| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_analy
zer.h" | 5 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_analy
zer.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/callback.h" | 10 #include "base/callback.h" |
| 11 #include "base/files/file_util.h" | 11 #include "base/files/file_util.h" |
| 12 #include "base/metrics/histogram.h" | 12 #include "base/metrics/histogram.h" |
| 13 #include "base/strings/string_number_conversions.h" | 13 #include "base/strings/string_number_conversions.h" |
| 14 #include "base/strings/string_util.h" | 14 #include "base/strings/string_util.h" |
| 15 #include "base/strings/stringprintf.h" | 15 #include "base/strings/stringprintf.h" |
| 16 #include "base/time/time.h" | 16 #include "base/time/time.h" |
| 17 #include "chrome/browser/browser_process.h" | 17 #include "chrome/browser/browser_process.h" |
| 18 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_incid
ent.h" | 18 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_incid
ent.h" |
| 19 #include "chrome/browser/safe_browsing/incident_reporting/incident_receiver.h" | 19 #include "chrome/browser/safe_browsing/incident_reporting/incident_receiver.h" |
| 20 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | 20 #include "chrome/browser/safe_browsing/safe_browsing_service.h" |
| 21 #include "chrome/common/safe_browsing/binary_feature_extractor.h" | |
| 22 #include "chrome/common/safe_browsing/csd.pb.h" | 21 #include "chrome/common/safe_browsing/csd.pb.h" |
| 23 | 22 |
| 24 namespace safe_browsing { | 23 namespace safe_browsing { |
| 25 | 24 |
| 26 namespace { | |
| 27 | |
| 28 void RecordSignatureVerificationTime(size_t file_index, | 25 void RecordSignatureVerificationTime(size_t file_index, |
| 29 const base::TimeDelta& verification_time) { | 26 const base::TimeDelta& verification_time) { |
| 30 static const char kHistogramName[] = "SBIRS.VerifyBinaryIntegrity."; | 27 static const char kHistogramName[] = "SBIRS.VerifyBinaryIntegrity."; |
| 31 | 28 |
| 32 base::HistogramBase* signature_verification_time_histogram = | 29 base::HistogramBase* signature_verification_time_histogram = |
| 33 base::Histogram::FactoryTimeGet( | 30 base::Histogram::FactoryTimeGet( |
| 34 std::string(kHistogramName) + base::SizeTToString(file_index), | 31 std::string(kHistogramName) + base::SizeTToString(file_index), |
| 35 base::TimeDelta::FromMilliseconds(1), | 32 base::TimeDelta::FromMilliseconds(1), |
| 36 base::TimeDelta::FromSeconds(20), | 33 base::TimeDelta::FromSeconds(20), 50, |
| 37 50, | |
| 38 base::Histogram::kUmaTargetedHistogramFlag); | 34 base::Histogram::kUmaTargetedHistogramFlag); |
| 39 | 35 |
| 40 signature_verification_time_histogram->AddTime(verification_time); | 36 signature_verification_time_histogram->AddTime(verification_time); |
| 41 } | 37 } |
| 42 | 38 |
| 43 } // namespace | 39 void ClearBinaryIntegrityForFile(IncidentReceiver* incident_receiver, |
| 40 const std::string& basename) { |
| 41 scoped_ptr<ClientIncidentReport_IncidentData_BinaryIntegrityIncident> |
| 42 incident( |
| 43 new ClientIncidentReport_IncidentData_BinaryIntegrityIncident()); |
| 44 incident->set_file_basename(basename); |
| 45 incident_receiver->ClearIncidentForProcess( |
| 46 make_scoped_ptr(new BinaryIntegrityIncident(incident.Pass()))); |
| 47 } |
| 44 | 48 |
| 45 void RegisterBinaryIntegrityAnalysis() { | 49 void RegisterBinaryIntegrityAnalysis() { |
| 46 #if defined(OS_WIN) | 50 #if defined(OS_WIN) || defined(OS_MACOSX) |
| 47 scoped_refptr<SafeBrowsingService> safe_browsing_service( | 51 scoped_refptr<SafeBrowsingService> safe_browsing_service( |
| 48 g_browser_process->safe_browsing_service()); | 52 g_browser_process->safe_browsing_service()); |
| 49 | 53 |
| 50 safe_browsing_service->RegisterDelayedAnalysisCallback( | 54 safe_browsing_service->RegisterDelayedAnalysisCallback( |
| 51 base::Bind(&VerifyBinaryIntegrity)); | 55 base::Bind(&VerifyBinaryIntegrity)); |
| 52 #endif | 56 #endif |
| 53 } | 57 } |
| 54 | 58 |
| 55 void VerifyBinaryIntegrity(scoped_ptr<IncidentReceiver> incident_receiver) { | |
| 56 scoped_refptr<BinaryFeatureExtractor> binary_feature_extractor( | |
| 57 new BinaryFeatureExtractor()); | |
| 58 | |
| 59 std::vector<base::FilePath> critical_binaries = GetCriticalBinariesPath(); | |
| 60 for (size_t i = 0; i < critical_binaries.size(); ++i) { | |
| 61 base::FilePath binary_path(critical_binaries[i]); | |
| 62 if (!base::PathExists(binary_path)) | |
| 63 continue; | |
| 64 | |
| 65 scoped_ptr<ClientDownloadRequest_SignatureInfo> signature_info( | |
| 66 new ClientDownloadRequest_SignatureInfo()); | |
| 67 | |
| 68 base::TimeTicks time_before = base::TimeTicks::Now(); | |
| 69 binary_feature_extractor->CheckSignature(binary_path, signature_info.get()); | |
| 70 RecordSignatureVerificationTime(i, base::TimeTicks::Now() - time_before); | |
| 71 | |
| 72 // Only create a report if the signature is untrusted. | |
| 73 if (!signature_info->trusted()) { | |
| 74 scoped_ptr<ClientIncidentReport_IncidentData_BinaryIntegrityIncident> | |
| 75 incident( | |
| 76 new ClientIncidentReport_IncidentData_BinaryIntegrityIncident()); | |
| 77 | |
| 78 incident->set_file_basename(binary_path.BaseName().AsUTF8Unsafe()); | |
| 79 incident->set_allocated_signature(signature_info.release()); | |
| 80 | |
| 81 // Send the report. | |
| 82 incident_receiver->AddIncidentForProcess( | |
| 83 make_scoped_ptr(new BinaryIntegrityIncident(incident.Pass()))); | |
| 84 } else { | |
| 85 // The binary is integral, remove previous report so that next incidents | |
| 86 // for the binary will be reported. | |
| 87 scoped_ptr<ClientIncidentReport_IncidentData_BinaryIntegrityIncident> | |
| 88 incident( | |
| 89 new ClientIncidentReport_IncidentData_BinaryIntegrityIncident()); | |
| 90 incident->set_file_basename(binary_path.BaseName().AsUTF8Unsafe()); | |
| 91 incident_receiver->ClearIncidentForProcess( | |
| 92 make_scoped_ptr(new BinaryIntegrityIncident(incident.Pass()))); | |
| 93 } | |
| 94 } | |
| 95 } | |
| 96 | |
| 97 #if !defined(OS_WIN) | |
| 98 std::vector<base::FilePath> GetCriticalBinariesPath() { | |
| 99 return std::vector<base::FilePath>(); | |
| 100 } | |
| 101 #endif // !defined(OS_WIN) | |
| 102 | |
| 103 } // namespace safe_browsing | 59 } // namespace safe_browsing |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1363613004:
Implement anonymous, opt-in, collection of OS X binary integrity incidents. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master