search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Don't switch browser locale on secondary user login
[chromium-blink-merge.git] / base / file_util_posix.cc
blob762700ae42c11d42e39bffaf89aaf4472a704dd9
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/file_util.h"
6
7 #include <dirent.h>
8 #include <errno.h>
9 #include <fcntl.h>
10 #include <libgen.h>
11 #include <limits.h>
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <string.h>
15 #include <sys/errno.h>
16 #include <sys/mman.h>
17 #include <sys/param.h>
18 #include <sys/stat.h>
19 #include <sys/time.h>
20 #include <sys/types.h>
21 #include <time.h>
22 #include <unistd.h>
23
24 #if defined(OS_MACOSX)
25 #include <AvailabilityMacros.h>
26 #include "base/mac/foundation_util.h"
27 #elif !defined(OS_ANDROID)
28 #include <glib.h>
29 #endif
30
31 #include <fstream>
32
33 #include "base/basictypes.h"
34 #include "base/files/file_enumerator.h"
35 #include "base/files/file_path.h"
36 #include "base/logging.h"
37 #include "base/memory/scoped_ptr.h"
38 #include "base/memory/singleton.h"
39 #include "base/path_service.h"
40 #include "base/posix/eintr_wrapper.h"
41 #include "base/stl_util.h"
42 #include "base/strings/string_util.h"
43 #include "base/strings/stringprintf.h"
44 #include "base/strings/sys_string_conversions.h"
45 #include "base/strings/utf_string_conversions.h"
46 #include "base/threading/thread_restrictions.h"
47 #include "base/time/time.h"
48
49 #if defined(OS_ANDROID)
50 #include "base/os_compat_android.h"
51 #endif
52
53 #if !defined(OS_IOS)
54 #include <grp.h>
55 #endif
56
57 #if defined(OS_CHROMEOS)
58 #include "base/chromeos/chromeos_version.h"
59 #endif
60
61 namespace base {
62
63 namespace {
64
65 #if defined(OS_BSD) || defined(OS_MACOSX)
66 typedef struct stat stat_wrapper_t;
67 static int CallStat(const char *path, stat_wrapper_t *sb) {
68 ThreadRestrictions::AssertIOAllowed();
69 return stat(path, sb);
70 }
71 static int CallLstat(const char *path, stat_wrapper_t *sb) {
72 ThreadRestrictions::AssertIOAllowed();
73 return lstat(path, sb);
74 }
75 #else
76 typedef struct stat64 stat_wrapper_t;
77 static int CallStat(const char *path, stat_wrapper_t *sb) {
78 ThreadRestrictions::AssertIOAllowed();
79 return stat64(path, sb);
80 }
81 static int CallLstat(const char *path, stat_wrapper_t *sb) {
82 ThreadRestrictions::AssertIOAllowed();
83 return lstat64(path, sb);
84 }
85 #endif
86
87 // Helper for NormalizeFilePath(), defined below.
88 bool RealPath(const FilePath& path, FilePath* real_path) {
89 ThreadRestrictions::AssertIOAllowed(); // For realpath().
90 FilePath::CharType buf[PATH_MAX];
91 if (!realpath(path.value().c_str(), buf))
92 return false;
93
94 *real_path = FilePath(buf);
95 return true;
96 }
97
98 // Helper for VerifyPathControlledByUser.
99 bool VerifySpecificPathControlledByUser(const FilePath& path,
100 uid_t owner_uid,
101 const std::set<gid_t>& group_gids) {
102 stat_wrapper_t stat_info;
103 if (CallLstat(path.value().c_str(), &stat_info) != 0) {
104 DPLOG(ERROR) << "Failed to get information on path "
105 << path.value();
106 return false;
107 }
108
109 if (S_ISLNK(stat_info.st_mode)) {
110 DLOG(ERROR) << "Path " << path.value()
111 << " is a symbolic link.";
112 return false;
113 }
114
115 if (stat_info.st_uid != owner_uid) {
116 DLOG(ERROR) << "Path " << path.value()
117 << " is owned by the wrong user.";
118 return false;
119 }
120
121 if ((stat_info.st_mode & S_IWGRP) &&
122 !ContainsKey(group_gids, stat_info.st_gid)) {
123 DLOG(ERROR) << "Path " << path.value()
124 << " is writable by an unprivileged group.";
125 return false;
126 }
127
128 if (stat_info.st_mode & S_IWOTH) {
129 DLOG(ERROR) << "Path " << path.value()
130 << " is writable by any user.";
131 return false;
132 }
133
134 return true;
135 }
136
137 std::string TempFileName() {
138 #if defined(OS_MACOSX)
139 return StringPrintf(".%s.XXXXXX", base::mac::BaseBundleID());
140 #endif
141
142 #if defined(GOOGLE_CHROME_BUILD)
143 return std::string(".com.google.Chrome.XXXXXX");
144 #else
145 return std::string(".org.chromium.Chromium.XXXXXX");
146 #endif
147 }
148
149 } // namespace
150
151 FilePath MakeAbsoluteFilePath(const FilePath& input) {
152 ThreadRestrictions::AssertIOAllowed();
153 char full_path[PATH_MAX];
154 if (realpath(input.value().c_str(), full_path) == NULL)
155 return FilePath();
156 return FilePath(full_path);
157 }
158
159 // TODO(erikkay): The Windows version of this accepts paths like "foo/bar/*"
160 // which works both with and without the recursive flag. I'm not sure we need
161 // that functionality. If not, remove from file_util_win.cc, otherwise add it
162 // here.
163 bool DeleteFile(const FilePath& path, bool recursive) {
164 ThreadRestrictions::AssertIOAllowed();
165 const char* path_str = path.value().c_str();
166 stat_wrapper_t file_info;
167 int test = CallLstat(path_str, &file_info);
168 if (test != 0) {
169 // The Windows version defines this condition as success.
170 bool ret = (errno == ENOENT || errno == ENOTDIR);
171 return ret;
172 }
173 if (!S_ISDIR(file_info.st_mode))
174 return (unlink(path_str) == 0);
175 if (!recursive)
176 return (rmdir(path_str) == 0);
177
178 bool success = true;
179 std::stack<std::string> directories;
180 directories.push(path.value());
181 FileEnumerator traversal(path, true,
182 FileEnumerator::FILES | FileEnumerator::DIRECTORIES |
183 FileEnumerator::SHOW_SYM_LINKS);
184 for (FilePath current = traversal.Next(); success && !current.empty();
185 current = traversal.Next()) {
186 if (traversal.GetInfo().IsDirectory())
187 directories.push(current.value());
188 else
189 success = (unlink(current.value().c_str()) == 0);
190 }
191
192 while (success && !directories.empty()) {
193 FilePath dir = FilePath(directories.top());
194 directories.pop();
195 success = (rmdir(dir.value().c_str()) == 0);
196 }
197 return success;
198 }
199
200 bool ReplaceFile(const FilePath& from_path,
201 const FilePath& to_path,
202 PlatformFileError* error) {
203 ThreadRestrictions::AssertIOAllowed();
204 if (rename(from_path.value().c_str(), to_path.value().c_str()) == 0)
205 return true;
206 if (error)
207 *error = ErrnoToPlatformFileError(errno);
208 return false;
209 }
210
211 bool CopyDirectory(const FilePath& from_path,
212 const FilePath& to_path,
213 bool recursive) {
214 ThreadRestrictions::AssertIOAllowed();
215 // Some old callers of CopyDirectory want it to support wildcards.
216 // After some discussion, we decided to fix those callers.
217 // Break loudly here if anyone tries to do this.
218 // TODO(evanm): remove this once we're sure it's ok.
219 DCHECK(to_path.value().find('*') == std::string::npos);
220 DCHECK(from_path.value().find('*') == std::string::npos);
221
222 char top_dir[PATH_MAX];
223 if (strlcpy(top_dir, from_path.value().c_str(),
224 arraysize(top_dir)) >= arraysize(top_dir)) {
225 return false;
226 }
227
228 // This function does not properly handle destinations within the source
229 FilePath real_to_path = to_path;
230 if (PathExists(real_to_path)) {
231 real_to_path = MakeAbsoluteFilePath(real_to_path);
232 if (real_to_path.empty())
233 return false;
234 } else {
235 real_to_path = MakeAbsoluteFilePath(real_to_path.DirName());
236 if (real_to_path.empty())
237 return false;
238 }
239 FilePath real_from_path = MakeAbsoluteFilePath(from_path);
240 if (real_from_path.empty())
241 return false;
242 if (real_to_path.value().size() >= real_from_path.value().size() &&
243 real_to_path.value().compare(0, real_from_path.value().size(),
244 real_from_path.value()) == 0)
245 return false;
246
247 bool success = true;
248 int traverse_type = FileEnumerator::FILES | FileEnumerator::SHOW_SYM_LINKS;
249 if (recursive)
250 traverse_type |= FileEnumerator::DIRECTORIES;
251 FileEnumerator traversal(from_path, recursive, traverse_type);
252
253 // We have to mimic windows behavior here. |to_path| may not exist yet,
254 // start the loop with |to_path|.
255 struct stat from_stat;
256 FilePath current = from_path;
257 if (stat(from_path.value().c_str(), &from_stat) < 0) {
258 DLOG(ERROR) << "CopyDirectory() couldn't stat source directory: "
259 << from_path.value() << " errno = " << errno;
260 success = false;
261 }
262 struct stat to_path_stat;
263 FilePath from_path_base = from_path;
264 if (recursive && stat(to_path.value().c_str(), &to_path_stat) == 0 &&
265 S_ISDIR(to_path_stat.st_mode)) {
266 // If the destination already exists and is a directory, then the
267 // top level of source needs to be copied.
268 from_path_base = from_path.DirName();
269 }
270
271 // The Windows version of this function assumes that non-recursive calls
272 // will always have a directory for from_path.
273 DCHECK(recursive || S_ISDIR(from_stat.st_mode));
274
275 while (success && !current.empty()) {
276 // current is the source path, including from_path, so append
277 // the suffix after from_path to to_path to create the target_path.
278 FilePath target_path(to_path);
279 if (from_path_base != current) {
280 if (!from_path_base.AppendRelativePath(current, &target_path)) {
281 success = false;
282 break;
283 }
284 }
285
286 if (S_ISDIR(from_stat.st_mode)) {
287 if (mkdir(target_path.value().c_str(), from_stat.st_mode & 01777) != 0 &&
288 errno != EEXIST) {
289 DLOG(ERROR) << "CopyDirectory() couldn't create directory: "
290 << target_path.value() << " errno = " << errno;
291 success = false;
292 }
293 } else if (S_ISREG(from_stat.st_mode)) {
294 if (!CopyFile(current, target_path)) {
295 DLOG(ERROR) << "CopyDirectory() couldn't create file: "
296 << target_path.value();
297 success = false;
298 }
299 } else {
300 DLOG(WARNING) << "CopyDirectory() skipping non-regular file: "
301 << current.value();
302 }
303
304 current = traversal.Next();
305 if (!current.empty())
306 from_stat = traversal.GetInfo().stat();
307 }
308
309 return success;
310 }
311
312 bool PathExists(const FilePath& path) {
313 ThreadRestrictions::AssertIOAllowed();
314 return access(path.value().c_str(), F_OK) == 0;
315 }
316
317 bool PathIsWritable(const FilePath& path) {
318 ThreadRestrictions::AssertIOAllowed();
319 return access(path.value().c_str(), W_OK) == 0;
320 }
321
322 bool DirectoryExists(const FilePath& path) {
323 ThreadRestrictions::AssertIOAllowed();
324 stat_wrapper_t file_info;
325 if (CallStat(path.value().c_str(), &file_info) == 0)
326 return S_ISDIR(file_info.st_mode);
327 return false;
328 }
329
330 } // namespace base
331
332 // -----------------------------------------------------------------------------
333
334 namespace file_util {
335
336 using base::stat_wrapper_t;
337 using base::CallStat;
338 using base::CallLstat;
339 using base::DirectoryExists;
340 using base::FileEnumerator;
341 using base::FilePath;
342 using base::MakeAbsoluteFilePath;
343 using base::RealPath;
344 using base::VerifySpecificPathControlledByUser;
345
346 bool ReadFromFD(int fd, char* buffer, size_t bytes) {
347 size_t total_read = 0;
348 while (total_read < bytes) {
349 ssize_t bytes_read =
350 HANDLE_EINTR(read(fd, buffer + total_read, bytes - total_read));
351 if (bytes_read <= 0)
352 break;
353 total_read += bytes_read;
354 }
355 return total_read == bytes;
356 }
357
358 bool CreateSymbolicLink(const FilePath& target_path,
359 const FilePath& symlink_path) {
360 DCHECK(!symlink_path.empty());
361 DCHECK(!target_path.empty());
362 return ::symlink(target_path.value().c_str(),
363 symlink_path.value().c_str()) != -1;
364 }
365
366 bool ReadSymbolicLink(const FilePath& symlink_path,
367 FilePath* target_path) {
368 DCHECK(!symlink_path.empty());
369 DCHECK(target_path);
370 char buf[PATH_MAX];
371 ssize_t count = ::readlink(symlink_path.value().c_str(), buf, arraysize(buf));
372
373 if (count <= 0) {
374 target_path->clear();
375 return false;
376 }
377
378 *target_path = FilePath(FilePath::StringType(buf, count));
379 return true;
380 }
381
382 bool GetPosixFilePermissions(const FilePath& path, int* mode) {
383 base::ThreadRestrictions::AssertIOAllowed();
384 DCHECK(mode);
385
386 stat_wrapper_t file_info;
387 // Uses stat(), because on symbolic link, lstat() does not return valid
388 // permission bits in st_mode
389 if (CallStat(path.value().c_str(), &file_info) != 0)
390 return false;
391
392 *mode = file_info.st_mode & FILE_PERMISSION_MASK;
393 return true;
394 }
395
396 bool SetPosixFilePermissions(const FilePath& path,
397 int mode) {
398 base::ThreadRestrictions::AssertIOAllowed();
399 DCHECK((mode & ~FILE_PERMISSION_MASK) == 0);
400
401 // Calls stat() so that we can preserve the higher bits like S_ISGID.
402 stat_wrapper_t stat_buf;
403 if (CallStat(path.value().c_str(), &stat_buf) != 0)
404 return false;
405
406 // Clears the existing permission bits, and adds the new ones.
407 mode_t updated_mode_bits = stat_buf.st_mode & ~FILE_PERMISSION_MASK;
408 updated_mode_bits |= mode & FILE_PERMISSION_MASK;
409
410 if (HANDLE_EINTR(chmod(path.value().c_str(), updated_mode_bits)) != 0)
411 return false;
412
413 return true;
414 }
415
416 // Creates and opens a temporary file in |directory|, returning the
417 // file descriptor. |path| is set to the temporary file path.
418 // This function does NOT unlink() the file.
419 int CreateAndOpenFdForTemporaryFile(FilePath directory, FilePath* path) {
420 base::ThreadRestrictions::AssertIOAllowed(); // For call to mkstemp().
421 *path = directory.Append(base::TempFileName());
422 const std::string& tmpdir_string = path->value();
423 // this should be OK since mkstemp just replaces characters in place
424 char* buffer = const_cast<char*>(tmpdir_string.c_str());
425
426 return HANDLE_EINTR(mkstemp(buffer));
427 }
428
429 bool CreateTemporaryFile(FilePath* path) {
430 base::ThreadRestrictions::AssertIOAllowed(); // For call to close().
431 FilePath directory;
432 if (!GetTempDir(&directory))
433 return false;
434 int fd = CreateAndOpenFdForTemporaryFile(directory, path);
435 if (fd < 0)
436 return false;
437 ignore_result(HANDLE_EINTR(close(fd)));
438 return true;
439 }
440
441 FILE* CreateAndOpenTemporaryShmemFile(FilePath* path, bool executable) {
442 FilePath directory;
443 if (!GetShmemTempDir(&directory, executable))
444 return NULL;
445
446 return CreateAndOpenTemporaryFileInDir(directory, path);
447 }
448
449 FILE* CreateAndOpenTemporaryFileInDir(const FilePath& dir, FilePath* path) {
450 int fd = CreateAndOpenFdForTemporaryFile(dir, path);
451 if (fd < 0)
452 return NULL;
453
454 FILE* file = fdopen(fd, "a+");
455 if (!file)
456 ignore_result(HANDLE_EINTR(close(fd)));
457 return file;
458 }
459
460 bool CreateTemporaryFileInDir(const FilePath& dir, FilePath* temp_file) {
461 base::ThreadRestrictions::AssertIOAllowed(); // For call to close().
462 int fd = CreateAndOpenFdForTemporaryFile(dir, temp_file);
463 return ((fd >= 0) && !HANDLE_EINTR(close(fd)));
464 }
465
466 static bool CreateTemporaryDirInDirImpl(const FilePath& base_dir,
467 const FilePath::StringType& name_tmpl,
468 FilePath* new_dir) {
469 base::ThreadRestrictions::AssertIOAllowed(); // For call to mkdtemp().
470 DCHECK(name_tmpl.find("XXXXXX") != FilePath::StringType::npos)
471 << "Directory name template must contain \"XXXXXX\".";
472
473 FilePath sub_dir = base_dir.Append(name_tmpl);
474 std::string sub_dir_string = sub_dir.value();
475
476 // this should be OK since mkdtemp just replaces characters in place
477 char* buffer = const_cast<char*>(sub_dir_string.c_str());
478 char* dtemp = mkdtemp(buffer);
479 if (!dtemp) {
480 DPLOG(ERROR) << "mkdtemp";
481 return false;
482 }
483 *new_dir = FilePath(dtemp);
484 return true;
485 }
486
487 bool CreateTemporaryDirInDir(const FilePath& base_dir,
488 const FilePath::StringType& prefix,
489 FilePath* new_dir) {
490 FilePath::StringType mkdtemp_template = prefix;
491 mkdtemp_template.append(FILE_PATH_LITERAL("XXXXXX"));
492 return CreateTemporaryDirInDirImpl(base_dir, mkdtemp_template, new_dir);
493 }
494
495 bool CreateNewTempDirectory(const FilePath::StringType& prefix,
496 FilePath* new_temp_path) {
497 FilePath tmpdir;
498 if (!GetTempDir(&tmpdir))
499 return false;
500
501 return CreateTemporaryDirInDirImpl(tmpdir, base::TempFileName(),
502 new_temp_path);
503 }
504
505 bool CreateDirectoryAndGetError(const FilePath& full_path,
506 base::PlatformFileError* error) {
507 base::ThreadRestrictions::AssertIOAllowed(); // For call to mkdir().
508 std::vector<FilePath> subpaths;
509
510 // Collect a list of all parent directories.
511 FilePath last_path = full_path;
512 subpaths.push_back(full_path);
513 for (FilePath path = full_path.DirName();
514 path.value() != last_path.value(); path = path.DirName()) {
515 subpaths.push_back(path);
516 last_path = path;
517 }
518
519 // Iterate through the parents and create the missing ones.
520 for (std::vector<FilePath>::reverse_iterator i = subpaths.rbegin();
521 i != subpaths.rend(); ++i) {
522 if (DirectoryExists(*i))
523 continue;
524 if (mkdir(i->value().c_str(), 0700) == 0)
525 continue;
526 // Mkdir failed, but it might have failed with EEXIST, or some other error
527 // due to the the directory appearing out of thin air. This can occur if
528 // two processes are trying to create the same file system tree at the same
529 // time. Check to see if it exists and make sure it is a directory.
530 int saved_errno = errno;
531 if (!DirectoryExists(*i)) {
532 if (error)
533 *error = base::ErrnoToPlatformFileError(saved_errno);
534 return false;
535 }
536 }
537 return true;
538 }
539
540 base::FilePath MakeUniqueDirectory(const base::FilePath& path) {
541 const int kMaxAttempts = 20;
542 for (int attempts = 0; attempts < kMaxAttempts; attempts++) {
543 int uniquifier =
544 GetUniquePathNumber(path, base::FilePath::StringType());
545 if (uniquifier < 0)
546 break;
547 base::FilePath test_path = (uniquifier == 0) ? path :
548 path.InsertBeforeExtensionASCII(
549 base::StringPrintf(" (%d)", uniquifier));
550 if (mkdir(test_path.value().c_str(), 0777) == 0)
551 return test_path;
552 else if (errno != EEXIST)
553 break;
554 }
555 return base::FilePath();
556 }
557
558 // TODO(rkc): Refactor GetFileInfo and FileEnumerator to handle symlinks
559 // correctly. http://code.google.com/p/chromium-os/issues/detail?id=15948
560 bool IsLink(const FilePath& file_path) {
561 stat_wrapper_t st;
562 // If we can't lstat the file, it's safe to assume that the file won't at
563 // least be a 'followable' link.
564 if (CallLstat(file_path.value().c_str(), &st) != 0)
565 return false;
566
567 if (S_ISLNK(st.st_mode))
568 return true;
569 else
570 return false;
571 }
572
573 bool GetFileInfo(const FilePath& file_path, base::PlatformFileInfo* results) {
574 stat_wrapper_t file_info;
575 if (CallStat(file_path.value().c_str(), &file_info) != 0)
576 return false;
577 results->is_directory = S_ISDIR(file_info.st_mode);
578 results->size = file_info.st_size;
579 #if defined(OS_MACOSX)
580 results->last_modified = base::Time::FromTimeSpec(file_info.st_mtimespec);
581 results->last_accessed = base::Time::FromTimeSpec(file_info.st_atimespec);
582 results->creation_time = base::Time::FromTimeSpec(file_info.st_ctimespec);
583 #elif defined(OS_ANDROID)
584 results->last_modified = base::Time::FromTimeT(file_info.st_mtime);
585 results->last_accessed = base::Time::FromTimeT(file_info.st_atime);
586 results->creation_time = base::Time::FromTimeT(file_info.st_ctime);
587 #else
588 results->last_modified = base::Time::FromTimeSpec(file_info.st_mtim);
589 results->last_accessed = base::Time::FromTimeSpec(file_info.st_atim);
590 results->creation_time = base::Time::FromTimeSpec(file_info.st_ctim);
591 #endif
592 return true;
593 }
594
595 bool GetInode(const FilePath& path, ino_t* inode) {
596 base::ThreadRestrictions::AssertIOAllowed(); // For call to stat().
597 struct stat buffer;
598 int result = stat(path.value().c_str(), &buffer);
599 if (result < 0)
600 return false;
601
602 *inode = buffer.st_ino;
603 return true;
604 }
605
606 FILE* OpenFile(const std::string& filename, const char* mode) {
607 return OpenFile(FilePath(filename), mode);
608 }
609
610 FILE* OpenFile(const FilePath& filename, const char* mode) {
611 base::ThreadRestrictions::AssertIOAllowed();
612 FILE* result = NULL;
613 do {
614 result = fopen(filename.value().c_str(), mode);
615 } while (!result && errno == EINTR);
616 return result;
617 }
618
619 int ReadFile(const FilePath& filename, char* data, int size) {
620 base::ThreadRestrictions::AssertIOAllowed();
621 int fd = HANDLE_EINTR(open(filename.value().c_str(), O_RDONLY));
622 if (fd < 0)
623 return -1;
624
625 ssize_t bytes_read = HANDLE_EINTR(read(fd, data, size));
626 if (int ret = HANDLE_EINTR(close(fd)) < 0)
627 return ret;
628 return bytes_read;
629 }
630
631 int WriteFile(const FilePath& filename, const char* data, int size) {
632 base::ThreadRestrictions::AssertIOAllowed();
633 int fd = HANDLE_EINTR(creat(filename.value().c_str(), 0666));
634 if (fd < 0)
635 return -1;
636
637 int bytes_written = WriteFileDescriptor(fd, data, size);
638 if (int ret = HANDLE_EINTR(close(fd)) < 0)
639 return ret;
640 return bytes_written;
641 }
642
643 int WriteFileDescriptor(const int fd, const char* data, int size) {
644 // Allow for partial writes.
645 ssize_t bytes_written_total = 0;
646 for (ssize_t bytes_written_partial = 0; bytes_written_total < size;
647 bytes_written_total += bytes_written_partial) {
648 bytes_written_partial =
649 HANDLE_EINTR(write(fd, data + bytes_written_total,
650 size - bytes_written_total));
651 if (bytes_written_partial < 0)
652 return -1;
653 }
654
655 return bytes_written_total;
656 }
657
658 int AppendToFile(const FilePath& filename, const char* data, int size) {
659 base::ThreadRestrictions::AssertIOAllowed();
660 int fd = HANDLE_EINTR(open(filename.value().c_str(), O_WRONLY | O_APPEND));
661 if (fd < 0)
662 return -1;
663
664 int bytes_written = WriteFileDescriptor(fd, data, size);
665 if (int ret = HANDLE_EINTR(close(fd)) < 0)
666 return ret;
667 return bytes_written;
668 }
669
670 // Gets the current working directory for the process.
671 bool GetCurrentDirectory(FilePath* dir) {
672 // getcwd can return ENOENT, which implies it checks against the disk.
673 base::ThreadRestrictions::AssertIOAllowed();
674
675 char system_buffer[PATH_MAX] = "";
676 if (!getcwd(system_buffer, sizeof(system_buffer))) {
677 NOTREACHED();
678 return false;
679 }
680 *dir = FilePath(system_buffer);
681 return true;
682 }
683
684 // Sets the current working directory for the process.
685 bool SetCurrentDirectory(const FilePath& path) {
686 base::ThreadRestrictions::AssertIOAllowed();
687 int ret = chdir(path.value().c_str());
688 return !ret;
689 }
690
691 bool NormalizeFilePath(const FilePath& path, FilePath* normalized_path) {
692 FilePath real_path_result;
693 if (!RealPath(path, &real_path_result))
694 return false;
695
696 // To be consistant with windows, fail if |real_path_result| is a
697 // directory.
698 stat_wrapper_t file_info;
699 if (CallStat(real_path_result.value().c_str(), &file_info) != 0 ||
700 S_ISDIR(file_info.st_mode))
701 return false;
702
703 *normalized_path = real_path_result;
704 return true;
705 }
706
707 #if !defined(OS_MACOSX)
708 bool GetTempDir(FilePath* path) {
709 const char* tmp = getenv("TMPDIR");
710 if (tmp)
711 *path = FilePath(tmp);
712 else
713 #if defined(OS_ANDROID)
714 return PathService::Get(base::DIR_CACHE, path);
715 #else
716 *path = FilePath("/tmp");
717 #endif
718 return true;
719 }
720
721 #if !defined(OS_ANDROID)
722
723 #if defined(OS_LINUX)
724 // Determine if /dev/shm files can be mapped and then mprotect'd PROT_EXEC.
725 // This depends on the mount options used for /dev/shm, which vary among
726 // different Linux distributions and possibly local configuration. It also
727 // depends on details of kernel--ChromeOS uses the noexec option for /dev/shm
728 // but its kernel allows mprotect with PROT_EXEC anyway.
729
730 namespace {
731
732 bool DetermineDevShmExecutable() {
733 bool result = false;
734 FilePath path;
735 int fd = CreateAndOpenFdForTemporaryFile(FilePath("/dev/shm"), &path);
736 if (fd >= 0) {
737 ScopedFD shm_fd_closer(&fd);
738 DeleteFile(path, false);
739 long sysconf_result = sysconf(_SC_PAGESIZE);
740 CHECK_GE(sysconf_result, 0);
741 size_t pagesize = static_cast<size_t>(sysconf_result);
742 CHECK_GE(sizeof(pagesize), sizeof(sysconf_result));
743 void *mapping = mmap(NULL, pagesize, PROT_READ, MAP_SHARED, fd, 0);
744 if (mapping != MAP_FAILED) {
745 if (mprotect(mapping, pagesize, PROT_READ | PROT_EXEC) == 0)
746 result = true;
747 munmap(mapping, pagesize);
748 }
749 }
750 return result;
751 }
752
753 }; // namespace
754 #endif // defined(OS_LINUX)
755
756 bool GetShmemTempDir(FilePath* path, bool executable) {
757 #if defined(OS_LINUX)
758 bool use_dev_shm = true;
759 if (executable) {
760 static const bool s_dev_shm_executable = DetermineDevShmExecutable();
761 use_dev_shm = s_dev_shm_executable;
762 }
763 if (use_dev_shm) {
764 *path = FilePath("/dev/shm");
765 return true;
766 }
767 #endif
768 return GetTempDir(path);
769 }
770 #endif // !defined(OS_ANDROID)
771
772 FilePath GetHomeDir() {
773 #if defined(OS_CHROMEOS)
774 if (base::chromeos::IsRunningOnChromeOS())
775 return FilePath("/home/chronos/user");
776 #endif
777
778 const char* home_dir = getenv("HOME");
779 if (home_dir && home_dir[0])
780 return FilePath(home_dir);
781
782 #if defined(OS_ANDROID)
783 DLOG(WARNING) << "OS_ANDROID: Home directory lookup not yet implemented.";
784 #else
785 // g_get_home_dir calls getpwent, which can fall through to LDAP calls.
786 base::ThreadRestrictions::AssertIOAllowed();
787
788 home_dir = g_get_home_dir();
789 if (home_dir && home_dir[0])
790 return FilePath(home_dir);
791 #endif
792
793 FilePath rv;
794 if (file_util::GetTempDir(&rv))
795 return rv;
796
797 // Last resort.
798 return FilePath("/tmp");
799 }
800 #endif // !defined(OS_MACOSX)
801
802 bool VerifyPathControlledByUser(const FilePath& base,
803 const FilePath& path,
804 uid_t owner_uid,
805 const std::set<gid_t>& group_gids) {
806 if (base != path && !base.IsParent(path)) {
807 DLOG(ERROR) << "|base| must be a subdirectory of |path|. base = \""
808 << base.value() << "\", path = \"" << path.value() << "\"";
809 return false;
810 }
811
812 std::vector<FilePath::StringType> base_components;
813 std::vector<FilePath::StringType> path_components;
814
815 base.GetComponents(&base_components);
816 path.GetComponents(&path_components);
817
818 std::vector<FilePath::StringType>::const_iterator ib, ip;
819 for (ib = base_components.begin(), ip = path_components.begin();
820 ib != base_components.end(); ++ib, ++ip) {
821 // |base| must be a subpath of |path|, so all components should match.
822 // If these CHECKs fail, look at the test that base is a parent of
823 // path at the top of this function.
824 DCHECK(ip != path_components.end());
825 DCHECK(*ip == *ib);
826 }
827
828 FilePath current_path = base;
829 if (!VerifySpecificPathControlledByUser(current_path, owner_uid, group_gids))
830 return false;
831
832 for (; ip != path_components.end(); ++ip) {
833 current_path = current_path.Append(*ip);
834 if (!VerifySpecificPathControlledByUser(
835 current_path, owner_uid, group_gids))
836 return false;
837 }
838 return true;
839 }
840
841 #if defined(OS_MACOSX) && !defined(OS_IOS)
842 bool VerifyPathControlledByAdmin(const FilePath& path) {
843 const unsigned kRootUid = 0;
844 const FilePath kFileSystemRoot("/");
845
846 // The name of the administrator group on mac os.
847 const char* const kAdminGroupNames[] = {
848 "admin",
849 "wheel"
850 };
851
852 // Reading the groups database may touch the file system.
853 base::ThreadRestrictions::AssertIOAllowed();
854
855 std::set<gid_t> allowed_group_ids;
856 for (int i = 0, ie = arraysize(kAdminGroupNames); i < ie; ++i) {
857 struct group *group_record = getgrnam(kAdminGroupNames[i]);
858 if (!group_record) {
859 DPLOG(ERROR) << "Could not get the group ID of group \""
860 << kAdminGroupNames[i] << "\".";
861 continue;
862 }
863
864 allowed_group_ids.insert(group_record->gr_gid);
865 }
866
867 return VerifyPathControlledByUser(
868 kFileSystemRoot, path, kRootUid, allowed_group_ids);
869 }
870 #endif // defined(OS_MACOSX) && !defined(OS_IOS)
871
872 int GetMaximumPathComponentLength(const FilePath& path) {
873 base::ThreadRestrictions::AssertIOAllowed();
874 return pathconf(path.value().c_str(), _PC_NAME_MAX);
875 }
876
877 } // namespace file_util
878
879 namespace base {
880 namespace internal {
881
882 bool MoveUnsafe(const FilePath& from_path, const FilePath& to_path) {
883 ThreadRestrictions::AssertIOAllowed();
884 // Windows compatibility: if to_path exists, from_path and to_path
885 // must be the same type, either both files, or both directories.
886 stat_wrapper_t to_file_info;
887 if (CallStat(to_path.value().c_str(), &to_file_info) == 0) {
888 stat_wrapper_t from_file_info;
889 if (CallStat(from_path.value().c_str(), &from_file_info) == 0) {
890 if (S_ISDIR(to_file_info.st_mode) != S_ISDIR(from_file_info.st_mode))
891 return false;
892 } else {
893 return false;
894 }
895 }
896
897 if (rename(from_path.value().c_str(), to_path.value().c_str()) == 0)
898 return true;
899
900 if (!CopyDirectory(from_path, to_path, true))
901 return false;
902
903 DeleteFile(from_path, true);
904 return true;
905 }
906
907 #if !defined(OS_MACOSX)
908 // Mac has its own implementation, this is for all other Posix systems.
909 bool CopyFileUnsafe(const FilePath& from_path, const FilePath& to_path) {
910 ThreadRestrictions::AssertIOAllowed();
911 int infile = HANDLE_EINTR(open(from_path.value().c_str(), O_RDONLY));
912 if (infile < 0)
913 return false;
914
915 int outfile = HANDLE_EINTR(creat(to_path.value().c_str(), 0666));
916 if (outfile < 0) {
917 ignore_result(HANDLE_EINTR(close(infile)));
918 return false;
919 }
920
921 const size_t kBufferSize = 32768;
922 std::vector<char> buffer(kBufferSize);
923 bool result = true;
924
925 while (result) {
926 ssize_t bytes_read = HANDLE_EINTR(read(infile, &buffer[0], buffer.size()));
927 if (bytes_read < 0) {
928 result = false;
929 break;
930 }
931 if (bytes_read == 0)
932 break;
933 // Allow for partial writes
934 ssize_t bytes_written_per_read = 0;
935 do {
936 ssize_t bytes_written_partial = HANDLE_EINTR(write(
937 outfile,
938 &buffer[bytes_written_per_read],
939 bytes_read - bytes_written_per_read));
940 if (bytes_written_partial < 0) {
941 result = false;
942 break;
943 }
944 bytes_written_per_read += bytes_written_partial;
945 } while (bytes_written_per_read < bytes_read);
946 }
947
948 if (HANDLE_EINTR(close(infile)) < 0)
949 result = false;
950 if (HANDLE_EINTR(close(outfile)) < 0)
951 result = false;
952
953 return result;
954 }
955 #endif // !defined(OS_MACOSX)
956
957 } // namespace internal
958 } // namespace base