Adding a DownloadRestrictions group policy.

chrome/browser/download/chrome_download_manager_delegate.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/download/chrome_download_manager_delegate.h"
 
 #include <string>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
@@ skipping 137 matching lines @@
 // |callback| is invoked with a danger type determined as follows:
 //
 // Danger type is (in order of preference):
 //   * DANGEROUS_URL, if the URL is a known malware site.
 //   * MAYBE_DANGEROUS_CONTENT, if the content will be scanned for
 //         malware. I.e. |is_content_check_supported| is true.
 //   * NOT_DANGEROUS.
 void CheckDownloadUrlDone(
     const DownloadTargetDeterminerDelegate::CheckDownloadUrlCallback& callback,
     bool is_content_check_supported,
+    DownloadItem* restricted_download_item,
     DownloadProtectionService::DownloadCheckResult result) {
+  // The restricted_download_item is a weak pointer that's only safe to acces on
+  // the UI thread.
+  DCHECK_CURRENTLY_ON(BrowserThread::UI);
+
   content::DownloadDangerType danger_type;
   if (result == DownloadProtectionService::SAFE ||
       result == DownloadProtectionService::UNKNOWN) {
     // If this type of files is handled by the enhanced SafeBrowsing download
     // protection, mark it as potentially dangerous content until we are done
     // with scanning it.
     if (is_content_check_supported)
       danger_type = content::DOWNLOAD_DANGER_TYPE_MAYBE_DANGEROUS_CONTENT;
     else
       danger_type = content::DOWNLOAD_DANGER_TYPE_NOT_DANGEROUS;
   } else {
     // If the URL is malicious, we'll use that as the danger type. The results
     // of the content check, if one is performed, will be ignored.
     danger_type = content::DOWNLOAD_DANGER_TYPE_DANGEROUS_URL;
   }
   callback.Run(danger_type);
+  // TODO(mad): Find a way to interrupt the download here when
+  // restricted_download_item is not null and danger_type is set to URL.

[asanka, 2017/02/09 19:25:01]

Rather than this, we can move block downloads at the DownloadTargetDeterminer
layer. That way we can factor in the download source and danger level as known
at the start of the download.

Another thing we should roll into this is to check with
IAttachmentExecute::CheckPolicy so that we can block downloads that are going to
be blocked anyway by Windows upon completion
(https://msdn.microsoft.com/en-us/library/windows/desktop/bb776294(v=vs.85).aspx).
This can also done in DownloadTargetDeterminer .

Currently DownloadTargetDeterminer can't mark a download as "blocked", but
that's being addressed in the pending CL.

[MAD, 2017/02/14 18:15:48]

OK, I'll wait for the pending CL before continuing on this.

 }
 
 #endif  // FULL_SAFE_BROWSING
 
 // Called asynchronously to determine the MIME type for |path|.
 std::string GetMimeType(const base::FilePath& path) {
   std::string mime_type;
   net::GetMimeTypeFromFile(path, &mime_type);
   return mime_type;
 }
@@ skipping 155 matching lines @@
     // In case the service was disabled between the download starting and now,
     // we need to restore the danger state.
     content::DownloadDangerType danger_type = item->GetDangerType();
     if (DownloadItemModel(item).GetDangerLevel() !=
             DownloadFileType::NOT_DANGEROUS &&
         (danger_type == content::DOWNLOAD_DANGER_TYPE_NOT_DANGEROUS ||
          danger_type ==
              content::DOWNLOAD_DANGER_TYPE_MAYBE_DANGEROUS_CONTENT)) {
       DVLOG(2) << __func__
                << "() SB service disabled. Marking download as DANGEROUS FILE";
-      item->OnContentCheckCompleted(
-          content::DOWNLOAD_DANGER_TYPE_DANGEROUS_FILE);
+      if (ShouldBlockFile(content::DOWNLOAD_DANGER_TYPE_DANGEROUS_FILE)) {
+        item->OnContentCheckCompleted(
+            content::DOWNLOAD_DANGER_TYPE_NOT_DANGEROUS, true /*block_file*/);
+      } else {
+        item->OnContentCheckCompleted(danger_type, false);

[asanka, 2017/02/09 19:25:01]

Yeah, we'll need something like this. The only change I could think of was to
use an interrupt reason instead of a boolean.

[MAD, 2017/02/14 18:15:48]

Done.

+      }
       UMA_HISTOGRAM_ENUMERATION("Download.DangerousFile.Reason",
                                 SB_NOT_AVAILABLE, DANGEROUS_FILE_REASON_MAX);
       content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE,
                                        internal_complete_callback);
       return false;
     }
   } else if (!state->is_complete()) {
     // Don't complete the download until we have an answer.
     state->set_callback(internal_complete_callback);
     return false;
@@ skipping 182 matching lines @@
       FROM_HERE,
       base::Bind(&base::PathExists, download->GetTargetFilePath()),
       callback);
 }
 
 std::string
 ChromeDownloadManagerDelegate::ApplicationClientIdForFileScanning() const {
   return std::string(chrome::kApplicationClientIDStringForAVScanning);
 }
 
+bool ChromeDownloadManagerDelegate::ShouldBlockAllDownloads() const {
+  return download_prefs_->download_restriction() ==
+         DownloadPrefs::DOWNLOAD_RESTRICTION_ALL_FILES;
+}
+
 DownloadProtectionService*
     ChromeDownloadManagerDelegate::GetDownloadProtectionService() {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
 #if defined(FULL_SAFE_BROWSING)
   safe_browsing::SafeBrowsingService* sb_service =
       g_browser_process->safe_browsing_service();
   if (sb_service && sb_service->download_protection_service() &&
       profile_->GetPrefs()->GetBoolean(prefs::kSafeBrowsingEnabled)) {
     return sb_service->download_protection_service();
   }
@@ skipping 91 matching lines @@
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
 
 #if defined(FULL_SAFE_BROWSING)
   safe_browsing::DownloadProtectionService* service =
       GetDownloadProtectionService();
   if (service) {
     bool is_content_check_supported =
         service->IsSupportedDownload(*download, suggested_path);
     DVLOG(2) << __func__ << "() Start SB URL check for download = "
              << download->DebugString(false);
-    service->CheckDownloadUrl(download,
-                              base::Bind(&CheckDownloadUrlDone,
-                                         callback,
-                                         is_content_check_supported));
+    DownloadItem* restricted_download_item = nullptr;
+    if (download_prefs_->download_restriction() ==
+        DownloadPrefs::DOWNLOAD_RESTRICTION_POTENTIALLY_DANGEROUS_FILES) {
+      restricted_download_item = download;
+    }
+    service->CheckDownloadUrl(
+        download,
+        base::Bind(&CheckDownloadUrlDone, callback, is_content_check_supported,
+                   restricted_download_item));
     return;
   }
 #endif
   callback.Run(content::DOWNLOAD_DANGER_TYPE_NOT_DANGEROUS);
 }
 
 void ChromeDownloadManagerDelegate::GetFileMimeType(
     const base::FilePath& path,
     const GetFileMimeTypeCallback& callback) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
@@ skipping 50 matching lines @@
       case DownloadProtectionService::DANGEROUS_HOST:
         danger_type = content::DOWNLOAD_DANGER_TYPE_DANGEROUS_HOST;
         break;
       case DownloadProtectionService::POTENTIALLY_UNWANTED:
         danger_type = content::DOWNLOAD_DANGER_TYPE_POTENTIALLY_UNWANTED;
         break;
     }
     DCHECK_NE(danger_type,
               content::DOWNLOAD_DANGER_TYPE_MAYBE_DANGEROUS_CONTENT);
 
-    if (danger_type != content::DOWNLOAD_DANGER_TYPE_NOT_DANGEROUS)
-      item->OnContentCheckCompleted(danger_type);
+    if (danger_type != content::DOWNLOAD_DANGER_TYPE_NOT_DANGEROUS) {
+      if (ShouldBlockFile(danger_type)) {
+        item->OnContentCheckCompleted(
+            // Specifying a dangerous type here would take precendence over the
+            // blocking of the file.
+            content::DOWNLOAD_DANGER_TYPE_NOT_DANGEROUS, true /*block_file*/);
+      } else {
+        item->OnContentCheckCompleted(danger_type, false /*block_file*/);
+      }
+    }
   }
 
   SafeBrowsingState* state = static_cast<SafeBrowsingState*>(
       item->GetUserData(&kSafeBrowsingUserDataKey));
   state->CompleteDownload();
 }
 #endif  // FULL_SAFE_BROWSING
 
 // content::NotificationObserver implementation.
 void ChromeDownloadManagerDelegate::Observe(
@@ skipping 61 matching lines @@
       path.MatchesExtension(FILE_PATH_LITERAL(".xht")) ||
       path.MatchesExtension(FILE_PATH_LITERAL(".xhtm")) ||
       path.MatchesExtension(FILE_PATH_LITERAL(".xhtml")) ||
       path.MatchesExtension(FILE_PATH_LITERAL(".xsl")) ||
       path.MatchesExtension(FILE_PATH_LITERAL(".xslt"))) {
     return true;
   }
 #endif
   return false;
 }
+
+bool ChromeDownloadManagerDelegate::ShouldBlockFile(
+    content::DownloadDangerType danger_type) const {
+  if (danger_type == content::DOWNLOAD_DANGER_TYPE_NOT_DANGEROUS)
+    return false;
+
+  DownloadPrefs::DOWNLOAD_RESTRICTION download_restriction =
+      download_prefs_->download_restriction();
+  return (download_restriction ==
+              DownloadPrefs::DOWNLOAD_RESTRICTION_DANGEROUS_FILES &&
+          danger_type == content::DOWNLOAD_DANGER_TYPE_DANGEROUS_CONTENT) ||
+         (download_restriction ==
+          DownloadPrefs::DOWNLOAD_RESTRICTION_POTENTIALLY_DANGEROUS_FILES);
+}