Implement anonymous, opt-in, collection of OS X binary integrity incidents.

chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_BINARY_INTEGRITY_ANALYZER_H_
 #define CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_BINARY_INTEGRITY_ANALYZER_H_
 
+#include <string>
+#include <utility>
 #include <vector>
 
+#include "base/files/file_util.h"
 #include "base/memory/scoped_ptr.h"
 
 namespace base {
-class FilePath;
+class TimeDelta;
 }  // namespace base
 
 namespace safe_browsing {
 
 class IncidentReceiver;
 
 // Registers a process-wide analysis with the incident reporting service that
 // will verify the signature of the most critical binaries used by Chrome. It
 // will send an incident report every time a signature verification fails.
 void RegisterBinaryIntegrityAnalysis();
 
 // Callback to pass to the incident reporting service. The incident reporting
 // service will decide when to start the analysis.
 void VerifyBinaryIntegrity(scoped_ptr<IncidentReceiver> incident_receiver);
 
 // Returns a vector containing the paths to all the binaries to verify.
 std::vector<base::FilePath> GetCriticalBinariesPath();
 
+// Record how long the signature verification took.
+void RecordSignatureVerificationTime(size_t file_index,
+                                     const base::TimeDelta& verification_time);
+
+#if defined(OS_MACOSX)

[mattm, 2015/10/21 02:06:34]

Would it be possible to reconcile the win/mac code more? Or at least make the
split more clear and with less os-specific code in the files that aren't _win or
_mac?

[Greg K, 2015/10/27 01:06:18]

Yes, I've split the win and mac specific code into their respective files and
left the common functionality in the main file.

+// Wraps a path to a code object and its specified code requirement.
+struct PathAndRequirement {
+  PathAndRequirement(const base::FilePath& o_path,
+                     const std::string& o_requirement)
+    : path(o_path), requirement(o_requirement) { }
+  base::FilePath path;
+  std::string requirement;
+};
+
+// Returns a vector of pairs, each of which contains the paths to the binaries
+// to verify, and the codesign requirement to use when verifying.
+std::vector<PathAndRequirement> GetCriticalPathsAndRequirements();
+
+// This is a helper stub to allow the signature checking code to be tested with
+// custom requirements and files.
+void VerifyBinaryIntegrityForTesting(IncidentReceiver* incident_receiver,
+                                     const base::FilePath& path,
+                                     const std::string& requirement);
+#endif  // defined(OS_MACOSX)
+
 }  // namespace safe_browsing
 
 #endif  // CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_BINARY_INTEGRITY_ANALYZER_H_