Add a ModuleLoadAnalyzer which checks modules against a whitelist

chrome/browser/safe_browsing/incident_reporting/incident_reporting_service.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/incident_reporting/incident_reporting_service.h"
 
 #include <math.h>
 #include <stddef.h>
 #include <algorithm>
 #include <utility>
@@ skipping 98 matching lines @@
   return state;
 }
 
 // Returns true if the incident reporting service field trial is enabled.
 bool IsFieldTrialEnabled() {
   std::string group_name = base::FieldTrialList::FindFullName(
       "SafeBrowsingIncidentReportingService");
   return base::StartsWith(group_name, "Enabled", base::CompareCase::SENSITIVE);
 }
 
+bool ProfileCanAcceptIncident(Profile* profile, const Incident& incident) {
+  if (profile->IsOffTheRecord())
+    return false;
+  switch (incident.GetMinimumProfileConsent()) {

[grt (UTC plus 2), 2016/02/15 16:46:50]

i prefer the safer:
  if (!profile->GetPrefs()->GetBoolean(prefs::kSafeBrowsingEnabled))
    return false;
  switch (incident.GetMinimumProfileConsent()) {
    case MinimumProfileConsent::SAFE_BROWSING_ENABLED:
      return true;
    case MinimumProfileConsent::SAFE_BROWSING_EXTENDED_REPORTING_ENABLED:
      return profile->GetPrefs()->GetBoolean(
          prefs::kSafeBrowsingExtendedReportingEnabled);
  }
  NOTREACHED();
  return false;

[proberge, 2016/02/16 16:56:22]

Done.

+    case MinimumProfileConsent::SAFE_BROWSING_ENABLED:
+      return profile->GetPrefs()->GetBoolean(prefs::kSafeBrowsingEnabled);
+    case MinimumProfileConsent::SAFE_BROWSING_EXTENDED_REPORTING_ENABLED:
+      return profile->GetPrefs()->GetBoolean(
+          prefs::kSafeBrowsingExtendedReportingEnabled);
+    default:

[grt (UTC plus 2), 2016/02/15 16:46:50]

note: it's best to omit the default case when the values are explicitly defined
so that a compiler error will fire if someone adds a new value to the enum in
the future.

[proberge, 2016/02/16 16:56:22]

Done.

+      NOTREACHED();
+      return false;
+  }
+}
+
 }  // namespace
 
 struct IncidentReportingService::ProfileContext {
   ProfileContext();
   ~ProfileContext();
 
   // Returns true if the profile has incidents to be uploaded or cleared.
   bool HasIncidents() const;
 
   // The incidents collected for this profile pending creation and/or upload.
@@ skipping 79 matching lines @@
     scoped_ptr<Incident> incident) {
   DCHECK(thread_runner_->BelongsToCurrentThread());
   DCHECK(profile);
   AddIncidentOnMainThread(service_, profile, std::move(incident));
 }
 
 void IncidentReportingService::Receiver::AddIncidentForProcess(
     scoped_ptr<Incident> incident) {
   if (thread_runner_->BelongsToCurrentThread()) {
     AddIncidentOnMainThread(service_, nullptr, std::move(incident));
-  } else if (!thread_runner_->PostTask(
-      FROM_HERE,
-      base::Bind(&IncidentReportingService::Receiver::AddIncidentOnMainThread,
-                 service_, nullptr, base::Passed(&incident)))) {
-    LogIncidentDataType(DISCARDED, *incident);
+  } else {
+    thread_runner_->PostTask(
+        FROM_HERE,
+        base::Bind(&IncidentReportingService::Receiver::AddIncidentOnMainThread,
+                   service_, nullptr, base::Passed(&incident)));
   }
 }
 
 void IncidentReportingService::Receiver::ClearIncidentForProcess(
     scoped_ptr<Incident> incident) {
   if (thread_runner_->BelongsToCurrentThread()) {
     ClearIncidentOnMainThread(service_, nullptr, std::move(incident));
   } else {
     thread_runner_->PostTask(
         FROM_HERE,
@@ skipping 80 matching lines @@
       collation_timeout_pending_(),
       collation_timer_(FROM_HERE,
                        base::TimeDelta::FromMilliseconds(kDefaultUploadDelayMs),
                        this,
                        &IncidentReportingService::OnCollationTimeout),
       delayed_analysis_callbacks_(
           base::TimeDelta::FromMilliseconds(kDefaultCallbackIntervalMs),
           content::BrowserThread::GetBlockingPool()
               ->GetTaskRunnerWithShutdownBehavior(
                   base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)),
+      extended_reporting_only_delayed_analysis_callbacks_(
+          base::TimeDelta::FromMilliseconds(kDefaultCallbackIntervalMs),
+          content::BrowserThread::GetBlockingPool()
+              ->GetTaskRunnerWithShutdownBehavior(
+                  base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)),
       download_metadata_manager_(content::BrowserThread::GetBlockingPool()),
       receiver_weak_ptr_factory_(this),
       weak_ptr_factory_(this) {
   notification_registrar_.Add(this,
                               chrome::NOTIFICATION_PROFILE_ADDED,
                               content::NotificationService::AllSources());
   notification_registrar_.Add(this,
                               chrome::NOTIFICATION_PROFILE_DESTROYED,
                               content::NotificationService::AllSources());
   DownloadProtectionService* download_protection_service =
@@ skipping 47 matching lines @@
   delayed_analysis_callbacks_.RegisterCallback(
       base::Bind(callback, base::Passed(GetIncidentReceiver())));
 
   // Start running the callbacks if any profiles are participating in safe
   // browsing. If none are now, running will commence if/when a participaing
   // profile is added.
   if (FindEligibleProfile())
     delayed_analysis_callbacks_.Start();
 }
 
+void IncidentReportingService::
+    RegisterExtendedReportingOnlyDelayedAnalysisCallback(
+        const DelayedAnalysisCallback& callback) {
+  DCHECK(thread_checker_.CalledOnValidThread());
+
+  // |callback| will be run on the blocking pool. The receiver will bounce back
+  // to the origin thread if needed.
+  extended_reporting_only_delayed_analysis_callbacks_.RegisterCallback(
+      base::Bind(callback, base::Passed(GetIncidentReceiver())));
+
+  // Start running the callbacks if any profiles have opted into Safebrowsing
+  // extended reporting. If none are now, running will commence if/when such a
+  // profile is added.
+  Profile* profile = FindEligibleProfile();
+  if (profile &&
+      profile->GetPrefs()->GetBoolean(
+          prefs::kSafeBrowsingExtendedReportingEnabled)) {
+    extended_reporting_only_delayed_analysis_callbacks_.Start();
+  }
+}
+
 void IncidentReportingService::AddDownloadManager(
     content::DownloadManager* download_manager) {
   download_metadata_manager_.AddDownloadManager(download_manager);
 }
 
 IncidentReportingService::IncidentReportingService(
     SafeBrowsingService* safe_browsing_service,
     const scoped_refptr<net::URLRequestContextGetter>& request_context_getter,
     base::TimeDelta delayed_task_interval,
     const scoped_refptr<base::TaskRunner>& delayed_task_runner)
     : database_manager_(safe_browsing_service
                             ? safe_browsing_service->database_manager()
                             : NULL),
       url_request_context_getter_(request_context_getter),
       collect_environment_data_fn_(&CollectEnvironmentData),
       environment_collection_task_runner_(
           content::BrowserThread::GetBlockingPool()
               ->GetTaskRunnerWithShutdownBehavior(
                   base::SequencedWorkerPool::SKIP_ON_SHUTDOWN)),
       environment_collection_pending_(),
       collation_timeout_pending_(),
       collation_timer_(FROM_HERE,
                        base::TimeDelta::FromMilliseconds(kDefaultUploadDelayMs),
                        this,
                        &IncidentReportingService::OnCollationTimeout),
       delayed_analysis_callbacks_(delayed_task_interval, delayed_task_runner),
+      extended_reporting_only_delayed_analysis_callbacks_(delayed_task_interval,
+                                                          delayed_task_runner),
       download_metadata_manager_(content::BrowserThread::GetBlockingPool()),
       receiver_weak_ptr_factory_(this),
       weak_ptr_factory_(this) {
   enabled_by_field_trial_ = IsFieldTrialEnabled();
 
   notification_registrar_.Add(this,
                               chrome::NOTIFICATION_PROFILE_ADDED,
                               content::NotificationService::AllSources());
   notification_registrar_.Add(this,
                               chrome::NOTIFICATION_PROFILE_DESTROYED,
@@ skipping 39 matching lines @@
       LogIncidentDataType(DROPPED, *incident);
     context->incidents.clear();
   }
 
   if (enabled_for_profile) {
     // Start processing delayed analysis callbacks if incident reporting is
     // enabled for this new profile. Start is idempotent, so this is safe even
     // if they're already running.
     delayed_analysis_callbacks_.Start();
 
+    if (profile->GetPrefs()->GetBoolean(
+            prefs::kSafeBrowsingExtendedReportingEnabled)) {
+      extended_reporting_only_delayed_analysis_callbacks_.Start();
+    }
+
     // Start a new report if there are process-wide incidents, or incidents for
     // this profile.
     if ((GetProfileContext(nullptr) &&
          GetProfileContext(nullptr)->HasIncidents()) ||
         context->HasIncidents()) {
       BeginReportProcessing();
     }
   }
 
   // TODO(grt): register for pref change notifications to start delayed analysis
@@ skipping 416 matching lines @@
   // Associate the profile contexts and their incident data with the upload.
   UploadContext::PersistentIncidentStateCollection profiles_to_state;
   for (auto& profile_and_context : profiles_) {
     // Bypass process-wide incidents that have not yet been associated with a
     // profile.
     if (!profile_and_context.first)
       continue;
     ProfileContext* context = profile_and_context.second;
     if (context->incidents.empty())
       continue;
-    if (!IsEnabledForProfile(profile_and_context.first)) {
-      for (const auto& incident : context->incidents)
-        LogIncidentDataType(DROPPED, *incident);
-      context->incidents.clear();
-      continue;
-    }
     StateStore::Transaction transaction(context->state_store.get());
     std::vector<PersistentIncidentState> states;
     // Prep persistent data and prune any incidents already sent.
     for (const auto& incident : context->incidents) {
       const PersistentIncidentState state = ComputeIncidentState(*incident);
       if (context->state_store->HasBeenReported(state.type, state.key,
                                                 state.digest)) {
         LogIncidentDataType(PRUNED, *incident);
+      } else if (!ProfileCanAcceptIncident(profile_and_context.first,
+                                           *incident)) {
+        LogIncidentDataType(DROPPED, *incident);
       } else if (!has_download) {
         LogIncidentDataType(NO_DOWNLOAD, *incident);
         // Drop the incident and mark for future pruning since no executable
         // download was found.
         transaction.MarkAsReported(state.type, state.key, state.digest);
       } else {
         LogIncidentDataType(ACCEPTED, *incident);
         // Ownership of the payload is passed to the report.
         ClientIncidentReport_IncidentData* data =
             incident->TakePayload().release();
@@ skipping 135 matching lines @@
       if (!profile->IsOffTheRecord())
         OnProfileDestroyed(profile);
       break;
     }
     default:
       break;
   }
 }
 
 }  // namespace safe_browsing