1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/browser/download/base_file.h"
12 #include "base/files/file.h"
13 #include "base/files/file_util.h"
14 #include "base/guid.h"
15 #include "base/metrics/histogram.h"
16 #include "base/strings/utf_string_conversions.h"
17 #include "base/threading/thread_restrictions.h"
18 #include "content/browser/download/download_interrupt_reasons_impl.h"
19 #include "content/browser/download/download_stats.h"
20 #include "content/browser/safe_util_win.h"
21 #include "content/public/browser/browser_thread.h"
26 const int kAllSpecialShFileOperationCodes
[] = {
27 // Should be kept in sync with the case statement below.
29 ERROR_SHARING_VIOLATION
,
30 ERROR_INVALID_PARAMETER
,
58 // Maps the result of a call to |SHFileOperation()| onto a
59 // |DownloadInterruptReason|.
61 // These return codes are *old* (as in, DOS era), and specific to
62 // |SHFileOperation()|.
63 // They do not appear in any windows header.
65 // See http://msdn.microsoft.com/en-us/library/bb762164(VS.85).aspx.
66 DownloadInterruptReason
MapShFileOperationCodes(int code
) {
67 DownloadInterruptReason result
= DOWNLOAD_INTERRUPT_REASON_NONE
;
69 // Check these pre-Win32 error codes first, then check for matches
71 // This switch statement should be kept in sync with the list of codes
74 // Not a pre-Win32 error code; here so that this particular case shows up in
75 // our histograms. Unfortunately, it is used not just to signal actual
76 // ACCESS_DENIED errors, but many other errors as well. So we treat it as a
78 case ERROR_ACCESS_DENIED
: // Access is denied.
79 result
= DOWNLOAD_INTERRUPT_REASON_FILE_TRANSIENT_ERROR
;
82 // This isn't documented but returned from SHFileOperation. Sharing
83 // violations indicate that another process had the file open while we were
84 // trying to rename. Anti-virus is believed to be the cause of this error in
85 // the wild. Treated as a transient error on the assumption that the file
86 // will be made available for renaming at a later time.
87 case ERROR_SHARING_VIOLATION
:
88 result
= DOWNLOAD_INTERRUPT_REASON_FILE_TRANSIENT_ERROR
;
91 // This is also not a documented return value of SHFileOperation, but has
92 // been observed in the wild. We are treating it as a transient error based
93 // on the cases we have seen so far. See http://crbug.com/368455.
94 case ERROR_INVALID_PARAMETER
:
95 result
= DOWNLOAD_INTERRUPT_REASON_FILE_TRANSIENT_ERROR
;
98 // The source and destination files are the same file.
99 // DE_SAMEFILE == 0x71
101 result
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
104 // The operation was canceled by the user, or silently canceled if the
105 // appropriate flags were supplied to SHFileOperation.
106 // DE_OPCANCELLED == 0x75
108 result
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
111 // Security settings denied access to the source.
112 // DE_ACCESSDENIEDSRC == 0x78
114 result
= DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED
;
117 // The source or destination path exceeded or would exceed MAX_PATH.
118 // DE_PATHTOODEEP == 0x79
120 result
= DOWNLOAD_INTERRUPT_REASON_FILE_NAME_TOO_LONG
;
123 // The path in the source or destination or both was invalid.
124 // DE_INVALIDFILES == 0x7C
126 result
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
129 // The destination path is an existing file.
130 // DE_FLDDESTISFILE == 0x7E
132 result
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
135 // The destination path is an existing folder.
136 // DE_FILEDESTISFLD == 0x80
138 result
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
141 // The name of the file exceeds MAX_PATH.
142 // DE_FILENAMETOOLONG == 0x81
144 result
= DOWNLOAD_INTERRUPT_REASON_FILE_NAME_TOO_LONG
;
147 // The destination is a read-only CD-ROM, possibly unformatted.
148 // DE_DEST_IS_CDROM == 0x82
150 result
= DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED
;
153 // The destination is a read-only DVD, possibly unformatted.
154 // DE_DEST_IS_DVD == 0x83
156 result
= DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED
;
159 // The destination is a writable CD-ROM, possibly unformatted.
160 // DE_DEST_IS_CDRECORD == 0x84
162 result
= DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED
;
165 // The file involved in the operation is too large for the destination
166 // media or file system.
167 // DE_FILE_TOO_LARGE == 0x85
169 result
= DOWNLOAD_INTERRUPT_REASON_FILE_TOO_LARGE
;
172 // The source is a read-only CD-ROM, possibly unformatted.
173 // DE_SRC_IS_CDROM == 0x86
175 result
= DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED
;
178 // The source is a read-only DVD, possibly unformatted.
179 // DE_SRC_IS_DVD == 0x87
181 result
= DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED
;
184 // The source is a writable CD-ROM, possibly unformatted.
185 // DE_SRC_IS_CDRECORD == 0x88
187 result
= DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED
;
190 // MAX_PATH was exceeded during the operation.
191 // DE_ERROR_MAX == 0xB7
193 result
= DOWNLOAD_INTERRUPT_REASON_FILE_NAME_TOO_LONG
;
196 // An unspecified error occurred on the destination.
197 // XE_ERRORONDEST == 0x10000
199 result
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
202 // Multiple file paths were specified in the source buffer, but only one
203 // destination file path.
204 // DE_MANYSRC1DEST == 0x72
206 result
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
209 // Rename operation was specified but the destination path is
210 // a different directory. Use the move operation instead.
211 // DE_DIFFDIR == 0x73
213 result
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
216 // The source is a root directory, which cannot be moved or renamed.
217 // DE_ROOTDIR == 0x74
219 result
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
222 // The destination is a subtree of the source.
223 // DE_DESTSUBTREE == 0x76
225 result
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
228 // The operation involved multiple destination paths,
229 // which can fail in the case of a move operation.
230 // DE_MANYDEST == 0x7A
232 result
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
235 // The source and destination have the same parent folder.
236 // DE_DESTSAMETREE == 0x7D
238 result
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
241 // An unknown error occurred. This is typically due to an invalid path in
242 // the source or destination. This error does not occur on Windows Vista
244 // DE_UNKNOWN_ERROR == 0x402
246 result
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
249 // Destination is a root directory and cannot be renamed.
250 // DE_ROOTDIR | ERRORONDEST == 0x10074
252 result
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
256 // Narrow down on the reason we're getting some catch-all interrupt reasons.
257 if (result
== DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
) {
258 UMA_HISTOGRAM_CUSTOM_ENUMERATION(
259 "Download.MapWinShErrorFileFailed", code
,
260 base::CustomHistogram::ArrayToCustomRanges(
261 kAllSpecialShFileOperationCodes
,
262 arraysize(kAllSpecialShFileOperationCodes
)));
265 if (result
== DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED
) {
266 UMA_HISTOGRAM_CUSTOM_ENUMERATION(
267 "Download.MapWinShErrorAccessDenied", code
,
268 base::CustomHistogram::ArrayToCustomRanges(
269 kAllSpecialShFileOperationCodes
,
270 arraysize(kAllSpecialShFileOperationCodes
)));
273 if (result
== DOWNLOAD_INTERRUPT_REASON_FILE_TRANSIENT_ERROR
) {
274 UMA_HISTOGRAM_CUSTOM_ENUMERATION(
275 "Download.MapWinShErrorTransientError", code
,
276 base::CustomHistogram::ArrayToCustomRanges(
277 kAllSpecialShFileOperationCodes
,
278 arraysize(kAllSpecialShFileOperationCodes
)));
281 if (result
!= DOWNLOAD_INTERRUPT_REASON_NONE
)
284 // If not one of the above codes, it should be a standard Windows error code.
285 return ConvertFileErrorToInterruptReason(
286 base::File::OSErrorToFileError(code
));
289 // Maps a return code from ScanAndSaveDownloadedFile() to a
290 // DownloadInterruptReason. The return code in |result| is usually from the
291 // final IAttachmentExecute::Save() call.
292 DownloadInterruptReason
MapScanAndSaveErrorCodeToInterruptReason(
294 if (SUCCEEDED(result
))
295 return DOWNLOAD_INTERRUPT_REASON_NONE
;
298 case INET_E_SECURITY_PROBLEM
: // 0x800c000e
299 // This is returned if the download was blocked due to security
300 // restrictions. E.g. if the source URL was in the Restricted Sites zone
301 // and downloads are blocked on that zone, then the download would be
302 // deleted and this error code is returned.
303 return DOWNLOAD_INTERRUPT_REASON_FILE_BLOCKED
;
305 case E_FAIL
: // 0x80004005
306 // Returned if an anti-virus product reports an infection in the
307 // downloaded file during IAE::Save().
308 return DOWNLOAD_INTERRUPT_REASON_FILE_VIRUS_INFECTED
;
311 // Any other error that occurs during IAttachmentExecute::Save() likely
312 // indicates a problem with the security check, but not necessarily the
313 // download. See http://crbug.com/153212.
314 return DOWNLOAD_INTERRUPT_REASON_FILE_SECURITY_CHECK_FAILED
;
320 // Renames a file using the SHFileOperation API to ensure that the target file
321 // gets the correct default security descriptor in the new path.
322 // Returns a network error, or net::OK for success.
323 DownloadInterruptReason
BaseFile::MoveFileAndAdjustPermissions(
324 const base::FilePath
& new_path
) {
325 base::ThreadRestrictions::AssertIOAllowed();
327 // The parameters to SHFileOperation must be terminated with 2 NULL chars.
328 base::FilePath::StringType source
= full_path_
.value();
329 base::FilePath::StringType target
= new_path
.value();
331 source
.append(1, L
'\0');
332 target
.append(1, L
'\0');
334 SHFILEOPSTRUCT move_info
= {0};
335 move_info
.wFunc
= FO_MOVE
;
336 move_info
.pFrom
= source
.c_str();
337 move_info
.pTo
= target
.c_str();
338 move_info
.fFlags
= FOF_SILENT
| FOF_NOCONFIRMATION
| FOF_NOERRORUI
|
339 FOF_NOCONFIRMMKDIR
| FOF_NOCOPYSECURITYATTRIBS
;
341 base::TimeTicks now
= base::TimeTicks::Now();
342 int result
= SHFileOperation(&move_info
);
343 DownloadInterruptReason interrupt_reason
= DOWNLOAD_INTERRUPT_REASON_NONE
;
345 if (result
== 0 && move_info
.fAnyOperationsAborted
)
346 interrupt_reason
= DOWNLOAD_INTERRUPT_REASON_FILE_FAILED
;
347 else if (result
!= 0)
348 interrupt_reason
= MapShFileOperationCodes(result
);
350 if (interrupt_reason
!= DOWNLOAD_INTERRUPT_REASON_NONE
)
351 return LogInterruptReason("SHFileOperation", result
, interrupt_reason
);
352 return interrupt_reason
;
355 DownloadInterruptReason
BaseFile::AnnotateWithSourceInformation() {
356 DCHECK_CURRENTLY_ON(BrowserThread::FILE);
359 bound_net_log_
.BeginEvent(net::NetLog::TYPE_DOWNLOAD_FILE_ANNOTATED
);
360 DownloadInterruptReason result
= DOWNLOAD_INTERRUPT_REASON_NONE
;
361 std::string braces_guid
= "{" + client_guid_
+ "}";
362 GUID guid
= GUID_NULL
;
363 if (base::IsValidGUID(client_guid_
)) {
364 HRESULT hr
= CLSIDFromString(
365 base::UTF8ToUTF16(braces_guid
).c_str(), &guid
);
370 HRESULT hr
= AVScanFile(full_path_
, source_url_
.spec(), guid
);
372 // If the download file is missing after the call, then treat this as an
373 // interrupted download.
375 // If the ScanAndSaveDownloadedFile() call failed, but the downloaded file is
376 // still around, then don't interrupt the download. Attachment Execution
377 // Services deletes the submitted file if the downloaded file is blocked by
378 // policy or if it was found to be infected.
380 // If the file is still there, then the error could be due to AES not being
381 // available or some other error during the AES invocation. In either case,
382 // we don't surface the error to the user.
383 if (!base::PathExists(full_path_
)) {
385 result
= MapScanAndSaveErrorCodeToInterruptReason(hr
);
386 if (result
== DOWNLOAD_INTERRUPT_REASON_NONE
) {
387 RecordDownloadCount(FILE_MISSING_AFTER_SUCCESSFUL_SCAN_COUNT
);
388 result
= DOWNLOAD_INTERRUPT_REASON_FILE_SECURITY_CHECK_FAILED
;
390 LogInterruptReason("ScanAndSaveDownloadedFile", hr
, result
);
392 bound_net_log_
.EndEvent(net::NetLog::TYPE_DOWNLOAD_FILE_ANNOTATED
);
396 } // namespace content