| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/extensions/file_handler_util.h" | 5 #include "chrome/browser/chromeos/extensions/file_handler_util.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/file_util.h" | 8 #include "base/file_util.h" |
| 9 #include "base/i18n/case_conversion.h" | 9 #include "base/i18n/case_conversion.h" |
| 10 #include "base/json/json_writer.h" | 10 #include "base/json/json_writer.h" |
| 11 #include "base/string_util.h" | 11 #include "base/string_util.h" |
| 12 #include "base/stringprintf.h" | 12 #include "base/stringprintf.h" |
| 13 #include "base/utf_string_conversions.h" | 13 #include "base/utf_string_conversions.h" |
| 14 #include "chrome/browser/chromeos/gdata/gdata_util.h" |
| 14 #include "chrome/browser/chromeos/extensions/file_manager_util.h" | 15 #include "chrome/browser/chromeos/extensions/file_manager_util.h" |
| 15 #include "chrome/browser/extensions/extension_event_router.h" | 16 #include "chrome/browser/extensions/extension_event_router.h" |
| 16 #include "chrome/browser/extensions/extension_service.h" | 17 #include "chrome/browser/extensions/extension_service.h" |
| 17 #include "chrome/browser/extensions/extension_tab_util.h" | 18 #include "chrome/browser/extensions/extension_tab_util.h" |
| 18 #include "chrome/browser/prefs/scoped_user_pref_update.h" | 19 #include "chrome/browser/prefs/scoped_user_pref_update.h" |
| 19 #include "chrome/browser/profiles/profile.h" | 20 #include "chrome/browser/profiles/profile.h" |
| 20 #include "chrome/browser/ui/browser.h" | 21 #include "chrome/browser/ui/browser.h" |
| 21 #include "chrome/common/extensions/file_browser_handler.h" | 22 #include "chrome/common/extensions/file_browser_handler.h" |
| 22 #include "chrome/common/pref_names.h" | 23 #include "chrome/common/pref_names.h" |
| 23 #include "content/public/browser/browser_thread.h" | 24 #include "content/public/browser/browser_thread.h" |
| (...skipping 20 matching lines...) Expand all Loading... |
| 44 base::PLATFORM_FILE_OPEN_ALWAYS | | 45 base::PLATFORM_FILE_OPEN_ALWAYS | |
| 45 base::PLATFORM_FILE_CREATE_ALWAYS | | 46 base::PLATFORM_FILE_CREATE_ALWAYS | |
| 46 base::PLATFORM_FILE_OPEN_TRUNCATED | | 47 base::PLATFORM_FILE_OPEN_TRUNCATED | |
| 47 base::PLATFORM_FILE_READ | | 48 base::PLATFORM_FILE_READ | |
| 48 base::PLATFORM_FILE_WRITE | | 49 base::PLATFORM_FILE_WRITE | |
| 49 base::PLATFORM_FILE_EXCLUSIVE_READ | | 50 base::PLATFORM_FILE_EXCLUSIVE_READ | |
| 50 base::PLATFORM_FILE_EXCLUSIVE_WRITE | | 51 base::PLATFORM_FILE_EXCLUSIVE_WRITE | |
| 51 base::PLATFORM_FILE_ASYNC | | 52 base::PLATFORM_FILE_ASYNC | |
| 52 base::PLATFORM_FILE_WRITE_ATTRIBUTES; | 53 base::PLATFORM_FILE_WRITE_ATTRIBUTES; |
| 53 | 54 |
| 55 const int kReadOnlyFilePermissions = base::PLATFORM_FILE_OPEN | |
| 56 base::PLATFORM_FILE_READ | |
| 57 base::PLATFORM_FILE_EXCLUSIVE_READ | |
| 58 base::PLATFORM_FILE_ASYNC; |
| 54 | 59 |
| 55 // Returns process id of the process the extension is running in. | 60 // Returns process id of the process the extension is running in. |
| 56 int ExtractProcessFromExtensionId(const std::string& extension_id, | 61 int ExtractProcessFromExtensionId(const std::string& extension_id, |
| 57 Profile* profile) { | 62 Profile* profile) { |
| 58 GURL extension_url = | 63 GURL extension_url = |
| 59 Extension::GetBaseURLFromExtensionId(extension_id); | 64 Extension::GetBaseURLFromExtensionId(extension_id); |
| 60 ExtensionProcessManager* manager = profile->GetExtensionProcessManager(); | 65 ExtensionProcessManager* manager = profile->GetExtensionProcessManager(); |
| 61 | 66 |
| 62 SiteInstance* site_instance = manager->GetSiteInstanceForURL(extension_url); | 67 SiteInstance* site_instance = manager->GetSiteInstanceForURL(extension_url); |
| 63 if (!site_instance || !site_instance->HasProcess()) | 68 if (!site_instance || !site_instance->HasProcess()) |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 161 std::sort(list->begin() + 1, list->end(), SortByTaskName); | 166 std::sort(list->begin() + 1, list->end(), SortByTaskName); |
| 162 } | 167 } |
| 163 } | 168 } |
| 164 | 169 |
| 165 } // namespace | 170 } // namespace |
| 166 | 171 |
| 167 int GetReadWritePermissions() { | 172 int GetReadWritePermissions() { |
| 168 return kReadWriteFilePermissions; | 173 return kReadWriteFilePermissions; |
| 169 } | 174 } |
| 170 | 175 |
| 176 int GetReadOnlyPermissions() { |
| 177 return kReadOnlyFilePermissions; |
| 178 } |
| 179 |
| 171 std::string MakeTaskID(const std::string& extension_id, | 180 std::string MakeTaskID(const std::string& extension_id, |
| 172 const std::string& action_id) { | 181 const std::string& action_id) { |
| 173 return base::StringPrintf("%s|%s", extension_id.c_str(), action_id.c_str()); | 182 return base::StringPrintf("%s|%s", extension_id.c_str(), action_id.c_str()); |
| 174 } | 183 } |
| 175 | 184 |
| 176 // Breaks down task_id that is used between getFileTasks() and executeTask() on | 185 // Breaks down task_id that is used between getFileTasks() and executeTask() on |
| 177 // its building blocks. task_id field the following structure: | 186 // its building blocks. task_id field the following structure: |
| 178 // <extension-id>|<task-action-id> | 187 // <extension-id>|<task-action-id> |
| 179 // Currently, the only supported task-type is of 'context'. | 188 // Currently, the only supported task-type is of 'context'. |
| 180 bool CrackTaskID(const std::string& task_id, | 189 bool CrackTaskID(const std::string& task_id, |
| (...skipping 203 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 384 external_provider->GetFileSystemRootPathOnFileThread( | 393 external_provider->GetFileSystemRootPathOnFileThread( |
| 385 file_origin_url, | 394 file_origin_url, |
| 386 fileapi::kFileSystemTypeExternal, | 395 fileapi::kFileSystemTypeExternal, |
| 387 virtual_path, | 396 virtual_path, |
| 388 false); // create | 397 false); // create |
| 389 FilePath final_file_path = root_path.Append(virtual_path); | 398 FilePath final_file_path = root_path.Append(virtual_path); |
| 390 | 399 |
| 391 // Check if this file system entry exists first. | 400 // Check if this file system entry exists first. |
| 392 base::PlatformFileInfo file_info; | 401 base::PlatformFileInfo file_info; |
| 393 | 402 |
| 394 if (!file_util::PathExists(final_file_path) || | 403 bool is_gdata_file = gdata::util::IsUnderGDataMountPoint(final_file_path); |
| 395 file_util::IsLink(final_file_path) || | |
| 396 !file_util::GetFileInfo(final_file_path, &file_info)) | |
| 397 return false; | |
| 398 | 404 |
| 399 // TODO(zelidrag): Let's just prevent all symlinks for now. We don't want a | 405 // If the file is under gdata mount point, there is no actual file to be |
| 400 // USB drive content to point to something in the rest of the file system. | 406 // found on the final_file_path. |
| 401 // Ideally, we should permit symlinks within the boundary of the same | 407 if (!is_gdata_file) { |
| 402 // virtual mount point. | 408 if (!file_util::PathExists(final_file_path) || |
| 403 if (file_info.is_symbolic_link) | 409 file_util::IsLink(final_file_path) || |
| 404 return false; | 410 !file_util::GetFileInfo(final_file_path, &file_info)) { |
| 411 return false; |
| 412 } |
| 413 } |
| 405 | 414 |
| 406 // TODO(tbarzic): Add explicit R/W + R/O permissions for non-component | 415 // TODO(tbarzic): Add explicit R/W + R/O permissions for non-component |
| 407 // extensions. | 416 // extensions. |
| 408 | 417 |
| 409 // Grant R/O access permission to non-component extension and R/W to | 418 // Grant R/O access permission to non-component extension and R/W to |
| 410 // component extensions. | 419 // component extensions. |
| 411 ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile( | 420 ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile( |
| 412 handler_pid_, | 421 handler_pid_, |
| 413 final_file_path, | 422 final_file_path, |
| 414 GetReadWritePermissions()); | 423 GetReadWritePermissions()); |
| 415 | 424 |
| 425 if (is_gdata_file) { |
| 426 gdata::util::SetPermissionsForGDataCacheFiles(profile_, handler_pid_, |
| 427 final_file_path); |
| 428 } |
| 429 |
| 416 // Grant access to this particular file to target extension. This will | 430 // Grant access to this particular file to target extension. This will |
| 417 // ensure that the target extension can access only this FS entry and | 431 // ensure that the target extension can access only this FS entry and |
| 418 // prevent from traversing FS hierarchy upward. | 432 // prevent from traversing FS hierarchy upward. |
| 419 external_provider->GrantFileAccessToExtension(handler_extension_->id(), | 433 external_provider->GrantFileAccessToExtension(handler_extension_->id(), |
| 420 virtual_path); | 434 virtual_path); |
| 421 | 435 |
| 422 // Output values. | 436 // Output values. |
| 423 GURL target_origin_url(Extension::GetBaseURLFromExtensionId( | 437 GURL target_origin_url(Extension::GetBaseURLFromExtensionId( |
| 424 handler_extension_->id())); | 438 handler_extension_->id())); |
| 425 GURL base_url = fileapi::GetFileSystemRootURI(target_origin_url, | 439 GURL base_url = fileapi::GetFileSystemRootURI(target_origin_url, |
| (...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 560 base::JSONWriter::Write(event_args.get(), &json_args); | 574 base::JSONWriter::Write(event_args.get(), &json_args); |
| 561 event_router->DispatchEventToExtension( | 575 event_router->DispatchEventToExtension( |
| 562 extension_id_, std::string("fileBrowserHandler.onExecute"), | 576 extension_id_, std::string("fileBrowserHandler.onExecute"), |
| 563 json_args, profile_, | 577 json_args, profile_, |
| 564 GURL()); | 578 GURL()); |
| 565 Done(true); | 579 Done(true); |
| 566 } | 580 } |
| 567 | 581 |
| 568 } // namespace file_handler_util | 582 } // namespace file_handler_util |
| 569 | 583 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9808023:
Grant file access permissions for cached file paths to file browsers/handlers. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src