file_util_posix.cc revision b8cf94937c52feb53b55c39e3f82094d27de464c
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "base/files/file_util.h" 6 7#include <dirent.h> 8#include <errno.h> 9#include <fcntl.h> 10#include <libgen.h> 11#include <limits.h> 12#include <stdio.h> 13#include <stdlib.h> 14#include <string.h> 15#include <sys/errno.h> 16#include <sys/mman.h> 17#include <sys/param.h> 18#include <sys/stat.h> 19#include <sys/time.h> 20#include <sys/types.h> 21#include <time.h> 22#include <unistd.h> 23 24#if defined(OS_MACOSX) 25#include <AvailabilityMacros.h> 26#include "base/mac/foundation_util.h" 27#elif !defined(OS_CHROMEOS) && defined(USE_GLIB) 28#include <glib.h> // for g_get_home_dir() 29#endif 30 31#include "base/basictypes.h" 32#include "base/files/file_enumerator.h" 33#include "base/files/file_path.h" 34#include "base/files/scoped_file.h" 35#include "base/logging.h" 36#include "base/memory/scoped_ptr.h" 37#include "base/memory/singleton.h" 38#include "base/path_service.h" 39#include "base/posix/eintr_wrapper.h" 40#include "base/stl_util.h" 41#include "base/strings/string_util.h" 42#include "base/strings/stringprintf.h" 43#include "base/strings/sys_string_conversions.h" 44#include "base/strings/utf_string_conversions.h" 45#include "base/sys_info.h" 46#include "base/threading/thread_restrictions.h" 47#include "base/time/time.h" 48 49#if defined(OS_ANDROID) 50#include "base/android/content_uri_utils.h" 51#include "base/os_compat_android.h" 52#endif 53 54#if !defined(OS_IOS) 55#include <grp.h> 56#endif 57 58namespace base { 59 60namespace { 61 62#if defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL) 63static int CallStat(const char *path, stat_wrapper_t *sb) { 64 ThreadRestrictions::AssertIOAllowed(); 65 return stat(path, sb); 66} 67static int CallLstat(const char *path, stat_wrapper_t *sb) { 68 ThreadRestrictions::AssertIOAllowed(); 69 return lstat(path, sb); 70} 71#else // defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL) 72static int CallStat(const char *path, stat_wrapper_t *sb) { 73 ThreadRestrictions::AssertIOAllowed(); 74 return stat64(path, sb); 75} 76static int CallLstat(const char *path, stat_wrapper_t *sb) { 77 ThreadRestrictions::AssertIOAllowed(); 78 return lstat64(path, sb); 79} 80#endif // !(defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL)) 81 82#if !defined(OS_NACL_NONSFI) 83// Helper for NormalizeFilePath(), defined below. 84bool RealPath(const FilePath& path, FilePath* real_path) { 85 ThreadRestrictions::AssertIOAllowed(); // For realpath(). 86 FilePath::CharType buf[PATH_MAX]; 87 if (!realpath(path.value().c_str(), buf)) 88 return false; 89 90 *real_path = FilePath(buf); 91 return true; 92} 93 94// Helper for VerifyPathControlledByUser. 95bool VerifySpecificPathControlledByUser(const FilePath& path, 96 uid_t owner_uid, 97 const std::set<gid_t>& group_gids) { 98 stat_wrapper_t stat_info; 99 if (CallLstat(path.value().c_str(), &stat_info) != 0) { 100 DPLOG(ERROR) << "Failed to get information on path " 101 << path.value(); 102 return false; 103 } 104 105 if (S_ISLNK(stat_info.st_mode)) { 106 DLOG(ERROR) << "Path " << path.value() 107 << " is a symbolic link."; 108 return false; 109 } 110 111 if (stat_info.st_uid != owner_uid) { 112 DLOG(ERROR) << "Path " << path.value() 113 << " is owned by the wrong user."; 114 return false; 115 } 116 117 if ((stat_info.st_mode & S_IWGRP) && 118 !ContainsKey(group_gids, stat_info.st_gid)) { 119 DLOG(ERROR) << "Path " << path.value() 120 << " is writable by an unprivileged group."; 121 return false; 122 } 123 124 if (stat_info.st_mode & S_IWOTH) { 125 DLOG(ERROR) << "Path " << path.value() 126 << " is writable by any user."; 127 return false; 128 } 129 130 return true; 131} 132 133std::string TempFileName() { 134#if defined(OS_MACOSX) 135 return StringPrintf(".%s.XXXXXX", base::mac::BaseBundleID()); 136#endif 137 138#if defined(GOOGLE_CHROME_BUILD) 139 return std::string(".com.google.Chrome.XXXXXX"); 140#else 141 return std::string(".org.chromium.Chromium.XXXXXX"); 142#endif 143} 144 145// Creates and opens a temporary file in |directory|, returning the 146// file descriptor. |path| is set to the temporary file path. 147// This function does NOT unlink() the file. 148int CreateAndOpenFdForTemporaryFile(FilePath directory, FilePath* path) { 149 ThreadRestrictions::AssertIOAllowed(); // For call to mkstemp(). 150 *path = directory.Append(base::TempFileName()); 151 const std::string& tmpdir_string = path->value(); 152 // this should be OK since mkstemp just replaces characters in place 153 char* buffer = const_cast<char*>(tmpdir_string.c_str()); 154 155 return HANDLE_EINTR(mkstemp(buffer)); 156} 157 158#if defined(OS_LINUX) 159// Determine if /dev/shm files can be mapped and then mprotect'd PROT_EXEC. 160// This depends on the mount options used for /dev/shm, which vary among 161// different Linux distributions and possibly local configuration. It also 162// depends on details of kernel--ChromeOS uses the noexec option for /dev/shm 163// but its kernel allows mprotect with PROT_EXEC anyway. 164bool DetermineDevShmExecutable() { 165 bool result = false; 166 FilePath path; 167 168 ScopedFD fd(CreateAndOpenFdForTemporaryFile(FilePath("/dev/shm"), &path)); 169 if (fd.is_valid()) { 170 DeleteFile(path, false); 171 long sysconf_result = sysconf(_SC_PAGESIZE); 172 CHECK_GE(sysconf_result, 0); 173 size_t pagesize = static_cast<size_t>(sysconf_result); 174 CHECK_GE(sizeof(pagesize), sizeof(sysconf_result)); 175 void* mapping = mmap(NULL, pagesize, PROT_READ, MAP_SHARED, fd.get(), 0); 176 if (mapping != MAP_FAILED) { 177 if (mprotect(mapping, pagesize, PROT_READ | PROT_EXEC) == 0) 178 result = true; 179 munmap(mapping, pagesize); 180 } 181 } 182 return result; 183} 184#endif // defined(OS_LINUX) 185#endif // !defined(OS_NACL_NONSFI) 186 187} // namespace 188 189#if !defined(OS_NACL_NONSFI) 190FilePath MakeAbsoluteFilePath(const FilePath& input) { 191 ThreadRestrictions::AssertIOAllowed(); 192 char full_path[PATH_MAX]; 193 if (realpath(input.value().c_str(), full_path) == NULL) 194 return FilePath(); 195 return FilePath(full_path); 196} 197 198// TODO(erikkay): The Windows version of this accepts paths like "foo/bar/*" 199// which works both with and without the recursive flag. I'm not sure we need 200// that functionality. If not, remove from file_util_win.cc, otherwise add it 201// here. 202bool DeleteFile(const FilePath& path, bool recursive) { 203 ThreadRestrictions::AssertIOAllowed(); 204 const char* path_str = path.value().c_str(); 205 stat_wrapper_t file_info; 206 int test = CallLstat(path_str, &file_info); 207 if (test != 0) { 208 // The Windows version defines this condition as success. 209 bool ret = (errno == ENOENT || errno == ENOTDIR); 210 return ret; 211 } 212 if (!S_ISDIR(file_info.st_mode)) 213 return (unlink(path_str) == 0); 214 if (!recursive) 215 return (rmdir(path_str) == 0); 216 217 bool success = true; 218 std::stack<std::string> directories; 219 directories.push(path.value()); 220 FileEnumerator traversal(path, true, 221 FileEnumerator::FILES | FileEnumerator::DIRECTORIES | 222 FileEnumerator::SHOW_SYM_LINKS); 223 for (FilePath current = traversal.Next(); success && !current.empty(); 224 current = traversal.Next()) { 225 if (traversal.GetInfo().IsDirectory()) 226 directories.push(current.value()); 227 else 228 success = (unlink(current.value().c_str()) == 0); 229 } 230 231 while (success && !directories.empty()) { 232 FilePath dir = FilePath(directories.top()); 233 directories.pop(); 234 success = (rmdir(dir.value().c_str()) == 0); 235 } 236 return success; 237} 238 239bool ReplaceFile(const FilePath& from_path, 240 const FilePath& to_path, 241 File::Error* error) { 242 ThreadRestrictions::AssertIOAllowed(); 243 if (rename(from_path.value().c_str(), to_path.value().c_str()) == 0) 244 return true; 245 if (error) 246 *error = File::OSErrorToFileError(errno); 247 return false; 248} 249 250bool CopyDirectory(const FilePath& from_path, 251 const FilePath& to_path, 252 bool recursive) { 253 ThreadRestrictions::AssertIOAllowed(); 254 // Some old callers of CopyDirectory want it to support wildcards. 255 // After some discussion, we decided to fix those callers. 256 // Break loudly here if anyone tries to do this. 257 DCHECK(to_path.value().find('*') == std::string::npos); 258 DCHECK(from_path.value().find('*') == std::string::npos); 259 260 if (from_path.value().size() >= PATH_MAX) { 261 return false; 262 } 263 264 // This function does not properly handle destinations within the source 265 FilePath real_to_path = to_path; 266 if (PathExists(real_to_path)) { 267 real_to_path = MakeAbsoluteFilePath(real_to_path); 268 if (real_to_path.empty()) 269 return false; 270 } else { 271 real_to_path = MakeAbsoluteFilePath(real_to_path.DirName()); 272 if (real_to_path.empty()) 273 return false; 274 } 275 FilePath real_from_path = MakeAbsoluteFilePath(from_path); 276 if (real_from_path.empty()) 277 return false; 278 if (real_to_path.value().size() >= real_from_path.value().size() && 279 real_to_path.value().compare(0, real_from_path.value().size(), 280 real_from_path.value()) == 0) { 281 return false; 282 } 283 284 int traverse_type = FileEnumerator::FILES | FileEnumerator::SHOW_SYM_LINKS; 285 if (recursive) 286 traverse_type |= FileEnumerator::DIRECTORIES; 287 FileEnumerator traversal(from_path, recursive, traverse_type); 288 289 // We have to mimic windows behavior here. |to_path| may not exist yet, 290 // start the loop with |to_path|. 291 struct stat from_stat; 292 FilePath current = from_path; 293 if (stat(from_path.value().c_str(), &from_stat) < 0) { 294 DLOG(ERROR) << "CopyDirectory() couldn't stat source directory: " 295 << from_path.value() << " errno = " << errno; 296 return false; 297 } 298 struct stat to_path_stat; 299 FilePath from_path_base = from_path; 300 if (recursive && stat(to_path.value().c_str(), &to_path_stat) == 0 && 301 S_ISDIR(to_path_stat.st_mode)) { 302 // If the destination already exists and is a directory, then the 303 // top level of source needs to be copied. 304 from_path_base = from_path.DirName(); 305 } 306 307 // The Windows version of this function assumes that non-recursive calls 308 // will always have a directory for from_path. 309 // TODO(maruel): This is not necessary anymore. 310 DCHECK(recursive || S_ISDIR(from_stat.st_mode)); 311 312 bool success = true; 313 while (success && !current.empty()) { 314 // current is the source path, including from_path, so append 315 // the suffix after from_path to to_path to create the target_path. 316 FilePath target_path(to_path); 317 if (from_path_base != current) { 318 if (!from_path_base.AppendRelativePath(current, &target_path)) { 319 success = false; 320 break; 321 } 322 } 323 324 if (S_ISDIR(from_stat.st_mode)) { 325 if (mkdir(target_path.value().c_str(), 326 (from_stat.st_mode & 01777) | S_IRUSR | S_IXUSR | S_IWUSR) != 327 0 && 328 errno != EEXIST) { 329 DLOG(ERROR) << "CopyDirectory() couldn't create directory: " 330 << target_path.value() << " errno = " << errno; 331 success = false; 332 } 333 } else if (S_ISREG(from_stat.st_mode)) { 334 if (!CopyFile(current, target_path)) { 335 DLOG(ERROR) << "CopyDirectory() couldn't create file: " 336 << target_path.value(); 337 success = false; 338 } 339 } else { 340 DLOG(WARNING) << "CopyDirectory() skipping non-regular file: " 341 << current.value(); 342 } 343 344 current = traversal.Next(); 345 if (!current.empty()) 346 from_stat = traversal.GetInfo().stat(); 347 } 348 349 return success; 350} 351#endif // !defined(OS_NACL_NONSFI) 352 353bool PathExists(const FilePath& path) { 354 ThreadRestrictions::AssertIOAllowed(); 355#if defined(OS_ANDROID) 356 if (path.IsContentUri()) { 357 return ContentUriExists(path); 358 } 359#endif 360 return access(path.value().c_str(), F_OK) == 0; 361} 362 363#if !defined(OS_NACL_NONSFI) 364bool PathIsWritable(const FilePath& path) { 365 ThreadRestrictions::AssertIOAllowed(); 366 return access(path.value().c_str(), W_OK) == 0; 367} 368#endif // !defined(OS_NACL_NONSFI) 369 370bool DirectoryExists(const FilePath& path) { 371 ThreadRestrictions::AssertIOAllowed(); 372 stat_wrapper_t file_info; 373 if (CallStat(path.value().c_str(), &file_info) == 0) 374 return S_ISDIR(file_info.st_mode); 375 return false; 376} 377 378bool ReadFromFD(int fd, char* buffer, size_t bytes) { 379 size_t total_read = 0; 380 while (total_read < bytes) { 381 ssize_t bytes_read = 382 HANDLE_EINTR(read(fd, buffer + total_read, bytes - total_read)); 383 if (bytes_read <= 0) 384 break; 385 total_read += bytes_read; 386 } 387 return total_read == bytes; 388} 389 390#if !defined(OS_NACL_NONSFI) 391bool CreateSymbolicLink(const FilePath& target_path, 392 const FilePath& symlink_path) { 393 DCHECK(!symlink_path.empty()); 394 DCHECK(!target_path.empty()); 395 return ::symlink(target_path.value().c_str(), 396 symlink_path.value().c_str()) != -1; 397} 398 399bool ReadSymbolicLink(const FilePath& symlink_path, FilePath* target_path) { 400 DCHECK(!symlink_path.empty()); 401 DCHECK(target_path); 402 char buf[PATH_MAX]; 403 ssize_t count = ::readlink(symlink_path.value().c_str(), buf, arraysize(buf)); 404 405 if (count <= 0) { 406 target_path->clear(); 407 return false; 408 } 409 410 *target_path = FilePath(FilePath::StringType(buf, count)); 411 return true; 412} 413 414bool GetPosixFilePermissions(const FilePath& path, int* mode) { 415 ThreadRestrictions::AssertIOAllowed(); 416 DCHECK(mode); 417 418 stat_wrapper_t file_info; 419 // Uses stat(), because on symbolic link, lstat() does not return valid 420 // permission bits in st_mode 421 if (CallStat(path.value().c_str(), &file_info) != 0) 422 return false; 423 424 *mode = file_info.st_mode & FILE_PERMISSION_MASK; 425 return true; 426} 427 428bool SetPosixFilePermissions(const FilePath& path, 429 int mode) { 430 ThreadRestrictions::AssertIOAllowed(); 431 DCHECK_EQ(mode & ~FILE_PERMISSION_MASK, 0); 432 433 // Calls stat() so that we can preserve the higher bits like S_ISGID. 434 stat_wrapper_t stat_buf; 435 if (CallStat(path.value().c_str(), &stat_buf) != 0) 436 return false; 437 438 // Clears the existing permission bits, and adds the new ones. 439 mode_t updated_mode_bits = stat_buf.st_mode & ~FILE_PERMISSION_MASK; 440 updated_mode_bits |= mode & FILE_PERMISSION_MASK; 441 442 if (HANDLE_EINTR(chmod(path.value().c_str(), updated_mode_bits)) != 0) 443 return false; 444 445 return true; 446} 447 448#if !defined(OS_MACOSX) 449// This is implemented in file_util_mac.mm for Mac. 450bool GetTempDir(FilePath* path) { 451 const char* tmp = getenv("TMPDIR"); 452 if (tmp) { 453 *path = FilePath(tmp); 454 } else { 455#if defined(OS_ANDROID) 456 return PathService::Get(base::DIR_CACHE, path); 457#else 458 *path = FilePath("/tmp"); 459#endif 460 } 461 return true; 462} 463#endif // !defined(OS_MACOSX) 464 465#if !defined(OS_MACOSX) // Mac implementation is in file_util_mac.mm. 466FilePath GetHomeDir() { 467#if defined(OS_CHROMEOS) 468 if (SysInfo::IsRunningOnChromeOS()) { 469 // On Chrome OS chrome::DIR_USER_DATA is overridden with a primary user 470 // homedir once it becomes available. Return / as the safe option. 471 return FilePath("/"); 472 } 473#endif 474 475 const char* home_dir = getenv("HOME"); 476 if (home_dir && home_dir[0]) 477 return FilePath(home_dir); 478 479#if defined(OS_ANDROID) 480 DLOG(WARNING) << "OS_ANDROID: Home directory lookup not yet implemented."; 481#elif defined(USE_GLIB) && !defined(OS_CHROMEOS) 482 // g_get_home_dir calls getpwent, which can fall through to LDAP calls so 483 // this may do I/O. However, it should be rare that $HOME is not defined and 484 // this is typically called from the path service which has no threading 485 // restrictions. The path service will cache the result which limits the 486 // badness of blocking on I/O. As a result, we don't have a thread 487 // restriction here. 488 home_dir = g_get_home_dir(); 489 if (home_dir && home_dir[0]) 490 return FilePath(home_dir); 491#endif 492 493 FilePath rv; 494 if (GetTempDir(&rv)) 495 return rv; 496 497 // Last resort. 498 return FilePath("/tmp"); 499} 500#endif // !defined(OS_MACOSX) 501 502bool CreateTemporaryFile(FilePath* path) { 503 ThreadRestrictions::AssertIOAllowed(); // For call to close(). 504 FilePath directory; 505 if (!GetTempDir(&directory)) 506 return false; 507 int fd = CreateAndOpenFdForTemporaryFile(directory, path); 508 if (fd < 0) 509 return false; 510 close(fd); 511 return true; 512} 513 514FILE* CreateAndOpenTemporaryFileInDir(const FilePath& dir, FilePath* path) { 515 int fd = CreateAndOpenFdForTemporaryFile(dir, path); 516 if (fd < 0) 517 return NULL; 518 519 FILE* file = fdopen(fd, "a+"); 520 if (!file) 521 close(fd); 522 return file; 523} 524 525bool CreateTemporaryFileInDir(const FilePath& dir, FilePath* temp_file) { 526 ThreadRestrictions::AssertIOAllowed(); // For call to close(). 527 int fd = CreateAndOpenFdForTemporaryFile(dir, temp_file); 528 return ((fd >= 0) && !IGNORE_EINTR(close(fd))); 529} 530 531static bool CreateTemporaryDirInDirImpl(const FilePath& base_dir, 532 const FilePath::StringType& name_tmpl, 533 FilePath* new_dir) { 534 ThreadRestrictions::AssertIOAllowed(); // For call to mkdtemp(). 535 DCHECK(name_tmpl.find("XXXXXX") != FilePath::StringType::npos) 536 << "Directory name template must contain \"XXXXXX\"."; 537 538 FilePath sub_dir = base_dir.Append(name_tmpl); 539 std::string sub_dir_string = sub_dir.value(); 540 541 // this should be OK since mkdtemp just replaces characters in place 542 char* buffer = const_cast<char*>(sub_dir_string.c_str()); 543 char* dtemp = mkdtemp(buffer); 544 if (!dtemp) { 545 DPLOG(ERROR) << "mkdtemp"; 546 return false; 547 } 548 *new_dir = FilePath(dtemp); 549 return true; 550} 551 552bool CreateTemporaryDirInDir(const FilePath& base_dir, 553 const FilePath::StringType& prefix, 554 FilePath* new_dir) { 555 FilePath::StringType mkdtemp_template = prefix; 556 mkdtemp_template.append(FILE_PATH_LITERAL("XXXXXX")); 557 return CreateTemporaryDirInDirImpl(base_dir, mkdtemp_template, new_dir); 558} 559 560bool CreateNewTempDirectory(const FilePath::StringType& prefix, 561 FilePath* new_temp_path) { 562 FilePath tmpdir; 563 if (!GetTempDir(&tmpdir)) 564 return false; 565 566 return CreateTemporaryDirInDirImpl(tmpdir, TempFileName(), new_temp_path); 567} 568 569bool CreateDirectoryAndGetError(const FilePath& full_path, 570 File::Error* error) { 571 ThreadRestrictions::AssertIOAllowed(); // For call to mkdir(). 572 std::vector<FilePath> subpaths; 573 574 // Collect a list of all parent directories. 575 FilePath last_path = full_path; 576 subpaths.push_back(full_path); 577 for (FilePath path = full_path.DirName(); 578 path.value() != last_path.value(); path = path.DirName()) { 579 subpaths.push_back(path); 580 last_path = path; 581 } 582 583 // Iterate through the parents and create the missing ones. 584 for (std::vector<FilePath>::reverse_iterator i = subpaths.rbegin(); 585 i != subpaths.rend(); ++i) { 586 if (DirectoryExists(*i)) 587 continue; 588 if (mkdir(i->value().c_str(), 0700) == 0) 589 continue; 590 // Mkdir failed, but it might have failed with EEXIST, or some other error 591 // due to the the directory appearing out of thin air. This can occur if 592 // two processes are trying to create the same file system tree at the same 593 // time. Check to see if it exists and make sure it is a directory. 594 int saved_errno = errno; 595 if (!DirectoryExists(*i)) { 596 if (error) 597 *error = File::OSErrorToFileError(saved_errno); 598 return false; 599 } 600 } 601 return true; 602} 603 604bool NormalizeFilePath(const FilePath& path, FilePath* normalized_path) { 605 FilePath real_path_result; 606 if (!RealPath(path, &real_path_result)) 607 return false; 608 609 // To be consistant with windows, fail if |real_path_result| is a 610 // directory. 611 stat_wrapper_t file_info; 612 if (CallStat(real_path_result.value().c_str(), &file_info) != 0 || 613 S_ISDIR(file_info.st_mode)) 614 return false; 615 616 *normalized_path = real_path_result; 617 return true; 618} 619 620// TODO(rkc): Refactor GetFileInfo and FileEnumerator to handle symlinks 621// correctly. http://code.google.com/p/chromium-os/issues/detail?id=15948 622bool IsLink(const FilePath& file_path) { 623 stat_wrapper_t st; 624 // If we can't lstat the file, it's safe to assume that the file won't at 625 // least be a 'followable' link. 626 if (CallLstat(file_path.value().c_str(), &st) != 0) 627 return false; 628 629 if (S_ISLNK(st.st_mode)) 630 return true; 631 else 632 return false; 633} 634 635bool GetFileInfo(const FilePath& file_path, File::Info* results) { 636 stat_wrapper_t file_info; 637#if defined(OS_ANDROID) 638 if (file_path.IsContentUri()) { 639 File file = OpenContentUriForRead(file_path); 640 if (!file.IsValid()) 641 return false; 642 return file.GetInfo(results); 643 } else { 644#endif // defined(OS_ANDROID) 645 if (CallStat(file_path.value().c_str(), &file_info) != 0) 646 return false; 647#if defined(OS_ANDROID) 648 } 649#endif // defined(OS_ANDROID) 650 651 results->FromStat(file_info); 652 return true; 653} 654#endif // !defined(OS_NACL_NONSFI) 655 656FILE* OpenFile(const FilePath& filename, const char* mode) { 657 ThreadRestrictions::AssertIOAllowed(); 658 FILE* result = NULL; 659 do { 660 result = fopen(filename.value().c_str(), mode); 661 } while (!result && errno == EINTR); 662 return result; 663} 664 665// NaCl doesn't implement system calls to open files directly. 666#if !defined(OS_NACL) 667FILE* FileToFILE(File file, const char* mode) { 668 FILE* stream = fdopen(file.GetPlatformFile(), mode); 669 if (stream) 670 file.TakePlatformFile(); 671 return stream; 672} 673#endif // !defined(OS_NACL) 674 675int ReadFile(const FilePath& filename, char* data, int max_size) { 676 ThreadRestrictions::AssertIOAllowed(); 677 int fd = HANDLE_EINTR(open(filename.value().c_str(), O_RDONLY)); 678 if (fd < 0) 679 return -1; 680 681 ssize_t bytes_read = HANDLE_EINTR(read(fd, data, max_size)); 682 if (IGNORE_EINTR(close(fd)) < 0) 683 return -1; 684 return bytes_read; 685} 686 687int WriteFile(const FilePath& filename, const char* data, int size) { 688 ThreadRestrictions::AssertIOAllowed(); 689 int fd = HANDLE_EINTR(creat(filename.value().c_str(), 0640)); 690 if (fd < 0) 691 return -1; 692 693 int bytes_written = WriteFileDescriptor(fd, data, size) ? size : -1; 694 if (IGNORE_EINTR(close(fd)) < 0) 695 return -1; 696 return bytes_written; 697} 698 699bool WriteFileDescriptor(const int fd, const char* data, int size) { 700 // Allow for partial writes. 701 ssize_t bytes_written_total = 0; 702 for (ssize_t bytes_written_partial = 0; bytes_written_total < size; 703 bytes_written_total += bytes_written_partial) { 704 bytes_written_partial = 705 HANDLE_EINTR(write(fd, data + bytes_written_total, 706 size - bytes_written_total)); 707 if (bytes_written_partial < 0) 708 return false; 709 } 710 711 return true; 712} 713 714#if !defined(OS_NACL_NONSFI) 715 716bool AppendToFile(const FilePath& filename, const char* data, int size) { 717 ThreadRestrictions::AssertIOAllowed(); 718 bool ret = true; 719 int fd = HANDLE_EINTR(open(filename.value().c_str(), O_WRONLY | O_APPEND)); 720 if (fd < 0) { 721 VPLOG(1) << "Unable to create file " << filename.value(); 722 return false; 723 } 724 725 // This call will either write all of the data or return false. 726 if (!WriteFileDescriptor(fd, data, size)) { 727 VPLOG(1) << "Error while writing to file " << filename.value(); 728 ret = false; 729 } 730 731 if (IGNORE_EINTR(close(fd)) < 0) { 732 VPLOG(1) << "Error while closing file " << filename.value(); 733 return false; 734 } 735 736 return ret; 737} 738 739// Gets the current working directory for the process. 740bool GetCurrentDirectory(FilePath* dir) { 741 // getcwd can return ENOENT, which implies it checks against the disk. 742 ThreadRestrictions::AssertIOAllowed(); 743 744 char system_buffer[PATH_MAX] = ""; 745 if (!getcwd(system_buffer, sizeof(system_buffer))) { 746 NOTREACHED(); 747 return false; 748 } 749 *dir = FilePath(system_buffer); 750 return true; 751} 752 753// Sets the current working directory for the process. 754bool SetCurrentDirectory(const FilePath& path) { 755 ThreadRestrictions::AssertIOAllowed(); 756 int ret = chdir(path.value().c_str()); 757 return !ret; 758} 759 760bool VerifyPathControlledByUser(const FilePath& base, 761 const FilePath& path, 762 uid_t owner_uid, 763 const std::set<gid_t>& group_gids) { 764 if (base != path && !base.IsParent(path)) { 765 DLOG(ERROR) << "|base| must be a subdirectory of |path|. base = \"" 766 << base.value() << "\", path = \"" << path.value() << "\""; 767 return false; 768 } 769 770 std::vector<FilePath::StringType> base_components; 771 std::vector<FilePath::StringType> path_components; 772 773 base.GetComponents(&base_components); 774 path.GetComponents(&path_components); 775 776 std::vector<FilePath::StringType>::const_iterator ib, ip; 777 for (ib = base_components.begin(), ip = path_components.begin(); 778 ib != base_components.end(); ++ib, ++ip) { 779 // |base| must be a subpath of |path|, so all components should match. 780 // If these CHECKs fail, look at the test that base is a parent of 781 // path at the top of this function. 782 DCHECK(ip != path_components.end()); 783 DCHECK(*ip == *ib); 784 } 785 786 FilePath current_path = base; 787 if (!VerifySpecificPathControlledByUser(current_path, owner_uid, group_gids)) 788 return false; 789 790 for (; ip != path_components.end(); ++ip) { 791 current_path = current_path.Append(*ip); 792 if (!VerifySpecificPathControlledByUser( 793 current_path, owner_uid, group_gids)) 794 return false; 795 } 796 return true; 797} 798 799#if defined(OS_MACOSX) && !defined(OS_IOS) 800bool VerifyPathControlledByAdmin(const FilePath& path) { 801 const unsigned kRootUid = 0; 802 const FilePath kFileSystemRoot("/"); 803 804 // The name of the administrator group on mac os. 805 const char* const kAdminGroupNames[] = { 806 "admin", 807 "wheel" 808 }; 809 810 // Reading the groups database may touch the file system. 811 ThreadRestrictions::AssertIOAllowed(); 812 813 std::set<gid_t> allowed_group_ids; 814 for (int i = 0, ie = arraysize(kAdminGroupNames); i < ie; ++i) { 815 struct group *group_record = getgrnam(kAdminGroupNames[i]); 816 if (!group_record) { 817 DPLOG(ERROR) << "Could not get the group ID of group \"" 818 << kAdminGroupNames[i] << "\"."; 819 continue; 820 } 821 822 allowed_group_ids.insert(group_record->gr_gid); 823 } 824 825 return VerifyPathControlledByUser( 826 kFileSystemRoot, path, kRootUid, allowed_group_ids); 827} 828#endif // defined(OS_MACOSX) && !defined(OS_IOS) 829 830int GetMaximumPathComponentLength(const FilePath& path) { 831 ThreadRestrictions::AssertIOAllowed(); 832 return pathconf(path.value().c_str(), _PC_NAME_MAX); 833} 834 835#if !defined(OS_ANDROID) 836// This is implemented in file_util_android.cc for that platform. 837bool GetShmemTempDir(bool executable, FilePath* path) { 838#if defined(OS_LINUX) 839 bool use_dev_shm = true; 840 if (executable) { 841 static const bool s_dev_shm_executable = DetermineDevShmExecutable(); 842 use_dev_shm = s_dev_shm_executable; 843 } 844 if (use_dev_shm) { 845 *path = FilePath("/dev/shm"); 846 return true; 847 } 848#endif 849 return GetTempDir(path); 850} 851#endif // !defined(OS_ANDROID) 852 853#if !defined(OS_MACOSX) 854// Mac has its own implementation, this is for all other Posix systems. 855bool CopyFile(const FilePath& from_path, const FilePath& to_path) { 856 ThreadRestrictions::AssertIOAllowed(); 857 File infile; 858#if defined(OS_ANDROID) 859 if (from_path.IsContentUri()) { 860 infile = OpenContentUriForRead(from_path); 861 } else { 862 infile = File(from_path, File::FLAG_OPEN | File::FLAG_READ); 863 } 864#else 865 infile = File(from_path, File::FLAG_OPEN | File::FLAG_READ); 866#endif 867 if (!infile.IsValid()) 868 return false; 869 870 File outfile(to_path, File::FLAG_WRITE | File::FLAG_CREATE_ALWAYS); 871 if (!outfile.IsValid()) 872 return false; 873 874 const size_t kBufferSize = 32768; 875 std::vector<char> buffer(kBufferSize); 876 bool result = true; 877 878 while (result) { 879 ssize_t bytes_read = infile.ReadAtCurrentPos(&buffer[0], buffer.size()); 880 if (bytes_read < 0) { 881 result = false; 882 break; 883 } 884 if (bytes_read == 0) 885 break; 886 // Allow for partial writes 887 ssize_t bytes_written_per_read = 0; 888 do { 889 ssize_t bytes_written_partial = outfile.WriteAtCurrentPos( 890 &buffer[bytes_written_per_read], bytes_read - bytes_written_per_read); 891 if (bytes_written_partial < 0) { 892 result = false; 893 break; 894 } 895 bytes_written_per_read += bytes_written_partial; 896 } while (bytes_written_per_read < bytes_read); 897 } 898 899 return result; 900} 901#endif // !defined(OS_MACOSX) 902 903// ----------------------------------------------------------------------------- 904 905namespace internal { 906 907bool MoveUnsafe(const FilePath& from_path, const FilePath& to_path) { 908 ThreadRestrictions::AssertIOAllowed(); 909 // Windows compatibility: if to_path exists, from_path and to_path 910 // must be the same type, either both files, or both directories. 911 stat_wrapper_t to_file_info; 912 if (CallStat(to_path.value().c_str(), &to_file_info) == 0) { 913 stat_wrapper_t from_file_info; 914 if (CallStat(from_path.value().c_str(), &from_file_info) == 0) { 915 if (S_ISDIR(to_file_info.st_mode) != S_ISDIR(from_file_info.st_mode)) 916 return false; 917 } else { 918 return false; 919 } 920 } 921 922 if (rename(from_path.value().c_str(), to_path.value().c_str()) == 0) 923 return true; 924 925 if (!CopyDirectory(from_path, to_path, true)) 926 return false; 927 928 DeleteFile(from_path, true); 929 return true; 930} 931 932} // namespace internal 933 934#endif // !defined(OS_NACL_NONSFI) 935} // namespace base 936