Implement anonymous, opt-in, collection of OS X binary integrity incidents.

chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer_mac.cc

Index: chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer_mac.cc
diff --git a/chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer_mac.cc b/chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer_mac.cc
new file mode 100644
index 0000000000000000000000000000000000000000..9f4ef68f1670cc609ada763de553cb08f98abad7
--- /dev/null
+++ b/chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer_mac.cc
@@ -0,0 +1,92 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer.h"
+
+#include "base/base_paths.h"
+#include "base/files/file_util.h"
+#include "base/path_service.h"
+#include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_incident.h"
+#include "chrome/browser/safe_browsing/incident_reporting/incident_receiver.h"
+#include "chrome/browser/safe_browsing/signature_evaluator_mac.h"
+#include "chrome/common/safe_browsing/csd.pb.h"
+
+#define DEVELOPER_ID_APPLICATION_OID "field.1.2.840.113635.100.6.1.13"
+#define DEVELOPER_ID_INTERMEDIATE_OID "field.1.2.840.113635.100.6.2.6"
+
+namespace safe_browsing {
+
+namespace {
+
+void VerifyBinaryIntegrityHelper(IncidentReceiver* incident_receiver,
+                                 const base::FilePath& path,
+                                 const std::string& requirement) {
+  base::FilePath binary_path(path);
+  if (!base::PathExists(binary_path))
+    return;
+
+  MacSignatureEvaluator evaluator(binary_path, requirement);
+  if (!evaluator.Initialize()) {
+    LOG(ERROR) << "Could not initialize mac signature evaluator";
+    return;
+  }
+
+  std::vector<ClientIncidentReport_IncidentData_BinaryIntegrityIncident>
+      results;
+  if (!evaluator.PerformEvaluation(results)) {
+    VLOG(1) << "Signature verification failed: " << path.value();
+    for (const auto& incident : results) {
+      scoped_ptr<ClientIncidentReport_IncidentData_BinaryIntegrityIncident>
+          incident_copy(
+              new ClientIncidentReport_IncidentData_BinaryIntegrityIncident());

[Robert Sesek, 2015/10/08 19:20:06]

Can you use the copy ctor and remove line 43?

[Greg K, 2015/10/09 17:12:01]

Done.

+      *incident_copy = incident;
+      incident_receiver->AddIncidentForProcess(
+          make_scoped_ptr(new BinaryIntegrityIncident(incident_copy.Pass())));
+    }
+  }
+}
+
+}  // namespace
+
+std::vector<std::pair<base::FilePath, std::string>>
+GetCriticalPathsAndRequirements() {
+  // Get the path to the main executable.
+  std::vector<std::pair<base::FilePath, std::string>> critical_binaries;
+  base::FilePath main_exe;
+  if (!PathService::Get(base::FILE_EXE, &main_exe))
+    NOTREACHED();

[Robert Sesek, 2015/10/08 19:20:06]

NOTREACHED() is only a DCHECK, so this needs a return after it for release mode.

[Greg K, 2015/10/09 17:12:01]

Done. I thought about aborting on ASSERT() but the problem is, as bizarre as
this case would be, the lack of ability to perform the background check doesn't
really mean the browser shouldn't be able to continue.

+  // This requirement describes a developer ID signed application,
+  // with Google's team identifier, and the com.Google.Chrome[.canary]
+  // identifier.
+  std::string requirement =
+      "anchor apple generic and certificate 1[" DEVELOPER_ID_INTERMEDIATE_OID
+      "] exists and certificate leaf[" DEVELOPER_ID_APPLICATION_OID
+      "] exists and certificate leaf[subject.OU]=\"EQHXZ8M8AV\" and "
+      "(identifier=\"com.google.Chrome\" or "
+      "identifier=\"com.google.Chrome.canary\")";
+  critical_binaries.push_back(std::make_pair(main_exe, requirement));
+  // TODO(kerrnel): eventually add Adobe Flash Player to this list.
+  return critical_binaries;
+}
+
+void VerifyBinaryIntegrityForTesting(IncidentReceiver* incident_receiver,
+                                     const base::FilePath& path,
+                                     const std::string& requirement) {
+  VerifyBinaryIntegrityHelper(incident_receiver, path, requirement);
+}
+
+void VerifyBinaryIntegrity(scoped_ptr<IncidentReceiver> incident_receiver) {
+  std::vector<std::pair<base::FilePath, std::string>> bundles_and_requirements =
+      GetCriticalPathsAndRequirements();
+  int i = 0;
+  for (const auto& p : bundles_and_requirements) {
+    const base::FilePath& path = p.first;
+    const std::string& requirement = p.second;
+    base::TimeTicks time_before = base::TimeTicks::Now();
+    VerifyBinaryIntegrityHelper(incident_receiver.get(), path, requirement);
+    RecordSignatureVerificationTime(i++, base::TimeTicks::Now() - time_before);
+  }
+}
+
+}  // namespac