| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/safe_browsing/signature_evaluator_mac.h" |
| 6 |
| 7 #include <CoreFoundation/CoreFoundation.h> |
| 8 #include <Foundation/Foundation.h> |
| 9 #include <Security/Security.h> |
| 10 #include <sys/xattr.h> |
| 11 |
| 12 #include "base/mac/foundation_util.h" |
| 13 #include "base/mac/mac_util.h" |
| 14 #include "base/mac/scoped_cftyperef.h" |
| 15 #include "base/mac/scoped_nsobject.h" |
| 16 #include "base/strings/sys_string_conversions.h" |
| 17 #include "chrome/common/safe_browsing/binary_feature_extractor.h" |
| 18 #include "chrome/common/safe_browsing/csd.pb.h" |
| 19 #include "chrome/common/safe_browsing/mach_o_image_reader_mac.h" |
| 20 |
| 21 namespace safe_browsing { |
| 22 |
| 23 namespace { |
| 24 |
| 25 // OS X code signing data can be stored in extended attributes as well. This is |
| 26 // a list of the extended attributes slots currently used in Security.framework, |
| 27 // from codesign.h (see the kSecCS_* constants). |
| 28 const char* const xattrs[] = { |
| 29 "com.apple.cs.CodeDirectory", |
| 30 "com.apple.cs.CodeSignature", |
| 31 "com.apple.cs.CodeRequirements", |
| 32 "com.apple.cs.CodeResources", |
| 33 "com.apple.cs.CodeApplication", |
| 34 "com.apple.cs.CodeEntitlements", |
| 35 }; |
| 36 |
| 37 // Convenience function to get the appropriate path from a variety of NSObject |
| 38 // types. |
| 39 bool GetPathFromNSObject(id obj, std::string* output) { |
| 40 if (NSString* str = base::mac::ObjCCast<NSString>(obj)) { |
| 41 output->assign([str fileSystemRepresentation]); |
| 42 return true; |
| 43 } else if (NSURL* url = base::mac::ObjCCast<NSURL>(obj)) { |
| 44 output->assign([[url path] fileSystemRepresentation]); |
| 45 return true; |
| 46 } else if (NSBundle* bundle = base::mac::ObjCCast<NSBundle>(obj)) { |
| 47 output->assign([[bundle bundlePath] fileSystemRepresentation]); |
| 48 return true; |
| 49 } |
| 50 return false; |
| 51 } |
| 52 |
| 53 // Process the NSError information about any files that were altered. |
| 54 void ReportAlteredFiles( |
| 55 id detail, |
| 56 int32_t err_code, |
| 57 std::vector<ClientIncidentReport_IncidentData_BinaryIntegrityIncident>* |
| 58 results) { |
| 59 if (NSArray* arr = base::mac::ObjCCast<NSArray>(detail)) { |
| 60 for (id obj in arr) |
| 61 ReportAlteredFiles(obj, err_code, results); |
| 62 } else { |
| 63 std::string path_str; |
| 64 if (!GetPathFromNSObject(detail, &path_str)) |
| 65 return; |
| 66 |
| 67 base::FilePath path(path_str); |
| 68 ClientIncidentReport_IncidentData_BinaryIntegrityIncident incident; |
| 69 incident.set_file_basename(path.BaseName().value()); |
| 70 incident.set_sec_error(err_code); |
| 71 scoped_refptr<BinaryFeatureExtractor> bfe = new BinaryFeatureExtractor(); |
| 72 |
| 73 // TODO(kerrnel): if Chrome ever opts into the OS X "kill" semantics, this |
| 74 // call has to change. `ExtractImageFeatures` maps the file, which will |
| 75 // cause Chrome to be killed before it can report on the invalid file. |
| 76 // This call will need to read(2) the binary into a buffer. |
| 77 if (!bfe->ExtractImageFeatures( |
| 78 path, |
| 79 BinaryFeatureExtractor::kDefaultOptions, |
| 80 incident.mutable_image_headers(), |
| 81 incident.mutable_signature()->mutable_signed_data())) { |
| 82 // If this is not a mach-o file, search inside the extended attributes. |
| 83 for (const char* attr : xattrs) { |
| 84 ssize_t size = getxattr(path.value().c_str(), attr, nullptr, 0, 0, 0); |
| 85 if (size >= 0) { |
| 86 std::vector<uint8_t> xattr_data(size); |
| 87 ssize_t post_size = getxattr(path.value().c_str(), attr, |
| 88 &xattr_data[0], xattr_data.size(), 0, 0); |
| 89 if (post_size >= 0) { |
| 90 xattr_data.resize(post_size); |
| 91 ClientDownloadRequest_ExtendedAttr* xattr_msg = |
| 92 incident.mutable_signature()->add_xattr(); |
| 93 xattr_msg->set_key(attr); |
| 94 xattr_msg->set_value(xattr_data.data(), xattr_data.size()); |
| 95 } |
| 96 } |
| 97 } |
| 98 } |
| 99 results->push_back(incident); |
| 100 } |
| 101 } |
| 102 |
| 103 } // namespace |
| 104 |
| 105 MacSignatureEvaluator::MacSignatureEvaluator( |
| 106 const base::FilePath& signed_object_path) |
| 107 : path_(signed_object_path), |
| 108 requirement_str_(), |
| 109 has_requirement_(false), |
| 110 code_(nullptr), |
| 111 requirement_(nullptr) {} |
| 112 |
| 113 MacSignatureEvaluator::MacSignatureEvaluator( |
| 114 const base::FilePath& signed_object_path, |
| 115 const std::string& requirement) |
| 116 : path_(signed_object_path), |
| 117 requirement_str_(requirement), |
| 118 has_requirement_(true), |
| 119 code_(nullptr), |
| 120 requirement_(nullptr) {} |
| 121 |
| 122 MacSignatureEvaluator::~MacSignatureEvaluator() {} |
| 123 |
| 124 bool MacSignatureEvaluator::Initialize() { |
| 125 base::scoped_nsobject<NSURL> code_url([[NSURL alloc] |
| 126 initFileURLWithPath:base::SysUTF8ToNSString(path_.value())]); |
| 127 if (!code_url) |
| 128 return false; |
| 129 |
| 130 if (SecStaticCodeCreateWithPath(base::mac::NSToCFCast(code_url.get()), |
| 131 kSecCSDefaultFlags, |
| 132 code_.InitializeInto()) != errSecSuccess) { |
| 133 return false; |
| 134 } |
| 135 |
| 136 if (has_requirement_) { |
| 137 if (SecRequirementCreateWithString( |
| 138 base::mac::NSToCFCast(base::SysUTF8ToNSString(requirement_str_)), |
| 139 kSecCSDefaultFlags, requirement_.InitializeInto()) != |
| 140 errSecSuccess) { |
| 141 return false; |
| 142 } |
| 143 } |
| 144 |
| 145 return true; |
| 146 } |
| 147 |
| 148 bool MacSignatureEvaluator::PerformEvaluation( |
| 149 std::vector<ClientIncidentReport_IncidentData_BinaryIntegrityIncident>* |
| 150 results) { |
| 151 DCHECK(results->empty()); |
| 152 base::ScopedCFTypeRef<CFErrorRef> errors; |
| 153 OSStatus err = SecStaticCodeCheckValidityWithErrors( |
| 154 code_, kSecCSCheckAllArchitectures, requirement_, |
| 155 errors.InitializeInto()); |
| 156 if (err == errSecSuccess) |
| 157 return true; |
| 158 // This adds the signature of the main binary to the incident reports. |
| 159 ReportAlteredFiles(base::SysUTF8ToNSString(path_.value()), err, results); |
| 160 if (errors) { |
| 161 NSDictionary* info = [base::mac::CFToNSCast(errors.get()) userInfo]; |
| 162 static const CFStringRef keys[] = { |
| 163 kSecCFErrorResourceAltered, kSecCFErrorResourceMissing, |
| 164 }; |
| 165 for (CFStringRef key : keys) { |
| 166 if (id detail = [info objectForKey:base::mac::CFToNSCast(key)]) |
| 167 ReportAlteredFiles(detail, err, results); |
| 168 } |
| 169 } |
| 170 return false; |
| 171 } |
| 172 |
| 173 } // namespace safe_browsing |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1363613004:
Implement anonymous, opt-in, collection of OS X binary integrity incidents. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master