[tbb-commits] [tor-browser] 22/37: Bug 1771523 - Add telemetry probe for app signature verification outcomes. r=keeler a=RyanVM
gitolite role
git at cupani.torproject.org
Wed Jun 22 18:27:31 UTC 2022
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.11.0esr-11.5-1
in repository tor-browser.
commit 3d507046bdfe1d6132a567c1d47e500f3845c51b
Author: Dennis Jackson <djackson at mozilla.com>
AuthorDate: Mon Jun 6 13:08:01 2022 +0000
Bug 1771523 - Add telemetry probe for app signature verification outcomes. r=keeler a=RyanVM
Differential Revision: https://phabricator.services.mozilla.com/D147530
---
security/apps/AppSignatureVerification.cpp | 16 ++++++++++++++++
toolkit/components/telemetry/Histograms.json | 11 +++++++++++
2 files changed, 27 insertions(+)
diff --git a/security/apps/AppSignatureVerification.cpp b/security/apps/AppSignatureVerification.cpp
index 0674887a2c148..8100d4d38cce8 100644
--- a/security/apps/AppSignatureVerification.cpp
+++ b/security/apps/AppSignatureVerification.cpp
@@ -1307,6 +1307,22 @@ nsresult OpenSignedAppFile(AppTrustedRoot aTrustedRoot, nsIFile* aJarFile,
}
}
+ // Bits 1 and 2
+ // 00 = Didn't Process PKCS#7 signatures
+ // 01 = Processed but no valid cert or signature
+ // 10 = Processed and valid cert found, but addon didn't match manifest
+ // 11 = Processed and valid.
+ // Bits 3 and 4 are the same but for COSE.
+ uint32_t bucket = 0;
+ bucket += aPolicy.ProcessCOSE();
+ bucket += !coseCertDER.IsEmpty();
+ bucket += coseVerified;
+ bucket <<= 2;
+ bucket += aPolicy.ProcessPK7();
+ bucket += !pkcs7CertDER.IsEmpty();
+ bucket += pk7Verified;
+ Telemetry::Accumulate(Telemetry::ADDON_SIGNATURE_VERIFICATION_STATUS, bucket);
+
if ((aPolicy.PK7Required() && !pk7Verified) ||
(aPolicy.COSERequired() && !coseVerified)) {
return NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE;
diff --git a/toolkit/components/telemetry/Histograms.json b/toolkit/components/telemetry/Histograms.json
index dbce789c65c4a..f8656555514b9 100644
--- a/toolkit/components/telemetry/Histograms.json
+++ b/toolkit/components/telemetry/Histograms.json
@@ -188,6 +188,17 @@
"bug_numbers": [1172689, 1531034],
"description": "Recorded when application reputation remote lookup is performed, `true` is recorded if the lookup times out."
},
+ "ADDON_SIGNATURE_VERIFICATION_STATUS": {
+ "record_in_processes": ["main", "content"],
+ "products": ["firefox", "fennec"],
+ "alert_emails": ["seceng-telemetry at mozilla.com"],
+ "expires_in_version": "never",
+ "releaseChannelCollection": "opt-out",
+ "kind": "enumerated",
+ "n_values": 32,
+ "bug_numbers": [1771523],
+ "description": "Records the result of App Signature Verification. See the comments in OpenSignedAppFile. "
+ },
"BACKGROUNDFILESAVER_THREAD_COUNT": {
"record_in_processes": ["main", "content"],
"products": ["firefox", "fennec"],
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tbb-commits
mailing list