Bug 1879182 - add a pref to make Content Analysis allow by default r=handyman

This will make DLP requests return Allow if the agent is not present or returns an error. Differential Revision: https://phabricator.services.mozilla.com/D201277
2024-11-23 12:51:06 +00:00 · 2024-02-14 16:10:53 +00:00 · 2024-02-14 16:10:53 +00:00 · 143dc3245c
commit 143dc3245c
parent 8c8c7dd85e
4 changed files with 33 additions and 12 deletions
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@ -1141,6 +1141,13 @@
  value: false
  mirror: never

+# Whether content analysis should allow content if there is a problem communicating
+# with the agent.
+- name: browser.contentanalysis.default_allow
+  type: bool
+  value: false
+  mirror: never
+
 # Is the IPC pipe to the DLP tool specific to the user or to the system?
 - name: browser.contentanalysis.is_per_user
  type: bool
--- a/toolkit/components/contentanalysis/ContentAnalysis.cpp
+++ b/toolkit/components/contentanalysis/ContentAnalysis.cpp
@ -52,6 +52,7 @@ namespace {
 const char* kIsDLPEnabledPref = "browser.contentanalysis.enabled";
 const char* kIsPerUserPref = "browser.contentanalysis.is_per_user";
 const char* kPipePathNamePref = "browser.contentanalysis.pipe_path_name";
+const char* kDefaultAllowPref = "browser.contentanalysis.default_allow";

 static constexpr uint32_t kAnalysisTimeoutSecs = 30;  // 30 sec

@ -639,12 +640,17 @@ NS_IMETHODIMP ContentAnalysisResult::GetShouldAllowContent(
    bool* aShouldAllowContent) {
  if (mValue.is<NoContentAnalysisResult>()) {
    NoContentAnalysisResult result = mValue.as<NoContentAnalysisResult>();
-    // Note that we allow content if we're unable to get it (for example, if
-    // there's clipboard content that is not text or file)
-    *aShouldAllowContent =
-        result == NoContentAnalysisResult::AGENT_NOT_PRESENT ||
-        result == NoContentAnalysisResult::NO_PARENT_BROWSER ||
-        result == NoContentAnalysisResult::ERROR_COULD_NOT_GET_DATA;
+    if (Preferences::GetBool(kDefaultAllowPref)) {
+      *aShouldAllowContent = result != NoContentAnalysisResult::CANCELED;
+    } else {
+      // Note that we allow content if we're unable to get it (for example, if
+      // there's clipboard content that is not text or file)
+      *aShouldAllowContent =
+          result == NoContentAnalysisResult::CONTENT_ANALYSIS_NOT_ACTIVE ||
+          result ==
+              NoContentAnalysisResult::CONTEXT_EXEMPT_FROM_CONTENT_ANALYSIS ||
+          result == NoContentAnalysisResult::ERROR_COULD_NOT_GET_DATA;
+    }
  } else {
    *aShouldAllowContent =
        ShouldAllowAction(mValue.as<nsIContentAnalysisResponse::Action>());
@ -742,9 +748,13 @@ nsresult ContentAnalysis::CancelWithError(nsCString aRequestToken,
        }
        nsCOMPtr<nsIObserverService> obsServ =
            mozilla::services::GetObserverService();
+        bool allow = Preferences::GetBool(kDefaultAllowPref);
        RefPtr<ContentAnalysisResponse> response =
            ContentAnalysisResponse::FromAction(
-                nsIContentAnalysisResponse::Action::eCanceled, aRequestToken);
+                allow ? nsIContentAnalysisResponse::Action::eAllow
+                      : nsIContentAnalysisResponse::Action::eCanceled,
+                aRequestToken);
+        response->SetOwner(owner);
        obsServ->NotifyObservers(response, "dlp-response", nullptr);
        nsMainThreadPtrHandle<nsIContentAnalysisCallback> callbackHolder;
        {
@ -755,7 +765,11 @@ nsresult ContentAnalysis::CancelWithError(nsCString aRequestToken,
          }
        }
        if (callbackHolder) {
-          callbackHolder->Error(aResult);
+          if (allow) {
+            callbackHolder->ContentResult(response);
+          } else {
+            callbackHolder->Error(aResult);
+          }
        }
      }));
 }
--- a/toolkit/components/contentanalysis/ContentAnalysisIPCTypes.h
+++ b/toolkit/components/contentanalysis/ContentAnalysisIPCTypes.h
@ -17,8 +17,8 @@ namespace mozilla {
 namespace contentanalysis {

 enum class NoContentAnalysisResult : uint8_t {
-  AGENT_NOT_PRESENT,
-  NO_PARENT_BROWSER,
+  CONTENT_ANALYSIS_NOT_ACTIVE,
+  CONTEXT_EXEMPT_FROM_CONTENT_ANALYSIS,
  CANCELED,
  ERROR_INVALID_JSON_RESPONSE,
  ERROR_COULD_NOT_GET_DATA,
--- a/widget/nsBaseClipboard.cpp
+++ b/widget/nsBaseClipboard.cpp
@ -463,7 +463,7 @@ static void CheckClipboardContentAnalysis(
  if (!aWindow || aWindow->GetBrowsingContext()->IsChrome() ||
      aWindow->IsInProcess()) {
    aResolver->Callback(ContentAnalysisResult::FromNoResult(
-        NoContentAnalysisResult::NO_PARENT_BROWSER));
+        NoContentAnalysisResult::CONTEXT_EXEMPT_FROM_CONTENT_ANALYSIS));
    return;
  }
  nsCOMPtr<nsIContentAnalysis> contentAnalysis =
@ -478,7 +478,7 @@ static void CheckClipboardContentAnalysis(
  nsresult rv = contentAnalysis->GetIsActive(&contentAnalysisIsActive);
  if (MOZ_LIKELY(NS_FAILED(rv) || !contentAnalysisIsActive)) {
    aResolver->Callback(ContentAnalysisResult::FromNoResult(
-        NoContentAnalysisResult::AGENT_NOT_PRESENT));
+        NoContentAnalysisResult::CONTENT_ANALYSIS_NOT_ACTIVE));
    return;
  }