Add UMA stats to record when DLLs are successfully blocked in the Browser.

chrome/browser/chrome_elf_init_win.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "base/bind.h"
+#include "base/md5.h"
 #include "base/metrics/field_trial.h"
 #include "base/metrics/histogram.h"
+#include "base/metrics/sparse_histogram.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/win/registry.h"
 #include "chrome/browser/chrome_elf_init_win.h"
 #include "chrome_elf/blacklist/blacklist.h"
+#include "content/public/browser/browser_thread.h"
 #include "version.h"  // NOLINT
 
 namespace {
 
 const char kBrowserBlacklistTrialName[] = "BrowserBlacklist";
 const char kBrowserBlacklistTrialEnabledGroupName[] = "Enabled";
 
 // This enum is used to define the buckets for an enumerated UMA histogram.
 // Hence,
 //   (a) existing enumerated constants should never be deleted or reordered, and
@@ skipping 29 matching lines @@
 
 void InitializeChromeElf() {
   if (base::FieldTrialList::FindFullName(kBrowserBlacklistTrialName) ==
       kBrowserBlacklistTrialEnabledGroupName) {
     BrowserBlacklistBeaconSetup();
   } else {
     // Disable the blacklist for all future runs by removing the beacon.
     base::win::RegKey blacklist_registry_key(HKEY_CURRENT_USER);
     blacklist_registry_key.DeleteKey(blacklist::kRegistryBeaconPath);
   }
+
+  // Report all successful blacklist interception.

[robertshield, 2014/02/24 15:24:05]

interceptions

[csharp, 2014/02/24 21:37:16]

Done.

+  ReportSuccessfulBlocks();
+
+  // Schedule another task to report all sucessfully interceptions later.

[robertshield, 2014/02/24 15:24:05]

successful

[csharp, 2014/02/24 21:37:16]

Done.

+  // This timne delay should be long enough to catch any dlls that attempt to

[robertshield, 2014/02/24 15:24:05]

time

[csharp, 2014/02/24 21:37:16]

Done.

+  // inject after Chrome has started up.
+  content::BrowserThread::PostDelayedTask(content::BrowserThread::UI,
+                                          FROM_HERE,
+                                          base::Bind(&ReportSuccessfulBlocks),
+                                          base::TimeDelta::FromSeconds(600));

[robertshield, 2014/02/24 15:24:05]

Make the 600 a constant declared at the top with the other constants.

[csharp, 2014/02/24 21:37:16]

Done.

 }
 
 void BrowserBlacklistBeaconSetup() {
   base::win::RegKey blacklist_registry_key(HKEY_CURRENT_USER,
                                            blacklist::kRegistryBeaconPath,
                                            KEY_QUERY_VALUE | KEY_SET_VALUE);
 
   // Find the last recorded blacklist version.
   base::string16 blacklist_version;
   blacklist_registry_key.ReadValue(blacklist::kBeaconVersion,
@@ skipping 42 matching lines @@
 
       // Since some part of the blacklist failed, ensure it is now disabled
       // for this version.
       if (blacklist_state != blacklist::BLACKLIST_DISABLED) {
         blacklist_registry_key.WriteValue(blacklist::kBeaconState,
                                           blacklist::BLACKLIST_DISABLED);
       }
     }
   }
 }
+
+void ReportSuccessfulBlocks() {
+  typedef void(*SuccessfullyBlocked)(const wchar_t**, int*);

[robertshield, 2014/02/24 15:24:05]

s/SuccessfullyBlocked/SuccessfullyBlockedPtr/

[csharp, 2014/02/24 21:37:16]

Done.

+  SuccessfullyBlocked successfully_blocked =
+      reinterpret_cast<SuccessfullyBlocked>(
+          GetProcAddress(GetModuleHandle(L"chrome_elf.dll"),
+          "SuccessfullyBlocked"));

[robertshield, 2014/02/24 15:24:05]

line this up either with a four space indent or with the other parameter to
GetModuleHandle (or use git cl format)

[csharp, 2014/02/24 21:37:16]

Done.

+
+  if (!successfully_blocked)
+    return;
+
+  // Figure out how many dlls were blocked.
+  int num_blocked_dlls;

[robertshield, 2014/02/24 15:24:05]

= 0

[csharp, 2014/02/24 21:37:16]

Done.

+  successfully_blocked(NULL, &num_blocked_dlls);
+
+  // Now retrieve the list of blocked dlls.
+  std::vector<const wchar_t *> blocked_dlls(num_blocked_dlls);

[robertshield, 2014/02/24 15:24:05]

wchar_t* (no space)

[csharp, 2014/02/24 21:37:16]

Done.

+  successfully_blocked(&(blocked_dlls[0]), &num_blocked_dlls);

[robertshield, 2014/02/24 15:24:05]

don't need the parens: &blocked_dlls[0]

[csharp, 2014/02/24 21:37:16]

Done.

+
+  // Send up the hashes of the blocked dlls via UMA.
+  for (size_t i = 0; i < blocked_dlls.size(); ++i) {
+    base::MD5Digest hash;

[csharp, 2014/02/20 19:48:37]

This hashing approach seems pretty silly, but I couldn't think of a better way
to do this. Alexei, any advice/tips? :)

+    base::MD5Sum(blocked_dlls[i], wcslen(blocked_dlls[i]), &hash);
+
+    // Convert the md5 hash to an integer. Strip off the signed bit because
+    // UMA doesn't support negative values, but takes a signed int as input.
+    uint32 uma_hash = static_cast<int>(hash.a[0] +
+                                       (hash.a[1] << 8) +
+                                       (hash.a[2] << 12) +
+                                       ((hash.a[3] * 0x7f) << 16));
+
+    UMA_HISTOGRAM_SPARSE_SLOWLY("Blacklist.Blocked", uma_hash);
+  }
+}