// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/ash/exo/chrome_security_delegate.h"
#include <memory>
#include <string>
#include "ash/components/arc/arc_util.h"
#include "ash/public/cpp/app_types_util.h"
#include "base/memory/ref_counted_memory.h"
#include "base/strings/string_util.h"
#include "base/strings/utf_string_conversions.h"
#include "chrome/browser/ash/arc/arc_util.h"
#include "chrome/browser/ash/crostini/crostini_util.h"
#include "chrome/browser/ash/exo/chrome_data_exchange_delegate.h"
#include "chrome/browser/ash/extensions/file_manager/event_router.h"
#include "chrome/browser/ash/extensions/file_manager/event_router_factory.h"
#include "chrome/browser/ash/file_manager/fileapi_util.h"
#include "chrome/browser/ash/file_manager/path_util.h"
#include "chrome/browser/ash/fusebox/fusebox_server.h"
#include "chrome/browser/ash/guest_os/guest_os_session_tracker.h"
#include "chrome/browser/ash/guest_os/guest_os_share_path.h"
#include "chrome/browser/ash/plugin_vm/plugin_vm_files.h"
#include "chrome/browser/ash/plugin_vm/plugin_vm_util.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/profiles/profile_manager.h"
#include "components/exo/shell_surface_util.h"
#include "content/public/common/drop_data.h"
#include "storage/browser/file_system/external_mount_points.h"
#include "storage/browser/file_system/file_system_context.h"
#include "storage/browser/file_system/file_system_url.h"
#include "third_party/blink/public/common/storage_key/storage_key.h"
#include "ui/base/clipboard/file_info.h"
#include "ui/base/data_transfer_policy/data_transfer_endpoint.h"
namespace ash {
namespace {
constexpr char kUriListSeparator[] = "\r\n";
constexpr char kVmFileScheme[] = "vmfile";
constexpr char kDefaultVmMount[] = "/mnt/shared";
void SendArcUrls(exo::SecurityDelegate::SendDataCallback callback,
const std::vector<GURL>& urls) {
std::vector<std::string> lines;
for (const GURL& url : urls) {
if (!url.is_valid()) {
continue;
}
lines.push_back(url.spec());
}
// Arc requires UTF16 for data.
std::move(callback).Run(base::MakeRefCounted<base::RefCountedString16>(
base::UTF8ToUTF16(base::JoinString(lines, kUriListSeparator))));
}
void SendAfterShare(ui::EndpointType target,
exo::SecurityDelegate::SendDataCallback callback,
std::vector<std::string> file_urls) {
std::string joined = base::JoinString(file_urls, kUriListSeparator);
scoped_refptr<base::RefCountedMemory> data;
if (target == ui::EndpointType::kArc) {
// Arc uses utf-16 data.
data = base::MakeRefCounted<base::RefCountedString16>(
base::UTF8ToUTF16(joined));
} else {
data = base::MakeRefCounted<base::RefCountedString>(std::move(joined));
}
std::move(callback).Run(data);
}
struct FileInfo {
const base::FilePath path;
const storage::FileSystemURL url;
};
// Returns true if path is shared with the specified VM, or for crostini if path
// is homedir or dir within.
bool IsPathShared(Profile* profile,
std::string vm_name,
bool is_crostini,
base::FilePath path) {
auto* share_path = guest_os::GuestOsSharePath::GetForProfile(profile);
if (share_path->IsPathShared(vm_name, path)) {
return true;
}
if (is_crostini) {
base::FilePath mount =
file_manager::util::GetCrostiniMountDirectory(profile);
return path == mount || mount.IsParent(path);
}
return false;
}
// Return VM mount path for specified `vm_name`.
base::FilePath GetVmMount(const std::string& vm_name) {
if (vm_name == crostini::kCrostiniDefaultVmName) {
return crostini::ContainerChromeOSBaseDirectory();
}
if (vm_name == plugin_vm::kPluginVmName) {
return plugin_vm::ChromeOSBaseDirectory();
}
return base::FilePath(std::string(kDefaultVmMount));
}
// Translate |vm_paths| from |source| VM to host paths.
std::vector<FileInfo> TranslateVMToHost(const std::string vm_name,
std::vector<ui::FileInfo> vm_paths) {
std::vector<FileInfo> file_infos;
Profile* primary_profile = ProfileManager::GetPrimaryUserProfile();
bool is_crostini = vm_name == crostini::kCrostiniDefaultVmName;
for (ui::FileInfo& info : vm_paths) {
base::FilePath path = std::move(info.path);
storage::FileSystemURL url;
// Convert the VM path to a path in the host if possible (in homedir or
// /mnt/chromeos for crostini; in //ChromeOS for Plugin VM), otherwise
// prefix with 'vmfile:<vm_name>:' to avoid VMs spoofing host paths.
// E.g. crostini /etc/mime.types => vmfile:termina:/etc/mime.types.
if (!vm_name.empty() && vm_name != arc::kArcVmName) {
if (file_manager::util::ConvertPathInsideVMToFileSystemURL(
primary_profile, path, GetVmMount(vm_name),
/*map_crostini_home=*/is_crostini, &url)) {
path = url.path();
// Only allow write to clipboard for paths that are shared.
if (!IsPathShared(primary_profile, vm_name, is_crostini, path)) {
LOG(WARNING) << "Unshared file path: " << path;
continue;
}
} else {
path = base::FilePath(
base::StrCat({kVmFileScheme, ":", vm_name, ":", path.value()}));
}
}
file_infos.push_back({std::move(path), std::move(url)});
}
return file_infos;
}
// Crack paths and get FileSystemURL.
std::vector<FileInfo> CrackPaths(std::vector<base::FilePath> paths) {
storage::ExternalMountPoints* mount_points =
storage::ExternalMountPoints::GetSystemInstance();
base::FilePath virtual_path;
std::vector<FileInfo> file_infos;
for (auto& path : paths) {
// Convert absolute host path to FileSystemURL if possible.
storage::FileSystemURL url;
if (mount_points->GetVirtualPath(path, &virtual_path)) {
url = mount_points->CreateCrackedFileSystemURL(
blink::StorageKey(), storage::kFileSystemTypeExternal, virtual_path);
}
file_infos.push_back({std::move(path), std::move(url)});
}
return file_infos;
}
// Share |files| with |target| VM and invoke |callback| with translated file:
// URLs.
void ShareAndTranslateHostToVM(
const std::string& vm_name,
const std::vector<FileInfo>& file_infos,
base::OnceCallback<void(std::vector<std::string>)> callback) {
Profile* primary_profile = ProfileManager::GetPrimaryUserProfile();
bool is_crostini = vm_name == crostini::kCrostiniDefaultVmName;
const std::string vm_prefix =
base::StrCat({kVmFileScheme, ":", vm_name, ":"});
std::vector<std::string> file_urls;
auto* share_path = guest_os::GuestOsSharePath::GetForProfile(primary_profile);
std::vector<base::FilePath> paths_to_share;
for (auto& info : file_infos) {
std::string file_url;
bool share_required = false;
if (vm_name == arc::kArcVmName) {
GURL arc_url;
if (!file_manager::util::ConvertPathToArcUrl(info.path, &arc_url,
&share_required)) {
LOG(WARNING) << "Could not convert arc path " << info.path;
continue;
}
file_url = arc_url.spec();
} else if (!vm_name.empty()) {
base::FilePath path;
// Check if it is a path inside the VM: 'vmfile:<vm_name>:'.
if (base::StartsWith(info.path.value(), vm_prefix,
base::CompareCase::SENSITIVE)) {
file_url = ui::FilePathToFileURL(
base::FilePath(info.path.value().substr(vm_prefix.size())));
} else if (file_manager::util::ConvertFileSystemURLToPathInsideVM(
primary_profile, info.url, GetVmMount(vm_name),
/*map_crostini_home=*/is_crostini, &path)) {
// Convert to path inside the VM.
file_url = ui::FilePathToFileURL(path);
share_required = true;
} else {
LOG(WARNING) << "Could not convert into VM path " << info.path;
continue;
}
} else {
// Use path without conversion as default.
file_url = ui::FilePathToFileURL(info.path);
}
file_urls.push_back(std::move(file_url));
if (share_required && !share_path->IsPathShared(vm_name, info.path)) {
paths_to_share.push_back(std::move(info.path));
}
}
if (!paths_to_share.empty()) {
if (vm_name != plugin_vm::kPluginVmName) {
auto vm_info =
guest_os::GuestOsSessionTracker::GetForProfile(primary_profile)
->GetVmInfo(vm_name);
if (!vm_info) {
// VM must be running for copy-paste or drag-drop to be happening so
// something's gone wrong, skip trying to share and just send the data.
std::move(callback).Run(std::move(file_urls));
return;
}
share_path->SharePaths(
vm_name, vm_info->seneschal_server_handle(),
std::move(paths_to_share),
base::BindOnce(
[](base::OnceCallback<void(std::vector<std::string>)> callback,
std::vector<std::string> file_urls, bool success,
const std::string& failure_reason) {
if (!success) {
LOG(ERROR) << "Error sharing paths: " << failure_reason;
}
// Still send the data, even if sharing failed.
std::move(callback).Run(std::move(file_urls));
},
std::move(callback), std::move(file_urls)));
return;
}
// Show FilesApp move-to-windows-files dialog when Plugin VM is not shared.
if (auto* event_router =
file_manager::EventRouterFactory::GetForProfile(primary_profile)) {
event_router->DropFailedPluginVmDirectoryNotShared();
}
file_urls.clear();
}
std::move(callback).Run(std::move(file_urls));
}
} // namespace
// static
std::vector<base::FilePath> TranslateVMPathsToHost(
const std::string& vm_name,
const std::vector<ui::FileInfo>& vm_paths) {
std::vector<FileInfo> translated = TranslateVMToHost(vm_name, vm_paths);
std::vector<base::FilePath> result;
for (auto& info : translated) {
result.push_back(std::move(info.path));
}
return result;
}
// static
void ShareWithVMAndTranslateToFileUrls(
const std::string& vm_name,
const std::vector<base::FilePath>& files,
base::OnceCallback<void(std::vector<std::string>)> callback) {
ShareAndTranslateHostToVM(vm_name, CrackPaths(files), std::move(callback));
}
ChromeSecurityDelegate::ChromeSecurityDelegate() = default;
ChromeSecurityDelegate::~ChromeSecurityDelegate() = default;
bool ChromeSecurityDelegate::CanSelfActivate(aura::Window* window) const {
// TODO(b/233691818): The default should be "false", and clients should
// override that if they need to self-activate.
//
// Unfortunately, several clients don't have their own SecurityDelegate yet,
// so we will continue to use the old exo::Permissions stuff until they do.
return exo::HasPermissionToActivate(window);
}
bool ChromeSecurityDelegate::CanLockPointer(aura::Window* window) const {
// TODO(b/200896773): Move this out from exo's default security delegate
// define in client's security delegates.
return ash::IsArcWindow(window) || ash::IsLacrosWindow(window);
}
ChromeSecurityDelegate::SetBoundsPolicy ChromeSecurityDelegate::CanSetBounds(
aura::Window* window) const {
// TODO(b/200896773): Move into LacrosSecurityDelegate when it exists.
if (ash::IsLacrosWindow(window)) {
return SetBoundsPolicy::DCHECK_IF_DECORATED;
} else if (ash::IsArcWindow(window)) {
// TODO(b/285252684): Move into ArcSecurityDelegate when it exists.
return SetBoundsPolicy::ADJUST_IF_DECORATED;
} else {
return SetBoundsPolicy::IGNORE;
}
}
std::vector<ui::FileInfo> ChromeSecurityDelegate::GetFilenames(
ui::EndpointType source,
const std::vector<uint8_t>& data) const {
std::vector<ui::FileInfo> result;
std::vector<FileInfo> file_infos = TranslateVMToHost(
GetVmName(source),
ui::URIListToFileInfos(std::string(data.begin(), data.end())));
for (auto& info : file_infos) {
result.push_back(ui::FileInfo(std::move(info.path), base::FilePath()));
}
return result;
}
void ChromeSecurityDelegate::SendFileInfo(
ui::EndpointType target,
const std::vector<ui::FileInfo>& files,
SendDataCallback callback) const {
std::vector<base::FilePath> paths;
for (const auto& file : files) {
paths.push_back(file.path);
}
ShareAndTranslateHostToVM(
GetVmName(target), CrackPaths(std::move(paths)),
base::BindOnce(&SendAfterShare, target, std::move(callback)));
}
void ChromeSecurityDelegate::SendPickle(ui::EndpointType target,
const base::Pickle& pickle,
SendDataCallback callback) {
std::vector<storage::FileSystemURL> file_system_urls =
GetFileSystemUrlsFromPickle(pickle);
// ARC FileSystemURLs are converted to Content URLs.
if (target == ui::EndpointType::kArc) {
if (file_system_urls.empty()) {
std::move(callback).Run(nullptr);
return;
}
arc::ConvertToContentUrlsAndShare(
ProfileManager::GetPrimaryUserProfile(), file_system_urls,
base::BindOnce(&SendArcUrls, std::move(callback)));
return;
}
std::vector<FileInfo> file_infos;
for (auto& url : file_system_urls) {
if (url.TypeImpliesPathIsReal()) {
base::FilePath path = url.path();
file_infos.emplace_back(std::move(path), std::move(url));
} else if (base::FilePath path =
fusebox::Server::SubstituteFuseboxFilePath(url);
!path.empty()) {
file_infos.emplace_back(std::move(path), std::move(url));
}
}
ShareAndTranslateHostToVM(
GetVmName(target), std::move(file_infos),
base::BindOnce(&SendAfterShare, target, std::move(callback)));
}
std::string ChromeSecurityDelegate::GetVmName(ui::EndpointType target) const {
if (target == ui::EndpointType::kArc) {
return arc::kArcVmName;
} else if (target == ui::EndpointType::kPluginVm) {
return plugin_vm::kPluginVmName;
}
return std::string();
}
} // namespace ash
Codebase Browser
chromium