1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef WEBKIT_BROWSER_FILEAPI_OBFUSCATED_FILE_UTIL_H_
6 #define WEBKIT_BROWSER_FILEAPI_OBFUSCATED_FILE_UTIL_H_
13 #include "base/callback_forward.h"
14 #include "base/files/file_path.h"
15 #include "base/files/file_util_proxy.h"
16 #include "base/gtest_prod_util.h"
17 #include "base/memory/scoped_ptr.h"
18 #include "base/platform_file.h"
19 #include "webkit/browser/fileapi/file_system_file_util.h"
20 #include "webkit/browser/fileapi/file_system_url.h"
21 #include "webkit/browser/fileapi/sandbox_directory_database.h"
22 #include "webkit/browser/fileapi/sandbox_file_system_backend_delegate.h"
23 #include "webkit/browser/webkit_storage_browser_export.h"
24 #include "webkit/common/blob/shareable_file_reference.h"
25 #include "webkit/common/fileapi/file_system_types.h"
28 class SequencedTaskRunner;
33 class SpecialStoragePolicy;
40 class FileSystemOperationContext;
41 class SandboxOriginDatabaseInterface;
42 class TimedTaskHelper;
44 // This file util stores directory information in LevelDB to obfuscate
45 // and to neutralize virtual file paths given by arbitrary apps.
46 // Files are stored with two-level isolation: per-origin and per-type.
47 // The isolation is done by storing data in separate directory partitions.
48 // For example, a file in Temporary file system for origin 'www.example.com'
49 // is stored in a different partition for a file in Persistent file system
50 // for the same origin, or for Temporary file system for another origin.
52 // * Per-origin directory name information is stored in a separate LevelDB,
53 // which is maintained by SandboxOriginDatabase.
54 // * Per-type directory name information is given by
55 // GetTypeStringForURLCallback that is given in CTOR.
56 // We use a small static mapping (e.g. 't' for Temporary type) for
57 // regular sandbox filesystems.
59 // The overall implementation philosophy of this class is that partial failures
60 // should leave us with an intact database; we'd prefer to leak the occasional
61 // backing file than have a database entry whose backing file is missing. When
62 // doing FSCK operations, if you find a loose backing file with no reference,
63 // you may safely delete it.
65 // This class must be deleted on the FILE thread, because that's where
66 // DropDatabases needs to be called.
67 class WEBKIT_STORAGE_BROWSER_EXPORT_PRIVATE ObfuscatedFileUtil
68 : public FileSystemFileUtil {
70 // Origin enumerator interface.
71 // An instance of this interface is assumed to be called on the file thread.
72 class AbstractOriginEnumerator {
74 virtual ~AbstractOriginEnumerator() {}
76 // Returns the next origin. Returns empty if there are no more origins.
77 virtual GURL Next() = 0;
79 // Returns the current origin's information.
80 // |type_string| must be ascii string.
81 virtual bool HasTypeDirectory(const std::string& type_string) const = 0;
84 typedef base::Callback<std::string(const FileSystemURL&)>
85 GetTypeStringForURLCallback;
87 // |get_type_string_for_url| is user-defined callback that should return
88 // a type string for the given FileSystemURL. The type string is used
89 // to provide per-type isolation in the sandboxed filesystem directory.
90 // Note that this method is called on file_task_runner.
92 // |known_type_strings| are known type string names that this file system
94 // This info is used to determine whether we could delete the entire
95 // origin directory or not in DeleteDirectoryForOriginAndType. If no directory
96 // for any known type exists the origin directory may get deleted when
97 // one origin/type pair is deleted.
100 quota::SpecialStoragePolicy* special_storage_policy,
101 const base::FilePath& file_system_directory,
102 base::SequencedTaskRunner* file_task_runner,
103 const GetTypeStringForURLCallback& get_type_string_for_url,
104 const std::set<std::string>& known_type_strings,
105 SandboxFileSystemBackendDelegate* sandbox_delegate);
106 virtual ~ObfuscatedFileUtil();
108 // FileSystemFileUtil overrides.
109 virtual base::PlatformFileError CreateOrOpen(
110 FileSystemOperationContext* context,
111 const FileSystemURL& url,
113 base::PlatformFile* file_handle,
114 bool* created) OVERRIDE;
115 virtual base::PlatformFileError Close(
116 FileSystemOperationContext* context,
117 base::PlatformFile file) OVERRIDE;
118 virtual base::PlatformFileError EnsureFileExists(
119 FileSystemOperationContext* context,
120 const FileSystemURL& url, bool* created) OVERRIDE;
121 virtual base::PlatformFileError CreateDirectory(
122 FileSystemOperationContext* context,
123 const FileSystemURL& url,
125 bool recursive) OVERRIDE;
126 virtual base::PlatformFileError GetFileInfo(
127 FileSystemOperationContext* context,
128 const FileSystemURL& url,
129 base::PlatformFileInfo* file_info,
130 base::FilePath* platform_file) OVERRIDE;
131 virtual scoped_ptr<AbstractFileEnumerator> CreateFileEnumerator(
132 FileSystemOperationContext* context,
133 const FileSystemURL& root_url) OVERRIDE;
134 virtual base::PlatformFileError GetLocalFilePath(
135 FileSystemOperationContext* context,
136 const FileSystemURL& file_system_url,
137 base::FilePath* local_path) OVERRIDE;
138 virtual base::PlatformFileError Touch(
139 FileSystemOperationContext* context,
140 const FileSystemURL& url,
141 const base::Time& last_access_time,
142 const base::Time& last_modified_time) OVERRIDE;
143 virtual base::PlatformFileError Truncate(
144 FileSystemOperationContext* context,
145 const FileSystemURL& url,
146 int64 length) OVERRIDE;
147 virtual base::PlatformFileError CopyOrMoveFile(
148 FileSystemOperationContext* context,
149 const FileSystemURL& src_url,
150 const FileSystemURL& dest_url,
151 CopyOrMoveOption option,
153 virtual base::PlatformFileError CopyInForeignFile(
154 FileSystemOperationContext* context,
155 const base::FilePath& src_file_path,
156 const FileSystemURL& dest_url) OVERRIDE;
157 virtual base::PlatformFileError DeleteFile(
158 FileSystemOperationContext* context,
159 const FileSystemURL& url) OVERRIDE;
160 virtual base::PlatformFileError DeleteDirectory(
161 FileSystemOperationContext* context,
162 const FileSystemURL& url) OVERRIDE;
163 virtual webkit_blob::ScopedFile CreateSnapshotFile(
164 FileSystemOperationContext* context,
165 const FileSystemURL& url,
166 base::PlatformFileError* error,
167 base::PlatformFileInfo* file_info,
168 base::FilePath* platform_path) OVERRIDE;
170 // Same as the other CreateFileEnumerator, but with recursive support.
171 scoped_ptr<AbstractFileEnumerator> CreateFileEnumerator(
172 FileSystemOperationContext* context,
173 const FileSystemURL& root_url,
176 // Returns true if the directory |url| is empty.
177 bool IsDirectoryEmpty(
178 FileSystemOperationContext* context,
179 const FileSystemURL& url);
181 // Gets the topmost directory specific to this origin and type. This will
182 // contain both the directory database's files and all the backing file
184 // Returns the topmost origin directory if |type_string| is empty.
185 // Returns an empty path if the directory is undefined.
186 // If the directory is defined, it will be returned, even if
187 // there is a file system error (e.g. the directory doesn't exist on disk and
188 // |create| is false). Callers should always check |error_code| to make sure
189 // the returned path is usable.
190 base::FilePath GetDirectoryForOriginAndType(
192 const std::string& type_string,
194 base::PlatformFileError* error_code);
196 // Deletes the topmost directory specific to this origin and type. This will
197 // delete its directory database.
198 // Deletes the topmost origin directory if |type_string| is empty.
199 bool DeleteDirectoryForOriginAndType(
201 const std::string& type_string);
203 // This method and all methods of its returned class must be called only on
204 // the FILE thread. The caller is responsible for deleting the returned
206 AbstractOriginEnumerator* CreateOriginEnumerator();
208 // Deletes a directory database from the database list in the ObfuscatedFSFU
209 // and destroys the database on the disk.
210 bool DestroyDirectoryDatabase(const GURL& origin,
211 const std::string& type_string);
213 // Computes a cost for storing a given file in the obfuscated FSFU.
214 // As the cost of a file is independent of the cost of its parent directories,
215 // this ignores all but the BaseName of the supplied path. In order to
216 // compute the cost of adding a multi-segment directory recursively, call this
217 // on each path segment and add the results.
218 static int64 ComputeFilePathCost(const base::FilePath& path);
220 // Tries to prepopulate directory database for the given type strings.
221 // This tries from the first one in the given type_strings and stops
222 // once it succeeds to do so for one database (i.e. it prepopulates
223 // at most one database).
224 void MaybePrepopulateDatabase(
225 const std::vector<std::string>& type_strings_to_prepopulate);
228 typedef SandboxDirectoryDatabase::FileId FileId;
229 typedef SandboxDirectoryDatabase::FileInfo FileInfo;
231 friend class ObfuscatedFileEnumerator;
232 friend class ObfuscatedFileUtilTest;
233 FRIEND_TEST_ALL_PREFIXES(ObfuscatedFileUtilTest, MaybeDropDatabasesAliveCase);
234 FRIEND_TEST_ALL_PREFIXES(ObfuscatedFileUtilTest,
235 MaybeDropDatabasesAlreadyDeletedCase);
236 FRIEND_TEST_ALL_PREFIXES(ObfuscatedFileUtilTest,
237 DestroyDirectoryDatabase_Isolated);
238 FRIEND_TEST_ALL_PREFIXES(ObfuscatedFileUtilTest,
239 GetDirectoryDatabase_Isolated);
240 FRIEND_TEST_ALL_PREFIXES(ObfuscatedFileUtilTest,
241 MigrationBackFromIsolated);
243 // Helper method to create an obfuscated file util for regular
244 // (temporary, persistent) file systems. Used only for testing.
245 // Note: this is implemented in sandbox_file_system_backend_delegate.cc.
246 static ObfuscatedFileUtil* CreateForTesting(
247 quota::SpecialStoragePolicy* special_storage_policy,
248 const base::FilePath& file_system_directory,
249 base::SequencedTaskRunner* file_task_runner);
251 base::FilePath GetDirectoryForURL(
252 const FileSystemURL& url,
254 base::PlatformFileError* error_code);
256 // This just calls get_type_string_for_url_ callback that is given in ctor.
257 std::string CallGetTypeStringForURL(const FileSystemURL& url);
259 base::PlatformFileError GetFileInfoInternal(
260 SandboxDirectoryDatabase* db,
261 FileSystemOperationContext* context,
262 const FileSystemURL& url,
264 FileInfo* local_info,
265 base::PlatformFileInfo* file_info,
266 base::FilePath* platform_file_path);
268 // Creates a new file, both the underlying backing file and the entry in the
269 // database. |dest_file_info| is an in-out parameter. Supply the name and
270 // parent_id; data_path is ignored. On success, data_path will
271 // always be set to the relative path [from the root of the type-specific
272 // filesystem directory] of a NEW backing file, and handle, if supplied, will
273 // hold open PlatformFile for the backing file, which the caller is
274 // responsible for closing. If you supply a path in |source_path|, it will be
275 // used as a source from which to COPY data.
276 // Caveat: do not supply handle if you're also supplying a data path. It was
277 // easier not to support this, and no code has needed it so far, so it will
278 // DCHECK and handle will hold base::kInvalidPlatformFileValue.
279 base::PlatformFileError CreateFile(
280 FileSystemOperationContext* context,
281 const base::FilePath& source_file_path,
282 const FileSystemURL& dest_url,
283 FileInfo* dest_file_info,
285 base::PlatformFile* handle);
287 // This converts from a relative path [as is stored in the FileInfo.data_path
288 // field] to an absolute platform path that can be given to the native
290 base::FilePath DataPathToLocalPath(
291 const FileSystemURL& url,
292 const base::FilePath& data_file_path);
294 std::string GetDirectoryDatabaseKey(const GURL& origin,
295 const std::string& type_string);
297 // This returns NULL if |create| flag is false and a filesystem does not
298 // exist for the given |url|.
299 // For read operations |create| should be false.
300 SandboxDirectoryDatabase* GetDirectoryDatabase(const FileSystemURL& url,
303 // Gets the topmost directory specific to this origin. This will
304 // contain both the filesystem type subdirectories.
305 base::FilePath GetDirectoryForOrigin(const GURL& origin,
307 base::PlatformFileError* error_code);
309 void InvalidateUsageCache(FileSystemOperationContext* context,
311 FileSystemType type);
314 void DropDatabases();
316 // Initializes the origin database. |origin_hint| may be used as a hint
317 // for initializing database if it's not empty.
318 bool InitOriginDatabase(const GURL& origin_hint, bool create);
320 base::PlatformFileError GenerateNewLocalPath(
321 SandboxDirectoryDatabase* db,
322 FileSystemOperationContext* context,
323 const FileSystemURL& url,
324 base::FilePath* local_path);
326 base::PlatformFileError CreateOrOpenInternal(
327 FileSystemOperationContext* context,
328 const FileSystemURL& url,
330 base::PlatformFile* file_handle,
333 bool HasIsolatedStorage(const GURL& origin);
335 typedef std::map<std::string, SandboxDirectoryDatabase*> DirectoryMap;
336 DirectoryMap directories_;
337 scoped_ptr<SandboxOriginDatabaseInterface> origin_database_;
338 scoped_refptr<quota::SpecialStoragePolicy> special_storage_policy_;
339 base::FilePath file_system_directory_;
341 // Used to delete database after a certain period of inactivity.
342 int64 db_flush_delay_seconds_;
344 scoped_refptr<base::SequencedTaskRunner> file_task_runner_;
345 scoped_ptr<TimedTaskHelper> timer_;
347 GetTypeStringForURLCallback get_type_string_for_url_;
348 std::set<std::string> known_type_strings_;
351 SandboxFileSystemBackendDelegate* sandbox_delegate_;
353 DISALLOW_COPY_AND_ASSIGN(ObfuscatedFileUtil);
356 } // namespace fileapi
358 #endif // WEBKIT_BROWSER_FILEAPI_OBFUSCATED_FILE_UTIL_H_