| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_analy
zer_mac.h" | 5 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_analy
zer_mac.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <utility> | 9 #include <utility> |
| 10 | 10 |
| 11 #include "base/files/file_util.h" | 11 #include "base/files/file_util.h" |
| 12 #include "base/mac/bundle_locations.h" | 12 #include "base/mac/bundle_locations.h" |
| 13 #include "base/memory/ptr_util.h" | 13 #include "base/memory/ptr_util.h" |
| 14 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_incid
ent.h" | 14 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_incid
ent.h" |
| 15 #include "chrome/browser/safe_browsing/incident_reporting/incident_receiver.h" | 15 #include "chrome/browser/safe_browsing/incident_reporting/incident_receiver.h" |
| 16 #include "chrome/browser/safe_browsing/signature_evaluator_mac.h" | 16 #include "chrome/browser/safe_browsing/signature_evaluator_mac.h" |
| 17 #include "components/safe_browsing/csd.pb.h" | 17 #include "components/safe_browsing/csd.pb.h" |
| 18 | 18 |
| 19 #define DEVELOPER_ID_APPLICATION_OID "field.1.2.840.113635.100.6.1.13" | |
| 20 #define DEVELOPER_ID_INTERMEDIATE_OID "field.1.2.840.113635.100.6.2.6" | |
| 21 | |
| 22 namespace safe_browsing { | 19 namespace safe_browsing { |
| 23 | 20 |
| 24 namespace { | 21 namespace { |
| 25 | 22 |
| 26 void VerifyBinaryIntegrityHelper(IncidentReceiver* incident_receiver, | 23 void VerifyBinaryIntegrityHelper(IncidentReceiver* incident_receiver, |
| 27 const base::FilePath& path, | 24 const base::FilePath& path, |
| 28 const std::string& requirement) { | 25 const std::string& requirement) { |
| 29 MacSignatureEvaluator evaluator(path, requirement); | 26 MacSignatureEvaluator evaluator(path, requirement); |
| 30 if (!evaluator.Initialize()) { | 27 if (!evaluator.Initialize()) { |
| 31 LOG(ERROR) << "Could not initialize mac signature evaluator"; | 28 LOG(ERROR) << "Could not initialize mac signature evaluator"; |
| (...skipping 14 matching lines...) Expand all Loading... |
| 46 | 43 |
| 47 } // namespace | 44 } // namespace |
| 48 | 45 |
| 49 std::vector<PathAndRequirement> GetCriticalPathsAndRequirements() { | 46 std::vector<PathAndRequirement> GetCriticalPathsAndRequirements() { |
| 50 // Get the path to the main executable. | 47 // Get the path to the main executable. |
| 51 std::vector<PathAndRequirement> critical_binaries; | 48 std::vector<PathAndRequirement> critical_binaries; |
| 52 // This requirement describes a developer ID signed application, | 49 // This requirement describes a developer ID signed application, |
| 53 // with Google's team identifier, and the com.Google.Chrome[.canary] | 50 // with Google's team identifier, and the com.Google.Chrome[.canary] |
| 54 // identifier. | 51 // identifier. |
| 55 std::string requirement = | 52 std::string requirement = |
| 56 "anchor apple generic and certificate 1[" DEVELOPER_ID_INTERMEDIATE_OID | 53 "(identifier \"com.google.Chrome\" or " |
| 57 "] exists and certificate leaf[" DEVELOPER_ID_APPLICATION_OID | 54 "identifier \"com.google.Chrome.beta\" or " |
| 58 "] exists and certificate leaf[subject.OU]=\"EQHXZ8M8AV\" and " | 55 "identifier \"com.google.Chrome.dev\" or " |
| 59 "(identifier=\"com.google.Chrome\" or " | 56 "identifier \"com.google.Chrome.canary\") " |
| 60 "identifier=\"com.google.Chrome.canary\")"; | 57 "and certificate leaf = H\"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a\")"; |
| 58 |
| 61 critical_binaries.push_back( | 59 critical_binaries.push_back( |
| 62 PathAndRequirement(base::mac::OuterBundlePath(), requirement)); | 60 PathAndRequirement(base::mac::OuterBundlePath(), requirement)); |
| 63 // TODO(kerrnel): eventually add Adobe Flash Player to this list. | 61 // TODO(kerrnel): eventually add Adobe Flash Player to this list. |
| 64 return critical_binaries; | 62 return critical_binaries; |
| 65 } | 63 } |
| 66 | 64 |
| 67 void VerifyBinaryIntegrityForTesting(IncidentReceiver* incident_receiver, | 65 void VerifyBinaryIntegrityForTesting(IncidentReceiver* incident_receiver, |
| 68 const base::FilePath& path, | 66 const base::FilePath& path, |
| 69 const std::string& requirement) { | 67 const std::string& requirement) { |
| 70 VerifyBinaryIntegrityHelper(incident_receiver, path, requirement); | 68 VerifyBinaryIntegrityHelper(incident_receiver, path, requirement); |
| 71 } | 69 } |
| 72 | 70 |
| 73 void VerifyBinaryIntegrity( | 71 void VerifyBinaryIntegrity( |
| 74 std::unique_ptr<IncidentReceiver> incident_receiver) { | 72 std::unique_ptr<IncidentReceiver> incident_receiver) { |
| 75 size_t i = 0; | 73 size_t i = 0; |
| 76 for (const auto& p : GetCriticalPathsAndRequirements()) { | 74 for (const auto& p : GetCriticalPathsAndRequirements()) { |
| 77 base::TimeTicks time_before = base::TimeTicks::Now(); | 75 base::TimeTicks time_before = base::TimeTicks::Now(); |
| 78 VerifyBinaryIntegrityHelper(incident_receiver.get(), p.path, p.requirement); | 76 VerifyBinaryIntegrityHelper(incident_receiver.get(), p.path, p.requirement); |
| 79 RecordSignatureVerificationTime(i++, base::TimeTicks::Now() - time_before); | 77 RecordSignatureVerificationTime(i++, base::TimeTicks::Now() - time_before); |
| 80 } | 78 } |
| 81 } | 79 } |
| 82 | 80 |
| 83 } // namespace | 81 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2813273003:
Update the binary integrity incident designated requirement. (Closed)
