Prototype of Files service.
Defines two important interfaces, Directory and File. Provides a basic,
single-threaded implementation of the latter (with a few omissions), an
extremely incomplete implementation of the former (more complete
implementation to follow soon, with tests), and a root Files
interface/application.
Limitations:
* Directory isn't really implemented.
* Makes no security guarantees -- i.e., definitely insecure (doesn't
prevent path traversal "out of" a "file system").
* Not implemented: file streaming (read/write), file mapping, file
re-opening.
* Various other flags not implemented (e.g., recursive delete).
* Theoretical implementation: many things as yet totally untested.
* Single-threaded. Should be easy enough to move to a thread pool (but
note that operations still need to be sequenced within each
"object"/message pipe).
* Still not specified (but definitely desired): directory streaming.
* Still need more error codes.
* Still needs more comments and documentation.
Changes over previous iterations:
* Temporarily removed most of (totally untested) Directory
implementation.
* "file manager" -> "files".
* Introduced a Timespec struct (and nanosecond resolution).
* Turned persistent, shared "user" directory into a "debug" directory.
* Various other requested features added/changes made.
Open questions:
* There's some duplication between Directory and File (e.g., they both
have Stat()). Perhaps it'd be more POSIX-y to combine them?
* Semantics for "chroot"-type operations and "re-open" operations.
* (Lots of thinking with respect to security in general.)
R=qsr@chromium.org
Review URL: https://codereview.chromium.org/875643004
diff --git a/services/files/util.h b/services/files/util.h
new file mode 100644
index 0000000..324781d
--- /dev/null
+++ b/services/files/util.h
@@ -0,0 +1,55 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SERVICES_FILES_UTIL_H_
+#define SERVICES_FILES_UTIL_H_
+
+#include "services/files/types.mojom.h"
+
+namespace mojo {
+
+class String;
+
+namespace files {
+
+// Validation functions (typically used to check arguments; they return
+// |ERROR_OK| if valid, else the standard/recommended error for the validation
+// error):
+
+// Checks if |path|, which must be non-null, is (looks like) a valid (relative)
+// path. (On failure, returns |ERROR_INVALID_ARGUMENT| if |path| is not UTF-8,
+// or |ERROR_PERMISSION_DENIED| if it is not relative.)
+Error IsPathValid(const String& path);
+
+// Checks if |whence| is a valid (known) |Whence| value. (On failure, returns
+// |ERROR_UNIMPLEMENTED|.)
+Error IsWhenceValid(Whence whence);
+
+// Checks if |offset| is a valid file offset (from some point); this is
+// implementation-dependent (typically checking if |offset| fits in an |off_t|).
+// (On failure, returns |ERROR_OUT_OF_RANGE|.)
+Error IsOffsetValid(int64_t offset);
+
+// Conversion functions:
+
+// Converts a standard errno value (|E...|) to an |Error| value.
+Error ErrnoToError(int errno_value);
+
+// Converts a |Whence| value to a standard whence value (|SEEK_...|).
+int WhenceToStandardWhence(Whence whence);
+
+// Converts a |Timespec| to a |struct timespec|. If |in| is null, |out->tv_nsec|
+// is set to |UTIME_OMIT|.
+Error TimespecToStandardTimespec(const Timespec* in, struct timespec* out);
+
+// Converts a |TimespecOrNow| to a |struct timespec|. If |in| is null,
+// |out->tv_nsec| is set to |UTIME_OMIT|; if |in->now| is set, |out->tv_nsec| is
+// set to |UTIME_NOW|.
+Error TimespecOrNowToStandardTimespec(const TimespecOrNow* in,
+ struct timespec* out);
+
+} // namespace files
+} // namespace mojo
+
+#endif // SERVICES_FILES_UTIL_H_
