// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef STORAGE_BROWSER_FILE_SYSTEM_OBFUSCATED_FILE_UTIL_H_ #define STORAGE_BROWSER_FILE_SYSTEM_OBFUSCATED_FILE_UTIL_H_ #include <stdint.h> #include <map> #include <memory> #include <set> #include <string> #include <vector> #include "base/component_export.h" #include "base/files/file.h" #include "base/files/file_error_or.h" #include "base/files/file_path.h" #include "base/functional/callback_forward.h" #include "base/memory/raw_ptr.h" #include "base/memory/scoped_refptr.h" #include "base/sequence_checker.h" #include "base/timer/timer.h" #include "storage/browser/blob/shareable_file_reference.h" #include "storage/browser/file_system/file_system_file_util.h" #include "storage/browser/file_system/file_system_url.h" #include "storage/browser/file_system/obfuscated_file_util_delegate.h" #include "storage/browser/file_system/sandbox_directory_database.h" #include "storage/browser/file_system/sandbox_file_system_backend_delegate.h" #include "storage/common/file_system/file_system_types.h" namespace blink { class StorageKey; } // namespace blink namespace storage { class FileSystemOperationContext; class ObfuscatedFileUtilTest; class QuotaBackendImplTest; class SandboxOriginDatabaseInterface; class SpecialStoragePolicy; // Class representing the key for directories_. NOTE: The `bucket` value is // optional due to usage of ObfuscatedFileUtil where the type is not kTemporary // (i.e. kPersistent or kSyncable). For all non-temporary types, expect the // bucket member value to be std::nullopt. The class is implemented as such to // avoid mapping the same StorageKey to potentially different bucket values, // which would cause directories_ lookup errors. NOTE: The `type_string` value // is empty when designating a "top-level directory" or a directory that // contains one or more subdirectories with a non-empty type. This class stores // a string rather than the FileSystemType itself because multiple // FileSystemTypes can map to the same `type_string`, and preserving this // behavior is necessary to retrieving and deleting ObfuscatedFilePaths // correctly. class DatabaseKey { … }; // This file util stores directory information in either LevelDB or // StorageBuckets to obfuscate and to neutralize virtual file paths given by // arbitrary apps. Files are stored with three-level isolation: (1) // per-StorageKey, (2) per-bucket, and (3) per-type. The isolation is done by // storing data in separate directory partitions. For example, a file in // Temporary file system for origin 'www.example.com' is stored in a different // partition from a file in Persistent file system for the same origin, or from // a file in a Temporary file system for another origin. Similarly, a file in a // Temporary file system for origin 'www.foo.com' with a default bucket is // stored in a different partition from a non-default bucket for the same origin // and Temporary file system. // // * For default first-party StorageKeys, per-origin directory name information // is stored in a separate LevelDB, which is maintained by // SandboxOriginDatabase. For per-type information, we use a small static // mapping (e.g. 't' for Temporary type) for regular sandbox filesystems. // NOTE/TODO(crbug.com/40855748): the goal is to eventually deprecate // SandboxOriginDatabase and rely entirely on Storage Buckets. // * For all other StorageKeys, we rely on quota management of Storage Buckets // in addition to the same static mapping of per-type information described // above. // // The overall implementation philosophy of this class is that partial failures // should leave us with an intact database; we'd prefer to leak the occasional // backing file than have a database entry whose backing file is missing. When // doing FSCK operations, if you find a loose backing file with no reference, // you may safely delete it. // // This class must be deleted on the FILE thread, because that's where // DropDatabases needs to be called. class COMPONENT_EXPORT(STORAGE_BROWSER) ObfuscatedFileUtil : public FileSystemFileUtil { … }; } // namespace storage #endif // STORAGE_BROWSER_FILE_SYSTEM_OBFUSCATED_FILE_UTIL_H_
Codebase Browser
chromium