Whitelist Widevine CDM for plugin UMA on all platforms.

chrome/renderer/pepper/pepper_uma_host.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/pepper/pepper_uma_host.h"
 
 #include "base/metrics/histogram.h"
 #include "base/sha1.h"
 #include "base/strings/string_number_conversions.h"
+#include "base/strings/string_util.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/render_messages.h"
 #include "chrome/renderer/chrome_content_renderer_client.h"
 #include "content/public/renderer/pepper_plugin_instance.h"
 #include "content/public/renderer/render_thread.h"
 #include "content/public/renderer/renderer_ppapi_host.h"
 #include "extensions/common/constants.h"
 #include "extensions/common/extension.h"
 #include "ppapi/c/pp_errors.h"
 #include "ppapi/host/dispatch_host_message.h"
 #include "ppapi/host/host_message_context.h"
 #include "ppapi/host/ppapi_host.h"
 #include "ppapi/proxy/ppapi_messages.h"
 
 namespace {
 
 const char* const kPredefinedAllowedUMAOrigins[] = {
     "6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F",  // see http://crbug.com/317833
     "4EB74897CB187C7633357C2FE832E0AD6A44883A"   // see http://crbug.com/317833
 };
 
 const char* const kWhitelistedHistogramPrefixes[] = {
     "22F67DA2061FFC4DC9A4974036348D9C38C22919"  // see http://crbug.com/390221
 };
 
-const char* const kWhitelistedPluginBaseNames[] = {
-    "libwidevinecdmadapter.so",  // see http://crbug.com/368743
-    "libpdf.so"                  // see http://crbug.com/405305
+// Name patterns in this list should be as specific as possible to avoid
+// over-whitelisting unexpected plugins.
+const char* const kWhitelistedPluginNamePatterns[] = {
+    "*widevinecdmadapter.*",  // see http://crbug.com/368743 and

[ddorwin, 2014/09/12 16:11:08]

How good is the pattern matching? Can we do something like [lib]wide...?

Is this better than just having some platform-specific code or using a constant
we already have?

[xhwang, 2014/09/12 16:33:58]

No, it only supports * and ?. Probably I can find some regex function but felt
that may be overkill...
 
I debated about that myself :) I just didn't feel like putting all three
versions of widevine cdm adapter file names in this file, which is not scalable
(imagine someone else wants to whitelist another plugins...).

I also looked at GetNativeLibraryName():
https://code.google.com/p/chromium/codesearch#chromium/src/base/native_librar...

There are a few issues:
1, it's .dylib instead of .plugin
2, We still need to support the case where we only want to whitelist a plugin on
certain platforms, e.g. libpdf.so on linux only.

+                              // http://crbug.com/410630
+    "libpdf.so"               // see http://crbug.com/405305
 };
 
 std::string HashPrefix(const std::string& histogram) {
   const std::string id_hash =
       base::SHA1HashString(histogram.substr(0, histogram.find('.')));
   DCHECK_EQ(id_hash.length(), base::kSHA1Length);
   return base::HexEncode(id_hash.c_str(), id_hash.length());
 }
 
 }  // namespace
 
 PepperUMAHost::PepperUMAHost(content::RendererPpapiHost* host,
                              PP_Instance instance,
                              PP_Resource resource)
     : ResourceHost(host->GetPpapiHost(), instance, resource),
       document_url_(host->GetDocumentURL(instance)),
       is_plugin_in_process_(host->IsRunningInProcess()) {
   if (host->GetPluginInstance(instance)) {
     plugin_base_name_ =
         host->GetPluginInstance(instance)->GetModulePath().BaseName();
   }
 
   for (size_t i = 0; i < arraysize(kPredefinedAllowedUMAOrigins); ++i)
     allowed_origins_.insert(kPredefinedAllowedUMAOrigins[i]);
   for (size_t i = 0; i < arraysize(kWhitelistedHistogramPrefixes); ++i)
     allowed_histogram_prefixes_.insert(kWhitelistedHistogramPrefixes[i]);
-  for (size_t i = 0; i < arraysize(kWhitelistedPluginBaseNames); ++i)
-    allowed_plugin_base_names_.insert(kWhitelistedPluginBaseNames[i]);
+  for (size_t i = 0; i < arraysize(kWhitelistedPluginNamePatterns); ++i)
+    allowed_plugin_name_patterns_.insert(kWhitelistedPluginNamePatterns[i]);
 }
 
 PepperUMAHost::~PepperUMAHost() {}
 
 int32_t PepperUMAHost::OnResourceMessageReceived(
     const IPC::Message& msg,
     ppapi::host::HostMessageContext* context) {
   PPAPI_BEGIN_MESSAGE_MAP(PepperUMAHost, msg)
     PPAPI_DISPATCH_HOST_RESOURCE_CALL(PpapiHostMsg_UMA_HistogramCustomTimes,
                                       OnHistogramCustomTimes)
@@ skipping 16 matching lines @@
   if (is_plugin_in_process_ && histogram.find("NaCl.") == 0) {
     return true;
   }
 
   if (IsPluginWhitelisted() &&
       allowed_histogram_prefixes_.find(HashPrefix(histogram)) !=
           allowed_histogram_prefixes_.end()) {
     return true;
   }
 
-  if (allowed_plugin_base_names_.find(plugin_base_name_.MaybeAsASCII()) !=
-      allowed_plugin_base_names_.end()) {
-    return true;
+  std::string plugin_base_name_string = plugin_base_name_.MaybeAsASCII();
+  std::set<std::string>::const_iterator iter =

[ddorwin, 2014/09/12 16:11:08]

Why is this outside the for loop?

[xhwang, 2014/09/12 16:33:57]

I hated the long line...  will fix :) ~~

+      allowed_plugin_name_patterns_.begin();
+  for (; iter != allowed_plugin_name_patterns_.end(); ++iter) {
+    if (MatchPattern(plugin_base_name_string, *iter))
+      return true;
   }
 
   LOG(ERROR) << "Host or histogram name is not allowed to use the UMA API.";
   return false;
 }
 
 #define RETURN_IF_BAD_ARGS(_min, _max, _buckets) \
   do {                                           \
     if (_min >= _max || _buckets <= 1)           \
       return PP_ERROR_BADARGUMENT;               \
@@ skipping 76 matching lines @@
     ppapi::host::HostMessageContext* context) {
   if (!IsPluginWhitelisted())
     return PP_ERROR_NOACCESS;
   bool enabled = false;
   content::RenderThread::Get()->Send(
       new ChromeViewHostMsg_IsCrashReportingEnabled(&enabled));
   if (enabled)
     return PP_OK;
   return PP_ERROR_FAILED;
 }