1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/renderer_host/pepper/pepper_isolated_file_system_message_filter.h"
7 #include "chrome/browser/browser_process.h"
8 #if defined(ENABLE_EXTENSIONS)
9 #include "chrome/browser/extensions/extension_service.h"
11 #include "chrome/browser/profiles/profile.h"
12 #include "chrome/browser/profiles/profile_manager.h"
13 #include "chrome/common/chrome_switches.h"
14 #include "chrome/common/pepper_permission_util.h"
15 #include "content/public/browser/browser_ppapi_host.h"
16 #include "content/public/browser/browser_thread.h"
17 #include "content/public/browser/child_process_security_policy.h"
18 #include "content/public/browser/render_view_host.h"
19 #if defined(ENABLE_EXTENSIONS)
20 #include "extensions/browser/extension_system.h"
21 #include "extensions/common/constants.h"
22 #include "extensions/common/extension.h"
23 #include "extensions/common/extension_set.h"
25 #include "ppapi/c/pp_errors.h"
26 #include "ppapi/host/dispatch_host_message.h"
27 #include "ppapi/host/host_message_context.h"
28 #include "ppapi/host/ppapi_host.h"
29 #include "ppapi/proxy/ppapi_messages.h"
30 #include "ppapi/shared_impl/file_system_util.h"
31 #include "storage/browser/fileapi/isolated_context.h"
37 const char* kPredefinedAllowedCrxFsOrigins[] = {
38 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F", // see crbug.com/234789
39 "4EB74897CB187C7633357C2FE832E0AD6A44883A" // see crbug.com/234789
45 PepperIsolatedFileSystemMessageFilter*
46 PepperIsolatedFileSystemMessageFilter::Create(PP_Instance instance,
47 content::BrowserPpapiHost* host) {
48 int render_process_id;
49 int unused_render_frame_id;
50 if (!host->GetRenderFrameIDsForInstance(
51 instance, &render_process_id, &unused_render_frame_id)) {
54 return new PepperIsolatedFileSystemMessageFilter(
56 host->GetProfileDataDirectory(),
57 host->GetDocumentURLForInstance(instance),
58 host->GetPpapiHost());
61 PepperIsolatedFileSystemMessageFilter::PepperIsolatedFileSystemMessageFilter(
62 int render_process_id,
63 const base::FilePath& profile_directory,
64 const GURL& document_url,
65 ppapi::host::PpapiHost* ppapi_host)
66 : render_process_id_(render_process_id),
67 profile_directory_(profile_directory),
68 document_url_(document_url),
69 ppapi_host_(ppapi_host) {
70 for (size_t i = 0; i < arraysize(kPredefinedAllowedCrxFsOrigins); ++i)
71 allowed_crxfs_origins_.insert(kPredefinedAllowedCrxFsOrigins[i]);
74 PepperIsolatedFileSystemMessageFilter::
75 ~PepperIsolatedFileSystemMessageFilter() {}
77 scoped_refptr<base::TaskRunner>
78 PepperIsolatedFileSystemMessageFilter::OverrideTaskRunnerForMessage(
79 const IPC::Message& msg) {
80 // In order to reach ExtensionSystem, we need to get ProfileManager first.
81 // ProfileManager lives in UI thread, so we need to do this in UI thread.
82 return content::BrowserThread::GetMessageLoopProxyForThread(
83 content::BrowserThread::UI);
86 int32_t PepperIsolatedFileSystemMessageFilter::OnResourceMessageReceived(
87 const IPC::Message& msg,
88 ppapi::host::HostMessageContext* context) {
89 PPAPI_BEGIN_MESSAGE_MAP(PepperIsolatedFileSystemMessageFilter, msg)
90 PPAPI_DISPATCH_HOST_RESOURCE_CALL(
91 PpapiHostMsg_IsolatedFileSystem_BrowserOpen,
93 PPAPI_END_MESSAGE_MAP()
94 return PP_ERROR_FAILED;
97 Profile* PepperIsolatedFileSystemMessageFilter::GetProfile() {
98 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
99 ProfileManager* profile_manager = g_browser_process->profile_manager();
100 return profile_manager->GetProfile(profile_directory_);
103 std::string PepperIsolatedFileSystemMessageFilter::CreateCrxFileSystem(
105 #if defined(ENABLE_EXTENSIONS)
106 extensions::ExtensionSystem* extension_system =
107 extensions::ExtensionSystem::Get(profile);
108 if (!extension_system)
109 return std::string();
111 const ExtensionService* extension_service =
112 extension_system->extension_service();
113 if (!extension_service)
114 return std::string();
116 const extensions::Extension* extension =
117 extension_service->GetExtensionById(document_url_.host(), false);
119 return std::string();
121 // First level directory for isolated filesystem to lookup.
122 std::string kFirstLevelDirectory("crxfs");
123 return storage::IsolatedContext::GetInstance()->RegisterFileSystemForPath(
124 storage::kFileSystemTypeNativeLocal,
127 &kFirstLevelDirectory);
129 return std::string();
133 int32_t PepperIsolatedFileSystemMessageFilter::OnOpenFileSystem(
134 ppapi::host::HostMessageContext* context,
135 PP_IsolatedFileSystemType_Private type) {
137 case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_INVALID:
139 case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_CRX:
140 return OpenCrxFileSystem(context);
141 case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_PLUGINPRIVATE:
142 return OpenPluginPrivateFileSystem(context);
146 PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(std::string());
147 return PP_ERROR_FAILED;
150 int32_t PepperIsolatedFileSystemMessageFilter::OpenCrxFileSystem(
151 ppapi::host::HostMessageContext* context) {
152 #if defined(ENABLE_EXTENSIONS)
153 Profile* profile = GetProfile();
154 const extensions::ExtensionSet* extension_set = NULL;
156 extension_set = extensions::ExtensionSystem::Get(profile)
157 ->extension_service()
160 if (!IsExtensionOrSharedModuleWhitelisted(
161 document_url_, extension_set, allowed_crxfs_origins_) &&
162 !IsHostAllowedByCommandLine(
163 document_url_, extension_set, switches::kAllowNaClCrxFsAPI)) {
164 LOG(ERROR) << "Host " << document_url_.host() << " cannot use CrxFs API.";
165 return PP_ERROR_NOACCESS;
168 // TODO(raymes): When we remove FileSystem from the renderer, we should create
169 // a pending PepperFileSystemBrowserHost here with the fsid and send the
170 // pending host ID back to the plugin.
171 const std::string fsid = CreateCrxFileSystem(profile);
174 PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(std::string());
175 return PP_ERROR_NOTSUPPORTED;
178 // Grant readonly access of isolated filesystem to renderer process.
179 content::ChildProcessSecurityPolicy* policy =
180 content::ChildProcessSecurityPolicy::GetInstance();
181 policy->GrantReadFileSystem(render_process_id_, fsid);
183 context->reply_msg = PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(fsid);
186 return PP_ERROR_NOTSUPPORTED;
190 int32_t PepperIsolatedFileSystemMessageFilter::OpenPluginPrivateFileSystem(
191 ppapi::host::HostMessageContext* context) {
193 // Only plugins with private permission can open the filesystem.
194 if (!ppapi_host_->permissions().HasPermission(ppapi::PERMISSION_PRIVATE))
195 return PP_ERROR_NOACCESS;
197 const std::string& root_name = ppapi::IsolatedFileSystemTypeToRootName(
198 PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_PLUGINPRIVATE);
199 const std::string& fsid =
200 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
201 storage::kFileSystemTypePluginPrivate, root_name, base::FilePath());
203 // Grant full access of isolated filesystem to renderer process.
204 content::ChildProcessSecurityPolicy* policy =
205 content::ChildProcessSecurityPolicy::GetInstance();
206 policy->GrantCreateReadWriteFileSystem(render_process_id_, fsid);
208 context->reply_msg = PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(fsid);
212 } // namespace chrome