Grant file access permissions for cached file paths to file browsers/handlers.

chrome/browser/chromeos/extensions/file_handler_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/extensions/file_handler_util.h"
 
 #include "base/bind.h"
 #include "base/file_util.h"
 #include "base/i18n/case_conversion.h"
 #include "base/json/json_writer.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
 #include "base/utf_string_conversions.h"
+#include "chrome/browser/chromeos/gdata/gdata_file_system.h"
+#include "chrome/browser/chromeos/gdata/gdata_util.h"
 #include "chrome/browser/chromeos/extensions/file_manager_util.h"
 #include "chrome/browser/extensions/extension_event_router.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/extension_tab_util.h"
 #include "chrome/browser/prefs/scoped_user_pref_update.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/common/extensions/file_browser_handler.h"
 #include "chrome/common/pref_names.h"
 #include "content/public/browser/browser_thread.h"
@@ skipping 20 matching lines @@
                                       base::PLATFORM_FILE_OPEN_ALWAYS |
                                       base::PLATFORM_FILE_CREATE_ALWAYS |
                                       base::PLATFORM_FILE_OPEN_TRUNCATED |
                                       base::PLATFORM_FILE_READ |
                                       base::PLATFORM_FILE_WRITE |
                                       base::PLATFORM_FILE_EXCLUSIVE_READ |
                                       base::PLATFORM_FILE_EXCLUSIVE_WRITE |
                                       base::PLATFORM_FILE_ASYNC |
                                       base::PLATFORM_FILE_WRITE_ATTRIBUTES;
 
+const int kReadOnlyFilePermissions = base::PLATFORM_FILE_OPEN |
+                                     base::PLATFORM_FILE_READ |
+                                     base::PLATFORM_FILE_EXCLUSIVE_READ |
+                                     base::PLATFORM_FILE_ASYNC;
 
 // Returns process id of the process the extension is running in.
 int ExtractProcessFromExtensionId(const std::string& extension_id,
                                   Profile* profile) {
   GURL extension_url =
       Extension::GetBaseURLFromExtensionId(extension_id);
   ExtensionProcessManager* manager = profile->GetExtensionProcessManager();
 
   SiteInstance* site_instance = manager->GetSiteInstanceForURL(extension_url);
   if (!site_instance || !site_instance->HasProcess())
@@ skipping 91 matching lines @@
 
 void SortLastUsedHandlerList(LastUsedHandlerList *list) {
   // Sort by the last used descending.
   std::sort(list->begin(), list->end(), SortByLastUsedTimestampDesc);
   if (list->size() > 1) {
     // Sort the rest by name.
     std::sort(list->begin() + 1, list->end(), SortByTaskName);
   }
 }
 
+void SetPermissionsForGDataCacheFiles(Profile* profile,
+                                       int pid,

[satorux1, 2012/03/22 22:28:29]

indentation is off

[tonibarzic, 2012/03/22 23:38:20]

Done.

+                                       const FilePath& path) {
+  gdata::GDataFileSystem* file_system =
+      gdata::GDataFileSystemFactory::GetForProfile(profile);
+  if (!file_system)
+    return;
+
+  gdata::GDataFileProperties file_properties;
+  file_system->GetFileInfoFromPath(path, &file_properties);
+
+  std::string resource_id = file_properties.resource_id;
+  std::string file_md5 = file_properties.file_md5;
+
+  // We check permissions for raw cache file paths only for read-only
+  // operations (when fileEntry.file() is called), so read only permissions
+  // should be sufficient for all cache paths. For the rest of supported
+  // operations the file access check is done for gdata/ paths.
+  std::vector<std::pair<FilePath, int> > cache_paths;

[zel, 2012/03/22 22:21:53]

please move the block that gives you all file names to gdata_util.cc - that
logic should not be part of extensions layer. - L179-206

[tonibarzic, 2012/03/22 23:38:20]

Done.

+  cache_paths.push_back(std::make_pair(
+      file_system->GetCacheFilePath(resource_id, file_md5,
+          gdata::GDataFileSystem::CACHE_TYPE_PERSISTENT,
+          gdata::GDataFileSystem::CACHED_FILE_FROM_SERVER),
+      GetReadOnlyPermissions()));
+  // TODO(tbarzic): When we start supporting openFile operation, we may have to
+  // change permission for localy modified files to match handler's permissions.
+  cache_paths.push_back(std::make_pair(
+      file_system->GetCacheFilePath(resource_id, file_md5,
+          gdata::GDataFileSystem::CACHE_TYPE_PERSISTENT,
+          gdata::GDataFileSystem::CACHED_FILE_LOCALLY_MODIFIED),
+     GetReadOnlyPermissions()));
+  cache_paths.push_back(std::make_pair(
+      file_system->GetCacheFilePath(resource_id, file_md5,
+          gdata::GDataFileSystem::CACHE_TYPE_TMP,
+          gdata::GDataFileSystem::CACHED_FILE_FROM_SERVER),
+      GetReadOnlyPermissions()));
+
+  for (size_t i = 0; i < cache_paths.size(); i++) {
+    ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile(
+        pid, cache_paths[i].first, cache_paths[i].second);
+  }
+}
+
 }  // namespace
 
 int GetReadWritePermissions() {
   return kReadWriteFilePermissions;
 }
 
+int GetReadOnlyPermissions() {
+  return kReadOnlyFilePermissions;
+}
+
 std::string MakeTaskID(const std::string& extension_id,
                        const std::string& action_id) {
   return base::StringPrintf("%s|%s", extension_id.c_str(), action_id.c_str());
 }
 
 // Breaks down task_id that is used between getFileTasks() and executeTask() on
 // its building blocks. task_id field the following structure:
 //     <extension-id>|<task-action-id>
 // Currently, the only supported task-type is of 'context'.
 bool CrackTaskID(const std::string& task_id,
@@ skipping 203 matching lines @@
         external_provider->GetFileSystemRootPathOnFileThread(
           file_origin_url,
           fileapi::kFileSystemTypeExternal,
           virtual_path,
           false);     // create
     FilePath final_file_path = root_path.Append(virtual_path);
 
     // Check if this file system entry exists first.
     base::PlatformFileInfo file_info;
 
-    if (!file_util::PathExists(final_file_path) ||
-        file_util::IsLink(final_file_path) ||
-        !file_util::GetFileInfo(final_file_path, &file_info))
-      return false;
+    bool is_gdata_file = gdata::util::IsUnderGDataMountPoint(final_file_path);
 
-    // TODO(zelidrag): Let's just prevent all symlinks for now. We don't want a
-    // USB drive content to point to something in the rest of the file system.
-    // Ideally, we should permit symlinks within the boundary of the same
-    // virtual mount point.
-    if (file_info.is_symbolic_link)
-      return false;
+    // If the file is under gdata mount point, there is no actual file to be
+    // found on the final_file_path.
+    if (!is_gdata_file) {
+      if (!file_util::PathExists(final_file_path) ||
+          file_util::IsLink(final_file_path) ||

[satorux1, 2012/03/22 22:28:29]

Why are we checking IsLink()? we are checking file_info.is_symbolic_link below.
Or we can keep it here, and stop checking file_info.is_symbolic_link

[tonibarzic, 2012/03/22 23:38:20]

I'm not sure why we check that, but removed symbolic link check

+          !file_util::GetFileInfo(final_file_path, &file_info)) {
+        return false;
+      }
+
+      // TODO(zelidrag): Let's just prevent all symlinks for now. We don't want
+      // a USB drive content to point to something in the rest of the file
+      // system. Ideally, we should permit symlinks within the boundary of the
+      // same virtual mount point.
+      if (file_info.is_symbolic_link)
+        return false;
+    }
 
     // TODO(tbarzic): Add explicit R/W + R/O permissions for non-component
     // extensions.
 
     // Grant R/O access permission to non-component extension and R/W to
     // component extensions.
     ChildProcessSecurityPolicy::GetInstance()->GrantPermissionsForFile(
         handler_pid_,
         final_file_path,
         GetReadWritePermissions());
 
+    if (is_gdata_file)
+      SetPermissionsForGDataCacheFiles(profile_, handler_pid_, final_file_path);
+
     // Grant access to this particular file to target extension. This will
     // ensure that the target extension can access only this FS entry and
     // prevent from traversing FS hierarchy upward.
     external_provider->GrantFileAccessToExtension(handler_extension_->id(),
                                                   virtual_path);
 
     // Output values.
     GURL target_origin_url(Extension::GetBaseURLFromExtensionId(
         handler_extension_->id()));
     GURL base_url = fileapi::GetFileSystemRootURI(target_origin_url,
@@ skipping 134 matching lines @@
   base::JSONWriter::Write(event_args.get(), &json_args);
   event_router->DispatchEventToExtension(
       extension_id_, std::string("fileBrowserHandler.onExecute"),
       json_args, profile_,
       GURL());
   Done(true);
 }
 
 } // namespace file_handler_util