| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_analy
zer.h" |
| 6 |
| 7 #include "base/base_paths.h" |
| 8 #include "base/files/file_util.h" |
| 9 #include "base/path_service.h" |
| 10 #include "chrome/browser/safe_browsing/incident_reporting/binary_integrity_incid
ent.h" |
| 11 #include "chrome/browser/safe_browsing/incident_reporting/incident_receiver.h" |
| 12 #include "chrome/browser/safe_browsing/signature_evaluator_mac.h" |
| 13 #include "chrome/common/safe_browsing/csd.pb.h" |
| 14 |
| 15 #define DEVELOPER_ID_APPLICATION_OID "field.1.2.840.113635.100.6.1.13" |
| 16 #define DEVELOPER_ID_INTERMEDIATE_OID "field.1.2.840.113635.100.6.2.6" |
| 17 |
| 18 namespace safe_browsing { |
| 19 |
| 20 namespace { |
| 21 |
| 22 void VerifyBinaryIntegrityHelper(IncidentReceiver* incident_receiver, |
| 23 const base::FilePath& path, |
| 24 const std::string& requirement) { |
| 25 base::FilePath binary_path(path); |
| 26 if (!base::PathExists(binary_path)) |
| 27 return; |
| 28 |
| 29 MacSignatureEvaluator evaluator(binary_path, requirement); |
| 30 if (!evaluator.Initialize()) { |
| 31 LOG(ERROR) << "Could not initialize mac signature evaluator"; |
| 32 return; |
| 33 } |
| 34 |
| 35 std::vector<ClientIncidentReport_IncidentData_BinaryIntegrityIncident> |
| 36 results; |
| 37 if (!evaluator.PerformEvaluation(&results)) { |
| 38 VLOG(1) << "Signature verification failed: " << path.value(); |
| 39 for (const auto& incident : results) { |
| 40 scoped_ptr<ClientIncidentReport_IncidentData_BinaryIntegrityIncident> |
| 41 incident_copy( |
| 42 new ClientIncidentReport_IncidentData_BinaryIntegrityIncident( |
| 43 incident)); |
| 44 incident_receiver->AddIncidentForProcess( |
| 45 make_scoped_ptr(new BinaryIntegrityIncident(incident_copy.Pass()))); |
| 46 } |
| 47 } |
| 48 } |
| 49 |
| 50 } // namespace |
| 51 |
| 52 std::vector<PathAndRequirement> GetCriticalPathsAndRequirements() { |
| 53 // Get the path to the main executable. |
| 54 std::vector<PathAndRequirement> critical_binaries; |
| 55 base::FilePath main_exe; |
| 56 if (!PathService::Get(base::FILE_EXE, &main_exe)) { |
| 57 NOTREACHED(); |
| 58 return critical_binaries; |
| 59 } |
| 60 |
| 61 // This requirement describes a developer ID signed application, |
| 62 // with Google's team identifier, and the com.Google.Chrome[.canary] |
| 63 // identifier. |
| 64 std::string requirement = |
| 65 "anchor apple generic and certificate 1[" DEVELOPER_ID_INTERMEDIATE_OID |
| 66 "] exists and certificate leaf[" DEVELOPER_ID_APPLICATION_OID |
| 67 "] exists and certificate leaf[subject.OU]=\"EQHXZ8M8AV\" and " |
| 68 "(identifier=\"com.google.Chrome\" or " |
| 69 "identifier=\"com.google.Chrome.canary\")"; |
| 70 critical_binaries.push_back(PathAndRequirement(main_exe, requirement)); |
| 71 // TODO(kerrnel): eventually add Adobe Flash Player to this list. |
| 72 return critical_binaries; |
| 73 } |
| 74 |
| 75 void VerifyBinaryIntegrityForTesting(IncidentReceiver* incident_receiver, |
| 76 const base::FilePath& path, |
| 77 const std::string& requirement) { |
| 78 VerifyBinaryIntegrityHelper(incident_receiver, path, requirement); |
| 79 } |
| 80 |
| 81 void VerifyBinaryIntegrity(scoped_ptr<IncidentReceiver> incident_receiver) { |
| 82 size_t i = 0; |
| 83 for (const auto& p : GetCriticalPathsAndRequirements()) { |
| 84 base::TimeTicks time_before = base::TimeTicks::Now(); |
| 85 VerifyBinaryIntegrityHelper(incident_receiver.get(), |
| 86 p.path, |
| 87 p.requirement); |
| 88 RecordSignatureVerificationTime(i++, base::TimeTicks::Now() - time_before); |
| 89 } |
| 90 } |
| 91 |
| 92 } // namespac |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1363613004:
Implement anonymous, opt-in, collection of OS X binary integrity incidents. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master