Add support for Flash Player Component updates on Linux

chrome/common/component_flash_hint_file_linux.cc

Index: chrome/common/component_flash_hint_file_linux.cc
diff --git a/chrome/common/component_flash_hint_file_linux.cc b/chrome/common/component_flash_hint_file_linux.cc
new file mode 100644
index 0000000000000000000000000000000000000000..77616bee66663f91c9e37ec369057ad470c0906b
--- /dev/null
+++ b/chrome/common/component_flash_hint_file_linux.cc
@@ -0,0 +1,222 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/common/component_flash_hint_file.h"
+
+#include <fcntl.h>
+#include <sys/mman.h>
+
+#include "base/base64.h"
+#include "base/files/file_path.h"
+#include "base/files/file_util.h"
+#include "base/files/important_file_writer.h"
+#include "base/files/memory_mapped_file.h"
+#include "base/files/scoped_file.h"
+#include "base/json/json_string_value_serializer.h"
+#include "base/path_service.h"
+#include "base/posix/eintr_wrapper.h"
+#include "base/stl_util.h"
+#include "base/values.h"
+#include "chrome/common/chrome_paths.h"
+#include "crypto/secure_hash.h"
+#include "crypto/sha2.h"
+
+namespace chrome {
+
+namespace {
+// The current version of the hints file.
+const int kCurrentHintFileVersion = 0x10;
+// The earliest version of the hints file.
+const int kEarliestHintFileVersion = 0x10;
+// The Version field in the JSON encoded file.
+const char kVersionField[] = "Version";
+// The HashAlgorithm field in the JSON encoded file.
+const char kHashAlgoField[] = "HashAlgorithm";
+// The Hash field in the JSON encoded file.
+const char kHashField[] = "Hash";
+// The PluginPath field in the JSON encoded file.
+const char kPluginPath[] = "PluginPath";
+// The PluginVersion field in the JSON encoded file.
+const char kPluginVersion[] = "PluginVersion";
+// For use with the scoped_ptr of an mmap-ed buffer
+struct MmapDeleter {
+  size_t map_size;
+  inline void operator()(uint8_t* ptr) const {
+    if (ptr != MAP_FAILED)
+      munmap(ptr, map_size);
+  }
+};
+
+// Hashes the plugin file and returns the result in the out params.
+void SHA256Hash(const base::MemoryMappedFile& mapped_file,
+                void* result,
+                size_t len) {
+  CHECK(len == crypto::kSHA256Length);

[jln (very slow on Chromium), 2015/08/06 18:48:15]

CHECK_EQ()

[Greg K, 2015/08/07 21:15:29]

Done.

+  scoped_ptr<crypto::SecureHash> secure_hash(
+      crypto::SecureHash::Create(crypto::SecureHash::SHA256));
+  size_t bytes_remaining = mapped_file.length(), bytes_read = 0;

[jln (very slow on Chromium), 2015/08/06 18:48:15]

Style: one line per variable (can't find where that is in the style guide but
definitely true.

[Greg K, 2015/08/07 21:15:29]

Done.

+  const size_t page_size = sysconf(_SC_PAGE_SIZE);
+
+  while (bytes_remaining > 0) {
+    const size_t len =
+        bytes_remaining >= page_size ? page_size : bytes_remaining;
+    CHECK(bytes_remaining >= len);

[jln (very slow on Chromium), 2015/08/06 18:48:14]

CHECK_GE()

[Greg K, 2015/08/07 21:15:29]

Acknowledged.

+    secure_hash->Update(mapped_file.data() + bytes_read, len);

[jln (very slow on Chromium), 2015/08/06 18:48:14]

Why force this page by page? Why not ask update to do the full thing? This seems
overly complicated.

[Greg K, 2015/08/07 21:15:29]

Done.

+    bytes_remaining -= len;
+    bytes_read += len;
+  }
+  secure_hash->Finish(result, len);
+}
+
+}  // namespace
+
+// static
+bool ComponentFlashHintFile::TestExecutableMapping(const base::FilePath& path) {
+  const base::ScopedFD fd(HANDLE_EINTR(open(path.value().c_str(), O_RDONLY)));

[jln (very slow on Chromium), 2015/08/06 18:48:15]

Do CLOEXEC while you're at it.

[Greg K, 2015/08/07 21:15:29]

Done.

+  if (!fd.is_valid())
+    return false;
+  const MmapDeleter deleter = {.map_size = sizeof(uint8_t)};

[jln (very slow on Chromium), 2015/08/06 18:48:14]

Style: I don't think we allow designed initializers like this.

[Greg K, 2015/08/07 21:15:29]

Done.

+  scoped_ptr<uint8_t, MmapDeleter> buf_ptr(
+      reinterpret_cast<uint8_t*>(mmap(NULL, deleter.map_size,

[jln (very slow on Chromium), 2015/08/06 18:48:14]

Given the simplicity here, I would not use the MmapDeleter and just munmap as
needed.

[Greg K, 2015/08/07 21:15:29]

Makes sense, but I will leave it there in case someone adds to the function in
the future.

+                                      PROT_READ | PROT_EXEC, MAP_PRIVATE,
+                                      fd.get(), 0)),
+      deleter);
+  return buf_ptr.get() != MAP_FAILED;
+}
+
+// static
+bool ComponentFlashHintFile::RecordFlashUpdate(
+    const base::FilePath& unpacked_plugin,
+    const base::FilePath& moved_plugin,
+    const std::string& version) {
+  base::MemoryMappedFile mapped_file;
+  if (!mapped_file.Initialize(unpacked_plugin))
+    return false;
+
+  std::string hash(crypto::kSHA256Length, 0);
+  SHA256Hash(mapped_file, string_as_array(&hash), hash.size());
+
+  return WriteToDisk(kCurrentHintFileVersion,
+                     crypto::SecureHash::Algorithm::SHA256, hash, moved_plugin,
+                     version);
+}
+
+// static
+bool ComponentFlashHintFile::DoesHintFileExist() {
+  base::FilePath hint_file_path;
+  if (!PathService::Get(chrome::FILE_COMPONENT_FLASH_HINT, &hint_file_path))
+    return false;
+  return base::PathExists(hint_file_path);
+}
+
+// static
+bool ComponentFlashHintFile::WriteToDisk(
+    const int version,
+    const crypto::SecureHash::Algorithm algorithm,
+    const std::string& hash,
+    const base::FilePath& plugin_path,
+    const std::string& flash_version) {
+  base::FilePath hint_file_path;
+  if (!PathService::Get(chrome::FILE_COMPONENT_FLASH_HINT, &hint_file_path))
+    return false;
+
+  std::string encoded_hash;
+  base::Base64Encode(hash, &encoded_hash);
+
+  // Now construct a Value object to convert to JSON.
+  base::DictionaryValue dict;
+  dict.SetInteger(kVersionField, version);
+  dict.SetInteger(kHashAlgoField, crypto::SecureHash::SHA256);
+  dict.SetString(kHashField, encoded_hash);
+  dict.SetString(kPluginPath, plugin_path.value());
+  dict.SetString(kPluginVersion, flash_version);
+  // Do the serialization of the DictionaryValue to JSON.
+  std::string json_string;
+  JSONStringValueSerializer serializer(&json_string);
+  if (!serializer.Serialize(dict))
+    return false;
+
+  return base::ImportantFileWriter::WriteFileAtomically(hint_file_path,
+                                                        json_string);
+}
+
+// static
+bool ComponentFlashHintFile::VerifyAndReturnFlashLocation(
+    base::FilePath* path,
+    std::string* flash_version) {
+  base::FilePath hint_file_path;
+  if (!PathService::Get(chrome::FILE_COMPONENT_FLASH_HINT, &hint_file_path))
+    return false;
+
+  std::string json_string;
+  if (!base::ReadFileToString(hint_file_path, &json_string))
+    return false;
+
+  int error_code;
+  std::string error_message;
+  JSONStringValueDeserializer deserializer(json_string);
+  const scoped_ptr<base::Value> value(
+      deserializer.Deserialize(&error_code, &error_message));
+
+  if (value == nullptr) {
+    LOG(ERROR)
+        << "Could not deserialize the component updated flash hint file. Error "
+        << error_code << ": " << error_message;
+    return false;
+  }
+
+  base::DictionaryValue* dict = nullptr;
+  if (!value->GetAsDictionary(&dict))
+    return false;
+
+  int version;
+  if (!dict->GetInteger(kVersionField, &version))
+    return false;
+  if (version < kEarliestHintFileVersion || version > kCurrentHintFileVersion)
+    return false;
+
+  int hash_algorithm;
+  if (!dict->GetInteger(kHashAlgoField, &hash_algorithm))
+    return false;
+  if (hash_algorithm != crypto::SecureHash::SHA256)
+    return false;
+
+  std::string hash;
+  if (!dict->GetString(kHashField, &hash))
+    return false;
+
+  std::string plugin_path_str;
+  if (!dict->GetString(kPluginPath, &plugin_path_str))
+    return false;
+
+  std::string plugin_version_str;
+  if (!dict->GetString(kPluginVersion, &plugin_version_str))
+    return false;
+
+  std::string decoded_hash;
+  if (!base::Base64Decode(hash, &decoded_hash))
+    return false;
+
+  const base::FilePath plugin_path(plugin_path_str);
+  base::MemoryMappedFile plugin_file;
+  if (!plugin_file.Initialize(plugin_path))
+    return false;
+
+  std::vector<uint8_t> file_hash(crypto::kSHA256Length, 0);
+  SHA256Hash(plugin_file, &file_hash[0], file_hash.size());
+  if (memcmp(&file_hash[0], string_as_array(&decoded_hash),

[jln (very slow on Chromium), 2015/08/06 18:48:15]

So there is nothing better than memcmp in crypto/ ?

[Greg K, 2015/08/07 21:15:29]

Turns out there is SecureEqualMem.

+             crypto::kSHA256Length) != 0) {
+    LOG(ERROR)
+        << "The hash recorded in the component flash hint file does not "
+           "match the actual hash of the flash plugin found on disk. The "
+           "component flash plugin will not be loaded.";
+    return false;
+  }
+
+  *path = plugin_path;
+  flash_version->assign(plugin_version_str);
+  return true;
+}
+
+}  // namespace chrome