| Index: chrome/browser/safe_browsing/signature_evaluator_mac.mm
|
| diff --git a/chrome/browser/safe_browsing/signature_evaluator_mac.mm b/chrome/browser/safe_browsing/signature_evaluator_mac.mm
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..9e10f9870d506f3f5fbb23286a3b4676fac1d45b
|
| --- /dev/null
|
| +++ b/chrome/browser/safe_browsing/signature_evaluator_mac.mm
|
| @@ -0,0 +1,173 @@
|
| +// Copyright (c) 2015 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "chrome/browser/safe_browsing/signature_evaluator_mac.h"
|
| +
|
| +#include <CoreFoundation/CoreFoundation.h>
|
| +#include <Foundation/Foundation.h>
|
| +#include <Security/Security.h>
|
| +#include <sys/xattr.h>
|
| +
|
| +#include "base/mac/foundation_util.h"
|
| +#include "base/mac/mac_util.h"
|
| +#include "base/mac/scoped_cftyperef.h"
|
| +#include "base/mac/scoped_nsobject.h"
|
| +#include "base/strings/sys_string_conversions.h"
|
| +#include "chrome/common/safe_browsing/binary_feature_extractor.h"
|
| +#include "chrome/common/safe_browsing/csd.pb.h"
|
| +#include "chrome/common/safe_browsing/mach_o_image_reader_mac.h"
|
| +
|
| +namespace safe_browsing {
|
| +
|
| +namespace {
|
| +
|
| +// OS X code signing data can be stored in extended attributes as well. This is
|
| +// a list of the extended attributes slots currently used in Security.framework,
|
| +// from codesign.h (see the kSecCS_* constants).
|
| +const char* const xattrs[] = {
|
| + "com.apple.cs.CodeDirectory",
|
| + "com.apple.cs.CodeSignature",
|
| + "com.apple.cs.CodeRequirements",
|
| + "com.apple.cs.CodeResources",
|
| + "com.apple.cs.CodeApplication",
|
| + "com.apple.cs.CodeEntitlements",
|
| +};
|
| +
|
| +// Convenience function to get the appropriate path from a variety of NSObject
|
| +// types.
|
| +bool GetPathFromNSObject(id obj, std::string* output) {
|
| + if (NSString* str = base::mac::ObjCCast<NSString>(obj)) {
|
| + output->assign([str fileSystemRepresentation]);
|
| + return true;
|
| + } else if (NSURL* url = base::mac::ObjCCast<NSURL>(obj)) {
|
| + output->assign([[url path] fileSystemRepresentation]);
|
| + return true;
|
| + } else if (NSBundle* bundle = base::mac::ObjCCast<NSBundle>(obj)) {
|
| + output->assign([[bundle bundlePath] fileSystemRepresentation]);
|
| + return true;
|
| + }
|
| + return false;
|
| +}
|
| +
|
| +// Process the NSError information about any files that were altered.
|
| +void ReportAlteredFiles(
|
| + id detail,
|
| + int32_t err_code,
|
| + std::vector<ClientIncidentReport_IncidentData_BinaryIntegrityIncident>*
|
| + results) {
|
| + if (NSArray* arr = base::mac::ObjCCast<NSArray>(detail)) {
|
| + for (id obj in arr)
|
| + ReportAlteredFiles(obj, err_code, results);
|
| + } else {
|
| + std::string path_str;
|
| + if (!GetPathFromNSObject(detail, &path_str))
|
| + return;
|
| +
|
| + base::FilePath path(path_str);
|
| + ClientIncidentReport_IncidentData_BinaryIntegrityIncident incident;
|
| + incident.set_file_basename(path.BaseName().value());
|
| + incident.set_sec_error(err_code);
|
| + scoped_refptr<BinaryFeatureExtractor> bfe = new BinaryFeatureExtractor();
|
| +
|
| + // TODO(kerrnel): if Chrome ever opts into the OS X "kill" semantics, this
|
| + // call has to change. `ExtractImageFeatures` maps the file, which will
|
| + // cause Chrome to be killed before it can report on the invalid file.
|
| + // This call will need to read(2) the binary into a buffer.
|
| + if (!bfe->ExtractImageFeatures(
|
| + path,
|
| + BinaryFeatureExtractor::kDefaultOptions,
|
| + incident.mutable_image_headers(),
|
| + incident.mutable_signature()->mutable_signed_data())) {
|
| + // If this is not a mach-o file, search inside the extended attributes.
|
| + for (const char* attr : xattrs) {
|
| + ssize_t size = getxattr(path.value().c_str(), attr, nullptr, 0, 0, 0);
|
| + if (size >= 0) {
|
| + std::vector<uint8_t> xattr_data(size);
|
| + ssize_t post_size = getxattr(path.value().c_str(), attr,
|
| + &xattr_data[0], xattr_data.size(), 0, 0);
|
| + if (post_size >= 0) {
|
| + xattr_data.resize(post_size);
|
| + ClientDownloadRequest_ExtendedAttr* xattr_msg =
|
| + incident.mutable_signature()->add_xattr();
|
| + xattr_msg->set_key(attr);
|
| + xattr_msg->set_value(xattr_data.data(), xattr_data.size());
|
| + }
|
| + }
|
| + }
|
| + }
|
| + results->push_back(incident);
|
| + }
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +MacSignatureEvaluator::MacSignatureEvaluator(
|
| + const base::FilePath& signed_object_path)
|
| + : path_(signed_object_path),
|
| + requirement_str_(),
|
| + has_requirement_(false),
|
| + code_(nullptr),
|
| + requirement_(nullptr) {}
|
| +
|
| +MacSignatureEvaluator::MacSignatureEvaluator(
|
| + const base::FilePath& signed_object_path,
|
| + const std::string& requirement)
|
| + : path_(signed_object_path),
|
| + requirement_str_(requirement),
|
| + has_requirement_(true),
|
| + code_(nullptr),
|
| + requirement_(nullptr) {}
|
| +
|
| +MacSignatureEvaluator::~MacSignatureEvaluator() {}
|
| +
|
| +bool MacSignatureEvaluator::Initialize() {
|
| + base::scoped_nsobject<NSURL> code_url([[NSURL alloc]
|
| + initFileURLWithPath:base::SysUTF8ToNSString(path_.value())]);
|
| + if (!code_url)
|
| + return false;
|
| +
|
| + if (SecStaticCodeCreateWithPath(base::mac::NSToCFCast(code_url.get()),
|
| + kSecCSDefaultFlags,
|
| + code_.InitializeInto()) != errSecSuccess) {
|
| + return false;
|
| + }
|
| +
|
| + if (has_requirement_) {
|
| + if (SecRequirementCreateWithString(
|
| + base::mac::NSToCFCast(base::SysUTF8ToNSString(requirement_str_)),
|
| + kSecCSDefaultFlags, requirement_.InitializeInto()) !=
|
| + errSecSuccess) {
|
| + return false;
|
| + }
|
| + }
|
| +
|
| + return true;
|
| +}
|
| +
|
| +bool MacSignatureEvaluator::PerformEvaluation(
|
| + std::vector<ClientIncidentReport_IncidentData_BinaryIntegrityIncident>*
|
| + results) {
|
| + DCHECK(results->empty());
|
| + base::ScopedCFTypeRef<CFErrorRef> errors;
|
| + OSStatus err = SecStaticCodeCheckValidityWithErrors(
|
| + code_, kSecCSCheckAllArchitectures, requirement_,
|
| + errors.InitializeInto());
|
| + if (err == errSecSuccess)
|
| + return true;
|
| + // This adds the signature of the main binary to the incident reports.
|
| + ReportAlteredFiles(base::SysUTF8ToNSString(path_.value()), err, results);
|
| + if (errors) {
|
| + NSDictionary* info = [base::mac::CFToNSCast(errors.get()) userInfo];
|
| + static const CFStringRef keys[] = {
|
| + kSecCFErrorResourceAltered, kSecCFErrorResourceMissing,
|
| + };
|
| + for (CFStringRef key : keys) {
|
| + if (id detail = [info objectForKey:base::mac::CFToNSCast(key)])
|
| + ReportAlteredFiles(detail, err, results);
|
| + }
|
| + }
|
| + return false;
|
| +}
|
| +
|
| +} // namespace safe_browsing
|
|
|
Chromium Code Reviews
Issue 1363613004:
Implement anonymous, opt-in, collection of OS X binary integrity incidents. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master