1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef BASE_FILES_FILE_H_ 6 #define BASE_FILES_FILE_H_ 7 8 #include <stdint.h> 9 10 #include <string> 11 12 #include "base/base_export.h" 13 #include "base/containers/span.h" 14 #include "base/files/file_path.h" 15 #include "base/files/file_tracing.h" 16 #include "base/files/platform_file.h" 17 #include "base/macros.h" 18 #include "base/time/time.h" 19 #include "build/build_config.h" 20 21 #if defined(OS_POSIX) || defined(OS_FUCHSIA) 22 #include <sys/stat.h> 23 #endif 24 25 namespace base { 26 27 #if defined(OS_BSD) || defined(OS_MACOSX) || defined(OS_NACL) || \ 28 defined(OS_FUCHSIA) || (defined(OS_ANDROID) && __ANDROID_API__ < 21) 29 typedef struct stat stat_wrapper_t; 30 #elif defined(OS_POSIX) 31 typedef struct stat64 stat_wrapper_t; 32 #endif 33 34 // Thin wrapper around an OS-level file. 35 // Note that this class does not provide any support for asynchronous IO, other 36 // than the ability to create asynchronous handles on Windows. 37 // 38 // Note about const: this class does not attempt to determine if the underlying 39 // file system object is affected by a particular method in order to consider 40 // that method const or not. Only methods that deal with member variables in an 41 // obvious non-modifying way are marked as const. Any method that forward calls 42 // to the OS is not considered const, even if there is no apparent change to 43 // member variables. 44 class BASE_EXPORT File { 45 public: 46 // FLAG_(OPEN|CREATE).* are mutually exclusive. You should specify exactly one 47 // of the five (possibly combining with other flags) when opening or creating 48 // a file. 49 // FLAG_(WRITE|APPEND) are mutually exclusive. This is so that APPEND behavior 50 // will be consistent with O_APPEND on POSIX. 51 // FLAG_EXCLUSIVE_(READ|WRITE) only grant exclusive access to the file on 52 // creation on POSIX; for existing files, consider using Lock(). 53 enum Flags { 54 FLAG_OPEN = 1 << 0, // Opens a file, only if it exists. 55 FLAG_CREATE = 1 << 1, // Creates a new file, only if it does not 56 // already exist. 57 FLAG_OPEN_ALWAYS = 1 << 2, // May create a new file. 58 FLAG_CREATE_ALWAYS = 1 << 3, // May overwrite an old file. 59 FLAG_OPEN_TRUNCATED = 1 << 4, // Opens a file and truncates it, only if it 60 // exists. 61 FLAG_READ = 1 << 5, 62 FLAG_WRITE = 1 << 6, 63 FLAG_APPEND = 1 << 7, 64 FLAG_EXCLUSIVE_READ = 1 << 8, // EXCLUSIVE is opposite of Windows SHARE. 65 FLAG_EXCLUSIVE_WRITE = 1 << 9, 66 FLAG_ASYNC = 1 << 10, 67 FLAG_TEMPORARY = 1 << 11, // Used on Windows only. 68 FLAG_HIDDEN = 1 << 12, // Used on Windows only. 69 FLAG_DELETE_ON_CLOSE = 1 << 13, 70 FLAG_WRITE_ATTRIBUTES = 1 << 14, // Used on Windows only. 71 FLAG_SHARE_DELETE = 1 << 15, // Used on Windows only. 72 FLAG_TERMINAL_DEVICE = 1 << 16, // Serial port flags. 73 FLAG_BACKUP_SEMANTICS = 1 << 17, // Used on Windows only. 74 FLAG_EXECUTE = 1 << 18, // Used on Windows only. 75 FLAG_SEQUENTIAL_SCAN = 1 << 19, // Used on Windows only. 76 FLAG_CAN_DELETE_ON_CLOSE = 1 << 20, // Requests permission to delete a file 77 // via DeleteOnClose() (Windows only). 78 // See DeleteOnClose() for details. 79 }; 80 81 // This enum has been recorded in multiple histograms using PlatformFileError 82 // enum. If the order of the fields needs to change, please ensure that those 83 // histograms are obsolete or have been moved to a different enum. 84 // 85 // FILE_ERROR_ACCESS_DENIED is returned when a call fails because of a 86 // filesystem restriction. FILE_ERROR_SECURITY is returned when a browser 87 // policy doesn't allow the operation to be executed. 88 enum Error { 89 FILE_OK = 0, 90 FILE_ERROR_FAILED = -1, 91 FILE_ERROR_IN_USE = -2, 92 FILE_ERROR_EXISTS = -3, 93 FILE_ERROR_NOT_FOUND = -4, 94 FILE_ERROR_ACCESS_DENIED = -5, 95 FILE_ERROR_TOO_MANY_OPENED = -6, 96 FILE_ERROR_NO_MEMORY = -7, 97 FILE_ERROR_NO_SPACE = -8, 98 FILE_ERROR_NOT_A_DIRECTORY = -9, 99 FILE_ERROR_INVALID_OPERATION = -10, 100 FILE_ERROR_SECURITY = -11, 101 FILE_ERROR_ABORT = -12, 102 FILE_ERROR_NOT_A_FILE = -13, 103 FILE_ERROR_NOT_EMPTY = -14, 104 FILE_ERROR_INVALID_URL = -15, 105 FILE_ERROR_IO = -16, 106 // Put new entries here and increment FILE_ERROR_MAX. 107 FILE_ERROR_MAX = -17 108 }; 109 110 // This explicit mapping matches both FILE_ on Windows and SEEK_ on Linux. 111 enum Whence { 112 FROM_BEGIN = 0, 113 FROM_CURRENT = 1, 114 FROM_END = 2 115 }; 116 117 // Used to hold information about a given file. 118 // If you add more fields to this structure (platform-specific fields are OK), 119 // make sure to update all functions that use it in file_util_{win|posix}.cc, 120 // too, and the ParamTraits<base::File::Info> implementation in 121 // ipc/ipc_message_utils.cc. 122 struct BASE_EXPORT Info { 123 Info(); 124 ~Info(); 125 #if defined(OS_POSIX) || defined(OS_FUCHSIA) 126 // Fills this struct with values from |stat_info|. 127 void FromStat(const stat_wrapper_t& stat_info); 128 #endif 129 130 // The size of the file in bytes. Undefined when is_directory is true. 131 int64_t size = 0; 132 133 // True if the file corresponds to a directory. 134 bool is_directory = false; 135 136 // True if the file corresponds to a symbolic link. For Windows currently 137 // not supported and thus always false. 138 bool is_symbolic_link = false; 139 140 // The last modified time of a file. 141 Time last_modified; 142 143 // The last accessed time of a file. 144 Time last_accessed; 145 146 // The creation time of a file. 147 Time creation_time; 148 }; 149 150 File(); 151 152 // Creates or opens the given file. This will fail with 'access denied' if the 153 // |path| contains path traversal ('..') components. 154 File(const FilePath& path, uint32_t flags); 155 156 // Takes ownership of |platform_file| and sets async to false. 157 explicit File(ScopedPlatformFile platform_file); 158 explicit File(PlatformFile platform_file); 159 160 // Takes ownership of |platform_file| and sets async to the given value. 161 // This constructor exists because on Windows you can't check if platform_file 162 // is async or not. 163 File(ScopedPlatformFile platform_file, bool async); 164 File(PlatformFile platform_file, bool async); 165 166 // Creates an object with a specific error_details code. 167 explicit File(Error error_details); 168 169 File(File&& other); 170 171 ~File(); 172 173 File& operator=(File&& other); 174 175 // Creates or opens the given file. 176 void Initialize(const FilePath& path, uint32_t flags); 177 178 // Returns |true| if the handle / fd wrapped by this object is valid. This 179 // method doesn't interact with the file system (and is safe to be called from 180 // ThreadRestrictions::SetIOAllowed(false) threads). 181 bool IsValid() const; 182 183 // Returns true if a new file was created (or an old one truncated to zero 184 // length to simulate a new file, which can happen with 185 // FLAG_CREATE_ALWAYS), and false otherwise. created()186 bool created() const { return created_; } 187 188 // Returns the OS result of opening this file. Note that the way to verify 189 // the success of the operation is to use IsValid(), not this method: 190 // File file(path, flags); 191 // if (!file.IsValid()) 192 // return; error_details()193 Error error_details() const { return error_details_; } 194 195 PlatformFile GetPlatformFile() const; 196 PlatformFile TakePlatformFile(); 197 198 // Destroying this object closes the file automatically. 199 void Close(); 200 201 // Changes current position in the file to an |offset| relative to an origin 202 // defined by |whence|. Returns the resultant current position in the file 203 // (relative to the start) or -1 in case of error. 204 int64_t Seek(Whence whence, int64_t offset); 205 206 // Simplified versions of Read() and friends (see below) that check the int 207 // return value and just return a boolean. They return true if and only if 208 // the function read in / wrote out exactly |size| bytes of data. 209 bool ReadAndCheck(int64_t offset, span<uint8_t> data); 210 bool ReadAtCurrentPosAndCheck(span<uint8_t> data); 211 bool WriteAndCheck(int64_t offset, span<const uint8_t> data); 212 bool WriteAtCurrentPosAndCheck(span<const uint8_t> data); 213 214 // Reads the given number of bytes (or until EOF is reached) starting with the 215 // given offset. Returns the number of bytes read, or -1 on error. Note that 216 // this function makes a best effort to read all data on all platforms, so it 217 // is not intended for stream oriented files but instead for cases when the 218 // normal expectation is that actually |size| bytes are read unless there is 219 // an error. 220 int Read(int64_t offset, char* data, int size); 221 222 // Same as above but without seek. 223 int ReadAtCurrentPos(char* data, int size); 224 225 // Reads the given number of bytes (or until EOF is reached) starting with the 226 // given offset, but does not make any effort to read all data on all 227 // platforms. Returns the number of bytes read, or -1 on error. 228 int ReadNoBestEffort(int64_t offset, char* data, int size); 229 230 // Same as above but without seek. 231 int ReadAtCurrentPosNoBestEffort(char* data, int size); 232 233 // Writes the given buffer into the file at the given offset, overwritting any 234 // data that was previously there. Returns the number of bytes written, or -1 235 // on error. Note that this function makes a best effort to write all data on 236 // all platforms. |data| can be nullptr when |size| is 0. 237 // Ignores the offset and writes to the end of the file if the file was opened 238 // with FLAG_APPEND. 239 int Write(int64_t offset, const char* data, int size); 240 241 // Save as above but without seek. 242 int WriteAtCurrentPos(const char* data, int size); 243 244 // Save as above but does not make any effort to write all data on all 245 // platforms. Returns the number of bytes written, or -1 on error. 246 int WriteAtCurrentPosNoBestEffort(const char* data, int size); 247 248 // Returns the current size of this file, or a negative number on failure. 249 int64_t GetLength(); 250 251 // Truncates the file to the given length. If |length| is greater than the 252 // current size of the file, the file is extended with zeros. If the file 253 // doesn't exist, |false| is returned. 254 bool SetLength(int64_t length); 255 256 // Instructs the filesystem to flush the file to disk. (POSIX: fsync, Windows: 257 // FlushFileBuffers). 258 // Calling Flush() does not guarantee file integrity and thus is not a valid 259 // substitute for file integrity checks and recovery codepaths for malformed 260 // files. It can also be *really* slow, so avoid blocking on Flush(), 261 // especially please don't block shutdown on Flush(). 262 // Latency percentiles of Flush() across all platforms as of July 2016: 263 // 50 % > 5 ms 264 // 10 % > 58 ms 265 // 1 % > 357 ms 266 // 0.1 % > 1.8 seconds 267 // 0.01 % > 7.6 seconds 268 bool Flush(); 269 270 // Updates the file times. 271 bool SetTimes(Time last_access_time, Time last_modified_time); 272 273 // Returns some basic information for the given file. 274 bool GetInfo(Info* info); 275 276 #if !defined(OS_FUCHSIA) // Fuchsia's POSIX API does not support file locking. 277 enum class LockMode { 278 kShared, 279 kExclusive, 280 }; 281 282 // Attempts to take an exclusive write lock on the file. Returns immediately 283 // (i.e. does not wait for another process to unlock the file). If the lock 284 // was obtained, the result will be FILE_OK. A lock only guarantees 285 // that other processes may not also take a lock on the same file with the 286 // same API - it may still be opened, renamed, unlinked, etc. 287 // 288 // Common semantics: 289 // * Locks are held by processes, but not inherited by child processes. 290 // * Locks are released by the OS on file close or process termination. 291 // * Locks are reliable only on local filesystems. 292 // * Duplicated file handles may also write to locked files. 293 // Windows-specific semantics: 294 // * Locks are mandatory for read/write APIs, advisory for mapping APIs. 295 // * Within a process, locking the same file (by the same or new handle) 296 // will fail. 297 // POSIX-specific semantics: 298 // * Locks are advisory only. 299 // * Within a process, locking the same file (by the same or new handle) 300 // will succeed. The new lock replaces the old lock. 301 // * Closing any descriptor on a given file releases the lock. 302 Error Lock(LockMode mode = LockMode::kExclusive); 303 304 // Unlock a file previously locked. 305 Error Unlock(); 306 307 #endif // !defined(OS_FUCHSIA) 308 309 // Returns a new object referencing this file for use within the current 310 // process. Handling of FLAG_DELETE_ON_CLOSE varies by OS. On POSIX, the File 311 // object that was created or initialized with this flag will have unlinked 312 // the underlying file when it was created or opened. On Windows, the 313 // underlying file is deleted when the last handle to it is closed. 314 File Duplicate() const; 315 async()316 bool async() const { return async_; } 317 318 #if defined(OS_WIN) 319 // Sets or clears the DeleteFile disposition on the file. Returns true if 320 // the disposition was set or cleared, as indicated by |delete_on_close|. 321 // 322 // Microsoft Windows deletes a file only when the DeleteFile disposition is 323 // set on a file when the last handle to the last underlying kernel File 324 // object is closed. This disposition is be set by: 325 // - Calling the Win32 DeleteFile function with the path to a file. 326 // - Opening/creating a file with FLAG_DELETE_ON_CLOSE and then closing all 327 // handles to that File object. 328 // - Opening/creating a file with FLAG_CAN_DELETE_ON_CLOSE and subsequently 329 // calling DeleteOnClose(true). 330 // 331 // In all cases, all pre-existing handles to the file must have been opened 332 // with FLAG_SHARE_DELETE. Once the disposition has been set by any of the 333 // above means, no new File objects can be created for the file. 334 // 335 // So: 336 // - Use FLAG_SHARE_DELETE when creating/opening a file to allow another 337 // entity on the system to cause it to be deleted when it is closed. (Note: 338 // another entity can delete the file the moment after it is closed, so not 339 // using this permission doesn't provide any protections.) 340 // - Use FLAG_DELETE_ON_CLOSE for any file that is to be deleted after use. 341 // The OS will ensure it is deleted even in the face of process termination. 342 // Note that it's possible for deletion to be cancelled via another File 343 // object referencing the same file using DeleteOnClose(false) to clear the 344 // DeleteFile disposition after the original File is closed. 345 // - Use FLAG_CAN_DELETE_ON_CLOSE in conjunction with DeleteOnClose() to alter 346 // the DeleteFile disposition on an open handle. This fine-grained control 347 // allows for marking a file for deletion during processing so that it is 348 // deleted in the event of untimely process termination, and then clearing 349 // this state once the file is suitable for persistence. 350 bool DeleteOnClose(bool delete_on_close); 351 #endif 352 353 #if defined(OS_WIN) 354 static Error OSErrorToFileError(DWORD last_error); 355 #elif defined(OS_POSIX) || defined(OS_FUCHSIA) 356 static Error OSErrorToFileError(int saved_errno); 357 #endif 358 359 // Gets the last global error (errno or GetLastError()) and converts it to the 360 // closest base::File::Error equivalent via OSErrorToFileError(). The returned 361 // value is only trustworthy immediately after another base::File method 362 // fails. base::File never resets the global error to zero. 363 static Error GetLastFileError(); 364 365 // Converts an error value to a human-readable form. Used for logging. 366 static std::string ErrorToString(Error error); 367 368 #if defined(OS_POSIX) || defined(OS_FUCHSIA) 369 // Wrapper for stat() or stat64(). 370 static int Stat(const char* path, stat_wrapper_t* sb); 371 static int Fstat(int fd, stat_wrapper_t* sb); 372 static int Lstat(const char* path, stat_wrapper_t* sb); 373 #endif 374 375 private: 376 friend class FileTracing::ScopedTrace; 377 378 // Creates or opens the given file. Only called if |path| has no 379 // traversal ('..') components. 380 void DoInitialize(const FilePath& path, uint32_t flags); 381 382 void SetPlatformFile(PlatformFile file); 383 384 ScopedPlatformFile file_; 385 386 // A path to use for tracing purposes. Set if file tracing is enabled during 387 // |Initialize()|. 388 FilePath tracing_path_; 389 390 // Object tied to the lifetime of |this| that enables/disables tracing. 391 FileTracing::ScopedEnabler trace_enabler_; 392 393 Error error_details_ = FILE_ERROR_FAILED; 394 bool created_ = false; 395 bool async_ = false; 396 397 DISALLOW_COPY_AND_ASSIGN(File); 398 }; 399 400 } // namespace base 401 402 #endif // BASE_FILES_FILE_H_ 403