// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Safe archive file analyzer provided by the utility process and exposed
// by mojo policy control to the chrome browser process when build flag
// FULL_SAFE_BROWSING is enabled.
module chrome.mojom;
import "mojo/public/mojom/base/file.mojom";
import "mojo/public/mojom/base/read_only_file.mojom";
// SafeArchiveAnalyzer provides methods for extracting information about the
// files contained in untrusted archives. It is intended to run in a utility
// process, so that callers in the browser process can safely get this
// information.
interface SafeArchiveAnalyzer {
// Build flag FULL_SAFE_BROWSING: Analyze the `zip_file` for malicious
// download protection, given a `temporary_file` used to extract files
// from the `zip_file` archive. Uses `password` to decrypt encrypted entries
// in the archive, if provided.
AnalyzeZipFile(mojo_base.mojom.ReadOnlyFile zip_file,
string? password,
pending_remote<TemporaryFileGetter> temp_file_getter)
=> (SafeArchiveAnalyzerResults results);
// Build flag FULL_SAFE_BROWSING, on OS_MAC: Analyze the `dmg_file`
// for malicious download protection.
AnalyzeDmgFile(mojo_base.mojom.ReadOnlyFile dmg_file,
pending_remote<TemporaryFileGetter> temp_file_getter)
=> (SafeArchiveAnalyzerResults results);
// Build flag FULL_SAFE_BROWSING: Analyze the `rar_file` for malicious
// download protection. Uses the `temporary_file` to extract files from the
// `rar_file` archive. Uses `password` to decrypt encrypted entries in the
// archive, if provided.
AnalyzeRarFile(mojo_base.mojom.ReadOnlyFile rar_file,
string? password,
pending_remote<TemporaryFileGetter> temp_file_getter)
=> (SafeArchiveAnalyzerResults results);
// Build flag FULL_SAFE_BROWSING: Analyze the `seven_zip_file` for malicious
// download protection. Uses `temporary_file` and `temporary_file2` to extract
// files from the `seven_zip_file` archive. This needs two temporary files due
// to the internal structure of 7z archives. Archives are groups of "folders"
// (still a group of files, but not a directory in the extracted contents)
// which share decompressor state. For performance, each folder is extracted
// in its entirety (using the first temp file), and then files are extracted
// from the decompressed folders (using the second).
AnalyzeSevenZipFile(mojo_base.mojom.ReadOnlyFile seven_zip_file,
pending_remote<TemporaryFileGetter> temp_file_getter)
=> (SafeArchiveAnalyzerResults results);
};
// TemporaryFileGetter is provided by the browser process and exposed
// by mojo policy control to the utility process when build flag
// FULL_SAFE_BROWSING is enabled. It is used to create temporary files for
// the purpose of analyzing nested archives.
interface TemporaryFileGetter {
// Requests a temporary file. If the request is accepted, `temp_file`
// will be returned with a valid file descriptor. If the request is
// rejected, `temp_file` will be invalid.
RequestTemporaryFile() => (mojo_base.mojom.File? temp_file);
};
[Native]
struct SafeArchiveAnalyzerResults;