Implement anonymous, opt-in, collection of OS X binary integrity incidents.

chrome/browser/safe_browsing/signature_evaluator_mac.h

+// Copyright (c) 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_COMMON_SAFE_BROWSING_SIGNATURE_EVALUATOR_MAC_H_
+#define CHROME_COMMON_SAFE_BROWSING_SIGNATURE_EVALUATOR_MAC_H_
+
+#include "build/build_config.h"
+
+#if !defined(OS_MACOSX)

[Mark Mentovai, 2015/10/05 15:02:11]

Not necessary. The _mac name makes sure that no other platform will see
signature_evaluator_mac.mm. (So does the .mm, in fact.) Because of that, the
#include above is also not necessary.

[Greg K, 2015/10/07 22:54:29]

Done.

+#error "This file builds on OS X only."
+#endif
+
+#include <Security/Security.h>
+#include <string>

[Mark Mentovai, 2015/10/05 15:02:11]

Blank line between C and C++ system headers.

[Greg K, 2015/10/07 22:54:29]

Done.

+#include <vector>
+
+#include "base/files/file_path.h"
+#include "base/mac/scoped_cftyperef.h"
+#include "base/memory/ref_counted.h"
+#include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_incident.h"
+#include "chrome/browser/safe_browsing/incident_reporting/osx_binary_integrity_incident.h"
+
+#if __OBJC__
+@class NSObject;
+#else
+class NSObject;
+#endif
+
+namespace safe_browsing {
+
+class MacSignatureEvaluator {

[Robert Sesek, 2015/10/05 22:19:07]

Needs a class-levelc omment.

[Greg K, 2015/10/07 22:54:29]

Done.

+ public:
+  explicit MacSignatureEvaluator(const base::FilePath& signed_object_path);
+
+  // The requirement string must be a valid "Code Signing Requirement Language"
+  // string, which describes the identity of the signer.
+  MacSignatureEvaluator(const base::FilePath& signed_object_path,
+                        const std::string& requirement);
+
+  ~MacSignatureEvaluator();
+
+  // This creates the static code object and requirement string, and returns
+  // true if the object creation succeeds, else false.
+  bool Initialize();
+
+  // Evaluate the signature and return a list of any binary integrity incident
+  // reports. Returns true if and only if the signed code object is valid.
+  bool PerformEvaluation(
+      ClientIncidentReport_IncidentData_OSXBinaryIntegrityIncident* incident);
+
+ private:
+  // This is the path to the code object on disk.

[Mark Mentovai, 2015/10/05 15:02:11]

“This is” on almost everything here (including Initialize()), kinda redundant.

[Greg K, 2015/10/07 22:54:29]

Done.

+  base::FilePath path_;
+
+  // This is a Code Signing Requirement string.
+  std::string requirement_str_;
+
+  // Records whether or not a requirement string was specified.
+  bool has_requirement_;
+
+  // This is the static code object constructed from the code object on disk.
+  base::ScopedCFTypeRef<SecStaticCodeRef> code_;
+
+  // This is the requirement object constructed from the requirement string.
+  base::ScopedCFTypeRef<SecRequirementRef> requirement_;
+
+  // Process the NSError information about any files that were altered.
+  void report_altered_files(

[Mark Mentovai, 2015/10/05 15:02:11]

1. Naming: ReportAlteredFiles().
http://google.github.io/styleguide/cppguide.html#Function_Names
2. Ordering: methods come before data.
http://google.github.io/styleguide/cppguide.html#Declaration_Order

[Greg K, 2015/10/07 22:54:29]

Done.

+      NSObject* detail,

[Mark Mentovai, 2015/10/05 15:02:11]

NSObject* or id?

[Greg K, 2015/10/07 22:54:29]

id<NSObject>

+      ClientIncidentReport_IncidentData_OSXBinaryIntegrityIncident* incident);
+};

[Mark Mentovai, 2015/10/05 15:02:11]

DISALLOW_COPY_AND_ASSIGN

[Greg K, 2015/10/07 22:54:29]

Done.

+
+}  // namespace safe_browsing
+
+#endif  // CHROME_COMMON_SAFE_BROWSING_SIGNATURE_EVALUATOR_MAC_H_