Implement anonymous, opt-in, collection of OS X binary integrity incidents.

chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer_mac.cc

+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer_mac.h"
+
+#include "base/base_paths.h"

[grt (UTC plus 2), 2015/10/28 17:49:51]

unused

[Greg K, 2015/10/29 23:51:31]

Done.

+#include "base/files/file_util.h"
+#include "base/mac/bundle_locations.h"
+#include "base/path_service.h"

[grt (UTC plus 2), 2015/10/28 17:49:51]

unused

[Greg K, 2015/10/29 23:51:31]

Done.

+#include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_incident.h"
+#include "chrome/browser/safe_browsing/incident_reporting/incident_receiver.h"
+#include "chrome/browser/safe_browsing/signature_evaluator_mac.h"
+#include "chrome/common/safe_browsing/csd.pb.h"
+
+#define DEVELOPER_ID_APPLICATION_OID "field.1.2.840.113635.100.6.1.13"
+#define DEVELOPER_ID_INTERMEDIATE_OID "field.1.2.840.113635.100.6.2.6"
+
+namespace safe_browsing {
+
+namespace {
+
+void VerifyBinaryIntegrityHelper(IncidentReceiver* incident_receiver,
+                                 const base::FilePath& path,
+                                 const std::string& requirement) {
+  MacSignatureEvaluator evaluator(path, requirement);
+  if (!evaluator.Initialize()) {
+    LOG(ERROR) << "Could not initialize mac signature evaluator";
+    return;
+  }
+
+  scoped_ptr<ClientIncidentReport_IncidentData_BinaryIntegrityIncident>
+    incident(new ClientIncidentReport_IncidentData_BinaryIntegrityIncident());
+  if (!evaluator.PerformEvaluation(incident.get())) {
+    VLOG(1) << "Signature verification failed: " << path.value();

[grt (UTC plus 2), 2015/10/28 17:49:51]

DVLOG or no log at all

[Greg K, 2015/10/29 23:51:31]

Why no log at all? I actually want this log in production so that we can have
some direct insight into what happens in the actual signed builds. If you want,
I can do a follow up CL to delete this once it's deployed in canary, but at
least in the first few canary builds we ship I want to have some logging.

[grt (UTC plus 2), 2015/10/30 15:47:04]

VLOG adds weight to shipping builds.
Who would see the log? If it's just you for your manual testing and what you
want to know is if an incident is generated in a signed build when you manually
diddle the signature, look in chrome://histograms to see if the BINARY_INTEGRITY
bucket (2) of SBIRS.ReceivedIncident is hit. Or run the official Chrome in a
debugger and set a breakpoint on this function.
If you can get the validation you want by any other means, please do so. Logging
should be used as a last resort.

+    incident_receiver->AddIncidentForProcess(
+        make_scoped_ptr(new BinaryIntegrityIncident(incident.Pass())));
+  } else {
+    // Clear past incidents involving this bundle if the signature is
+    // now valid.
+    ClearIntegrityReports(incident_receiver, path.BaseName().value());
+  }
+}
+
+}  // namespace
+
+std::vector<PathAndRequirement> GetCriticalPathsAndRequirements() {
+  // Get the path to the main executable.
+  std::vector<PathAndRequirement> critical_binaries;
+  // This requirement describes a developer ID signed application,
+  // with Google's team identifier, and the com.Google.Chrome[.canary]
+  // identifier.
+  std::string requirement =
+      "anchor apple generic and certificate 1[" DEVELOPER_ID_INTERMEDIATE_OID
+      "] exists and certificate leaf[" DEVELOPER_ID_APPLICATION_OID
+      "] exists and certificate leaf[subject.OU]=\"EQHXZ8M8AV\" and "
+      "(identifier=\"com.google.Chrome\" or "
+      "identifier=\"com.google.Chrome.canary\")";
+  critical_binaries.push_back(PathAndRequirement(base::mac::OuterBundlePath(),
+                                                 requirement));
+  // TODO(kerrnel): eventually add Adobe Flash Player to this list.
+  return critical_binaries;
+}
+
+void VerifyBinaryIntegrityForTesting(IncidentReceiver* incident_receiver,
+                                     const base::FilePath& path,
+                                     const std::string& requirement) {
+  VerifyBinaryIntegrityHelper(incident_receiver, path, requirement);
+}
+
+void VerifyBinaryIntegrity(scoped_ptr<IncidentReceiver> incident_receiver) {
+  size_t i = 0;
+  for (const auto& p : GetCriticalPathsAndRequirements()) {
+    base::TimeTicks time_before = base::TimeTicks::Now();
+    VerifyBinaryIntegrityHelper(incident_receiver.get(),

[grt (UTC plus 2), 2015/10/28 17:49:51]

    VerifyBinaryIntegrityHelper(incident_receiver.get(), p.path, p.requirement);

[Greg K, 2015/10/29 23:51:31]

Done.

+                                p.path,
+                                p.requirement);
+    RecordSignatureVerificationTime(i++, base::TimeTicks::Now() - time_before);
+  }
+}
+
+}  // namespac