| // Copyright 2025 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chrome/windows_services/service_program/crash_reporting.h" |
| |
| #include <objidl.h> |
| #include <wrl/client.h> |
| |
| #include <string> |
| #include <utility> |
| |
| #include "base/base_paths.h" |
| #include "base/check.h" |
| #include "base/debug/leak_annotations.h" |
| #include "base/files/file_path.h" |
| #include "base/files/file_util.h" |
| #include "base/functional/bind.h" |
| #include "base/path_service.h" |
| #include "base/strings/utf_string_conversions.h" |
| #include "base/synchronization/waitable_event.h" |
| #include "base/task/sequenced_task_runner.h" |
| #include "base/version_info/channel.h" |
| #include "chrome/common/chrome_version.h" |
| #include "chrome/install_static/install_util.h" |
| #include "chrome/installer/util/google_update_constants.h" |
| #include "chrome/windows_services/service_program/is_running_unattended.h" |
| #include "chrome/windows_services/service_program/user_crash_state.h" |
| #include "components/crash/core/app/crash_reporter_client.h" |
| #include "components/crash/core/app/crashpad.h" |
| #include "components/crash/core/common/crash_key.h" |
| |
| namespace { |
| |
| // Returns the directory holding per-user subdirectories for the crashpad |
| // databases, or an empty path in case of error. `directory_name` is the name of |
| // the directory within C:\Windows\SystemTemp that will be created to house a |
| // "Crashpad" directory. Each process should provide a distinct value (e.g., |
| // "ChromiumTracing" for the elevated tracing service in a Chromium build). |
| base::FilePath GetCrashpadDir(base::FilePath::StringViewType directory_name) { |
| base::FilePath system_temp; |
| if (!base::PathService::Get(base::DIR_SYSTEM_TEMP, &system_temp)) { |
| return base::FilePath(); |
| } |
| return system_temp.Append(directory_name) |
| .Append(FILE_PATH_LITERAL("Crashpad")); |
| } |
| |
| class CrashClient : public crash_reporter::CrashReporterClient { |
| public: |
| CrashClient(base::FilePath crashpad_dir, |
| std::unique_ptr<UserCrashState> user_crash_state); |
| ~CrashClient() override; |
| |
| const UserCrashState& user_crash_state() const { return *user_crash_state_; } |
| |
| // crash_reporter::CrashReporterClient: |
| void GetProductNameAndVersion(const std::wstring& exe_path, |
| std::wstring* product_name, |
| std::wstring* version, |
| std::wstring* special_build, |
| std::wstring* channel_name) override; |
| bool GetShouldDumpLargerDumps() override; |
| bool GetCrashDumpLocation(std::wstring* crash_dir) override; |
| bool IsRunningUnattended() override; |
| bool GetCollectStatsConsent() override; |
| bool GetCollectStatsInSample() override; |
| bool ReportingIsEnforcedByPolicy(bool* reporting_enabled) override; |
| |
| private: |
| // Returns the current value of the collect stats consent from the Windows |
| // registry. |
| bool GetCurrentCollectStatsConsent(); |
| bool GetCurrentCollectStatsInSample(); |
| void OnClientStateMediumChanged(); |
| void OnClientStateChanged(); |
| void OnProductKeyChanged(); |
| void UpdateUploadConsent(); |
| |
| const base::FilePath crashpad_dir_; |
| const std::unique_ptr<UserCrashState> user_crash_state_; |
| bool last_collect_stats_consent_ = false; |
| bool last_collect_stats_in_sample_ = false; |
| }; |
| |
| CrashClient::CrashClient(base::FilePath crashpad_dir, |
| std::unique_ptr<UserCrashState> user_crash_state) |
| : crashpad_dir_(std::move(crashpad_dir)), |
| user_crash_state_(std::move(user_crash_state)) { |
| if (user_crash_state_->client_state_medium_key().Valid()) { |
| // Unretained is safe because this owns the registry key by way of |
| // UserCrashState. |
| user_crash_state_->client_state_medium_key().StartWatching(base::BindOnce( |
| &CrashClient::OnClientStateMediumChanged, base::Unretained(this))); |
| } |
| if (user_crash_state_->client_state_key().Valid()) { |
| // Unretained is safe because this owns the registry key by way of |
| // UserCrashState. |
| user_crash_state_->client_state_key().StartWatching(base::BindOnce( |
| &CrashClient::OnClientStateChanged, base::Unretained(this))); |
| } |
| if (user_crash_state_->product_key().Valid()) { |
| // Unretained is safe because this owns the registry key by way of |
| // UserCrashState. |
| user_crash_state_->product_key().StartWatching(base::BindOnce( |
| &CrashClient::OnProductKeyChanged, base::Unretained(this))); |
| } |
| } |
| |
| CrashClient::~CrashClient() = default; |
| |
| void CrashClient::GetProductNameAndVersion(const std::wstring& exe_path, |
| std::wstring* product_name, |
| std::wstring* version, |
| std::wstring* special_build, |
| std::wstring* channel_name) { |
| // Report crashes under the same product name as the browser. This string |
| // MUST match server-side configuration. |
| *product_name = base::ASCIIToWide(PRODUCT_SHORTNAME_STRING); |
| *version = base::ASCIIToWide(CHROME_VERSION_STRING); |
| special_build->clear(); |
| *channel_name = |
| install_static::GetChromeChannelName(/*with_extended_stable=*/true); |
| } |
| |
| bool CrashClient::GetShouldDumpLargerDumps() { |
| // Capture larger dumps for Google Chrome beta, dev, and canary channels, and |
| // Chromium builds. The Google Chrome stable channel uses smaller dumps. |
| return install_static::GetChromeChannel() != version_info::Channel::STABLE; |
| } |
| |
| bool CrashClient::GetCrashDumpLocation(std::wstring* crash_dir) { |
| *crash_dir = crashpad_dir_.Append(user_crash_state_->user_sid()).value(); |
| return true; |
| } |
| |
| bool CrashClient::IsRunningUnattended() { |
| return internal::IsRunningUnattended(); |
| } |
| |
| bool CrashClient::GetCollectStatsConsent() { |
| // Cache the last returned value for use when handling a change to one of the |
| // registry keys. |
| last_collect_stats_consent_ = GetCurrentCollectStatsConsent(); |
| return last_collect_stats_consent_; |
| } |
| |
| bool CrashClient::GetCollectStatsInSample() { |
| // Cache the last returned value for use when handling a change to one of the |
| // registry keys. |
| last_collect_stats_in_sample_ = GetCurrentCollectStatsInSample(); |
| return last_collect_stats_in_sample_; |
| } |
| |
| bool CrashClient::ReportingIsEnforcedByPolicy(bool* reporting_enabled) { |
| return install_static::ReportingIsEnforcedByPolicy(reporting_enabled); |
| } |
| |
| bool CrashClient::GetCurrentCollectStatsConsent() { |
| DWORD value = 0; |
| |
| // TODO(crbug.com/40837274): The logic here is based on Chrome's behavior of |
| // conveying consent to Omaha via the value in HKLM\...\ClientStateMedium. |
| // This must be updated if Chrome and Omaha switch to using a value in HKCU. |
| |
| // First check for a value in ClientStateMedium. A value here for a |
| // per-machine install takes precedent over one in ClientState. |
| if (user_crash_state_->client_state_medium_key().ReadValueDW( |
| google_update::kRegUsageStatsField, &value) == ERROR_SUCCESS) { |
| return value == google_update::TRISTATE_TRUE; |
| } |
| |
| // Failing that, check for one in ClientState. |
| if (user_crash_state_->client_state_key().ReadValueDW( |
| google_update::kRegUsageStatsField, &value) == ERROR_SUCCESS) { |
| return value == google_update::TRISTATE_TRUE; |
| } |
| |
| // No value anywhere means no consent. |
| return false; |
| } |
| |
| bool CrashClient::GetCurrentCollectStatsInSample() { |
| DWORD value = 0; |
| |
| // Failure to read a value (e.g., because the value is not present) is |
| // considered "in the sample". |
| return user_crash_state_->product_key().ReadValueDW( |
| install_static::kRegValueChromeStatsSample, &value) != |
| ERROR_SUCCESS || |
| value == 1; |
| } |
| |
| void CrashClient::OnClientStateMediumChanged() { |
| // Unretained is safe because this owns the registry key by way of |
| // UserCrashState. |
| user_crash_state_->client_state_medium_key().StartWatching(base::BindOnce( |
| &CrashClient::OnClientStateMediumChanged, base::Unretained(this))); |
| |
| UpdateUploadConsent(); |
| } |
| |
| void CrashClient::OnClientStateChanged() { |
| // Unretained is safe because this owns the registry key by way of |
| // UserCrashState. |
| user_crash_state_->client_state_key().StartWatching(base::BindOnce( |
| &CrashClient::OnClientStateChanged, base::Unretained(this))); |
| |
| UpdateUploadConsent(); |
| } |
| |
| void CrashClient::OnProductKeyChanged() { |
| // Unretained is safe because this owns the registry key by way of |
| // UserCrashState. |
| user_crash_state_->product_key().StartWatching(base::BindOnce( |
| &CrashClient::OnProductKeyChanged, base::Unretained(this))); |
| |
| UpdateUploadConsent(); |
| } |
| |
| void CrashClient::UpdateUploadConsent() { |
| bool collect_stats_consent = GetCurrentCollectStatsConsent(); |
| bool collect_stats_in_sample = GetCurrentCollectStatsInSample(); |
| if (collect_stats_consent != last_collect_stats_consent_ || |
| collect_stats_in_sample != last_collect_stats_in_sample_) { |
| last_collect_stats_consent_ = collect_stats_consent; |
| crash_reporter::SetUploadConsent(collect_stats_consent); |
| } |
| } |
| |
| void StartCrashHandlerImpl(std::unique_ptr<UserCrashState> user_crash_state, |
| base::FilePath::StringViewType directory_name, |
| std::string_view process_type) { |
| // The child process requires that the directory holding the client's "crash |
| // dump location" already exists, so create it now before launching the child. |
| base::FilePath crashpad_dir = GetCrashpadDir(directory_name); |
| if (crashpad_dir.empty() || !base::CreateDirectory(crashpad_dir)) { |
| return; |
| } |
| |
| // Only one crash handler may be created for the lifetime of a process. |
| // Allow multiple calls to `StartCrashHandlerImpl`, but ensure that they are |
| // all on behalf of the same user. |
| static auto* const client = |
| new CrashClient(std::move(crashpad_dir), std::move(user_crash_state)); |
| ANNOTATE_LEAKING_OBJECT_PTR(client); |
| |
| // On the first call, ownership of `user_crash_state` will have been passed to |
| // the client. |
| if (user_crash_state) { |
| // This is not the first call. Crash if an attempt is being made to start a |
| // handler for a different user. |
| CHECK(client->user_crash_state().user_sid() == |
| user_crash_state->user_sid()); |
| // This is for the same user as the previous launch, so there is nothing |
| // more to be done. |
| return; |
| } |
| |
| // Disable COM exception handling as per |
| // https://learn.microsoft.com/en-us/windows/win32/api/objidl/nn-objidl-iglobaloptions. |
| if (Microsoft::WRL::ComPtr<IGlobalOptions> options; SUCCEEDED( |
| ::CoCreateInstance(CLSID_GlobalOptions, nullptr, CLSCTX_INPROC_SERVER, |
| IID_PPV_ARGS(&options)))) { |
| options->Set(COMGLB_EXCEPTION_HANDLING, COMGLB_EXCEPTION_DONOT_HANDLE); |
| } |
| |
| crash_reporter::SetCrashReporterClient(client); |
| crash_reporter::InitializeCrashKeys(); |
| |
| crash_reporter::InitializeCrashpadWithEmbeddedHandler( |
| /*initial_client=*/true, std::string(process_type), |
| /*user_data_dir=*/std::string(), |
| /*exe_path=*/base::FilePath()); |
| } |
| |
| } // namespace |
| |
| namespace windows_services { |
| |
| void StartCrashHandler(std::unique_ptr<UserCrashState> user_crash_state, |
| base::FilePath::StringViewType directory_name, |
| std::string_view process_type, |
| scoped_refptr<base::SequencedTaskRunner> task_runner) { |
| if (task_runner) { |
| base::WaitableEvent event; |
| task_runner->PostTask( |
| FROM_HERE, |
| base::BindOnce( |
| [](std::unique_ptr<UserCrashState> user_crash_state, |
| base::FilePath::StringViewType directory_name, |
| std::string_view process_type, base::WaitableEvent& event) { |
| StartCrashHandlerImpl(std::move(user_crash_state), directory_name, |
| process_type); |
| event.Signal(); |
| }, |
| std::move(user_crash_state), directory_name, process_type, |
| std::ref(event))); |
| event.Wait(); |
| return; |
| } |
| StartCrashHandlerImpl(std::move(user_crash_state), directory_name, |
| process_type); |
| } |
| |
| } // namespace windows_services |
