content/browser/download/base_file.cc - chromium/src - Git at Google

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "content/browser/download/base_file.h"

 #include <utility>

 #include "base/bind.h"
 #include "base/files/file.h"
 #include "base/files/file_util.h"
 #include "base/format_macros.h"
 #include "base/logging.h"
 #include "base/pickle.h"
 #include "base/strings/stringprintf.h"
 #include "base/threading/thread_restrictions.h"
 #include "build/build_config.h"
 #include "content/browser/download/download_interrupt_reasons_impl.h"
 #include "content/browser/download/download_net_log_parameters.h"
 #include "content/browser/download/download_stats.h"
 #include "content/browser/download/quarantine.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/content_browser_client.h"
 #include "crypto/secure_hash.h"
 #include "net/base/net_errors.h"
 #include "net/log/net_log.h"
 #include "net/log/net_log_event_type.h"

 namespace content {

 BaseFile::BaseFile(const net::NetLogWithSource& net_log) : net_log_(net_log) {}

 BaseFile::~BaseFile() {
   DCHECK_CURRENTLY_ON(BrowserThread::FILE);
   if (detached_)
     Close();
   else
     Cancel();  // Will delete the file.
 }

 DownloadInterruptReason BaseFile::Initialize(
     const base::FilePath& full_path,
     const base::FilePath& default_directory,
     base::File file,
     int64_t bytes_so_far,
     const std::string& hash_so_far,
     std::unique_ptr<crypto::SecureHash> hash_state) {
   DCHECK_CURRENTLY_ON(BrowserThread::FILE);
   DCHECK(!detached_);

   if (full_path.empty()) {
     base::FilePath initial_directory(default_directory);
     base::FilePath temp_file;
     if (initial_directory.empty()) {
       initial_directory =
           GetContentClient()->browser()->GetDefaultDownloadDirectory();
     }
     // |initial_directory| can still be empty if ContentBrowserClient returned
     // an empty path for the downloads directory.
     if ((initial_directory.empty() ||
          !base::CreateTemporaryFileInDir(initial_directory, &temp_file)) &&
         !base::CreateTemporaryFile(&temp_file)) {
       return LogInterruptReason("Unable to create", 0,
                                 DOWNLOAD_INTERRUPT_REASON_FILE_FAILED);
     }
     full_path_ = temp_file;
   } else {
     full_path_ = full_path;
   }

   bytes_so_far_ = bytes_so_far;
   secure_hash_ = std::move(hash_state);
   file_ = std::move(file);

   return Open(hash_so_far);
 }

 DownloadInterruptReason BaseFile::AppendDataToFile(const char* data,
                                                    size_t data_len) {
   DCHECK_CURRENTLY_ON(BrowserThread::FILE);
   DCHECK(!detached_);

   // NOTE(benwells): The above DCHECK won't be present in release builds,
   // so we log any occurences to see how common this error is in the wild.
   if (detached_)
     RecordDownloadCount(APPEND_TO_DETACHED_FILE_COUNT);

   if (!file_.IsValid())
     return LogInterruptReason("No file stream on append", 0,
                               DOWNLOAD_INTERRUPT_REASON_FILE_FAILED);

   // TODO(phajdan.jr): get rid of this check.
   if (data_len == 0)
     return DOWNLOAD_INTERRUPT_REASON_NONE;

   // The Write call below is not guaranteed to write all the data.
   size_t write_count = 0;
   size_t len = data_len;
   const char* current_data = data;
   net_log_.BeginEvent(net::NetLogEventType::DOWNLOAD_FILE_WRITTEN);
   while (len > 0) {
     write_count++;
     int write_result = file_.WriteAtCurrentPos(current_data, len);
     DCHECK_NE(0, write_result);

     // Report errors on file writes.
     if (write_result < 0)
       return LogSystemError("Write", logging::GetLastSystemErrorCode());

     // Update status.
     size_t write_size = static_cast<size_t>(write_result);
     DCHECK_LE(write_size, len);
     len -= write_size;
     current_data += write_size;
     bytes_so_far_ += write_size;
   }
   net_log_.EndEvent(net::NetLogEventType::DOWNLOAD_FILE_WRITTEN,
                     net::NetLog::Int64Callback("bytes", data_len));

   RecordDownloadWriteSize(data_len);
   RecordDownloadWriteLoopCount(write_count);

   if (secure_hash_)
     secure_hash_->Update(data, data_len);

   return DOWNLOAD_INTERRUPT_REASON_NONE;
 }

 DownloadInterruptReason BaseFile::Rename(const base::FilePath& new_path) {
   DCHECK_CURRENTLY_ON(BrowserThread::FILE);
   DownloadInterruptReason rename_result = DOWNLOAD_INTERRUPT_REASON_NONE;

   // If the new path is same as the old one, there is no need to perform the
   // following renaming logic.
   if (new_path == full_path_)
     return DOWNLOAD_INTERRUPT_REASON_NONE;

   // Save the information whether the download is in progress because
   // it will be overwritten by closing the file.
   bool was_in_progress = in_progress();

   Close();

   net_log_.BeginEvent(
       net::NetLogEventType::DOWNLOAD_FILE_RENAMED,
       base::Bind(&FileRenamedNetLogCallback, &full_path_, &new_path));

   base::CreateDirectory(new_path.DirName());

   // A simple rename wouldn't work here since we want the file to have
   // permissions / security descriptors that makes sense in the new directory.
   rename_result = MoveFileAndAdjustPermissions(new_path);

   net_log_.EndEvent(net::NetLogEventType::DOWNLOAD_FILE_RENAMED);

   if (rename_result == DOWNLOAD_INTERRUPT_REASON_NONE)
     full_path_ = new_path;

   // Re-open the file if we were still using it regardless of the interrupt
   // reason.
   DownloadInterruptReason open_result = DOWNLOAD_INTERRUPT_REASON_NONE;
   if (was_in_progress)
     open_result = Open(std::string());

   return rename_result == DOWNLOAD_INTERRUPT_REASON_NONE ? open_result
                                                          : rename_result;
 }

 void BaseFile::Detach() {
   detached_ = true;
   net_log_.AddEvent(net::NetLogEventType::DOWNLOAD_FILE_DETACHED);
 }

 void BaseFile::Cancel() {
   DCHECK_CURRENTLY_ON(BrowserThread::FILE);
   DCHECK(!detached_);

   net_log_.AddEvent(net::NetLogEventType::CANCELLED);

   Close();

   if (!full_path_.empty()) {
     net_log_.AddEvent(net::NetLogEventType::DOWNLOAD_FILE_DELETED);
     base::DeleteFile(full_path_, false);
   }

   Detach();
 }

 std::unique_ptr<crypto::SecureHash> BaseFile::Finish() {
   DCHECK_CURRENTLY_ON(BrowserThread::FILE);
   Close();
   return std::move(secure_hash_);
 }

 std::string BaseFile::DebugString() const {
   return base::StringPrintf(
       "{ "
       " full_path_ = \"%" PRFilePath
       "\""
       " bytes_so_far_ = %" PRId64 " detached_ = %c }",
       full_path_.value().c_str(),
       bytes_so_far_,
       detached_ ? 'T' : 'F');
 }

 DownloadInterruptReason BaseFile::CalculatePartialHash(
     const std::string& hash_to_expect) {
   secure_hash_ = crypto::SecureHash::Create(crypto::SecureHash::SHA256);

   if (bytes_so_far_ == 0)
     return DOWNLOAD_INTERRUPT_REASON_NONE;

   if (file_.Seek(base::File::FROM_BEGIN, 0) != 0)
     return LogSystemError("Seek partial file",
                           logging::GetLastSystemErrorCode());

   const size_t kMinBufferSize = secure_hash_->GetHashLength();
   const size_t kMaxBufferSize = 1024 * 512;
   static_assert(kMaxBufferSize <= std::numeric_limits<int>::max(),
                 "kMaxBufferSize must fit on an int");

   // The size of the buffer is:
   // - at least kMinBufferSize so that we can use it to hold the hash as well.
   // - at most kMaxBufferSize so that there's a reasonable bound.
   // - not larger than |bytes_so_far_| unless bytes_so_far_ is less than the
   //   hash size.
   std::vector<char> buffer(std::max<int64_t>(
       kMinBufferSize, std::min<int64_t>(kMaxBufferSize, bytes_so_far_)));

   int64_t current_position = 0;
   while (current_position < bytes_so_far_) {
     // While std::min needs to work with int64_t, the result is always at most
     // kMaxBufferSize, which fits on an int.
     int bytes_to_read =
         std::min<int64_t>(buffer.size(), bytes_so_far_ - current_position);
     int length = file_.ReadAtCurrentPos(&buffer.front(), bytes_to_read);
     if (length == -1) {
       return LogInterruptReason("Reading partial file",
                                 logging::GetLastSystemErrorCode(),
                                 DOWNLOAD_INTERRUPT_REASON_FILE_TOO_SHORT);
     }

     if (length == 0)
       break;

     secure_hash_->Update(&buffer.front(), length);
     current_position += length;
   }

   if (current_position != bytes_so_far_) {
     return LogInterruptReason(
         "Verifying prefix hash", 0, DOWNLOAD_INTERRUPT_REASON_FILE_TOO_SHORT);
   }

   if (!hash_to_expect.empty()) {
     DCHECK_EQ(secure_hash_->GetHashLength(), hash_to_expect.size());
     DCHECK(buffer.size() >= secure_hash_->GetHashLength());
     std::unique_ptr<crypto::SecureHash> partial_hash(secure_hash_->Clone());
     partial_hash->Finish(&buffer.front(), buffer.size());

     if (memcmp(&buffer.front(),
                hash_to_expect.c_str(),
                partial_hash->GetHashLength())) {
       return LogInterruptReason("Verifying prefix hash",
                                 0,
                                 DOWNLOAD_INTERRUPT_REASON_FILE_HASH_MISMATCH);
     }
   }

   return DOWNLOAD_INTERRUPT_REASON_NONE;
 }

 DownloadInterruptReason BaseFile::Open(const std::string& hash_so_far) {
   DCHECK_CURRENTLY_ON(BrowserThread::FILE);
   DCHECK(!detached_);
   DCHECK(!full_path_.empty());

   // Create a new file if it is not provided.
   if (!file_.IsValid()) {
     file_.Initialize(full_path_,
                      base::File::FLAG_OPEN_ALWAYS | base::File::FLAG_WRITE |
                          base::File::FLAG_READ);
     if (!file_.IsValid()) {
       return LogNetError("Open/Initialize File",
                          net::FileErrorToNetError(file_.error_details()));
     }
   }

   net_log_.BeginEvent(
       net::NetLogEventType::DOWNLOAD_FILE_OPENED,
       base::Bind(&FileOpenedNetLogCallback, &full_path_, bytes_so_far_));

   if (!secure_hash_) {
     DownloadInterruptReason reason = CalculatePartialHash(hash_so_far);
     if (reason != DOWNLOAD_INTERRUPT_REASON_NONE) {
       ClearFile();
       return reason;
     }
   }

   int64_t file_size = file_.Seek(base::File::FROM_END, 0);
   if (file_size < 0) {
     logging::SystemErrorCode error = logging::GetLastSystemErrorCode();
     ClearFile();
     return LogSystemError("Seeking to end", error);
   } else if (file_size > bytes_so_far_) {
     // The file is larger than we expected.
     // This is OK, as long as we don't use the extra.
     // Truncate the file.
     if (!file_.SetLength(bytes_so_far_) ||
         file_.Seek(base::File::FROM_BEGIN, bytes_so_far_) != bytes_so_far_) {
       logging::SystemErrorCode error = logging::GetLastSystemErrorCode();
       ClearFile();
       return LogSystemError("Truncating to last known offset", error);
     }
   } else if (file_size < bytes_so_far_) {
     // The file is shorter than we expected.  Our hashes won't be valid.
     ClearFile();
     return LogInterruptReason("Unable to seek to last written point", 0,
                               DOWNLOAD_INTERRUPT_REASON_FILE_TOO_SHORT);
   }

   return DOWNLOAD_INTERRUPT_REASON_NONE;
 }

 void BaseFile::Close() {
   DCHECK_CURRENTLY_ON(BrowserThread::FILE);

   if (file_.IsValid()) {
     // Currently we don't really care about the return value, since if it fails
     // theres not much we can do.  But we might in the future.
     file_.Flush();
     ClearFile();
   }
 }

 void BaseFile::ClearFile() {
   // This should only be called when we have a stream.
   DCHECK(file_.IsValid());
   file_.Close();
   net_log_.EndEvent(net::NetLogEventType::DOWNLOAD_FILE_OPENED);
 }

 DownloadInterruptReason BaseFile::LogNetError(
     const char* operation,
     net::Error error) {
   net_log_.AddEvent(net::NetLogEventType::DOWNLOAD_FILE_ERROR,
                     base::Bind(&FileErrorNetLogCallback, operation, error));
   return ConvertNetErrorToInterruptReason(error, DOWNLOAD_INTERRUPT_FROM_DISK);
 }

 DownloadInterruptReason BaseFile::LogSystemError(
     const char* operation,
     logging::SystemErrorCode os_error) {
   // There's no direct conversion from a system error to an interrupt reason.
   base::File::Error file_error = base::File::OSErrorToFileError(os_error);
   return LogInterruptReason(
       operation, os_error,
       ConvertFileErrorToInterruptReason(file_error));
 }

 DownloadInterruptReason BaseFile::LogInterruptReason(
     const char* operation,
     int os_error,
     DownloadInterruptReason reason) {
   DVLOG(1) << __func__ << "() operation:" << operation
            << " os_error:" << os_error
            << " reason:" << DownloadInterruptReasonToString(reason);
   net_log_.AddEvent(
       net::NetLogEventType::DOWNLOAD_FILE_ERROR,
       base::Bind(&FileInterruptedNetLogCallback, operation, os_error, reason));
   return reason;
 }

 #if defined(OS_WIN) || defined(OS_MACOSX) || defined(OS_LINUX)

 namespace {

 // Given a source and a referrer, determines the "safest" URL that can be used
 // to determine the authority of the download source. Returns an empty URL if no
 // HTTP/S URL can be determined for the <|source_url|, |referrer_url|> pair.
 GURL GetEffectiveAuthorityURL(const GURL& source_url,
                               const GURL& referrer_url) {
   if (source_url.is_valid()) {
     // http{,s} has an authority and are supported.
     if (source_url.SchemeIsHTTPOrHTTPS())
       return source_url;

     // If the download source is file:// ideally we should copy the MOTW from
     // the original file, but given that Chrome/Chromium places strict
     // restrictions on which schemes can reference file:// URLs, this code is
     // going to assume that at this point it's okay to treat this download as
     // being from the local system.
     if (source_url.SchemeIsFile())
       return source_url;

     // ftp:// has an authority.
     if (source_url.SchemeIs(url::kFtpScheme))
       return source_url;
   }

   if (referrer_url.is_valid() && referrer_url.SchemeIsHTTPOrHTTPS())
     return referrer_url;

   return GURL();
 }

 }  // namespace

 DownloadInterruptReason BaseFile::AnnotateWithSourceInformation(
     const std::string& client_guid,
     const GURL& source_url,
     const GURL& referrer_url) {
   DCHECK_CURRENTLY_ON(BrowserThread::FILE);
   DCHECK(!detached_);
   DCHECK(!full_path_.empty());

   net_log_.BeginEvent(net::NetLogEventType::DOWNLOAD_FILE_ANNOTATED);
   QuarantineFileResult result = QuarantineFile(
       full_path_, GetEffectiveAuthorityURL(source_url, referrer_url),
       referrer_url, client_guid);
   net_log_.EndEvent(net::NetLogEventType::DOWNLOAD_FILE_ANNOTATED);
   switch (result) {
     case QuarantineFileResult::OK:
       return DOWNLOAD_INTERRUPT_REASON_NONE;
     case QuarantineFileResult::VIRUS_INFECTED:
       return DOWNLOAD_INTERRUPT_REASON_FILE_VIRUS_INFECTED;
     case QuarantineFileResult::SECURITY_CHECK_FAILED:
       return DOWNLOAD_INTERRUPT_REASON_FILE_SECURITY_CHECK_FAILED;
     case QuarantineFileResult::BLOCKED_BY_POLICY:
       return DOWNLOAD_INTERRUPT_REASON_FILE_BLOCKED;
     case QuarantineFileResult::ACCESS_DENIED:
       return DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED;

     case QuarantineFileResult::FILE_MISSING:
       // Don't have a good interrupt reason here. This return code means that
       // the file at |full_path_| went missing before QuarantineFile got to look
       // at it. Not expected to happen, but we've seen instances where a file
       // goes missing immediately after BaseFile closes the handle.
       //
       // Intentionally using a different error message than
       // SECURITY_CHECK_FAILED in order to distinguish the two.
       return DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;

     case QuarantineFileResult::ANNOTATION_FAILED:
       // This means that the mark-of-the-web couldn't be applied. The file is
       // already on the file system under its final target name.
       //
       // Causes of failed annotations typically aren't transient. E.g. the
       // target file system may not support extended attributes or alternate
       // streams. We are going to allow these downloads to progress on the
       // assumption that failures to apply MOTW can't reliably be introduced
       // remotely.
       return DOWNLOAD_INTERRUPT_REASON_NONE;
   }
   return DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
 }
 #else  // !OS_WIN && !OS_MACOSX && !OS_LINUX
 DownloadInterruptReason BaseFile::AnnotateWithSourceInformation(
     const std::string& client_guid,
     const GURL& source_url,
     const GURL& referrer_url) {
   return DOWNLOAD_INTERRUPT_REASON_NONE;
 }
 #endif

 }  // namespace content
	// Copyright (c) 2012 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "content/browser/download/base_file.h"

	#include <utility>

	#include "base/bind.h"
	#include "base/files/file.h"
	#include "base/files/file_util.h"
	#include "base/format_macros.h"
	#include "base/logging.h"
	#include "base/pickle.h"
	#include "base/strings/stringprintf.h"
	#include "base/threading/thread_restrictions.h"
	#include "build/build_config.h"
	#include "content/browser/download/download_interrupt_reasons_impl.h"
	#include "content/browser/download/download_net_log_parameters.h"
	#include "content/browser/download/download_stats.h"
	#include "content/browser/download/quarantine.h"
	#include "content/public/browser/browser_thread.h"
	#include "content/public/browser/content_browser_client.h"
	#include "crypto/secure_hash.h"
	#include "net/base/net_errors.h"
	#include "net/log/net_log.h"
	#include "net/log/net_log_event_type.h"

	namespace content {

	BaseFile::BaseFile(const net::NetLogWithSource& net_log) : net_log_(net_log) {}

	BaseFile::~BaseFile() {
	DCHECK_CURRENTLY_ON(BrowserThread::FILE);
	if (detached_)
	Close();
	else
	Cancel(); // Will delete the file.
	}

	DownloadInterruptReason BaseFile::Initialize(
	const base::FilePath& full_path,
	const base::FilePath& default_directory,
	base::File file,
	int64_t bytes_so_far,
	const std::string& hash_so_far,
	std::unique_ptr<crypto::SecureHash> hash_state) {
	DCHECK_CURRENTLY_ON(BrowserThread::FILE);
	DCHECK(!detached_);

	if (full_path.empty()) {
	base::FilePath initial_directory(default_directory);
	base::FilePath temp_file;
	if (initial_directory.empty()) {
	initial_directory =
	GetContentClient()->browser()->GetDefaultDownloadDirectory();
	}
	// \|initial_directory\| can still be empty if ContentBrowserClient returned
	// an empty path for the downloads directory.
	if ((initial_directory.empty() \|\|
	!base::CreateTemporaryFileInDir(initial_directory, &temp_file)) &&
	!base::CreateTemporaryFile(&temp_file)) {
	return LogInterruptReason("Unable to create", 0,
	DOWNLOAD_INTERRUPT_REASON_FILE_FAILED);
	}
	full_path_ = temp_file;
	} else {
	full_path_ = full_path;
	}

	bytes_so_far_ = bytes_so_far;
	secure_hash_ = std::move(hash_state);
	file_ = std::move(file);

	return Open(hash_so_far);
	}

	DownloadInterruptReason BaseFile::AppendDataToFile(const char* data,
	size_t data_len) {
	DCHECK_CURRENTLY_ON(BrowserThread::FILE);
	DCHECK(!detached_);

	// NOTE(benwells): The above DCHECK won't be present in release builds,
	// so we log any occurences to see how common this error is in the wild.
	if (detached_)
	RecordDownloadCount(APPEND_TO_DETACHED_FILE_COUNT);

	if (!file_.IsValid())
	return LogInterruptReason("No file stream on append", 0,
	DOWNLOAD_INTERRUPT_REASON_FILE_FAILED);

	// TODO(phajdan.jr): get rid of this check.
	if (data_len == 0)
	return DOWNLOAD_INTERRUPT_REASON_NONE;

	// The Write call below is not guaranteed to write all the data.
	size_t write_count = 0;
	size_t len = data_len;
	const char* current_data = data;
	net_log_.BeginEvent(net::NetLogEventType::DOWNLOAD_FILE_WRITTEN);
	while (len > 0) {
	write_count++;
	int write_result = file_.WriteAtCurrentPos(current_data, len);
	DCHECK_NE(0, write_result);

	// Report errors on file writes.
	if (write_result < 0)
	return LogSystemError("Write", logging::GetLastSystemErrorCode());

	// Update status.
	size_t write_size = static_cast<size_t>(write_result);
	DCHECK_LE(write_size, len);
	len -= write_size;
	current_data += write_size;
	bytes_so_far_ += write_size;
	}
	net_log_.EndEvent(net::NetLogEventType::DOWNLOAD_FILE_WRITTEN,
	net::NetLog::Int64Callback("bytes", data_len));

	RecordDownloadWriteSize(data_len);
	RecordDownloadWriteLoopCount(write_count);

	if (secure_hash_)
	secure_hash_->Update(data, data_len);

	return DOWNLOAD_INTERRUPT_REASON_NONE;
	}

	DownloadInterruptReason BaseFile::Rename(const base::FilePath& new_path) {
	DCHECK_CURRENTLY_ON(BrowserThread::FILE);
	DownloadInterruptReason rename_result = DOWNLOAD_INTERRUPT_REASON_NONE;

	// If the new path is same as the old one, there is no need to perform the
	// following renaming logic.
	if (new_path == full_path_)
	return DOWNLOAD_INTERRUPT_REASON_NONE;

	// Save the information whether the download is in progress because
	// it will be overwritten by closing the file.
	bool was_in_progress = in_progress();

	Close();

	net_log_.BeginEvent(
	net::NetLogEventType::DOWNLOAD_FILE_RENAMED,
	base::Bind(&FileRenamedNetLogCallback, &full_path_, &new_path));

	base::CreateDirectory(new_path.DirName());

	// A simple rename wouldn't work here since we want the file to have
	// permissions / security descriptors that makes sense in the new directory.
	rename_result = MoveFileAndAdjustPermissions(new_path);

	net_log_.EndEvent(net::NetLogEventType::DOWNLOAD_FILE_RENAMED);

	if (rename_result == DOWNLOAD_INTERRUPT_REASON_NONE)
	full_path_ = new_path;

	// Re-open the file if we were still using it regardless of the interrupt
	// reason.
	DownloadInterruptReason open_result = DOWNLOAD_INTERRUPT_REASON_NONE;
	if (was_in_progress)
	open_result = Open(std::string());

	return rename_result == DOWNLOAD_INTERRUPT_REASON_NONE ? open_result
	: rename_result;
	}

	void BaseFile::Detach() {
	detached_ = true;
	net_log_.AddEvent(net::NetLogEventType::DOWNLOAD_FILE_DETACHED);
	}

	void BaseFile::Cancel() {
	DCHECK_CURRENTLY_ON(BrowserThread::FILE);
	DCHECK(!detached_);

	net_log_.AddEvent(net::NetLogEventType::CANCELLED);

	Close();

	if (!full_path_.empty()) {
	net_log_.AddEvent(net::NetLogEventType::DOWNLOAD_FILE_DELETED);
	base::DeleteFile(full_path_, false);
	}

	Detach();
	}

	std::unique_ptr<crypto::SecureHash> BaseFile::Finish() {
	DCHECK_CURRENTLY_ON(BrowserThread::FILE);
	Close();
	return std::move(secure_hash_);
	}

	std::string BaseFile::DebugString() const {
	return base::StringPrintf(
	"{ "
	" full_path_ = \"%" PRFilePath
	"\""
	" bytes_so_far_ = %" PRId64 " detached_ = %c }",
	full_path_.value().c_str(),
	bytes_so_far_,
	detached_ ? 'T' : 'F');
	}

	DownloadInterruptReason BaseFile::CalculatePartialHash(
	const std::string& hash_to_expect) {
	secure_hash_ = crypto::SecureHash::Create(crypto::SecureHash::SHA256);

	if (bytes_so_far_ == 0)
	return DOWNLOAD_INTERRUPT_REASON_NONE;

	if (file_.Seek(base::File::FROM_BEGIN, 0) != 0)
	return LogSystemError("Seek partial file",
	logging::GetLastSystemErrorCode());

	const size_t kMinBufferSize = secure_hash_->GetHashLength();
	const size_t kMaxBufferSize = 1024 * 512;
	static_assert(kMaxBufferSize <= std::numeric_limits<int>::max(),
	"kMaxBufferSize must fit on an int");

	// The size of the buffer is:
	// - at least kMinBufferSize so that we can use it to hold the hash as well.
	// - at most kMaxBufferSize so that there's a reasonable bound.
	// - not larger than \|bytes_so_far_\| unless bytes_so_far_ is less than the
	// hash size.
	std::vector<char> buffer(std::max<int64_t>(
	kMinBufferSize, std::min<int64_t>(kMaxBufferSize, bytes_so_far_)));

	int64_t current_position = 0;
	while (current_position < bytes_so_far_) {
	// While std::min needs to work with int64_t, the result is always at most
	// kMaxBufferSize, which fits on an int.
	int bytes_to_read =
	std::min<int64_t>(buffer.size(), bytes_so_far_ - current_position);
	int length = file_.ReadAtCurrentPos(&buffer.front(), bytes_to_read);
	if (length == -1) {
	return LogInterruptReason("Reading partial file",
	logging::GetLastSystemErrorCode(),
	DOWNLOAD_INTERRUPT_REASON_FILE_TOO_SHORT);
	}

	if (length == 0)
	break;

	secure_hash_->Update(&buffer.front(), length);
	current_position += length;
	}

	if (current_position != bytes_so_far_) {
	return LogInterruptReason(
	"Verifying prefix hash", 0, DOWNLOAD_INTERRUPT_REASON_FILE_TOO_SHORT);
	}

	if (!hash_to_expect.empty()) {
	DCHECK_EQ(secure_hash_->GetHashLength(), hash_to_expect.size());
	DCHECK(buffer.size() >= secure_hash_->GetHashLength());
	std::unique_ptr<crypto::SecureHash> partial_hash(secure_hash_->Clone());
	partial_hash->Finish(&buffer.front(), buffer.size());

	if (memcmp(&buffer.front(),
	hash_to_expect.c_str(),
	partial_hash->GetHashLength())) {
	return LogInterruptReason("Verifying prefix hash",
	0,
	DOWNLOAD_INTERRUPT_REASON_FILE_HASH_MISMATCH);
	}
	}

	return DOWNLOAD_INTERRUPT_REASON_NONE;
	}

	DownloadInterruptReason BaseFile::Open(const std::string& hash_so_far) {
	DCHECK_CURRENTLY_ON(BrowserThread::FILE);
	DCHECK(!detached_);
	DCHECK(!full_path_.empty());

	// Create a new file if it is not provided.
	if (!file_.IsValid()) {
	file_.Initialize(full_path_,
	base::File::FLAG_OPEN_ALWAYS \| base::File::FLAG_WRITE \|
	base::File::FLAG_READ);
	if (!file_.IsValid()) {
	return LogNetError("Open/Initialize File",
	net::FileErrorToNetError(file_.error_details()));
	}
	}

	net_log_.BeginEvent(
	net::NetLogEventType::DOWNLOAD_FILE_OPENED,
	base::Bind(&FileOpenedNetLogCallback, &full_path_, bytes_so_far_));

	if (!secure_hash_) {
	DownloadInterruptReason reason = CalculatePartialHash(hash_so_far);
	if (reason != DOWNLOAD_INTERRUPT_REASON_NONE) {
	ClearFile();
	return reason;
	}
	}

	int64_t file_size = file_.Seek(base::File::FROM_END, 0);
	if (file_size < 0) {
	logging::SystemErrorCode error = logging::GetLastSystemErrorCode();
	ClearFile();
	return LogSystemError("Seeking to end", error);
	} else if (file_size > bytes_so_far_) {
	// The file is larger than we expected.
	// This is OK, as long as we don't use the extra.
	// Truncate the file.
	if (!file_.SetLength(bytes_so_far_) \|\|
	file_.Seek(base::File::FROM_BEGIN, bytes_so_far_) != bytes_so_far_) {
	logging::SystemErrorCode error = logging::GetLastSystemErrorCode();
	ClearFile();
	return LogSystemError("Truncating to last known offset", error);
	}
	} else if (file_size < bytes_so_far_) {
	// The file is shorter than we expected. Our hashes won't be valid.
	ClearFile();
	return LogInterruptReason("Unable to seek to last written point", 0,
	DOWNLOAD_INTERRUPT_REASON_FILE_TOO_SHORT);
	}

	return DOWNLOAD_INTERRUPT_REASON_NONE;
	}

	void BaseFile::Close() {
	DCHECK_CURRENTLY_ON(BrowserThread::FILE);

	if (file_.IsValid()) {
	// Currently we don't really care about the return value, since if it fails
	// theres not much we can do. But we might in the future.
	file_.Flush();
	ClearFile();
	}
	}

	void BaseFile::ClearFile() {
	// This should only be called when we have a stream.
	DCHECK(file_.IsValid());
	file_.Close();
	net_log_.EndEvent(net::NetLogEventType::DOWNLOAD_FILE_OPENED);
	}

	DownloadInterruptReason BaseFile::LogNetError(
	const char* operation,
	net::Error error) {
	net_log_.AddEvent(net::NetLogEventType::DOWNLOAD_FILE_ERROR,
	base::Bind(&FileErrorNetLogCallback, operation, error));
	return ConvertNetErrorToInterruptReason(error, DOWNLOAD_INTERRUPT_FROM_DISK);
	}

	DownloadInterruptReason BaseFile::LogSystemError(
	const char* operation,
	logging::SystemErrorCode os_error) {
	// There's no direct conversion from a system error to an interrupt reason.
	base::File::Error file_error = base::File::OSErrorToFileError(os_error);
	return LogInterruptReason(
	operation, os_error,
	ConvertFileErrorToInterruptReason(file_error));
	}

	DownloadInterruptReason BaseFile::LogInterruptReason(
	const char* operation,
	int os_error,
	DownloadInterruptReason reason) {
	DVLOG(1) << __func__ << "() operation:" << operation
	<< " os_error:" << os_error
	<< " reason:" << DownloadInterruptReasonToString(reason);
	net_log_.AddEvent(
	net::NetLogEventType::DOWNLOAD_FILE_ERROR,
	base::Bind(&FileInterruptedNetLogCallback, operation, os_error, reason));
	return reason;
	}

	#if defined(OS_WIN) \|\| defined(OS_MACOSX) \|\| defined(OS_LINUX)

	namespace {

	// Given a source and a referrer, determines the "safest" URL that can be used
	// to determine the authority of the download source. Returns an empty URL if no
	// HTTP/S URL can be determined for the <\|source_url\|, \|referrer_url\|> pair.
	GURL GetEffectiveAuthorityURL(const GURL& source_url,
	const GURL& referrer_url) {
	if (source_url.is_valid()) {
	// http{,s} has an authority and are supported.
	if (source_url.SchemeIsHTTPOrHTTPS())
	return source_url;

	// If the download source is file:// ideally we should copy the MOTW from
	// the original file, but given that Chrome/Chromium places strict
	// restrictions on which schemes can reference file:// URLs, this code is
	// going to assume that at this point it's okay to treat this download as
	// being from the local system.
	if (source_url.SchemeIsFile())
	return source_url;

	// ftp:// has an authority.
	if (source_url.SchemeIs(url::kFtpScheme))
	return source_url;
	}

	if (referrer_url.is_valid() && referrer_url.SchemeIsHTTPOrHTTPS())
	return referrer_url;

	return GURL();
	}

	} // namespace

	DownloadInterruptReason BaseFile::AnnotateWithSourceInformation(
	const std::string& client_guid,
	const GURL& source_url,
	const GURL& referrer_url) {
	DCHECK_CURRENTLY_ON(BrowserThread::FILE);
	DCHECK(!detached_);
	DCHECK(!full_path_.empty());

	net_log_.BeginEvent(net::NetLogEventType::DOWNLOAD_FILE_ANNOTATED);
	QuarantineFileResult result = QuarantineFile(
	full_path_, GetEffectiveAuthorityURL(source_url, referrer_url),
	referrer_url, client_guid);
	net_log_.EndEvent(net::NetLogEventType::DOWNLOAD_FILE_ANNOTATED);
	switch (result) {
	case QuarantineFileResult::OK:
	return DOWNLOAD_INTERRUPT_REASON_NONE;
	case QuarantineFileResult::VIRUS_INFECTED:
	return DOWNLOAD_INTERRUPT_REASON_FILE_VIRUS_INFECTED;
	case QuarantineFileResult::SECURITY_CHECK_FAILED:
	return DOWNLOAD_INTERRUPT_REASON_FILE_SECURITY_CHECK_FAILED;
	case QuarantineFileResult::BLOCKED_BY_POLICY:
	return DOWNLOAD_INTERRUPT_REASON_FILE_BLOCKED;
	case QuarantineFileResult::ACCESS_DENIED:
	return DOWNLOAD_INTERRUPT_REASON_FILE_ACCESS_DENIED;

	case QuarantineFileResult::FILE_MISSING:
	// Don't have a good interrupt reason here. This return code means that
	// the file at \|full_path_\| went missing before QuarantineFile got to look
	// at it. Not expected to happen, but we've seen instances where a file
	// goes missing immediately after BaseFile closes the handle.
	//
	// Intentionally using a different error message than
	// SECURITY_CHECK_FAILED in order to distinguish the two.
	return DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;

	case QuarantineFileResult::ANNOTATION_FAILED:
	// This means that the mark-of-the-web couldn't be applied. The file is
	// already on the file system under its final target name.
	//
	// Causes of failed annotations typically aren't transient. E.g. the
	// target file system may not support extended attributes or alternate
	// streams. We are going to allow these downloads to progress on the
	// assumption that failures to apply MOTW can't reliably be introduced
	// remotely.
	return DOWNLOAD_INTERRUPT_REASON_NONE;
	}
	return DOWNLOAD_INTERRUPT_REASON_FILE_FAILED;
	}
	#else // !OS_WIN && !OS_MACOSX && !OS_LINUX
	DownloadInterruptReason BaseFile::AnnotateWithSourceInformation(
	const std::string& client_guid,
	const GURL& source_url,
	const GURL& referrer_url) {
	return DOWNLOAD_INTERRUPT_REASON_NONE;
	}
	#endif

	} // namespace content