1 files changed, 51 insertions, 0 deletions

diff --git a/core/java/android/webkit/WebViewClient.java b/core/java/android/webkit/WebViewClient.java
index 788908ad9468..cbe75c405fe4 100644
--- a/core/java/android/webkit/WebViewClient.java
+++ b/core/java/android/webkit/WebViewClient.java
@@ -16,6 +16,7 @@
 
 package android.webkit;
 
+import android.annotation.IntDef;
 import android.graphics.Bitmap;
 import android.net.http.SslError;
 import android.os.Message;
@@ -23,6 +24,9 @@ import android.view.InputEvent;
 import android.view.KeyEvent;
 import android.view.ViewRootImpl;
 
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+
 public class WebViewClient {
 
     /**
@@ -150,6 +154,10 @@ public class WebViewClient {
      * other than the UI thread so clients should exercise caution
      * when accessing private data or the view system.
      *
+     * <p>Note: when Safe Browsing is enabled, these URLs still undergo Safe Browsing checks. If
+     * this is undesired, whitelist the URL with {@link WebView#setSafeBrowsingWhitelist} or ignore
+     * the warning with {@link #onSafeBrowsingHit}.
+     *
      * @param view The {@link android.webkit.WebView} that is requesting the
      *             resource.
      * @param url The raw url of the resource.
@@ -173,6 +181,10 @@ public class WebViewClient {
      * other than the UI thread so clients should exercise caution
      * when accessing private data or the view system.
      *
+     * <p>Note: when Safe Browsing is enabled, these URLs still undergo Safe Browsing checks. If
+     * this is undesired, whitelist the URL with {@link WebView#setSafeBrowsingWhitelist} or ignore
+     * the warning with {@link #onSafeBrowsingHit}.
+     *
      * @param view The {@link android.webkit.WebView} that is requesting the
      *             resource.
      * @param request Object containing the details of the request.
@@ -237,6 +249,25 @@ public class WebViewClient {
     /** Resource load was cancelled by Safe Browsing */
     public static final int ERROR_UNSAFE_RESOURCE = -16;
 
+    /** @hide */
+    @IntDef({
+        SAFE_BROWSING_THREAT_UNKNOWN,
+        SAFE_BROWSING_THREAT_MALWARE,
+        SAFE_BROWSING_THREAT_PHISHING,
+        SAFE_BROWSING_THREAT_UNWANTED_SOFTWARE
+    })
+    @Retention(RetentionPolicy.SOURCE)
+    public @interface SafeBrowsingThreat {}
+
+    /** The resource was blocked for an unknown reason */
+    public static final int SAFE_BROWSING_THREAT_UNKNOWN = 0;
+    /** The resource was blocked because it contains malware */
+    public static final int SAFE_BROWSING_THREAT_MALWARE = 1;
+    /** The resource was blocked because it contains deceptive content */
+    public static final int SAFE_BROWSING_THREAT_PHISHING = 2;
+    /** The resource was blocked because it contains unwanted software */
+    public static final int SAFE_BROWSING_THREAT_UNWANTED_SOFTWARE = 3;
+
     /**
      * Report an error to the host application. These errors are unrecoverable
      * (i.e. the main resource is unavailable). The errorCode parameter
@@ -496,4 +527,24 @@ public class WebViewClient {
     public boolean onRenderProcessGone(WebView view, RenderProcessGoneDetail detail) {
         return false;
     }
+
+    /**
+     * Notify the host application that a loading URL has been flagged by Safe Browsing.
+     *
+     * The application must invoke the callback to indicate the preferred response. The default
+     * behavior is to show an interstitial to the user, with the reporting checkbox visible.
+     *
+     * If the application needs to show its own custom interstitial UI, the callback can be invoked
+     * asynchronously with backToSafety() or proceed(), depending on user response.
+     *
+     * @param view The WebView that hit the malicious resource.
+     * @param request Object containing the details of the request.
+     * @param threatType The reason the resource was caught by Safe Browsing, corresponding to a
+     *                   SAFE_BROWSING_THREAT_* value.
+     * @param callback Applications must invoke one of the callback methods.
+     */
+    public void onSafeBrowsingHit(WebView view, WebResourceRequest request,
+            @SafeBrowsingThreat int threatType, SafeBrowsingResponse callback) {
+        callback.showInterstitial(/* allowReporting */ true);
+    }
 }