From f58aa0a7d77aeafd5a5c73f8a3b83c70309acdbf Mon Sep 17 00:00:00 2001
From: Gian-Carlo Pascutto <gpascutto@mozilla.com>
Date: Mon, 24 Sep 2012 22:34:27 +0200
Subject: [PATCH] Bug 741808 - Make using the URL classifier possible in
 Fennec. r=mfinkle

---
 mobile/android/app/mobile.js                  |  45 ++---
 mobile/android/base/DoorHanger.java           |   5 +
 .../base/resources/layout/doorhanger.xml      |   3 +-
 .../android/chrome/content/blockedSite.xhtml  |   6 +-
 mobile/android/chrome/content/browser.js      |  66 +++++++
 mobile/android/components/Makefile.in         |   8 +-
 .../components/MobileComponents.manifest      |   7 -
 mobile/android/components/SafeBrowsing.js     | 168 ----------------
 mobile/android/components/SafeBrowsing.jsm    | 182 ++++++++++++++++++
 mobile/android/confvars.sh                    |   2 +-
 mobile/android/installer/package-manifest.in  |   4 +-
 .../locales/en-US/chrome/browser.properties   |   3 +
 12 files changed, 289 insertions(+), 210 deletions(-)
 delete mode 100644 mobile/android/components/SafeBrowsing.js
 create mode 100644 mobile/android/components/SafeBrowsing.jsm

diff --git a/mobile/android/app/mobile.js b/mobile/android/app/mobile.js
index 2599e9ba18fb..b9ce853e6cc0 100644
--- a/mobile/android/app/mobile.js
+++ b/mobile/android/app/mobile.js
@@ -534,33 +534,22 @@ pref("image.mem.min_discard_timeout_ms", 10000);
 pref("dom.w3c_touch_events.enabled", true);
 
 #ifdef MOZ_SAFE_BROWSING
-// Safe browsing does nothing unless this pref is set
-pref("browser.safebrowsing.enabled", true);
+pref("browser.safebrowsing.enabled", false);
+pref("browser.safebrowsing.malware.enabled", false);
+pref("browser.safebrowsing.debug", false);
 
-// Prevent loading of pages identified as malware
-pref("browser.safebrowsing.malware.enabled", true);
+pref("browser.safebrowsing.updateURL", "http://safebrowsing.clients.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
+pref("browser.safebrowsing.keyURL", "https://sb-ssl.google.com/safebrowsing/newkey?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
+pref("browser.safebrowsing.gethashURL", "http://safebrowsing.clients.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2");
+pref("browser.safebrowsing.reportURL", "http://safebrowsing.clients.google.com/safebrowsing/report?");
+pref("browser.safebrowsing.reportGenericURL", "http://%LOCALE%.phish-generic.mozilla.com/?hl=%LOCALE%");
+pref("browser.safebrowsing.reportErrorURL", "http://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%");
+pref("browser.safebrowsing.reportPhishURL", "http://%LOCALE%.phish-report.mozilla.com/?hl=%LOCALE%");
+pref("browser.safebrowsing.reportMalwareURL", "http://%LOCALE%.malware-report.mozilla.com/?hl=%LOCALE%");
+pref("browser.safebrowsing.reportMalwareErrorURL", "http://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%");
 
-// Non-enhanced mode (local url lists) URL list to check for updates
-pref("browser.safebrowsing.provider.0.updateURL", "http://safebrowsing.clients.google.com/safebrowsing/downloads?client={moz:client}&appver={moz:version}&pver=2.2");
-
-pref("browser.safebrowsing.dataProvider", 0);
-
-// Does the provider name need to be localizable?
-pref("browser.safebrowsing.provider.0.name", "Google");
-pref("browser.safebrowsing.provider.0.keyURL", "https://sb-ssl.google.com/safebrowsing/newkey?client={moz:client}&appver={moz:version}&pver=2.2");
-pref("browser.safebrowsing.provider.0.reportURL", "http://safebrowsing.clients.google.com/safebrowsing/report?");
-pref("browser.safebrowsing.provider.0.gethashURL", "http://safebrowsing.clients.google.com/safebrowsing/gethash?client={moz:client}&appver={moz:version}&pver=2.2");
-
-// HTML report pages
-pref("browser.safebrowsing.provider.0.reportGenericURL", "http://{moz:locale}.phish-generic.mozilla.com/?hl={moz:locale}");
-pref("browser.safebrowsing.provider.0.reportErrorURL", "http://{moz:locale}.phish-error.mozilla.com/?hl={moz:locale}");
-pref("browser.safebrowsing.provider.0.reportPhishURL", "http://{moz:locale}.phish-report.mozilla.com/?hl={moz:locale}");
-pref("browser.safebrowsing.provider.0.reportMalwareURL", "http://{moz:locale}.malware-report.mozilla.com/?hl={moz:locale}");
-pref("browser.safebrowsing.provider.0.reportMalwareErrorURL", "http://{moz:locale}.malware-error.mozilla.com/?hl={moz:locale}");
-
-// FAQ URLs
-pref("browser.safebrowsing.warning.infoURL", "http://www.mozilla.com/%LOCALE%/%APP%/phishing-protection/");
-pref("browser.geolocation.warning.infoURL", "http://www.mozilla.com/%LOCALE%/%APP%/geolocation/");
+pref("browser.safebrowsing.warning.infoURL", "http://www.mozilla.com/%LOCALE%/firefox/phishing-protection/");
+pref("browser.safebrowsing.malware.reportURL", "http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
 
 // Name of the about: page contributed by safebrowsing to handle display of error
 // pages on phishing/malware hits.  (bug 399233)
@@ -569,6 +558,9 @@ pref("urlclassifier.alternate_error_page", "blocked");
 // The number of random entries to send with a gethash request.
 pref("urlclassifier.gethashnoise", 4);
 
+// Randomize all UrlClassifier data with a per-client key.
+pref("urlclassifier.randomizeclient", true);
+
 // The list of tables that use the gethash request to confirm partial results.
 pref("urlclassifier.gethashtables", "goog-phish-shavar,goog-malware-shavar");
 
@@ -576,9 +568,6 @@ pref("urlclassifier.gethashtables", "goog-phish-shavar,goog-malware-shavar");
 // a gethash request will be forced to check that the result is still in
 // the database.
 pref("urlclassifier.confirm-age", 2700);
-
-// URL for checking the reason for a malware warning.
-pref("browser.safebrowsing.malware.reportURL", "http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
 #endif
 
 // True if this is the first time we are showing about:firstrun
diff --git a/mobile/android/base/DoorHanger.java b/mobile/android/base/DoorHanger.java
index da7cf5725aec..e5efb28fbaf9 100644
--- a/mobile/android/base/DoorHanger.java
+++ b/mobile/android/base/DoorHanger.java
@@ -86,6 +86,11 @@ public class DoorHanger extends LinearLayout implements Button.OnClickListener {
             }
          }
 
+        // Enable the button layout if we have buttons.
+        if (buttons.length() > 0) {
+            mChoicesLayout.setVisibility(LinearLayout.VISIBLE);
+        }
+
         setOptions(options);
     }
 
diff --git a/mobile/android/base/resources/layout/doorhanger.xml b/mobile/android/base/resources/layout/doorhanger.xml
index cbe1f27bc249..8a375bac7ac1 100644
--- a/mobile/android/base/resources/layout/doorhanger.xml
+++ b/mobile/android/base/resources/layout/doorhanger.xml
@@ -24,6 +24,7 @@
                   style="@android:style/ButtonBar"
                   android:layout_width="fill_parent"
                   android:layout_height="wrap_content"
-                  android:orientation="horizontal"/>
+                  android:orientation="horizontal"
+                  android:visibility="gone"/>
 
 </merge>
diff --git a/mobile/android/chrome/content/blockedSite.xhtml b/mobile/android/chrome/content/blockedSite.xhtml
index c0979ef08f6a..558a45a706f4 100644
--- a/mobile/android/chrome/content/blockedSite.xhtml
+++ b/mobile/android/chrome/content/blockedSite.xhtml
@@ -119,8 +119,6 @@
         el = document.getElementById("errorLongDescText_malware");
         el.parentNode.removeChild(el);
 
-        // Set sitename
-        document.getElementById("phishing_sitename").textContent = getHostString();
         document.title = document.getElementById("errorTitleText_phishing")
                                  .innerHTML;
       }
@@ -134,7 +132,6 @@
         -moz-appearance: none;
         background: transparent;
         border: none;
-        color: white;  /* Hard coded because netError.css forces this page's background to dark red */
         text-decoration: underline;
         margin: 0;
         padding: 0;
@@ -181,6 +178,9 @@
           <button id="reportButton">&safeb.palm.reportPage.label;</button>
         </div>
       </div>
+      <div id="ignoreWarning">
+        <button id="ignoreWarningButton">&safeb.palm.decline.label;</button>
+      </div>
     </div>
     <!--
     - Note: It is important to run the script this way, instead of using
diff --git a/mobile/android/chrome/content/browser.js b/mobile/android/chrome/content/browser.js
index 4f1d8da14360..930e856fb373 100644
--- a/mobile/android/chrome/content/browser.js
+++ b/mobile/android/chrome/content/browser.js
@@ -32,6 +32,14 @@ XPCOMUtils.defineLazyGetter(this, "NetUtil", function() {
   return NetUtil;
 });
 
+#ifdef MOZ_SAFE_BROWSING
+XPCOMUtils.defineLazyGetter(this, "SafeBrowsing", function() {
+  let tmp = {};
+ Cu.import("resource://gre/modules/SafeBrowsing.jsm", tmp);
+  return tmp.SafeBrowsing;
+});
+#endif
+
 // Lazily-loaded browser scripts:
 [
   ["HelperApps", "chrome://browser/content/HelperApps.js"],
@@ -344,6 +352,11 @@ var BrowserApp = {
         "value": Services.prefs.getBoolPref("gfx.show_checkerboard_pattern")
       }
     });
+
+#ifdef MOZ_SAFE_BROWSING
+    // Bug 778855 - Perf regression if we do this here. To be addressed in bug 779008.
+    setTimeout(function() { SafeBrowsing.init(); }, 2000);
+#endif
   },
 
   isAppUpdated: function() {
@@ -4213,6 +4226,59 @@ var ErrorPageEventHandler = {
           } else if (target == errorDoc.getElementById("getMeOutOfHereButton")) {
             errorDoc.location = "about:home";
           }
+        } else if (/^about:blocked/.test(errorDoc.documentURI)) {
+          let secHistogram = Cc["@mozilla.org/base/telemetry;1"].getService(Ci.nsITelemetry).getHistogramById("SECURITY_UI");
+
+          // The event came from a button on a malware/phishing block page
+          // First check whether it's malware or phishing, so that we can
+          // use the right strings/links
+          let isMalware = /e=malwareBlocked/.test(errorDoc.documentURI);
+          let bucketName = isMalware ? "WARNING_MALWARE_PAGE_" : "WARNING_PHISHING_PAGE_";
+          let nsISecTel = Ci.nsISecurityUITelemetry;
+
+          let formatter = Cc["@mozilla.org/toolkit/URLFormatterService;1"].getService(Ci.nsIURLFormatter);
+
+          if (target == errorDoc.getElementById("getMeOutButton")) {
+            secHistogram.add(nsISecTel[bucketName + "GET_ME_OUT_OF_HERE"]);
+            errorDoc.location = "about:home";
+          } else if (target == errorDoc.getElementById("reportButton")) {
+            // We log even if malware/phishing info URL couldn't be found:
+            // the measurement is for how many users clicked the WHY BLOCKED button
+            secHistogram.add(nsISecTel[bucketName + "WHY_BLOCKED"]);
+
+            // This is the "Why is this site blocked" button.  For malware,
+            // we can fetch a site-specific report, for phishing, we redirect
+            // to the generic page describing phishing protection.
+            if (isMalware) {
+              // Get the stop badware "why is this blocked" report url, append the current url, and go there.
+              try {
+                let reportURL = formatter.formatURLPref("browser.safebrowsing.malware.reportURL");
+                reportURL += errorDoc.location.href;
+                BrowserApp.selectedBrowser.loadURI(reportURL);
+              } catch (e) {
+                Cu.reportError("Couldn't get malware report URL: " + e);
+              }
+            } else {
+              // It's a phishing site, not malware. (There's no report URL)
+              try {
+                let reportURL = formatter.formatURLPref("browser.safebrowsing.warning.infoURL");
+                BrowserApp.selectedBrowser.loadURI(reportURL);
+              } catch (e) {
+                Cu.reportError("Couldn't get phishing info URL: " + e);
+              }
+            }
+          } else if (target == errorDoc.getElementById("ignoreWarningButton")) {
+            secHistogram.add(nsISecTel[bucketName + "IGNORE_WARNING"]);
+
+            // Allow users to override and continue through to the site,
+            let webNav = BrowserApp.selectedBrowser.docShell.QueryInterface(Ci.nsIWebNavigation);
+            let location = BrowserApp.selectedBrowser.contentWindow.location;
+            webNav.loadURI(location, Ci.nsIWebNavigation.LOAD_FLAGS_BYPASS_CLASSIFIER, null, null, null);
+
+            // ....but add a notify bar as a reminder, so that they don't lose
+            // track after, e.g., tab switching.
+            NativeWindow.doorhanger.show(Strings.browser.GetStringFromName("safeBrowsingDoorhanger"), "safebrowsing-warning", [], BrowserApp.selectedTab.id);
+          }
         }
         break;
       }
diff --git a/mobile/android/components/Makefile.in b/mobile/android/components/Makefile.in
index 4b5155b3acce..90dc3510886c 100644
--- a/mobile/android/components/Makefile.in
+++ b/mobile/android/components/Makefile.in
@@ -40,7 +40,13 @@ EXTRA_COMPONENTS = \
         $(NULL)
 
 ifdef MOZ_SAFE_BROWSING
-EXTRA_COMPONENTS += SafeBrowsing.js
+DEFINES += \
+        -DMOZ_APP_UA_NAME=$(MOZ_APP_UA_NAME) \
+        $(NULL)
+
+EXTRA_PP_JS_MODULES = \
+        SafeBrowsing.jsm \
+        $(NULL)
 endif
 
 include $(topsrcdir)/config/rules.mk
diff --git a/mobile/android/components/MobileComponents.manifest b/mobile/android/components/MobileComponents.manifest
index 7318e385a67a..fef83dca9d87 100644
--- a/mobile/android/components/MobileComponents.manifest
+++ b/mobile/android/components/MobileComponents.manifest
@@ -89,10 +89,3 @@ contract @mozilla.org/login-manager/prompter;1 {97d12931-abe2-11df-94e2-0800200c
 component {4e6ea350-b09a-11df-94e2-0800200c9a66} BlocklistPrompt.js
 contract @mozilla.org/addons/blocklist-prompt;1 {4e6ea350-b09a-11df-94e2-0800200c9a66}
 
-#ifdef MOZ_SAFE_BROWSING
-# SafeBrowsing.js
-component {aadaed90-6c03-42d0-924a-fc61198ff283} SafeBrowsing.js
-contract @mozilla.org/safebrowsing/application;1 {aadaed90-6c03-42d0-924a-fc61198ff283}
-category app-startup SafeBrowsing service,@mozilla.org/safebrowsing/application;1
-#endif
-
diff --git a/mobile/android/components/SafeBrowsing.js b/mobile/android/components/SafeBrowsing.js
deleted file mode 100644
index f1d252c8335d..000000000000
--- a/mobile/android/components/SafeBrowsing.js
+++ /dev/null
@@ -1,168 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-const Cc = Components.classes;
-const Ci = Components.interfaces;
-const Cu = Components.utils;
-const Cr = Components.results;
-
-Cu.import("resource://gre/modules/XPCOMUtils.jsm");
-Cu.import("resource://gre/modules/Services.jsm");
-
-const kPhishWardenEnabledPref = "browser.safebrowsing.enabled";
-const kMalwareWardenEnabledPref = "browser.safebrowsing.malware.enabled";
-
-// This XPCOM object doesn't have a public interface. It just works quietly in the background
-function SafeBrowsing() {
-  this.listManager = null;
-
-  // Once we register tables, their respective names will be listed here.
-  this.phishing = {
-    pref: kPhishWardenEnabledPref,
-    blackTables: [],
-    whiteTables: []
-  };
-  this.malware = {
-    pref: kMalwareWardenEnabledPref,
-    blackTables: [],
-    whiteTables: []
-  };
-
-  // Get notifications when the phishing or malware warden enabled pref changes
-  Services.prefs.addObserver(kPhishWardenEnabledPref, this, true);
-  Services.prefs.addObserver(kMalwareWardenEnabledPref, this, true);
-}
-
-SafeBrowsing.prototype = {
-  classID: Components.ID("{aadaed90-6c03-42d0-924a-fc61198ff283}"),
-
-  QueryInterface: XPCOMUtils.generateQI([Ci.nsISessionStore,
-                                         Ci.nsIDOMEventListener,
-                                         Ci.nsIObserver,
-                                         Ci.nsISupportsWeakReference]),
-
-  observe: function sb_observe(aSubject, aTopic, aData) {
-    switch (aTopic) {
-      case "app-startup":
-        Services.obs.addObserver(this, "final-ui-startup", true);
-        Services.obs.addObserver(this, "xpcom-shutdown", true);
-        break;
-      case "final-ui-startup":
-        Services.obs.removeObserver(this, "final-ui-startup");
-        this._startup();
-        break;
-      case "xpcom-shutdown":
-        Services.obs.removeObserver(this, "xpcom-shutdown");
-        this._shutdown();
-        break;
-      case "nsPref:changed":
-        if (aData == kPhishWardenEnabledPref)
-          this.maybeToggleUpdateChecking(this.phishing);
-        else if (aData == kMalwareWardenEnabledPref)
-          this.maybeToggleUpdateChecking(this.malware);
-        break;
-    }
-  },
-
-  _startup: function sb_startup() {
-    this.listManager = Cc["@mozilla.org/url-classifier/listmanager;1"].getService(Ci.nsIUrlListManager);
-
-    // Add a test chunk to the database
-    let testData = "mozilla.org/firefox/its-an-attack.html";
-    let testUpdate =
-      "n:1000\ni:test-malware-simple\nad:1\n" +
-      "a:1:32:" + testData.length + "\n" +
-      testData;
-
-    testData = "mozilla.org/firefox/its-a-trap.html";
-    testUpdate +=
-      "n:1000\ni:test-phish-simple\nad:1\n" +
-      "a:1:32:" + testData.length + "\n" +
-      testData;
-
-    let dbService = Cc["@mozilla.org/url-classifier/dbservice;1"].getService(Ci.nsIUrlClassifierDBService);
-
-    let listener = {
-      QueryInterface: function(aIID) {
-        if (aIID.equals(Ci.nsISupports) || aIID.equals(Ci.nsIUrlClassifierUpdateObserver))
-          return this;
-        throw Cr.NS_ERROR_NO_INTERFACE;
-      },
-
-      updateUrlRequested: function(aURL) { },
-      streamFinished: function(aStatus) { },
-      updateError: function(aErrorCode) { },
-      updateSuccess: function(aRequestedTimeout) { }
-    };
-
-    try {
-      dbService.beginUpdate(listener, "test-malware-simple,test-phish-simple", "");
-      dbService.beginStream("", "");
-      dbService.updateStream(testUpdate);
-      dbService.finishStream();
-      dbService.finishUpdate();
-    } catch(ex) {}
-
-    this.registerBlackTable("goog-malware-shavar", this.malware);
-    this.maybeToggleUpdateChecking(this.malware);
-
-    this.registerBlackTable("goog-phish-shavar", this.phishing);
-    this.maybeToggleUpdateChecking(this.phishing);
-  },
-
-  _shutdown: function sb_shutdown() {
-    Services.prefs.removeObserver(kPhishWardenEnabledPref, this);
-    Services.prefs.removeObserver(kMalwareWardenEnabledPref, this);
-
-    this.listManager = null;
-  },
-
-  enableBlacklistTableUpdates: function sb_enableBlacklistTableUpdates(aWarden) {
-    for (let i = 0; i < aWarden.blackTables.length; ++i) {
-      this.listManager.enableUpdate(aWarden.blackTables[i]);
-    }
-  },
-
-  disableBlacklistTableUpdates: function sb_disableBlacklistTableUpdates(aWarden) {
-    for (let i = 0; i < aWarden.blackTables.length; ++i) {
-      this.listManager.disableUpdate(aWarden.blackTables[i]);
-    }
-  },
-
-  enableWhitelistTableUpdates: function sb_enableWhitelistTableUpdates(aWarden) {
-    for (let i = 0; i < this.whiteTables.length; ++i) {
-      this.listManager.enableUpdate(this.whiteTables[i]);
-    }
-  },
-
-  disableWhitelistTableUpdates: function sb_disableWhitelistTableUpdates(aWarden) {
-    for (let i = 0; i < aWarden.whiteTables.length; ++i) {
-      this.listManager.disableUpdate(aWarden.whiteTables[i]);
-    }
-  },
-
-  registerBlackTable: function sb_registerBlackTable(aTableName, aWarden) {
-    let result = this.listManager.registerTable(aTableName, false);
-    if (result)
-      aWarden.blackTables.push(aTableName);
-    return result;
-  },
-
-  registerWhiteTable: function sb_registerWhiteTable(aTableName, aWarden) {
-    let result = this.listManager.registerTable(aTableName, false);
-    if (result)
-      aWarden.whiteTables.push(aTableName);
-    return result;
-  },
-
-  maybeToggleUpdateChecking: function sb_maybeToggleUpdateChecking(aWarden) {
-    let enabled = Services.prefs.getBoolPref(aWarden.pref);
-    if (enabled)
-      this.enableBlacklistTableUpdates(aWarden);
-    else
-      this.disableBlacklistTableUpdates(aWarden);
-  }
-}
-
-const NSGetFactory = XPCOMUtils.generateNSGetFactory([SafeBrowsing]);
diff --git a/mobile/android/components/SafeBrowsing.jsm b/mobile/android/components/SafeBrowsing.jsm
new file mode 100644
index 000000000000..9041d548a497
--- /dev/null
+++ b/mobile/android/components/SafeBrowsing.jsm
@@ -0,0 +1,182 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["SafeBrowsing"];
+
+const Cc = Components.classes;
+const Ci = Components.interfaces;
+const Cu = Components.utils;
+
+Cu.import("resource://gre/modules/Services.jsm");
+
+const phishingList = "goog-phish-shavar";
+const malwareList  = "goog-malware-shavar";
+
+var debug = false;
+
+function log(...stuff) {
+  if (!debug)
+    return;
+
+  let msg = "SafeBrowsing: " + stuff.join(" ");
+  Services.console.logStringMessage(msg);
+  dump(msg + "\n");
+}
+
+var SafeBrowsing = {
+
+  init: function() {
+    if (this.initialized) {
+      log("Already initialized");
+      return;
+    }
+
+    Services.prefs.addObserver("browser.safebrowsing", this.readPrefs, false);
+    this.readPrefs();
+
+    // Register our two types of tables, and add custom Mozilla entries
+    let listManager = Cc["@mozilla.org/url-classifier/listmanager;1"].
+                      getService(Ci.nsIUrlListManager);
+    listManager.registerTable(phishingList, false);
+    listManager.registerTable(malwareList, false);
+    this.addMozEntries();
+
+    this.controlUpdateChecking();
+    this.initialized = true;
+
+    log("init() finished");
+  },
+
+
+  initialized:     false,
+  phishingEnabled: false,
+  malwareEnabled:  false,
+
+  updateURL:             null,
+  keyURL:                null,
+  gethashURL:            null,
+
+  reportURL:             null,
+  reportGenericURL:      null,
+  reportErrorURL:        null,
+  reportPhishURL:        null,
+  reportMalwareURL:      null,
+  reportMalwareErrorURL: null,
+
+
+  getReportURL: function(kind) {
+    return this["report"  + kind + "URL"];
+  },
+
+
+  readPrefs: function() {
+    log("reading prefs");
+
+    debug = Services.prefs.getBoolPref("browser.safebrowsing.debug");
+    this.phishingEnabled = Services.prefs.getBoolPref("browser.safebrowsing.enabled");
+    this.malwareEnabled  = Services.prefs.getBoolPref("browser.safebrowsing.malware.enabled");
+    this.updateProviderURLs();
+
+    // XXX The listManager backend gets confused if this is called before the
+    // lists are registered. So only call it here when a pref changes, and not
+    // when doing initialization. I expect to refactor this later, so pardon the hack.
+    if (this.initialized)
+      this.controlUpdateChecking();
+  },
+
+
+  updateProviderURLs: function() {
+#ifdef USE_HISTORIC_SAFEBROWSING_ID
+    let clientID = "navclient-auto-ffox";
+#else
+#expand    let clientID = __MOZ_APP_UA_NAME__;
+#endif
+
+    log("initializing safe browsing URLs");
+    let basePref = "browser.safebrowsing.";
+
+    // Urls to HTML report pages
+    this.reportURL             = Services.urlFormatter.formatURLPref(basePref + "reportURL");
+    this.reportGenericURL      = Services.urlFormatter.formatURLPref(basePref + "reportGenericURL");
+    this.reportErrorURL        = Services.urlFormatter.formatURLPref(basePref + "reportErrorURL");
+    this.reportPhishURL        = Services.urlFormatter.formatURLPref(basePref + "reportPhishURL");
+    this.reportMalwareURL      = Services.urlFormatter.formatURLPref(basePref + "reportMalwareURL");
+    this.reportMalwareErrorURL = Services.urlFormatter.formatURLPref(basePref + "reportMalwareErrorURL");
+
+    // Urls used to update DB
+    this.updateURL  = Services.urlFormatter.formatURLPref(basePref + "updateURL");
+    this.keyURL     = Services.urlFormatter.formatURLPref(basePref + "keyURL");
+    this.gethashURL = Services.urlFormatter.formatURLPref(basePref + "gethashURL");
+
+    this.updateURL  = this.updateURL.replace("SAFEBROWSING_ID", clientID);
+    this.keyURL     = this.keyURL.replace("SAFEBROWSING_ID", clientID);
+    this.gethashURL = this.gethashURL.replace("SAFEBROWSING_ID", clientID);
+
+    let listManager = Cc["@mozilla.org/url-classifier/listmanager;1"].
+                      getService(Ci.nsIUrlListManager);
+
+    listManager.setUpdateUrl(this.updateURL);
+    // XXX Bug 779317 - setKeyUrl has the side effect of fetching a key from the server.
+    // This shouldn't happen if anti-phishing/anti-malware is disabled.
+    if (this.phishingEnabled || this.malwareEnabled)
+      listManager.setKeyUrl(this.keyURL);
+    listManager.setGethashUrl(this.gethashURL);
+  },
+
+
+  controlUpdateChecking: function() {
+    log("phishingEnabled:", this.phishingEnabled, "malwareEnabled:", this.malwareEnabled);
+
+    let listManager = Cc["@mozilla.org/url-classifier/listmanager;1"].
+                      getService(Ci.nsIUrlListManager);
+
+    if (this.phishingEnabled)
+      listManager.enableUpdate(phishingList);
+    else
+      listManager.disableUpdate(phishingList);
+
+    if (this.malwareEnabled)
+      listManager.enableUpdate(malwareList);
+    else
+      listManager.disableUpdate(malwareList);
+  },
+
+
+  addMozEntries: function() {
+    // Add test entries to the DB.
+    // XXX bug 779008 - this could be done by DB itself?
+    const phishURL   = "mozilla.org/firefox/its-a-trap.html";
+    const malwareURL = "mozilla.org/firefox/its-an-attack.html";
+
+    let update = "n:1000\ni:test-malware-simple\nad:1\n" +
+                 "a:1:32:" + malwareURL.length + "\n" +
+                 malwareURL;
+    update += "n:1000\ni:test-phish-simple\nad:1\n" +
+              "a:1:32:" + phishURL.length + "\n" +
+              phishURL;
+    log("addMozEntries:", update);
+
+    let db = Cc["@mozilla.org/url-classifier/dbservice;1"].
+             getService(Ci.nsIUrlClassifierDBService);
+
+    // nsIUrlClassifierUpdateObserver
+    let dummyListener = {
+      updateUrlRequested: function() { },
+      streamFinished:     function() { },
+      updateError:        function() { },
+      updateSuccess:      function() { }
+    };
+
+    try {
+      db.beginUpdate(dummyListener, "test-malware-simple,test-phish-simple", "");
+      db.beginStream("", "");
+      db.updateStream(update);
+      db.finishStream();
+      db.finishUpdate();
+    } catch(ex) {
+      // beginUpdate will throw harmlessly if there's an existing update in progress, ignore failures.
+      log("addMozEntries failed!", ex);
+    }
+  },
+};
diff --git a/mobile/android/confvars.sh b/mobile/android/confvars.sh
index b211bd332d36..412c2dbf590d 100755
--- a/mobile/android/confvars.sh
+++ b/mobile/android/confvars.sh
@@ -12,7 +12,7 @@ MOZ_BRANDING_DIRECTORY=mobile/android/branding/unofficial
 MOZ_OFFICIAL_BRANDING_DIRECTORY=mobile/android/branding/official
 # MOZ_APP_DISPLAYNAME is set by branding/configure.sh
 
-MOZ_SAFE_BROWSING=
+MOZ_SAFE_BROWSING=1
 
 MOZ_DISABLE_DOMCRYPTO=1
 
diff --git a/mobile/android/installer/package-manifest.in b/mobile/android/installer/package-manifest.in
index 2489d9d1e055..c2a9e9aba380 100644
--- a/mobile/android/installer/package-manifest.in
+++ b/mobile/android/installer/package-manifest.in
@@ -357,12 +357,14 @@
 ; Modules
 @BINPATH@/modules/*
 
+#ifdef MOZ_SAFE_BROWSING
 ; Safe Browsing
 @BINPATH@/components/nsURLClassifier.manifest
 @BINPATH@/components/nsUrlClassifierHashCompleter.js
 @BINPATH@/components/nsUrlClassifierListManager.js
 @BINPATH@/components/nsUrlClassifierLib.js
 @BINPATH@/components/url-classifier.xpt
+#endif
 
 ; GNOME hooks
 #ifdef MOZ_ENABLE_GNOME_COMPONENT
@@ -522,7 +524,7 @@ bin/components/@DLL_PREFIX@nkgnomevfs@DLL_SUFFIX@
 @BINPATH@/components/SessionStore.js
 @BINPATH@/components/Sidebar.js
 #ifdef MOZ_SAFE_BROWSING
-@BINPATH@/components/SafeBrowsing.js
+@BINPATH@/components/SafeBrowsing.jsm
 #endif
 @BINPATH@/components/XPIDialogService.js
 @BINPATH@/components/browsercomps.xpt
diff --git a/mobile/android/locales/en-US/chrome/browser.properties b/mobile/android/locales/en-US/chrome/browser.properties
index a420fc6d9a63..2981cdd08ba8 100644
--- a/mobile/android/locales/en-US/chrome/browser.properties
+++ b/mobile/android/locales/en-US/chrome/browser.properties
@@ -55,6 +55,9 @@ popupButtonAllowOnce=Show
 popupButtonAlwaysAllow2=Always Show
 popupButtonNeverWarn2=Never Show
 
+# SafeBrowsing
+safeBrowsingDoorhanger=This site has been identified as containing malware or a phishing attempt. Be careful.
+
 # LOCALIZATION NOTE (blockPopups.label): Label that will be used in
 # site settings dialog.
 blockPopups.label=Block Popups