Chromium Code Reviews Chromium Code Reviews
Issue 1363613004:
Implement anonymous, opt-in, collection of OS X binary integrity incidents. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 // | 4 // |
| 5 // Client side phishing and malware detection request and response | 5 // Client side phishing and malware detection request and response |
| 6 // protocol buffers. Those protocol messages should be kept in sync | 6 // protocol buffers. Those protocol messages should be kept in sync |
| 7 // with the server implementation. | 7 // with the server implementation. |
| 8 // | 8 // |
| 9 // If you want to change this protocol definition or you have questions | 9 // If you want to change this protocol definition or you have questions |
| 10 // regarding its format please contact chrome-anti-phishing@googlegroups.com. | 10 // regarding its format please contact chrome-anti-phishing@googlegroups.com. |
| (...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 201 message CertificateChain { | 201 message CertificateChain { |
| 202 // A single link in the chain. | 202 // A single link in the chain. |
| 203 message Element { | 203 message Element { |
| 204 // DER-encoded X.509 representation of the certificate. | 204 // DER-encoded X.509 representation of the certificate. |
| 205 optional bytes certificate = 1; | 205 optional bytes certificate = 1; |
| 206 // Fields 2 - 7 are only used on the server. | 206 // Fields 2 - 7 are only used on the server. |
| 207 } | 207 } |
| 208 repeated Element element = 1; | 208 repeated Element element = 1; |
| 209 } | 209 } |
| 210 | 210 |
| 211 message ExtendedAttr { | |
|
Robert Sesek
2015/10/08 19:20:06
Document the message type too, specifically callin
Greg K
2015/10/09 17:12:01
Done.
| |
| 212 // This is the name of the extended attribute. | |
| 213 required string key = 1; | |
| 214 // This is the value of the extended attribute. | |
| 215 optional bytes value = 2; | |
| 216 } | |
| 217 | |
| 211 message SignatureInfo { | 218 message SignatureInfo { |
| 212 // All certificate chains for each of the binary's signers. Multiple chains | 219 // All certificate chains for each of the binary's signers. Multiple chains |
| 213 // may be present if the binary or any certificate has multiple signers. | 220 // may be present if the binary or any certificate has multiple signers. |
| 214 // Absence of certificate chains does not imply that the binary is not | 221 // Absence of certificate chains does not imply that the binary is not |
| 215 // signed (in that case, SignedData blobs extracted from the binary may be | 222 // signed (in that case, SignedData blobs extracted from the binary may be |
| 216 // preset), but does mean that trust has not been verified. | 223 // preset), but does mean that trust has not been verified. |
| 217 repeated CertificateChain certificate_chain = 1; | 224 repeated CertificateChain certificate_chain = 1; |
| 218 | 225 |
| 219 // True if the signature was trusted on the client. | 226 // True if the signature was trusted on the client. |
| 220 optional bool trusted = 2; | 227 optional bool trusted = 2; |
| 221 | 228 |
| 222 // On Windows, PKCS#7 SignedData blobs extracted from a portable executable | 229 // On Windows, PKCS#7 SignedData blobs extracted from a portable executable |
| 223 // image's attribute certificate table. The presence of these does not imply | 230 // image's attribute certificate table. The presence of these does not imply |
| 224 // that the signatures were deemed trusted by the client. | 231 // that the signatures were deemed trusted by the client. |
| 225 // On Mac, this is the code signature blob referenced by the | 232 // On Mac, this is the code signature blob referenced by the |
| 226 // LC_CODE_SIGNATURE load command. | 233 // LC_CODE_SIGNATURE load command. |
| 227 repeated bytes signed_data = 3; | 234 repeated bytes signed_data = 3; |
| 235 | |
| 236 // On OS X, code signing data can be contained in the extended attributes of | |
| 237 // a file. As GateKeeper respects this signature, we look for it and collect | |
| 238 // it. | |
| 239 repeated ExtendedAttr xattr = 4; | |
| 228 } | 240 } |
| 229 | 241 |
| 230 // This field will only be set if the binary is signed. | 242 // This field will only be set if the binary is signed. |
| 231 optional SignatureInfo signature = 5; | 243 optional SignatureInfo signature = 5; |
| 232 | 244 |
| 233 // True if the download was user initiated. | 245 // True if the download was user initiated. |
| 234 optional bool user_initiated = 6; | 246 optional bool user_initiated = 6; |
| 235 | 247 |
| 236 // Fields 7 and 8 are only used on the server. | 248 // Fields 7 and 8 are only used on the server. |
| 237 | 249 |
| (...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 414 WEAK_LEGACY_OBSOLETE = 2; | 426 WEAK_LEGACY_OBSOLETE = 2; |
| 415 CHANGED = 3; | 427 CHANGED = 3; |
| 416 UNTRUSTED_UNKNOWN_VALUE = 4; | 428 UNTRUSTED_UNKNOWN_VALUE = 4; |
| 417 } | 429 } |
| 418 | 430 |
| 419 optional string path = 1; | 431 optional string path = 1; |
| 420 optional string atomic_value = 2; | 432 optional string atomic_value = 2; |
| 421 repeated string split_key = 3; | 433 repeated string split_key = 3; |
| 422 optional ValueState value_state = 4; | 434 optional ValueState value_state = 4; |
| 423 } | 435 } |
| 436 | |
| 424 message BinaryIntegrityIncident { | 437 message BinaryIntegrityIncident { |
| 425 optional string file_basename = 1; | 438 optional string file_basename = 1; |
| 426 optional ClientDownloadRequest.SignatureInfo signature = 2; | 439 optional ClientDownloadRequest.SignatureInfo signature = 2; |
| 440 optional ClientDownloadRequest.ImageHeaders image_headers = 3; | |
| 441 optional int32 sec_error = 4; | |
| 427 } | 442 } |
| 443 | |
| 428 message BlacklistLoadIncident { | 444 message BlacklistLoadIncident { |
| 429 optional string path = 1; | 445 optional string path = 1; |
| 430 optional ClientDownloadRequest.Digests digest = 2; | 446 optional ClientDownloadRequest.Digests digest = 2; |
| 431 optional string version = 3; | 447 optional string version = 3; |
| 432 optional bool blacklist_initialized = 4; | 448 optional bool blacklist_initialized = 4; |
| 433 optional ClientDownloadRequest.SignatureInfo signature = 5; | 449 optional ClientDownloadRequest.SignatureInfo signature = 5; |
| 434 optional ClientDownloadRequest.ImageHeaders image_headers = 6; | 450 optional ClientDownloadRequest.ImageHeaders image_headers = 6; |
| 435 } | 451 } |
| 436 message VariationsSeedSignatureIncident { | 452 message VariationsSeedSignatureIncident { |
| 437 optional string variations_seed_signature = 1; | 453 optional string variations_seed_signature = 1; |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 564 message EnvironmentRequest { optional int32 dll_index = 1; } | 580 message EnvironmentRequest { optional int32 dll_index = 1; } |
| 565 | 581 |
| 566 repeated EnvironmentRequest environment_requests = 3; | 582 repeated EnvironmentRequest environment_requests = 3; |
| 567 } | 583 } |
| 568 | 584 |
| 569 message DownloadMetadata { | 585 message DownloadMetadata { |
| 570 optional uint32 download_id = 1; | 586 optional uint32 download_id = 1; |
| 571 | 587 |
| 572 optional ClientIncidentReport.DownloadDetails download = 2; | 588 optional ClientIncidentReport.DownloadDetails download = 2; |
| 573 } | 589 } |
| OLD | NEW |
