123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227 |
- # Disables file download quarantining
- --- a/content/browser/renderer_host/pepper/pepper_file_io_host.cc
- +++ b/content/browser/renderer_host/pepper/pepper_file_io_host.cc
- @@ -432,7 +432,7 @@ void PepperFileIOHost::OnLocalFileOpened
- ppapi::host::ReplyMessageContext reply_context,
- const base::FilePath& path,
- base::File::Error error_code) {
- -#if defined(OS_WIN) || defined(OS_LINUX)
- +#if 0
- // Quarantining a file before its contents are available is only supported on
- // Windows and Linux.
- if (!FileOpenForWrite(open_flags_) || error_code != base::File::FILE_OK) {
- @@ -452,7 +452,7 @@ void PepperFileIOHost::OnLocalFileOpened
- #endif
- }
-
- -#if defined(OS_WIN) || defined(OS_LINUX)
- +#if 0
- void PepperFileIOHost::OnLocalFileQuarantined(
- ppapi::host::ReplyMessageContext reply_context,
- const base::FilePath& path,
- --- a/content/browser/renderer_host/pepper/pepper_file_io_host.h
- +++ b/content/browser/renderer_host/pepper/pepper_file_io_host.h
- @@ -15,7 +15,6 @@
- #include "base/macros.h"
- #include "base/memory/ref_counted.h"
- #include "base/memory/weak_ptr.h"
- -#include "components/download/quarantine/quarantine.h"
- #include "content/browser/renderer_host/pepper/browser_ppapi_host_impl.h"
- #include "ipc/ipc_listener.h"
- #include "ipc/ipc_platform_file.h"
- @@ -92,10 +91,6 @@ class PepperFileIOHost : public ppapi::h
- const base::FilePath& path,
- base::File::Error error_code);
-
- - void OnLocalFileQuarantined(ppapi::host::ReplyMessageContext reply_context,
- - const base::FilePath& path,
- - download::QuarantineFileResult quarantine_result);
- -
- void SendFileOpenReply(ppapi::host::ReplyMessageContext reply_context,
- base::File::Error error_code);
-
- --- a/content/browser/BUILD.gn
- +++ b/content/browser/BUILD.gn
- @@ -52,7 +52,6 @@ jumbo_source_set("browser") {
- "//components/discardable_memory/service",
- "//components/download/database",
- "//components/download/public/common:public",
- - "//components/download/quarantine",
- "//components/filename_generation",
- "//components/link_header_util",
- "//components/metrics",
- --- a/components/download/internal/common/base_file.cc
- +++ b/components/download/internal/common/base_file.cc
- @@ -23,7 +23,6 @@
- #include "components/download/public/common/download_interrupt_reasons_utils.h"
- #include "components/download/public/common/download_item.h"
- #include "components/download/public/common/download_stats.h"
- -#include "components/download/quarantine/quarantine.h"
- #include "crypto/secure_hash.h"
- #include "services/service_manager/public/cpp/connector.h"
-
- @@ -523,129 +522,12 @@ DownloadInterruptReason BaseFile::Publis
- }
- #endif // defined(OS_ANDROID)
-
- -namespace {
- -
- -DownloadInterruptReason QuarantineFileResultToReason(
- - quarantine::mojom::QuarantineFileResult result) {
- - switch (result) {
- - case quarantine::mojom::QuarantineFileResult::OK:
- - return DOWNLOAD_INTERRUPT_REASON_NONE;
- - case quarantine::mojom::QuarantineFileResult::VIRUS_INFECTED:
- - return DOWNLOAD_INTERRUPT_REASON_FILE_VIRUS_INFECTED;
- - case quarantine::mojom::QuarantineFileResult::SECURITY_CHECK_FAILED:
- - return DOWNLOAD_INTERRUPT_REASON_FILE_SECURITY_CHECK_FAILED;
- - case quarantine::mojom::QuarantineFileResult::BLOCKED_BY_POLICY:
- - return DOWNLOAD_INTERRUPT_REASON_FILE_BLOCKED;
- - case quarantine::mojom::QuarantineFileResult::ACCESS_DENIED:
- - return DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED;
- -
- - case quarantine::mojom::QuarantineFileResult::FILE_MISSING:
- - // Don't have a good interrupt reason here. This return code means that
- - // the file at |full_path_| went missing before QuarantineFile got to
- - // look at it. Not expected to happen, but we've seen instances where a
- - // file goes missing immediately after BaseFile closes the handle.
- - //
- - // Intentionally using a different error message than
- - // SECURITY_CHECK_FAILED in order to distinguish the two.
- - return DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
- -
- - case quarantine::mojom::QuarantineFileResult::ANNOTATION_FAILED:
- - // This means that the mark-of-the-web couldn't be applied. The file is
- - // already on the file system under its final target name.
- - //
- - // Causes of failed annotations typically aren't transient. E.g. the
- - // target file system may not support extended attributes or alternate
- - // streams. We are going to allow these downloads to progress on the
- - // assumption that failures to apply MOTW can't reliably be introduced
- - // remotely.
- - return DOWNLOAD_INTERRUPT_REASON_NONE;
- - }
- - return DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
- -}
- -
- -// Given a source and a referrer, determines the "safest" URL that can be used
- -// to determine the authority of the download source. Returns an empty URL if no
- -// HTTP/S URL can be determined for the <|source_url|, |referrer_url|> pair.
- -GURL GetEffectiveAuthorityURL(const GURL& source_url,
- - const GURL& referrer_url) {
- - if (source_url.is_valid()) {
- - // http{,s} has an authority and are supported.
- - if (source_url.SchemeIsHTTPOrHTTPS())
- - return source_url;
- -
- - // If the download source is file:// ideally we should copy the MOTW from
- - // the original file, but given that Chrome/Chromium places strict
- - // restrictions on which schemes can reference file:// URLs, this code is
- - // going to assume that at this point it's okay to treat this download as
- - // being from the local system.
- - if (source_url.SchemeIsFile())
- - return source_url;
- -
- - // ftp:// has an authority.
- - if (source_url.SchemeIs(url::kFtpScheme))
- - return source_url;
- - }
- -
- - if (referrer_url.is_valid() && referrer_url.SchemeIsHTTPOrHTTPS())
- - return referrer_url;
- -
- - return GURL();
- -}
- -
- -} // namespace
- -
- -#if defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX)
- -
- -DownloadInterruptReason BaseFile::AnnotateWithSourceInformationSync(
- - const std::string& client_guid,
- - const GURL& source_url,
- - const GURL& referrer_url) {
- - DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
- - DCHECK(!detached_);
- - DCHECK(!full_path_.empty());
- -
- - CONDITIONAL_TRACE(BEGIN0("download", "DownloadFileAnnotate"));
- - QuarantineFileResult result = QuarantineFile(
- - full_path_, GetEffectiveAuthorityURL(source_url, referrer_url),
- - referrer_url, client_guid);
- - CONDITIONAL_TRACE(END0("download", "DownloadFileAnnotate"));
- -
- - return QuarantineFileResultToReason(result);
- -}
- -#else // !OS_WIN && !OS_MACOSX && !OS_LINUX
- DownloadInterruptReason BaseFile::AnnotateWithSourceInformationSync(
- const std::string& client_guid,
- const GURL& source_url,
- const GURL& referrer_url) {
- return DOWNLOAD_INTERRUPT_REASON_NONE;
- }
- -#endif
- -
- -void BaseFile::OnFileQuarantined(
- - bool connection_error,
- - quarantine::mojom::QuarantineFileResult result) {
- - base::UmaHistogramBoolean("Download.QuarantineService.ConnectionError",
- - connection_error);
- -
- - DCHECK(on_annotation_done_callback_);
- - quarantine_service_.reset();
- - std::move(on_annotation_done_callback_)
- - .Run(QuarantineFileResultToReason(result));
- -}
- -
- -void BaseFile::OnQuarantineServiceError(const GURL& source_url,
- - const GURL& referrer_url) {
- -#if defined(OS_WIN)
- - if (base::FeatureList::IsEnabled(quarantine::kOutOfProcessQuarantine)) {
- - OnFileQuarantined(/*connection_error=*/true,
- - quarantine::SetInternetZoneIdentifierDirectly(
- - full_path_, source_url, referrer_url));
- - return;
- - }
- -#endif // defined(OS_WIN)
- -
- - CHECK(false) << "In-process quarantine service should not have failed.";
- -}
-
- void BaseFile::AnnotateWithSourceInformation(
- const std::string& client_guid,
- @@ -653,31 +535,8 @@ void BaseFile::AnnotateWithSourceInforma
- const GURL& referrer_url,
- std::unique_ptr<service_manager::Connector> connector,
- OnAnnotationDoneCallback on_annotation_done_callback) {
- - GURL authority_url = GetEffectiveAuthorityURL(source_url, referrer_url);
- - if (!connector) {
- -#if defined(OS_WIN)
- - QuarantineFileResult result = quarantine::SetInternetZoneIdentifierDirectly(
- - full_path_, authority_url, referrer_url);
- -#else
- - QuarantineFileResult result = QuarantineFileResult::ANNOTATION_FAILED;
- -#endif
- - std::move(on_annotation_done_callback)
- - .Run(QuarantineFileResultToReason(result));
- - } else {
- - connector->BindInterface(quarantine::mojom::kServiceName,
- - mojo::MakeRequest(&quarantine_service_));
- -
- - on_annotation_done_callback_ = std::move(on_annotation_done_callback);
- -
- - quarantine_service_.set_connection_error_handler(base::BindOnce(
- - &BaseFile::OnQuarantineServiceError, weak_factory_.GetWeakPtr(),
- - authority_url, referrer_url));
- -
- - quarantine_service_->QuarantineFile(
- - full_path_, authority_url, referrer_url, client_guid,
- - base::BindOnce(&BaseFile::OnFileQuarantined, weak_factory_.GetWeakPtr(),
- - false));
- - }
- + std::move(on_annotation_done_callback)
- + .Run(DOWNLOAD_INTERRUPT_REASON_NONE);
- }
-
- } // namespace download
|