Use kService sandbox for FileUtilService kService is a slightly tighter sandbox than kUtility as it adds win32 lockdown. kUtility was previously required because FilePath's comparison functions used functions that were blocked by win32 lockdown. As these are the only functions that otherwise prevent use of this sandbox we replace them with ascii comparisons. This is ok as all file extensions that were being compared are hardcoded ascii strings. Bug: 696635 Change-Id: I4515d5eacf5689074ae1b8ffdcc87253411a6bde Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3908435 Commit-Queue: Alex Gough <ajgo@chromium.org> Reviewed-by: Daniel Rubery <drubery@chromium.org> Cr-Commit-Position: refs/heads/main@{#1049778}

commit: 67b350d8bae39bb7956ab1441df6aaa6ead2e777 [log] [tgz]
author: Alex Gough <ajgo@chromium.org> Wed Sep 21 19:06:11 2022
committer: Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com> Wed Sep 21 19:06:11 2022
tree: cfda6571218291093e5fba1e50922d553609c08f
parent: 21b8f1b7226463b7aa7f2fa10ebd5c7855d8bc27 [diff]
diff --git a/chrome/common/safe_browsing/download_type_util.cc b/chrome/common/safe_browsing/download_type_util.cc
index 46bb9f4..ae665b2a 100644
--- a/chrome/common/safe_browsing/download_type_util.cc
+++ b/chrome/common/safe_browsing/download_type_util.cc

@@ -17,13 +17,15 @@
 
 ClientDownloadRequest::DownloadType GetDownloadType(
     const base::FilePath& file) {
+  base::FilePath::StringType ext = file.Extension();
+
   // TODO(nparker): Put all of this logic into the FileTypePolicies
   // protobuf.
-  if (file.MatchesExtension(FILE_PATH_LITERAL(".apk")))
+  if (base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".apk")))
     return ClientDownloadRequest::ANDROID_APK;
-  else if (file.MatchesExtension(FILE_PATH_LITERAL(".crx")))
+  else if (base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".crx")))
     return ClientDownloadRequest::CHROME_EXTENSION;
-  else if (file.MatchesExtension(FILE_PATH_LITERAL(".zip")))
+  else if (base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".zip")))
     // DownloadProtectionService doesn't send a ClientDownloadRequest for ZIP
     // files unless they contain either executables or archives. The resulting
     // DownloadType is either ZIPPED_EXECUTABLE or ZIPPED_ARCHIVE respectively.
@@ -31,64 +33,69 @@
     // placeholder. The correct DownloadType will be determined based on the
     // result of analyzing the ZIP file.
     return ClientDownloadRequest::ZIPPED_EXECUTABLE;
-  else if (file.MatchesExtension(FILE_PATH_LITERAL(".rar")))
+  else if (base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".rar")))
     // See the comment for .zip files.
     return ClientDownloadRequest::RAR_COMPRESSED_EXECUTABLE;
-  else if (file.MatchesExtension(FILE_PATH_LITERAL(".dmg")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".img")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".iso")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".pkg")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".mpkg")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".smi")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".app")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".cdr")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".dmgpart")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".dvdr")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".dart")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".dc42")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".diskcopy42")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".imgpart")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".ndif")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".udif")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".toast")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".sparsebundle")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".sparseimage")))
+  else if (base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".dmg")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".img")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".iso")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".pkg")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".mpkg")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".smi")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".app")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".cdr")) ||
+           base::EqualsCaseInsensitiveASCII(ext,
+                                            FILE_PATH_LITERAL(".dmgpart")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".dvdr")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".dart")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".dc42")) ||
+           base::EqualsCaseInsensitiveASCII(ext,
+                                            FILE_PATH_LITERAL(".diskcopy42")) ||
+           base::EqualsCaseInsensitiveASCII(ext,
+                                            FILE_PATH_LITERAL(".imgpart")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".ndif")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".udif")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".toast")) ||
+           base::EqualsCaseInsensitiveASCII(
+               ext, FILE_PATH_LITERAL(".sparsebundle")) ||
+           base::EqualsCaseInsensitiveASCII(ext,
+                                            FILE_PATH_LITERAL(".sparseimage")))
     return ClientDownloadRequest::MAC_EXECUTABLE;
   else if (FileTypePolicies::GetInstance()->IsArchiveFile(file))
     return ClientDownloadRequest::ARCHIVE;
-  else if (file.MatchesExtension(FILE_PATH_LITERAL(".pdf")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".doc")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".docx")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".docm")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".docb")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".dot")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".dotm")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".dotx")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".xls")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".xlsb")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".xlt")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".xlm")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".xlsx")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".xldm")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".xltx")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".xltm")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".xla")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".xlam")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".xll")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".xlw")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".ppt")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".pot")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".pps")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".pptx")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".pptm")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".potx")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".potm")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".ppam")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".ppsx")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".ppsm")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".sldx")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".rtf")) ||
-           file.MatchesExtension(FILE_PATH_LITERAL(".wll")))
+  else if (base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".pdf")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".doc")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".docx")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".docm")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".docb")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".dot")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".dotm")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".dotx")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".xls")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".xlsb")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".xlt")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".xlm")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".xlsx")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".xldm")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".xltx")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".xltm")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".xla")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".xlam")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".xll")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".xlw")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".ppt")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".pot")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".pps")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".pptx")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".pptm")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".potx")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".potm")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".ppam")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".ppsx")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".ppsm")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".sldx")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".rtf")) ||
+           base::EqualsCaseInsensitiveASCII(ext, FILE_PATH_LITERAL(".wll")))
     return ClientDownloadRequest::DOCUMENT;
   else if (file.MatchesExtension(FILE_PATH_LITERAL(".7z")))
     return ClientDownloadRequest::SEVEN_ZIP_COMPRESSED_EXECUTABLE;

diff --git a/chrome/services/file_util/public/mojom/file_util_service.mojom b/chrome/services/file_util/public/mojom/file_util_service.mojom
index 25cfded..35812ff 100644
--- a/chrome/services/file_util/public/mojom/file_util_service.mojom
+++ b/chrome/services/file_util/public/mojom/file_util_service.mojom

@@ -17,7 +17,7 @@
 
 // The main interface to the file utility service. Binds any of various
 // specific utility receivers.
-[ServiceSandbox=sandbox.mojom.Sandbox.kUtility]
+[ServiceSandbox=sandbox.mojom.Sandbox.kService]
 interface FileUtilService {
   // Binds an instance of the ZipFileCreator interface.
   [EnableIf=is_chromeos_ash]
commit	67b350d8bae39bb7956ab1441df6aaa6ead2e777	[log] [tgz]
author	Alex Gough <ajgo@chromium.org>	Wed Sep 21 19:06:11 2022
committer	Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>	Wed Sep 21 19:06:11 2022
tree	cfda6571218291093e5fba1e50922d553609c08f
parent	21b8f1b7226463b7aa7f2fa10ebd5c7855d8bc27 [diff]