chrome/browser/download/chrome_download_manager_delegate.cc - Issue 2674973003: Adding a DownloadRestrictions group policy.

Unified Diff: chrome/browser/download/chrome_download_manager_delegate.cc

Issue 2674973003: Adding a DownloadRestrictions group policy. (Closed)

Patch Set: Patch set 5 + rebase Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « chrome/browser/download/chrome_download_manager_delegate.h ('k') | chrome/browser/download/chrome_download_manager_delegate_unittest.cc » ('j') | content/public/browser/download_manager_delegate.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/download/chrome_download_manager_delegate.cc

diff --git a/chrome/browser/download/chrome_download_manager_delegate.cc b/chrome/browser/download/chrome_download_manager_delegate.cc

index ed4157b47e5b02e224b4cfc51ddd8dd01c350957..563b96d33e566ea3cde7e4d23b86593df575d4d8 100644

--- a/chrome/browser/download/chrome_download_manager_delegate.cc

+++ b/chrome/browser/download/chrome_download_manager_delegate.cc

@@ -155,7 +155,12 @@ base::FilePath GetPlatformDownloadPath(Profile* profile,

void CheckDownloadUrlDone(

const DownloadTargetDeterminerDelegate::CheckDownloadUrlCallback& callback,

bool is_content_check_supported,

+ DownloadItem* restricted_download_item,

DownloadProtectionService::DownloadCheckResult result) {

+ // The restricted_download_item is a weak pointer that's only safe to acces on

+ // the UI thread.

+ DCHECK_CURRENTLY_ON(BrowserThread::UI);

content::DownloadDangerType danger_type;

if (result == DownloadProtectionService::SAFE ||

result == DownloadProtectionService::UNKNOWN) {

@@ -172,6 +177,8 @@ void CheckDownloadUrlDone(

danger_type = content::DOWNLOAD_DANGER_TYPE_DANGEROUS_URL;

}

callback.Run(danger_type);

+ // TODO(mad): Find a way to interrupt the download here when

+ // restricted_download_item is not null and danger_type is set to URL.

asanka 2017/02/09 19:25:01 Rather than this, we can move block downloads at t

MAD 2017/02/14 18:15:48 OK, I'll wait for the pending CL before continuing

}

#endif // FULL_SAFE_BROWSING

@@ -347,8 +354,12 @@ bool ChromeDownloadManagerDelegate::IsDownloadReadyForCompletion(

content::DOWNLOAD_DANGER_TYPE_MAYBE_DANGEROUS_CONTENT)) {

DVLOG(2) << __func__

<< "() SB service disabled. Marking download as DANGEROUS FILE";

- item->OnContentCheckCompleted(

- content::DOWNLOAD_DANGER_TYPE_DANGEROUS_FILE);

+ if (ShouldBlockFile(content::DOWNLOAD_DANGER_TYPE_DANGEROUS_FILE)) {

+ item->OnContentCheckCompleted(

+ content::DOWNLOAD_DANGER_TYPE_NOT_DANGEROUS, true /*block_file*/);

+ } else {

+ item->OnContentCheckCompleted(danger_type, false);

asanka 2017/02/09 19:25:01 Yeah, we'll need something like this. The only cha

MAD 2017/02/14 18:15:48 Done.

+ }

UMA_HISTOGRAM_ENUMERATION("Download.DangerousFile.Reason",

SB_NOT_AVAILABLE, DANGEROUS_FILE_REASON_MAX);

content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE,

@@ -551,6 +562,11 @@ ChromeDownloadManagerDelegate::ApplicationClientIdForFileScanning() const {

return std::string(chrome::kApplicationClientIDStringForAVScanning);

}

+bool ChromeDownloadManagerDelegate::ShouldBlockAllDownloads() const {

+ return download_prefs_->download_restriction() ==

+ DownloadPrefs::DOWNLOAD_RESTRICTION_ALL_FILES;

DownloadProtectionService*

ChromeDownloadManagerDelegate::GetDownloadProtectionService() {

DCHECK_CURRENTLY_ON(BrowserThread::UI);

@@ -662,10 +678,15 @@ void ChromeDownloadManagerDelegate::CheckDownloadUrl(

service->IsSupportedDownload(*download, suggested_path);

DVLOG(2) << __func__ << "() Start SB URL check for download = "

<< download->DebugString(false);

- service->CheckDownloadUrl(download,

- base::Bind(&CheckDownloadUrlDone,

- callback,

- is_content_check_supported));

+ DownloadItem* restricted_download_item = nullptr;

+ if (download_prefs_->download_restriction() ==

+ DownloadPrefs::DOWNLOAD_RESTRICTION_POTENTIALLY_DANGEROUS_FILES) {

+ restricted_download_item = download;

+ }

+ service->CheckDownloadUrl(

+ download,

+ base::Bind(&CheckDownloadUrlDone, callback, is_content_check_supported,

+ restricted_download_item));

return;

}

#endif

@@ -736,8 +757,16 @@ void ChromeDownloadManagerDelegate::CheckClientDownloadDone(

DCHECK_NE(danger_type,

content::DOWNLOAD_DANGER_TYPE_MAYBE_DANGEROUS_CONTENT);

- if (danger_type != content::DOWNLOAD_DANGER_TYPE_NOT_DANGEROUS)

- item->OnContentCheckCompleted(danger_type);

+ if (danger_type != content::DOWNLOAD_DANGER_TYPE_NOT_DANGEROUS) {

+ if (ShouldBlockFile(danger_type)) {

+ item->OnContentCheckCompleted(

+ // Specifying a dangerous type here would take precendence over the

+ // blocking of the file.

+ content::DOWNLOAD_DANGER_TYPE_NOT_DANGEROUS, true /*block_file*/);

+ } else {

+ item->OnContentCheckCompleted(danger_type, false /*block_file*/);

+ }

}

SafeBrowsingState* state = static_cast<SafeBrowsingState*>(

@@ -819,3 +848,17 @@ bool ChromeDownloadManagerDelegate::IsOpenInBrowserPreferreredForFile(

#endif

return false;

}

+bool ChromeDownloadManagerDelegate::ShouldBlockFile(

+ content::DownloadDangerType danger_type) const {

+ if (danger_type == content::DOWNLOAD_DANGER_TYPE_NOT_DANGEROUS)

+ return false;

+ DownloadPrefs::DOWNLOAD_RESTRICTION download_restriction =

+ download_prefs_->download_restriction();

+ return (download_restriction ==

+ DownloadPrefs::DOWNLOAD_RESTRICTION_DANGEROUS_FILES &&

+ danger_type == content::DOWNLOAD_DANGER_TYPE_DANGEROUS_CONTENT) ||

+ (download_restriction ==

+ DownloadPrefs::DOWNLOAD_RESTRICTION_POTENTIALLY_DANGEROUS_FILES);