Update to Chromium revision 149431.

git-svn-id: https://chromiumembedded.googlecode.com/svn/trunk@731 5089003a-bbd8-11dd-ad1f-f1f9622dbc98
2025-06-05 21:39:12 +02:00 · 2012-08-07 13:58:35 +00:00
parent b39ca211ae
commit 3b8ebef27b
27 changed files with 198 additions and 130 deletions
--- a/cef1/libcef/browser_file_system.cc
+++ b/cef1/libcef/browser_file_system.cc
@ -23,6 +23,7 @@
 #include "third_party/WebKit/Source/WebKit/chromium/public/platform/WebURL.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/platform/WebVector.h"
 #include "webkit/blob/blob_storage_controller.h"
+#include "webkit/fileapi/file_system_url.h"
 #include "webkit/fileapi/file_system_util.h"
 #include "webkit/fileapi/mock_file_system_options.h"
 #include "webkit/glue/webkit_glue.h"
@ -43,6 +44,7 @@ using WebKit::WebVector;

 using webkit_blob::BlobData;
 using webkit_blob::BlobStorageController;
+using fileapi::FileSystemURL;
 using fileapi::FileSystemContext;
 using fileapi::FileSystemOperationInterface;

@ -129,58 +131,112 @@ void BrowserFileSystem::OpenFileSystem(
 void BrowserFileSystem::move(
    const WebURL& src_path,
    const WebURL& dest_path, WebFileSystemCallbacks* callbacks) {
-  GetNewOperation(src_path)->Move(GURL(src_path), GURL(dest_path),
-                                  FinishHandler(callbacks));
+  FileSystemURL src_url(src_path);
+  FileSystemURL dest_url(dest_path);
+  if (!HasFilePermission(src_url, FILE_PERMISSION_WRITE) ||
+      !HasFilePermission(dest_url, FILE_PERMISSION_CREATE)) {
+    callbacks->didFail(WebKit::WebFileErrorSecurity);
+    return;
+  }
+  GetNewOperation(src_url)->Move(src_url, dest_url,
+                                 FinishHandler(callbacks));
 }

 void BrowserFileSystem::copy(
    const WebURL& src_path, const WebURL& dest_path,
    WebFileSystemCallbacks* callbacks) {
-  GetNewOperation(src_path)->Copy(GURL(src_path), GURL(dest_path),
-                                  FinishHandler(callbacks));
+  FileSystemURL src_url(src_path);
+  FileSystemURL dest_url(dest_path);
+  if (!HasFilePermission(src_url, FILE_PERMISSION_READ) ||
+      !HasFilePermission(dest_url, FILE_PERMISSION_CREATE)) {
+    callbacks->didFail(WebKit::WebFileErrorSecurity);
+    return;
+  }
+  GetNewOperation(src_url)->Copy(src_url, dest_url,
+                                 FinishHandler(callbacks));
 }

 void BrowserFileSystem::remove(
    const WebURL& path, WebFileSystemCallbacks* callbacks) {
-  GetNewOperation(path)->Remove(path, false /* recursive */,
-                                FinishHandler(callbacks));
+  FileSystemURL url(path);
+  if (!HasFilePermission(url, FILE_PERMISSION_WRITE)) {
+    callbacks->didFail(WebKit::WebFileErrorSecurity);
+    return;
+  }
+  GetNewOperation(url)->Remove(url, false /* recursive */,
+                               FinishHandler(callbacks));
 }

 void BrowserFileSystem::removeRecursively(
    const WebURL& path, WebFileSystemCallbacks* callbacks) {
-  GetNewOperation(path)->Remove(path, true /* recursive */,
-                                FinishHandler(callbacks));
+  FileSystemURL url(path);
+  if (!HasFilePermission(url, FILE_PERMISSION_WRITE)) {
+    callbacks->didFail(WebKit::WebFileErrorSecurity);
+    return;
+  }
+  GetNewOperation(url)->Remove(url, true /* recursive */,
+                               FinishHandler(callbacks));
 }

 void BrowserFileSystem::readMetadata(
    const WebURL& path, WebFileSystemCallbacks* callbacks) {
-  GetNewOperation(path)->GetMetadata(path, GetMetadataHandler(callbacks));
+  FileSystemURL url(path);
+  if (!HasFilePermission(url, FILE_PERMISSION_READ)) {
+    callbacks->didFail(WebKit::WebFileErrorSecurity);
+    return;
+  }
+  GetNewOperation(url)->GetMetadata(url, GetMetadataHandler(callbacks));
 }

 void BrowserFileSystem::createFile(
    const WebURL& path, bool exclusive, WebFileSystemCallbacks* callbacks) {
-  GetNewOperation(path)->CreateFile(path, exclusive, FinishHandler(callbacks));
+  FileSystemURL url(path);
+  if (!HasFilePermission(url, FILE_PERMISSION_CREATE)) {
+    callbacks->didFail(WebKit::WebFileErrorSecurity);
+    return;
+  }
+  GetNewOperation(url)->CreateFile(url, exclusive, FinishHandler(callbacks));
 }

 void BrowserFileSystem::createDirectory(
    const WebURL& path, bool exclusive, WebFileSystemCallbacks* callbacks) {
-  GetNewOperation(path)->CreateDirectory(path, exclusive, false,
-                                         FinishHandler(callbacks));
+  FileSystemURL url(path);
+  if (!HasFilePermission(url, FILE_PERMISSION_CREATE)) {
+    callbacks->didFail(WebKit::WebFileErrorSecurity);
+    return;
+  }
+  GetNewOperation(url)->CreateDirectory(url, exclusive, false,
+                                        FinishHandler(callbacks));
 }

 void BrowserFileSystem::fileExists(
    const WebURL& path, WebFileSystemCallbacks* callbacks) {
-  GetNewOperation(path)->FileExists(path, FinishHandler(callbacks));
+  FileSystemURL url(path);
+  if (!HasFilePermission(url, FILE_PERMISSION_READ)) {
+    callbacks->didFail(WebKit::WebFileErrorSecurity);
+    return;
+  }
+  GetNewOperation(url)->FileExists(url, FinishHandler(callbacks));
 }

 void BrowserFileSystem::directoryExists(
    const WebURL& path, WebFileSystemCallbacks* callbacks) {
-  GetNewOperation(path)->DirectoryExists(path, FinishHandler(callbacks));
+  FileSystemURL url(path);
+  if (!HasFilePermission(url, FILE_PERMISSION_READ)) {
+    callbacks->didFail(WebKit::WebFileErrorSecurity);
+    return;
+  }
+  GetNewOperation(url)->DirectoryExists(url, FinishHandler(callbacks));
 }

 void BrowserFileSystem::readDirectory(
    const WebURL& path, WebFileSystemCallbacks* callbacks) {
-  GetNewOperation(path)->ReadDirectory(path, ReadDirectoryHandler(callbacks));
+  FileSystemURL url(path);
+  if (!HasFilePermission(url, FILE_PERMISSION_READ)) {
+    callbacks->didFail(WebKit::WebFileErrorSecurity);
+    return;
+  }
+  GetNewOperation(url)->ReadDirectory(url, ReadDirectoryHandler(callbacks));
 }

 WebFileWriter* BrowserFileSystem::createFileWriter(
@ -192,8 +248,13 @@ void BrowserFileSystem::createSnapshotFileAndReadMetadata(
    const WebURL& blobURL,
    const WebURL& path,
    WebFileSystemCallbacks* callbacks) {
-  GetNewOperation(path)->CreateSnapshotFile(
-      path, SnapshotFileHandler(blobURL, callbacks));
+  FileSystemURL url(path);
+  if (!HasFilePermission(url, FILE_PERMISSION_READ)) {
+    callbacks->didFail(WebKit::WebFileErrorSecurity);
+    return;
+  }
+  GetNewOperation(url)->CreateSnapshotFile(
+      url, SnapshotFileHandler(blobURL, callbacks));
 }

 // static
@ -209,9 +270,16 @@ void BrowserFileSystem::CleanupOnIOThread() {
  g_blob_storage_controller = NULL;
 }

+bool BrowserFileSystem::HasFilePermission(
+    const fileapi::FileSystemURL& url, FilePermission permission) {
+  // Disallow writing on isolated file system, otherwise return ok.
+  return (url.type() != fileapi::kFileSystemTypeIsolated ||
+          permission == FILE_PERMISSION_READ);
+}
+
 FileSystemOperationInterface* BrowserFileSystem::GetNewOperation(
-    const WebURL& url) {
-  return file_system_context_->CreateFileSystemOperation(GURL(url));
+    const fileapi::FileSystemURL& url) {
+  return file_system_context_->CreateFileSystemOperation(url);
 }

 FileSystemOperationInterface::StatusCallback