Reland "Don't warn about modules in the same directory as Chrome"

This is a reland of 12164db3 Original change's description: > Don't warn about modules in the same directory as Chrome > > Bug: 876096 > Change-Id: I85a7d7d5529270a829d9849a8bb638d9d02b7813 > Reviewed-on: https://chromium-review.googlesource.com/1182341 > Commit-Queue: Patrick Monette <pmonette@chromium.org> > Reviewed-by: Chris Hamilton <chrisha@chromium.org> > Cr-Commit-Position: refs/heads/master@{#584586} Bug: 876096 Change-Id: I426a1304af2f6b404a8872493cde32d74774c797 Reviewed-on: https://chromium-review.googlesource.com/1182923Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Patrick Monette <pmonette@chromium.org> Cr-Commit-Position: refs/heads/master@{#584837}

Reland "Don't warn about modules in the same directory as Chrome"
This is a reland of 12164db3 Original change's description: > Don't warn about modules in the same directory as Chrome > > Bug: 876096 > Change-Id: I85a7d7d5529270a829d9849a8bb638d9d02b7813 > Reviewed-on: https://chromium-review.googlesource.com/1182341 > Commit-Queue: Patrick Monette <pmonette@chromium.org> > Reviewed-by: Chris Hamilton <chrisha@chromium.org> > Cr-Commit-Position: refs/heads/master@{#584586} Bug: 876096 Change-Id: I426a1304af2f6b404a8872493cde32d74774c797 Reviewed-on: https://chromium-review.googlesource.com/1182923Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Patrick Monette <pmonette@chromium.org> Cr-Commit-Position: refs/heads/master@{#584837}
3abf5704 · Patrick Monette · Commit Bot · 7456855a · 3abf5704 · 3abf5704
Commit 3abf5704 authored Aug 21, 2018 by Patrick Monette Committed by Commit Bot Aug 21, 2018
3 changed files
--- a/chrome/browser/conflicts/incompatible_applications_updater_win.cc
+++ b/chrome/browser/conflicts/incompatible_applications_updater_win.cc
@@ -7,9 +7,11 @@
 #include <string>
 #include <utility>

+#include "base/base_paths.h"
 #include "base/bind.h"
 #include "base/feature_list.h"
 #include "base/metrics/histogram_macros.h"
+#include "base/path_service.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/values.h"
 #include "base/win/registry.h"
@@ -27,11 +29,6 @@
 #include "components/prefs/scoped_user_pref_update.h"
 #include "content/public/browser/browser_thread.h"

-#if !defined(OFFICIAL_BUILD)
-#include "base/base_paths.h"
-#include "base/path_service.h"
-#endif
-
 namespace {

 // Serializes a vector of IncompatibleApplications to JSON.
@@ -311,18 +308,6 @@ void IncompatibleApplicationsUpdater::OnNewModuleFound(
    return;
  }

-// For developer builds only, whitelist modules in the same directory as the
-// executable.
-#if !defined(OFFICIAL_BUILD)
-  base::FilePath exe_path;
-  if (base::PathService::Get(base::DIR_EXE, &exe_path) &&
-      exe_path.DirName().IsParent(module_key.module_path)) {
-    module_warning_decisions_[module_key.module_id] =
-        ModuleWarningDecision::kAllowedSameDirectory;
-    return;
-  }
-#endif
-
  // Second, check if the module is seemingly signed by Microsoft. Again, no
  // attempt is made to check the validity of the certificate.
  if (IsMicrosoftModule(
@@ -332,6 +317,22 @@ void IncompatibleApplicationsUpdater::OnNewModuleFound(
    return;
  }

+  // Whitelist modules in the same directory as the executable. This serves 2
+  // purposes:
+  // - In unsigned builds, this whitelists all of the DLL that are part of
+  //   Chrome.
+  // - It avoids an issue with the simple heuristic used to determine to which
+  //   application a DLL belongs. Without this, if an injected third-party DLL
+  //   is first copied into Chrome's directory, Chrome will blame itself as an
+  //   incompatible application.
+  base::FilePath exe_path;
+  if (base::PathService::Get(base::DIR_EXE, &exe_path) &&
+      exe_path.DirName().IsParent(module_key.module_path)) {
+    module_warning_decisions_[module_key.module_id] =
+        ModuleWarningDecision::kAllowedSameDirectory;
+    return;
+  }
+
  // Skip modules whitelisted by the Module List component.
  if (module_list_filter_->IsWhitelisted(module_key, module_data)) {
    module_warning_decisions_[module_key.module_id] =

--- a/chrome/browser/conflicts/incompatible_applications_updater_win.h
+++ b/chrome/browser/conflicts/incompatible_applications_updater_win.h
@@ -47,7 +47,7 @@ class IncompatibleApplicationsUpdater : public ModuleDatabaseObserver {
    // validated.
    kAllowedSameCertificate,
    // Allowed because the path of the executable is the parent of the path of
-    // the module. Only used in non-official builds.
+    // the module.
    kAllowedSameDirectory,
    // Allowed because it is signed by Microsoft. The certificate is not
    // validated.

--- a/chrome/browser/ui/webui/conflicts/conflicts_handler.cc
+++ b/chrome/browser/ui/webui/conflicts/conflicts_handler.cc
@@ -34,10 +34,19 @@ namespace {
 constexpr char kNotLoaded[] = "Not loaded";
 constexpr char kAllowedInputMethodEditor[] = "Allowed - Input method editor";
 constexpr char kAllowedMatchingCertificate[] = "Allowed - Matching certificate";
-constexpr char kAllowedSameDirectory[] =
-    "Allowed - In executable directory (dev builds only)";
 constexpr char kAllowedMicrosoftModule[] = "Allowed - Microsoft module";
 constexpr char kAllowedWhitelisted[] = "Allowed - Whitelisted";
+constexpr char kAllowedSameDirectory[] =
+#if defined(OFFICIAL_BUILD)
+    // In official builds, modules in the Chrome directory are blocked but they
+    // won't cause a warning because the warning would blame Chrome itself.
+    "Tolerated - In executable directory";
+#else  // !defined(OFFICIAL_BUILD)
+    // In developer builds, DLLs that are part of Chrome are not signed and thus
+    // the easy way to identify them is to check that they are in the same
+    // directory (or child folder) as the main exe.
+    "Allowed - In executable directory (dev builds only)";
+#endif

 void AppendString(base::StringPiece input, std::string* output) {
  if (!output->empty())