Implement anonymous, opt-in, collection of OS X binary integrity incidents.

chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer.h

Index: chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer.h
diff --git a/chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer.h b/chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer.h
index 6ac4532aaae29578ce7cdc784a9de7e37fb7c0b9..5e7e20f8b7ea3f53e8535738c6e0fba52ec81e5d 100644
--- a/chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer.h
+++ b/chrome/browser/safe_browsing/incident_reporting/binary_integrity_analyzer.h
@@ -5,12 +5,15 @@
 #ifndef CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_BINARY_INTEGRITY_ANALYZER_H_
 #define CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_BINARY_INTEGRITY_ANALYZER_H_
 
+#include <string>
+#include <utility>
 #include <vector>
 
+#include "base/files/file_util.h"
 #include "base/memory/scoped_ptr.h"
 
 namespace base {
-class FilePath;
+class TimeDelta;
 }  // namespace base
 
 namespace safe_browsing {
@@ -29,6 +32,31 @@ void VerifyBinaryIntegrity(scoped_ptr<IncidentReceiver> incident_receiver);
 // Returns a vector containing the paths to all the binaries to verify.
 std::vector<base::FilePath> GetCriticalBinariesPath();
 
+// Record how long the signature verification took.
+void RecordSignatureVerificationTime(size_t file_index,
+                                     const base::TimeDelta& verification_time);
+
+#if defined(OS_MACOSX)

[mattm, 2015/10/21 02:06:34]

Would it be possible to reconcile the win/mac code more? Or at least make the
split more clear and with less os-specific code in the files that aren't _win or
_mac?

[Greg K, 2015/10/27 01:06:18]

Yes, I've split the win and mac specific code into their respective files and
left the common functionality in the main file.

+// Wraps a path to a code object and its specified code requirement.
+struct PathAndRequirement {
+  PathAndRequirement(const base::FilePath& o_path,
+                     const std::string& o_requirement)
+    : path(o_path), requirement(o_requirement) { }
+  base::FilePath path;
+  std::string requirement;
+};
+
+// Returns a vector of pairs, each of which contains the paths to the binaries
+// to verify, and the codesign requirement to use when verifying.
+std::vector<PathAndRequirement> GetCriticalPathsAndRequirements();
+
+// This is a helper stub to allow the signature checking code to be tested with
+// custom requirements and files.
+void VerifyBinaryIntegrityForTesting(IncidentReceiver* incident_receiver,
+                                     const base::FilePath& path,
+                                     const std::string& requirement);
+#endif  // defined(OS_MACOSX)
+
 }  // namespace safe_browsing
 
 #endif  // CHROME_BROWSER_SAFE_BROWSING_INCIDENT_REPORTING_BINARY_INTEGRITY_ANALYZER_H_