Use FilesystemProxy in LevelDB ChromiumEnv

This rewrites ChromiumEnv to use the storage::FilesystemProxy API for all filesystem access. By default it will use unrestricted instances with direct filesystem access, effectively equivalent to the status quo. No interesting behavioral or performance changes are expected here. This will allow a follow-up CL to implement sandboxing support for LevelDB by constructing a ChromiumEnv instance over a restricted FilesystemProxy instance. Bug: 1052045 Change-Id: Ic23726b3f5abd3f1a322b49827e80dbf424c3de7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2080673 Commit-Queue: Ken Rockot <rockot@google.com> Reviewed-by: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#747584}

Use FilesystemProxy in LevelDB ChromiumEnv
This rewrites ChromiumEnv to use the storage::FilesystemProxy API for all filesystem access. By default it will use unrestricted instances with direct filesystem access, effectively equivalent to the status quo. No interesting behavioral or performance changes are expected here. This will allow a follow-up CL to implement sandboxing support for LevelDB by constructing a ChromiumEnv instance over a restricted FilesystemProxy instance. Bug: 1052045 Change-Id: Ic23726b3f5abd3f1a322b49827e80dbf424c3de7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2080673 Commit-Queue: Ken Rockot <rockot@google.com> Reviewed-by: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#747584}
25b44e5d · Ken Rockot · Commit Bot · b0238be0 · 25b44e5d · 25b44e5d
Commit 25b44e5d authored Mar 06, 2020 by Ken Rockot Committed by Commit Bot Mar 06, 2020
4 changed files
--- a/third_party/leveldatabase/BUILD.gn
+++ b/third_party/leveldatabase/BUILD.gn
@@ -127,6 +127,7 @@ component("leveldatabase") {
  deps = [
    "//base",
+    "//components/services/storage/public/cpp/filesystem",
    "//third_party/crc32c",
    "//third_party/re2",
    "//third_party/snappy",
@@ -162,6 +163,7 @@ static_library("leveldb_static") {
  deps = [
    "//base",
+    "//components/services/storage/public/cpp/filesystem",
    "//third_party/crc32c",
    "//third_party/re2",
    "//third_party/snappy",

--- a/third_party/leveldatabase/DEPS
+++ b/third_party/leveldatabase/DEPS
@@ -7,4 +7,10 @@ include_rules = [
  '+leveldb',
  '+port',
  '+util',
 ]
\ No newline at end of file
+specific_include_rules = {
+  'env_chromium\.cc': [
+    '+components/services/storage/public/cpp/filesystem',
+  ],
+}
--- a/third_party/leveldatabase/env_chromium.cc
+++ b/third_party/leveldatabase/env_chromium.cc
--- a/third_party/leveldatabase/env_chromium.h
+++ b/third_party/leveldatabase/env_chromium.h
@@ -35,6 +35,10 @@ class ProcessMemoryDump;
 }  // namespace trace_event
 }  // namespace base
+namespace storage {
+class FilesystemProxy;
+}
 namespace leveldb_env {
 // These entries map to values in tools/metrics/histograms/histograms.xml. New
@@ -157,11 +161,16 @@ class LEVELDB_EXPORT ChromiumEnv : public leveldb::Env,
                                   public UMALogger,
                                   public RetrierProvider {
 public:
+  using ScheduleFunc = void(void*);
+  // Constructs a ChromiumEnv instance with an unrestricted FilesystemProxy
+  // instance that performs direct filesystem access.
  ChromiumEnv();
-  typedef void(ScheduleFunc)(void*);
+  // Constructs a ChromiumEnv instance with a custom FilesystemProxy instance.
+  explicit ChromiumEnv(std::unique_ptr<storage::FilesystemProxy> filesystem);
-  virtual ~ChromiumEnv();
+  ~ChromiumEnv() override;
  bool FileExists(const std::string& fname) override;
  leveldb::Status GetChildren(const std::string& dir,
@@ -195,8 +204,14 @@ class LEVELDB_EXPORT ChromiumEnv : public leveldb::Env,
  void SetReadOnlyFileLimitForTesting(int max_open_files);
 protected:
+  // Constructs a ChromiumEnv instance with a local unrestricted FilesystemProxy
+  // instance that performs direct filesystem access.
  explicit ChromiumEnv(const std::string& name);
+  // Constructs a ChromiumEnv instance with a custom FilesystemProxy instance.
+  ChromiumEnv(const std::string& name,
+              std::unique_ptr<storage::FilesystemProxy> filesystem);
  static const char* FileErrorString(base::File::Error error);
 private:
@@ -207,23 +222,6 @@ class LEVELDB_EXPORT ChromiumEnv : public leveldb::Env,
  base::HistogramBase* GetOSErrorHistogram(MethodID method, int limit) const;
  void RemoveBackupFiles(const base::FilePath& dir);
-  // File locks may not be exclusive within a process (e.g. on POSIX). Track
-  // locks held by the ChromiumEnv to prevent access within the process.
-  class LockTable {
-   public:
-    bool Insert(const std::string& fname) {
-      leveldb::MutexLock l(&mu_);
-      return locked_files_.insert(fname).second;
-    }
-    bool Remove(const std::string& fname) {
-      leveldb::MutexLock l(&mu_);
-      return locked_files_.erase(fname) == 1;
-    }
-   private:
-    leveldb::port::Mutex mu_;
-    std::set<std::string> locked_files_;
-  };
  const int kMaxRetryTimeMillis;
  // BGThread() is the body of the background thread
  void BGThread();
@@ -239,6 +237,8 @@ class LEVELDB_EXPORT ChromiumEnv : public leveldb::Env,
  base::HistogramBase* GetRecoveredFromErrorHistogram(
      MethodID method) const override;
+  const std::unique_ptr<storage::FilesystemProxy> filesystem_;
  base::FilePath test_directory_;
  std::string name_;
@@ -255,7 +255,6 @@ class LEVELDB_EXPORT ChromiumEnv : public leveldb::Env,
  };
  using BGQueue = base::circular_deque<BGItem>;
  BGQueue queue_;
-  LockTable locks_;
  std::unique_ptr<leveldb::Cache> file_cache_;
 };