src/chrome/browser/renderer_host/pepper/pepper_isolated_file_system_message_filter.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/renderer_host/pepper/pepper_isolated_file_system_message_filter.h"
   6
   7 #include "chrome/browser/browser_process.h"
   8 #include "chrome/browser/extensions/extension_service.h"
   9 #include "chrome/browser/profiles/profile.h"
  10 #include "chrome/browser/profiles/profile_manager.h"
  11 #include "chrome/common/chrome_switches.h"
  12 #include "chrome/common/pepper_permission_util.h"
  13 #include "content/public/browser/browser_ppapi_host.h"
  14 #include "content/public/browser/browser_thread.h"
  15 #include "content/public/browser/child_process_security_policy.h"
  16 #include "content/public/browser/render_view_host.h"
  17 #include "extensions/browser/extension_system.h"
  18 #include "extensions/common/constants.h"
  19 #include "extensions/common/extension.h"
  20 #include "extensions/common/extension_set.h"
  21 #include "ppapi/c/pp_errors.h"
  22 #include "ppapi/host/dispatch_host_message.h"
  23 #include "ppapi/host/host_message_context.h"
  24 #include "ppapi/host/ppapi_host.h"
  25 #include "ppapi/proxy/ppapi_messages.h"
  26 #include "ppapi/shared_impl/file_system_util.h"
  27 #include "storage/browser/fileapi/isolated_context.h"
  28
  29 namespace chrome {
  30
  31 namespace {
  32
  33 const char* kPredefinedAllowedCrxFsOrigins[] = {
  34     "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F",  // see crbug.com/234789
  35     "4EB74897CB187C7633357C2FE832E0AD6A44883A"   // see crbug.com/234789
  36 };
  37
  38 }  // namespace
  39
  40 // static
  41 PepperIsolatedFileSystemMessageFilter*
  42 PepperIsolatedFileSystemMessageFilter::Create(PP_Instance instance,
  43                                               content::BrowserPpapiHost* host) {
  44   int render_process_id;
  45   int unused_render_frame_id;
  46   if (!host->GetRenderFrameIDsForInstance(
  47           instance, &render_process_id, &unused_render_frame_id)) {
  48     return NULL;
  49   }
  50   return new PepperIsolatedFileSystemMessageFilter(
  51       render_process_id,
  52       host->GetProfileDataDirectory(),
  53       host->GetDocumentURLForInstance(instance),
  54       host->GetPpapiHost());
  55 }
  56
  57 PepperIsolatedFileSystemMessageFilter::PepperIsolatedFileSystemMessageFilter(
  58     int render_process_id,
  59     const base::FilePath& profile_directory,
  60     const GURL& document_url,
  61     ppapi::host::PpapiHost* ppapi_host)
  62     : render_process_id_(render_process_id),
  63       profile_directory_(profile_directory),
  64       document_url_(document_url),
  65       ppapi_host_(ppapi_host) {
  66   for (size_t i = 0; i < arraysize(kPredefinedAllowedCrxFsOrigins); ++i)
  67     allowed_crxfs_origins_.insert(kPredefinedAllowedCrxFsOrigins[i]);
  68 }
  69
  70 PepperIsolatedFileSystemMessageFilter::
  71     ~PepperIsolatedFileSystemMessageFilter() {}
  72
  73 scoped_refptr<base::TaskRunner>
  74 PepperIsolatedFileSystemMessageFilter::OverrideTaskRunnerForMessage(
  75     const IPC::Message& msg) {
  76   // In order to reach ExtensionSystem, we need to get ProfileManager first.
  77   // ProfileManager lives in UI thread, so we need to do this in UI thread.
  78   return content::BrowserThread::GetMessageLoopProxyForThread(
  79       content::BrowserThread::UI);
  80 }
  81
  82 int32_t PepperIsolatedFileSystemMessageFilter::OnResourceMessageReceived(
  83     const IPC::Message& msg,
  84     ppapi::host::HostMessageContext* context) {
  85   PPAPI_BEGIN_MESSAGE_MAP(PepperIsolatedFileSystemMessageFilter, msg)
  86     PPAPI_DISPATCH_HOST_RESOURCE_CALL(
  87       PpapiHostMsg_IsolatedFileSystem_BrowserOpen,
  88       OnOpenFileSystem)
  89   PPAPI_END_MESSAGE_MAP()
  90   return PP_ERROR_FAILED;
  91 }
  92
  93 Profile* PepperIsolatedFileSystemMessageFilter::GetProfile() {
  94   DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
  95   ProfileManager* profile_manager = g_browser_process->profile_manager();
  96   return profile_manager->GetProfile(profile_directory_);
  97 }
  98
  99 std::string PepperIsolatedFileSystemMessageFilter::CreateCrxFileSystem(
 100     Profile* profile) {
 101 #if defined(ENABLE_EXTENSIONS)
 102   extensions::ExtensionSystem* extension_system =
 103       extensions::ExtensionSystem::Get(profile);
 104   if (!extension_system)
 105     return std::string();
 106
 107   const ExtensionService* extension_service =
 108       extension_system->extension_service();
 109   if (!extension_service)
 110     return std::string();
 111
 112   const extensions::Extension* extension =
 113       extension_service->GetExtensionById(document_url_.host(), false);
 114   if (!extension)
 115     return std::string();
 116
 117   // First level directory for isolated filesystem to lookup.
 118   std::string kFirstLevelDirectory("crxfs");
 119   return storage::IsolatedContext::GetInstance()->RegisterFileSystemForPath(
 120       storage::kFileSystemTypeNativeLocal,
 121       std::string(),
 122       extension->path(),
 123       &kFirstLevelDirectory);
 124 #else
 125   return std::string();
 126 #endif
 127 }
 128
 129 int32_t PepperIsolatedFileSystemMessageFilter::OnOpenFileSystem(
 130     ppapi::host::HostMessageContext* context,
 131     PP_IsolatedFileSystemType_Private type) {
 132   switch (type) {
 133     case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_INVALID:
 134       break;
 135     case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_CRX:
 136       return OpenCrxFileSystem(context);
 137     case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_PLUGINPRIVATE:
 138       return OpenPluginPrivateFileSystem(context);
 139   }
 140   NOTREACHED();
 141   context->reply_msg =
 142       PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(std::string());
 143   return PP_ERROR_FAILED;
 144 }
 145
 146 int32_t PepperIsolatedFileSystemMessageFilter::OpenCrxFileSystem(
 147     ppapi::host::HostMessageContext* context) {
 148 #if defined(ENABLE_EXTENSIONS)
 149   Profile* profile = GetProfile();
 150   const extensions::ExtensionSet* extension_set = NULL;
 151   if (profile) {
 152     extension_set = extensions::ExtensionSystem::Get(profile)
 153                         ->extension_service()
 154                         ->extensions();
 155   }
 156   if (!IsExtensionOrSharedModuleWhitelisted(
 157           document_url_, extension_set, allowed_crxfs_origins_) &&
 158       !IsHostAllowedByCommandLine(
 159           document_url_, extension_set, switches::kAllowNaClCrxFsAPI)) {
 160     LOG(ERROR) << "Host " << document_url_.host() << " cannot use CrxFs API.";
 161     return PP_ERROR_NOACCESS;
 162   }
 163
 164   // TODO(raymes): When we remove FileSystem from the renderer, we should create
 165   // a pending PepperFileSystemBrowserHost here with the fsid and send the
 166   // pending host ID back to the plugin.
 167   const std::string fsid = CreateCrxFileSystem(profile);
 168   if (fsid.empty()) {
 169     context->reply_msg =
 170         PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(std::string());
 171     return PP_ERROR_NOTSUPPORTED;
 172   }
 173
 174   // Grant readonly access of isolated filesystem to renderer process.
 175   content::ChildProcessSecurityPolicy* policy =
 176       content::ChildProcessSecurityPolicy::GetInstance();
 177   policy->GrantReadFileSystem(render_process_id_, fsid);
 178
 179   context->reply_msg = PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(fsid);
 180   return PP_OK;
 181 #else
 182   return PP_ERROR_NOTSUPPORTED;
 183 #endif
 184 }
 185
 186 int32_t PepperIsolatedFileSystemMessageFilter::OpenPluginPrivateFileSystem(
 187     ppapi::host::HostMessageContext* context) {
 188   DCHECK(ppapi_host_);
 189   // Only plugins with private permission can open the filesystem.
 190   if (!ppapi_host_->permissions().HasPermission(ppapi::PERMISSION_PRIVATE))
 191     return PP_ERROR_NOACCESS;
 192
 193   const std::string& root_name = ppapi::IsolatedFileSystemTypeToRootName(
 194       PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_PLUGINPRIVATE);
 195   const std::string& fsid =
 196       storage::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
 197           storage::kFileSystemTypePluginPrivate, root_name, base::FilePath());
 198
 199   // Grant full access of isolated filesystem to renderer process.
 200   content::ChildProcessSecurityPolicy* policy =
 201       content::ChildProcessSecurityPolicy::GetInstance();
 202   policy->GrantCreateReadWriteFileSystem(render_process_id_, fsid);
 203
 204   context->reply_msg = PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(fsid);
 205   return PP_OK;
 206 }
 207
 208 }  // namespace chrome