Convert os_crypt from a source_set to a component

services/network and chrome/ both depend on os_crypt, which creates
problems with the component build when the NetworkService is
instantiated in-process, and caused
https://chromium.googlesource.com/chromium/src/+/41e3c57070c2 to be
reverted.

It also makes the component build to link os_crypt at least twice,
which seems not great.

Bug: 789644, 868536
Change-Id: Ie964c51ea2b85a7ace63f76bb39524537fe69e2f
Cq-Include-Trybots: luci.chromium.try:linux_mojo
Reviewed-on: https://chromium-review.googlesource.com/1155309Reviewed-by: Christos Froussios <cfroussios@chromium.org>
Commit-Queue: Matt Menke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#579403}

components/os_crypt/BUILD.gn

@@ -30,7 +30,7 @@ if (use_gnome_keyring) {
   }
 }
 
-static_library("os_crypt") {
+component("os_crypt") {
   sources = [
     "ie7_password_win.cc",
     "ie7_password_win.h",
@@ -51,6 +51,8 @@ static_library("os_crypt") {
     "//crypto:platform",
   ]
 
+  defines = [ "IS_OS_CRYPT_IMPL" ]
+
   if ((is_posix || is_fuchsia) && !is_mac && !is_ios &&
       (!is_desktop_linux || is_chromecast)) {
     sources += [ "os_crypt_posix.cc" ]
@@ -80,7 +82,6 @@ static_library("os_crypt") {
       "key_storage_util_linux.h",
       "os_crypt_linux.cc",
     ]
-    defines = []
 
     if (use_gnome_keyring) {
       sources += [

components/os_crypt/ie7_password_win.h

@@ -9,10 +9,11 @@
 #include <string>
 #include <vector>
 
+#include "base/component_export.h"
 #include "base/time/time.h"
 
 // Contains the information read from the IE7/IE8 Storage2 key in the registry.
-struct IE7PasswordInfo {
+struct COMPONENT_EXPORT(OS_CRYPT) IE7PasswordInfo {
   IE7PasswordInfo();
   IE7PasswordInfo(const IE7PasswordInfo& other);
   ~IE7PasswordInfo();
@@ -30,7 +31,7 @@ struct IE7PasswordInfo {
 
 namespace ie7_password {
 
-struct DecryptedCredentials {
+struct COMPONENT_EXPORT(OS_CRYPT) DecryptedCredentials {
   std::wstring username;
   std::wstring password;
 };
@@ -39,18 +40,20 @@ struct DecryptedCredentials {
 // The collection of bytes in |data| is interpreted as a special PasswordEntry
 // structure. IE saves the login information as a binary dump of this structure.
 // Credentials extracted from |data| end up in |credentials|.
+COMPONENT_EXPORT(OS_CRYPT)
 bool GetUserPassFromData(const std::vector<unsigned char>& data,
                          std::vector<DecryptedCredentials>* credentials);
 
 // Decrypts usernames and passwords for a given data vector using the url as
 // the key.
 // Output ends up in |credentials|.
+COMPONENT_EXPORT(OS_CRYPT)
 bool DecryptPasswords(const std::wstring& url,
                       const std::vector<unsigned char>& data,
                       std::vector<DecryptedCredentials>* credentials);
 
 // Returns the hash of a url.
-std::wstring GetUrlHash(const std::wstring& url);
+COMPONENT_EXPORT(OS_CRYPT) std::wstring GetUrlHash(const std::wstring& url);
 
 }  // namespace ie7_password
 

components/os_crypt/key_storage_config_linux.h

@@ -8,6 +8,7 @@
 #include <memory>
 #include <string>
 
+#include "base/component_export.h"
 #include "base/files/file_path.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
@@ -16,7 +17,7 @@
 namespace os_crypt {
 
 // A container for all the initialisation parameters for OSCrypt.
-struct Config {
+struct COMPONENT_EXPORT(OS_CRYPT) Config {
  public:
   Config();
   ~Config();

components/os_crypt/key_storage_keyring.h

@@ -7,6 +7,7 @@
 
 #include <string>
 
+#include "base/component_export.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "components/os_crypt/key_storage_linux.h"
@@ -16,7 +17,7 @@ class SingleThreadTaskRunner;
 }  // namespace base
 
 // Specialisation of KeyStorageLinux that uses Libsecret.
-class KeyStorageKeyring : public KeyStorageLinux {
+class COMPONENT_EXPORT(OS_CRYPT) KeyStorageKeyring : public KeyStorageLinux {
  public:
   explicit KeyStorageKeyring(
       scoped_refptr<base::SingleThreadTaskRunner> main_thread_runner);

components/os_crypt/key_storage_kwallet.h

@@ -8,11 +8,12 @@
 #include <memory>
 #include <string>
 
+#include "base/component_export.h"
 #include "base/macros.h"
 #include "components/os_crypt/key_storage_linux.h"
 #include "components/os_crypt/kwallet_dbus.h"
 
-class KeyStorageKWallet : public KeyStorageLinux {
+class COMPONENT_EXPORT(OS_CRYPT) KeyStorageKWallet : public KeyStorageLinux {
  public:
   KeyStorageKWallet(base::nix::DesktopEnvironment desktop_env,
                     std::string app_name);

components/os_crypt/key_storage_libsecret.h

@@ -7,11 +7,12 @@
 
 #include <string>
 
+#include "base/component_export.h"
 #include "base/macros.h"
 #include "components/os_crypt/key_storage_linux.h"
 
 // Specialisation of KeyStorageLinux that uses Libsecret.
-class KeyStorageLibsecret : public KeyStorageLinux {
+class COMPONENT_EXPORT(OS_CRYPT) KeyStorageLibsecret : public KeyStorageLinux {
  public:
   KeyStorageLibsecret() = default;
   ~KeyStorageLibsecret() override = default;

components/os_crypt/key_storage_linux.h

@@ -8,6 +8,7 @@
 #include <memory>
 #include <string>
 
+#include "base/component_export.h"
 #include "base/macros.h"
 
 namespace base {
@@ -21,14 +22,15 @@ struct Config;
 
 // An API for retrieving OSCrypt's password from the system's password storage
 // service.
-class KeyStorageLinux {
+class COMPONENT_EXPORT(OS_CRYPT) KeyStorageLinux {
  public:
   KeyStorageLinux() = default;
   virtual ~KeyStorageLinux() = default;
 
   // Tries to load the appropriate key storage. Returns null if none succeed.
-  static std::unique_ptr<KeyStorageLinux> CreateService(
-      const os_crypt::Config& config);
+  static COMPONENT_EXPORT(OS_CRYPT)
+      std::unique_ptr<KeyStorageLinux> CreateService(
+          const os_crypt::Config& config);
 
   // Gets the encryption key from the OS password-managing library. If a key is
   // not found, a new key will be generated, stored and returned.

components/os_crypt/key_storage_util_linux.h

@@ -7,6 +7,7 @@
 
 #include <string>
 
+#include "base/component_export.h"
 #include "base/nix/xdg_util.h"
 
 namespace base {
@@ -32,16 +33,19 @@ enum class SelectedLinuxBackend {
 // TODO(crbug/571003): This is exposed as a utility only for password manager to
 // use. It should be merged into key_storage_linux, once no longer needed in
 // password manager.
-SelectedLinuxBackend SelectBackend(const std::string& type,
-                                   bool use_backend,
-                                   base::nix::DesktopEnvironment desktop_env);
+SelectedLinuxBackend COMPONENT_EXPORT(OS_CRYPT)
+    SelectBackend(const std::string& type,
+                  bool use_backend,
+                  base::nix::DesktopEnvironment desktop_env);
 
 // Set the setting that disables using OS-level encryption. If |use| is true,
 // a backend will be used.
-bool WriteBackendUse(const base::FilePath& user_data_dir, bool use);
+bool COMPONENT_EXPORT(OS_CRYPT)
+    WriteBackendUse(const base::FilePath& user_data_dir, bool use);
 
 // Decide whether the backend should be used based on the setting.
-bool GetBackendUse(const base::FilePath& user_data_dir);
+bool COMPONENT_EXPORT(OS_CRYPT)
+    GetBackendUse(const base::FilePath& user_data_dir);
 
 }  // namespace os_crypt
 

components/os_crypt/keychain_password_mac.h

@@ -7,13 +7,14 @@
 
 #include <string>
 
+#include "base/component_export.h"
 #include "base/macros.h"
 
 namespace crypto {
 class AppleKeychain;
 }
 
-class KeychainPassword {
+class COMPONENT_EXPORT(OS_CRYPT) KeychainPassword {
  public:
   explicit KeychainPassword(const crypto::AppleKeychain& keychain)
       : keychain_(keychain) {
@@ -28,8 +29,8 @@ class KeychainPassword {
   std::string GetPassword() const;
 
   // The service and account names used in Chrome's Safe Storage keychain item.
-  static const char service_name[];
-  static const char account_name[];
+  static COMPONENT_EXPORT(OS_CRYPT) const char service_name[];
+  static COMPONENT_EXPORT(OS_CRYPT) const char account_name[];
 
  private:
   const crypto::AppleKeychain& keychain_;

components/os_crypt/keyring_util_linux.h

@@ -17,6 +17,7 @@
 #define GNOME_KEYRING_DEPRECATED_FOR(x)
 #include <gnome-keyring.h>
 
+#include "base/component_export.h"
 #include "base/macros.h"
 
 // Many of the gnome_keyring_* functions use variable arguments, which makes
@@ -28,40 +29,46 @@
 // functions. Note that it has only static fields.
 class GnomeKeyringLoader {
  public:
-  static bool LoadGnomeKeyring();
+  static COMPONENT_EXPORT(OS_CRYPT) bool LoadGnomeKeyring();
 
   // Declare the actual function pointers that we'll use in client code.
   // These functions will contact the service.
-  static decltype(&::gnome_keyring_is_available) gnome_keyring_is_available_ptr;
-  static decltype(
-      &::gnome_keyring_store_password) gnome_keyring_store_password_ptr;
-  static decltype(
-      &::gnome_keyring_delete_password) gnome_keyring_delete_password_ptr;
-  static decltype(&::gnome_keyring_find_items) gnome_keyring_find_items_ptr;
-  static decltype(
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(&::gnome_keyring_is_available)
+      gnome_keyring_is_available_ptr;
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(&::gnome_keyring_store_password)
+      gnome_keyring_store_password_ptr;
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(&::gnome_keyring_delete_password)
+      gnome_keyring_delete_password_ptr;
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(&::gnome_keyring_find_items)
+      gnome_keyring_find_items_ptr;
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(
       &::gnome_keyring_find_password_sync) gnome_keyring_find_password_sync_ptr;
-  static decltype(&::gnome_keyring_store_password_sync)
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(
+      &::gnome_keyring_store_password_sync)
       gnome_keyring_store_password_sync_ptr;
 
   // These functions do not contact the service.
-  static decltype(
-      &::gnome_keyring_result_to_message) gnome_keyring_result_to_message_ptr;
-  static decltype(&::gnome_keyring_attribute_list_free)
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(&::gnome_keyring_result_to_message)
+      gnome_keyring_result_to_message_ptr;
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(
+      &::gnome_keyring_attribute_list_free)
       gnome_keyring_attribute_list_free_ptr;
-  static decltype(
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(
       &::gnome_keyring_attribute_list_new) gnome_keyring_attribute_list_new_ptr;
-  static decltype(&::gnome_keyring_attribute_list_append_string)
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(
+      &::gnome_keyring_attribute_list_append_string)
       gnome_keyring_attribute_list_append_string_ptr;
-  static decltype(&::gnome_keyring_attribute_list_append_uint32)
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(
+      &::gnome_keyring_attribute_list_append_uint32)
       gnome_keyring_attribute_list_append_uint32_ptr;
-  static decltype(
-      &::gnome_keyring_free_password) gnome_keyring_free_password_ptr;
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(&::gnome_keyring_free_password)
+      gnome_keyring_free_password_ptr;
   // We also use gnome_keyring_attribute_list_index(), which is a macro and
   // can't be referenced.
 
  protected:
   // Set to true if LoadGnomeKeyring() has already succeeded.
-  static bool keyring_loaded;
+  static COMPONENT_EXPORT(OS_CRYPT) bool keyring_loaded;
 
  private:
   struct FunctionInfo {

components/os_crypt/kwallet_dbus.h

@@ -8,6 +8,7 @@
 #include <string>
 #include <vector>
 
+#include "base/component_export.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/nix/xdg_util.h"
@@ -18,7 +19,7 @@ class ObjectProxy;
 }
 
 // Contains wrappers for dbus invocations related to KWallet.
-class KWalletDBus {
+class COMPONENT_EXPORT(OS_CRYPT) KWalletDBus {
  public:
   // Error code for dbus calls to kwallet.
   enum Error { SUCCESS = 0, CANNOT_CONTACT, CANNOT_READ };

components/os_crypt/libsecret_util_linux.h

@@ -10,23 +10,32 @@
 #include <list>
 #include <string>
 
+#include "base/component_export.h"
 #include "base/macros.h"
 
 // Utility for dynamically loading libsecret.
 class LibsecretLoader {
  public:
-  static decltype(&::secret_item_get_attributes) secret_item_get_attributes;
-  static decltype(&::secret_item_get_secret) secret_item_get_secret;
-  static decltype(&::secret_item_load_secret_sync) secret_item_load_secret_sync;
-  static decltype(&::secret_password_clear_sync) secret_password_clear_sync;
-  static decltype(&::secret_password_store_sync) secret_password_store_sync;
-  static decltype(&::secret_service_search_sync) secret_service_search_sync;
-  static decltype(&::secret_value_get_text) secret_value_get_text;
-  static decltype(&::secret_value_unref) secret_value_unref;
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(&::secret_item_get_attributes)
+      secret_item_get_attributes;
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(&::secret_item_get_secret)
+      secret_item_get_secret;
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(&::secret_item_load_secret_sync)
+      secret_item_load_secret_sync;
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(&::secret_password_clear_sync)
+      secret_password_clear_sync;
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(&::secret_password_store_sync)
+      secret_password_store_sync;
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(&::secret_service_search_sync)
+      secret_service_search_sync;
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(&::secret_value_get_text)
+      secret_value_get_text;
+  static COMPONENT_EXPORT(OS_CRYPT) decltype(&::secret_value_unref)
+      secret_value_unref;
 
   // Wrapper for secret_service_search_sync that prevents common leaks. See
   // https://crbug.com/393395.
-  class SearchHelper {
+  class COMPONENT_EXPORT(OS_CRYPT) SearchHelper {
    public:
     SearchHelper();
     ~SearchHelper();
@@ -51,14 +60,14 @@ class LibsecretLoader {
   // Returns false if either step fails.
   // Repeated calls check the responsiveness every time, but do not load the
   // the library again if already successful.
-  static bool EnsureLibsecretLoaded();
+  static COMPONENT_EXPORT(OS_CRYPT) bool EnsureLibsecretLoaded();
 
   // Ensure that the default keyring is accessible. This won't prevent the user
   // from locking their keyring while Chrome is running.
-  static void EnsureKeyringUnlocked();
+  static COMPONENT_EXPORT(OS_CRYPT) void EnsureKeyringUnlocked();
 
  protected:
-  static bool libsecret_loaded_;
+  static COMPONENT_EXPORT(OS_CRYPT) bool libsecret_loaded_;
 
  private:
   struct FunctionInfo {
@@ -82,7 +91,7 @@ class LibsecretLoader {
   DISALLOW_IMPLICIT_CONSTRUCTORS(LibsecretLoader);
 };
 
-class LibsecretAttributesBuilder {
+class COMPONENT_EXPORT(OS_CRYPT) LibsecretAttributesBuilder {
  public:
   LibsecretAttributesBuilder();
   ~LibsecretAttributesBuilder();

components/os_crypt/os_crypt.h

@@ -8,15 +8,16 @@
 #include <memory>
 #include <string>
 
+#include "base/component_export.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string16.h"
 #include "build/build_config.h"
 
-#if defined(OS_LINUX) && !defined(OS_CHROMEOS) && defined(UNIT_TEST)
+#if defined(OS_LINUX) && !defined(OS_CHROMEOS)
 class KeyStorageLinux;
-#endif  // defined(OS_LINUX) && !defined(OS_CHROMEOS) && defined(UNIT_TEST)
+#endif  // defined(OS_LINUX) && !defined(OS_CHROMEOS)
 
 namespace os_crypt {
 struct Config;
@@ -30,7 +31,8 @@ class OSCrypt {
  public:
 #if defined(OS_LINUX) && !defined(OS_CHROMEOS)
   // Set the configuration of OSCrypt.
-  static void SetConfig(std::unique_ptr<os_crypt::Config> config);
+  static COMPONENT_EXPORT(OS_CRYPT) void SetConfig(
+      std::unique_ptr<os_crypt::Config> config);
 #endif  // defined(OS_LINUX) && !defined(OS_CHROMEOS)
 
 #if defined(OS_MACOSX) || (defined(OS_LINUX) && !defined(OS_CHROMEOS))
@@ -38,60 +40,67 @@ class OSCrypt {
   // available. On MacOS returns true if Keychain is available (for mock
   // Keychain it returns true if not using locked Keychain, false if using
   // locked mock Keychain).
-  static bool IsEncryptionAvailable();
+  static COMPONENT_EXPORT(OS_CRYPT) bool IsEncryptionAvailable();
 #endif
 
   // Encrypt a string16. The output (second argument) is really an array of
   // bytes, but we're passing it back as a std::string.
-  static bool EncryptString16(const base::string16& plaintext,
-                              std::string* ciphertext);
+  static COMPONENT_EXPORT(OS_CRYPT) bool EncryptString16(
+      const base::string16& plaintext,
+      std::string* ciphertext);
 
   // Decrypt an array of bytes obtained with EncryptString16 back into a
   // string16. Note that the input (first argument) is a std::string, so you
   // need to first get your (binary) data into a string.
-  static bool DecryptString16(const std::string& ciphertext,
-                              base::string16* plaintext);
+  static COMPONENT_EXPORT(OS_CRYPT) bool DecryptString16(
+      const std::string& ciphertext,
+      base::string16* plaintext);
 
   // Encrypt a string.
-  static bool EncryptString(const std::string& plaintext,
-                            std::string* ciphertext);
+  static COMPONENT_EXPORT(OS_CRYPT) bool EncryptString(
+      const std::string& plaintext,
+      std::string* ciphertext);
 
   // Decrypt an array of bytes obtained with EnctryptString back into a string.
   // Note that the input (first argument) is a std::string, so you need to first
   // get your (binary) data into a string.
-  static bool DecryptString(const std::string& ciphertext,
-                            std::string* plaintext);
+  static COMPONENT_EXPORT(OS_CRYPT) bool DecryptString(
+      const std::string& ciphertext,
+      std::string* plaintext);
 
 #if defined(OS_MACOSX)
   // For unit testing purposes we instruct the Encryptor to use a mock Keychain
   // on the Mac. The default is to use the real Keychain. Use OSCryptMocker,
   // instead of calling this method directly.
-  static void UseMockKeychainForTesting(bool use_mock);
+  static COMPONENT_EXPORT(OS_CRYPT) void UseMockKeychainForTesting(
+      bool use_mock);
 
   // When Keychain is locked, it's not possible to get the encryption key. This
   // is used only for testing purposes. Enabling locked Keychain also enables
   // mock Keychain. Use OSCryptMocker, instead of calling this method directly.
-  static void UseLockedMockKeychainForTesting(bool use_locked);
+  static COMPONENT_EXPORT(OS_CRYPT) void UseLockedMockKeychainForTesting(
+      bool use_locked);
 #endif
 
  private:
   DISALLOW_IMPLICIT_CONSTRUCTORS(OSCrypt);
 };
 
-#if defined(OS_LINUX) && !defined(OS_CHROMEOS) && defined(UNIT_TEST)
+#if defined(OS_LINUX) && !defined(OS_CHROMEOS)
 // For unit testing purposes, inject methods to be used.
 // |get_key_storage_mock| provides the desired |KeyStorage| implementation.
 // If the provider returns |nullptr|, a hardcoded password will be used.
 // |get_password_v11_mock| provides a password to derive the encryption key from
 // If one parameter is |nullptr|, the function will be not be replaced.
 // If all parameters are |nullptr|, the real implementation is restored.
+COMPONENT_EXPORT(OS_CRYPT)
 void UseMockKeyStorageForTesting(
     std::unique_ptr<KeyStorageLinux> (*get_key_storage_mock)(),
     std::string* (*get_password_v11_mock)());
 
 // Clears any caching and most lazy initialisations performed by the production
 // code. Should be used after any test which required a password.
-void ClearCacheForTesting();
-#endif  // defined(OS_LINUX) && !defined(OS_CHROMEOS) && defined(UNIT_TEST)
+COMPONENT_EXPORT(OS_CRYPT) void ClearCacheForTesting();
+#endif  // defined(OS_LINUX) && !defined(OS_CHROMEOS)
 
 #endif  // COMPONENTS_OS_CRYPT_OS_CRYPT_H_

components/os_crypt/os_crypt_switches.h

@@ -7,6 +7,7 @@
 
 // Defines all the command-line switches used by the encryptor component.
 
+#include "base/component_export.h"
 #include "build/build_config.h"
 
 namespace os_crypt {
@@ -16,7 +17,7 @@ namespace switches {
 
 // Uses mock keychain for testing purposes, which prevents blocking dialogs
 // from causing timeouts.
-extern const char kUseMockKeychain[];
+COMPONENT_EXPORT(OS_CRYPT) extern const char kUseMockKeychain[];
 
 #endif  // OS_MACOSX