1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/renderer_host/pepper/pepper_isolated_file_system_message_filter.h"
7 #include "chrome/browser/browser_process.h"
8 #include "chrome/browser/extensions/extension_service.h"
9 #include "chrome/browser/profiles/profile.h"
10 #include "chrome/browser/profiles/profile_manager.h"
11 #include "chrome/common/chrome_switches.h"
12 #include "chrome/common/pepper_permission_util.h"
13 #include "content/public/browser/browser_ppapi_host.h"
14 #include "content/public/browser/browser_thread.h"
15 #include "content/public/browser/child_process_security_policy.h"
16 #include "content/public/browser/render_view_host.h"
17 #include "extensions/browser/extension_system.h"
18 #include "extensions/common/constants.h"
19 #include "extensions/common/extension.h"
20 #include "extensions/common/extension_set.h"
21 #include "ppapi/c/pp_errors.h"
22 #include "ppapi/host/dispatch_host_message.h"
23 #include "ppapi/host/host_message_context.h"
24 #include "ppapi/host/ppapi_host.h"
25 #include "ppapi/proxy/ppapi_messages.h"
26 #include "ppapi/shared_impl/file_system_util.h"
27 #include "storage/browser/fileapi/isolated_context.h"
33 const char* kPredefinedAllowedCrxFsOrigins[] = {
34 "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F", // see crbug.com/234789
35 "4EB74897CB187C7633357C2FE832E0AD6A44883A" // see crbug.com/234789
41 PepperIsolatedFileSystemMessageFilter*
42 PepperIsolatedFileSystemMessageFilter::Create(PP_Instance instance,
43 content::BrowserPpapiHost* host) {
44 int render_process_id;
45 int unused_render_frame_id;
46 if (!host->GetRenderFrameIDsForInstance(
47 instance, &render_process_id, &unused_render_frame_id)) {
50 return new PepperIsolatedFileSystemMessageFilter(
52 host->GetProfileDataDirectory(),
53 host->GetDocumentURLForInstance(instance),
54 host->GetPpapiHost());
57 PepperIsolatedFileSystemMessageFilter::PepperIsolatedFileSystemMessageFilter(
58 int render_process_id,
59 const base::FilePath& profile_directory,
60 const GURL& document_url,
61 ppapi::host::PpapiHost* ppapi_host)
62 : render_process_id_(render_process_id),
63 profile_directory_(profile_directory),
64 document_url_(document_url),
65 ppapi_host_(ppapi_host) {
66 for (size_t i = 0; i < arraysize(kPredefinedAllowedCrxFsOrigins); ++i)
67 allowed_crxfs_origins_.insert(kPredefinedAllowedCrxFsOrigins[i]);
70 PepperIsolatedFileSystemMessageFilter::
71 ~PepperIsolatedFileSystemMessageFilter() {}
73 scoped_refptr<base::TaskRunner>
74 PepperIsolatedFileSystemMessageFilter::OverrideTaskRunnerForMessage(
75 const IPC::Message& msg) {
76 // In order to reach ExtensionSystem, we need to get ProfileManager first.
77 // ProfileManager lives in UI thread, so we need to do this in UI thread.
78 return content::BrowserThread::GetMessageLoopProxyForThread(
79 content::BrowserThread::UI);
82 int32_t PepperIsolatedFileSystemMessageFilter::OnResourceMessageReceived(
83 const IPC::Message& msg,
84 ppapi::host::HostMessageContext* context) {
85 PPAPI_BEGIN_MESSAGE_MAP(PepperIsolatedFileSystemMessageFilter, msg)
86 PPAPI_DISPATCH_HOST_RESOURCE_CALL(
87 PpapiHostMsg_IsolatedFileSystem_BrowserOpen,
89 PPAPI_END_MESSAGE_MAP()
90 return PP_ERROR_FAILED;
93 Profile* PepperIsolatedFileSystemMessageFilter::GetProfile() {
94 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
95 ProfileManager* profile_manager = g_browser_process->profile_manager();
96 return profile_manager->GetProfile(profile_directory_);
99 std::string PepperIsolatedFileSystemMessageFilter::CreateCrxFileSystem(
101 #if defined(ENABLE_EXTENSIONS)
102 extensions::ExtensionSystem* extension_system =
103 extensions::ExtensionSystem::Get(profile);
104 if (!extension_system)
105 return std::string();
107 const ExtensionService* extension_service =
108 extension_system->extension_service();
109 if (!extension_service)
110 return std::string();
112 const extensions::Extension* extension =
113 extension_service->GetExtensionById(document_url_.host(), false);
115 return std::string();
117 // First level directory for isolated filesystem to lookup.
118 std::string kFirstLevelDirectory("crxfs");
119 return storage::IsolatedContext::GetInstance()->RegisterFileSystemForPath(
120 storage::kFileSystemTypeNativeLocal,
123 &kFirstLevelDirectory);
125 return std::string();
129 int32_t PepperIsolatedFileSystemMessageFilter::OnOpenFileSystem(
130 ppapi::host::HostMessageContext* context,
131 PP_IsolatedFileSystemType_Private type) {
133 case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_INVALID:
135 case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_CRX:
136 return OpenCrxFileSystem(context);
137 case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_PLUGINPRIVATE:
138 return OpenPluginPrivateFileSystem(context);
142 PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(std::string());
143 return PP_ERROR_FAILED;
146 int32_t PepperIsolatedFileSystemMessageFilter::OpenCrxFileSystem(
147 ppapi::host::HostMessageContext* context) {
148 #if defined(ENABLE_EXTENSIONS)
149 Profile* profile = GetProfile();
150 const extensions::ExtensionSet* extension_set = NULL;
152 extension_set = extensions::ExtensionSystem::Get(profile)
153 ->extension_service()
156 if (!IsExtensionOrSharedModuleWhitelisted(
157 document_url_, extension_set, allowed_crxfs_origins_) &&
158 !IsHostAllowedByCommandLine(
159 document_url_, extension_set, switches::kAllowNaClCrxFsAPI)) {
160 LOG(ERROR) << "Host " << document_url_.host() << " cannot use CrxFs API.";
161 return PP_ERROR_NOACCESS;
164 // TODO(raymes): When we remove FileSystem from the renderer, we should create
165 // a pending PepperFileSystemBrowserHost here with the fsid and send the
166 // pending host ID back to the plugin.
167 const std::string fsid = CreateCrxFileSystem(profile);
170 PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(std::string());
171 return PP_ERROR_NOTSUPPORTED;
174 // Grant readonly access of isolated filesystem to renderer process.
175 content::ChildProcessSecurityPolicy* policy =
176 content::ChildProcessSecurityPolicy::GetInstance();
177 policy->GrantReadFileSystem(render_process_id_, fsid);
179 context->reply_msg = PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(fsid);
182 return PP_ERROR_NOTSUPPORTED;
186 int32_t PepperIsolatedFileSystemMessageFilter::OpenPluginPrivateFileSystem(
187 ppapi::host::HostMessageContext* context) {
189 // Only plugins with private permission can open the filesystem.
190 if (!ppapi_host_->permissions().HasPermission(ppapi::PERMISSION_PRIVATE))
191 return PP_ERROR_NOACCESS;
193 const std::string& root_name = ppapi::IsolatedFileSystemTypeToRootName(
194 PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_PLUGINPRIVATE);
195 const std::string& fsid =
196 storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
197 storage::kFileSystemTypePluginPrivate, root_name, base::FilePath());
199 // Grant full access of isolated filesystem to renderer process.
200 content::ChildProcessSecurityPolicy* policy =
201 content::ChildProcessSecurityPolicy::GetInstance();
202 policy->GrantCreateReadWriteFileSystem(render_process_id_, fsid);
204 context->reply_msg = PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(fsid);
208 } // namespace chrome