 scoped_refptr<const Extension> handler_extension, | 314 scoped_refptr<const Extension> handler_extension, |
| 287 int handler_pid, | 315 int handler_pid, |
| 316 const std::string& action_id, |
| 288 const std::vector<GURL>& file_urls) { | 317 const std::vector<GURL>& file_urls) { |
| 289 return base::Bind( | 318 return base::Bind( |
| 290 &ExecuteTasksFileSystemCallbackDispatcher::DidOpenFileSystem, | 319 &ExecuteTasksFileSystemCallbackDispatcher::DidOpenFileSystem, |
| 291 base::Owned(new ExecuteTasksFileSystemCallbackDispatcher( | 320 base::Owned(new ExecuteTasksFileSystemCallbackDispatcher( |
| 292 executor, profile, source_url, handler_extension, | 321 executor, profile, source_url, handler_extension, |
| 293 handler_pid, file_urls))); | 322 handler_pid, action_id, file_urls))); |
| 294 } | 323 } |
| 295 | 324 |
| 296 void DidOpenFileSystem(base::PlatformFileError result, | 325 void DidOpenFileSystem(base::PlatformFileError result, |
| 297 const std::string& file_system_name, | 326 const std::string& file_system_name, |
| 298 const GURL& file_system_root) { | 327 const GURL& file_system_root) { |
| 299 if (result != base::PLATFORM_FILE_OK) { | 328 if (result != base::PLATFORM_FILE_OK) { |
| 300 DidFail(result); | 329 DidFail(result); |
| 301 return; | 330 return; |
| 302 } | 331 } |
| 303 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); | 332 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 340 executor_)); | 369 executor_)); |
| 341 } | 370 } |
| 342 | 371 |
| 343 private: | 372 private: |
| 344 ExecuteTasksFileSystemCallbackDispatcher( | 373 ExecuteTasksFileSystemCallbackDispatcher( |
| 345 FileTaskExecutor* executor, | 374 FileTaskExecutor* executor, |
| 346 Profile* profile, | 375 Profile* profile, |
| 347 const GURL& source_url, | 376 const GURL& source_url, |
| 348 const scoped_refptr<const Extension>& handler_extension, | 377 const scoped_refptr<const Extension>& handler_extension, |
| 349 int handler_pid, | 378 int handler_pid, |
| 379 const std::string& action_id, |
| 350 const std::vector<GURL>& file_urls) | 380 const std::vector<GURL>& file_urls) |
| 351 : executor_(executor), | 381 : executor_(executor), |
| 352 profile_(profile), | 382 profile_(profile), |
| 353 source_url_(source_url), | 383 source_url_(source_url), |
| 354 handler_extension_(handler_extension), | 384 handler_extension_(handler_extension), |
| 355 handler_pid_(handler_pid), | 385 handler_pid_(handler_pid), |
| 386 action_id_(action_id), |
| 356 origin_file_urls_(file_urls) { | 387 origin_file_urls_(file_urls) { |
| 357 DCHECK(executor_); | 388 DCHECK(executor_); |
| 358 } | 389 } |
| 359 | 390 |
| 360 // Checks legitimacy of file url and grants file RO access permissions from | 391 // Checks legitimacy of file url and grants file RO access permissions from |
| 361 // handler (target) extension and its renderer process. | 392 // handler (target) extension and its renderer process. |
| 362 bool SetupFileAccessPermissions(const GURL& origin_file_url, | 393 bool SetupFileAccessPermissions(const GURL& origin_file_url, |
| 363 FileDefinition* file) { | 394 FileDefinition* file) { |
| 364 if (!handler_extension_.get()) | 395 if (!handler_extension_.get()) |
| 365 return false; | 396 return false; |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 411 // If the file is under gdata mount point, there is no actual file to be | 442 // If the file is under gdata mount point, there is no actual file to be |
| 412 // found on the final_file_path. | 443 // found on the final_file_path. |
| 413 if (!is_gdata_file) { | 444 if (!is_gdata_file) { |
| 414 if (!file_util::PathExists(final_file_path) || | 445 if (!file_util::PathExists(final_file_path) || |
| 415 file_util::IsLink(final_file_path) || | 446 file_util::IsLink(final_file_path) || |
| 416 !file_util::GetFileInfo(final_file_path, &file_info)) { | 447 !file_util::GetFileInfo(final_file_path, &file_info)) { |
| 417 return false; | 448 return false; |
| 418 } | 449 } |
| 419 } | 450 } |
| 420 | 451 |
| 421 // TODO(tbarzic): Add explicit R/W + R/O permissions for non-component | |
| 422 // extensions. | |
| 423 | |
| 424 // Grant R/O access permission to non-component extension and R/W to | |
| 425 // component extensions. | |
| 426 ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile( | 452 ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile( |
| 427 handler_pid_, | 453 handler_pid_, |
| 428 final_file_path, | 454 final_file_path, |
| 429 GetReadWritePermissions()); | 455 GetAccessPermissionsForHandler(handler_extension_.get(), action_id_)); |
| 430 | 456 |
| 431 // Grant access to this particular file to target extension. This will | 457 // Grant access to this particular file to target extension. This will |
| 432 // ensure that the target extension can access only this FS entry and | 458 // ensure that the target extension can access only this FS entry and |
| 433 // prevent from traversing FS hierarchy upward. | 459 // prevent from traversing FS hierarchy upward. |
| 434 external_provider->GrantFileAccessToExtension(handler_extension_->id(), | 460 external_provider->GrantFileAccessToExtension(handler_extension_->id(), |
| 435 virtual_path); | 461 virtual_path); |
| 436 | 462 |
| 437 // Output values. | 463 // Output values. |
| 438 GURL target_origin_url(Extension::GetBaseURLFromExtensionId( | 464 GURL target_origin_url(Extension::GetBaseURLFromExtensionId( |
| 439 handler_extension_->id())); | 465 handler_extension_->id())); |
| 440 GURL base_url = fileapi::GetFileSystemRootURI(target_origin_url, | 466 GURL base_url = fileapi::GetFileSystemRootURI(target_origin_url, |
| 441 fileapi::kFileSystemTypeExternal); | 467 fileapi::kFileSystemTypeExternal); |
| 442 file->target_file_url = GURL(base_url.spec() + virtual_path.value()); | 468 file->target_file_url = GURL(base_url.spec() + virtual_path.value()); |
| 443 FilePath root(FILE_PATH_LITERAL("/")); | 469 FilePath root(FILE_PATH_LITERAL("/")); |
| 444 file->virtual_path = root.Append(virtual_path); | 470 file->virtual_path = root.Append(virtual_path); |
| 445 file->is_directory = file_info.is_directory; | 471 file->is_directory = file_info.is_directory; |
| 446 file->absolute_path = final_file_path; | 472 file->absolute_path = final_file_path; |
| 447 return true; | 473 return true; |
| 448 } | 474 } |
| 449 | 475 |
| 450 FileTaskExecutor* executor_; | 476 FileTaskExecutor* executor_; |
| 451 Profile* profile_; | 477 Profile* profile_; |
| 452 // Extension source URL. | 478 // Extension source URL. |
| 453 GURL source_url_; | 479 GURL source_url_; |
| 454 scoped_refptr<const Extension> handler_extension_; | 480 scoped_refptr<const Extension> handler_extension_; |
| 455 int handler_pid_; | 481 int handler_pid_; |
| 482 std::string action_id_; |
| 456 std::vector<GURL> origin_file_urls_; | 483 std::vector<GURL> origin_file_urls_; |
| 457 DISALLOW_COPY_AND_ASSIGN(ExecuteTasksFileSystemCallbackDispatcher); | 484 DISALLOW_COPY_AND_ASSIGN(ExecuteTasksFileSystemCallbackDispatcher); |
| 458 }; | 485 }; |
| 459 | 486 |
| 460 FileTaskExecutor::FileTaskExecutor(Profile* profile, | 487 FileTaskExecutor::FileTaskExecutor(Profile* profile, |
| 461 const GURL source_url, | 488 const GURL source_url, |
| 462 const std::string& extension_id, | 489 const std::string& extension_id, |
| 463 const std::string& action_id) | 490 const std::string& action_id) |
| 464 : profile_(profile), | 491 : profile_(profile), |
| 465 source_url_(source_url), | 492 source_url_(source_url), |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 505 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); | 532 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); |
| 506 GURL origin_url = handler_base_url.GetOrigin(); | 533 GURL origin_url = handler_base_url.GetOrigin(); |
| 507 BrowserContext::GetFileSystemContext(profile_)->OpenFileSystem( | 534 BrowserContext::GetFileSystemContext(profile_)->OpenFileSystem( |
| 508 origin_url, fileapi::kFileSystemTypeExternal, false, // create | 535 origin_url, fileapi::kFileSystemTypeExternal, false, // create |
| 509 ExecuteTasksFileSystemCallbackDispatcher::CreateCallback( | 536 ExecuteTasksFileSystemCallbackDispatcher::CreateCallback( |
| 510 this, | 537 this, |
| 511 profile_, | 538 profile_, |
| 512 source_url_, | 539 source_url_, |
| 513 handler, | 540 handler, |
| 514 handler_pid, | 541 handler_pid, |
| 542 action_id_, |
| 515 file_urls)); | 543 file_urls)); |
| 516 } | 544 } |
| 517 | 545 |
| 518 void FileTaskExecutor::ExecuteFailedOnUIThread() { | 546 void FileTaskExecutor::ExecuteFailedOnUIThread() { |
| 519 Done(false); | 547 Done(false); |
| 520 } | 548 } |
| 521 | 549 |
| 522 void FileTaskExecutor::SetupFileAccessPermissionsForGDataCache( | 550 void FileTaskExecutor::SetupFileAccessPermissionsForGDataCache( |
| 523 const FileDefinitionList& file_list, | 551 const FileDefinitionList& file_list, |
| 524 int handler_pid) { | 552 int handler_pid) { |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 593 base::JSONWriter::Write(event_args.get(), &json_args); | 621 base::JSONWriter::Write(event_args.get(), &json_args); |
| 594 event_router->DispatchEventToExtension( | 622 event_router->DispatchEventToExtension( |
| 595 extension_id_, std::string("fileBrowserHandler.onExecute"), | 623 extension_id_, std::string("fileBrowserHandler.onExecute"), |
| 596 json_args, profile_, | 624 json_args, profile_, |
| 597 GURL()); | 625 GURL()); |
| 598 Done(true); | 626 Done(true); |
| 599 } | 627 } |
| 600 | 628 |
| 601 } // namespace file_handler_util | 629 } // namespace file_handler_util |
| 602 | 630 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9741002:
Adding file access permissions to fileBrowserHandler manifest. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src