[tor-commits] [tor-browser] 22/37: Bug 1771523 - Add telemetry probe for app signature verification outcomes. r=keeler a=RyanVM

gitolite role git at cupani.torproject.org
Wed Jun 22 18:27:31 UTC 2022 

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch tor-browser-91.11.0esr-11.5-1
in repository tor-browser.

commit 3d507046bdfe1d6132a567c1d47e500f3845c51b
Author: Dennis Jackson <djackson at mozilla.com>
AuthorDate: Mon Jun 6 13:08:01 2022 +0000

    Bug 1771523 - Add telemetry probe for app signature verification outcomes. r=keeler a=RyanVM
    
    Differential Revision: https://phabricator.services.mozilla.com/D147530
---
 security/apps/AppSignatureVerification.cpp   | 16 ++++++++++++++++
 toolkit/components/telemetry/Histograms.json | 11 +++++++++++
 2 files changed, 27 insertions(+)

diff --git a/security/apps/AppSignatureVerification.cpp b/security/apps/AppSignatureVerification.cpp
index 0674887a2c148..8100d4d38cce8 100644
--- a/security/apps/AppSignatureVerification.cpp
+++ b/security/apps/AppSignatureVerification.cpp
@@ -1307,6 +1307,22 @@ nsresult OpenSignedAppFile(AppTrustedRoot aTrustedRoot, nsIFile* aJarFile,
     }
   }
 
+  // Bits 1 and 2
+  // 00 = Didn't Process PKCS#7 signatures
+  // 01 = Processed but no valid cert or signature
+  // 10 = Processed and valid cert found, but addon didn't match manifest
+  // 11 = Processed and valid.
+  // Bits 3 and 4 are the same but for COSE.
+  uint32_t bucket = 0;
+  bucket += aPolicy.ProcessCOSE();
+  bucket += !coseCertDER.IsEmpty();
+  bucket += coseVerified;
+  bucket <<= 2;
+  bucket += aPolicy.ProcessPK7();
+  bucket += !pkcs7CertDER.IsEmpty();
+  bucket += pk7Verified;
+  Telemetry::Accumulate(Telemetry::ADDON_SIGNATURE_VERIFICATION_STATUS, bucket);
+
   if ((aPolicy.PK7Required() && !pk7Verified) ||
       (aPolicy.COSERequired() && !coseVerified)) {
     return NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE;
diff --git a/toolkit/components/telemetry/Histograms.json b/toolkit/components/telemetry/Histograms.json
index dbce789c65c4a..f8656555514b9 100644
--- a/toolkit/components/telemetry/Histograms.json
+++ b/toolkit/components/telemetry/Histograms.json
@@ -188,6 +188,17 @@
     "bug_numbers": [1172689, 1531034],
     "description": "Recorded when application reputation remote lookup is performed, `true` is recorded if the lookup times out."
   },
+  "ADDON_SIGNATURE_VERIFICATION_STATUS": {
+    "record_in_processes": ["main", "content"],
+    "products": ["firefox", "fennec"],
+    "alert_emails": ["seceng-telemetry at mozilla.com"],
+    "expires_in_version": "never",
+    "releaseChannelCollection": "opt-out",
+    "kind": "enumerated",
+    "n_values": 32,
+    "bug_numbers": [1771523],
+    "description": "Records the result of App Signature Verification. See the comments in OpenSignedAppFile. "
+  },
   "BACKGROUNDFILESAVER_THREAD_COUNT": {
     "record_in_processes": ["main", "content"],
     "products": ["firefox", "fennec"],

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the tor-commits mailing list