1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/browser/download/base_file.h"
12 #include "base/file_util.h"
13 #include "base/guid.h"
14 #include "base/metrics/histogram.h"
15 #include "base/strings/utf_string_conversions.h"
16 #include "base/threading/thread_restrictions.h"
17 #include "content/browser/download/download_interrupt_reasons_impl.h"
18 #include "content/browser/download/download_stats.h"
19 #include "content/browser/safe_util_win.h"
20 #include "content/public/browser/browser_thread.h"
25 const int kAllSpecialShFileOperationCodes[] = {
26 // Should be kept in sync with the case statement below.
55 // Maps the result of a call to |SHFileOperation()| onto a
56 // |DownloadInterruptReason|.
58 // These return codes are *old* (as in, DOS era), and specific to
59 // |SHFileOperation()|.
60 // They do not appear in any windows header.
62 // See http://msdn.microsoft.com/en-us/library/bb762164(VS.85).aspx.
63 DownloadInterruptReason MapShFileOperationCodes(int code) {
64 DownloadInterruptReason result = DOWNLOAD_INTERRUPT_REASON_NONE;
66 // Check these pre-Win32 error codes first, then check for matches
68 // This switch statement should be kept in sync with the list of codes
71 // Not a pre-Win32 error code; here so that this particular
72 // case shows up in our histograms. This is redundant with the
73 // mapping function net::MapSystemError used later.
74 case ERROR_ACCESS_DENIED: // Access is denied.
75 result = DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED;
78 // The source and destination files are the same file.
79 // DE_SAMEFILE == 0x71
81 result = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
84 // The operation was canceled by the user, or silently canceled if the
85 // appropriate flags were supplied to SHFileOperation.
86 // DE_OPCANCELLED == 0x75
88 result = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
91 // Security settings denied access to the source.
92 // DE_ACCESSDENIEDSRC == 0x78
94 result = DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED;
97 // The source or destination path exceeded or would exceed MAX_PATH.
98 // DE_PATHTOODEEP == 0x79
100 result = DOWNLOAD_INTERRUPT_REASON_FILE_NAME_TOO_LONG;
103 // The path in the source or destination or both was invalid.
104 // DE_INVALIDFILES == 0x7C
106 result = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
109 // The destination path is an existing file.
110 // DE_FLDDESTISFILE == 0x7E
112 result = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
115 // The destination path is an existing folder.
116 // DE_FILEDESTISFLD == 0x80
118 result = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
121 // The name of the file exceeds MAX_PATH.
122 // DE_FILENAMETOOLONG == 0x81
124 result = DOWNLOAD_INTERRUPT_REASON_FILE_NAME_TOO_LONG;
127 // The destination is a read-only CD-ROM, possibly unformatted.
128 // DE_DEST_IS_CDROM == 0x82
130 result = DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED;
133 // The destination is a read-only DVD, possibly unformatted.
134 // DE_DEST_IS_DVD == 0x83
136 result = DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED;
139 // The destination is a writable CD-ROM, possibly unformatted.
140 // DE_DEST_IS_CDRECORD == 0x84
142 result = DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED;
145 // The file involved in the operation is too large for the destination
146 // media or file system.
147 // DE_FILE_TOO_LARGE == 0x85
149 result = DOWNLOAD_INTERRUPT_REASON_FILE_TOO_LARGE;
152 // The source is a read-only CD-ROM, possibly unformatted.
153 // DE_SRC_IS_CDROM == 0x86
155 result = DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED;
158 // The source is a read-only DVD, possibly unformatted.
159 // DE_SRC_IS_DVD == 0x87
161 result = DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED;
164 // The source is a writable CD-ROM, possibly unformatted.
165 // DE_SRC_IS_CDRECORD == 0x88
167 result = DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED;
170 // MAX_PATH was exceeded during the operation.
171 // DE_ERROR_MAX == 0xB7
173 result = DOWNLOAD_INTERRUPT_REASON_FILE_NAME_TOO_LONG;
176 // An unspecified error occurred on the destination.
177 // XE_ERRORONDEST == 0x10000
179 result = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
182 // Multiple file paths were specified in the source buffer, but only one
183 // destination file path.
184 // DE_MANYSRC1DEST == 0x72
186 result = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
189 // Rename operation was specified but the destination path is
190 // a different directory. Use the move operation instead.
191 // DE_DIFFDIR == 0x73
193 result = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
196 // The source is a root directory, which cannot be moved or renamed.
197 // DE_ROOTDIR == 0x74
199 result = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
202 // The destination is a subtree of the source.
203 // DE_DESTSUBTREE == 0x76
205 result = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
208 // The operation involved multiple destination paths,
209 // which can fail in the case of a move operation.
210 // DE_MANYDEST == 0x7A
212 result = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
215 // The source and destination have the same parent folder.
216 // DE_DESTSAMETREE == 0x7D
218 result = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
221 // An unknown error occurred. This is typically due to an invalid path in
222 // the source or destination. This error does not occur on Windows Vista
224 // DE_UNKNOWN_ERROR == 0x402
226 result = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
229 // Destination is a root directory and cannot be renamed.
230 // DE_ROOTDIR | ERRORONDEST == 0x10074
232 result = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
236 // Narrow down on the reason we're getting some catch-all interrupt reasons.
237 if (result == DOWNLOAD_INTERRUPT_REASON_FILE_FAILED) {
238 UMA_HISTOGRAM_CUSTOM_ENUMERATION(
239 "Download.MapWinShErrorFileFailed", code,
240 base::CustomHistogram::ArrayToCustomRanges(
241 kAllSpecialShFileOperationCodes,
242 arraysize(kAllSpecialShFileOperationCodes)));
245 if (result == DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED) {
246 UMA_HISTOGRAM_CUSTOM_ENUMERATION(
247 "Download.MapWinShErrorAccessDenied", code,
248 base::CustomHistogram::ArrayToCustomRanges(
249 kAllSpecialShFileOperationCodes,
250 arraysize(kAllSpecialShFileOperationCodes)));
253 if (result != DOWNLOAD_INTERRUPT_REASON_NONE)
256 // If not one of the above codes, it should be a standard Windows error code.
257 return ConvertNetErrorToInterruptReason(
258 net::MapSystemError(code), DOWNLOAD_INTERRUPT_FROM_DISK);
261 // Maps a return code from ScanAndSaveDownloadedFile() to a
262 // DownloadInterruptReason. The return code in |result| is usually from the
263 // final IAttachmentExecute::Save() call.
264 DownloadInterruptReason MapScanAndSaveErrorCodeToInterruptReason(
266 if (SUCCEEDED(result))
267 return DOWNLOAD_INTERRUPT_REASON_NONE;
270 case INET_E_SECURITY_PROBLEM: // 0x800c000e
271 // This is returned if the download was blocked due to security
272 // restrictions. E.g. if the source URL was in the Restricted Sites zone
273 // and downloads are blocked on that zone, then the download would be
274 // deleted and this error code is returned.
275 return DOWNLOAD_INTERRUPT_REASON_FILE_BLOCKED;
277 case E_FAIL: // 0x80004005
278 // Returned if an anti-virus product reports an infection in the
279 // downloaded file during IAE::Save().
280 return DOWNLOAD_INTERRUPT_REASON_FILE_VIRUS_INFECTED;
283 // Any other error that occurs during IAttachmentExecute::Save() likely
284 // indicates a problem with the security check, but not necessarily the
285 // download. See http://crbug.com/153212.
286 return DOWNLOAD_INTERRUPT_REASON_FILE_SECURITY_CHECK_FAILED;
292 // Renames a file using the SHFileOperation API to ensure that the target file
293 // gets the correct default security descriptor in the new path.
294 // Returns a network error, or net::OK for success.
295 DownloadInterruptReason BaseFile::MoveFileAndAdjustPermissions(
296 const base::FilePath& new_path) {
297 base::ThreadRestrictions::AssertIOAllowed();
299 // The parameters to SHFileOperation must be terminated with 2 NULL chars.
300 base::FilePath::StringType source = full_path_.value();
301 base::FilePath::StringType target = new_path.value();
303 source.append(1, L'\0');
304 target.append(1, L'\0');
306 SHFILEOPSTRUCT move_info = {0};
307 move_info.wFunc = FO_MOVE;
308 move_info.pFrom = source.c_str();
309 move_info.pTo = target.c_str();
310 move_info.fFlags = FOF_SILENT | FOF_NOCONFIRMATION | FOF_NOERRORUI |
311 FOF_NOCONFIRMMKDIR | FOF_NOCOPYSECURITYATTRIBS;
313 int result = SHFileOperation(&move_info);
314 DownloadInterruptReason interrupt_reason = DOWNLOAD_INTERRUPT_REASON_NONE;
316 if (result == 0 && move_info.fAnyOperationsAborted)
317 interrupt_reason = DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
318 else if (result != 0)
319 interrupt_reason = MapShFileOperationCodes(result);
321 if (interrupt_reason != DOWNLOAD_INTERRUPT_REASON_NONE)
322 return LogInterruptReason("SHFileOperation", result, interrupt_reason);
323 return interrupt_reason;
326 DownloadInterruptReason BaseFile::AnnotateWithSourceInformation() {
327 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE));
330 bound_net_log_.BeginEvent(net::NetLog::TYPE_DOWNLOAD_FILE_ANNOTATED);
331 DownloadInterruptReason result = DOWNLOAD_INTERRUPT_REASON_NONE;
332 std::string braces_guid = "{" + client_guid_ + "}";
333 GUID guid = GUID_NULL;
334 if (base::IsValidGUID(client_guid_)) {
335 HRESULT hr = CLSIDFromString(
336 base::UTF8ToUTF16(braces_guid).c_str(), &guid);
341 HRESULT hr = AVScanFile(full_path_, source_url_.spec(), guid);
343 // If the download file is missing after the call, then treat this as an
344 // interrupted download.
346 // If the ScanAndSaveDownloadedFile() call failed, but the downloaded file is
347 // still around, then don't interrupt the download. Attachment Execution
348 // Services deletes the submitted file if the downloaded file is blocked by
349 // policy or if it was found to be infected.
351 // If the file is still there, then the error could be due to AES not being
352 // available or some other error during the AES invocation. In either case,
353 // we don't surface the error to the user.
354 if (!base::PathExists(full_path_)) {
356 result = MapScanAndSaveErrorCodeToInterruptReason(hr);
357 if (result == DOWNLOAD_INTERRUPT_REASON_NONE) {
358 RecordDownloadCount(FILE_MISSING_AFTER_SUCCESSFUL_SCAN_COUNT);
359 result = DOWNLOAD_INTERRUPT_REASON_FILE_SECURITY_CHECK_FAILED;
361 LogInterruptReason("ScanAndSaveDownloadedFile", hr, result);
363 bound_net_log_.EndEvent(net::NetLog::TYPE_DOWNLOAD_FILE_ANNOTATED);
367 } // namespace content