[PPAPI] Quarantine files that are writeable by a Pepper plugin.

content/browser/download/quarantine.h

-// Copyright 2016 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CONTENT_BROWSER_DOWNLOAD_QUARANTINE_H_
-#define CONTENT_BROWSER_DOWNLOAD_QUARANTINE_H_
-
-#include <string>
-
-#include "content/common/content_export.h"
-
-class GURL;
-
-namespace base {
-class FilePath;
-}
-
-namespace content {
-
-// Return value for QuarantineFile.
-enum class QuarantineFileResult {
-  OK,             // Success.
-  ACCESS_DENIED,  // Access to the file was denied. The safety of the file could
-                  // not be determined.
-  BLOCKED_BY_POLICY,  // Downloads from |source_url| are not allowed by policy.
-                      // The file has been deleted.
-  ANNOTATION_FAILED,  // Unable to write the mark-of-the-web or otherwise
-                      // annotate the file as being downloaded from
-                      // |source_url|.
-  FILE_MISSING,       // |file| does not name a valid file.
-  SECURITY_CHECK_FAILED,  // An unknown error occurred while checking |file|.
-                          // The file may have been deleted.
-  VIRUS_INFECTED  // |file| was found to be infected by a virus and was deleted.
-};
-
-// Quarantine a file that was downloaded from the internet.
-//
-// Ensures that |file| is handled as safely as possible given that it was
-// downloaded from |source_url|. The details of how a downloaded file is handled
-// are platform dependent. Please refer to the individual quarantine_<os>
-// implementation.
-//
-// This function should be called for all files downloaded from the internet and
-// placed in a manner discoverable by the user, or exposed to an external
-// application. Furthermore, it should be called:
-//
-// * **AFTER** all the data has been written to the file. On Windows, registered
-//   anti-virus products will be invoked for scanning the contents of the file.
-//   Hence it's important to have the final contents of the file be available at
-//   the point at which this function is called.
-//
-//   Exception: Zero-length files will be handled solely on the basis of the
-//   |source_url| and the file type. This exception accommodates situations
-//   where the file contents cannot be determined before it is made visible to
-//   an external application.
-//
-// * **AFTER** the file has been renamed to its final name. The file type is
-//   significant and is derived from the filename.
-//
-// * **BEFORE** the file is made visible to an external application or the user.
-//   Security checks and mark-of-the-web annotations must be made prior to
-//   exposing the file externally.
-//
-// Note that it is possible for this method to take a long time to complete
-// (several seconds or more). In addition to blocking during this time, this
-// delay also introduces a window during which a browser shutdown may leave the
-// downloaded file unannotated.
-//
-// Parameters:
-//   |file| : Final name of the file.
-//   |source_url|: URL from which the file content was downloaded.
-//   |referrer_url|: Referring URL.
-//   |client_guid|: Only used on Windows. Identifies the client application
-//     that downloaded the file.
-CONTENT_EXPORT QuarantineFileResult
-QuarantineFile(const base::FilePath& file,
-               const GURL& source_url,
-               const GURL& referrer_url,
-               const std::string& client_guid);
-
-}  // namespace content
-
-#endif  // CONTENT_BROWSER_DOWNLOAD_QUARANTINE_H_