Home Explore 引导页 在线工具 Blog
Register Sign In
Pchen0
/
electron
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 36b7cf341e
Branches Tags
electron
/
shell
/
browser
/
file_system_access
/
file_system_access_permission_context.h

file_system_access_permission_context.h 6.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179 
  1. // Copyright (c) 2024 Microsoft, GmbH
    2. 

  2. // Use of this source code is governed by the MIT license that can be
    3. 

  3. // found in the LICENSE file.
    4. 

  4. 

  5. #ifndef ELECTRON_SHELL_BROWSER_FILE_SYSTEM_ACCESS_ELECTRON_FILE_SYSTEM_ACCESS_PERMISSION_CONTEXT_H_
    6. 

  6. #define ELECTRON_SHELL_BROWSER_FILE_SYSTEM_ACCESS_ELECTRON_FILE_SYSTEM_ACCESS_PERMISSION_CONTEXT_H_
    7. 

  7. 

  8. #include "shell/browser/file_system_access/file_system_access_permission_context.h"
    9. 

  9. 

  10. #include <memory>
    11. 

  11. #include <string>
    12. 

  12. #include <vector>
    13. 

  13. 

  14. #include "base/functional/callback_forward.h"
    15. 

  15. #include "base/memory/weak_ptr.h"
    16. 

  16. #include "base/time/clock.h"
    17. 

  17. #include "base/time/default_clock.h"
    18. 

  18. #include "base/values.h"
    19. 

  19. #include "components/keyed_service/core/keyed_service.h"
    20. 

  20. #include "content/public/browser/file_system_access_permission_context.h"
    21. 

  21. 

  22. class GURL;
    23. 

  23. 

  24. namespace gin {
    25. 

  25. class Arguments;
    26. 

  26. }  // namespace gin
    27. 

  27. 

  28. namespace base {
    29. 

  29. class FilePath;
    30. 

  30. }  // namespace base
    31. 

  31. 

  32. namespace storage {
    33. 

  33. class FileSystemURL;
    34. 

  34. }  // namespace storage
    35. 

  35. 

  36. namespace electron {
    37. 

  37. 

  38. class FileSystemAccessPermissionContext
    39. 

  39.     : public KeyedService,
    40. 

  40.       public content::FileSystemAccessPermissionContext {
    41. 

  41.  public:
    42. 

  42.   enum class GrantType { kRead, kWrite };
    43. 

  43. 

  44.   explicit FileSystemAccessPermissionContext(
    45. 

  45.       content::BrowserContext* browser_context,
    46. 

  46.       const base::Clock* clock = base::DefaultClock::GetInstance());
    47. 

  47.   FileSystemAccessPermissionContext(const FileSystemAccessPermissionContext&) =
    48. 

  48.       delete;
    49. 

  49.   FileSystemAccessPermissionContext& operator=(
    50. 

  50.       const FileSystemAccessPermissionContext&) = delete;
    51. 

  51.   ~FileSystemAccessPermissionContext() override;
    52. 

  52. 

  53.   // content::FileSystemAccessPermissionContext:
    54. 

  54.   scoped_refptr<content::FileSystemAccessPermissionGrant>
    55. 

  55.   GetReadPermissionGrant(const url::Origin& origin,
    56. 

  56.                          const content::PathInfo& path,
    57. 

  57.                          HandleType handle_type,
    58. 

  58.                          UserAction user_action) override;
    59. 

  59. 

  60.   scoped_refptr<content::FileSystemAccessPermissionGrant>
    61. 

  61.   GetWritePermissionGrant(const url::Origin& origin,
    62. 

  62.                           const content::PathInfo& path,
    63. 

  63.                           HandleType handle_type,
    64. 

  64.                           UserAction user_action) override;
    65. 

  65. 

  66.   void ConfirmSensitiveEntryAccess(
    67. 

  67.       const url::Origin& origin,
    68. 

  68.       const content::PathInfo& path,
    69. 

  69.       HandleType handle_type,
    70. 

  70.       UserAction user_action,
    71. 

  71.       content::GlobalRenderFrameHostId frame_id,
    72. 

  72.       base::OnceCallback<void(SensitiveEntryResult)> callback) override;
    73. 

  73. 

  74.   void PerformAfterWriteChecks(
    75. 

  75.       std::unique_ptr<content::FileSystemAccessWriteItem> item,
    76. 

  76.       content::GlobalRenderFrameHostId frame_id,
    77. 

  77.       base::OnceCallback<void(AfterWriteCheckResult)> callback) override;
    78. 

  78. 

  79.   bool IsFileTypeDangerous(const base::FilePath& path,
    80. 

  80.                            const url::Origin& origin) override;
    81. 

  81. 

  82.   bool CanObtainReadPermission(const url::Origin& origin) override;
    83. 

  83.   bool CanObtainWritePermission(const url::Origin& origin) override;
    84. 

  84. 

  85.   void SetLastPickedDirectory(const url::Origin& origin,
    86. 

  86.                               const std::string& id,
    87. 

  87.                               const content::PathInfo& path) override;
    88. 

  88. 

  89.   content::PathInfo GetLastPickedDirectory(const url::Origin& origin,
    90. 

  90.                                            const std::string& id) override;
    91. 

  91. 

  92.   base::FilePath GetWellKnownDirectoryPath(
    93. 

  93.       blink::mojom::WellKnownDirectory directory,
    94. 

  94.       const url::Origin& origin) override;
    95. 

  95. 

  96.   std::u16string GetPickerTitle(
    97. 

  97.       const blink::mojom::FilePickerOptionsPtr& options) override;
    98. 

  98. 

  99.   void NotifyEntryMoved(const url::Origin& origin,
    100. 

  100.                         const content::PathInfo& old_path,
    101. 

  101.                         const content::PathInfo& new_path) override;
    102. 

  102. 

  103.   void OnFileCreatedFromShowSaveFilePicker(
    104. 

  104.       const GURL& file_picker_binding_context,
    105. 

  105.       const storage::FileSystemURL& url) override;
    106. 

  106. 

  107.   void CheckPathsAgainstEnterprisePolicy(
    108. 

  108.       std::vector<content::PathInfo> entries,
    109. 

  109.       content::GlobalRenderFrameHostId frame_id,
    110. 

  110.       EntriesAllowedByEnterprisePolicyCallback callback) override;
    111. 

  111. 

  112.   enum class Access { kRead, kWrite, kReadWrite };
    113. 

  113. 

  114.   enum class RequestType { kNewPermission, kRestorePermissions };
    115. 

  115. 

  116.   void RevokeActiveGrants(const url::Origin& origin,
    117. 

  117.                           const base::FilePath& file_path = base::FilePath());
    118. 

  118. 

  119.   bool OriginHasReadAccess(const url::Origin& origin);
    120. 

  120.   bool OriginHasWriteAccess(const url::Origin& origin);
    121. 

  121. 

  122.   // Called by FileSystemAccessWebContentsHelper when a top-level frame was
    123. 

  123.   // navigated away from `origin` to some other origin.
    124. 

  124.   void NavigatedAwayFromOrigin(const url::Origin& origin);
    125. 

  125. 

  126.   content::BrowserContext* browser_context() const { return browser_context_; }
    127. 

  127. 

  128.  protected:
    129. 

  129.   SEQUENCE_CHECKER(sequence_checker_);
    130. 

  130. 

  131.  private:
    132. 

  132.   class PermissionGrantImpl;
    133. 

  133. 

  134.   void PermissionGrantDestroyed(PermissionGrantImpl* grant);
    135. 

  135. 

  136.   void CheckPathAgainstBlocklist(const content::PathInfo& path,
    137. 

  137.                                  HandleType handle_type,
    138. 

  138.                                  base::OnceCallback<void(bool)> callback);
    139. 

  139.   void DidCheckPathAgainstBlocklist(const url::Origin& origin,
    140. 

  140.                                     const content::PathInfo& path,
    141. 

  141.                                     HandleType handle_type,
    142. 

  142.                                     UserAction user_action,
    143. 

  143.                                     content::GlobalRenderFrameHostId frame_id,
    144. 

  144.                                     bool should_block);
    145. 

  145. 

  146.   void RunRestrictedPathCallback(SensitiveEntryResult result);
    147. 

  147. 

  148.   void OnRestrictedPathResult(gin::Arguments* args);
    149. 

  149. 

  150.   void MaybeEvictEntries(base::Value::Dict& dict);
    151. 

  151. 

  152.   void CleanupPermissions(const url::Origin& origin);
    153. 

  153. 

  154.   bool AncestorHasActivePermission(const url::Origin& origin,
    155. 

  155.                                    const base::FilePath& path,
    156. 

  156.                                    GrantType grant_type) const;
    157. 

  157. 

  158.   base::WeakPtr<FileSystemAccessPermissionContext> GetWeakPtr();
    159. 

  159. 

  160.   const raw_ptr<content::BrowserContext, DanglingUntriaged> browser_context_;
    161. 

  161. 

  162.   struct OriginState;
    163. 

  163.   std::map<url::Origin, OriginState> active_permissions_map_;
    164. 

  164. 

  165.   // Number of custom IDs an origin can specify.
    166. 

  166.   size_t max_ids_per_origin_ = 32u;
    167. 

  167. 

  168.   const raw_ptr<const base::Clock> clock_;
    169. 

  169. 

  170.   std::map<url::Origin, base::Value::Dict> id_pathinfo_map_;
    171. 

  171. 

  172.   base::OnceCallback<void(SensitiveEntryResult)> callback_;
    173. 

  173. 

  174.   base::WeakPtrFactory<FileSystemAccessPermissionContext> weak_factory_{this};
    175. 

  175. };
    176. 

  176. 

  177. }  // namespace electron
    178. 

  178. 

  179. #endif  // ELECTRON_SHELL_BROWSER_FILE_SYSTEM_ACCESS_FILE_SYSTEM_ACCESS_PERMISSION_CONTEXT_H_
    180.