Record Code Signature of Downloaded DMG files

chrome/browser/safe_browsing/download_protection_service.cc

Index: chrome/browser/safe_browsing/download_protection_service.cc
diff --git a/chrome/browser/safe_browsing/download_protection_service.cc b/chrome/browser/safe_browsing/download_protection_service.cc
index 1c74ea0020d3371e522d39c08551417a2dcd37a8..0deadce69b8ff892bce489b232f863285195188c 100644
--- a/chrome/browser/safe_browsing/download_protection_service.cc
+++ b/chrome/browser/safe_browsing/download_protection_service.cc
@@ -348,6 +348,9 @@ class DownloadProtectionService::CheckClientDownloadRequest
         tab_referrer_url_(item->GetTabReferrerUrl()),
         archived_executable_(false),
         archive_is_valid_(ArchiveValid::UNSET),
+#if defined(OS_MACOSX)
+        disk_image_signature_(nullptr),
+#endif
         callback_(callback),
         service_(service),
         binary_feature_extractor_(binary_feature_extractor),
@@ -812,6 +815,13 @@ class DownloadProtectionService::CheckClientDownloadRequest
     if (!service_)
       return;
 
+#if defined(OS_MACOSX)

[Jialiu Lin, 2017/06/28 00:23:34]

You probably don't need the #if/#endif here, since this function will only be
called on Mac OS, due to
https://cs.chromium.org/chromium/src/chrome/browser/safe_browsing/download_pr...

[mortonm, 2017/06/28 16:24:41]

Done.

+    if (results.signature_blob.size() > 0) {
+      disk_image_signature_ = std::unique_ptr<std::vector<uint8_t>>(

[Jialiu Lin, 2017/06/28 00:23:34]

change "std::unique_ptr<std::vector<uint8_t>>(new
std::vector<uint8_t>(results.signature_blob));"  into
"base::MakeUnique<std::vector<uint8_t>>(results.signature_blob);"

MakeUnique<T>(args) should be preferred over WrapUnique(new T(args)): bare calls
to `new` should be treated with scrutiny.

[mortonm, 2017/06/28 16:24:41]

Done.

+          new std::vector<uint8_t>(results.signature_blob));
+    }
+#endif
+
     // Even if !results.success, some of the DMG may have been parsed.
     archive_is_valid_ =
         (results.success ? ArchiveValid::VALID : ArchiveValid::INVALID);
@@ -1057,6 +1067,18 @@ class DownloadProtectionService::CheckClientDownloadRequest
             request.mutable_referrer_chain());
     }
 
+#if defined(OS_MACOSX)
+    UMA_HISTOGRAM_BOOLEAN(
+        "SBClientDownload."
+        "DownloadFileHasDmgSignature",
+        disk_image_signature_ != nullptr);
+
+    if (disk_image_signature_) {
+      request.set_udif_code_signature(disk_image_signature_->data(),
+                                      disk_image_signature_->size());
+    }
+#endif
+
     if (archive_is_valid_ != ArchiveValid::UNSET)
       request.set_archive_valid(archive_is_valid_ == ArchiveValid::VALID);
     request.mutable_signature()->CopyFrom(signature_info_);
@@ -1252,6 +1274,10 @@ class DownloadProtectionService::CheckClientDownloadRequest
   bool archived_executable_;
   ArchiveValid archive_is_valid_;
 
+#if defined(OS_MACOSX)
+  std::unique_ptr<std::vector<uint8_t>> disk_image_signature_;
+#endif
+
   ClientDownloadRequest_SignatureInfo signature_info_;
   std::unique_ptr<ClientDownloadRequest_ImageHeaders> image_headers_;
   google::protobuf::RepeatedPtrField<ClientDownloadRequest_ArchivedBinary>