Make SafeBrowsingDatabase's PrefixSets only updatable by swapping a new one in.

chrome/browser/safe_browsing/safe_browsing_database.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/safe_browsing_database.h"
 
 #include <algorithm>
 #include <iterator>
 
 #include "base/bind.h"
@@ skipping 678 matching lines @@
   // This method is theoretically thread-safe but document that it is currently
   // only expected to be called on the IO thread.
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
 
   return PrefixSetContainsUrl(
       url, &unwanted_software_prefix_set_, prefix_hits, cache_hits);
 }
 
 bool SafeBrowsingDatabaseNew::PrefixSetContainsUrl(
     const GURL& url,
-    scoped_ptr<safe_browsing::PrefixSet>* prefix_set_getter,
+    scoped_ptr<const safe_browsing::PrefixSet>* prefix_set_getter,
     std::vector<SBPrefix>* prefix_hits,
     std::vector<SBFullHashResult>* cache_hits) {
   // This method is theoretically thread-safe but document that it is currently
   // only expected to be called on the IO thread.
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
 
   // Clear the results first.
   prefix_hits->clear();
   cache_hits->clear();
 
   std::vector<SBFullHash> full_hashes;
   UrlToFullHashes(url, false, &full_hashes);
   if (full_hashes.empty())
     return false;
 
   return PrefixSetContainsUrlHashes(
       full_hashes, prefix_set_getter, prefix_hits, cache_hits);
 }
 
 bool SafeBrowsingDatabaseNew::ContainsBrowseUrlHashesForTesting(
     const std::vector<SBFullHash>& full_hashes,
     std::vector<SBPrefix>* prefix_hits,
     std::vector<SBFullHashResult>* cache_hits) {
   return PrefixSetContainsUrlHashes(
       full_hashes, &browse_prefix_set_, prefix_hits, cache_hits);
 }
 
 bool SafeBrowsingDatabaseNew::PrefixSetContainsUrlHashes(
     const std::vector<SBFullHash>& full_hashes,
-    scoped_ptr<safe_browsing::PrefixSet>* prefix_set_getter,
+    scoped_ptr<const safe_browsing::PrefixSet>* prefix_set_getter,
     std::vector<SBPrefix>* prefix_hits,
     std::vector<SBFullHashResult>* cache_hits) {
   // This method is theoretically thread-safe but document that it is currently
   // only expected to be called on the IO thread.
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
 
   // Used to determine cache expiration.
   const base::Time now = base::Time::Now();
 
   base::AutoLock locked(lookup_lock_);
 
   // |prefix_set| is empty until it is either read from disk, or the first
   // update populates it.  Bail out without a hit if not yet available.
   // |prefix_set_getter| can only be accessed while holding |lookup_lock_| hence
   // why it is passed as a parameter rather than passing the |prefix_set|
   // directly.
-  safe_browsing::PrefixSet* prefix_set = prefix_set_getter->get();
+  const safe_browsing::PrefixSet* prefix_set = prefix_set_getter->get();
   if (!prefix_set)
     return false;
 
   for (size_t i = 0; i < full_hashes.size(); ++i) {
     if (!GetCachedFullHash(
             &prefix_gethash_cache_, full_hashes[i], now, cache_hits)) {
       // No valid cached result, check the database.
       if (prefix_set->Exists(full_hashes[i]))
         prefix_hits->push_back(full_hashes[i].prefix);
     }
@@ skipping 566 matching lines @@
 #if defined(OS_MACOSX)
   base::mac::SetFileBackupExclusion(store_filename);
 #endif
 
   return GetFileSizeOrZero(store_filename);
 }
 
 void SafeBrowsingDatabaseNew::UpdatePrefixSetUrlStore(
     const base::FilePath& db_filename,
     SafeBrowsingStore* url_store,
-    scoped_ptr<safe_browsing::PrefixSet>* prefix_set,
+    scoped_ptr<const safe_browsing::PrefixSet>* prefix_set,
     FailureType finish_failure_type,
     FailureType write_failure_type) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   // Measure the amount of IO during the filter build.
   base::IoCounters io_before, io_after;
   base::ProcessHandle handle = base::GetCurrentProcessHandle();
   scoped_ptr<base::ProcessMetrics> metric(
 #if !defined(OS_MACOSX)
       base::ProcessMetrics::CreateProcessMetrics(handle)
@@ skipping 18 matching lines @@
   if (!url_store->FinishUpdate(&builder, &add_full_hashes)) {
     RecordFailure(finish_failure_type);
     return;
   }
 
   std::vector<SBFullHash> full_hash_results;
   for (size_t i = 0; i < add_full_hashes.size(); ++i) {
     full_hash_results.push_back(add_full_hashes[i].full_hash);
   }
 
-  scoped_ptr<safe_browsing::PrefixSet> new_prefix_set(
+  scoped_ptr<const safe_browsing::PrefixSet> new_prefix_set(
       builder.GetPrefixSet(full_hash_results));
 
   // Swap in the newly built filter.
   {
     base::AutoLock locked(lookup_lock_);
     prefix_set->swap(new_prefix_set);
   }
 
   UMA_HISTOGRAM_LONG_TIMES("SB2.BuildFilter", base::TimeTicks::Now() - before);
 
   // Persist the prefix set to disk. Note: there is no need to lock since the
   // only write to |*prefix_set| is on this thread (in the swap() above).
-  // TODO(gab): Strengthen this requirement by design (const pointers) rather
-  // than assumptions.
   WritePrefixSet(db_filename, prefix_set->get(), write_failure_type);
 
   // Gather statistics.
   if (got_counters && metric->GetIOCounters(&io_after)) {
     UMA_HISTOGRAM_COUNTS("SB2.BuildReadKilobytes",
                          static_cast<int>(io_after.ReadTransferCount -
                                           io_before.ReadTransferCount) / 1024);
     UMA_HISTOGRAM_COUNTS("SB2.BuildWriteKilobytes",
                          static_cast<int>(io_after.WriteTransferCount -
                                           io_before.WriteTransferCount) / 1024);
@@ skipping 18 matching lines @@
   DCHECK(thread_checker_.CalledOnValidThread());
 
   safe_browsing::PrefixSetBuilder builder;
   std::vector<SBAddFullHash> add_full_hashes_result;
 
   if (!side_effect_free_whitelist_store_->FinishUpdate(
           &builder, &add_full_hashes_result)) {
     RecordFailure(FAILURE_SIDE_EFFECT_FREE_WHITELIST_UPDATE_FINISH);
     return;
   }
-  scoped_ptr<safe_browsing::PrefixSet>
-      prefix_set(builder.GetPrefixSetNoHashes());
+  scoped_ptr<const safe_browsing::PrefixSet> new_prefix_set(
+      builder.GetPrefixSetNoHashes());
 
   // Swap in the newly built prefix set.
   {
     base::AutoLock locked(lookup_lock_);
-    side_effect_free_whitelist_prefix_set_.swap(prefix_set);
+    side_effect_free_whitelist_prefix_set_.swap(new_prefix_set);
   }
 
   const base::FilePath side_effect_free_whitelist_filename =
       SideEffectFreeWhitelistDBFilename(filename_base_);
   const base::FilePath side_effect_free_whitelist_prefix_set_filename =
       PrefixSetForFilename(side_effect_free_whitelist_filename);
   const base::TimeTicks before = base::TimeTicks::Now();
   const bool write_ok = side_effect_free_whitelist_prefix_set_->WriteFile(
       side_effect_free_whitelist_prefix_set_filename);
   UMA_HISTOGRAM_TIMES("SB2.SideEffectFreePrefixSetWrite",
@@ skipping 62 matching lines @@
   // only happen once.  If you are here because you are hitting this after a
   // restart, then I would be very interested in working with you to figure out
   // what is happening, since it may affect real users.
   DLOG(FATAL) << "SafeBrowsing database was corrupt and reset";
 }
 
 // TODO(shess): I'm not clear why this code doesn't have any
 // real error-handling.
 void SafeBrowsingDatabaseNew::LoadPrefixSet(
     const base::FilePath& db_filename,
-    scoped_ptr<safe_browsing::PrefixSet>* prefix_set,
+    scoped_ptr<const safe_browsing::PrefixSet>* prefix_set,
     FailureType read_failure_type) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   if (!prefix_set)
     return;
 
   DCHECK(!filename_base_.empty());
 
   const base::FilePath prefix_set_filename = PrefixSetForFilename(db_filename);
 
@@ skipping 90 matching lines @@
   const bool r11 =
       base::DeleteFile(UnwantedSoftwareDBFilename(filename_base_), false);
   if (!r11)
     RecordFailure(FAILURE_UNWANTED_SOFTWARE_PREFIX_SET_DELETE);
 
   return r1 && r2 && r3 && r4 && r5 && r6 && r7 && r8 && r9 && r10 && r11;
 }
 
 void SafeBrowsingDatabaseNew::WritePrefixSet(
     const base::FilePath& db_filename,
-    safe_browsing::PrefixSet* prefix_set,
+    const safe_browsing::PrefixSet* prefix_set,
     FailureType write_failure_type) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   if (!prefix_set)
     return;
 
   const base::FilePath prefix_set_filename = PrefixSetForFilename(db_filename);
 
   const base::TimeTicks before = base::TimeTicks::Now();
   const bool write_ok = prefix_set->WriteFile(prefix_set_filename);
@@ skipping 100 matching lines @@
   return ContainsWhitelistedHashes(csd_whitelist_, full_hashes);
 }
 
 bool SafeBrowsingDatabaseNew::IsCsdWhitelistKillSwitchOn() {
   // This method is theoretically thread-safe but document that it is currently
   // only expected to be called on the IO thread.
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
 
   return csd_whitelist_.second;
 }