diff options
Diffstat (limited to 'toolkit/components/url-classifier/Classifier.cpp')
-rw-r--r-- | toolkit/components/url-classifier/Classifier.cpp | 1786 |
1 files changed, 1786 insertions, 0 deletions
diff --git a/toolkit/components/url-classifier/Classifier.cpp b/toolkit/components/url-classifier/Classifier.cpp new file mode 100644 index 0000000000..eae3cc4f6f --- /dev/null +++ b/toolkit/components/url-classifier/Classifier.cpp @@ -0,0 +1,1786 @@ +//* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "Classifier.h" +#include "LookupCacheV4.h" +#include "nsIFile.h" +#include "nsNetCID.h" +#include "nsPrintfCString.h" +#include "nsThreadUtils.h" +#include "mozilla/Components.h" +#include "mozilla/EndianUtils.h" +#include "mozilla/Telemetry.h" +#include "mozilla/IntegerPrintfMacros.h" +#include "mozilla/LazyIdleThread.h" +#include "mozilla/Logging.h" +#include "mozilla/SyncRunnable.h" +#include "mozilla/Base64.h" +#include "mozilla/Unused.h" +#include "mozilla/UniquePtr.h" +#include "nsUrlClassifierDBService.h" +#include "nsUrlClassifierUtils.h" + +// MOZ_LOG=UrlClassifierDbService:5 +extern mozilla::LazyLogModule gUrlClassifierDbServiceLog; +#define LOG(args) \ + MOZ_LOG(gUrlClassifierDbServiceLog, mozilla::LogLevel::Debug, args) +#define LOG_ENABLED() \ + MOZ_LOG_TEST(gUrlClassifierDbServiceLog, mozilla::LogLevel::Debug) + +#define STORE_DIRECTORY "safebrowsing"_ns +#define TO_DELETE_DIR_SUFFIX "-to_delete"_ns +#define BACKUP_DIR_SUFFIX "-backup"_ns +#define UPDATING_DIR_SUFFIX "-updating"_ns + +#define V4_METADATA_SUFFIX ".metadata"_ns +#define V2_METADATA_SUFFIX ".sbstore"_ns + +// The amount of time, in milliseconds, that our IO thread will stay alive after +// the last event it processes. +#define DEFAULT_THREAD_TIMEOUT_MS 5000 + +namespace mozilla { +namespace safebrowsing { + +bool Classifier::OnUpdateThread() const { + bool onthread = false; + if (mUpdateThread) { + mUpdateThread->IsOnCurrentThread(&onthread); + } + return onthread; +} + +void Classifier::SplitTables(const nsACString& str, + nsTArray<nsCString>& tables) { + tables.Clear(); + + for (const auto& table : str.Split(',')) { + if (!table.IsEmpty()) { + tables.AppendElement(table); + } + } + + // Remove duplicates + tables.Sort(); + const auto newEnd = std::unique(tables.begin(), tables.end()); + tables.TruncateLength(std::distance(tables.begin(), newEnd)); +} + +nsresult Classifier::GetPrivateStoreDirectory( + nsIFile* aRootStoreDirectory, const nsACString& aTableName, + const nsACString& aProvider, nsIFile** aPrivateStoreDirectory) { + NS_ENSURE_ARG_POINTER(aPrivateStoreDirectory); + + if (!StringEndsWith(aTableName, "-proto"_ns)) { + // Only V4 table names (ends with '-proto') would be stored + // to per-provider sub-directory. + nsCOMPtr<nsIFile>(aRootStoreDirectory).forget(aPrivateStoreDirectory); + return NS_OK; + } + + if (aProvider.IsEmpty()) { + // When failing to get provider, just store in the root folder. + nsCOMPtr<nsIFile>(aRootStoreDirectory).forget(aPrivateStoreDirectory); + return NS_OK; + } + + nsCOMPtr<nsIFile> providerDirectory; + + // Clone first since we are gonna create a new directory. + nsresult rv = aRootStoreDirectory->Clone(getter_AddRefs(providerDirectory)); + NS_ENSURE_SUCCESS(rv, rv); + + // Append the provider name to the root store directory. + rv = providerDirectory->AppendNative(aProvider); + NS_ENSURE_SUCCESS(rv, rv); + + // Ensure existence of the provider directory. + bool dirExists; + rv = providerDirectory->Exists(&dirExists); + NS_ENSURE_SUCCESS(rv, rv); + + if (!dirExists) { + LOG(("Creating private directory for %s", nsCString(aTableName).get())); + rv = providerDirectory->Create(nsIFile::DIRECTORY_TYPE, 0755); + NS_ENSURE_SUCCESS(rv, rv); + providerDirectory.forget(aPrivateStoreDirectory); + return rv; + } + + // Store directory exists. Check if it's a directory. + bool isDir; + rv = providerDirectory->IsDirectory(&isDir); + NS_ENSURE_SUCCESS(rv, rv); + if (!isDir) { + return NS_ERROR_FILE_DESTINATION_NOT_DIR; + } + + providerDirectory.forget(aPrivateStoreDirectory); + + return NS_OK; +} + +Classifier::Classifier() + : mIsTableRequestResultOutdated(true), + mUpdateInterrupted(true), + mIsClosed(false) { + // Make a lazy thread for any IO + mUpdateThread = + new LazyIdleThread(DEFAULT_THREAD_TIMEOUT_MS, "Classifier Update"_ns, + LazyIdleThread::ShutdownMethod::ManualShutdown); +} + +Classifier::~Classifier() { + if (mUpdateThread) { + mUpdateThread->Shutdown(); + mUpdateThread = nullptr; + } + + Close(); +} + +nsresult Classifier::SetupPathNames() { + // Get the root directory where to store all the databases. + nsresult rv = mCacheDirectory->Clone(getter_AddRefs(mRootStoreDirectory)); + NS_ENSURE_SUCCESS(rv, rv); + + rv = mRootStoreDirectory->AppendNative(STORE_DIRECTORY); + NS_ENSURE_SUCCESS(rv, rv); + + // Make sure LookupCaches (which are persistent and survive updates) + // are reading/writing in the right place. We will be moving their + // files "underneath" them during backup/restore. + for (uint32_t i = 0; i < mLookupCaches.Length(); i++) { + mLookupCaches[i]->UpdateRootDirHandle(mRootStoreDirectory); + } + + // Directory where to move a backup before an update. + rv = mCacheDirectory->Clone(getter_AddRefs(mBackupDirectory)); + NS_ENSURE_SUCCESS(rv, rv); + + rv = mBackupDirectory->AppendNative(STORE_DIRECTORY + BACKUP_DIR_SUFFIX); + NS_ENSURE_SUCCESS(rv, rv); + + // Directory where to be working on the update. + rv = mCacheDirectory->Clone(getter_AddRefs(mUpdatingDirectory)); + NS_ENSURE_SUCCESS(rv, rv); + + rv = mUpdatingDirectory->AppendNative(STORE_DIRECTORY + UPDATING_DIR_SUFFIX); + NS_ENSURE_SUCCESS(rv, rv); + + // Directory where to move the backup so we can atomically + // delete (really move) it. + rv = mCacheDirectory->Clone(getter_AddRefs(mToDeleteDirectory)); + NS_ENSURE_SUCCESS(rv, rv); + + rv = mToDeleteDirectory->AppendNative(STORE_DIRECTORY + TO_DELETE_DIR_SUFFIX); + NS_ENSURE_SUCCESS(rv, rv); + + return NS_OK; +} + +nsresult Classifier::CreateStoreDirectory() { + if (ShouldAbort()) { + return NS_OK; // nothing to do, the classifier is done + } + + // Ensure the safebrowsing directory exists. + bool storeExists; + nsresult rv = mRootStoreDirectory->Exists(&storeExists); + NS_ENSURE_SUCCESS(rv, rv); + + if (!storeExists) { + rv = mRootStoreDirectory->Create(nsIFile::DIRECTORY_TYPE, 0755); + NS_ENSURE_SUCCESS(rv, rv); + } else { + bool storeIsDir; + rv = mRootStoreDirectory->IsDirectory(&storeIsDir); + NS_ENSURE_SUCCESS(rv, rv); + if (!storeIsDir) return NS_ERROR_FILE_DESTINATION_NOT_DIR; + } + + return NS_OK; +} + +// Testing entries are created directly in LookupCache instead of +// created via update(Bug 1531354). We can remove unused testing +// files from profile. +// TODO: See Bug 723153 to clear old safebrowsing store +nsresult Classifier::ClearLegacyFiles() { + if (ShouldAbort()) { + return NS_OK; // nothing to do, the classifier is done + } + + nsTArray<nsLiteralCString> tables = { + "test-phish-simple"_ns, "test-malware-simple"_ns, + "test-unwanted-simple"_ns, "test-harmful-simple"_ns, + "test-track-simple"_ns, "test-trackwhite-simple"_ns, + "test-block-simple"_ns, + }; + + const auto fnFindAndRemove = [](nsIFile* aRootDirectory, + const nsACString& aFileName) { + nsCOMPtr<nsIFile> file; + nsresult rv = aRootDirectory->Clone(getter_AddRefs(file)); + if (NS_FAILED(rv)) { + return false; + } + + rv = file->AppendNative(aFileName); + if (NS_FAILED(rv)) { + return false; + } + + bool exists; + rv = file->Exists(&exists); + if (NS_FAILED(rv) || !exists) { + return false; + } + + rv = file->Remove(false); + if (NS_FAILED(rv)) { + return false; + } + + return true; + }; + + for (const auto& table : tables) { + // Remove both .sbstore and .vlpse if .sbstore exists + if (fnFindAndRemove(mRootStoreDirectory, table + ".sbstore"_ns)) { + fnFindAndRemove(mRootStoreDirectory, table + ".vlpset"_ns); + } + } + + return NS_OK; +} + +nsresult Classifier::Open(nsIFile& aCacheDirectory) { + // Remember the Local profile directory. + nsresult rv = aCacheDirectory.Clone(getter_AddRefs(mCacheDirectory)); + NS_ENSURE_SUCCESS(rv, rv); + + // Create the handles to the update and backup directories. + rv = SetupPathNames(); + NS_ENSURE_SUCCESS(rv, rv); + + // Clean up any to-delete directories that haven't been deleted yet. + // This is still required for backward compatibility. + rv = CleanToDelete(); + NS_ENSURE_SUCCESS(rv, rv); + + // If we met a crash during the previous update, "safebrowsing-updating" + // directory will exist and let's remove it. + rv = mUpdatingDirectory->Remove(true); + if (NS_SUCCEEDED(rv)) { + // If the "safebrowsing-updating" exists, it implies a crash occurred + // in the previous update. + LOG(("We may have hit a crash in the previous update.")); + } + + // Check whether we have an incomplete update and recover from the + // backup if so. + rv = RecoverBackups(); + NS_ENSURE_SUCCESS(rv, rv); + + // Make sure the main store directory exists. + rv = CreateStoreDirectory(); + NS_ENSURE_SUCCESS(rv, rv); + + rv = ClearLegacyFiles(); + Unused << NS_WARN_IF(NS_FAILED(rv)); + + // Build the list of know urlclassifier lists + // XXX: Disk IO potentially on the main thread during startup + RegenActiveTables(); + + return NS_OK; +} + +void Classifier::Close() { + // Close will be called by PreShutdown, so it is important to note that + // things put here should not affect an ongoing update thread. + mIsClosed = true; + DropStores(); +} + +void Classifier::Reset() { + MOZ_ASSERT(!OnUpdateThread(), "Reset() MUST NOT be called on update thread"); + + LOG(("Reset() is called so we interrupt the update.")); + mUpdateInterrupted = true; + + // We don't pass the ref counted object 'Classifier' to resetFunc because we + // don't want to release 'Classifier in the update thread, which triggers an + // assertion when LazyIdelUpdate thread is not created and removed by the same + // thread (worker thread). Since |resetFuc| is a synchronous call, we can just + // pass the reference of Classifier because Classifier's life cycle is + // guarantee longer than |resetFunc|. + auto resetFunc = [&] { + if (this->mIsClosed) { + return; // too late to reset, bail + } + this->DropStores(); + + this->mRootStoreDirectory->Remove(true); + this->mBackupDirectory->Remove(true); + this->mUpdatingDirectory->Remove(true); + this->mToDeleteDirectory->Remove(true); + + this->CreateStoreDirectory(); + this->RegenActiveTables(); + }; + + if (!mUpdateThread) { + LOG(("Async update has been disabled. Just Reset() on worker thread.")); + resetFunc(); + return; + } + + nsCOMPtr<nsIRunnable> r = + NS_NewRunnableFunction("safebrowsing::Classifier::Reset", resetFunc); + SyncRunnable::DispatchToThread(mUpdateThread, r); +} + +void Classifier::ResetTables(ClearType aType, + const nsTArray<nsCString>& aTables) { + for (uint32_t i = 0; i < aTables.Length(); i++) { + LOG(("Resetting table: %s", aTables[i].get())); + RefPtr<LookupCache> cache = GetLookupCache(aTables[i]); + if (cache) { + // Remove any cached Completes for this table if clear type is Clear_Cache + if (aType == Clear_Cache) { + cache->ClearCache(); + } else { + cache->ClearAll(); + } + } + } + + // Clear on-disk database if clear type is Clear_All + if (aType == Clear_All) { + DeleteTables(mRootStoreDirectory, aTables); + + RegenActiveTables(); + } +} + +// |DeleteTables| is used by |GetLookupCache| to remove on-disk data when +// we detect prefix file corruption. So make sure not to call |GetLookupCache| +// again in this function to avoid infinite loop. +void Classifier::DeleteTables(nsIFile* aDirectory, + const nsTArray<nsCString>& aTables) { + nsCOMPtr<nsIDirectoryEnumerator> entries; + nsresult rv = aDirectory->GetDirectoryEntries(getter_AddRefs(entries)); + NS_ENSURE_SUCCESS_VOID(rv); + + nsCOMPtr<nsIFile> file; + while (NS_SUCCEEDED(rv = entries->GetNextFile(getter_AddRefs(file))) && + file) { + // If |file| is a directory, recurse to find its entries as well. + bool isDirectory; + if (NS_FAILED(file->IsDirectory(&isDirectory))) { + continue; + } + if (isDirectory) { + DeleteTables(file, aTables); + continue; + } + + nsCString leafName; + rv = file->GetNativeLeafName(leafName); + NS_ENSURE_SUCCESS_VOID(rv); + + // Remove file extension if there's one. + int32_t dotPosition = leafName.RFind("."); + if (dotPosition >= 0) { + leafName.Truncate(dotPosition); + } + + if (!leafName.IsEmpty() && aTables.Contains(leafName)) { + if (NS_FAILED(file->Remove(false))) { + NS_WARNING(nsPrintfCString("Fail to remove file %s from the disk", + leafName.get()) + .get()); + } + } + } + NS_ENSURE_SUCCESS_VOID(rv); +} + +// This function is I/O intensive. It should only be called before applying +// an update. +void Classifier::TableRequest(nsACString& aResult) { + MOZ_ASSERT(!NS_IsMainThread(), + "TableRequest must be called on the classifier worker thread."); + + // This function and all disk I/O are guaranteed to occur + // on the same thread so we don't need to add a lock around. + if (!mIsTableRequestResultOutdated) { + aResult = mTableRequestResult; + return; + } + + // We reset tables failed to load here; not just tables are corrupted. + // It is because this is a safer way to ensure Safe Browsing databases + // can be recovered from any bad situations. + nsTArray<nsCString> failedTables; + + // Load meta data from *.sbstore files in the root directory. + // Specifically for v4 tables. + nsCString v2Metadata; + nsresult rv = LoadHashStore(mRootStoreDirectory, v2Metadata, failedTables); + if (NS_SUCCEEDED(rv)) { + aResult.Append(v2Metadata); + } + + // Load meta data from *.metadata files in the root directory. + // Specifically for v4 tables. + nsCString v4Metadata; + rv = LoadMetadata(mRootStoreDirectory, v4Metadata, failedTables); + if (NS_SUCCEEDED(rv)) { + aResult.Append(v4Metadata); + } + + // Clear data for tables that we failed to open, a full update should + // be requested for those tables. + if (failedTables.Length() != 0) { + LOG(("Reset tables failed to open before applying an update")); + ResetTables(Clear_All, failedTables); + } + + // Update the TableRequest result in-memory cache. + mTableRequestResult = aResult; + mIsTableRequestResultOutdated = false; +} + +nsresult Classifier::CheckURIFragments( + const nsTArray<nsCString>& aSpecFragments, const nsACString& aTable, + LookupResultArray& aResults) { + // A URL can form up to 30 different fragments + MOZ_ASSERT(aSpecFragments.Length() != 0); + MOZ_ASSERT(aSpecFragments.Length() <= + (MAX_HOST_COMPONENTS * (MAX_PATH_COMPONENTS + 2))); + + if (LOG_ENABLED()) { + uint32_t urlIdx = 0; + for (uint32_t i = 1; i < aSpecFragments.Length(); i++) { + if (aSpecFragments[urlIdx].Length() < aSpecFragments[i].Length()) { + urlIdx = i; + } + } + LOG(("Checking table %s, URL is %s", aTable.BeginReading(), + aSpecFragments[urlIdx].get())); + } + + RefPtr<LookupCache> cache = GetLookupCache(aTable); + if (NS_WARN_IF(!cache)) { + return NS_ERROR_FAILURE; + } + + // Now check each lookup fragment against the entries in the DB. + for (uint32_t i = 0; i < aSpecFragments.Length(); i++) { + Completion lookupHash; + lookupHash.FromPlaintext(aSpecFragments[i]); + + bool has, confirmed; + uint32_t matchLength; + + nsresult rv = cache->Has(lookupHash, &has, &matchLength, &confirmed); + NS_ENSURE_SUCCESS(rv, rv); + + if (has) { + RefPtr<LookupResult> result = new LookupResult; + aResults.AppendElement(result); + + if (LOG_ENABLED()) { + nsAutoCString checking; + lookupHash.ToHexString(checking); + LOG(("Found a result in fragment %s, hash %s (%X)", + aSpecFragments[i].get(), checking.get(), lookupHash.ToUint32())); + LOG(("Result %s, match %d-bytes prefix", + confirmed ? "confirmed." : "Not confirmed.", matchLength)); + } + + result->hash.complete = lookupHash; + result->mConfirmed = confirmed; + result->mTableName.Assign(cache->TableName()); + result->mPartialHashLength = confirmed ? COMPLETE_SIZE : matchLength; + result->mProtocolV2 = LookupCache::Cast<LookupCacheV2>(cache); + } + } + + return NS_OK; +} + +static nsresult SwapDirectoryContent(nsIFile* aDir1, nsIFile* aDir2, + nsIFile* aParentDir, nsIFile* aTempDir) { + // Pre-condition: |aDir1| and |aDir2| are directory and their parent + // are both |aParentDir|. + // + // Post-condition: The locations where aDir1 and aDir2 point to will not + // change but their contents will be exchanged. If we failed + // to swap their content, everything will be rolled back. + + nsAutoCString tempDirName; + aTempDir->GetNativeLeafName(tempDirName); + + nsresult rv; + + nsAutoCString dirName1, dirName2; + aDir1->GetNativeLeafName(dirName1); + aDir2->GetNativeLeafName(dirName2); + + LOG(("Swapping directories %s and %s...", dirName1.get(), dirName2.get())); + + // 1. Rename "dirName1" to "temp" + rv = aDir1->RenameToNative(nullptr, tempDirName); + if (NS_FAILED(rv)) { + LOG(("Unable to rename %s to %s", dirName1.get(), tempDirName.get())); + return rv; // Nothing to roll back. + } + + // 1.1. Create a handle for temp directory. This is required since + // |nsIFile.rename| will not change the location where the + // object points to. + nsCOMPtr<nsIFile> tempDirectory; + rv = aParentDir->Clone(getter_AddRefs(tempDirectory)); + rv = tempDirectory->AppendNative(tempDirName); + + // 2. Rename "dirName2" to "dirName1". + rv = aDir2->RenameToNative(nullptr, dirName1); + if (NS_FAILED(rv)) { + LOG(("Failed to rename %s to %s. Rename temp directory back to %s", + dirName2.get(), dirName1.get(), dirName1.get())); + nsresult rbrv = tempDirectory->RenameToNative(nullptr, dirName1); + NS_ENSURE_SUCCESS(rbrv, rbrv); + return rv; + } + + // 3. Rename "temp" to "dirName2". + rv = tempDirectory->RenameToNative(nullptr, dirName2); + if (NS_FAILED(rv)) { + LOG(("Failed to rename temp directory to %s. ", dirName2.get())); + // We've done (1) renaming "dir1 to temp" and + // (2) renaming "dir2 to dir1" + // so the rollback is + // (1) renaming "dir1 to dir2" and + // (2) renaming "temp to dir1" + nsresult rbrv; // rollback result + rbrv = aDir1->RenameToNative(nullptr, dirName2); + NS_ENSURE_SUCCESS(rbrv, rbrv); + rbrv = tempDirectory->RenameToNative(nullptr, dirName1); + NS_ENSURE_SUCCESS(rbrv, rbrv); + return rv; + } + + return rv; +} + +void Classifier::RemoveUpdateIntermediaries() { + // Remove old LookupCaches. + mNewLookupCaches.Clear(); + + // Remove the "old" directory. (despite its looking-new name) + if (NS_FAILED(mUpdatingDirectory->Remove(true))) { + // If the directory is locked from removal for some reason, + // we will fail here and it doesn't matter until the next + // update. (the next udpate will fail due to the removable + // "safebrowsing-udpating" directory.) + LOG(("Failed to remove updating directory.")); + } +} + +void Classifier::CopyAndInvalidateFullHashCache() { + MOZ_ASSERT(!OnUpdateThread(), + "CopyAndInvalidateFullHashCache cannot be called on update thread " + "since it mutates mLookupCaches which is only safe on " + "worker thread."); + + // New lookup caches are built from disk, data likes cache which is + // generated online won't exist. We have to manually copy cache from + // old LookupCache to new LookupCache. + for (auto& newCache : mNewLookupCaches) { + for (auto& oldCache : mLookupCaches) { + if (oldCache->TableName() == newCache->TableName()) { + newCache->CopyFullHashCache(oldCache); + break; + } + } + } + + // Clear cache when update. + // Invalidate cache entries in CopyAndInvalidateFullHashCache because only + // at this point we will have cache data in LookupCache. + for (auto& newCache : mNewLookupCaches) { + newCache->InvalidateExpiredCacheEntries(); + } +} + +void Classifier::MergeNewLookupCaches() { + MOZ_ASSERT(!OnUpdateThread(), + "MergeNewLookupCaches cannot be called on update thread " + "since it mutates mLookupCaches which is only safe on " + "worker thread."); + + for (auto& newCache : mNewLookupCaches) { + // For each element in mNewLookCaches, it will be swapped with + // - An old cache in mLookupCache with the same table name or + // - nullptr (mLookupCache will be expaned) otherwise. + size_t swapIndex = 0; + for (; swapIndex < mLookupCaches.Length(); swapIndex++) { + if (mLookupCaches[swapIndex]->TableName() == newCache->TableName()) { + break; + } + } + if (swapIndex == mLookupCaches.Length()) { + mLookupCaches.AppendElement(nullptr); + } + + std::swap(mLookupCaches[swapIndex], newCache); + mLookupCaches[swapIndex]->UpdateRootDirHandle(mRootStoreDirectory); + } + + // At this point, mNewLookupCaches's length remains the same but + // will contain either old cache (override) or nullptr (append). +} + +nsresult Classifier::SwapInNewTablesAndCleanup() { + nsresult rv; + + // Step 1. Swap in on-disk tables. The idea of using "safebrowsing-backup" + // as the intermediary directory is we can get databases recovered if + // crash occurred in any step of the swap. (We will recover from + // "safebrowsing-backup" in OpenDb().) + rv = SwapDirectoryContent(mUpdatingDirectory, // contains new tables + mRootStoreDirectory, // contains old tables + mCacheDirectory, // common parent dir + mBackupDirectory); // intermediary dir for swap + if (NS_FAILED(rv)) { + LOG(("Failed to swap in on-disk tables.")); + RemoveUpdateIntermediaries(); + return rv; + } + + // Step 2. Merge mNewLookupCaches into mLookupCaches. The outdated + // LookupCaches will be stored in mNewLookupCaches and be cleaned + // up later. + MergeNewLookupCaches(); + + // Step 3. Re-generate active tables based on on-disk tables. + rv = RegenActiveTables(); + if (NS_FAILED(rv)) { + LOG(("Failed to re-generate active tables!")); + } + + // Step 4. Clean up intermediaries for update. + RemoveUpdateIntermediaries(); + + // Step 5. Invalidate cached tableRequest request. + mIsTableRequestResultOutdated = true; + + LOG(("Done swap in updated tables.")); + + return rv; +} + +void Classifier::FlushAndDisableAsyncUpdate() { + LOG(("Classifier::FlushAndDisableAsyncUpdate [%p, %p]", this, + mUpdateThread.get())); + + if (!mUpdateThread) { + LOG(("Async update has been disabled.")); + return; + } + + mUpdateThread->Shutdown(); + mUpdateThread = nullptr; +} + +nsresult Classifier::AsyncApplyUpdates(const TableUpdateArray& aUpdates, + const AsyncUpdateCallback& aCallback) { + LOG(("Classifier::AsyncApplyUpdates")); + + if (!mUpdateThread) { + LOG(("Async update has already been disabled.")); + return NS_ERROR_FAILURE; + } + + // Caller thread | Update thread + // -------------------------------------------------------- + // | ApplyUpdatesBackground + // (processing other task) | (bg-update done. ping back to caller + // thread) (processing other task) | idle... ApplyUpdatesForeground | + // callback | + + MOZ_ASSERT(mNewLookupCaches.IsEmpty(), + "There should be no leftovers from a previous update."); + + mUpdateInterrupted = false; + nsresult rv = + mRootStoreDirectory->Clone(getter_AddRefs(mRootStoreDirectoryForUpdate)); + if (NS_FAILED(rv)) { + LOG(("Failed to clone mRootStoreDirectory for update.")); + return rv; + } + + nsCOMPtr<nsIThread> callerThread = NS_GetCurrentThread(); + MOZ_ASSERT(!OnUpdateThread()); + + RefPtr<Classifier> self = this; + nsCOMPtr<nsIRunnable> bgRunnable = NS_NewRunnableFunction( + "safebrowsing::Classifier::AsyncApplyUpdates", + [self, aUpdates = aUpdates.Clone(), aCallback, callerThread]() mutable { + MOZ_ASSERT(self->OnUpdateThread(), "MUST be on update thread"); + + nsresult bgRv; + nsTArray<nsCString> failedTableNames; + + TableUpdateArray updates; + + // Make a copy of the array since we'll be removing entries as + // we process them on the background thread. + if (updates.AppendElements(std::move(aUpdates), fallible)) { + LOG(("Step 1. ApplyUpdatesBackground on update thread.")); + bgRv = self->ApplyUpdatesBackground(updates, failedTableNames); + } else { + LOG( + ("Step 1. Not enough memory to run ApplyUpdatesBackground on " + "update thread.")); + bgRv = NS_ERROR_OUT_OF_MEMORY; + } + + // Classifier is created in the worker thread and it has to be released + // in the worker thread(because of the constrain that LazyIdelThread has + // to be created and released in the same thread). We transfer the + // ownership to the caller thread here to gurantee that we don't release + // it in the udpate thread. + nsCOMPtr<nsIRunnable> fgRunnable = NS_NewRunnableFunction( + "safebrowsing::Classifier::AsyncApplyUpdates", + [self = std::move(self), aCallback, bgRv, + failedTableNames = std::move(failedTableNames), + callerThread]() mutable { + RefPtr<Classifier> classifier = std::move(self); + + MOZ_ASSERT(NS_GetCurrentThread() == callerThread, + "MUST be on caller thread"); + + LOG(("Step 2. ApplyUpdatesForeground on caller thread")); + nsresult rv = + classifier->ApplyUpdatesForeground(bgRv, failedTableNames); + + LOG(("Step 3. Updates applied! Fire callback.")); + aCallback(rv); + }); + + callerThread->Dispatch(fgRunnable, NS_DISPATCH_NORMAL); + }); + + return mUpdateThread->Dispatch(bgRunnable, NS_DISPATCH_NORMAL); +} + +nsresult Classifier::ApplyUpdatesBackground( + TableUpdateArray& aUpdates, nsTArray<nsCString>& aFailedTableNames) { + // |mUpdateInterrupted| is guaranteed to have been unset. + // If |mUpdateInterrupted| is set at any point, Reset() must have + // been called then we need to interrupt the update process. + // We only add checkpoints for non-trivial tasks. + + if (aUpdates.IsEmpty()) { + return NS_OK; + } + + nsUrlClassifierUtils* urlUtil = nsUrlClassifierUtils::GetInstance(); + if (NS_WARN_IF(!urlUtil)) { + return NS_ERROR_FAILURE; + } + + nsCString provider; + // Assume all TableUpdate objects should have the same provider. + urlUtil->GetTelemetryProvider(aUpdates[0]->TableName(), provider); + + Telemetry::AutoTimer<Telemetry::URLCLASSIFIER_CL_KEYED_UPDATE_TIME> + keyedTimer(provider); + + PRIntervalTime clockStart = 0; + if (LOG_ENABLED()) { + clockStart = PR_IntervalNow(); + } + + nsresult rv; + + // Check point 1: Copying files takes time so we check ShouldAbort() + // inside CopyInUseDirForUpdate(). + rv = CopyInUseDirForUpdate(); // i.e. mUpdatingDirectory will be setup. + if (NS_FAILED(rv)) { + LOG(("Failed to copy in-use directory for update.")); + return (rv == NS_ERROR_ABORT) ? NS_OK : rv; + } + + LOG(("Applying %zu table updates.", aUpdates.Length())); + + for (uint32_t i = 0; i < aUpdates.Length(); i++) { + RefPtr<const TableUpdate> update = aUpdates[i]; + if (!update) { + // Previous UpdateHashStore() may have consumed this update.. + continue; + } + + // Run all updates for one table + nsAutoCString updateTable(update->TableName()); + + // Check point 2: Processing downloaded data takes time. + if (ShouldAbort()) { + LOG(("Update is interrupted. Stop building new tables.")); + return NS_OK; + } + + // Will update the mirrored in-memory and on-disk databases. + if (TableUpdate::Cast<TableUpdateV2>(update)) { + rv = UpdateHashStore(aUpdates, updateTable); + } else { + rv = UpdateTableV4(aUpdates, updateTable); + } + + if (NS_WARN_IF(NS_FAILED(rv))) { + LOG(("Failed to update table: %s", updateTable.get())); + // We don't quit the updating process immediately when we discover + // a failure. Instead, we continue to apply updates to the + // remaining tables to find other tables which may also fail to + // apply an update. This help us reset all the corrupted tables + // within a single update. + // Note that changes that result from successful updates don't take + // effect after the updating process is finished. This is because + // when an error occurs during the updating process, we ignore all + // changes that have happened during the udpating process. + aFailedTableNames.AppendElement(updateTable); + continue; + } + } + + if (!aFailedTableNames.IsEmpty()) { + RemoveUpdateIntermediaries(); + return NS_ERROR_FAILURE; + } + + if (LOG_ENABLED()) { + PRIntervalTime clockEnd = PR_IntervalNow(); + LOG(("update took %dms\n", + PR_IntervalToMilliseconds(clockEnd - clockStart))); + } + + return rv; +} + +nsresult Classifier::ApplyUpdatesForeground( + nsresult aBackgroundRv, const nsTArray<nsCString>& aFailedTableNames) { + if (ShouldAbort()) { + LOG(("Update is interrupted! Just remove update intermediaries.")); + RemoveUpdateIntermediaries(); + return NS_OK; + } + if (NS_SUCCEEDED(aBackgroundRv)) { + // Copy and Invalidate fullhash cache here because this call requires + // mLookupCaches which is only available on work-thread + CopyAndInvalidateFullHashCache(); + + return SwapInNewTablesAndCleanup(); + } + if (NS_ERROR_OUT_OF_MEMORY != aBackgroundRv) { + ResetTables(Clear_All, aFailedTableNames); + } + return aBackgroundRv; +} + +nsresult Classifier::ApplyFullHashes(ConstTableUpdateArray& aUpdates) { + MOZ_ASSERT(!OnUpdateThread(), + "ApplyFullHashes() MUST NOT be called on update thread"); + MOZ_ASSERT( + !NS_IsMainThread(), + "ApplyFullHashes() must be called on the classifier worker thread."); + + LOG(("Applying %zu table gethashes.", aUpdates.Length())); + + for (uint32_t i = 0; i < aUpdates.Length(); i++) { + nsresult rv = UpdateCache(aUpdates[i]); + NS_ENSURE_SUCCESS(rv, rv); + + aUpdates[i] = nullptr; + } + + return NS_OK; +} + +void Classifier::GetCacheInfo(const nsACString& aTable, + nsIUrlClassifierCacheInfo** aCache) { + RefPtr<const LookupCache> lookupCache = GetLookupCache(aTable); + if (!lookupCache) { + return; + } + + lookupCache->GetCacheInfo(aCache); +} + +void Classifier::DropStores() { + // See the comment in Classifier::Close() before adding anything here. + mLookupCaches.Clear(); +} + +nsresult Classifier::RegenActiveTables() { + if (ShouldAbort()) { + return NS_OK; // nothing to do, the classifier is done + } + + mActiveTablesCache.Clear(); + + // The extension of V2 and V4 prefix files is .vlpset + // We still check .pset here for legacy load. + nsTArray<nsCString> exts = {".vlpset"_ns, ".pset"_ns}; + nsTArray<nsCString> foundTables; + nsresult rv = ScanStoreDir(mRootStoreDirectory, exts, foundTables); + Unused << NS_WARN_IF(NS_FAILED(rv)); + + // We don't have test tables on disk, add Moz built-in entries here + rv = AddMozEntries(foundTables); + Unused << NS_WARN_IF(NS_FAILED(rv)); + + for (const auto& table : foundTables) { + RefPtr<const LookupCache> lookupCache = GetLookupCache(table); + if (!lookupCache) { + LOG(("Inactive table (no cache): %s", table.get())); + continue; + } + + if (!lookupCache->IsPrimed()) { + LOG(("Inactive table (cache not primed): %s", table.get())); + continue; + } + + LOG(("Active %s table: %s", + LookupCache::Cast<const LookupCacheV4>(lookupCache) ? "v4" : "v2", + table.get())); + + mActiveTablesCache.AppendElement(table); + } + + return NS_OK; +} + +nsresult Classifier::AddMozEntries(nsTArray<nsCString>& aTables) { + nsTArray<nsLiteralCString> tables = { + "moztest-phish-simple"_ns, "moztest-malware-simple"_ns, + "moztest-unwanted-simple"_ns, "moztest-harmful-simple"_ns, + "moztest-track-simple"_ns, "moztest-trackwhite-simple"_ns, + "moztest-block-simple"_ns, + }; + + for (const auto& table : tables) { + RefPtr<LookupCache> c = GetLookupCache(table, false); + RefPtr<LookupCacheV2> lookupCache = LookupCache::Cast<LookupCacheV2>(c); + if (!lookupCache || lookupCache->IsPrimed()) { + continue; + } + + aTables.AppendElement(table); + } + + return NS_OK; +} + +nsresult Classifier::ScanStoreDir(nsIFile* aDirectory, + const nsTArray<nsCString>& aExtensions, + nsTArray<nsCString>& aTables) { + nsCOMPtr<nsIDirectoryEnumerator> entries; + nsresult rv = aDirectory->GetDirectoryEntries(getter_AddRefs(entries)); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr<nsIFile> file; + while (NS_SUCCEEDED(rv = entries->GetNextFile(getter_AddRefs(file))) && + file) { + // If |file| is a directory, recurse to find its entries as well. + bool isDirectory; + if (NS_FAILED(file->IsDirectory(&isDirectory))) { + continue; + } + if (isDirectory) { + ScanStoreDir(file, aExtensions, aTables); + continue; + } + + nsAutoCString leafName; + rv = file->GetNativeLeafName(leafName); + NS_ENSURE_SUCCESS(rv, rv); + + for (const auto& ext : aExtensions) { + if (StringEndsWith(leafName, ext)) { + aTables.AppendElement( + Substring(leafName, 0, leafName.Length() - strlen(ext.get()))); + break; + } + } + } + + return NS_OK; +} + +nsresult Classifier::ActiveTables(nsTArray<nsCString>& aTables) const { + aTables = mActiveTablesCache.Clone(); + return NS_OK; +} + +nsresult Classifier::CleanToDelete() { + bool exists; + nsresult rv = mToDeleteDirectory->Exists(&exists); + NS_ENSURE_SUCCESS(rv, rv); + + if (exists) { + rv = mToDeleteDirectory->Remove(true); + NS_ENSURE_SUCCESS(rv, rv); + } + + return NS_OK; +} + +#ifdef MOZ_SAFEBROWSING_DUMP_FAILED_UPDATES + +already_AddRefed<nsIFile> Classifier::GetFailedUpdateDirectroy() { + nsCString failedUpdatekDirName = STORE_DIRECTORY + nsCString("-failedupdate"); + + nsCOMPtr<nsIFile> failedUpdatekDirectory; + if (NS_FAILED( + mCacheDirectory->Clone(getter_AddRefs(failedUpdatekDirectory))) || + NS_FAILED(failedUpdatekDirectory->AppendNative(failedUpdatekDirName))) { + LOG(("Failed to init failedUpdatekDirectory.")); + return nullptr; + } + + return failedUpdatekDirectory.forget(); +} + +nsresult Classifier::DumpRawTableUpdates(const nsACString& aRawUpdates) { + LOG(("Dumping raw table updates...")); + + DumpFailedUpdate(); + + nsCOMPtr<nsIFile> failedUpdatekDirectory = GetFailedUpdateDirectroy(); + + // Create tableupdate.bin and dump raw table update data. + nsCOMPtr<nsIFile> rawTableUpdatesFile; + nsCOMPtr<nsIOutputStream> outputStream; + if (NS_FAILED( + failedUpdatekDirectory->Clone(getter_AddRefs(rawTableUpdatesFile))) || + NS_FAILED( + rawTableUpdatesFile->AppendNative(nsCString("tableupdates.bin"))) || + NS_FAILED(NS_NewLocalFileOutputStream( + getter_AddRefs(outputStream), rawTableUpdatesFile, + PR_WRONLY | PR_TRUNCATE | PR_CREATE_FILE))) { + LOG(("Failed to create file to dump raw table updates.")); + return NS_ERROR_FAILURE; + } + + // Write out the data. + uint32_t written; + nsresult rv = outputStream->Write(aRawUpdates.BeginReading(), + aRawUpdates.Length(), &written); + NS_ENSURE_SUCCESS(rv, rv); + NS_ENSURE_TRUE(written == aRawUpdates.Length(), NS_ERROR_FAILURE); + + return rv; +} + +nsresult Classifier::DumpFailedUpdate() { + LOG(("Dumping failed update...")); + + nsCOMPtr<nsIFile> failedUpdatekDirectory = GetFailedUpdateDirectroy(); + + // Remove the "failed update" directory no matter it exists or not. + // Failure is fine because the directory may not exist. + failedUpdatekDirectory->Remove(true); + + nsCString failedUpdatekDirName; + nsresult rv = failedUpdatekDirectory->GetNativeLeafName(failedUpdatekDirName); + NS_ENSURE_SUCCESS(rv, rv); + + // Copy the in-use directory to a clean "failed update" directory. + nsCOMPtr<nsIFile> inUseDirectory; + if (NS_FAILED(mRootStoreDirectory->Clone(getter_AddRefs(inUseDirectory))) || + NS_FAILED(inUseDirectory->CopyToNative(nullptr, failedUpdatekDirName))) { + LOG(("Failed to move in-use to the \"failed update\" directory %s", + failedUpdatekDirName.get())); + return NS_ERROR_FAILURE; + } + + return rv; +} + +#endif // MOZ_SAFEBROWSING_DUMP_FAILED_UPDATES + +/** + * This function copies the files one by one to the destination folder. + * Before copying a file, it checks ::ShouldAbort and returns + * NS_ERROR_ABORT if the flag is set. + */ +nsresult Classifier::CopyDirectoryInterruptible(nsCOMPtr<nsIFile>& aDestDir, + nsCOMPtr<nsIFile>& aSourceDir) { + nsCOMPtr<nsIDirectoryEnumerator> entries; + nsresult rv = aSourceDir->GetDirectoryEntries(getter_AddRefs(entries)); + NS_ENSURE_SUCCESS(rv, rv); + MOZ_ASSERT(entries); + + nsCOMPtr<nsIFile> source; + while (NS_SUCCEEDED(rv = entries->GetNextFile(getter_AddRefs(source))) && + source) { + if (ShouldAbort()) { + LOG(("Update is interrupted. Aborting the directory copy")); + return NS_ERROR_ABORT; + } + + bool isDirectory; + rv = source->IsDirectory(&isDirectory); + NS_ENSURE_SUCCESS(rv, rv); + + if (isDirectory) { + // If it is a directory, recursively copy the files inside the directory. + nsAutoCString leaf; + source->GetNativeLeafName(leaf); + MOZ_ASSERT(!leaf.IsEmpty()); + + nsCOMPtr<nsIFile> dest; + aDestDir->Clone(getter_AddRefs(dest)); + dest->AppendNative(leaf); + NS_ENSURE_SUCCESS(rv, rv); + + rv = CopyDirectoryInterruptible(dest, source); + NS_ENSURE_SUCCESS(rv, rv); + } else { + rv = source->CopyToNative(aDestDir, ""_ns); + NS_ENSURE_SUCCESS(rv, rv); + } + } + + // If the destination directory doesn't exist in the end, it means that the + // source directory is empty, we should copy the directory here. + bool exist; + rv = aDestDir->Exists(&exist); + NS_ENSURE_SUCCESS(rv, rv); + + if (!exist) { + rv = aDestDir->Create(nsIFile::DIRECTORY_TYPE, 0755); + NS_ENSURE_SUCCESS(rv, rv); + } + + return NS_OK; +} + +nsresult Classifier::CopyInUseDirForUpdate() { + LOG(("Copy in-use directory content for update.")); + if (ShouldAbort()) { + return NS_ERROR_UC_UPDATE_SHUTDOWNING; + } + + // We copy everything from in-use directory to a temporary directory + // for updating. + + // Remove the destination directory first (just in case) the do the copy. + mUpdatingDirectory->Remove(true); + if (!mRootStoreDirectoryForUpdate) { + LOG(("mRootStoreDirectoryForUpdate is null.")); + return NS_ERROR_NULL_POINTER; + } + + nsresult rv = CopyDirectoryInterruptible(mUpdatingDirectory, + mRootStoreDirectoryForUpdate); + NS_ENSURE_SUCCESS(rv, rv); + + return NS_OK; +} + +nsresult Classifier::RecoverBackups() { + bool backupExists; + nsresult rv = mBackupDirectory->Exists(&backupExists); + NS_ENSURE_SUCCESS(rv, rv); + + if (backupExists) { + // Remove the safebrowsing dir if it exists + nsCString storeDirName; + rv = mRootStoreDirectory->GetNativeLeafName(storeDirName); + NS_ENSURE_SUCCESS(rv, rv); + + bool storeExists; + rv = mRootStoreDirectory->Exists(&storeExists); + NS_ENSURE_SUCCESS(rv, rv); + + if (storeExists) { + rv = mRootStoreDirectory->Remove(true); + NS_ENSURE_SUCCESS(rv, rv); + } + + // Move the backup to the store location + rv = mBackupDirectory->MoveToNative(nullptr, storeDirName); + NS_ENSURE_SUCCESS(rv, rv); + + // mBackupDirectory now points to storeDir, fix up. + rv = SetupPathNames(); + NS_ENSURE_SUCCESS(rv, rv); + } + + return NS_OK; +} + +bool Classifier::CheckValidUpdate(TableUpdateArray& aUpdates, + const nsACString& aTable) { + // take the quick exit if there is no valid update for us + // (common case) + uint32_t validupdates = 0; + + for (uint32_t i = 0; i < aUpdates.Length(); i++) { + RefPtr<const TableUpdate> update = aUpdates[i]; + if (!update || !update->TableName().Equals(aTable)) { + continue; + } + if (update->Empty()) { + aUpdates[i] = nullptr; + continue; + } + validupdates++; + } + + if (!validupdates) { + // This can happen if the update was only valid for one table. + return false; + } + + return true; +} + +nsCString Classifier::GetProvider(const nsACString& aTableName) { + nsUrlClassifierUtils* urlUtil = nsUrlClassifierUtils::GetInstance(); + if (NS_WARN_IF(!urlUtil)) { + return ""_ns; + } + + nsCString provider; + nsresult rv = urlUtil->GetProvider(aTableName, provider); + + return NS_SUCCEEDED(rv) ? provider : ""_ns; +} + +/* + * This will consume+delete updates from the passed nsTArray. + */ +nsresult Classifier::UpdateHashStore(TableUpdateArray& aUpdates, + const nsACString& aTable) { + if (ShouldAbort()) { + return NS_ERROR_UC_UPDATE_SHUTDOWNING; + } + + LOG(("Classifier::UpdateHashStore(%s)", PromiseFlatCString(aTable).get())); + + // moztest- tables don't support update because they are directly created + // in LookupCache. To test updates, use tables begin with "test-" instead. + // Also, recommend using 'test-' tables while writing testcases because + // it is more like the real world scenario. + MOZ_ASSERT(!nsUrlClassifierUtils::IsMozTestTable(aTable)); + + HashStore store(aTable, GetProvider(aTable), mUpdatingDirectory); + + if (!CheckValidUpdate(aUpdates, store.TableName())) { + return NS_OK; + } + + nsresult rv = store.Open(); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + rv = store.BeginUpdate(); + NS_ENSURE_SUCCESS(rv, rv); + + // Read the part of the store that is (only) in the cache + RefPtr<LookupCacheV2> lookupCacheV2; + { + RefPtr<LookupCache> lookupCache = + GetLookupCacheForUpdate(store.TableName()); + if (lookupCache) { + lookupCacheV2 = LookupCache::Cast<LookupCacheV2>(lookupCache); + } + } + if (!lookupCacheV2) { + return NS_ERROR_UC_UPDATE_TABLE_NOT_FOUND; + } + + FallibleTArray<uint32_t> AddPrefixHashes; + FallibleTArray<nsCString> AddCompletesHashes; + rv = lookupCacheV2->GetPrefixes(AddPrefixHashes, AddCompletesHashes); + NS_ENSURE_SUCCESS(rv, rv); + + rv = store.AugmentAdds(AddPrefixHashes, AddCompletesHashes); + NS_ENSURE_SUCCESS(rv, rv); + + AddPrefixHashes.Clear(); + AddCompletesHashes.Clear(); + + uint32_t applied = 0; + + for (uint32_t i = 0; i < aUpdates.Length(); i++) { + RefPtr<TableUpdate> update = aUpdates[i]; + if (!update || !update->TableName().Equals(store.TableName())) { + continue; + } + + RefPtr<TableUpdateV2> updateV2 = TableUpdate::Cast<TableUpdateV2>(update); + NS_ENSURE_TRUE(updateV2, NS_ERROR_UC_UPDATE_UNEXPECTED_VERSION); + + rv = store.ApplyUpdate(updateV2); + NS_ENSURE_SUCCESS(rv, rv); + + applied++; + + LOG(("Applied update to table %s:", store.TableName().get())); + LOG((" %d add chunks", updateV2->AddChunks().Length())); + LOG((" %zu add prefixes", updateV2->AddPrefixes().Length())); + LOG((" %zu add completions", updateV2->AddCompletes().Length())); + LOG((" %d sub chunks", updateV2->SubChunks().Length())); + LOG((" %zu sub prefixes", updateV2->SubPrefixes().Length())); + LOG((" %zu sub completions", updateV2->SubCompletes().Length())); + LOG((" %d add expirations", updateV2->AddExpirations().Length())); + LOG((" %d sub expirations", updateV2->SubExpirations().Length())); + + aUpdates[i] = nullptr; + } + + LOG(("Applied %d update(s) to %s.", applied, store.TableName().get())); + + rv = store.Rebuild(); + NS_ENSURE_SUCCESS(rv, rv); + + LOG(("Table %s now has:", store.TableName().get())); + LOG((" %d add chunks", store.AddChunks().Length())); + LOG((" %zu add prefixes", store.AddPrefixes().Length())); + LOG((" %zu add completions", store.AddCompletes().Length())); + LOG((" %d sub chunks", store.SubChunks().Length())); + LOG((" %zu sub prefixes", store.SubPrefixes().Length())); + LOG((" %zu sub completions", store.SubCompletes().Length())); + + rv = store.WriteFile(); + NS_ENSURE_SUCCESS(rv, rv); + + // At this point the store is updated and written out to disk, but + // the data is still in memory. Build our quick-lookup table here. + rv = lookupCacheV2->Build(store.AddPrefixes(), store.AddCompletes()); + NS_ENSURE_SUCCESS(rv, NS_ERROR_UC_UPDATE_BUILD_PREFIX_FAILURE); + + rv = lookupCacheV2->WriteFile(); + NS_ENSURE_SUCCESS(rv, NS_ERROR_UC_UPDATE_FAIL_TO_WRITE_DISK); + + LOG(("Successfully updated %s", store.TableName().get())); + + return NS_OK; +} + +nsresult Classifier::UpdateTableV4(TableUpdateArray& aUpdates, + const nsACString& aTable) { + MOZ_ASSERT(!NS_IsMainThread(), + "UpdateTableV4 must be called on the classifier worker thread."); + if (ShouldAbort()) { + return NS_ERROR_UC_UPDATE_SHUTDOWNING; + } + + // moztest- tables don't support update, see comment in UpdateHashStore. + MOZ_ASSERT(!nsUrlClassifierUtils::IsMozTestTable(aTable)); + + LOG(("Classifier::UpdateTableV4(%s)", PromiseFlatCString(aTable).get())); + + if (!CheckValidUpdate(aUpdates, aTable)) { + return NS_OK; + } + + RefPtr<LookupCacheV4> lookupCacheV4; + { + RefPtr<LookupCache> lookupCache = GetLookupCacheForUpdate(aTable); + if (lookupCache) { + lookupCacheV4 = LookupCache::Cast<LookupCacheV4>(lookupCache); + } + } + if (!lookupCacheV4) { + return NS_ERROR_UC_UPDATE_TABLE_NOT_FOUND; + } + + nsresult rv = NS_OK; + + // If there are multiple updates for the same table, prefixes1 & prefixes2 + // will act as input and output in turn to reduce memory copy overhead. + PrefixStringMap prefixes1, prefixes2; + PrefixStringMap* input = &prefixes1; + PrefixStringMap* output = &prefixes2; + + RefPtr<const TableUpdateV4> lastAppliedUpdate = nullptr; + for (uint32_t i = 0; i < aUpdates.Length(); i++) { + RefPtr<TableUpdate> update = aUpdates[i]; + if (!update || !update->TableName().Equals(aTable)) { + continue; + } + + RefPtr<TableUpdateV4> updateV4 = TableUpdate::Cast<TableUpdateV4>(update); + NS_ENSURE_TRUE(updateV4, NS_ERROR_UC_UPDATE_UNEXPECTED_VERSION); + + if (updateV4->IsFullUpdate()) { + input->Clear(); + output->Clear(); + rv = lookupCacheV4->ApplyUpdate(updateV4, *input, *output); + if (NS_FAILED(rv)) { + return rv; + } + } else { + // If both prefix sets are empty, this means we are doing a partial update + // without a prior full/partial update in the loop. In this case we should + // get prefixes from the lookup cache first. + if (prefixes1.IsEmpty() && prefixes2.IsEmpty()) { + lookupCacheV4->GetPrefixes(prefixes1); + } else { + MOZ_ASSERT(prefixes1.IsEmpty() ^ prefixes2.IsEmpty()); + + // When there are multiple partial updates, input should always point + // to the non-empty prefix set(filled by previous full/partial update). + // output should always point to the empty prefix set. + input = prefixes1.IsEmpty() ? &prefixes2 : &prefixes1; + output = prefixes1.IsEmpty() ? &prefixes1 : &prefixes2; + } + + rv = lookupCacheV4->ApplyUpdate(updateV4, *input, *output); + if (NS_FAILED(rv)) { + return rv; + } + + input->Clear(); + } + + // Keep track of the last applied update. + lastAppliedUpdate = updateV4; + + aUpdates[i] = nullptr; + } + + rv = lookupCacheV4->Build(*output); + NS_ENSURE_SUCCESS(rv, NS_ERROR_UC_UPDATE_BUILD_PREFIX_FAILURE); + + rv = lookupCacheV4->WriteFile(); + NS_ENSURE_SUCCESS(rv, NS_ERROR_UC_UPDATE_FAIL_TO_WRITE_DISK); + + if (lastAppliedUpdate) { + LOG(("Write meta data of the last applied update.")); + rv = lookupCacheV4->WriteMetadata(lastAppliedUpdate); + NS_ENSURE_SUCCESS(rv, NS_ERROR_UC_UPDATE_FAIL_TO_WRITE_DISK); + } + + LOG(("Successfully updated %s\n", PromiseFlatCString(aTable).get())); + + return NS_OK; +} + +nsresult Classifier::UpdateCache(RefPtr<const TableUpdate> aUpdate) { + if (!aUpdate) { + return NS_OK; + } + + nsAutoCString table(aUpdate->TableName()); + LOG(("Classifier::UpdateCache(%s)", table.get())); + + RefPtr<LookupCache> lookupCache = GetLookupCache(table); + if (!lookupCache) { + return NS_ERROR_FAILURE; + } + + RefPtr<LookupCacheV2> lookupV2 = + LookupCache::Cast<LookupCacheV2>(lookupCache); + if (lookupV2) { + RefPtr<const TableUpdateV2> updateV2 = + TableUpdate::Cast<TableUpdateV2>(aUpdate); + lookupV2->AddGethashResultToCache(updateV2->AddCompletes(), + updateV2->MissPrefixes()); + } else { + RefPtr<LookupCacheV4> lookupV4 = + LookupCache::Cast<LookupCacheV4>(lookupCache); + if (!lookupV4) { + return NS_ERROR_FAILURE; + } + + RefPtr<const TableUpdateV4> updateV4 = + TableUpdate::Cast<TableUpdateV4>(aUpdate); + lookupV4->AddFullHashResponseToCache(updateV4->FullHashResponse()); + } + +#if defined(DEBUG) + lookupCache->DumpCache(); +#endif + + return NS_OK; +} + +RefPtr<LookupCache> Classifier::GetLookupCache(const nsACString& aTable, + bool aForUpdate) { + // GetLookupCache(aForUpdate==true) can only be called on update thread. + MOZ_ASSERT_IF(aForUpdate, OnUpdateThread()); + + LookupCacheArray& lookupCaches = + aForUpdate ? mNewLookupCaches : mLookupCaches; + auto& rootStoreDirectory = + aForUpdate ? mUpdatingDirectory : mRootStoreDirectory; + + for (auto c : lookupCaches) { + if (c->TableName().Equals(aTable)) { + return c; + } + } + + // We don't want to create lookupcache when shutdown is already happening. + if (ShouldAbort()) { + return nullptr; + } + + // TODO : Bug 1302600, It would be better if we have a more general non-main + // thread method to convert table name to protocol version. Currently + // we can only know this by checking if the table name ends with + // '-proto'. + RefPtr<LookupCache> cache; + nsCString provider = GetProvider(aTable); + + // Google requests SafeBrowsing related feature should only be enabled when + // the databases are update-to-date. Since we disable Safe Browsing update in + // Safe Mode, ignore tables provided by Google to ensure we don't show + // outdated warnings. + if (nsUrlClassifierUtils::IsInSafeMode()) { + if (provider.EqualsASCII("google") || provider.EqualsASCII("google4")) { + return nullptr; + } + } + + if (StringEndsWith(aTable, "-proto"_ns)) { + cache = new LookupCacheV4(aTable, provider, rootStoreDirectory); + } else { + cache = new LookupCacheV2(aTable, provider, rootStoreDirectory); + } + + nsresult rv = cache->Init(); + if (NS_FAILED(rv)) { + return nullptr; + } + rv = cache->Open(); + if (NS_SUCCEEDED(rv)) { + lookupCaches.AppendElement(cache); + return cache; + } + + // At this point we failed to open LookupCache. + // + // GetLookupCache for update and for other usage will run on update thread + // and worker thread respectively (Bug 1339760). Removing stuff only in + // their own realms potentially increases the concurrency. + + if (aForUpdate) { + // Remove intermediaries no matter if it's due to file corruption or not. + RemoveUpdateIntermediaries(); + return nullptr; + } + + // Non-update case. + if (rv == NS_ERROR_FILE_CORRUPTED) { + // Remove all the on-disk data when the table's prefix file is corrupted. + LOG(("Failed to get prefixes from file for table %s, delete on-disk data!", + aTable.BeginReading())); + + DeleteTables(mRootStoreDirectory, nsTArray<nsCString>{nsCString(aTable)}); + } + return nullptr; +} + +nsresult Classifier::ReadNoiseEntries(const Prefix& aPrefix, + const nsACString& aTableName, + uint32_t aCount, + PrefixArray& aNoiseEntries) { + RefPtr<LookupCache> cache = GetLookupCache(aTableName); + if (!cache) { + return NS_ERROR_FAILURE; + } + + RefPtr<LookupCacheV2> cacheV2 = LookupCache::Cast<LookupCacheV2>(cache); + RefPtr<LookupCacheV4> cacheV4 = LookupCache::Cast<LookupCacheV4>(cache); + MOZ_ASSERT_IF(cacheV2, !cacheV4); + + if (cache->PrefixLength() == 0) { + NS_WARNING("Could not find prefix in PrefixSet during noise lookup"); + return NS_ERROR_FAILURE; + } + + // We do not want to simply pick random prefixes, because this would allow + // averaging out the noise by analysing the traffic from Firefox users. + // Instead, we ensure the 'noise' is the same for the same prefix by seeding + // the random number generator with the prefix. We prefer not to use rand() + // which isn't thread safe, and the reseeding of which could trip up other + // parts othe code that expect actual random numbers. + // Here we use a simple LCG (Linear Congruential Generator) to generate + // random numbers. We seed the LCG with the prefix we are generating noise + // for. + // http://en.wikipedia.org/wiki/Linear_congruential_generator + + uint32_t m = cache->PrefixLength(); + uint32_t a = aCount % m; + uint32_t idx = aPrefix.ToUint32() % m; + + for (size_t i = 0; i < aCount; i++) { + idx = (a * idx + a) % m; + + uint32_t hash; + + nsresult rv; + if (cacheV2) { + rv = cacheV2->GetPrefixByIndex(idx, &hash); + } else { + // We don't add noises for variable length prefix because of simplicity, + // so we will only get fixed length prefix (4 bytes). + rv = cacheV4->GetFixedLengthPrefixByIndex(idx, &hash); + } + + if (NS_FAILED(rv)) { + NS_WARNING( + "Could not find the target prefix in PrefixSet during noise lookup"); + return NS_ERROR_FAILURE; + } + + Prefix newPrefix; + // In the case V4 little endian, we did swapping endian when converting from + // char* to int, should revert endian to make sure we will send hex string + // correctly See https://bugzilla.mozilla.org/show_bug.cgi?id=1283007#c23 + if (!cacheV2 && !bool(MOZ_BIG_ENDIAN())) { + hash = NativeEndian::swapFromBigEndian(hash); + } + + newPrefix.FromUint32(hash); + if (newPrefix != aPrefix) { + aNoiseEntries.AppendElement(newPrefix); + } + } + + return NS_OK; +} + +nsresult Classifier::LoadHashStore(nsIFile* aDirectory, nsACString& aResult, + nsTArray<nsCString>& aFailedTableNames) { + nsTArray<nsCString> tables; + nsTArray<nsCString> exts = {V2_METADATA_SUFFIX}; + + nsresult rv = ScanStoreDir(mRootStoreDirectory, exts, tables); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + for (const auto& table : tables) { + HashStore store(table, GetProvider(table), mRootStoreDirectory); + + nsresult rv = store.Open(); + if (NS_FAILED(rv) || !GetLookupCache(table)) { + // TableRequest is called right before applying an update. + // If we cannot retrieve metadata for a given table or we fail to + // load the prefixes for a table, reset the table to esnure we + // apply a full update to the table. + LOG(("Failed to get metadata for v2 table %s", table.get())); + aFailedTableNames.AppendElement(table); + continue; + } + + ChunkSet& adds = store.AddChunks(); + ChunkSet& subs = store.SubChunks(); + + // Open HashStore will always succeed even that is not a v2 table. + // So exception tables without add and sub chunks. + if (adds.Length() == 0 && subs.Length() == 0) { + continue; + } + + aResult.Append(store.TableName()); + aResult.Append(';'); + + if (adds.Length() > 0) { + aResult.AppendLiteral("a:"); + nsAutoCString addList; + adds.Serialize(addList); + aResult.Append(addList); + } + + if (subs.Length() > 0) { + if (adds.Length() > 0) { + aResult.Append(':'); + } + aResult.AppendLiteral("s:"); + nsAutoCString subList; + subs.Serialize(subList); + aResult.Append(subList); + } + + aResult.Append('\n'); + } + + return rv; +} + +nsresult Classifier::LoadMetadata(nsIFile* aDirectory, nsACString& aResult, + nsTArray<nsCString>& aFailedTableNames) { + nsTArray<nsCString> tables; + nsTArray<nsCString> exts = {V4_METADATA_SUFFIX}; + + nsresult rv = ScanStoreDir(mRootStoreDirectory, exts, tables); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + for (const auto& table : tables) { + RefPtr<LookupCache> c = GetLookupCache(table); + RefPtr<LookupCacheV4> lookupCacheV4 = LookupCache::Cast<LookupCacheV4>(c); + + if (!lookupCacheV4) { + aFailedTableNames.AppendElement(table); + continue; + } + + nsCString state, sha256; + rv = lookupCacheV4->LoadMetadata(state, sha256); + Telemetry::Accumulate(Telemetry::URLCLASSIFIER_VLPS_METADATA_CORRUPT, + rv == NS_ERROR_FILE_CORRUPTED); + if (NS_FAILED(rv)) { + LOG(("Failed to get metadata for v4 table %s", table.get())); + aFailedTableNames.AppendElement(table); + continue; + } + + // The state might include '\n' so that we have to encode. + nsAutoCString stateBase64; + rv = Base64Encode(state, stateBase64); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + nsAutoCString checksumBase64; + rv = Base64Encode(sha256, checksumBase64); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + LOG(("Appending state '%s' and checksum '%s' for table %s", + stateBase64.get(), checksumBase64.get(), table.get())); + + aResult.AppendPrintf("%s;%s:%s\n", table.get(), stateBase64.get(), + checksumBase64.get()); + } + + return rv; +} + +bool Classifier::ShouldAbort() const { + return mIsClosed || nsUrlClassifierDBService::ShutdownHasStarted() || + (mUpdateInterrupted && (NS_GetCurrentThread() == mUpdateThread)); +} + +} // namespace safebrowsing +} // namespace mozilla |