chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer_mac.cc - Issue 1363613004: Implement anonymous, opt-in, collection of OS X binary integrity incidents.

Side by Side Diff: chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer_mac.cc

Issue 1363613004: Implement anonymous, opt-in, collection of OS X binary integrity incidents. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Test checkperms changs Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer.cc ('k') | chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer_mac_unittest.cc » ('j') | chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer_mac_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_analy zer.h"

	6

	7 #include "base/base_paths.h"

	8 #include "base/files/file_util.h"

	9 #include "base/path_service.h"

	10 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_incid ent.h"

	11 #include "chrome/browser/safe_browsing/incident_reporting/incident_receiver.h"

	12 #include "chrome/browser/safe_browsing/signature_evaluator_mac.h"

	13 #include "chrome/common/safe_browsing/csd.pb.h"

	14

	15 #define DEVELOPER_ID_APPLICATION_OID "field.1.2.840.113635.100.6.1.13"

	16 #define DEVELOPER_ID_INTERMEDIATE_OID "field.1.2.840.113635.100.6.2.6"

	17

	18 namespace safe_browsing {

	19

	20 namespace {

	21

	22 void VerifyBinaryIntegrityHelper(IncidentReceiver* incident_receiver,

	23 const base::FilePath& path,

	24 const std::string& requirement) {

	25 base::FilePath binary_path(path);

	26 if (!base::PathExists(binary_path))

	27 return;

	28

	29 MacSignatureEvaluator evaluator(binary_path, requirement);

	30 if (!evaluator.Initialize()) {

	31 LOG(ERROR) << "Could not initialize mac signature evaluator";

	32 return;

	33 }

	34

	35 std::vector<ClientIncidentReport_IncidentData_BinaryIntegrityIncident>

	36 results;

	37 if (!evaluator.PerformEvaluation(results)) {

	38 VLOG(1) << "Signature verification failed: " << path.value();

	39 for (const auto& incident : results) {

	40 scoped_ptr<ClientIncidentReport_IncidentData_BinaryIntegrityIncident>

	41 incident_copy(

	42 new ClientIncidentReport_IncidentData_BinaryIntegrityIncident());
	Robert Sesek 2015/10/08 19:20:06 Can you use the copy ctor and remove line 43? Can you use the copy ctor and remove line 43? Greg K 2015/10/09 17:12:01 Done. Show quoted text On 2015/10/08 19:20:06, Robert Sesek wrote: > Can you use the copy ctor and remove line 43? Done.
	43 *incident_copy = incident;

	44 incident_receiver->AddIncidentForProcess(

	45 make_scoped_ptr(new BinaryIntegrityIncident(incident_copy.Pass())));

	46 }

	47 }

	48 }

	49

	50 } // namespace

	51

	52 std::vector<std::pair<base::FilePath, std::string>>

	53 GetCriticalPathsAndRequirements() {

	54 // Get the path to the main executable.

	55 std::vector<std::pair<base::FilePath, std::string>> critical_binaries;

	56 base::FilePath main_exe;

	57 if (!PathService::Get(base::FILE_EXE, &main_exe))

	58 NOTREACHED();
	Robert Sesek 2015/10/08 19:20:06 NOTREACHED() is only a DCHECK, so this needs a ret NOTREACHED() is only a DCHECK, so this needs a return after it for release mode. Greg K 2015/10/09 17:12:01 Done. I thought about aborting on ASSERT() but the Show quoted text On 2015/10/08 19:20:06, Robert Sesek wrote: > NOTREACHED() is only a DCHECK, so this needs a return after it for release mode. Done. I thought about aborting on ASSERT() but the problem is, as bizarre as this case would be, the lack of ability to perform the background check doesn't really mean the browser shouldn't be able to continue.
	59 // This requirement describes a developer ID signed application,

	60 // with Google's team identifier, and the com.Google.Chrome[.canary]

	61 // identifier.

	62 std::string requirement =

	63 "anchor apple generic and certificate 1[" DEVELOPER_ID_INTERMEDIATE_OID

	64 "] exists and certificate leaf[" DEVELOPER_ID_APPLICATION_OID

	65 "] exists and certificate leaf[subject.OU]=\"EQHXZ8M8AV\" and "

	66 "(identifier=\"com.google.Chrome\" or "

	67 "identifier=\"com.google.Chrome.canary\")";

	68 critical_binaries.push_back(std::make_pair(main_exe, requirement));

	69 // TODO(kerrnel): eventually add Adobe Flash Player to this list.

	70 return critical_binaries;

	71 }

	72

	73 void VerifyBinaryIntegrityForTesting(IncidentReceiver* incident_receiver,

	74 const base::FilePath& path,

	75 const std::string& requirement) {

	76 VerifyBinaryIntegrityHelper(incident_receiver, path, requirement);

	77 }

	78

	79 void VerifyBinaryIntegrity(scoped_ptr<IncidentReceiver> incident_receiver) {

	80 std::vector<std::pair<base::FilePath, std::string>> bundles_and_requirements =

	81 GetCriticalPathsAndRequirements();

	82 int i = 0;

	83 for (const auto& p : bundles_and_requirements) {

	84 const base::FilePath& path = p.first;

	85 const std::string& requirement = p.second;

	86 base::TimeTicks time_before = base::TimeTicks::Now();

	87 VerifyBinaryIntegrityHelper(incident_receiver.get(), path, requirement);

	88 RecordSignatureVerificationTime(i++, base::TimeTicks::Now() - time_before);

	89 }

	90 }

	91

	92 } // namespac

OLD	NEW