Index: chrome/common/safe_browsing/download_file_types.proto |
diff --git a/chrome/common/safe_browsing/download_file_types.proto b/chrome/common/safe_browsing/download_file_types.proto |
new file mode 100644 |
index 0000000000000000000000000000000000000000..5c851be89741471068599c0a1a49d8f4568b9ac9 |
--- /dev/null |
+++ b/chrome/common/safe_browsing/download_file_types.proto |
@@ -0,0 +1,118 @@ |
+// Copyright 2016 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+// |
+syntax = "proto2"; |
+ |
+option optimize_for = LITE_RUNTIME; |
+ |
+package safe_browsing; |
+ |
+// Next id: 5 |
+message DownloadFileType { |
+ // The file extension, without a dot. |
+ // This must be unique within one DownloadFileTypeConfig |
+ optional string extension = 1; // required |
+ |
+ // Must be unique and not reused, and be consistent with |
+ // SBClientDownloadExtensions enum in histograms.xml |
+ optional int64 uma_value = 2; // required |
+ |
+ // True if is an archive type. |
+ optional bool is_archive = 3; // required |
+ |
+ |
+ enum DownloadDangerLevel { |
asanka
2016/04/06 02:12:30
Nit: The /Download/ prefixes aren't strictly neces
Nathan Parker
2016/04/11 20:12:07
Good call, done.
|
+ // Safe. Or at least not known to be dangerous. Safe to |
+ // download and open, even if the download was accidental. |
+ NOT_DANGEROUS = 0; |
+ |
+ // Require confirmation before downloading. An additional user |
+ // gesture may not be required if the download was from a |
+ // familiar site and the download was initiated via a user |
+ // action. |
+ ALLOW_ON_USER_GESTURE = 1; |
+ |
+ // Always require confirmation when downloading. |
+ DANGEROUS = 2; |
+ } |
+ |
+ enum DownloadAutoOpenHint { |
+ // File type can be opened automatically. |
+ ALLOW_AUTO_OPEN = 1; |
+ |
+ // The file type should not be allowed to open automatically. |
+ // |
+ // Criteria for disallowing a file type from opening automatically: |
+ // |
+ // Includes file types that upon opening may either: |
+ // * ... execute arbitrary or harmful code with user privileges. |
+ // * ... change configuration of the system to cause harmful behavior |
+ // immediately or at some time in the future. |
+ // |
+ // Doesn't include file types that upon opening: |
+ // * ... sufficiently warn the user about the fact that: |
+ // - This file was downloaded from the Internet. |
+ // - Opening it can make specified changes to the system. |
+ // (Note that any such warnings need to be displayed prior to |
+ // the harmful logic being executed). |
+ // * ... does nothing particularly dangerous, despite the act |
+ // of downloading itself being dangerous (E.g. .local and |
+ // .manifest files). |
+ DISALLOW_AUTO_OPEN = 2; |
+ } |
+ |
+ enum PlatformType { |
+ ALL = 0; |
asanka
2016/04/06 02:12:31
This is exposed as DownloadFileType::ALL? Perhaps
Nathan Parker
2016/04/11 20:12:07
I renamed it to PLATFORM_ANY since that's actually
|
+ PLATFORM_ANDROID = 1; |
+ PLATFORM_CHROME_OS = 2; |
+ PLATFORM_LINUX = 3; |
+ PLATFORM_MAC = 4; |
+ PLATFORM_WINDOWS = 5; |
+ } |
+ |
+ enum PingSetting { |
+ // Don’t send pings except maybe light-pings. |
+ TREAT_AS_UNKNOWN = 0; |
+ // Don’t send any pings. |
+ NO_PING = 1; |
+ // Send full pings and use the verdicts. |
+ SEND_FULL_PING = 2; |
+ // Send full pings and but ignore the SAFE verdict. |
+ SEND_FULL_PING_IGNORE_SAFE = 3; |
+ } |
+ |
+ // Next id: 5 |
+ message PlatformSettings { |
+ optional PlatformType platform = 1; |
+ optional DownloadDangerLevel danger_level = 2; // required |
+ optional DownloadAutoOpenHint auto_open_hint = 3; // required |
+ optional PingSetting ping_setting = 4; // required |
+ }; |
+ |
+ // In the canonical list, this must have at least one entry and it can |
+ // have platform=ALL to act as the default for any OS not listed. In |
+ // the files served via gstatic, each _<OS>.pb file will have only its |
+ // own single entry, with |platform| not populated. |
asanka
2016/04/06 02:12:31
As far as maintainability goes, would it be easier
Nathan Parker
2016/04/11 20:12:07
My plan was to have one asciipb file, but then we
asanka
2016/04/11 20:45:02
SGTM. I had misunderstood what we were going to st
|
+ repeated PlatformSettings platform_settings = 4; // required >= 1 |
+}; |
+ |
+ |
+// The file_types.asciipb config file is composed of one of these messages. |
+// Next id: 5 |
+message DownloadFileTypeConfig { |
+ // Monotonically increasing version number. Will be logged to UMA. |
+ optional uint32 version_id = 1; |
+ |
+ // For what fraction of extended-reporting users’ downloads |
+ // with unknown extensions should we send light-pings? |
+ // [0..1] |
+ optional float light_ping_probability = 2; |
+ |
+ // List of all known types. |
+ repeated DownloadFileType file_type = 3; |
asanka
2016/04/06 02:12:31
Nit: style guide says this should be called "file_
Nathan Parker
2016/04/11 20:12:07
Done.
|
+ |
+ // Settings used if a file is not in the above list. “Extension” is ignored. |
+ optional DownloadFileType default_file_type = 4; |
+} |
+ |