Bug 1816998: Replace macOS quarantine database-based attribution with extended attribute attribution r=nalexander

With extended attribute attribution using exactly the same attribution strings as Windows (eg: no URLs), this turns out to be quite straightforward. Once we've pulled in the attribution string from the extended attribute, the existing parsing, validation, etc. just works.

The only wrinkle is that the extended attributes may have nul bytes or tabs that we need to strip away. (Tabs may be present because we use them to pad the attribution area when we prepare the DMG for attribution. Nul bytes may be present because we overwrite the entire attribution before updating the attribution data.)

Differential Revision: https://phabricator.services.mozilla.com/D189258

Author: bhearsum

browser/components/attribution/AttributionCode.sys.mjs

@@ -190,43 +190,6 @@ export var AttributionCode = {
     return {};
   },
 
-  /**
-   * Returns an object containing a key-value pair for each piece of attribution
-   * data included in the passed-in URL containing a query string encoding an
-   * attribution code.
-   *
-   * We have less control of the attribution codes on macOS so we accept more
-   * URLs than we accept attribution codes on Windows.
-   *
-   * If the URL is empty, returns an empty object.
-   *
-   * If the URL doesn't parse, throws.
-   */
-  parseAttributionCodeFromUrl(url) {
-    if (!url) {
-      return {};
-    }
-
-    let parsed = {};
-
-    let params = new URL(url).searchParams;
-    for (let key of ATTR_CODE_KEYS) {
-      // We support the key prefixed with utm_ or not, but intentionally
-      // choose non-utm params over utm params.
-      for (let paramKey of [`utm_${key}`, `funnel_${key}`, key]) {
-        if (params.has(paramKey)) {
-          // We expect URI-encoded components in our attribution codes.
-          let value = encodeURIComponent(params.get(paramKey));
-          if (value && ATTR_CODE_VALUE_REGEX.test(value)) {
-            parsed[key] = value;
-          }
-        }
-      }
-    }
-
-    return parsed;
-  },
-
   /**
    * Returns a string serializing the given attribution data.
    *
@@ -285,14 +248,15 @@ export var AttributionCode = {
         `getAttrDataAsync: macOS && !exists("${attributionFile.path}")`
       );
 
-      // On macOS, we fish the attribution data from the system quarantine DB.
+      // On macOS, we fish the attribution data from an extended attribute on
+      // the .app bundle directory.
       try {
-        let referrer = await lazy.MacAttribution.getReferrerUrl();
+        let attrStr = await lazy.MacAttribution.getAttributionString();
         lazy.log.debug(
-          `getAttrDataAsync: macOS attribution getReferrerUrl: "${referrer}"`
+          `getAttrDataAsync: macOS attribution getAttributionString: "${attrStr}"`
         );
 
-        gCachedAttrData = this.parseAttributionCodeFromUrl(referrer);
+        gCachedAttrData = this.parseAttributionCode(attrStr);
       } catch (ex) {
         // Avoid partial attribution data.
         gCachedAttrData = {};
@@ -315,8 +279,7 @@ export var AttributionCode = {
         `macOS attribution data is ${JSON.stringify(gCachedAttrData)}`
       );
 
-      // We only want to try to fetch the referrer from the quarantine
-      // database once on macOS.
+      // We only want to try to fetch the attribution string once on macOS
       try {
         let code = this.serializeAttributionData(gCachedAttrData);
         lazy.log.debug(`macOS attribution data serializes as "${code}"`);

browser/components/attribution/MacAttribution.sys.mjs

@@ -2,126 +2,8 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-const lazy = {};
-ChromeUtils.defineLazyGetter(lazy, "log", () => {
-  let { ConsoleAPI } = ChromeUtils.importESModule(
-    "resource://gre/modules/Console.sys.mjs"
-  );
-  let consoleOptions = {
-    // tip: set maxLogLevel to "debug" and use lazy.log.debug() to create
-    // detailed messages during development. See LOG_LEVELS in Console.sys.mjs
-    // for details.
-    maxLogLevel: "error",
-    maxLogLevelPref: "browser.attribution.mac.loglevel",
-    prefix: "MacAttribution",
-  };
-  return new ConsoleAPI(consoleOptions);
-});
-
-ChromeUtils.defineESModuleGetters(lazy, {
-  Subprocess: "resource://gre/modules/Subprocess.sys.mjs",
-});
-
-/**
- * Get the location of the user's macOS quarantine database.
- * @return {String} path.
- */
-function getQuarantineDatabasePath() {
-  let file = Services.dirsvc.get("Home", Ci.nsIFile);
-  file.append("Library");
-  file.append("Preferences");
-  file.append("com.apple.LaunchServices.QuarantineEventsV2");
-  return file.path;
-}
-
-/**
- * Query given path for quarantine extended attributes.
- * @param {String} path of the file to query.
- * @return {[String, String]} pair of the quarantine data GUID and remaining
- *                            quarantine data (usually, Gatekeeper flags).
- * @throws NS_ERROR_NOT_AVAILABLE if there is no quarantine GUID for the given path.
- * @throws NS_ERROR_UNEXPECTED if there is a quarantine GUID, but it is malformed.
- */
-async function getQuarantineAttributes(path) {
-  let bytes = await IOUtils.getMacXAttr(path, "com.apple.quarantine");
-  if (!bytes) {
-    throw new Components.Exception(
-      `No macOS quarantine xattrs found for ${path}`,
-      Cr.NS_ERROR_NOT_AVAILABLE
-    );
-  }
-
-  let string = new TextDecoder("utf-8").decode(bytes);
-  let parts = string.split(";");
-  if (!parts.length) {
-    throw new Components.Exception(
-      `macOS quarantine data is not ; separated`,
-      Cr.NS_ERROR_UNEXPECTED
-    );
-  }
-  let guid = parts[parts.length - 1];
-  if (guid.length != 36) {
-    // Like "12345678-90AB-CDEF-1234-567890ABCDEF".
-    throw new Components.Exception(
-      `macOS quarantine data guid is not length 36: ${guid.length}`,
-      Cr.NS_ERROR_UNEXPECTED
-    );
-  }
-
-  return { guid, parts };
-}
-
-/**
- * Invoke system SQLite binary to extract the referrer URL corresponding to
- * the given GUID from the given macOS quarantine database.
- * @param {String} path of the user's macOS quarantine database.
- * @param {String} guid to query.
- * @return {String} referrer URL.
- */
-async function queryQuarantineDatabase(
-  guid,
-  path = getQuarantineDatabasePath()
-) {
-  let query = `SELECT COUNT(*), LSQuarantineOriginURLString
-       FROM LSQuarantineEvent
-       WHERE LSQuarantineEventIdentifier = '${guid}'
-       ORDER BY LSQuarantineTimeStamp DESC LIMIT 1`;
-
-  let proc = await lazy.Subprocess.call({
-    command: "/usr/bin/sqlite3",
-    arguments: [path, query],
-    environment: {},
-    stderr: "stdout",
-  });
-
-  let stdout = await proc.stdout.readString();
-
-  let { exitCode } = await proc.wait();
-  if (exitCode != 0) {
-    throw new Components.Exception(
-      "Failed to run sqlite3",
-      Cr.NS_ERROR_UNEXPECTED
-    );
-  }
-
-  // Output is like "integer|url".
-  let parts = stdout.split("|", 2);
-  if (parts.length != 2) {
-    throw new Components.Exception(
-      "Failed to parse sqlite3 output",
-      Cr.NS_ERROR_UNEXPECTED
-    );
-  }
-
-  if (parts[0].trim() == "0") {
-    throw new Components.Exception(
-      `Quarantine database does not contain URL for guid ${guid}`,
-      Cr.NS_ERROR_UNEXPECTED
-    );
-  }
-
-  return parts[1].trim();
-}
+const NUL = 0x0;
+const TAB = 0x9;
 
 export var MacAttribution = {
   /**
@@ -132,44 +14,36 @@ export var MacAttribution = {
     return Services.dirsvc.get("GreD", Ci.nsIFile).parent.parent.path;
   },
 
-  /**
-   * Used by the Attributions system to get the download referrer.
-   *
-   * @param {String} path to get the quarantine data from.
-   *             Usually this is a `.app` directory but can be any
-   *             (existing) file or directory.  Default: `this.applicationPath`.
-   * @return {String} referrer URL.
-   * @throws NS_ERROR_NOT_AVAILABLE if there is no quarantine GUID for the given path.
-   * @throws NS_ERROR_UNEXPECTED if there is a quarantine GUID, but no corresponding referrer URL is known.
-   */
-  async getReferrerUrl(path = this.applicationPath) {
-    lazy.log.debug(`getReferrerUrl(${JSON.stringify(path)})`);
+  async setAttributionString(aAttrStr, path = this.applicationPath) {
+    return IOUtils.setMacXAttr(
+      path,
+      "com.apple.application-instance",
+      new TextEncoder().encode(aAttrStr)
+    );
+  },
 
-    // First, determine the quarantine GUID assigned by macOS to the given path.
-    let guid;
-    try {
-      guid = (await getQuarantineAttributes(path)).guid;
-    } catch (ex) {
-      throw new Components.Exception(
-        `No macOS quarantine GUID found for ${path}`,
-        Cr.NS_ERROR_NOT_AVAILABLE
+  async getAttributionString(path = this.applicationPath) {
+    let promise = IOUtils.getMacXAttr(path, "com.apple.application-instance");
+    return promise.then(bytes => {
+      // We need to process the extended attribute a little bit to isolate
+      // the attribution string:
+      // - nul bytes and tabs may be present in raw attribution strings, but are
+      //   never part of the attribution data
+      // - attribution data is expected to be preceeded by the string `__MOZCUSTOM__`
+      let attrStr = new TextDecoder().decode(
+        bytes.filter(b => b != NUL && b != TAB)
       );
-    }
-    lazy.log.debug(`getReferrerUrl: guid: ${guid}`);
 
-    // Second, fish the relevant record from the quarantine database.
-    let url = "";
-    try {
-      url = await queryQuarantineDatabase(guid);
-      lazy.log.debug(`getReferrerUrl: url: ${url}`);
-    } catch (ex) {
-      // This path is known to macOS but we failed to extract a referrer -- be noisy.
-      throw new Components.Exception(
-        `No macOS quarantine referrer URL found for ${path} with GUID ${guid}`,
-        Cr.NS_ERROR_UNEXPECTED
-      );
-    }
+      if (attrStr.startsWith("__MOZCUSTOM__")) {
+        // Return everything after __MOZCUSTOM__
+        return attrStr.slice(13);
+      }
+
+      throw new Error(`No attribution data found in ${path}`);
+    });
+  },
 
-    return url;
+  async delAttributionString(path = this.applicationPath) {
+    return IOUtils.delMacXAttr(path, "com.apple.application-instance");
   },
 };

browser/components/attribution/moz.build

@@ -18,20 +18,6 @@ EXTRA_JS_MODULES += [
 SPHINX_TREES["docs"] = "docs"
 
 if CONFIG["MOZ_WIDGET_TOOLKIT"] == "cocoa":
-    XPIDL_SOURCES += [
-        "nsIMacAttribution.idl",
-    ]
-
-    XPIDL_MODULE = "attribution"
-
-    EXPORTS += [
-        "nsMacAttribution.h",
-    ]
-
-    SOURCES += [
-        "nsMacAttribution.cpp",
-    ]
-
     FINAL_LIBRARY = "browsercomps"
 
     EXTRA_JS_MODULES += [