Always persist histograms from setup.exe.

chrome/installer/setup/install_worker.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // This file contains the definitions of the installer functions that build
 // the WorkItemList used to install the application.
 
 #include "chrome/installer/setup/install_worker.h"
 
+#include <windows.h>  // NOLINT
+#include <atlsecurity.h>
 #include <oaidl.h>
 #include <shlobj.h>
 #include <stddef.h>
 #include <stdint.h>
 #include <time.h>
 
 #include <memory>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/path_service.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/version.h"
 #include "base/win/registry.h"
 #include "base/win/windows_version.h"
 #include "chrome/common/chrome_constants.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/installer/setup/app_launcher_installer.h"
 #include "chrome/installer/setup/install.h"
-#include "chrome/installer/setup/installer_metrics.h"
+#include "chrome/installer/setup/persistent_histogram_storage.h"
 #include "chrome/installer/setup/setup_constants.h"
 #include "chrome/installer/setup/setup_util.h"
 #include "chrome/installer/setup/update_active_setup_version_work_item.h"
 #include "chrome/installer/util/app_registration_data.h"
 #include "chrome/installer/util/browser_distribution.h"
 #include "chrome/installer/util/callback_work_item.h"
 #include "chrome/installer/util/conditional_work_item_list.h"
 #include "chrome/installer/util/create_reg_key_work_item.h"
 #include "chrome/installer/util/firewall_manager_win.h"
 #include "chrome/installer/util/google_update_constants.h"
@@ skipping 338 matching lines @@
 
     const HKEY root = installer_state.root_key();
     base::string16 delegate_execute_path(L"Software\\Classes\\CLSID\\");
     delegate_execute_path.append(handler_class_uuid);
     // Delete both 64 and 32 keys to handle 32->64 or 64->32 migration.
     list->AddDeleteRegKeyWorkItem(root, delegate_execute_path, KEY_WOW64_32KEY);
     list->AddDeleteRegKeyWorkItem(root, delegate_execute_path, KEY_WOW64_64KEY);
   }
 }
 
+// Add to the ACL of an object on disk. This follows the method from MSDN:
+// https://msdn.microsoft.com/en-us/library/windows/desktop/aa379283.aspx This

[bcwhite, 2016/09/13 19:53:53]

Don't reflow this comment.  It's clearer if the URL is the only thing on this
line.

[fdoray, 2016/09/13 20:18:25]

Done.

+// is done using explicit flags rather than the "security string" format because
+// strings do not necessarily read what is written which makes it difficult to
+// de-dup. Working with the binary format is always exact and the system
+// libraries will properly ignore duplicate ACL entries.
+bool AddAclToPath(const base::FilePath& path,
+                  const CSid& trustee,
+                  ACCESS_MASK access_mask,
+                  BYTE ace_flags) {
+  DCHECK(!path.empty());
+  DCHECK(trustee);
+
+  // Get the existing DACL.
+  ATL::CDacl dacl;
+  if (!ATL::AtlGetDacl(path.value().c_str(), SE_FILE_OBJECT, &dacl)) {
+    DPLOG(ERROR) << "Failed getting DACL for path \"" << path.value() << "\"";
+    return false;
+  }
+
+  // Check if the requested access already exists and return if so.
+  for (UINT i = 0; i < dacl.GetAceCount(); ++i) {
+    ATL::CSid sid;
+    ACCESS_MASK mask = 0;
+    BYTE type = 0;
+    BYTE flags = 0;
+    dacl.GetAclEntry(i, &sid, &mask, &type, &flags);
+    if (sid == trustee && type == ACCESS_ALLOWED_ACE_TYPE &&
+        (flags & ace_flags) == ace_flags &&
+        (mask & access_mask) == access_mask) {
+      return true;
+    }
+  }
+
+  // Add the new access to the DACL.
+  if (!dacl.AddAllowedAce(trustee, access_mask, ace_flags)) {
+    DPLOG(ERROR) << "Failed adding ACE to DACL";
+    return false;
+  }
+
+  // Attach the updated ACL as the object's DACL.
+  if (!ATL::AtlSetDacl(path.value().c_str(), SE_FILE_OBJECT, dacl)) {
+    DPLOG(ERROR) << "Failed setting DACL for path \"" << path.value() << "\"";
+    return false;
+  }
+
+  return true;
+}
+
 }  // namespace
 
 // This method adds work items to create (or update) Chrome uninstall entry in
 // either the Control Panel->Add/Remove Programs list or in the Omaha client
 // state key if running under an MSI installer.
 void AddUninstallShortcutWorkItems(const InstallerState& installer_state,
                                    const base::FilePath& setup_path,
                                    const base::Version& new_version,
                                    const Product& product,
                                    WorkItemList* install_list) {
@@ skipping 630 matching lines @@
                          WorkItemList* install_list) {
   DCHECK(install_list);
 
   const base::FilePath& target_path = installer_state.target_path();
 
   // A temp directory that work items need and the actual install directory.
   install_list->AddCreateDirWorkItem(temp_path);
   install_list->AddCreateDirWorkItem(target_path);
 
   // Create the directory in which persistent metrics will be stored.
-  install_list->AddCreateDirWorkItem(
-      GetPersistentHistogramStorageDir(target_path));
+  const base::FilePath histogram_storage_dir(
+      PersistentHistogramStorage::GetStorageDir(target_path));
+  install_list->AddCreateDirWorkItem(histogram_storage_dir);
+
+  if (installer_state.system_install()) {
+    WorkItem* add_acl_to_histogram_storage_dir_work_item =
+        install_list->AddCallbackWorkItem(base::Bind(
+            [](const base::FilePath& histogram_storage_dir,
+               const CallbackWorkItem& work_item) {
+              DCHECK(!work_item.IsRollback());
+              return AddAclToPath(histogram_storage_dir,
+                                  ATL::Sids::AuthenticatedUser(),
+                                  FILE_GENERIC_READ | FILE_DELETE_CHILD,
+                                  CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE);
+            },
+            histogram_storage_dir));
+    add_acl_to_histogram_storage_dir_work_item->set_best_effort(true);
+    add_acl_to_histogram_storage_dir_work_item->set_rollback_enabled(false);
+  }
 
   if (installer_state.FindProduct(BrowserDistribution::CHROME_BROWSER) ||
       installer_state.FindProduct(BrowserDistribution::CHROME_BINARIES)) {
     AddChromeWorkItems(original_state,
                        installer_state,
                        setup_path,
                        archive_path,
                        src_path,
                        temp_path,
                        current_version,
@@ skipping 289 matching lines @@
   // Unconditionally remove the legacy Quick Enable command from the binaries.
   // Do this even if multi-install Chrome isn't installed to ensure that it is
   // not left behind in any case.
   work_item_list->AddDeleteRegKeyWorkItem(
                       installer_state.root_key(), cmd_key, KEY_WOW64_32KEY)
       ->set_log_message("removing " + base::UTF16ToASCII(kCmdQuickEnableCf) +
                         " command");
 }
 
 }  // namespace installer