Add SYSLOGs for renderer kills for cookies, passwords, and localStorage.

This helps system administrators notice when compromised renderer processes are trying to access cross-site data. BUG=780106 Change-Id: Ib5b2581376d11ead1947bc385410ddf387dbc1a1 Reviewed-on: https://chromium-review.googlesource.com/989654Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org> Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Commit-Queue: Charlie Reis <creis@chromium.org> Cr-Commit-Position: refs/heads/master@{#556849}

Add SYSLOGs for renderer kills for cookies, passwords, and localStorage.
This helps system administrators notice when compromised renderer processes are trying to access cross-site data. BUG=780106 Change-Id: Ib5b2581376d11ead1947bc385410ddf387dbc1a1 Reviewed-on: https://chromium-review.googlesource.com/989654Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org> Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Commit-Queue: Charlie Reis <creis@chromium.org> Cr-Commit-Position: refs/heads/master@{#556849}
dbe13c06 · Charlie Reis · Commit Bot · 805ee510 · dbe13c06 · dbe13c06
Commit dbe13c06 authored May 08, 2018 by Charlie Reis Committed by Commit Bot May 08, 2018
3 changed files
--- a/components/password_manager/content/browser/content_password_manager_driver.cc
+++ b/components/password_manager/content/browser/content_password_manager_driver.cc
@@ -6,6 +6,7 @@
 #include <utility>
+#include "base/syslog_logging.h"
 #include "components/autofill/content/browser/content_autofill_driver.h"
 #include "components/autofill/core/common/form_data.h"
 #include "components/autofill/core/common/password_form.h"
@@ -329,6 +330,8 @@ bool ContentPasswordManagerDriver::CheckChildProcessSecurityPolicy(
  // about:blank frames as well as data URLs.  If that's not the case, kill the
  // renderer, as it might be exploited.
  if (url.SchemeIs(url::kAboutScheme) || url.SchemeIs(url::kDataScheme)) {
+    SYSLOG(WARNING) << "Killing renderer: illegal password access from about: "
+                    << " or data: URL. Reason: " << static_cast<int>(reason);
    bad_message::ReceivedBadMessage(render_frame_host_->GetProcess(), reason);
    return false;
  }
@@ -337,6 +340,8 @@ bool ContentPasswordManagerDriver::CheckChildProcessSecurityPolicy(
      content::ChildProcessSecurityPolicy::GetInstance();
  if (!policy->CanAccessDataForOrigin(render_frame_host_->GetProcess()->GetID(),
                                      url)) {
+    SYSLOG(WARNING) << "Killing renderer: illegal password access. Reason: "
+                    << static_cast<int>(reason);
    bad_message::ReceivedBadMessage(render_frame_host_->GetProcess(), reason);
    return false;
  }

--- a/content/browser/frame_host/render_frame_message_filter.cc
+++ b/content/browser/frame_host/render_frame_message_filter.cc
@@ -13,6 +13,7 @@
 #include "base/debug/alias.h"
 #include "base/macros.h"
 #include "base/strings/string_util.h"
+#include "base/syslog_logging.h"
 #include "base/unguessable_token.h"
 #include "build/build_config.h"
 #include "components/download/public/common/download_url_parameters.h"
@@ -490,8 +491,11 @@ void RenderFrameMessageFilter::SetCookie(int32_t render_frame_id,
  ChildProcessSecurityPolicyImpl* policy =
      ChildProcessSecurityPolicyImpl::GetInstance();
  if (!policy->CanAccessDataForOrigin(render_process_id_, url)) {
-    bad_message::ReceivedBadMessage(this,
+    bad_message::BadMessageReason reason =
-                                    bad_message::RFMF_SET_COOKIE_BAD_ORIGIN);
+        bad_message::RFMF_SET_COOKIE_BAD_ORIGIN;
+    SYSLOG(WARNING) << "Killing renderer: illegal cookie write. Reason: "
+                    << reason;
+    bad_message::ReceivedBadMessage(this, reason);
    return;
  }
@@ -531,8 +535,11 @@ void RenderFrameMessageFilter::GetCookies(int render_frame_id,
  ChildProcessSecurityPolicyImpl* policy =
      ChildProcessSecurityPolicyImpl::GetInstance();
  if (!policy->CanAccessDataForOrigin(render_process_id_, url)) {
-    bad_message::ReceivedBadMessage(this,
+    bad_message::BadMessageReason reason =
-                                    bad_message::RFMF_GET_COOKIES_BAD_ORIGIN);
+        bad_message::RFMF_GET_COOKIES_BAD_ORIGIN;
+    SYSLOG(WARNING) << "Killing renderer: illegal cookie read. Reason: "
+                    << reason;
+    bad_message::ReceivedBadMessage(this, reason);
    std::move(callback).Run(std::string());
    return;
  }

--- a/content/browser/storage_partition_impl.cc
+++ b/content/browser/storage_partition_impl.cc
@@ -17,6 +17,7 @@
 #include "base/sequenced_task_runner.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/utf_string_conversions.h"
+#include "base/syslog_logging.h"
 #include "content/browser/background_fetch/background_fetch_context.h"
 #include "content/browser/blob_storage/blob_registry_wrapper.h"
 #include "content/browser/blob_storage/chrome_blob_storage_context.h"
@@ -831,6 +832,7 @@ void StoragePartitionImpl::OpenLocalStorage(
  int process_id = bindings_.dispatch_context();
  if (!ChildProcessSecurityPolicy::GetInstance()->CanAccessDataForOrigin(
          process_id, origin.GetURL())) {
+    SYSLOG(WARNING) << "Killing renderer: illegal localStorage request.";
    bindings_.ReportBadMessage("Access denied for localStorage request");
    return;
  }