Add high confidence allowlist check on Android

Since high confidence allowlist is currently not available on GMSCore,
we plan to have it hardcoded in our code. This is similar to what we
have done for CSD allowlist.

Bug: 1014202
Change-Id: I5489b3d4ed56b8dd7ad7a79ea205b403b444a077
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1860980Reviewed-by: Daniel Rubery <drubery@chromium.org>
Commit-Queue: Xinghui Lu <xinghuilu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#706280}

components/safe_browsing/android/remote_database_manager.cc

@@ -239,8 +239,14 @@ RemoteSafeBrowsingDatabaseManager::CheckUrlForHighConfidenceAllowlist(
     const GURL& url,
     Client* client) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
-  // TODO(crbug.com/1014202): Add local high confidence allowlist.
+
+  if (!enabled_ || !CanCheckUrl(url))
     return AsyncMatch::NO_MATCH;
+
+  // TODO(crbug.com/1014202): Make this call async.
+  SafeBrowsingApiHandler* api_handler = SafeBrowsingApiHandler::GetInstance();
+  bool is_match = api_handler->StartHighConfidenceAllowlistCheck(url);
+  return is_match ? AsyncMatch::MATCH : AsyncMatch::NO_MATCH;
 }
 
 bool RemoteSafeBrowsingDatabaseManager::CheckUrlForSubresourceFilter(

components/safe_browsing/android/remote_database_manager_unittest.cc

@@ -28,6 +28,9 @@ class TestSafeBrowsingApiHandler : public SafeBrowsingApiHandler {
                      const GURL& url,
                      const SBThreatTypeSet& threat_types) override {}
   bool StartCSDAllowlistCheck(const GURL& url) override { return false; }
+  bool StartHighConfidenceAllowlistCheck(const GURL& url) override {
+    return false;
+  }
 };
 
 }  // namespace

components/safe_browsing/android/safe_browsing_api_handler.h

@@ -38,6 +38,8 @@ class SafeBrowsingApiHandler {
 
   virtual bool StartCSDAllowlistCheck(const GURL& url) = 0;
 
+  virtual bool StartHighConfidenceAllowlistCheck(const GURL& url) = 0;
+
   virtual ~SafeBrowsingApiHandler() {}
 
  private:

components/safe_browsing/android/safe_browsing_api_handler_bridge.cc

@@ -65,6 +65,8 @@ int SBThreatTypeToJavaThreatType(const SBThreatType& sb_threat_type) {
       return safe_browsing::JAVA_THREAT_TYPE_UNWANTED_SOFTWARE;
     case SB_THREAT_TYPE_CSD_WHITELIST:
       return safe_browsing::JAVA_THREAT_TYPE_CSD_ALLOWLIST;
+    case SB_THREAT_TYPE_HIGH_CONFIDENCE_ALLOWLIST:
+      return safe_browsing::JAVA_THREAT_TYPE_HIGH_CONFIDENCE_ALLOWLIST;
     default:
       NOTREACHED();
       return 0;
@@ -214,6 +216,21 @@ bool SafeBrowsingApiHandlerBridge::CheckApiIsSupported() {
   return j_api_handler_.obj() != nullptr;
 }
 
+bool SafeBrowsingApiHandlerBridge::StartAllowlistCheck(
+    const GURL& url,
+    const SBThreatType& sb_threat_type) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+  if (!CheckApiIsSupported()) {
+    return false;
+  }
+
+  JNIEnv* env = AttachCurrentThread();
+  ScopedJavaLocalRef<jstring> j_url = ConvertUTF8ToJavaString(env, url.spec());
+  int j_threat_type = SBThreatTypeToJavaThreatType(sb_threat_type);
+  return Java_SafeBrowsingApiBridge_startAllowlistLookup(env, j_api_handler_,
+                                                         j_url, j_threat_type);
+}
+
 std::string SafeBrowsingApiHandlerBridge::GetSafetyNetId() {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
   bool feature_enabled = base::FeatureList::IsEnabled(kCaptureSafetyNetId);
@@ -261,18 +278,13 @@ void SafeBrowsingApiHandlerBridge::StartURLCheck(
 }
 
 bool SafeBrowsingApiHandlerBridge::StartCSDAllowlistCheck(const GURL& url) {
-  DCHECK_CURRENTLY_ON(BrowserThread::IO);
-  if (!CheckApiIsSupported()) {
-    return false;
-  }
+  return StartAllowlistCheck(url, safe_browsing::SB_THREAT_TYPE_CSD_WHITELIST);
+}
 
-  // TODO(crbug.com/999344): Add UMA metrics
-  JNIEnv* env = AttachCurrentThread();
-  ScopedJavaLocalRef<jstring> j_url = ConvertUTF8ToJavaString(env, url.spec());
-  int j_threat_type =
-      SBThreatTypeToJavaThreatType(safe_browsing::SB_THREAT_TYPE_CSD_WHITELIST);
-  return Java_SafeBrowsingApiBridge_startAllowlistLookup(env, j_api_handler_,
-                                                         j_url, j_threat_type);
+bool SafeBrowsingApiHandlerBridge::StartHighConfidenceAllowlistCheck(
+    const GURL& url) {
+  return StartAllowlistCheck(
+      url, safe_browsing::SB_THREAT_TYPE_HIGH_CONFIDENCE_ALLOWLIST);
 }
 
 }  // namespace safe_browsing

components/safe_browsing/android/safe_browsing_api_handler_bridge.h

@@ -34,11 +34,15 @@ class SafeBrowsingApiHandlerBridge : public SafeBrowsingApiHandler {
 
   bool StartCSDAllowlistCheck(const GURL& url) override;
 
+  bool StartHighConfidenceAllowlistCheck(const GURL& url) override;
+
  private:
   // Creates the |j_api_handler_| if it hasn't been already.  If the API is not
   // supported, this will return false and j_api_handler_ will remain nullptr.
   bool CheckApiIsSupported();
 
+  bool StartAllowlistCheck(const GURL& url, const SBThreatType& sb_threat_type);
+
   // The Java-side SafeBrowsingApiHandler. Must call CheckApiIsSupported first.
   base::android::ScopedJavaGlobalRef<jobject> j_api_handler_;
 

components/safe_browsing/android/safe_browsing_api_handler_util.cc

@@ -165,6 +165,8 @@ int GetThreatSeverity(JavaThreatTypes threat_type) {
       return 4;
     case JAVA_THREAT_TYPE_CSD_ALLOWLIST:
       return 5;
+    case JAVA_THREAT_TYPE_HIGH_CONFIDENCE_ALLOWLIST:
+      return 6;
     case JAVA_THREAT_TYPE_MAX_VALUE:
       return std::numeric_limits<int>::max();
   }

components/safe_browsing/android/safe_browsing_api_handler_util.h

@@ -31,6 +31,7 @@ enum JavaThreatTypes {
   // TODO(crbug.com/999344): temp magic number, update once GMSCore is
   // available.
   JAVA_THREAT_TYPE_CSD_ALLOWLIST = 16,
+  JAVA_THREAT_TYPE_HIGH_CONFIDENCE_ALLOWLIST = 17,
   JAVA_THREAT_TYPE_MAX_VALUE
 };