src/content/renderer/pepper/pepper_file_io_host.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/renderer/pepper/pepper_file_io_host.h"
   6
   7 #include "base/bind.h"
   8 #include "base/callback.h"
   9 #include "base/callback_helpers.h"
  10 #include "base/command_line.h"
  11 #include "base/files/file_util_proxy.h"
  12 #include "content/child/child_thread.h"
  13 #include "content/child/fileapi/file_system_dispatcher.h"
  14 #include "content/child/quota_dispatcher.h"
  15 #include "content/common/fileapi/file_system_messages.h"
  16 #include "content/common/view_messages.h"
  17 #include "content/public/common/content_client.h"
  18 #include "content/public/renderer/content_renderer_client.h"
  19 #include "content/renderer/pepper/pepper_file_ref_renderer_host.h"
  20 #include "content/renderer/pepper/quota_file_io.h"
  21 #include "content/renderer/pepper/renderer_ppapi_host_impl.h"
  22 #include "content/renderer/render_thread_impl.h"
  23 #include "ppapi/c/pp_errors.h"
  24 #include "ppapi/c/ppb_file_io.h"
  25 #include "ppapi/host/dispatch_host_message.h"
  26 #include "ppapi/host/ppapi_host.h"
  27 #include "ppapi/proxy/ppapi_messages.h"
  28 #include "ppapi/shared_impl/file_type_conversion.h"
  29 #include "ppapi/shared_impl/time_conversion.h"
  30 #include "ppapi/thunk/enter.h"
  31 #include "third_party/WebKit/public/web/WebPluginContainer.h"
  32
  33 namespace content {
  34
  35 using ppapi::FileIOStateManager;
  36 using ppapi::PPTimeToTime;
  37 using ppapi::host::ReplyMessageContext;
  38 using ppapi::thunk::EnterResourceNoLock;
  39
  40 namespace {
  41
  42 typedef base::Callback<void (base::PlatformFileError)> PlatformGeneralCallback;
  43
  44 int32_t ErrorOrByteNumber(int32_t pp_error, int32_t byte_number) {
  45   // On the plugin side, some callbacks expect a parameter that means different
  46   // things depending on whether is negative or not.  We translate for those
  47   // callbacks here.
  48   return pp_error == PP_OK ? byte_number : pp_error;
  49 }
  50
  51 class QuotaCallbackTranslator : public QuotaDispatcher::Callback {
  52  public:
  53   typedef QuotaFileIO::Delegate::AvailableSpaceCallback PluginCallback;
  54   explicit QuotaCallbackTranslator(const PluginCallback& cb) : callback_(cb) {}
  55   virtual void DidQueryStorageUsageAndQuota(int64 usage, int64 quota) OVERRIDE {
  56     callback_.Run(std::max(static_cast<int64>(0), quota - usage));
  57   }
  58   virtual void DidGrantStorageQuota(int64 granted_quota) OVERRIDE {
  59     NOTREACHED();
  60   }
  61   virtual void DidFail(quota::QuotaStatusCode error) OVERRIDE {
  62     callback_.Run(0);
  63   }
  64  private:
  65   PluginCallback callback_;
  66 };
  67
  68 class QuotaFileIODelegate : public QuotaFileIO::Delegate {
  69  public:
  70   QuotaFileIODelegate() {}
  71   virtual ~QuotaFileIODelegate() {}
  72
  73   virtual void QueryAvailableSpace(
  74       const GURL& origin,
  75       quota::StorageType type,
  76       const AvailableSpaceCallback& callback) OVERRIDE {
  77     ChildThread::current()->quota_dispatcher()->QueryStorageUsageAndQuota(
  78         origin, type, new QuotaCallbackTranslator(callback));
  79   }
  80   virtual void WillUpdateFile(const GURL& file_path) OVERRIDE {
  81     ChildThread::current()->Send(new FileSystemHostMsg_WillUpdate(file_path));
  82   }
  83   virtual void DidUpdateFile(const GURL& file_path, int64_t delta) OVERRIDE {
  84     ChildThread::current()->Send(new FileSystemHostMsg_DidUpdate(
  85         file_path, delta));
  86   }
  87   virtual scoped_refptr<base::MessageLoopProxy>
  88       GetFileThreadMessageLoopProxy() OVERRIDE {
  89     return RenderThreadImpl::current()->GetFileThreadMessageLoopProxy();
  90   }
  91 };
  92
  93 typedef base::Callback<
  94     void (base::PlatformFileError error,
  95           base::PassPlatformFile file,
  96           quota::QuotaLimitType quota_policy,
  97           const PepperFileIOHost::NotifyCloseFileCallback& close_file_callback)>
  98     AsyncOpenFileSystemURLCallback;
  99
 100 void DoNotifyCloseFile(int file_open_id, base::PlatformFileError error) {
 101   ChildThread::current()->file_system_dispatcher()->NotifyCloseFile(
 102       file_open_id);
 103 }
 104
 105 void DidOpenFileSystemURL(const AsyncOpenFileSystemURLCallback& callback,
 106                           base::PlatformFile file,
 107                           int file_open_id,
 108                           quota::QuotaLimitType quota_policy) {
 109   callback.Run(base::PLATFORM_FILE_OK,
 110                base::PassPlatformFile(&file),
 111                quota_policy,
 112                base::Bind(&DoNotifyCloseFile, file_open_id));
 113   // Make sure we won't leak file handle if the requester has died.
 114   if (file != base::kInvalidPlatformFileValue) {
 115     base::FileUtilProxy::Close(
 116         RenderThreadImpl::current()->GetFileThreadMessageLoopProxy().get(),
 117         file,
 118         base::Bind(&DoNotifyCloseFile, file_open_id));
 119   }
 120 }
 121
 122 void DidFailOpenFileSystemURL(const AsyncOpenFileSystemURLCallback& callback,
 123     base::PlatformFileError error_code) {
 124   base::PlatformFile invalid_file = base::kInvalidPlatformFileValue;
 125   callback.Run(error_code,
 126                base::PassPlatformFile(&invalid_file),
 127                quota::kQuotaLimitTypeUnknown,
 128                PepperFileIOHost::NotifyCloseFileCallback());
 129 }
 130
 131 }  // namespace
 132
 133 PepperFileIOHost::PepperFileIOHost(RendererPpapiHost* host,
 134                                    PP_Instance instance,
 135                                    PP_Resource resource)
 136     : ResourceHost(host->GetPpapiHost(), instance, resource),
 137       renderer_ppapi_host_(host),
 138       file_(base::kInvalidPlatformFileValue),
 139       file_system_type_(PP_FILESYSTEMTYPE_INVALID),
 140       quota_policy_(quota::kQuotaLimitTypeUnknown),
 141       open_flags_(0),
 142       routing_id_(RenderThreadImpl::current()->GenerateRoutingID()),
 143       weak_factory_(this) {
 144   ChildThread::current()->AddRoute(routing_id_, this);
 145 }
 146
 147 PepperFileIOHost::~PepperFileIOHost() {
 148   OnHostMsgClose(NULL);
 149   ChildThread::current()->RemoveRoute(routing_id_);
 150 }
 151
 152 int32_t PepperFileIOHost::OnResourceMessageReceived(
 153     const IPC::Message& msg,
 154     ppapi::host::HostMessageContext* context) {
 155   IPC_BEGIN_MESSAGE_MAP(PepperFileIOHost, msg)
 156     PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_FileIO_Open,
 157                                       OnHostMsgOpen)
 158     PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_FileIO_Touch,
 159                                       OnHostMsgTouch)
 160     PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_FileIO_Write,
 161                                       OnHostMsgWrite)
 162     PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_FileIO_SetLength,
 163                                       OnHostMsgSetLength)
 164     PPAPI_DISPATCH_HOST_RESOURCE_CALL_0(PpapiHostMsg_FileIO_Flush,
 165                                         OnHostMsgFlush)
 166     PPAPI_DISPATCH_HOST_RESOURCE_CALL_0(PpapiHostMsg_FileIO_Close,
 167                                         OnHostMsgClose)
 168     PPAPI_DISPATCH_HOST_RESOURCE_CALL_0(PpapiHostMsg_FileIO_RequestOSFileHandle,
 169                                         OnHostMsgRequestOSFileHandle)
 170   IPC_END_MESSAGE_MAP()
 171   return PP_ERROR_FAILED;
 172 }
 173
 174 bool PepperFileIOHost::OnMessageReceived(const IPC::Message& msg) {
 175   bool handled = true;
 176   IPC_BEGIN_MESSAGE_MAP(PepperFileIOHost, msg)
 177     IPC_MESSAGE_HANDLER(ViewMsg_AsyncOpenPepperFile_ACK, OnAsyncFileOpened)
 178     IPC_MESSAGE_UNHANDLED(handled = false)
 179   IPC_END_MESSAGE_MAP()
 180   return handled;
 181 }
 182
 183 void PepperFileIOHost::OnAsyncFileOpened(
 184     base::PlatformFileError error_code,
 185     IPC::PlatformFileForTransit file_for_transit) {
 186   DCHECK(!pending_open_callback_.is_null());
 187   base::PlatformFile file =
 188       IPC::PlatformFileForTransitToPlatformFile(file_for_transit);
 189   if (!pending_open_callback_.is_null())
 190     pending_open_callback_.Run(error_code, base::PassPlatformFile(&file));
 191
 192   // Make sure we won't leak file handle if the requester has died.
 193   if (file != base::kInvalidPlatformFileValue) {
 194     base::FileUtilProxy::Close(
 195         RenderThreadImpl::current()->GetFileThreadMessageLoopProxy().get(),
 196         file,
 197         base::FileUtilProxy::StatusCallback());
 198   }
 199   pending_open_callback_.Reset();
 200 }
 201
 202 int32_t PepperFileIOHost::OnHostMsgOpen(
 203     ppapi::host::HostMessageContext* context,
 204     PP_Resource file_ref_resource,
 205     int32_t open_flags) {
 206   int32_t rv = state_manager_.CheckOperationState(
 207       FileIOStateManager::OPERATION_EXCLUSIVE, false);
 208   if (rv != PP_OK)
 209     return rv;
 210
 211   if (!ppapi::PepperFileOpenFlagsToPlatformFileFlags(open_flags, NULL))
 212     return PP_ERROR_BADARGUMENT;
 213
 214   ppapi::host::ResourceHost* resource_host =
 215       renderer_ppapi_host_->GetPpapiHost()->GetResourceHost(file_ref_resource);
 216   if (!resource_host || !resource_host->IsFileRefHost())
 217     return PP_ERROR_BADRESOURCE;
 218
 219   PepperFileRefRendererHost* file_ref_host =
 220       static_cast<PepperFileRefRendererHost*>(resource_host);
 221   if (file_ref_host->GetFileSystemType() == PP_FILESYSTEMTYPE_INVALID)
 222     return PP_ERROR_FAILED;
 223
 224   open_flags_ = open_flags;
 225   file_system_type_ = file_ref_host->GetFileSystemType();
 226
 227   if (file_system_type_ != PP_FILESYSTEMTYPE_EXTERNAL) {
 228     file_system_url_ = file_ref_host->GetFileSystemURL();
 229     FileSystemDispatcher* file_system_dispatcher =
 230         ChildThread::current()->file_system_dispatcher();
 231
 232     AsyncOpenFileSystemURLCallback callback = base::Bind(
 233         &PepperFileIOHost::ExecutePlatformOpenFileSystemURLCallback,
 234         weak_factory_.GetWeakPtr(),
 235         context->MakeReplyMessageContext());
 236     file_system_dispatcher->OpenPepperFile(
 237         file_system_url_, open_flags,
 238         base::Bind(&DidOpenFileSystemURL, callback),
 239         base::Bind(&DidFailOpenFileSystemURL, callback));
 240   } else {
 241     pending_open_callback_ =
 242         base::Bind(&PepperFileIOHost::ExecutePlatformOpenFileCallback,
 243                    weak_factory_.GetWeakPtr(),
 244                    context->MakeReplyMessageContext());
 245     RenderThreadImpl::current()->Send(new ViewHostMsg_AsyncOpenPepperFile(
 246         routing_id_,
 247         file_ref_host->GetExternalFilePath(),
 248         open_flags_));
 249   }
 250   state_manager_.SetPendingOperation(FileIOStateManager::OPERATION_EXCLUSIVE);
 251   return PP_OK_COMPLETIONPENDING;
 252 }
 253
 254 int32_t PepperFileIOHost::OnHostMsgTouch(
 255     ppapi::host::HostMessageContext* context,
 256     PP_Time last_access_time,
 257     PP_Time last_modified_time) {
 258   int32_t rv = state_manager_.CheckOperationState(
 259       FileIOStateManager::OPERATION_EXCLUSIVE, true);
 260   if (rv != PP_OK)
 261     return rv;
 262
 263   if (file_system_type_ != PP_FILESYSTEMTYPE_EXTERNAL) {
 264     FileSystemDispatcher* file_system_dispatcher =
 265         ChildThread::current()->file_system_dispatcher();
 266     file_system_dispatcher->TouchFile(
 267         file_system_url_,
 268         PPTimeToTime(last_access_time),
 269         PPTimeToTime(last_modified_time),
 270         base::Bind(&PepperFileIOHost::ExecutePlatformGeneralCallback,
 271                    weak_factory_.GetWeakPtr(),
 272                    context->MakeReplyMessageContext()));
 273     state_manager_.SetPendingOperation(FileIOStateManager::OPERATION_EXCLUSIVE);
 274     return PP_OK_COMPLETIONPENDING;
 275   }
 276
 277   // TODO(nhiroki): fix a failure of FileIO.Touch for an external filesystem on
 278   // Mac and Linux due to sandbox restrictions (http://crbug.com/101128).
 279   if (!base::FileUtilProxy::Touch(
 280           RenderThreadImpl::current()->GetFileThreadMessageLoopProxy().get(),
 281           file_,
 282           PPTimeToTime(last_access_time),
 283           PPTimeToTime(last_modified_time),
 284           base::Bind(&PepperFileIOHost::ExecutePlatformGeneralCallback,
 285                      weak_factory_.GetWeakPtr(),
 286                      context->MakeReplyMessageContext())))
 287     return PP_ERROR_FAILED;
 288
 289   state_manager_.SetPendingOperation(FileIOStateManager::OPERATION_EXCLUSIVE);
 290   return PP_OK_COMPLETIONPENDING;
 291 }
 292
 293 int32_t PepperFileIOHost::OnHostMsgWrite(
 294     ppapi::host::HostMessageContext* context,
 295     int64_t offset,
 296     const std::string& buffer) {
 297   int32_t rv = state_manager_.CheckOperationState(
 298       FileIOStateManager::OPERATION_WRITE, true);
 299   if (rv != PP_OK)
 300     return rv;
 301
 302   if (quota_file_io_) {
 303     if (!quota_file_io_->Write(
 304             offset, buffer.c_str(), buffer.size(),
 305             base::Bind(&PepperFileIOHost::ExecutePlatformWriteCallback,
 306                        weak_factory_.GetWeakPtr(),
 307                        context->MakeReplyMessageContext())))
 308       return PP_ERROR_FAILED;
 309   } else {
 310     if (!base::FileUtilProxy::Write(
 311             RenderThreadImpl::current()->GetFileThreadMessageLoopProxy().get(),
 312             file_,
 313             offset,
 314             buffer.c_str(),
 315             buffer.size(),
 316             base::Bind(&PepperFileIOHost::ExecutePlatformWriteCallback,
 317                        weak_factory_.GetWeakPtr(),
 318                        context->MakeReplyMessageContext())))
 319       return PP_ERROR_FAILED;
 320   }
 321
 322   state_manager_.SetPendingOperation(FileIOStateManager::OPERATION_WRITE);
 323   return PP_OK_COMPLETIONPENDING;
 324 }
 325
 326 int32_t PepperFileIOHost::OnHostMsgSetLength(
 327     ppapi::host::HostMessageContext* context,
 328     int64_t length) {
 329   int32_t rv = state_manager_.CheckOperationState(
 330       FileIOStateManager::OPERATION_EXCLUSIVE, true);
 331   if (rv != PP_OK)
 332     return rv;
 333
 334   if (file_system_type_ != PP_FILESYSTEMTYPE_EXTERNAL) {
 335     FileSystemDispatcher* file_system_dispatcher =
 336         ChildThread::current()->file_system_dispatcher();
 337     file_system_dispatcher->Truncate(
 338         file_system_url_, length, NULL,
 339         base::Bind(&PepperFileIOHost::ExecutePlatformGeneralCallback,
 340                    weak_factory_.GetWeakPtr(),
 341                    context->MakeReplyMessageContext()));
 342   } else {
 343     // TODO(nhiroki): fix a failure of FileIO.SetLength for an external
 344     // filesystem on Mac due to sandbox restrictions (http://crbug.com/156077).
 345     if (!base::FileUtilProxy::Truncate(
 346             RenderThreadImpl::current()->GetFileThreadMessageLoopProxy().get(),
 347             file_,
 348             length,
 349             base::Bind(&PepperFileIOHost::ExecutePlatformGeneralCallback,
 350                        weak_factory_.GetWeakPtr(),
 351                        context->MakeReplyMessageContext())))
 352       return PP_ERROR_FAILED;
 353   }
 354
 355   state_manager_.SetPendingOperation(FileIOStateManager::OPERATION_EXCLUSIVE);
 356   return PP_OK_COMPLETIONPENDING;
 357 }
 358
 359 int32_t PepperFileIOHost::OnHostMsgFlush(
 360     ppapi::host::HostMessageContext* context) {
 361   int32_t rv = state_manager_.CheckOperationState(
 362       FileIOStateManager::OPERATION_EXCLUSIVE, true);
 363   if (rv != PP_OK)
 364     return rv;
 365
 366   if (!base::FileUtilProxy::Flush(
 367           RenderThreadImpl::current()->GetFileThreadMessageLoopProxy().get(),
 368           file_,
 369           base::Bind(&PepperFileIOHost::ExecutePlatformGeneralCallback,
 370                      weak_factory_.GetWeakPtr(),
 371                      context->MakeReplyMessageContext())))
 372     return PP_ERROR_FAILED;
 373
 374   state_manager_.SetPendingOperation(FileIOStateManager::OPERATION_EXCLUSIVE);
 375   return PP_OK_COMPLETIONPENDING;
 376 }
 377
 378 int32_t PepperFileIOHost::OnHostMsgClose(
 379     ppapi::host::HostMessageContext* context) {
 380   if (file_ != base::kInvalidPlatformFileValue) {
 381     base::FileUtilProxy::Close(
 382         RenderThreadImpl::current()->GetFileThreadMessageLoopProxy().get(),
 383         file_,
 384         base::ResetAndReturn(&notify_close_file_callback_));
 385     file_ = base::kInvalidPlatformFileValue;
 386     quota_file_io_.reset();
 387   }
 388   return PP_OK;
 389 }
 390
 391 int32_t PepperFileIOHost::OnHostMsgRequestOSFileHandle(
 392     ppapi::host::HostMessageContext* context) {
 393   if (open_flags_ != PP_FILEOPENFLAG_READ &&
 394       quota_policy_ != quota::kQuotaLimitTypeUnlimited)
 395     return PP_ERROR_FAILED;
 396
 397   // Whitelist to make it privately accessible.
 398   if (!host()->permissions().HasPermission(ppapi::PERMISSION_PRIVATE) &&
 399       !GetContentClient()->renderer()->IsPluginAllowedToCallRequestOSFileHandle(
 400           renderer_ppapi_host_->GetContainerForInstance(pp_instance())))
 401     return PP_ERROR_NOACCESS;
 402
 403   IPC::PlatformFileForTransit file =
 404       renderer_ppapi_host_->ShareHandleWithRemote(file_, false);
 405   if (file == IPC::InvalidPlatformFileForTransit())
 406     return PP_ERROR_FAILED;
 407   ppapi::host::ReplyMessageContext reply_context =
 408       context->MakeReplyMessageContext();
 409   ppapi::proxy::SerializedHandle file_handle;
 410   file_handle.set_file_handle(file, open_flags_);
 411   reply_context.params.AppendHandle(file_handle);
 412   host()->SendReply(reply_context,
 413                     PpapiPluginMsg_FileIO_RequestOSFileHandleReply());
 414   return PP_OK_COMPLETIONPENDING;
 415 }
 416
 417 void PepperFileIOHost::ExecutePlatformGeneralCallback(
 418     ppapi::host::ReplyMessageContext reply_context,
 419     base::PlatformFileError error_code) {
 420   reply_context.params.set_result(
 421       ppapi::PlatformFileErrorToPepperError(error_code));
 422   host()->SendReply(reply_context, PpapiPluginMsg_FileIO_GeneralReply());
 423   state_manager_.SetOperationFinished();
 424 }
 425
 426 void PepperFileIOHost::ExecutePlatformOpenFileCallback(
 427     ppapi::host::ReplyMessageContext reply_context,
 428     base::PlatformFileError error_code,
 429     base::PassPlatformFile file) {
 430   int32_t pp_error = ppapi::PlatformFileErrorToPepperError(error_code);
 431   if (pp_error == PP_OK)
 432     state_manager_.SetOpenSucceed();
 433
 434   DCHECK(file_ == base::kInvalidPlatformFileValue);
 435   file_ = file.ReleaseValue();
 436
 437   DCHECK(!quota_file_io_.get());
 438   if (file_ != base::kInvalidPlatformFileValue) {
 439     if (file_system_type_ == PP_FILESYSTEMTYPE_LOCALTEMPORARY ||
 440         file_system_type_ == PP_FILESYSTEMTYPE_LOCALPERSISTENT) {
 441       quota_file_io_.reset(new QuotaFileIO(
 442           new QuotaFileIODelegate, file_, file_system_url_, file_system_type_));
 443     }
 444
 445     IPC::PlatformFileForTransit file_for_transit =
 446         renderer_ppapi_host_->ShareHandleWithRemote(file_, false);
 447     if (!(file_for_transit == IPC::InvalidPlatformFileForTransit())) {
 448       // Send the file descriptor to the plugin process. This is used in the
 449       // plugin for any file operations that can be done there.
 450       int32_t flags_to_send = open_flags_;
 451       if (!host()->permissions().HasPermission(ppapi::PERMISSION_DEV)) {
 452         // IMPORTANT: Clear PP_FILEOPENFLAG_WRITE and PP_FILEOPENFLAG_APPEND so
 453         // the plugin can't write and so bypass our quota checks.
 454         flags_to_send =
 455             open_flags_ & ~(PP_FILEOPENFLAG_WRITE | PP_FILEOPENFLAG_APPEND);
 456       }
 457       ppapi::proxy::SerializedHandle file_handle;
 458       file_handle.set_file_handle(file_for_transit, flags_to_send);
 459       reply_context.params.AppendHandle(file_handle);
 460     }
 461   }
 462
 463   reply_context.params.set_result(pp_error);
 464   host()->SendReply(reply_context, PpapiPluginMsg_FileIO_OpenReply());
 465   state_manager_.SetOperationFinished();
 466 }
 467
 468 void PepperFileIOHost::ExecutePlatformOpenFileSystemURLCallback(
 469     ppapi::host::ReplyMessageContext reply_context,
 470     base::PlatformFileError error_code,
 471     base::PassPlatformFile file,
 472     quota::QuotaLimitType quota_policy,
 473     const PepperFileIOHost::NotifyCloseFileCallback& callback) {
 474   if (error_code == base::PLATFORM_FILE_OK)
 475     notify_close_file_callback_ = callback;
 476   quota_policy_ = quota_policy;
 477   ExecutePlatformOpenFileCallback(reply_context, error_code, file);
 478 }
 479
 480 void PepperFileIOHost::ExecutePlatformWriteCallback(
 481     ppapi::host::ReplyMessageContext reply_context,
 482     base::PlatformFileError error_code,
 483     int bytes_written) {
 484   // On the plugin side, the callback expects a parameter with different meaning
 485   // depends on whether is negative or not. It is the result here. We translate
 486   // for the callback.
 487   int32_t pp_error = ppapi::PlatformFileErrorToPepperError(error_code);
 488   reply_context.params.set_result(ErrorOrByteNumber(pp_error, bytes_written));
 489   host()->SendReply(reply_context, PpapiPluginMsg_FileIO_GeneralReply());
 490   state_manager_.SetOperationFinished();
 491 }
 492
 493 }  // namespace content