[PPAPI] Quarantine files that are writeable by a Pepper plugin.

content/common/quarantine/quarantine_mac.mm

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "content/browser/download/quarantine.h"
+#include "content/public/common/quarantine.h"
 
 #import <ApplicationServices/ApplicationServices.h>
 #import <Foundation/Foundation.h>
 
 #include "base/files/file_path.h"
+#include "base/files/file_util.h"
 #include "base/logging.h"
 #include "base/mac/foundation_util.h"
 #include "base/mac/mac_logging.h"
 #include "base/mac/mac_util.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/mac/scoped_nsobject.h"
 #include "base/strings/sys_string_conversions.h"
 #include "base/threading/thread_restrictions.h"
 #include "url/gurl.h"
 
 namespace {
 
 // Once Chrome no longer supports macOS 10.9, this code will no longer be
 // necessary. Note that LSCopyItemAttribute was deprecated in macOS 10.8, but
 // the replacement to kLSItemQuarantineProperties did not exist until macOS
 // 10.10.
 #if !defined(MAC_OS_X_VERSION_10_10) || \
     MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_10
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
 bool GetQuarantinePropertiesDeprecated(
     const base::FilePath& file,
     base::scoped_nsobject<NSMutableDictionary>* properties) {
   const UInt8* path = reinterpret_cast<const UInt8*>(file.value().c_str());
   FSRef file_ref;
   if (FSPathMakeRef(path, &file_ref, nullptr) != noErr)
     return false;
 
   base::ScopedCFTypeRef<CFTypeRef> quarantine_properties;
-  OSStatus status = LSCopyItemAttribute(&file_ref, kLSRolesAll,
-      kLSItemQuarantineProperties, quarantine_properties.InitializeInto());
+  OSStatus status =
+      LSCopyItemAttribute(&file_ref, kLSRolesAll, kLSItemQuarantineProperties,
+                          quarantine_properties.InitializeInto());
   if (status != noErr)
     return true;
 
   CFDictionaryRef quarantine_properties_dict =
       base::mac::CFCast<CFDictionaryRef>(quarantine_properties.get());
   if (!quarantine_properties_dict) {
     LOG(WARNING) << "kLSItemQuarantineProperties is not a dictionary on file "
                  << file.value();
     return false;
   }
 
   properties->reset(
       [base::mac::CFToNSCast(quarantine_properties_dict) mutableCopy]);
   return true;
 }
 
 bool SetQuarantinePropertiesDeprecated(const base::FilePath& file,
                                        NSDictionary* properties) {
   const UInt8* path = reinterpret_cast<const UInt8*>(file.value().c_str());
   FSRef file_ref;
   if (FSPathMakeRef(path, &file_ref, nullptr) != noErr)
     return false;
+
   OSStatus os_error = LSSetItemAttribute(
       &file_ref, kLSRolesAll, kLSItemQuarantineProperties, properties);
   if (os_error != noErr) {
     OSSTATUS_LOG(WARNING, os_error)
         << "Unable to set quarantine attributes on file " << file.value();
     return false;
   }
   return true;
 }
 #pragma clang diagnostic pop
@@ skipping 23 matching lines @@
     return false;
   }
 
   if (!quarantine_properties)
     return true;
 
   NSDictionary* quarantine_properties_dict =
       base::mac::ObjCCast<NSDictionary>(quarantine_properties);
   if (!quarantine_properties_dict) {
     LOG(WARNING) << "Quarantine properties have wrong class: "
-                 << [[[quarantine_properties class] description] UTF8String];
+                 << base::SysNSStringToUTF8(
+                        [[quarantine_properties class] description]);
     return false;
   }
 
   properties->reset([quarantine_properties_dict mutableCopy]);
   return true;
 }
 
 bool SetQuarantineProperties(const base::FilePath& file,
                              NSDictionary* properties) {
   base::scoped_nsobject<NSURL> file_url([[NSURL alloc]
@@ skipping 74 matching lines @@
   }
   if (!md_item_set_attribute_func)
     return false;
 
   NSString* file_path = [NSString stringWithUTF8String:file.value().c_str()];
   if (!file_path)
     return false;
 
   base::ScopedCFTypeRef<MDItemRef> md_item(
       MDItemCreate(NULL, base::mac::NSToCFCast(file_path)));
-  if (!md_item)
+  if (!md_item) {
+    LOG(WARNING) << "MDItemCreate failed for path " << file.value();
     return false;
+  }
 
   // We won't put any more than 2 items into the attribute.
   NSMutableArray* list = [NSMutableArray arrayWithCapacity:2];
 
   // Follow Safari's lead: the first item in the list is the source URL of
   // the downloaded file. If the referrer is known, store that, too.
   NSString* origin_url = [NSString stringWithUTF8String:source.spec().c_str()];
   if (origin_url)
     [list addObject:origin_url];
   NSString* referrer_url =
@@ skipping 37 matching lines @@
     // be quarantined against the user's wishes.
     return true;
   }
 
   // kLSQuarantineAgentNameKey, kLSQuarantineAgentBundleIdentifierKey, and
   // kLSQuarantineTimeStampKey are set for us (see LSQuarantine.h), so we only
   // need to set the values that the OS can't infer.
 
   if (![properties valueForKey:(NSString*)kLSQuarantineTypeKey]) {
     CFStringRef type = source.SchemeIsHTTPOrHTTPS()
-                       ? kLSQuarantineTypeWebDownload
-                       : kLSQuarantineTypeOtherDownload;
+                           ? kLSQuarantineTypeWebDownload
+                           : kLSQuarantineTypeOtherDownload;
     [properties setValue:(NSString*)type
                   forKey:(NSString*)kLSQuarantineTypeKey];
   }
 
   if (![properties valueForKey:(NSString*)kLSQuarantineOriginURLKey] &&
       referrer.is_valid()) {
     NSString* referrer_url =
         [NSString stringWithUTF8String:referrer.spec().c_str()];
     [properties setValue:referrer_url
                   forKey:(NSString*)kLSQuarantineOriginURLKey];
@@ skipping 12 matching lines @@
     return SetQuarantinePropertiesDeprecated(file, properties);
   }
 }
 
 }  // namespace
 
 QuarantineFileResult QuarantineFile(const base::FilePath& file,
                                     const GURL& source_url,
                                     const GURL& referrer_url,
                                     const std::string& client_guid) {
+  if (!base::PathExists(file))
+    return QuarantineFileResult::FILE_MISSING;
+
+  // Don't consider it an error if we fail to add origin metadata.
+  AddOriginMetadataToFile(file, source_url, referrer_url);
   bool quarantine_succeeded =
       AddQuarantineMetadataToFile(file, source_url, referrer_url);
-  bool origin_succeeded =
-      AddOriginMetadataToFile(file, source_url, referrer_url);
-  return quarantine_succeeded && origin_succeeded
-             ? QuarantineFileResult::OK
-             : QuarantineFileResult::ANNOTATION_FAILED;
+  return quarantine_succeeded ? QuarantineFileResult::OK
+                              : QuarantineFileResult::ANNOTATION_FAILED;
+}
+
+bool IsFileQuarantined(const base::FilePath& file,
+                       const GURL& expected_source_url,
+                       const GURL& referrer_url) {
+  base::ThreadRestrictions::AssertIOAllowed();
+
+  if (!base::PathExists(file))
+    return false;
+
+  base::scoped_nsobject<NSMutableDictionary> properties;
+  bool success = false;
+  if (base::mac::IsAtLeastOS10_10()) {
+    success = GetQuarantineProperties(file, &properties);
+  } else {
+    success = GetQuarantinePropertiesDeprecated(file, &properties);
+  }
+
+  if (!success || !properties)
+    return false;
+
+  NSString* source_url =
+      [[properties valueForKey:(NSString*)kLSQuarantineDataURLKey] description];
+
+  if (!expected_source_url.is_valid())
+    return [source_url length] > 0;
+
+  if (![source_url
+          isEqualToString:base::SysUTF8ToNSString(expected_source_url.spec())])
+    return false;
+
+  return !referrer_url.is_valid() ||
+         [[[properties valueForKey:(NSString*)kLSQuarantineOriginURLKey]
+             description]
+             isEqualToString:base::SysUTF8ToNSString(referrer_url.spec())];
 }
 
 }  // namespace content