pepper_isolated_file_system_message_filter.cc revision f2477e01787aa58f445919b809d89e252beef54f 
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/renderer_host/pepper/pepper_isolated_file_system_message_filter.h"
6
7#include "chrome/browser/browser_process.h"
8#include "chrome/browser/extensions/extension_service.h"
9#include "chrome/browser/extensions/extension_system.h"
10#include "chrome/browser/profiles/profile.h"
11#include "chrome/browser/profiles/profile_manager.h"
12#include "chrome/common/chrome_switches.h"
13#include "chrome/common/pepper_permission_util.h"
14#include "content/public/browser/browser_ppapi_host.h"
15#include "content/public/browser/browser_thread.h"
16#include "content/public/browser/child_process_security_policy.h"
17#include "content/public/browser/render_view_host.h"
18#include "extensions/common/constants.h"
19#include "extensions/common/extension.h"
20#include "ppapi/c/pp_errors.h"
21#include "ppapi/host/dispatch_host_message.h"
22#include "ppapi/host/host_message_context.h"
23#include "ppapi/host/ppapi_host.h"
24#include "ppapi/proxy/ppapi_messages.h"
25#include "ppapi/shared_impl/file_system_util.h"
26#include "webkit/browser/fileapi/isolated_context.h"
27
28namespace chrome {
29
30namespace {
31
32const char* kPredefinedAllowedCrxFsOrigins[] = {
33  "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F",  // see crbug.com/234789
34  "4EB74897CB187C7633357C2FE832E0AD6A44883A"   // see crbug.com/234789
35};
36
37}  // namespace
38
39// static
40PepperIsolatedFileSystemMessageFilter*
41PepperIsolatedFileSystemMessageFilter::Create(
42    PP_Instance instance, content::BrowserPpapiHost* host) {
43  int render_process_id;
44  int unused_render_view_id;
45  if (!host->GetRenderViewIDsForInstance(instance,
46                                         &render_process_id,
47                                         &unused_render_view_id)) {
48    return NULL;
49  }
50  return new PepperIsolatedFileSystemMessageFilter(
51      render_process_id,
52      host->GetProfileDataDirectory(),
53      host->GetDocumentURLForInstance(instance),
54      host->GetPpapiHost());
55}
56
57PepperIsolatedFileSystemMessageFilter::PepperIsolatedFileSystemMessageFilter(
58    int render_process_id,
59    const base::FilePath& profile_directory,
60    const GURL& document_url,
61    ppapi::host::PpapiHost* ppapi_host)
62    : render_process_id_(render_process_id),
63      profile_directory_(profile_directory),
64      document_url_(document_url),
65      ppapi_host_(ppapi_host) {
66  for (size_t i = 0; i < arraysize(kPredefinedAllowedCrxFsOrigins); ++i)
67    allowed_crxfs_origins_.insert(kPredefinedAllowedCrxFsOrigins[i]);
68}
69
70PepperIsolatedFileSystemMessageFilter::
71~PepperIsolatedFileSystemMessageFilter() {
72}
73
74scoped_refptr<base::TaskRunner>
75PepperIsolatedFileSystemMessageFilter::OverrideTaskRunnerForMessage(
76    const IPC::Message& msg) {
77  // In order to reach ExtensionSystem, we need to get ProfileManager first.
78  // ProfileManager lives in UI thread, so we need to do this in UI thread.
79  return content::BrowserThread::GetMessageLoopProxyForThread(
80      content::BrowserThread::UI);
81}
82
83int32_t PepperIsolatedFileSystemMessageFilter::OnResourceMessageReceived(
84    const IPC::Message& msg,
85    ppapi::host::HostMessageContext* context) {
86  IPC_BEGIN_MESSAGE_MAP(PepperIsolatedFileSystemMessageFilter, msg)
87    PPAPI_DISPATCH_HOST_RESOURCE_CALL(
88        PpapiHostMsg_IsolatedFileSystem_BrowserOpen, OnOpenFileSystem);
89  IPC_END_MESSAGE_MAP()
90  return PP_ERROR_FAILED;
91}
92
93Profile* PepperIsolatedFileSystemMessageFilter::GetProfile() {
94  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
95  ProfileManager* profile_manager = g_browser_process->profile_manager();
96  return profile_manager->GetProfile(profile_directory_);
97}
98
99std::string PepperIsolatedFileSystemMessageFilter::CreateCrxFileSystem(
100    Profile* profile) {
101  extensions::ExtensionSystem* extension_system =
102      extensions::ExtensionSystem::Get(profile);
103  if (!extension_system)
104    return std::string();
105
106  const ExtensionService* extension_service =
107      extension_system->extension_service();
108  if (!extension_service)
109    return std::string();
110
111  const extensions::Extension* extension =
112      extension_service->GetExtensionById(document_url_.host(), false);
113  if (!extension)
114    return std::string();
115
116  // First level directory for isolated filesystem to lookup.
117  std::string kFirstLevelDirectory("crxfs");
118  return fileapi::IsolatedContext::GetInstance()->
119      RegisterFileSystemForPath(fileapi::kFileSystemTypeNativeLocal,
120                                extension->path(),
121                                &kFirstLevelDirectory);
122}
123
124int32_t PepperIsolatedFileSystemMessageFilter::OnOpenFileSystem(
125    ppapi::host::HostMessageContext* context,
126    PP_IsolatedFileSystemType_Private type) {
127  switch (type) {
128    case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_INVALID:
129      break;
130    case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_CRX:
131      return OpenCrxFileSystem(context);
132    case PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_PLUGINPRIVATE:
133      return OpenPluginPrivateFileSystem(context);
134  }
135  NOTREACHED();
136  context->reply_msg =
137      PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(std::string());
138  return PP_ERROR_FAILED;
139}
140
141int32_t PepperIsolatedFileSystemMessageFilter::OpenCrxFileSystem(
142    ppapi::host::HostMessageContext* context) {
143  Profile* profile = GetProfile();
144  const ExtensionSet* extension_set = NULL;
145  if (profile) {
146    extension_set = extensions::ExtensionSystem::Get(profile)->
147        extension_service()->extensions();
148  }
149  if (!IsExtensionOrSharedModuleWhitelisted(
150          document_url_, extension_set, allowed_crxfs_origins_) &&
151      !IsHostAllowedByCommandLine(
152          document_url_, extension_set, switches::kAllowNaClCrxFsAPI)) {
153    LOG(ERROR) << "Host " << document_url_.host() << " cannot use CrxFs API.";
154    return PP_ERROR_NOACCESS;
155  }
156
157  // TODO(raymes): When we remove FileSystem from the renderer, we should create
158  // a pending PepperFileSystemBrowserHost here with the fsid and send the
159  // pending host ID back to the plugin.
160  const std::string fsid = CreateCrxFileSystem(profile);
161  if (fsid.empty()) {
162    context->reply_msg =
163        PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(std::string());
164    return PP_ERROR_NOTSUPPORTED;
165  }
166
167  // Grant readonly access of isolated filesystem to renderer process.
168  content::ChildProcessSecurityPolicy* policy =
169      content::ChildProcessSecurityPolicy::GetInstance();
170  policy->GrantReadFileSystem(render_process_id_, fsid);
171
172  context->reply_msg = PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(fsid);
173  return PP_OK;
174}
175
176int32_t PepperIsolatedFileSystemMessageFilter::OpenPluginPrivateFileSystem(
177    ppapi::host::HostMessageContext* context) {
178  DCHECK(ppapi_host_);
179  // Only plugins with private permission can open the filesystem.
180  if (!ppapi_host_->permissions().HasPermission(ppapi::PERMISSION_PRIVATE))
181    return PP_ERROR_NOACCESS;
182
183  const std::string& root_name = ppapi::IsolatedFileSystemTypeToRootName(
184      PP_ISOLATEDFILESYSTEMTYPE_PRIVATE_PLUGINPRIVATE);
185  const std::string& fsid =
186      fileapi::IsolatedContext::GetInstance()->RegisterFileSystemForVirtualPath(
187          fileapi::kFileSystemTypePluginPrivate, root_name, base::FilePath());
188
189  // Grant full access of isolated filesystem to renderer process.
190  content::ChildProcessSecurityPolicy* policy =
191      content::ChildProcessSecurityPolicy::GetInstance();
192  policy->GrantCreateReadWriteFileSystem(render_process_id_, fsid);
193
194  context->reply_msg = PpapiPluginMsg_IsolatedFileSystem_BrowserOpenReply(fsid);
195  return PP_OK;
196}
197
198}  // namespace chrome
199