# Disables file download quarantining
Index: chromium-128.0.6613.119/components/download/internal/common/base_file.cc
===================================================================
--- chromium-128.0.6613.119.orig/components/download/internal/common/base_file.cc
+++ chromium-128.0.6613.119/components/download/internal/common/base_file.cc
@@ -23,7 +23,6 @@
#include "components/download/public/common/download_interrupt_reasons_utils.h"
#include "components/download/public/common/download_item.h"
#include "components/download/public/common/download_stats.h"
-#include "components/services/quarantine/quarantine.h"
#include "crypto/secure_hash.h"
#if BUILDFLAG(IS_ANDROID)
@@ -526,94 +525,10 @@ DownloadInterruptReason BaseFile::Publis
}
#endif // BUILDFLAG(IS_ANDROID)
-namespace {
-
-DownloadInterruptReason QuarantineFileResultToReason(
- quarantine::mojom::QuarantineFileResult result) {
- switch (result) {
- case quarantine::mojom::QuarantineFileResult::OK:
- return DOWNLOAD_INTERRUPT_REASON_NONE;
- case quarantine::mojom::QuarantineFileResult::VIRUS_INFECTED:
- return DOWNLOAD_INTERRUPT_REASON_FILE_VIRUS_INFECTED;
- case quarantine::mojom::QuarantineFileResult::SECURITY_CHECK_FAILED:
- return DOWNLOAD_INTERRUPT_REASON_FILE_SECURITY_CHECK_FAILED;
- case quarantine::mojom::QuarantineFileResult::BLOCKED_BY_POLICY:
- return DOWNLOAD_INTERRUPT_REASON_FILE_BLOCKED;
- case quarantine::mojom::QuarantineFileResult::ACCESS_DENIED:
- return DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED;
-
- case quarantine::mojom::QuarantineFileResult::FILE_MISSING:
- // Don't have a good interrupt reason here. This return code means that
- // the file at |full_path_| went missing before QuarantineFile got to
- // look at it. Not expected to happen, but we've seen instances where a
- // file goes missing immediately after BaseFile closes the handle.
- //
- // Intentionally using a different error message than
- // SECURITY_CHECK_FAILED in order to distinguish the two.
- return DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
-
- case quarantine::mojom::QuarantineFileResult::ANNOTATION_FAILED:
- // This means that the mark-of-the-web couldn't be applied. The file is
- // already on the file system under its final target name.
- //
- // Causes of failed annotations typically aren't transient. E.g. the
- // target file system may not support extended attributes or alternate
- // streams. We are going to allow these downloads to progress on the
- // assumption that failures to apply MOTW can't reliably be introduced
- // remotely.
- return DOWNLOAD_INTERRUPT_REASON_NONE;
- }
- return DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
-}
-
-} // namespace
-
// static
GURL BaseFile::GetEffectiveAuthorityURL(const GURL& source_url,
const GURL& referrer_url) {
- if (source_url.is_valid()) {
- // http{,s} has an authority and are supported.
- if (source_url.SchemeIsHTTPOrHTTPS())
- return source_url;
-
- // If the download source is file:// ideally we should copy the MOTW from
- // the original file, but given that Chrome/Chromium places strict
- // restrictions on which schemes can reference file:// URLs, this code is
- // going to assume that at this point it's okay to treat this download as
- // being from the local system.
- if (source_url.SchemeIsFile())
return source_url;
-
- // ftp:// has an authority.
- if (source_url.SchemeIs(url::kFtpScheme))
- return source_url;
-
- if (source_url.SchemeIs(url::kBlobScheme))
- return url::Origin::Create(source_url).GetURL();
- }
-
- if (referrer_url.is_valid() && referrer_url.SchemeIsHTTPOrHTTPS())
- return referrer_url;
-
- return GURL();
-}
-
-void BaseFile::OnFileQuarantined(
- quarantine::mojom::QuarantineFileResult result) {
- DCHECK(on_annotation_done_callback_);
- quarantine_service_.reset();
- std::move(on_annotation_done_callback_)
- .Run(QuarantineFileResultToReason(result));
-}
-
-void BaseFile::OnQuarantineServiceError(const GURL& source_url,
- const GURL& referrer_url) {
-#if BUILDFLAG(IS_WIN)
- OnFileQuarantined(quarantine::SetInternetZoneIdentifierDirectly(
- full_path_, source_url, referrer_url));
-#else // !BUILDFLAG(IS_WIN)
- CHECK(false) << "In-process quarantine service should not have failed.";
-#endif // !BUILDFLAG(IS_WIN)
}
void BaseFile::AnnotateWithSourceInformation(
@@ -622,32 +537,8 @@ void BaseFile::AnnotateWithSourceInforma
const GURL& referrer_url,
mojo::PendingRemote<quarantine::mojom::Quarantine> remote_quarantine,
OnAnnotationDoneCallback on_annotation_done_callback) {
- GURL authority_url = GetEffectiveAuthorityURL(source_url, referrer_url);
- if (!remote_quarantine) {
-#if BUILDFLAG(IS_WIN)
- quarantine::mojom::QuarantineFileResult result =
- quarantine::SetInternetZoneIdentifierDirectly(full_path_, authority_url,
- referrer_url);
-#else
- quarantine::mojom::QuarantineFileResult result =
- quarantine::mojom::QuarantineFileResult::ANNOTATION_FAILED;
-#endif
- std::move(on_annotation_done_callback)
- .Run(QuarantineFileResultToReason(result));
- } else {
- quarantine_service_.Bind(std::move(remote_quarantine));
-
- on_annotation_done_callback_ = std::move(on_annotation_done_callback);
-
- quarantine_service_.set_disconnect_handler(base::BindOnce(
- &BaseFile::OnQuarantineServiceError, weak_factory_.GetWeakPtr(),
- authority_url, referrer_url));
-
- quarantine_service_->QuarantineFile(
- full_path_, authority_url, referrer_url, client_guid,
- base::BindOnce(&BaseFile::OnFileQuarantined,
- weak_factory_.GetWeakPtr()));
- }
+ std::move(on_annotation_done_callback)
+ .Run(DOWNLOAD_INTERRUPT_REASON_NONE);
}
} // namespace download
Index: chromium-128.0.6613.119/content/browser/BUILD.gn
===================================================================
--- chromium-128.0.6613.119.orig/content/browser/BUILD.gn
+++ chromium-128.0.6613.119/content/browser/BUILD.gn
@@ -114,7 +114,6 @@ source_set("browser") {
"//components/payments/mojom",
"//components/power_monitor",
"//components/services/filesystem:lib",
- "//components/services/quarantine:quarantine",
"//components/services/storage",
"//components/services/storage:filesystem_proxy_factory",
"//components/services/storage/dom_storage:local_storage_proto",
Index: chromium-128.0.6613.119/content/browser/file_system_access/file_system_access_safe_move_helper.cc
===================================================================
--- chromium-128.0.6613.119.orig/content/browser/file_system_access/file_system_access_safe_move_helper.cc
+++ chromium-128.0.6613.119/content/browser/file_system_access/file_system_access_safe_move_helper.cc
@@ -14,7 +14,6 @@
#include "base/thread_annotations.h"
#include "build/build_config.h"
#include "build/chromeos_buildflags.h"
-#include "components/services/quarantine/quarantine.h"
#include "content/browser/file_system_access/features.h"
#include "content/browser/file_system_access/file_system_access_error.h"
#include "content/public/browser/content_browser_client.h"
@@ -230,22 +229,9 @@ void FileSystemAccessSafeMoveHelper::Did
// not exist anymore. In case of error, the source file URL will point to a
// valid filesystem location.
base::OnceCallback<void(base::File::Error)> result_callback;
- if (RequireQuarantine()) {
- GURL referrer_url = manager_->is_off_the_record() ? GURL() : context_.url;
- mojo::Remote<quarantine::mojom::Quarantine> quarantine_remote;
- if (quarantine_connection_callback_) {
- quarantine_connection_callback_.Run(
- quarantine_remote.BindNewPipeAndPassReceiver());
- }
- result_callback =
- base::BindOnce(&FileSystemAccessSafeMoveHelper::DidFileDoQuarantine,
- weak_factory_.GetWeakPtr(), dest_url(), referrer_url,
- std::move(quarantine_remote));
- } else {
result_callback =
base::BindOnce(&FileSystemAccessSafeMoveHelper::DidFileSkipQuarantine,
weak_factory_.GetWeakPtr());
- }
manager_->DoFileSystemOperation(
FROM_HERE, &storage::FileSystemOperationRunner::Move,
std::move(result_callback), source_url(), dest_url(), options_,
@@ -262,7 +248,6 @@ void FileSystemAccessSafeMoveHelper::Did
void FileSystemAccessSafeMoveHelper::DidFileDoQuarantine(
const storage::FileSystemURL& target_url,
const GURL& referrer_url,
- mojo::Remote<quarantine::mojom::Quarantine> quarantine_remote,
base::File::Error result) {
DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
@@ -293,37 +278,9 @@ void FileSystemAccessSafeMoveHelper::Did
referrer_url.is_valid() && referrer_url.SchemeIsHTTPOrHTTPS()
? referrer_url
: GURL();
-
- if (quarantine_remote) {
- quarantine::mojom::Quarantine* raw_quarantine = quarantine_remote.get();
- raw_quarantine->QuarantineFile(
- target_url.path(), authority_url, referrer_url,
- GetContentClient()
- ->browser()
- ->GetApplicationClientGUIDForQuarantineCheck(),
- mojo::WrapCallbackWithDefaultInvokeIfNotRun(
- base::BindOnce(&FileSystemAccessSafeMoveHelper::DidAnnotateFile,
- weak_factory_.GetWeakPtr(),
- std::move(quarantine_remote)),
- quarantine::mojom::QuarantineFileResult::ANNOTATION_FAILED));
- } else {
-#if BUILDFLAG(IS_WIN)
- base::ThreadPool::PostTaskAndReplyWithResult(
- FROM_HERE, {base::MayBlock()},
- base::BindOnce(&quarantine::SetInternetZoneIdentifierDirectly,
- target_url.path(), authority_url, referrer_url),
- base::BindOnce(&FileSystemAccessSafeMoveHelper::DidAnnotateFile,
- weak_factory_.GetWeakPtr(),
- std::move(quarantine_remote)));
-#else
- DidAnnotateFile(std::move(quarantine_remote),
- quarantine::mojom::QuarantineFileResult::ANNOTATION_FAILED);
-#endif
- }
}
void FileSystemAccessSafeMoveHelper::DidAnnotateFile(
- mojo::Remote<quarantine::mojom::Quarantine> quarantine_remote,
quarantine::mojom::QuarantineFileResult result) {
DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
Index: chromium-128.0.6613.119/content/browser/file_system_access/file_system_access_safe_move_helper.h
===================================================================
--- chromium-128.0.6613.119.orig/content/browser/file_system_access/file_system_access_safe_move_helper.h
+++ chromium-128.0.6613.119/content/browser/file_system_access/file_system_access_safe_move_helper.h
@@ -66,10 +66,8 @@ class CONTENT_EXPORT FileSystemAccessSaf
void DidFileDoQuarantine(
const storage::FileSystemURL& target_url,
const GURL& referrer_url,
- mojo::Remote<quarantine::mojom::Quarantine> quarantine_remote,
base::File::Error result);
void DidAnnotateFile(
- mojo::Remote<quarantine::mojom::Quarantine> quarantine_remote,
quarantine::mojom::QuarantineFileResult result);
void ComputeHashForSourceFile(HashCallback callback);
Index: chromium-128.0.6613.119/content/browser/renderer_host/pepper/pepper_file_io_host.cc
===================================================================
--- chromium-128.0.6613.119.orig/content/browser/renderer_host/pepper/pepper_file_io_host.cc
+++ chromium-128.0.6613.119/content/browser/renderer_host/pepper/pepper_file_io_host.cc
@@ -462,7 +462,7 @@ void PepperFileIOHost::OnLocalFileOpened
ppapi::host::ReplyMessageContext reply_context,
const base::FilePath& path,
base::File::Error error_code) {
-#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
+#if 0
// Quarantining a file before its contents are available is only supported on
// Windows and Linux.
if (!FileOpenForWrite(open_flags_) || error_code != base::File::FILE_OK) {
@@ -496,7 +496,7 @@ void PepperFileIOHost::OnLocalFileOpened
#endif
}
-#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
+#if 0
void PepperFileIOHost::OnLocalFileQuarantined(
ppapi::host::ReplyMessageContext reply_context,
const base::FilePath& path,
Index: chromium-128.0.6613.119/content/browser/renderer_host/pepper/pepper_file_io_host.h
===================================================================
--- chromium-128.0.6613.119.orig/content/browser/renderer_host/pepper/pepper_file_io_host.h
+++ chromium-128.0.6613.119/content/browser/renderer_host/pepper/pepper_file_io_host.h
@@ -14,7 +14,6 @@
#include "base/memory/raw_ptr.h"
#include "base/memory/ref_counted.h"
#include "base/memory/weak_ptr.h"
-#include "components/services/quarantine/public/mojom/quarantine.mojom.h"
#include "content/browser/renderer_host/pepper/browser_ppapi_host_impl.h"
#include "ipc/ipc_listener.h"
#include "ipc/ipc_platform_file.h"
@@ -93,12 +92,6 @@ class PepperFileIOHost final : public pp
const base::FilePath& path,
base::File::Error error_code);
- void OnLocalFileQuarantined(
- ppapi::host::ReplyMessageContext reply_context,
- const base::FilePath& path,
- mojo::Remote<quarantine::mojom::Quarantine> quarantine_remote,
- quarantine::mojom::QuarantineFileResult quarantine_result);
-
void SendFileOpenReply(ppapi::host::ReplyMessageContext reply_context,
base::File::Error error_code);