file_util_posix.cc revision b636ff6a8ac3b54b3067289f01848252ab71eceb
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "base/files/file_util.h" 6 7#include <dirent.h> 8#include <errno.h> 9#include <fcntl.h> 10#include <libgen.h> 11#include <limits.h> 12#include <stdio.h> 13#include <stdlib.h> 14#include <string.h> 15#include <sys/errno.h> 16#include <sys/mman.h> 17#include <sys/param.h> 18#include <sys/stat.h> 19#include <sys/time.h> 20#include <sys/types.h> 21#include <time.h> 22#include <unistd.h> 23 24#if defined(OS_MACOSX) 25#include <AvailabilityMacros.h> 26#include "base/mac/foundation_util.h" 27#elif !defined(OS_CHROMEOS) && defined(USE_GLIB) 28#include <glib.h> // for g_get_home_dir() 29#endif 30 31#include "base/basictypes.h" 32#include "base/files/file_enumerator.h" 33#include "base/files/file_path.h" 34#include "base/files/scoped_file.h" 35#include "base/logging.h" 36#include "base/memory/scoped_ptr.h" 37#include "base/memory/singleton.h" 38#include "base/path_service.h" 39#include "base/posix/eintr_wrapper.h" 40#include "base/stl_util.h" 41#include "base/strings/string_util.h" 42#include "base/strings/stringprintf.h" 43#include "base/strings/sys_string_conversions.h" 44#include "base/strings/utf_string_conversions.h" 45#include "base/sys_info.h" 46#include "base/threading/thread_restrictions.h" 47#include "base/time/time.h" 48 49#if defined(OS_ANDROID) 50#include "base/android/content_uri_utils.h" 51#include "base/os_compat_android.h" 52#endif 53 54#if !defined(OS_IOS) 55#include <grp.h> 56#endif 57 58namespace base { 59 60namespace { 61 62#if defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL) 63static int CallStat(const char *path, stat_wrapper_t *sb) { 64 ThreadRestrictions::AssertIOAllowed(); 65 return stat(path, sb); 66} 67static int CallLstat(const char *path, stat_wrapper_t *sb) { 68 ThreadRestrictions::AssertIOAllowed(); 69 return lstat(path, sb); 70} 71#else // defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL) 72static int CallStat(const char *path, stat_wrapper_t *sb) { 73 ThreadRestrictions::AssertIOAllowed(); 74 return stat64(path, sb); 75} 76static int CallLstat(const char *path, stat_wrapper_t *sb) { 77 ThreadRestrictions::AssertIOAllowed(); 78 return lstat64(path, sb); 79} 80#endif // !(defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL)) 81 82#if !defined(OS_NACL_NONSFI) 83// Helper for NormalizeFilePath(), defined below. 84bool RealPath(const FilePath& path, FilePath* real_path) { 85 ThreadRestrictions::AssertIOAllowed(); // For realpath(). 86 FilePath::CharType buf[PATH_MAX]; 87 if (!realpath(path.value().c_str(), buf)) 88 return false; 89 90 *real_path = FilePath(buf); 91 return true; 92} 93 94// Helper for VerifyPathControlledByUser. 95bool VerifySpecificPathControlledByUser(const FilePath& path, 96 uid_t owner_uid, 97 const std::set<gid_t>& group_gids) { 98 stat_wrapper_t stat_info; 99 if (CallLstat(path.value().c_str(), &stat_info) != 0) { 100 DPLOG(ERROR) << "Failed to get information on path " 101 << path.value(); 102 return false; 103 } 104 105 if (S_ISLNK(stat_info.st_mode)) { 106 DLOG(ERROR) << "Path " << path.value() 107 << " is a symbolic link."; 108 return false; 109 } 110 111 if (stat_info.st_uid != owner_uid) { 112 DLOG(ERROR) << "Path " << path.value() 113 << " is owned by the wrong user."; 114 return false; 115 } 116 117 if ((stat_info.st_mode & S_IWGRP) && 118 !ContainsKey(group_gids, stat_info.st_gid)) { 119 DLOG(ERROR) << "Path " << path.value() 120 << " is writable by an unprivileged group."; 121 return false; 122 } 123 124 if (stat_info.st_mode & S_IWOTH) { 125 DLOG(ERROR) << "Path " << path.value() 126 << " is writable by any user."; 127 return false; 128 } 129 130 return true; 131} 132 133std::string TempFileName() { 134#if defined(OS_MACOSX) 135 return StringPrintf(".%s.XXXXXX", base::mac::BaseBundleID()); 136#endif 137 138#if defined(GOOGLE_CHROME_BUILD) 139 return std::string(".com.google.Chrome.XXXXXX"); 140#else 141 return std::string(".org.chromium.Chromium.XXXXXX"); 142#endif 143} 144 145// Creates and opens a temporary file in |directory|, returning the 146// file descriptor. |path| is set to the temporary file path. 147// This function does NOT unlink() the file. 148int CreateAndOpenFdForTemporaryFile(FilePath directory, FilePath* path) { 149 ThreadRestrictions::AssertIOAllowed(); // For call to mkstemp(). 150 *path = directory.Append(base::TempFileName()); 151 const std::string& tmpdir_string = path->value(); 152 // this should be OK since mkstemp just replaces characters in place 153 char* buffer = const_cast<char*>(tmpdir_string.c_str()); 154 155 return HANDLE_EINTR(mkstemp(buffer)); 156} 157 158#if defined(OS_LINUX) 159// Determine if /dev/shm files can be mapped and then mprotect'd PROT_EXEC. 160// This depends on the mount options used for /dev/shm, which vary among 161// different Linux distributions and possibly local configuration. It also 162// depends on details of kernel--ChromeOS uses the noexec option for /dev/shm 163// but its kernel allows mprotect with PROT_EXEC anyway. 164bool DetermineDevShmExecutable() { 165 bool result = false; 166 FilePath path; 167 168 ScopedFD fd(CreateAndOpenFdForTemporaryFile(FilePath("/dev/shm"), &path)); 169 if (fd.is_valid()) { 170 DeleteFile(path, false); 171 long sysconf_result = sysconf(_SC_PAGESIZE); 172 CHECK_GE(sysconf_result, 0); 173 size_t pagesize = static_cast<size_t>(sysconf_result); 174 CHECK_GE(sizeof(pagesize), sizeof(sysconf_result)); 175 void* mapping = mmap(NULL, pagesize, PROT_READ, MAP_SHARED, fd.get(), 0); 176 if (mapping != MAP_FAILED) { 177 if (mprotect(mapping, pagesize, PROT_READ | PROT_EXEC) == 0) 178 result = true; 179 munmap(mapping, pagesize); 180 } 181 } 182 return result; 183} 184#endif // defined(OS_LINUX) 185#endif // !defined(OS_NACL_NONSFI) 186 187} // namespace 188 189#if !defined(OS_NACL_NONSFI) 190FilePath MakeAbsoluteFilePath(const FilePath& input) { 191 ThreadRestrictions::AssertIOAllowed(); 192 char full_path[PATH_MAX]; 193 if (realpath(input.value().c_str(), full_path) == NULL) 194 return FilePath(); 195 return FilePath(full_path); 196} 197 198// TODO(erikkay): The Windows version of this accepts paths like "foo/bar/*" 199// which works both with and without the recursive flag. I'm not sure we need 200// that functionality. If not, remove from file_util_win.cc, otherwise add it 201// here. 202bool DeleteFile(const FilePath& path, bool recursive) { 203 ThreadRestrictions::AssertIOAllowed(); 204 const char* path_str = path.value().c_str(); 205 stat_wrapper_t file_info; 206 int test = CallLstat(path_str, &file_info); 207 if (test != 0) { 208 // The Windows version defines this condition as success. 209 bool ret = (errno == ENOENT || errno == ENOTDIR); 210 return ret; 211 } 212 if (!S_ISDIR(file_info.st_mode)) 213 return (unlink(path_str) == 0); 214 if (!recursive) 215 return (rmdir(path_str) == 0); 216 217 bool success = true; 218 std::stack<std::string> directories; 219 directories.push(path.value()); 220 FileEnumerator traversal(path, true, 221 FileEnumerator::FILES | FileEnumerator::DIRECTORIES | 222 FileEnumerator::SHOW_SYM_LINKS); 223 for (FilePath current = traversal.Next(); success && !current.empty(); 224 current = traversal.Next()) { 225 if (traversal.GetInfo().IsDirectory()) 226 directories.push(current.value()); 227 else 228 success = (unlink(current.value().c_str()) == 0); 229 } 230 231 while (success && !directories.empty()) { 232 FilePath dir = FilePath(directories.top()); 233 directories.pop(); 234 success = (rmdir(dir.value().c_str()) == 0); 235 } 236 return success; 237} 238 239bool ReplaceFile(const FilePath& from_path, 240 const FilePath& to_path, 241 File::Error* error) { 242 ThreadRestrictions::AssertIOAllowed(); 243 if (rename(from_path.value().c_str(), to_path.value().c_str()) == 0) 244 return true; 245 if (error) 246 *error = File::OSErrorToFileError(errno); 247 return false; 248} 249 250bool CopyDirectory(const FilePath& from_path, 251 const FilePath& to_path, 252 bool recursive) { 253 ThreadRestrictions::AssertIOAllowed(); 254 // Some old callers of CopyDirectory want it to support wildcards. 255 // After some discussion, we decided to fix those callers. 256 // Break loudly here if anyone tries to do this. 257 DCHECK(to_path.value().find('*') == std::string::npos); 258 DCHECK(from_path.value().find('*') == std::string::npos); 259 260 if (from_path.value().size() >= PATH_MAX) { 261 return false; 262 } 263 264 // This function does not properly handle destinations within the source 265 FilePath real_to_path = to_path; 266 if (PathExists(real_to_path)) { 267 real_to_path = MakeAbsoluteFilePath(real_to_path); 268 if (real_to_path.empty()) 269 return false; 270 } else { 271 real_to_path = MakeAbsoluteFilePath(real_to_path.DirName()); 272 if (real_to_path.empty()) 273 return false; 274 } 275 FilePath real_from_path = MakeAbsoluteFilePath(from_path); 276 if (real_from_path.empty()) 277 return false; 278 if (real_to_path.value().size() >= real_from_path.value().size() && 279 real_to_path.value().compare(0, real_from_path.value().size(), 280 real_from_path.value()) == 0) { 281 return false; 282 } 283 284 int traverse_type = FileEnumerator::FILES | FileEnumerator::SHOW_SYM_LINKS; 285 if (recursive) 286 traverse_type |= FileEnumerator::DIRECTORIES; 287 FileEnumerator traversal(from_path, recursive, traverse_type); 288 289 // We have to mimic windows behavior here. |to_path| may not exist yet, 290 // start the loop with |to_path|. 291 struct stat from_stat; 292 FilePath current = from_path; 293 if (stat(from_path.value().c_str(), &from_stat) < 0) { 294 DLOG(ERROR) << "CopyDirectory() couldn't stat source directory: " 295 << from_path.value() << " errno = " << errno; 296 return false; 297 } 298 struct stat to_path_stat; 299 FilePath from_path_base = from_path; 300 if (recursive && stat(to_path.value().c_str(), &to_path_stat) == 0 && 301 S_ISDIR(to_path_stat.st_mode)) { 302 // If the destination already exists and is a directory, then the 303 // top level of source needs to be copied. 304 from_path_base = from_path.DirName(); 305 } 306 307 // The Windows version of this function assumes that non-recursive calls 308 // will always have a directory for from_path. 309 // TODO(maruel): This is not necessary anymore. 310 DCHECK(recursive || S_ISDIR(from_stat.st_mode)); 311 312 bool success = true; 313 while (success && !current.empty()) { 314 // current is the source path, including from_path, so append 315 // the suffix after from_path to to_path to create the target_path. 316 FilePath target_path(to_path); 317 if (from_path_base != current) { 318 if (!from_path_base.AppendRelativePath(current, &target_path)) { 319 success = false; 320 break; 321 } 322 } 323 324 if (S_ISDIR(from_stat.st_mode)) { 325 if (mkdir(target_path.value().c_str(), 326 (from_stat.st_mode & 01777) | S_IRUSR | S_IXUSR | S_IWUSR) != 327 0 && 328 errno != EEXIST) { 329 DLOG(ERROR) << "CopyDirectory() couldn't create directory: " 330 << target_path.value() << " errno = " << errno; 331 success = false; 332 } 333 } else if (S_ISREG(from_stat.st_mode)) { 334 if (!CopyFile(current, target_path)) { 335 DLOG(ERROR) << "CopyDirectory() couldn't create file: " 336 << target_path.value(); 337 success = false; 338 } 339 } else { 340 DLOG(WARNING) << "CopyDirectory() skipping non-regular file: " 341 << current.value(); 342 } 343 344 current = traversal.Next(); 345 if (!current.empty()) 346 from_stat = traversal.GetInfo().stat(); 347 } 348 349 return success; 350} 351#endif // !defined(OS_NACL_NONSFI) 352 353bool PathExists(const FilePath& path) { 354 ThreadRestrictions::AssertIOAllowed(); 355#if defined(OS_ANDROID) 356 if (path.IsContentUri()) { 357 return ContentUriExists(path); 358 } 359#endif 360 return access(path.value().c_str(), F_OK) == 0; 361} 362 363#if !defined(OS_NACL_NONSFI) 364bool PathIsWritable(const FilePath& path) { 365 ThreadRestrictions::AssertIOAllowed(); 366 return access(path.value().c_str(), W_OK) == 0; 367} 368#endif // !defined(OS_NACL_NONSFI) 369 370bool DirectoryExists(const FilePath& path) { 371 ThreadRestrictions::AssertIOAllowed(); 372 stat_wrapper_t file_info; 373 if (CallStat(path.value().c_str(), &file_info) == 0) 374 return S_ISDIR(file_info.st_mode); 375 return false; 376} 377 378bool ReadFromFD(int fd, char* buffer, size_t bytes) { 379 size_t total_read = 0; 380 while (total_read < bytes) { 381 ssize_t bytes_read = 382 HANDLE_EINTR(read(fd, buffer + total_read, bytes - total_read)); 383 if (bytes_read <= 0) 384 break; 385 total_read += bytes_read; 386 } 387 return total_read == bytes; 388} 389 390#if !defined(OS_NACL_NONSFI) 391bool CreateSymbolicLink(const FilePath& target_path, 392 const FilePath& symlink_path) { 393 DCHECK(!symlink_path.empty()); 394 DCHECK(!target_path.empty()); 395 return ::symlink(target_path.value().c_str(), 396 symlink_path.value().c_str()) != -1; 397} 398 399bool ReadSymbolicLink(const FilePath& symlink_path, FilePath* target_path) { 400 DCHECK(!symlink_path.empty()); 401 DCHECK(target_path); 402 char buf[PATH_MAX]; 403 ssize_t count = ::readlink(symlink_path.value().c_str(), buf, arraysize(buf)); 404 405 if (count <= 0) { 406 target_path->clear(); 407 return false; 408 } 409 410 *target_path = FilePath(FilePath::StringType(buf, count)); 411 return true; 412} 413 414bool GetPosixFilePermissions(const FilePath& path, int* mode) { 415 ThreadRestrictions::AssertIOAllowed(); 416 DCHECK(mode); 417 418 stat_wrapper_t file_info; 419 // Uses stat(), because on symbolic link, lstat() does not return valid 420 // permission bits in st_mode 421 if (CallStat(path.value().c_str(), &file_info) != 0) 422 return false; 423 424 *mode = file_info.st_mode & FILE_PERMISSION_MASK; 425 return true; 426} 427 428bool SetPosixFilePermissions(const FilePath& path, 429 int mode) { 430 ThreadRestrictions::AssertIOAllowed(); 431 DCHECK_EQ(mode & ~FILE_PERMISSION_MASK, 0); 432 433 // Calls stat() so that we can preserve the higher bits like S_ISGID. 434 stat_wrapper_t stat_buf; 435 if (CallStat(path.value().c_str(), &stat_buf) != 0) 436 return false; 437 438 // Clears the existing permission bits, and adds the new ones. 439 mode_t updated_mode_bits = stat_buf.st_mode & ~FILE_PERMISSION_MASK; 440 updated_mode_bits |= mode & FILE_PERMISSION_MASK; 441 442 if (HANDLE_EINTR(chmod(path.value().c_str(), updated_mode_bits)) != 0) 443 return false; 444 445 return true; 446} 447 448#if !defined(OS_MACOSX) 449// This is implemented in file_util_mac.mm for Mac. 450bool GetTempDir(FilePath* path) { 451 const char* tmp = getenv("TMPDIR"); 452 if (tmp) { 453 *path = FilePath(tmp); 454 } else { 455#if defined(OS_ANDROID) 456 return PathService::Get(base::DIR_CACHE, path); 457#elif defined(__ANDROID__) 458 *path = FilePath("/data/local/tmp"); 459#else 460 *path = FilePath("/tmp"); 461#endif 462 } 463 return true; 464} 465#endif // !defined(OS_MACOSX) 466 467#if !defined(OS_MACOSX) // Mac implementation is in file_util_mac.mm. 468FilePath GetHomeDir() { 469#if defined(OS_CHROMEOS) 470 if (SysInfo::IsRunningOnChromeOS()) { 471 // On Chrome OS chrome::DIR_USER_DATA is overridden with a primary user 472 // homedir once it becomes available. Return / as the safe option. 473 return FilePath("/"); 474 } 475#endif 476 477 const char* home_dir = getenv("HOME"); 478 if (home_dir && home_dir[0]) 479 return FilePath(home_dir); 480 481#if defined(OS_ANDROID) 482 DLOG(WARNING) << "OS_ANDROID: Home directory lookup not yet implemented."; 483#elif defined(USE_GLIB) && !defined(OS_CHROMEOS) 484 // g_get_home_dir calls getpwent, which can fall through to LDAP calls so 485 // this may do I/O. However, it should be rare that $HOME is not defined and 486 // this is typically called from the path service which has no threading 487 // restrictions. The path service will cache the result which limits the 488 // badness of blocking on I/O. As a result, we don't have a thread 489 // restriction here. 490 home_dir = g_get_home_dir(); 491 if (home_dir && home_dir[0]) 492 return FilePath(home_dir); 493#endif 494 495 FilePath rv; 496 if (GetTempDir(&rv)) 497 return rv; 498 499 // Last resort. 500 return FilePath("/tmp"); 501} 502#endif // !defined(OS_MACOSX) 503 504bool CreateTemporaryFile(FilePath* path) { 505 ThreadRestrictions::AssertIOAllowed(); // For call to close(). 506 FilePath directory; 507 if (!GetTempDir(&directory)) 508 return false; 509 int fd = CreateAndOpenFdForTemporaryFile(directory, path); 510 if (fd < 0) 511 return false; 512 close(fd); 513 return true; 514} 515 516FILE* CreateAndOpenTemporaryFileInDir(const FilePath& dir, FilePath* path) { 517 int fd = CreateAndOpenFdForTemporaryFile(dir, path); 518 if (fd < 0) 519 return NULL; 520 521 FILE* file = fdopen(fd, "a+"); 522 if (!file) 523 close(fd); 524 return file; 525} 526 527bool CreateTemporaryFileInDir(const FilePath& dir, FilePath* temp_file) { 528 ThreadRestrictions::AssertIOAllowed(); // For call to close(). 529 int fd = CreateAndOpenFdForTemporaryFile(dir, temp_file); 530 return ((fd >= 0) && !IGNORE_EINTR(close(fd))); 531} 532 533static bool CreateTemporaryDirInDirImpl(const FilePath& base_dir, 534 const FilePath::StringType& name_tmpl, 535 FilePath* new_dir) { 536 ThreadRestrictions::AssertIOAllowed(); // For call to mkdtemp(). 537 DCHECK(name_tmpl.find("XXXXXX") != FilePath::StringType::npos) 538 << "Directory name template must contain \"XXXXXX\"."; 539 540 FilePath sub_dir = base_dir.Append(name_tmpl); 541 std::string sub_dir_string = sub_dir.value(); 542 543 // this should be OK since mkdtemp just replaces characters in place 544 char* buffer = const_cast<char*>(sub_dir_string.c_str()); 545 char* dtemp = mkdtemp(buffer); 546 if (!dtemp) { 547 DPLOG(ERROR) << "mkdtemp"; 548 return false; 549 } 550 *new_dir = FilePath(dtemp); 551 return true; 552} 553 554bool CreateTemporaryDirInDir(const FilePath& base_dir, 555 const FilePath::StringType& prefix, 556 FilePath* new_dir) { 557 FilePath::StringType mkdtemp_template = prefix; 558 mkdtemp_template.append(FILE_PATH_LITERAL("XXXXXX")); 559 return CreateTemporaryDirInDirImpl(base_dir, mkdtemp_template, new_dir); 560} 561 562bool CreateNewTempDirectory(const FilePath::StringType& /* prefix */, 563 FilePath* new_temp_path) { 564 FilePath tmpdir; 565 if (!GetTempDir(&tmpdir)) 566 return false; 567 568 return CreateTemporaryDirInDirImpl(tmpdir, TempFileName(), new_temp_path); 569} 570 571bool CreateDirectoryAndGetError(const FilePath& full_path, 572 File::Error* error) { 573 ThreadRestrictions::AssertIOAllowed(); // For call to mkdir(). 574 std::vector<FilePath> subpaths; 575 576 // Collect a list of all parent directories. 577 FilePath last_path = full_path; 578 subpaths.push_back(full_path); 579 for (FilePath path = full_path.DirName(); 580 path.value() != last_path.value(); path = path.DirName()) { 581 subpaths.push_back(path); 582 last_path = path; 583 } 584 585 // Iterate through the parents and create the missing ones. 586 for (std::vector<FilePath>::reverse_iterator i = subpaths.rbegin(); 587 i != subpaths.rend(); ++i) { 588 if (DirectoryExists(*i)) 589 continue; 590 if (mkdir(i->value().c_str(), 0700) == 0) 591 continue; 592 // Mkdir failed, but it might have failed with EEXIST, or some other error 593 // due to the the directory appearing out of thin air. This can occur if 594 // two processes are trying to create the same file system tree at the same 595 // time. Check to see if it exists and make sure it is a directory. 596 int saved_errno = errno; 597 if (!DirectoryExists(*i)) { 598 if (error) 599 *error = File::OSErrorToFileError(saved_errno); 600 return false; 601 } 602 } 603 return true; 604} 605 606bool NormalizeFilePath(const FilePath& path, FilePath* normalized_path) { 607 FilePath real_path_result; 608 if (!RealPath(path, &real_path_result)) 609 return false; 610 611 // To be consistant with windows, fail if |real_path_result| is a 612 // directory. 613 stat_wrapper_t file_info; 614 if (CallStat(real_path_result.value().c_str(), &file_info) != 0 || 615 S_ISDIR(file_info.st_mode)) 616 return false; 617 618 *normalized_path = real_path_result; 619 return true; 620} 621 622// TODO(rkc): Refactor GetFileInfo and FileEnumerator to handle symlinks 623// correctly. http://code.google.com/p/chromium-os/issues/detail?id=15948 624bool IsLink(const FilePath& file_path) { 625 stat_wrapper_t st; 626 // If we can't lstat the file, it's safe to assume that the file won't at 627 // least be a 'followable' link. 628 if (CallLstat(file_path.value().c_str(), &st) != 0) 629 return false; 630 631 if (S_ISLNK(st.st_mode)) 632 return true; 633 else 634 return false; 635} 636 637bool GetFileInfo(const FilePath& file_path, File::Info* results) { 638 stat_wrapper_t file_info; 639#if defined(OS_ANDROID) 640 if (file_path.IsContentUri()) { 641 File file = OpenContentUriForRead(file_path); 642 if (!file.IsValid()) 643 return false; 644 return file.GetInfo(results); 645 } else { 646#endif // defined(OS_ANDROID) 647 if (CallStat(file_path.value().c_str(), &file_info) != 0) 648 return false; 649#if defined(OS_ANDROID) 650 } 651#endif // defined(OS_ANDROID) 652 653 results->FromStat(file_info); 654 return true; 655} 656#endif // !defined(OS_NACL_NONSFI) 657 658FILE* OpenFile(const FilePath& filename, const char* mode) { 659 ThreadRestrictions::AssertIOAllowed(); 660 FILE* result = NULL; 661 do { 662 result = fopen(filename.value().c_str(), mode); 663 } while (!result && errno == EINTR); 664 return result; 665} 666 667// NaCl doesn't implement system calls to open files directly. 668#if !defined(OS_NACL) 669FILE* FileToFILE(File file, const char* mode) { 670 FILE* stream = fdopen(file.GetPlatformFile(), mode); 671 if (stream) 672 file.TakePlatformFile(); 673 return stream; 674} 675#endif // !defined(OS_NACL) 676 677int ReadFile(const FilePath& filename, char* data, int max_size) { 678 ThreadRestrictions::AssertIOAllowed(); 679 int fd = HANDLE_EINTR(open(filename.value().c_str(), O_RDONLY)); 680 if (fd < 0) 681 return -1; 682 683 ssize_t bytes_read = HANDLE_EINTR(read(fd, data, max_size)); 684 if (IGNORE_EINTR(close(fd)) < 0) 685 return -1; 686 return bytes_read; 687} 688 689int WriteFile(const FilePath& filename, const char* data, int size) { 690 ThreadRestrictions::AssertIOAllowed(); 691 int fd = HANDLE_EINTR(creat(filename.value().c_str(), 0666)); 692 if (fd < 0) 693 return -1; 694 695 int bytes_written = WriteFileDescriptor(fd, data, size) ? size : -1; 696 if (IGNORE_EINTR(close(fd)) < 0) 697 return -1; 698 return bytes_written; 699} 700 701bool WriteFileDescriptor(const int fd, const char* data, int size) { 702 // Allow for partial writes. 703 ssize_t bytes_written_total = 0; 704 for (ssize_t bytes_written_partial = 0; bytes_written_total < size; 705 bytes_written_total += bytes_written_partial) { 706 bytes_written_partial = 707 HANDLE_EINTR(write(fd, data + bytes_written_total, 708 size - bytes_written_total)); 709 if (bytes_written_partial < 0) 710 return false; 711 } 712 713 return true; 714} 715 716#if !defined(OS_NACL_NONSFI) 717 718bool AppendToFile(const FilePath& filename, const char* data, int size) { 719 ThreadRestrictions::AssertIOAllowed(); 720 bool ret = true; 721 int fd = HANDLE_EINTR(open(filename.value().c_str(), O_WRONLY | O_APPEND)); 722 if (fd < 0) { 723 VPLOG(1) << "Unable to create file " << filename.value(); 724 return false; 725 } 726 727 // This call will either write all of the data or return false. 728 if (!WriteFileDescriptor(fd, data, size)) { 729 VPLOG(1) << "Error while writing to file " << filename.value(); 730 ret = false; 731 } 732 733 if (IGNORE_EINTR(close(fd)) < 0) { 734 VPLOG(1) << "Error while closing file " << filename.value(); 735 return false; 736 } 737 738 return ret; 739} 740 741// Gets the current working directory for the process. 742bool GetCurrentDirectory(FilePath* dir) { 743 // getcwd can return ENOENT, which implies it checks against the disk. 744 ThreadRestrictions::AssertIOAllowed(); 745 746 char system_buffer[PATH_MAX] = ""; 747 if (!getcwd(system_buffer, sizeof(system_buffer))) { 748 NOTREACHED(); 749 return false; 750 } 751 *dir = FilePath(system_buffer); 752 return true; 753} 754 755// Sets the current working directory for the process. 756bool SetCurrentDirectory(const FilePath& path) { 757 ThreadRestrictions::AssertIOAllowed(); 758 int ret = chdir(path.value().c_str()); 759 return !ret; 760} 761 762bool VerifyPathControlledByUser(const FilePath& base, 763 const FilePath& path, 764 uid_t owner_uid, 765 const std::set<gid_t>& group_gids) { 766 if (base != path && !base.IsParent(path)) { 767 DLOG(ERROR) << "|base| must be a subdirectory of |path|. base = \"" 768 << base.value() << "\", path = \"" << path.value() << "\""; 769 return false; 770 } 771 772 std::vector<FilePath::StringType> base_components; 773 std::vector<FilePath::StringType> path_components; 774 775 base.GetComponents(&base_components); 776 path.GetComponents(&path_components); 777 778 std::vector<FilePath::StringType>::const_iterator ib, ip; 779 for (ib = base_components.begin(), ip = path_components.begin(); 780 ib != base_components.end(); ++ib, ++ip) { 781 // |base| must be a subpath of |path|, so all components should match. 782 // If these CHECKs fail, look at the test that base is a parent of 783 // path at the top of this function. 784 DCHECK(ip != path_components.end()); 785 DCHECK(*ip == *ib); 786 } 787 788 FilePath current_path = base; 789 if (!VerifySpecificPathControlledByUser(current_path, owner_uid, group_gids)) 790 return false; 791 792 for (; ip != path_components.end(); ++ip) { 793 current_path = current_path.Append(*ip); 794 if (!VerifySpecificPathControlledByUser( 795 current_path, owner_uid, group_gids)) 796 return false; 797 } 798 return true; 799} 800 801#if defined(OS_MACOSX) && !defined(OS_IOS) 802bool VerifyPathControlledByAdmin(const FilePath& path) { 803 const unsigned kRootUid = 0; 804 const FilePath kFileSystemRoot("/"); 805 806 // The name of the administrator group on mac os. 807 const char* const kAdminGroupNames[] = { 808 "admin", 809 "wheel" 810 }; 811 812 // Reading the groups database may touch the file system. 813 ThreadRestrictions::AssertIOAllowed(); 814 815 std::set<gid_t> allowed_group_ids; 816 for (int i = 0, ie = arraysize(kAdminGroupNames); i < ie; ++i) { 817 struct group *group_record = getgrnam(kAdminGroupNames[i]); 818 if (!group_record) { 819 DPLOG(ERROR) << "Could not get the group ID of group \"" 820 << kAdminGroupNames[i] << "\"."; 821 continue; 822 } 823 824 allowed_group_ids.insert(group_record->gr_gid); 825 } 826 827 return VerifyPathControlledByUser( 828 kFileSystemRoot, path, kRootUid, allowed_group_ids); 829} 830#endif // defined(OS_MACOSX) && !defined(OS_IOS) 831 832int GetMaximumPathComponentLength(const FilePath& path) { 833 ThreadRestrictions::AssertIOAllowed(); 834 return pathconf(path.value().c_str(), _PC_NAME_MAX); 835} 836 837#if !defined(OS_ANDROID) 838// This is implemented in file_util_android.cc for that platform. 839bool GetShmemTempDir(bool executable, FilePath* path) { 840#if defined(OS_LINUX) 841 bool use_dev_shm = true; 842 if (executable) { 843 static const bool s_dev_shm_executable = DetermineDevShmExecutable(); 844 use_dev_shm = s_dev_shm_executable; 845 } 846 if (use_dev_shm) { 847 *path = FilePath("/dev/shm"); 848 return true; 849 } 850#endif 851 return GetTempDir(path); 852} 853#endif // !defined(OS_ANDROID) 854 855#if !defined(OS_MACOSX) 856// Mac has its own implementation, this is for all other Posix systems. 857bool CopyFile(const FilePath& from_path, const FilePath& to_path) { 858 ThreadRestrictions::AssertIOAllowed(); 859 File infile; 860#if defined(OS_ANDROID) 861 if (from_path.IsContentUri()) { 862 infile = OpenContentUriForRead(from_path); 863 } else { 864 infile = File(from_path, File::FLAG_OPEN | File::FLAG_READ); 865 } 866#else 867 infile = File(from_path, File::FLAG_OPEN | File::FLAG_READ); 868#endif 869 if (!infile.IsValid()) 870 return false; 871 872 File outfile(to_path, File::FLAG_WRITE | File::FLAG_CREATE_ALWAYS); 873 if (!outfile.IsValid()) 874 return false; 875 876 const size_t kBufferSize = 32768; 877 std::vector<char> buffer(kBufferSize); 878 bool result = true; 879 880 while (result) { 881 ssize_t bytes_read = infile.ReadAtCurrentPos(&buffer[0], buffer.size()); 882 if (bytes_read < 0) { 883 result = false; 884 break; 885 } 886 if (bytes_read == 0) 887 break; 888 // Allow for partial writes 889 ssize_t bytes_written_per_read = 0; 890 do { 891 ssize_t bytes_written_partial = outfile.WriteAtCurrentPos( 892 &buffer[bytes_written_per_read], bytes_read - bytes_written_per_read); 893 if (bytes_written_partial < 0) { 894 result = false; 895 break; 896 } 897 bytes_written_per_read += bytes_written_partial; 898 } while (bytes_written_per_read < bytes_read); 899 } 900 901 return result; 902} 903#endif // !defined(OS_MACOSX) 904 905// ----------------------------------------------------------------------------- 906 907namespace internal { 908 909bool MoveUnsafe(const FilePath& from_path, const FilePath& to_path) { 910 ThreadRestrictions::AssertIOAllowed(); 911 // Windows compatibility: if to_path exists, from_path and to_path 912 // must be the same type, either both files, or both directories. 913 stat_wrapper_t to_file_info; 914 if (CallStat(to_path.value().c_str(), &to_file_info) == 0) { 915 stat_wrapper_t from_file_info; 916 if (CallStat(from_path.value().c_str(), &from_file_info) == 0) { 917 if (S_ISDIR(to_file_info.st_mode) != S_ISDIR(from_file_info.st_mode)) 918 return false; 919 } else { 920 return false; 921 } 922 } 923 924 if (rename(from_path.value().c_str(), to_path.value().c_str()) == 0) 925 return true; 926 927 if (!CopyDirectory(from_path, to_path, true)) 928 return false; 929 930 DeleteFile(from_path, true); 931 return true; 932} 933 934} // namespace internal 935 936#endif // !defined(OS_NACL_NONSFI) 937} // namespace base 938