1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "base/file_util.h"
6
7#include <dirent.h>
8#include <errno.h>
9#include <fcntl.h>
10#include <libgen.h>
11#include <limits.h>
12#include <stdio.h>
13#include <stdlib.h>
14#include <string.h>
15#include <sys/errno.h>
16#include <sys/mman.h>
17#include <sys/param.h>
18#include <sys/stat.h>
19#include <sys/time.h>
20#include <sys/types.h>
21#include <time.h>
22#include <unistd.h>
23
24#if defined(OS_MACOSX)
25#include <AvailabilityMacros.h>
26#include "base/mac/foundation_util.h"
27#elif !defined(OS_ANDROID)
28#include <glib.h>
29#endif
30
31#include <fstream>
32
33#include "base/basictypes.h"
34#include "base/files/file_enumerator.h"
35#include "base/files/file_path.h"
36#include "base/logging.h"
37#include "base/memory/scoped_ptr.h"
38#include "base/memory/singleton.h"
39#include "base/path_service.h"
40#include "base/posix/eintr_wrapper.h"
41#include "base/stl_util.h"
42#include "base/strings/string_util.h"
43#include "base/strings/stringprintf.h"
44#include "base/strings/sys_string_conversions.h"
45#include "base/strings/utf_string_conversions.h"
46#include "base/threading/thread_restrictions.h"
47#include "base/time/time.h"
48
49#if defined(OS_ANDROID)
50#include "base/os_compat_android.h"
51#endif
52
53#if !defined(OS_IOS)
54#include <grp.h>
55#endif
56
57#if defined(OS_CHROMEOS)
58#include "base/chromeos/chromeos_version.h"
59#endif
60
61namespace base {
62
63namespace {
64
65#if defined(OS_BSD) || defined(OS_MACOSX)
66typedef struct stat stat_wrapper_t;
67static int CallStat(const char *path, stat_wrapper_t *sb) {
68  ThreadRestrictions::AssertIOAllowed();
69  return stat(path, sb);
70}
71static int CallLstat(const char *path, stat_wrapper_t *sb) {
72  ThreadRestrictions::AssertIOAllowed();
73  return lstat(path, sb);
74}
75#else
76typedef struct stat64 stat_wrapper_t;
77static int CallStat(const char *path, stat_wrapper_t *sb) {
78  ThreadRestrictions::AssertIOAllowed();
79  return stat64(path, sb);
80}
81static int CallLstat(const char *path, stat_wrapper_t *sb) {
82  ThreadRestrictions::AssertIOAllowed();
83  return lstat64(path, sb);
84}
85#endif
86
87// Helper for NormalizeFilePath(), defined below.
88bool RealPath(const FilePath& path, FilePath* real_path) {
89  ThreadRestrictions::AssertIOAllowed();  // For realpath().
90  FilePath::CharType buf[PATH_MAX];
91  if (!realpath(path.value().c_str(), buf))
92    return false;
93
94  *real_path = FilePath(buf);
95  return true;
96}
97
98// Helper for VerifyPathControlledByUser.
99bool VerifySpecificPathControlledByUser(const FilePath& path,
100                                        uid_t owner_uid,
101                                        const std::set<gid_t>& group_gids) {
102  stat_wrapper_t stat_info;
103  if (CallLstat(path.value().c_str(), &stat_info) != 0) {
104    DPLOG(ERROR) << "Failed to get information on path "
105                 << path.value();
106    return false;
107  }
108
109  if (S_ISLNK(stat_info.st_mode)) {
110    DLOG(ERROR) << "Path " << path.value()
111               << " is a symbolic link.";
112    return false;
113  }
114
115  if (stat_info.st_uid != owner_uid) {
116    DLOG(ERROR) << "Path " << path.value()
117                << " is owned by the wrong user.";
118    return false;
119  }
120
121  if ((stat_info.st_mode & S_IWGRP) &&
122      !ContainsKey(group_gids, stat_info.st_gid)) {
123    DLOG(ERROR) << "Path " << path.value()
124                << " is writable by an unprivileged group.";
125    return false;
126  }
127
128  if (stat_info.st_mode & S_IWOTH) {
129    DLOG(ERROR) << "Path " << path.value()
130                << " is writable by any user.";
131    return false;
132  }
133
134  return true;
135}
136
137std::string TempFileName() {
138#if defined(OS_MACOSX)
139  return StringPrintf(".%s.XXXXXX", base::mac::BaseBundleID());
140#endif
141
142#if defined(GOOGLE_CHROME_BUILD)
143  return std::string(".com.google.Chrome.XXXXXX");
144#else
145  return std::string(".org.chromium.Chromium.XXXXXX");
146#endif
147}
148
149}  // namespace
150
151FilePath MakeAbsoluteFilePath(const FilePath& input) {
152  ThreadRestrictions::AssertIOAllowed();
153  char full_path[PATH_MAX];
154  if (realpath(input.value().c_str(), full_path) == NULL)
155    return FilePath();
156  return FilePath(full_path);
157}
158
159// TODO(erikkay): The Windows version of this accepts paths like "foo/bar/*"
160// which works both with and without the recursive flag.  I'm not sure we need
161// that functionality. If not, remove from file_util_win.cc, otherwise add it
162// here.
163bool DeleteFile(const FilePath& path, bool recursive) {
164  ThreadRestrictions::AssertIOAllowed();
165  const char* path_str = path.value().c_str();
166  stat_wrapper_t file_info;
167  int test = CallLstat(path_str, &file_info);
168  if (test != 0) {
169    // The Windows version defines this condition as success.
170    bool ret = (errno == ENOENT || errno == ENOTDIR);
171    return ret;
172  }
173  if (!S_ISDIR(file_info.st_mode))
174    return (unlink(path_str) == 0);
175  if (!recursive)
176    return (rmdir(path_str) == 0);
177
178  bool success = true;
179  std::stack<std::string> directories;
180  directories.push(path.value());
181  FileEnumerator traversal(path, true,
182      FileEnumerator::FILES | FileEnumerator::DIRECTORIES |
183      FileEnumerator::SHOW_SYM_LINKS);
184  for (FilePath current = traversal.Next(); success && !current.empty();
185       current = traversal.Next()) {
186    if (traversal.GetInfo().IsDirectory())
187      directories.push(current.value());
188    else
189      success = (unlink(current.value().c_str()) == 0);
190  }
191
192  while (success && !directories.empty()) {
193    FilePath dir = FilePath(directories.top());
194    directories.pop();
195    success = (rmdir(dir.value().c_str()) == 0);
196  }
197  return success;
198}
199
200bool ReplaceFile(const FilePath& from_path,
201                 const FilePath& to_path,
202                 PlatformFileError* error) {
203  ThreadRestrictions::AssertIOAllowed();
204  if (rename(from_path.value().c_str(), to_path.value().c_str()) == 0)
205    return true;
206  if (error)
207    *error = ErrnoToPlatformFileError(errno);
208  return false;
209}
210
211bool CopyDirectory(const FilePath& from_path,
212                   const FilePath& to_path,
213                   bool recursive) {
214  ThreadRestrictions::AssertIOAllowed();
215  // Some old callers of CopyDirectory want it to support wildcards.
216  // After some discussion, we decided to fix those callers.
217  // Break loudly here if anyone tries to do this.
218  // TODO(evanm): remove this once we're sure it's ok.
219  DCHECK(to_path.value().find('*') == std::string::npos);
220  DCHECK(from_path.value().find('*') == std::string::npos);
221
222  char top_dir[PATH_MAX];
223  if (strlcpy(top_dir, from_path.value().c_str(),
224              arraysize(top_dir)) >= arraysize(top_dir)) {
225    return false;
226  }
227
228  // This function does not properly handle destinations within the source
229  FilePath real_to_path = to_path;
230  if (PathExists(real_to_path)) {
231    real_to_path = MakeAbsoluteFilePath(real_to_path);
232    if (real_to_path.empty())
233      return false;
234  } else {
235    real_to_path = MakeAbsoluteFilePath(real_to_path.DirName());
236    if (real_to_path.empty())
237      return false;
238  }
239  FilePath real_from_path = MakeAbsoluteFilePath(from_path);
240  if (real_from_path.empty())
241    return false;
242  if (real_to_path.value().size() >= real_from_path.value().size() &&
243      real_to_path.value().compare(0, real_from_path.value().size(),
244      real_from_path.value()) == 0)
245    return false;
246
247  bool success = true;
248  int traverse_type = FileEnumerator::FILES | FileEnumerator::SHOW_SYM_LINKS;
249  if (recursive)
250    traverse_type |= FileEnumerator::DIRECTORIES;
251  FileEnumerator traversal(from_path, recursive, traverse_type);
252
253  // We have to mimic windows behavior here. |to_path| may not exist yet,
254  // start the loop with |to_path|.
255  struct stat from_stat;
256  FilePath current = from_path;
257  if (stat(from_path.value().c_str(), &from_stat) < 0) {
258    DLOG(ERROR) << "CopyDirectory() couldn't stat source directory: "
259                << from_path.value() << " errno = " << errno;
260    success = false;
261  }
262  struct stat to_path_stat;
263  FilePath from_path_base = from_path;
264  if (recursive && stat(to_path.value().c_str(), &to_path_stat) == 0 &&
265      S_ISDIR(to_path_stat.st_mode)) {
266    // If the destination already exists and is a directory, then the
267    // top level of source needs to be copied.
268    from_path_base = from_path.DirName();
269  }
270
271  // The Windows version of this function assumes that non-recursive calls
272  // will always have a directory for from_path.
273  DCHECK(recursive || S_ISDIR(from_stat.st_mode));
274
275  while (success && !current.empty()) {
276    // current is the source path, including from_path, so append
277    // the suffix after from_path to to_path to create the target_path.
278    FilePath target_path(to_path);
279    if (from_path_base != current) {
280      if (!from_path_base.AppendRelativePath(current, &target_path)) {
281        success = false;
282        break;
283      }
284    }
285
286    if (S_ISDIR(from_stat.st_mode)) {
287      if (mkdir(target_path.value().c_str(), from_stat.st_mode & 01777) != 0 &&
288          errno != EEXIST) {
289        DLOG(ERROR) << "CopyDirectory() couldn't create directory: "
290                    << target_path.value() << " errno = " << errno;
291        success = false;
292      }
293    } else if (S_ISREG(from_stat.st_mode)) {
294      if (!CopyFile(current, target_path)) {
295        DLOG(ERROR) << "CopyDirectory() couldn't create file: "
296                    << target_path.value();
297        success = false;
298      }
299    } else {
300      DLOG(WARNING) << "CopyDirectory() skipping non-regular file: "
301                    << current.value();
302    }
303
304    current = traversal.Next();
305    if (!current.empty())
306      from_stat = traversal.GetInfo().stat();
307  }
308
309  return success;
310}
311
312bool PathExists(const FilePath& path) {
313  ThreadRestrictions::AssertIOAllowed();
314  return access(path.value().c_str(), F_OK) == 0;
315}
316
317bool PathIsWritable(const FilePath& path) {
318  ThreadRestrictions::AssertIOAllowed();
319  return access(path.value().c_str(), W_OK) == 0;
320}
321
322bool DirectoryExists(const FilePath& path) {
323  ThreadRestrictions::AssertIOAllowed();
324  stat_wrapper_t file_info;
325  if (CallStat(path.value().c_str(), &file_info) == 0)
326    return S_ISDIR(file_info.st_mode);
327  return false;
328}
329
330}  // namespace base
331
332// -----------------------------------------------------------------------------
333
334namespace file_util {
335
336using base::stat_wrapper_t;
337using base::CallStat;
338using base::CallLstat;
339using base::DirectoryExists;
340using base::FileEnumerator;
341using base::FilePath;
342using base::MakeAbsoluteFilePath;
343using base::RealPath;
344using base::VerifySpecificPathControlledByUser;
345
346bool ReadFromFD(int fd, char* buffer, size_t bytes) {
347  size_t total_read = 0;
348  while (total_read < bytes) {
349    ssize_t bytes_read =
350        HANDLE_EINTR(read(fd, buffer + total_read, bytes - total_read));
351    if (bytes_read <= 0)
352      break;
353    total_read += bytes_read;
354  }
355  return total_read == bytes;
356}
357
358bool CreateSymbolicLink(const FilePath& target_path,
359                        const FilePath& symlink_path) {
360  DCHECK(!symlink_path.empty());
361  DCHECK(!target_path.empty());
362  return ::symlink(target_path.value().c_str(),
363                   symlink_path.value().c_str()) != -1;
364}
365
366bool ReadSymbolicLink(const FilePath& symlink_path,
367                      FilePath* target_path) {
368  DCHECK(!symlink_path.empty());
369  DCHECK(target_path);
370  char buf[PATH_MAX];
371  ssize_t count = ::readlink(symlink_path.value().c_str(), buf, arraysize(buf));
372
373  if (count <= 0) {
374    target_path->clear();
375    return false;
376  }
377
378  *target_path = FilePath(FilePath::StringType(buf, count));
379  return true;
380}
381
382bool GetPosixFilePermissions(const FilePath& path, int* mode) {
383  base::ThreadRestrictions::AssertIOAllowed();
384  DCHECK(mode);
385
386  stat_wrapper_t file_info;
387  // Uses stat(), because on symbolic link, lstat() does not return valid
388  // permission bits in st_mode
389  if (CallStat(path.value().c_str(), &file_info) != 0)
390    return false;
391
392  *mode = file_info.st_mode & FILE_PERMISSION_MASK;
393  return true;
394}
395
396bool SetPosixFilePermissions(const FilePath& path,
397                             int mode) {
398  base::ThreadRestrictions::AssertIOAllowed();
399  DCHECK((mode & ~FILE_PERMISSION_MASK) == 0);
400
401  // Calls stat() so that we can preserve the higher bits like S_ISGID.
402  stat_wrapper_t stat_buf;
403  if (CallStat(path.value().c_str(), &stat_buf) != 0)
404    return false;
405
406  // Clears the existing permission bits, and adds the new ones.
407  mode_t updated_mode_bits = stat_buf.st_mode & ~FILE_PERMISSION_MASK;
408  updated_mode_bits |= mode & FILE_PERMISSION_MASK;
409
410  if (HANDLE_EINTR(chmod(path.value().c_str(), updated_mode_bits)) != 0)
411    return false;
412
413  return true;
414}
415
416// Creates and opens a temporary file in |directory|, returning the
417// file descriptor. |path| is set to the temporary file path.
418// This function does NOT unlink() the file.
419int CreateAndOpenFdForTemporaryFile(FilePath directory, FilePath* path) {
420  base::ThreadRestrictions::AssertIOAllowed();  // For call to mkstemp().
421  *path = directory.Append(base::TempFileName());
422  const std::string& tmpdir_string = path->value();
423  // this should be OK since mkstemp just replaces characters in place
424  char* buffer = const_cast<char*>(tmpdir_string.c_str());
425
426  return HANDLE_EINTR(mkstemp(buffer));
427}
428
429bool CreateTemporaryFile(FilePath* path) {
430  base::ThreadRestrictions::AssertIOAllowed();  // For call to close().
431  FilePath directory;
432  if (!GetTempDir(&directory))
433    return false;
434  int fd = CreateAndOpenFdForTemporaryFile(directory, path);
435  if (fd < 0)
436    return false;
437  ignore_result(HANDLE_EINTR(close(fd)));
438  return true;
439}
440
441FILE* CreateAndOpenTemporaryShmemFile(FilePath* path, bool executable) {
442  FilePath directory;
443  if (!GetShmemTempDir(&directory, executable))
444    return NULL;
445
446  return CreateAndOpenTemporaryFileInDir(directory, path);
447}
448
449FILE* CreateAndOpenTemporaryFileInDir(const FilePath& dir, FilePath* path) {
450  int fd = CreateAndOpenFdForTemporaryFile(dir, path);
451  if (fd < 0)
452    return NULL;
453
454  FILE* file = fdopen(fd, "a+");
455  if (!file)
456    ignore_result(HANDLE_EINTR(close(fd)));
457  return file;
458}
459
460bool CreateTemporaryFileInDir(const FilePath& dir, FilePath* temp_file) {
461  base::ThreadRestrictions::AssertIOAllowed();  // For call to close().
462  int fd = CreateAndOpenFdForTemporaryFile(dir, temp_file);
463  return ((fd >= 0) && !HANDLE_EINTR(close(fd)));
464}
465
466static bool CreateTemporaryDirInDirImpl(const FilePath& base_dir,
467                                        const FilePath::StringType& name_tmpl,
468                                        FilePath* new_dir) {
469  base::ThreadRestrictions::AssertIOAllowed();  // For call to mkdtemp().
470  DCHECK(name_tmpl.find("XXXXXX") != FilePath::StringType::npos)
471      << "Directory name template must contain \"XXXXXX\".";
472
473  FilePath sub_dir = base_dir.Append(name_tmpl);
474  std::string sub_dir_string = sub_dir.value();
475
476  // this should be OK since mkdtemp just replaces characters in place
477  char* buffer = const_cast<char*>(sub_dir_string.c_str());
478  char* dtemp = mkdtemp(buffer);
479  if (!dtemp) {
480    DPLOG(ERROR) << "mkdtemp";
481    return false;
482  }
483  *new_dir = FilePath(dtemp);
484  return true;
485}
486
487bool CreateTemporaryDirInDir(const FilePath& base_dir,
488                             const FilePath::StringType& prefix,
489                             FilePath* new_dir) {
490  FilePath::StringType mkdtemp_template = prefix;
491  mkdtemp_template.append(FILE_PATH_LITERAL("XXXXXX"));
492  return CreateTemporaryDirInDirImpl(base_dir, mkdtemp_template, new_dir);
493}
494
495bool CreateNewTempDirectory(const FilePath::StringType& prefix,
496                            FilePath* new_temp_path) {
497  FilePath tmpdir;
498  if (!GetTempDir(&tmpdir))
499    return false;
500
501  return CreateTemporaryDirInDirImpl(tmpdir, base::TempFileName(),
502                                     new_temp_path);
503}
504
505bool CreateDirectoryAndGetError(const FilePath& full_path,
506                                base::PlatformFileError* error) {
507  base::ThreadRestrictions::AssertIOAllowed();  // For call to mkdir().
508  std::vector<FilePath> subpaths;
509
510  // Collect a list of all parent directories.
511  FilePath last_path = full_path;
512  subpaths.push_back(full_path);
513  for (FilePath path = full_path.DirName();
514       path.value() != last_path.value(); path = path.DirName()) {
515    subpaths.push_back(path);
516    last_path = path;
517  }
518
519  // Iterate through the parents and create the missing ones.
520  for (std::vector<FilePath>::reverse_iterator i = subpaths.rbegin();
521       i != subpaths.rend(); ++i) {
522    if (DirectoryExists(*i))
523      continue;
524    if (mkdir(i->value().c_str(), 0700) == 0)
525      continue;
526    // Mkdir failed, but it might have failed with EEXIST, or some other error
527    // due to the the directory appearing out of thin air. This can occur if
528    // two processes are trying to create the same file system tree at the same
529    // time. Check to see if it exists and make sure it is a directory.
530    int saved_errno = errno;
531    if (!DirectoryExists(*i)) {
532      if (error)
533        *error = base::ErrnoToPlatformFileError(saved_errno);
534      return false;
535    }
536  }
537  return true;
538}
539
540base::FilePath MakeUniqueDirectory(const base::FilePath& path) {
541  const int kMaxAttempts = 20;
542  for (int attempts = 0; attempts < kMaxAttempts; attempts++) {
543    int uniquifier =
544        GetUniquePathNumber(path, base::FilePath::StringType());
545    if (uniquifier < 0)
546      break;
547    base::FilePath test_path = (uniquifier == 0) ? path :
548        path.InsertBeforeExtensionASCII(
549            base::StringPrintf(" (%d)", uniquifier));
550    if (mkdir(test_path.value().c_str(), 0777) == 0)
551      return test_path;
552    else if (errno != EEXIST)
553      break;
554  }
555  return base::FilePath();
556}
557
558// TODO(rkc): Refactor GetFileInfo and FileEnumerator to handle symlinks
559// correctly. http://code.google.com/p/chromium-os/issues/detail?id=15948
560bool IsLink(const FilePath& file_path) {
561  stat_wrapper_t st;
562  // If we can't lstat the file, it's safe to assume that the file won't at
563  // least be a 'followable' link.
564  if (CallLstat(file_path.value().c_str(), &st) != 0)
565    return false;
566
567  if (S_ISLNK(st.st_mode))
568    return true;
569  else
570    return false;
571}
572
573bool GetFileInfo(const FilePath& file_path, base::PlatformFileInfo* results) {
574  stat_wrapper_t file_info;
575  if (CallStat(file_path.value().c_str(), &file_info) != 0)
576    return false;
577  results->is_directory = S_ISDIR(file_info.st_mode);
578  results->size = file_info.st_size;
579#if defined(OS_MACOSX)
580  results->last_modified = base::Time::FromTimeSpec(file_info.st_mtimespec);
581  results->last_accessed = base::Time::FromTimeSpec(file_info.st_atimespec);
582  results->creation_time = base::Time::FromTimeSpec(file_info.st_ctimespec);
583#elif defined(OS_ANDROID)
584  results->last_modified = base::Time::FromTimeT(file_info.st_mtime);
585  results->last_accessed = base::Time::FromTimeT(file_info.st_atime);
586  results->creation_time = base::Time::FromTimeT(file_info.st_ctime);
587#else
588  results->last_modified = base::Time::FromTimeSpec(file_info.st_mtim);
589  results->last_accessed = base::Time::FromTimeSpec(file_info.st_atim);
590  results->creation_time = base::Time::FromTimeSpec(file_info.st_ctim);
591#endif
592  return true;
593}
594
595bool GetInode(const FilePath& path, ino_t* inode) {
596  base::ThreadRestrictions::AssertIOAllowed();  // For call to stat().
597  struct stat buffer;
598  int result = stat(path.value().c_str(), &buffer);
599  if (result < 0)
600    return false;
601
602  *inode = buffer.st_ino;
603  return true;
604}
605
606FILE* OpenFile(const std::string& filename, const char* mode) {
607  return OpenFile(FilePath(filename), mode);
608}
609
610FILE* OpenFile(const FilePath& filename, const char* mode) {
611  base::ThreadRestrictions::AssertIOAllowed();
612  FILE* result = NULL;
613  do {
614    result = fopen(filename.value().c_str(), mode);
615  } while (!result && errno == EINTR);
616  return result;
617}
618
619int ReadFile(const FilePath& filename, char* data, int size) {
620  base::ThreadRestrictions::AssertIOAllowed();
621  int fd = HANDLE_EINTR(open(filename.value().c_str(), O_RDONLY));
622  if (fd < 0)
623    return -1;
624
625  ssize_t bytes_read = HANDLE_EINTR(read(fd, data, size));
626  if (int ret = HANDLE_EINTR(close(fd)) < 0)
627    return ret;
628  return bytes_read;
629}
630
631int WriteFile(const FilePath& filename, const char* data, int size) {
632  base::ThreadRestrictions::AssertIOAllowed();
633  int fd = HANDLE_EINTR(creat(filename.value().c_str(), 0666));
634  if (fd < 0)
635    return -1;
636
637  int bytes_written = WriteFileDescriptor(fd, data, size);
638  if (int ret = HANDLE_EINTR(close(fd)) < 0)
639    return ret;
640  return bytes_written;
641}
642
643int WriteFileDescriptor(const int fd, const char* data, int size) {
644  // Allow for partial writes.
645  ssize_t bytes_written_total = 0;
646  for (ssize_t bytes_written_partial = 0; bytes_written_total < size;
647       bytes_written_total += bytes_written_partial) {
648    bytes_written_partial =
649        HANDLE_EINTR(write(fd, data + bytes_written_total,
650                           size - bytes_written_total));
651    if (bytes_written_partial < 0)
652      return -1;
653  }
654
655  return bytes_written_total;
656}
657
658int AppendToFile(const FilePath& filename, const char* data, int size) {
659  base::ThreadRestrictions::AssertIOAllowed();
660  int fd = HANDLE_EINTR(open(filename.value().c_str(), O_WRONLY | O_APPEND));
661  if (fd < 0)
662    return -1;
663
664  int bytes_written = WriteFileDescriptor(fd, data, size);
665  if (int ret = HANDLE_EINTR(close(fd)) < 0)
666    return ret;
667  return bytes_written;
668}
669
670// Gets the current working directory for the process.
671bool GetCurrentDirectory(FilePath* dir) {
672  // getcwd can return ENOENT, which implies it checks against the disk.
673  base::ThreadRestrictions::AssertIOAllowed();
674
675  char system_buffer[PATH_MAX] = "";
676  if (!getcwd(system_buffer, sizeof(system_buffer))) {
677    NOTREACHED();
678    return false;
679  }
680  *dir = FilePath(system_buffer);
681  return true;
682}
683
684// Sets the current working directory for the process.
685bool SetCurrentDirectory(const FilePath& path) {
686  base::ThreadRestrictions::AssertIOAllowed();
687  int ret = chdir(path.value().c_str());
688  return !ret;
689}
690
691bool NormalizeFilePath(const FilePath& path, FilePath* normalized_path) {
692  FilePath real_path_result;
693  if (!RealPath(path, &real_path_result))
694    return false;
695
696  // To be consistant with windows, fail if |real_path_result| is a
697  // directory.
698  stat_wrapper_t file_info;
699  if (CallStat(real_path_result.value().c_str(), &file_info) != 0 ||
700      S_ISDIR(file_info.st_mode))
701    return false;
702
703  *normalized_path = real_path_result;
704  return true;
705}
706
707#if !defined(OS_MACOSX)
708bool GetTempDir(FilePath* path) {
709  const char* tmp = getenv("TMPDIR");
710  if (tmp)
711    *path = FilePath(tmp);
712  else
713#if defined(OS_ANDROID)
714    return PathService::Get(base::DIR_CACHE, path);
715#else
716    *path = FilePath("/tmp");
717#endif
718  return true;
719}
720
721#if !defined(OS_ANDROID)
722
723#if defined(OS_LINUX)
724// Determine if /dev/shm files can be mapped and then mprotect'd PROT_EXEC.
725// This depends on the mount options used for /dev/shm, which vary among
726// different Linux distributions and possibly local configuration.  It also
727// depends on details of kernel--ChromeOS uses the noexec option for /dev/shm
728// but its kernel allows mprotect with PROT_EXEC anyway.
729
730namespace {
731
732bool DetermineDevShmExecutable() {
733  bool result = false;
734  FilePath path;
735  int fd = CreateAndOpenFdForTemporaryFile(FilePath("/dev/shm"), &path);
736  if (fd >= 0) {
737    ScopedFD shm_fd_closer(&fd);
738    DeleteFile(path, false);
739    long sysconf_result = sysconf(_SC_PAGESIZE);
740    CHECK_GE(sysconf_result, 0);
741    size_t pagesize = static_cast<size_t>(sysconf_result);
742    CHECK_GE(sizeof(pagesize), sizeof(sysconf_result));
743    void *mapping = mmap(NULL, pagesize, PROT_READ, MAP_SHARED, fd, 0);
744    if (mapping != MAP_FAILED) {
745      if (mprotect(mapping, pagesize, PROT_READ | PROT_EXEC) == 0)
746        result = true;
747      munmap(mapping, pagesize);
748    }
749  }
750  return result;
751}
752
753};  // namespace
754#endif  // defined(OS_LINUX)
755
756bool GetShmemTempDir(FilePath* path, bool executable) {
757#if defined(OS_LINUX)
758  bool use_dev_shm = true;
759  if (executable) {
760    static const bool s_dev_shm_executable = DetermineDevShmExecutable();
761    use_dev_shm = s_dev_shm_executable;
762  }
763  if (use_dev_shm) {
764    *path = FilePath("/dev/shm");
765    return true;
766  }
767#endif
768  return GetTempDir(path);
769}
770#endif  // !defined(OS_ANDROID)
771
772FilePath GetHomeDir() {
773#if defined(OS_CHROMEOS)
774  if (base::chromeos::IsRunningOnChromeOS())
775    return FilePath("/home/chronos/user");
776#endif
777
778  const char* home_dir = getenv("HOME");
779  if (home_dir && home_dir[0])
780    return FilePath(home_dir);
781
782#if defined(OS_ANDROID)
783  DLOG(WARNING) << "OS_ANDROID: Home directory lookup not yet implemented.";
784#else
785  // g_get_home_dir calls getpwent, which can fall through to LDAP calls.
786  base::ThreadRestrictions::AssertIOAllowed();
787
788  home_dir = g_get_home_dir();
789  if (home_dir && home_dir[0])
790    return FilePath(home_dir);
791#endif
792
793  FilePath rv;
794  if (file_util::GetTempDir(&rv))
795    return rv;
796
797  // Last resort.
798  return FilePath("/tmp");
799}
800#endif  // !defined(OS_MACOSX)
801
802bool VerifyPathControlledByUser(const FilePath& base,
803                                const FilePath& path,
804                                uid_t owner_uid,
805                                const std::set<gid_t>& group_gids) {
806  if (base != path && !base.IsParent(path)) {
807     DLOG(ERROR) << "|base| must be a subdirectory of |path|.  base = \""
808                 << base.value() << "\", path = \"" << path.value() << "\"";
809     return false;
810  }
811
812  std::vector<FilePath::StringType> base_components;
813  std::vector<FilePath::StringType> path_components;
814
815  base.GetComponents(&base_components);
816  path.GetComponents(&path_components);
817
818  std::vector<FilePath::StringType>::const_iterator ib, ip;
819  for (ib = base_components.begin(), ip = path_components.begin();
820       ib != base_components.end(); ++ib, ++ip) {
821    // |base| must be a subpath of |path|, so all components should match.
822    // If these CHECKs fail, look at the test that base is a parent of
823    // path at the top of this function.
824    DCHECK(ip != path_components.end());
825    DCHECK(*ip == *ib);
826  }
827
828  FilePath current_path = base;
829  if (!VerifySpecificPathControlledByUser(current_path, owner_uid, group_gids))
830    return false;
831
832  for (; ip != path_components.end(); ++ip) {
833    current_path = current_path.Append(*ip);
834    if (!VerifySpecificPathControlledByUser(
835            current_path, owner_uid, group_gids))
836      return false;
837  }
838  return true;
839}
840
841#if defined(OS_MACOSX) && !defined(OS_IOS)
842bool VerifyPathControlledByAdmin(const FilePath& path) {
843  const unsigned kRootUid = 0;
844  const FilePath kFileSystemRoot("/");
845
846  // The name of the administrator group on mac os.
847  const char* const kAdminGroupNames[] = {
848    "admin",
849    "wheel"
850  };
851
852  // Reading the groups database may touch the file system.
853  base::ThreadRestrictions::AssertIOAllowed();
854
855  std::set<gid_t> allowed_group_ids;
856  for (int i = 0, ie = arraysize(kAdminGroupNames); i < ie; ++i) {
857    struct group *group_record = getgrnam(kAdminGroupNames[i]);
858    if (!group_record) {
859      DPLOG(ERROR) << "Could not get the group ID of group \""
860                   << kAdminGroupNames[i] << "\".";
861      continue;
862    }
863
864    allowed_group_ids.insert(group_record->gr_gid);
865  }
866
867  return VerifyPathControlledByUser(
868      kFileSystemRoot, path, kRootUid, allowed_group_ids);
869}
870#endif  // defined(OS_MACOSX) && !defined(OS_IOS)
871
872int GetMaximumPathComponentLength(const FilePath& path) {
873  base::ThreadRestrictions::AssertIOAllowed();
874  return pathconf(path.value().c_str(), _PC_NAME_MAX);
875}
876
877}  // namespace file_util
878
879namespace base {
880namespace internal {
881
882bool MoveUnsafe(const FilePath& from_path, const FilePath& to_path) {
883  ThreadRestrictions::AssertIOAllowed();
884  // Windows compatibility: if to_path exists, from_path and to_path
885  // must be the same type, either both files, or both directories.
886  stat_wrapper_t to_file_info;
887  if (CallStat(to_path.value().c_str(), &to_file_info) == 0) {
888    stat_wrapper_t from_file_info;
889    if (CallStat(from_path.value().c_str(), &from_file_info) == 0) {
890      if (S_ISDIR(to_file_info.st_mode) != S_ISDIR(from_file_info.st_mode))
891        return false;
892    } else {
893      return false;
894    }
895  }
896
897  if (rename(from_path.value().c_str(), to_path.value().c_str()) == 0)
898    return true;
899
900  if (!CopyDirectory(from_path, to_path, true))
901    return false;
902
903  DeleteFile(from_path, true);
904  return true;
905}
906
907#if !defined(OS_MACOSX)
908// Mac has its own implementation, this is for all other Posix systems.
909bool CopyFileUnsafe(const FilePath& from_path, const FilePath& to_path) {
910  ThreadRestrictions::AssertIOAllowed();
911  int infile = HANDLE_EINTR(open(from_path.value().c_str(), O_RDONLY));
912  if (infile < 0)
913    return false;
914
915  int outfile = HANDLE_EINTR(creat(to_path.value().c_str(), 0666));
916  if (outfile < 0) {
917    ignore_result(HANDLE_EINTR(close(infile)));
918    return false;
919  }
920
921  const size_t kBufferSize = 32768;
922  std::vector<char> buffer(kBufferSize);
923  bool result = true;
924
925  while (result) {
926    ssize_t bytes_read = HANDLE_EINTR(read(infile, &buffer[0], buffer.size()));
927    if (bytes_read < 0) {
928      result = false;
929      break;
930    }
931    if (bytes_read == 0)
932      break;
933    // Allow for partial writes
934    ssize_t bytes_written_per_read = 0;
935    do {
936      ssize_t bytes_written_partial = HANDLE_EINTR(write(
937          outfile,
938          &buffer[bytes_written_per_read],
939          bytes_read - bytes_written_per_read));
940      if (bytes_written_partial < 0) {
941        result = false;
942        break;
943      }
944      bytes_written_per_read += bytes_written_partial;
945    } while (bytes_written_per_read < bytes_read);
946  }
947
948  if (HANDLE_EINTR(close(infile)) < 0)
949    result = false;
950  if (HANDLE_EINTR(close(outfile)) < 0)
951    result = false;
952
953  return result;
954}
955#endif  // !defined(OS_MACOSX)
956
957}  // namespace internal
958}  // namespace base
959