diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2023-08-09 13:09:54 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2023-10-16 13:38:18 +0000 |
commit | acbcf08a6dffdfe90a6eaf661fcd6923f0de2447 (patch) | |
tree | 749564d8cf9b3d49cdae1cce9ec8ce0602900f1c /chromium/base/files/file_util.h | |
parent | 266cfa0fb83513250bcefd8234e0916c195a4b2e (diff) |
BASELINE: Update Chromium to 114.0.5735.248
Change-Id: Ie7ddd5d87175d4bde196f774c742cdbb9d5d311a
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/495463
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/base/files/file_util.h')
-rw-r--r-- | chromium/base/files/file_util.h | 82 |
1 files changed, 67 insertions, 15 deletions
diff --git a/chromium/base/files/file_util.h b/chromium/base/files/file_util.h index 7ec9f2b6758..0b0c7df1517 100644 --- a/chromium/base/files/file_util.h +++ b/chromium/base/files/file_util.h @@ -42,10 +42,28 @@ class Time; // Functions that involve filesystem access or modification: // Returns an absolute version of a relative path. Returns an empty path on -// error. On POSIX, this function fails if the path does not exist. This -// function can result in I/O so it can be slow. +// error. This function can result in I/O so it can be slow. +// +// On POSIX, this function calls realpath(), so: +// 1) it fails if the path does not exist. +// 2) it expands all symlink components of the path. +// 3) it removes "." and ".." directory components. BASE_EXPORT FilePath MakeAbsoluteFilePath(const FilePath& input); +#if BUILDFLAG(IS_POSIX) +// Prepends the current working directory if `input` is not already absolute, +// and removes "/./" and "/../" This is similar to MakeAbsoluteFilePath(), but +// MakeAbsoluteFilePath() expands all symlinks in the path and this does not. +// +// This may block if `input` is a relative path, when calling +// GetCurrentDirectory(). +// +// This doesn't return absl::nullopt unless (1) `input` is empty, or (2) +// `input` is a relative path and GetCurrentDirectory() fails. +[[nodiscard]] BASE_EXPORT absl::optional<FilePath> +MakeAbsoluteFilePathNoResolveSymbolicLinks(const FilePath& input); +#endif + // Returns the total number of bytes used by all the files under |root_path|. // If the path does not exist the function returns 0. // @@ -254,6 +272,8 @@ BASE_EXPORT bool ReadFromFD(int fd, char* buffer, size_t bytes); // Performs the same function as CreateAndOpenTemporaryStreamInDir(), but // returns the file-descriptor wrapped in a ScopedFD, rather than the stream // wrapped in a ScopedFILE. +// The caller is responsible for deleting the file `path` points to, if +// appropriate. BASE_EXPORT ScopedFD CreateAndOpenFdForTemporaryFileInDir(const FilePath& dir, FilePath* path); @@ -275,10 +295,21 @@ BASE_EXPORT bool ReadFileToStringNonBlocking(const base::FilePath& file, BASE_EXPORT bool CreateSymbolicLink(const FilePath& target, const FilePath& symlink); -// Reads the given |symlink| and returns where it points to in |target|. +// Reads the given |symlink| and returns the raw string in |target|. // Returns false upon failure. +// IMPORTANT NOTE: if the string stored in the symlink is a relative file path, +// it should be interpreted relative to the symlink's directory, NOT the current +// working directory. ReadSymbolicLinkAbsolute() may be the better choice. BASE_EXPORT bool ReadSymbolicLink(const FilePath& symlink, FilePath* target); +// Same as ReadSymbolicLink(), but properly converts it into an absolute path if +// the link is relative. +// Can fail if readlink() fails, or if +// MakeAbsoluteFilePathNoResolveSymbolicLinks() fails on the resulting absolute +// path. +BASE_EXPORT absl::optional<FilePath> ReadSymbolicLinkAbsolute( + const FilePath& symlink); + // Bits and masks of the file permission. enum FilePermissionBits { FILE_PERMISSION_MASK = S_IRWXU | S_IRWXG | S_IRWXO, @@ -341,18 +372,25 @@ BASE_EXPORT bool GetTempDir(FilePath* path); BASE_EXPORT FilePath GetHomeDir(); // Returns a new temporary file in |dir| with a unique name. The file is opened -// for exclusive read, write, and delete access (note: exclusivity is unique to -// Windows). On Windows, the returned file supports File::DeleteOnClose. +// for exclusive read, write, and delete access. // On success, |temp_file| is populated with the full path to the created file. +// +// NOTE: Exclusivity is unique to Windows. On Windows, the returned file +// supports File::DeleteOnClose. On other platforms, the caller is responsible +// for deleting the file `temp_file` points to, if appropriate. BASE_EXPORT File CreateAndOpenTemporaryFileInDir(const FilePath& dir, FilePath* temp_file); -// Creates a temporary file. The full path is placed in |path|, and the +// Creates a temporary file. The full path is placed in `path`, and the // function returns true if was successful in creating the file. The file will // be empty and all handles closed after this function returns. +// The caller is responsible for deleting the file `path` points to, if +// appropriate. BASE_EXPORT bool CreateTemporaryFile(FilePath* path); -// Same as CreateTemporaryFile but the file is created in |dir|. +// Same as CreateTemporaryFile() but the file is created in `dir`. +// The caller is responsible for deleting the file `temp_file` points to, if +// appropriate. BASE_EXPORT bool CreateTemporaryFileInDir(const FilePath& dir, FilePath* temp_file); @@ -362,14 +400,28 @@ BASE_EXPORT FilePath FormatTemporaryFileName(FilePath::StringPieceType identifier); // Create and open a temporary file stream for exclusive read, write, and delete -// access (note: exclusivity is unique to Windows). The full path is placed in -// |path|. Returns the opened file stream, or null in case of error. +// access. The full path is placed in `path`. Returns the opened file stream, or +// null in case of error. +// NOTE: Exclusivity is unique to Windows. On Windows, the returned file +// supports File::DeleteOnClose. On other platforms, the caller is responsible +// for deleting the file `path` points to, if appropriate. BASE_EXPORT ScopedFILE CreateAndOpenTemporaryStream(FilePath* path); -// Similar to CreateAndOpenTemporaryStream, but the file is created in |dir|. +// Similar to CreateAndOpenTemporaryStream(), but the file is created in `dir`. BASE_EXPORT ScopedFILE CreateAndOpenTemporaryStreamInDir(const FilePath& dir, FilePath* path); +#if BUILDFLAG(IS_WIN) +// Retrieves the path `%systemroot%\SystemTemp`, if available, else retrieves +// `%programfiles%`. +// Returns the path in `temp` and `true` if the path is writable by the caller, +// which is usually only when the caller is running as admin or system. +// Returns `false` otherwise. +// Both paths are only accessible to admin and system processes, and are +// therefore secure. +BASE_EXPORT bool GetSecureSystemTemp(FilePath* temp); +#endif // BUILDFLAG(IS_WIN) + // Do NOT USE in new code. Use ScopedTempDir instead. // TODO(crbug.com/561597) Remove existing usage and make this an implementation // detail inside ScopedTempDir. @@ -379,11 +431,11 @@ BASE_EXPORT ScopedFILE CreateAndOpenTemporaryStreamInDir(const FilePath& dir, // NOTE: prefix is ignored in the POSIX implementation. // If success, return true and output the full path of the directory created. // -// For Windows, this directory is usually created in a secure location under -// %ProgramFiles% if the caller is admin. This is because the default %TEMP% -// folder for Windows is insecure, since low privilege users can get the path of -// folders under %TEMP% after creation and are able to create subfolders and -// files within these folders which can lead to privilege escalation. +// For Windows, this directory is usually created in a secure location if the +// caller is admin. This is because the default %TEMP% folder for Windows is +// insecure, since low privilege users can get the path of folders under %TEMP% +// after creation and are able to create subfolders and files within these +// folders which can lead to privilege escalation. BASE_EXPORT bool CreateNewTempDirectory(const FilePath::StringType& prefix, FilePath* new_temp_path); |