Track modules that bypass the blocking in chrome_elf

Also render them valid to trigger an incompatible applications warning. Bug: 846953 Change-Id: I6fa9951043d19a44a820aeaf44cab1c0e9b981e2 Reviewed-on: https://chromium-review.googlesource.com/1158986Reviewed-by: Chris Hamilton <chrisha@chromium.org> Commit-Queue: Chris Hamilton <chrisha@chromium.org> Cr-Commit-Position: refs/heads/master@{#581393}

Track modules that bypass the blocking in chrome_elf
Also render them valid to trigger an incompatible applications warning. Bug: 846953 Change-Id: I6fa9951043d19a44a820aeaf44cab1c0e9b981e2 Reviewed-on: https://chromium-review.googlesource.com/1158986Reviewed-by: Chris Hamilton <chrisha@chromium.org> Commit-Queue: Chris Hamilton <chrisha@chromium.org> Cr-Commit-Position: refs/heads/master@{#581393}
89224288 · Patrick Monette · Commit Bot · fb4e7fd6 · 89224288 · 89224288
Commit 89224288 authored Aug 07, 2018 by Patrick Monette Committed by Commit Bot Aug 07, 2018
6 changed files
--- a/chrome/browser/conflicts/module_blacklist_cache_updater_win.cc
+++ b/chrome/browser/conflicts/module_blacklist_cache_updater_win.cc
@@ -156,10 +156,13 @@ ModuleBlacklistCacheUpdater::ModuleBlacklistCacheUpdater(
    ModuleDatabaseEventSource* module_database_event_source,
    const CertificateInfo& exe_certificate_info,
    scoped_refptr<ModuleListFilter> module_list_filter,
+    const std::vector<third_party_dlls::PackedListModule>&
+        initial_blacklisted_modules,
    OnCacheUpdatedCallback on_cache_updated_callback)
    : module_database_event_source_(module_database_event_source),
      exe_certificate_info_(exe_certificate_info),
      module_list_filter_(std::move(module_list_filter)),
+      initial_blacklisted_modules_(initial_blacklisted_modules),
      on_cache_updated_callback_(std::move(on_cache_updated_callback)),
      background_sequence_(base::CreateSequencedTaskRunnerWithTraits(
          {base::MayBlock(), base::TaskPriority::BEST_EFFORT,
@@ -283,12 +286,26 @@ void ModuleBlacklistCacheUpdater::OnNewModuleFound(
    return;
  }
-  // Now it has been determined that the module should be blocked.
+  // Now it has been determined that the module should be blocked. So make sure
+  // it gets added to the blacklist cache.
+  InsertPackedListModule(module_key, &newly_blacklisted_modules_);
+  // Check if a blacklisted module was able to bypass the blocking.
+  if (std::binary_search(std::begin(initial_blacklisted_modules_),
+                         std::end(initial_blacklisted_modules_),
+                         newly_blacklisted_modules_.back(),
+                         internal::ModuleLess())) {
    module_blocking_decisions_[module_key.module_id] =
-      ModuleBlockingDecision::kBlacklisted;
+        ModuleBlockingDecision::kBypassedBlocking;
-  // Insert the blacklisted module.
+    // Return here and don't notify the ModuleDatabase that the module was added
-  InsertPackedListModule(module_key, &newly_blacklisted_modules_);
+    // to the blacklist so that it can trigger an incompatible applications
+    // warning.
+    return;
+  }
+  module_blocking_decisions_[module_key.module_id] =
+      ModuleBlockingDecision::kBlacklisted;
  // Signal the module database that this module will be added to the cache.
  // Note that observers that care about this information should register to

--- a/chrome/browser/conflicts/module_blacklist_cache_updater_win.h
+++ b/chrome/browser/conflicts/module_blacklist_cache_updater_win.h
@@ -100,6 +100,8 @@ class ModuleBlacklistCacheUpdater : public ModuleDatabaseObserver {
    kBlacklisted,
    // The module was blocked from loading into the process.
    kBlocked,
+    // This module should have been blocked but wasn't.
+    kBypassedBlocking,
  };
  struct CacheUpdateResult {
@@ -123,6 +125,8 @@ class ModuleBlacklistCacheUpdater : public ModuleDatabaseObserver {
      ModuleDatabaseEventSource* module_database_event_source,
      const CertificateInfo& exe_certificate_info,
      scoped_refptr<ModuleListFilter> module_list_filter,
+      const std::vector<third_party_dlls::PackedListModule>&
+          initial_blacklisted_modules,
      OnCacheUpdatedCallback on_cache_updated_callback);
  ~ModuleBlacklistCacheUpdater() override;
@@ -161,6 +165,8 @@ class ModuleBlacklistCacheUpdater : public ModuleDatabaseObserver {
  const CertificateInfo& exe_certificate_info_;
  scoped_refptr<ModuleListFilter> module_list_filter_;
+  const std::vector<third_party_dlls::PackedListModule>&
+      initial_blacklisted_modules_;
  OnCacheUpdatedCallback on_cache_updated_callback_;

--- a/chrome/browser/conflicts/module_blacklist_cache_updater_win_unittest.cc
+++ b/chrome/browser/conflicts/module_blacklist_cache_updater_win_unittest.cc
@@ -117,6 +117,7 @@ class ModuleBlacklistCacheUpdaterTest : public testing::Test,
  CreateModuleBlacklistCacheUpdater() {
    return std::make_unique<ModuleBlacklistCacheUpdater>(
        this, exe_certificate_info_, module_list_filter_,
+        initial_blacklisted_modules_,
        base::BindRepeating(
            &ModuleBlacklistCacheUpdaterTest::OnModuleBlacklistCacheUpdated,
            base::Unretained(this)));
@@ -184,6 +185,7 @@ class ModuleBlacklistCacheUpdaterTest : public testing::Test,
  CertificateInfo exe_certificate_info_;
  scoped_refptr<ModuleListFilter> module_list_filter_;
+  std::vector<third_party_dlls::PackedListModule> initial_blacklisted_modules_;
  base::FilePath module_blacklist_cache_path_;

--- a/chrome/browser/conflicts/third_party_conflicts_manager_win.cc
+++ b/chrome/browser/conflicts/third_party_conflicts_manager_win.cc
@@ -23,6 +23,7 @@
 #include "chrome/browser/conflicts/incompatible_applications_updater_win.h"
 #include "chrome/browser/conflicts/installed_applications_win.h"
 #include "chrome/browser/conflicts/module_blacklist_cache_updater_win.h"
+#include "chrome/browser/conflicts/module_blacklist_cache_util_win.h"
 #include "chrome/browser/conflicts/module_info_util_win.h"
 #include "chrome/browser/conflicts/module_list_filter_win.h"
 #include "chrome/common/chrome_features.h"
@@ -53,6 +54,26 @@ scoped_refptr<ModuleListFilter> CreateModuleListFilter(
  return module_list_filter;
 }
+std::unique_ptr<std::vector<third_party_dlls::PackedListModule>>
+ReadInitialBlacklistedModules() {
+  base::FilePath path =
+      ModuleBlacklistCacheUpdater::GetModuleBlacklistCachePath();
+  third_party_dlls::PackedListMetadata metadata;
+  std::vector<third_party_dlls::PackedListModule> blacklisted_modules;
+  base::MD5Digest md5_digest;
+  ReadResult read_result = ReadModuleBlacklistCache(
+      path, &metadata, &blacklisted_modules, &md5_digest);
+  // Return an empty vector on failure.
+  auto initial_blacklisted_modules =
+      std::make_unique<std::vector<third_party_dlls::PackedListModule>>();
+  if (read_result == ReadResult::kSuccess)
+    *initial_blacklisted_modules = std::move(blacklisted_modules);
+  return initial_blacklisted_modules;
+}
 }  // namespace
 ThirdPartyConflictsManager::ThirdPartyConflictsManager(
@@ -123,9 +144,7 @@ void ThirdPartyConflictsManager::OnModuleDatabaseIdle() {
  // The InstalledApplications instance is only needed for the incompatible
  // applications warning.
-  if (!IncompatibleApplicationsUpdater::IsWarningEnabled())
+  if (IncompatibleApplicationsUpdater::IsWarningEnabled()) {
-    return;
    base::PostTaskAndReplyWithResult(
        background_sequence_.get(), FROM_HERE, base::BindOnce([]() {
          return std::make_unique<InstalledApplications>();
@@ -133,6 +152,18 @@ void ThirdPartyConflictsManager::OnModuleDatabaseIdle() {
        base::BindOnce(
            &ThirdPartyConflictsManager::OnInstalledApplicationsCreated,
            weak_ptr_factory_.GetWeakPtr()));
+  }
+  // And the initial blacklisted modules are only needed for the third-party
+  // modules blocking.
+  if (base::FeatureList::IsEnabled(features::kThirdPartyModulesBlocking)) {
+    base::PostTaskAndReplyWithResult(
+        background_sequence_.get(), FROM_HERE,
+        base::BindOnce(&ReadInitialBlacklistedModules),
+        base::BindOnce(
+            &ThirdPartyConflictsManager::OnInitialBlacklistedModulesRead,
+            weak_ptr_factory_.GetWeakPtr()));
+  }
 }
 void ThirdPartyConflictsManager::OnModuleListComponentRegistered(
@@ -270,23 +301,43 @@ void ThirdPartyConflictsManager::OnInstalledApplicationsCreated(
  InitializeIfReady();
 }
+void ThirdPartyConflictsManager::OnInitialBlacklistedModulesRead(
+    std::unique_ptr<std::vector<third_party_dlls::PackedListModule>>
+        initial_blacklisted_modules) {
+  initial_blacklisted_modules_ = std::move(initial_blacklisted_modules);
+  InitializeIfReady();
+}
 void ThirdPartyConflictsManager::InitializeIfReady() {
  DCHECK(!terminal_state_.has_value());
-  // Check if this instance is ready to initialize.
+  // Check if this instance is ready to initialize. First look at dependencies
-  if (!exe_certificate_info_ || !module_list_filter_ ||
+  // that both features need.
-      (!installed_applications_ &&
+  if (!exe_certificate_info_ || !module_list_filter_)
-       IncompatibleApplicationsUpdater::IsWarningEnabled())) {
+    return;
+  // Then look at the dependency needed only for the
+  // IncompatibleApplicationsWarning feature.
+  if (IncompatibleApplicationsUpdater::IsWarningEnabled() &&
+      !installed_applications_) {
+    return;
+  }
+  // And the dependency needed only for the ThirdPartyModulesBlocking feature.
+  if (base::FeatureList::IsEnabled(features::kThirdPartyModulesBlocking) &&
+      !initial_blacklisted_modules_) {
    return;
  }
+  // Now both features are ready to be initialized.
  if (base::FeatureList::IsEnabled(features::kThirdPartyModulesBlocking)) {
    // It is safe to use base::Unretained() since the callback will not be
    // invoked if the updater is freed.
    module_blacklist_cache_updater_ =
        std::make_unique<ModuleBlacklistCacheUpdater>(
            module_database_event_source_, *exe_certificate_info_,
-            module_list_filter_,
+            module_list_filter_, *initial_blacklisted_modules_,
            base::BindRepeating(
                &ThirdPartyConflictsManager::OnModuleBlacklistCacheUpdated,
                base::Unretained(this)));

--- a/chrome/browser/conflicts/third_party_conflicts_manager_win.h
+++ b/chrome/browser/conflicts/third_party_conflicts_manager_win.h
@@ -7,6 +7,7 @@
 #include <memory>
 #include <string>
+#include <vector>
 #include "base/callback.h"
 #include "base/macros.h"
@@ -17,6 +18,7 @@
 #include "base/strings/string_piece_forward.h"
 #include "chrome/browser/conflicts/module_blacklist_cache_updater_win.h"
 #include "chrome/browser/conflicts/module_database_observer_win.h"
+#include "chrome_elf/third_party_dlls/packed_list_format.h"
 #include "components/component_updater/component_updater_service.h"
 class IncompatibleApplicationsUpdater;
@@ -31,12 +33,31 @@ class SequencedTaskRunner;
 class TaskRunner;
 }
-// This class owns all the third-party conflicts-related classes and is
+// This class is responsible for the initialization of the
-// responsible for their initialization.
+// IncompatibleApplicationsWarning and ThirdPartyModulesBlocking features. Each
+// feature requires a set of dependencies to be initialized on a background
+// sequence because their main class can be created
+// (IncompatibleApplicationsUpdater and ModuleBlacklistCacheUpdater
+// respectively).
+//
+// Dependencies list
+// For both features:
+// 1. |exe_certificate_info_| contains info about the certificate of the current
+//    executable.
+// 2. |module_list_filter_| is used to determine if a module should be blocked
+//    or allowed. The Module List component is received from the component
+//    update service, which invokes OnModuleListComponentRegister() and
+//    LoadModuleList() when appropriate.
+//
+// For the IncompatibleApplicationsWarning feature only:
+// 3. |installed_applications_| allows to tie a loaded module to an application
+//    installed on the computer.
+//
+// For the ThirdPartyModulesBlocking feature only:
+// 4. |initial_blacklisted_modules_| contains the list of modules that were
+//    blacklisted at the time the browser was launched. Modifications to that
+//    list do not take effect until a restart.
 //
-// The Module List component is received from the component update service,
-// which invokes OnModuleListComponentRegister() and LoadModuleList() when
-// appropriate.
 class ThirdPartyConflictsManager
    : public ModuleDatabaseObserver,
      public component_updater::ComponentUpdateService::Observer {
@@ -130,6 +151,11 @@ class ThirdPartyConflictsManager
  void OnInstalledApplicationsCreated(
      std::unique_ptr<InstalledApplications> installed_applications);
+  // Called when |initial_blacklisted_modules_| finishes its initialization.
+  void OnInitialBlacklistedModulesRead(
+      std::unique_ptr<std::vector<third_party_dlls::PackedListModule>>
+          initial_blacklisted_modules);
  // Initializes either or both |incompatible_applications_updater_| and
  // |module_blacklist_cache_updater_| when the exe_certificate_info_, the
  // module_list_filter_ and the installed_applications_ are available.
@@ -185,6 +211,11 @@ class ThirdPartyConflictsManager
  // use it on a background sequence.
  scoped_refptr<ModuleListFilter> module_list_filter_;
+  // The blacklisted modules contained in the cache used to initialize the
+  // blocking in chrome_elf.
+  std::unique_ptr<std::vector<third_party_dlls::PackedListModule>>
+      initial_blacklisted_modules_;
  // Retrieves the list of installed applications.
  std::unique_ptr<InstalledApplications> installed_applications_;

--- a/chrome/browser/ui/webui/conflicts/conflicts_handler.cc
+++ b/chrome/browser/ui/webui/conflicts/conflicts_handler.cc
@@ -75,6 +75,8 @@ std::string GetModuleStatusString(
        return "Disallowed - Added to the blacklist";
      case BlockingDecision::kBlocked:
        return "Disallowed - Blocked";
+      case BlockingDecision::kBypassedBlocking:
+        return "Disallowed - Bypassed blocking";
      case BlockingDecision::kUnknown:
        NOTREACHED();
        break;