Home Explore 引导页 在线工具 Blog
Register Sign In
Pchen0
/
electron
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 946ab5f1d7
Branches Tags
electron
/
shell
/
browser
/
file_system_access
/
file_system_access_permission_context.h

file_system_access_permission_context.h 6.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180 
  1. // Copyright (c) 2024 Microsoft, GmbH
    2. 

  2. // Use of this source code is governed by the MIT license that can be
    3. 

  3. // found in the LICENSE file.
    4. 

  4. 

  5. #ifndef ELECTRON_SHELL_BROWSER_FILE_SYSTEM_ACCESS_ELECTRON_FILE_SYSTEM_ACCESS_PERMISSION_CONTEXT_H_
    6. 

  6. #define ELECTRON_SHELL_BROWSER_FILE_SYSTEM_ACCESS_ELECTRON_FILE_SYSTEM_ACCESS_PERMISSION_CONTEXT_H_
    7. 

  7. 

  8. #include "shell/browser/file_system_access/file_system_access_permission_context.h"
    9. 

  9. 

  10. #include <memory>
    11. 

  11. #include <string>
    12. 

  12. #include <vector>
    13. 

  13. 

  14. #include "base/functional/callback_forward.h"
    15. 

  15. #include "base/memory/weak_ptr.h"
    16. 

  16. #include "base/time/clock.h"
    17. 

  17. #include "base/time/default_clock.h"
    18. 

  18. #include "base/values.h"
    19. 

  19. #include "components/keyed_service/core/keyed_service.h"
    20. 

  20. #include "content/public/browser/file_system_access_permission_context.h"
    21. 

  21. 

  22. class GURL;
    23. 

  23. 

  24. namespace gin {
    25. 

  25. class Arguments;
    26. 

  26. }  // namespace gin
    27. 

  27. 

  28. namespace base {
    29. 

  29. class FilePath;
    30. 

  30. }  // namespace base
    31. 

  31. 

  32. namespace storage {
    33. 

  33. class FileSystemURL;
    34. 

  34. }  // namespace storage
    35. 

  35. 

  36. namespace electron {
    37. 

  37. 

  38. class FileSystemAccessPermissionContext
    39. 

  39.     : public KeyedService,
    40. 

  40.       public content::FileSystemAccessPermissionContext {
    41. 

  41.  public:
    42. 

  42.   enum class GrantType { kRead, kWrite };
    43. 

  43. 

  44.   explicit FileSystemAccessPermissionContext(
    45. 

  45.       content::BrowserContext* browser_context,
    46. 

  46.       const base::Clock* clock = base::DefaultClock::GetInstance());
    47. 

  47.   FileSystemAccessPermissionContext(const FileSystemAccessPermissionContext&) =
    48. 

  48.       delete;
    49. 

  49.   FileSystemAccessPermissionContext& operator=(
    50. 

  50.       const FileSystemAccessPermissionContext&) = delete;
    51. 

  51.   ~FileSystemAccessPermissionContext() override;
    52. 

  52. 

  53.   // content::FileSystemAccessPermissionContext:
    54. 

  54.   scoped_refptr<content::FileSystemAccessPermissionGrant>
    55. 

  55.   GetReadPermissionGrant(const url::Origin& origin,
    56. 

  56.                          const content::PathInfo& path,
    57. 

  57.                          HandleType handle_type,
    58. 

  58.                          UserAction user_action) override;
    59. 

  59. 

  60.   scoped_refptr<content::FileSystemAccessPermissionGrant>
    61. 

  61.   GetWritePermissionGrant(const url::Origin& origin,
    62. 

  62.                           const content::PathInfo& path,
    63. 

  63.                           HandleType handle_type,
    64. 

  64.                           UserAction user_action) override;
    65. 

  65. 

  66.   void ConfirmSensitiveEntryAccess(
    67. 

  67.       const url::Origin& origin,
    68. 

  68.       const content::PathInfo& path,
    69. 

  69.       HandleType handle_type,
    70. 

  70.       UserAction user_action,
    71. 

  71.       content::GlobalRenderFrameHostId frame_id,
    72. 

  72.       base::OnceCallback<void(SensitiveEntryResult)> callback) override;
    73. 

  73. 

  74.   void PerformAfterWriteChecks(
    75. 

  75.       std::unique_ptr<content::FileSystemAccessWriteItem> item,
    76. 

  76.       content::GlobalRenderFrameHostId frame_id,
    77. 

  77.       base::OnceCallback<void(AfterWriteCheckResult)> callback) override;
    78. 

  78. 

  79.   bool IsFileTypeDangerous(const base::FilePath& path,
    80. 

  80.                            const url::Origin& origin) override;
    81. 

  81.   base::expected<void, std::string> CanShowFilePicker(
    82. 

  82.       content::RenderFrameHost* rfh) override;
    83. 

  83.   bool CanObtainReadPermission(const url::Origin& origin) override;
    84. 

  84.   bool CanObtainWritePermission(const url::Origin& origin) override;
    85. 

  85. 

  86.   void SetLastPickedDirectory(const url::Origin& origin,
    87. 

  87.                               const std::string& id,
    88. 

  88.                               const content::PathInfo& path) override;
    89. 

  89. 

  90.   content::PathInfo GetLastPickedDirectory(const url::Origin& origin,
    91. 

  91.                                            const std::string& id) override;
    92. 

  92. 

  93.   base::FilePath GetWellKnownDirectoryPath(
    94. 

  94.       blink::mojom::WellKnownDirectory directory,
    95. 

  95.       const url::Origin& origin) override;
    96. 

  96. 

  97.   std::u16string GetPickerTitle(
    98. 

  98.       const blink::mojom::FilePickerOptionsPtr& options) override;
    99. 

  99. 

  100.   void NotifyEntryMoved(const url::Origin& origin,
    101. 

  101.                         const content::PathInfo& old_path,
    102. 

  102.                         const content::PathInfo& new_path) override;
    103. 

  103. 

  104.   void OnFileCreatedFromShowSaveFilePicker(
    105. 

  105.       const GURL& file_picker_binding_context,
    106. 

  106.       const storage::FileSystemURL& url) override;
    107. 

  107. 

  108.   void CheckPathsAgainstEnterprisePolicy(
    109. 

  109.       std::vector<content::PathInfo> entries,
    110. 

  110.       content::GlobalRenderFrameHostId frame_id,
    111. 

  111.       EntriesAllowedByEnterprisePolicyCallback callback) override;
    112. 

  112. 

  113.   enum class Access { kRead, kWrite, kReadWrite };
    114. 

  114. 

  115.   enum class RequestType { kNewPermission, kRestorePermissions };
    116. 

  116. 

  117.   void RevokeActiveGrants(const url::Origin& origin,
    118. 

  118.                           const base::FilePath& file_path = base::FilePath());
    119. 

  119. 

  120.   bool OriginHasReadAccess(const url::Origin& origin);
    121. 

  121.   bool OriginHasWriteAccess(const url::Origin& origin);
    122. 

  122. 

  123.   // Called by FileSystemAccessWebContentsHelper when a top-level frame was
    124. 

  124.   // navigated away from `origin` to some other origin.
    125. 

  125.   void NavigatedAwayFromOrigin(const url::Origin& origin);
    126. 

  126. 

  127.   content::BrowserContext* browser_context() const { return browser_context_; }
    128. 

  128. 

  129.  protected:
    130. 

  130.   SEQUENCE_CHECKER(sequence_checker_);
    131. 

  131. 

  132.  private:
    133. 

  133.   class PermissionGrantImpl;
    134. 

  134. 

  135.   void PermissionGrantDestroyed(PermissionGrantImpl* grant);
    136. 

  136. 

  137.   void CheckPathAgainstBlocklist(const content::PathInfo& path,
    138. 

  138.                                  HandleType handle_type,
    139. 

  139.                                  base::OnceCallback<void(bool)> callback);
    140. 

  140.   void DidCheckPathAgainstBlocklist(const url::Origin& origin,
    141. 

  141.                                     const content::PathInfo& path,
    142. 

  142.                                     HandleType handle_type,
    143. 

  143.                                     UserAction user_action,
    144. 

  144.                                     content::GlobalRenderFrameHostId frame_id,
    145. 

  145.                                     bool should_block);
    146. 

  146. 

  147.   void RunRestrictedPathCallback(SensitiveEntryResult result);
    148. 

  148. 

  149.   void OnRestrictedPathResult(gin::Arguments* args);
    150. 

  150. 

  151.   void MaybeEvictEntries(base::Value::Dict& dict);
    152. 

  152. 

  153.   void CleanupPermissions(const url::Origin& origin);
    154. 

  154. 

  155.   bool AncestorHasActivePermission(const url::Origin& origin,
    156. 

  156.                                    const base::FilePath& path,
    157. 

  157.                                    GrantType grant_type) const;
    158. 

  158. 

  159.   base::WeakPtr<FileSystemAccessPermissionContext> GetWeakPtr();
    160. 

  160. 

  161.   const raw_ptr<content::BrowserContext, DanglingUntriaged> browser_context_;
    162. 

  162. 

  163.   struct OriginState;
    164. 

  164.   std::map<url::Origin, OriginState> active_permissions_map_;
    165. 

  165. 

  166.   // Number of custom IDs an origin can specify.
    167. 

  167.   size_t max_ids_per_origin_ = 32u;
    168. 

  168. 

  169.   const raw_ptr<const base::Clock> clock_;
    170. 

  170. 

  171.   std::map<url::Origin, base::Value::Dict> id_pathinfo_map_;
    172. 

  172. 

  173.   base::OnceCallback<void(SensitiveEntryResult)> callback_;
    174. 

  174. 

  175.   base::WeakPtrFactory<FileSystemAccessPermissionContext> weak_factory_{this};
    176. 

  176. };
    177. 

  177. 

  178. }  // namespace electron
    179. 

  179. 

  180. #endif  // ELECTRON_SHELL_BROWSER_FILE_SYSTEM_ACCESS_FILE_SYSTEM_ACCESS_PERMISSION_CONTEXT_H_
    181.