| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/download/quarantine.h" | 5 #include "content/public/common/quarantine.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <sys/types.h> | 8 #include <sys/types.h> |
| 9 #include <sys/xattr.h> | 9 #include <sys/xattr.h> |
| 10 | 10 |
| 11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
| 12 #include "base/files/file_util.h" | 12 #include "base/files/file_util.h" |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/threading/thread_restrictions.h" | 14 #include "base/threading/thread_restrictions.h" |
| 15 #include "content/browser/download/quarantine_constants_linux.h" | 15 #include "content/common/quarantine/quarantine_constants_linux.h" |
| 16 #include "url/gurl.h" | 16 #include "url/gurl.h" |
| 17 | 17 |
| 18 namespace content { | 18 namespace content { |
| 19 | 19 |
| 20 const char kSourceURLExtendedAttrName[] = "user.xdg.origin.url"; | 20 const char kSourceURLExtendedAttrName[] = "user.xdg.origin.url"; |
| 21 const char kReferrerURLExtendedAttrName[] = "user.xdg.referrer.url"; | 21 const char kReferrerURLExtendedAttrName[] = "user.xdg.referrer.url"; |
| 22 | 22 |
| 23 namespace { | 23 namespace { |
| 24 | 24 |
| 25 bool SetExtendedFileAttribute(const char* path, | 25 bool SetExtendedFileAttribute(const char* path, |
| 26 const char* name, | 26 const char* name, |
| 27 const char* value, | 27 const char* value, |
| 28 size_t value_size, | 28 size_t value_size, |
| 29 int flags) { | 29 int flags) { |
| 30 base::ThreadRestrictions::AssertIOAllowed(); | 30 base::ThreadRestrictions::AssertIOAllowed(); |
| 31 int result = setxattr(path, name, value, value_size, flags); | 31 int result = setxattr(path, name, value, value_size, flags); |
| 32 if (result) { | 32 if (result) { |
| 33 DPLOG(ERROR) << "Could not set extended attribute " << name << " on file " | 33 DPLOG(ERROR) << "Could not set extended attribute " << name << " on file " |
| 34 << path; | 34 << path; |
| 35 return false; | 35 return false; |
| 36 } | 36 } |
| 37 return true; | 37 return true; |
| 38 } | 38 } |
| 39 | 39 |
| 40 std::string GetExtendedFileAttribute(const char* path, const char* name) { |
| 41 base::ThreadRestrictions::AssertIOAllowed(); |
| 42 ssize_t len = getxattr(path, name, nullptr, 0); |
| 43 if (len <= 0) |
| 44 return std::string(); |
| 45 |
| 46 std::vector<char> buffer(len); |
| 47 len = getxattr(path, name, buffer.data(), buffer.size()); |
| 48 if (len < static_cast<ssize_t>(buffer.size())) |
| 49 return std::string(); |
| 50 return std::string(buffer.begin(), buffer.end()); |
| 51 } |
| 52 |
| 40 } // namespace | 53 } // namespace |
| 41 | 54 |
| 42 QuarantineFileResult QuarantineFile(const base::FilePath& file, | 55 QuarantineFileResult QuarantineFile(const base::FilePath& file, |
| 43 const GURL& source_url, | 56 const GURL& source_url, |
| 44 const GURL& referrer_url, | 57 const GURL& referrer_url, |
| 45 const std::string& client_guid) { | 58 const std::string& client_guid) { |
| 46 DCHECK(base::PathIsWritable(file)); | 59 DCHECK(base::PathIsWritable(file)); |
| 47 | 60 |
| 48 bool source_succeeded = | 61 bool source_succeeded = |
| 49 source_url.is_valid() && | 62 source_url.is_valid() && |
| 50 SetExtendedFileAttribute(file.value().c_str(), kSourceURLExtendedAttrName, | 63 SetExtendedFileAttribute(file.value().c_str(), kSourceURLExtendedAttrName, |
| 51 source_url.spec().c_str(), | 64 source_url.spec().c_str(), |
| 52 source_url.spec().length(), 0); | 65 source_url.spec().length(), 0); |
| 53 | 66 |
| 54 // Referrer being empty is not considered an error. This could happen if the | 67 // Referrer being empty is not considered an error. This could happen if the |
| 55 // referrer policy resulted in an empty referrer for the download request. | 68 // referrer policy resulted in an empty referrer for the download request. |
| 56 bool referrer_succeeded = | 69 bool referrer_succeeded = |
| 57 !referrer_url.is_valid() || | 70 !referrer_url.is_valid() || |
| 58 SetExtendedFileAttribute( | 71 SetExtendedFileAttribute( |
| 59 file.value().c_str(), kReferrerURLExtendedAttrName, | 72 file.value().c_str(), kReferrerURLExtendedAttrName, |
| 60 referrer_url.spec().c_str(), referrer_url.spec().length(), 0); | 73 referrer_url.spec().c_str(), referrer_url.spec().length(), 0); |
| 61 return source_succeeded && referrer_succeeded | 74 return source_succeeded && referrer_succeeded |
| 62 ? QuarantineFileResult::OK | 75 ? QuarantineFileResult::OK |
| 63 : QuarantineFileResult::ANNOTATION_FAILED; | 76 : QuarantineFileResult::ANNOTATION_FAILED; |
| 64 } | 77 } |
| 65 | 78 |
| 79 bool IsFileQuarantined(const base::FilePath& file, |
| 80 const GURL& source_url, |
| 81 const GURL& referrer_url) { |
| 82 if (!base::PathExists(file)) |
| 83 return false; |
| 84 |
| 85 std::string url_value = GetExtendedFileAttribute(file.value().c_str(), |
| 86 kSourceURLExtendedAttrName); |
| 87 if (source_url.is_empty()) |
| 88 return !url_value.empty(); |
| 89 |
| 90 if (source_url != GURL(url_value)) |
| 91 return false; |
| 92 |
| 93 return !referrer_url.is_valid() || |
| 94 GURL(GetExtendedFileAttribute(file.value().c_str(), |
| 95 kReferrerURLExtendedAttrName)) == |
| 96 referrer_url; |
| 97 } |
| 98 |
| 66 } // namespace content | 99 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2124373002:
[PPAPI] Quarantine files that are writeable by a Pepper plugin. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@consolidate-file-metadata