Google Git
Sign in
chromium / chromium / src / d2b025354f6466af04df4b87826a3751c32aa7f4^! / . / docs / security / faq.md
commitd2b025354f6466af04df4b87826a3751c32aa7f4[log] [tgz]
authorDaseul Lee <[email protected]>Tue Jan 09 15:22:10 2024
committerChromium LUCI CQ <[email protected]>Tue Jan 09 15:22:10 2024
tree3fde341c725ebdae6746af5c076064093708af13
parent2426fc6a49bf44840de8c48b82827e39fb1a8887 [diff] [blame]
Add security FAQ entry about File System Access API blocklist.

Change-Id: If560fbfa538241a70884e1b092c5e12f2133f518
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5177436
Reviewed-by: Adrian Taylor <[email protected]>
Commit-Queue: Daseul Lee <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1244669}

diff --git a/docs/security/faq.md b/docs/security/faq.md
index 62cd02cb..5896f1e 100644
--- a/docs/security/faq.md
+++ b/docs/security/faq.md

@@ -242,6 +242,20 @@
 without any user interaction with the file (e.g. DLL hijacking). If you discover
 a new file type that meets that condition, we’d like to hear about it.
 
+<a name="TOC-i-found-a-local-file-or-directory-that-may-be-security-sensitive-and-is-not-blocked-by-file-system-access-api-"></a>
+### I found a local file or directory that may be security-sensitive and is not blocked by File System Access API - is this a security bug?
+
+The File System Access API maintains a [blocklist](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/file_system_access/chrome_file_system_access_permission_context.cc;l=266-346)
+of directories and files that may be sensitive such as systems file, and if user
+chooses a file or a directory matching the list on a site using File System
+Access API, the access is blocked.
+
+The blocklist is designed to help mitigate accidental granting by users by
+listing well-known, security-sensitive locations, as a defense in-depth
+strategy. Therefore, the blocklist coverage is not deemed as a security bug,
+especially as it requires user's explicit selection on a file or a directory
+from the file picker.
+
 <a name="TOC-I-can-download-a-file-with-an-unsafe-extension-but-a-different-extension-or-file-type-is-shown-to-the-user-"></a>
 ### I can download a file with an unsafe extension but a different extension or file type is shown to the user - is this a security bug?
 <a name="TOC-Extensions-for-downloaded-files-are-not-shown-in-a-file-dialog-"></a>