File: read_only_file_mojom_traits.cc

package info (click to toggle)
chromium 135.0.7049.95-1~deb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 5,959,392 kB
  • sloc: cpp: 34,198,526; ansic: 7,100,035; javascript: 3,985,800; python: 1,395,489; asm: 896,754; xml: 722,891; pascal: 180,504; sh: 94,909; perl: 88,388; objc: 79,739; sql: 53,020; cs: 41,358; fortran: 24,137; makefile: 22,501; php: 13,699; tcl: 10,142; yacc: 8,822; ruby: 7,350; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; awk: 197; sed: 36
file content (88 lines) | stat: -rw-r--r-- 2,950 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "mojo/public/cpp/base/read_only_file_mojom_traits.h"

#include "base/files/file.h"
#include "build/build_config.h"

#if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
#include <fcntl.h>
#include <sys/stat.h>
#include <unistd.h>
#endif  // BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)

#if BUILDFLAG(IS_WIN)
#include <windows.h>

#include "base/win/security_util.h"
#endif  // BUILDFLAG(IS_WIN)

namespace mojo {
namespace {

// True if the underlying handle is only readable. Where possible this excludes
// deletion, writing, truncation, append and other operations that might modify
// the underlying file. False if we can tell that the file could be modified.
// On platforms where we cannot test the handle, always returns true.
bool IsReadOnlyFile(base::File& file) {
  bool is_readonly = true;
#if BUILDFLAG(IS_WIN)
  std::optional<ACCESS_MASK> flags =
      base::win::GetGrantedAccess(file.GetPlatformFile());
  if (!flags.has_value()) {
    return false;
  }
  // Cannot use GENERIC_WRITE as that includes SYNCHRONIZE.
  // This is ~(all the writable permissions).
  is_readonly = !(flags.value() &
                  (FILE_APPEND_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_DATA |
                   FILE_WRITE_EA | WRITE_DAC | WRITE_OWNER | DELETE));
#elif BUILDFLAG(IS_FUCHSIA) || \
    (BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_AIX))
  is_readonly =
      (fcntl(file.GetPlatformFile(), F_GETFL) & O_ACCMODE) == O_RDONLY;
#endif
  return is_readonly;
}

bool IsPhysicalFile(base::File& file) {
#if BUILDFLAG(IS_WIN)
  // Verify if this is a real file (not a socket/pipe etc.).
  DWORD type = GetFileType(file.GetPlatformFile());
  return type == FILE_TYPE_DISK;
#else
  // This may block but in practice this is unlikely for already opened
  // physical files.
  struct stat st;
  if (fstat(file.GetPlatformFile(), &st) != 0)
    return false;
  return S_ISREG(st.st_mode);
#endif
}

}  // namespace

mojo::PlatformHandle StructTraits<mojo_base::mojom::ReadOnlyFileDataView,
                                  base::File>::fd(base::File& file) {
  CHECK(file.IsValid());
  // For now we require real files as on some platforms it is too difficult to
  // be sure that more general handles cannot be written or made writable. This
  // could be relaxed if an interface needs readonly pipes. This check may block
  // so cannot be enabled in release builds.
  DCHECK(IsPhysicalFile(file));
  CHECK(IsReadOnlyFile(file));

  return mojo::PlatformHandle(
      base::ScopedPlatformFile(file.TakePlatformFile()));
}

bool StructTraits<mojo_base::mojom::ReadOnlyFileDataView, base::File>::Read(
    mojo_base::mojom::ReadOnlyFileDataView data,
    base::File* file) {
  *file = base::File(data.TakeFd().TakePlatformFile(), data.async());
  return true;
}

}  // namespace mojo