New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 612271 link

Starred by 4 users
Status: Verified
Owner:
sammiequon@chromium.org
Closed: Jan 2017
Cc:
dchan@chromium.org
krishna...@chromium.org
jdufault@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Feature

Blocking:
issue 623717
issue 603217



Sign in to add a comment

Policy support for pin unlock

Project Member Reported by jdufault@chromium.org, May 16 2016 
Pin unlock needs enterprise policy support.

Here is what is currently planned:

- What screen lock methods can the user use?
  * Password only (default)
  * Password & pin only
  * Password & all quick unlock modes
- Minimum/maximum PIN length
- Frequency of forced-password fallback: once per 6hr, 12hr, day, weak
- Forbid obvious passcodes (ex: 1111, 2222).

Comment 1 by jdufault@chromium.org, Jun 27 2016

Cc: jdufault@chromium.org
Owner: sammiequon@chromium.org
Status: Assigned (was: Available)
The only policy here that is a launch blocker is making sure admins can disable PIN unlock.

I'm guessing we're going to want to make these device policies instead of user policies, but that's still TBD. It looks like most of the integration is the same regardless of the type of policy.

PIN can be disabled from the C++ side by modifying PinStorage::IsPinAuthenticationAvailable[1].

There are docs for adding a new policy at [2], and an example CL is at [3].

1: https://cs.chromium.org/chromium/src/chrome/browser/chromeos/login/quick_unlock/pin_storage.cc?l=107
2: http://dev.chromium.org/developers/how-tos/enterprise/adding-new-policies
3: https://codereview.chromium.org/8395007

Comment 2 by jdufault@chromium.org, Jun 27 2016

Blocking: 623717

Comment 3 by scunning...@chromium.org, Jul 28 2016

Cc: dchan@chromium.org krishna...@chromium.org
Labels: M-54

Comment 4 by dchan@google.com, Aug 17 2016

Components: Enterprise

Comment 5 by dchan@google.com, Aug 17 2016

Labels: -M-54 M-55
Project Member

Comment 6 by bugdroid1@chromium.org, Nov 8 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2502899929baa186318f39e1394701974d7acec5

commit 2502899929baa186318f39e1394701974d7acec5
Author: sammiequon <sammiequon@chromium.org>
Date: Tue Nov 08 07:22:04 2016

cros: Added policies for screen unlock.

Added two policies for screen unlock. The first one is to restrict which screen unlock methods can be used. The second one is to choose the frequency at which a user has to enter their password to continue using quick unlock.

BUG= 612271 
TEST=unit_tests --gtest_filter="PinStorageUnitTest.*"
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation

Review-Url: https://codereview.chromium.org/2387253002
Cr-Commit-Position: refs/heads/master@{#430541}

[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/chrome/browser/chromeos/login/quick_unlock/pin_storage.cc
[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/chrome/browser/chromeos/login/quick_unlock/pin_storage.h
[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/chrome/browser/chromeos/login/quick_unlock/pin_storage_unittest.cc
[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.cc
[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h
[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/chrome/browser/policy/configuration_policy_handler_list_factory.cc
[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/chrome/browser/prefs/browser_prefs.cc
[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/chrome/browser/resources/settings/people_page/people_page.js
[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/chrome/browser/ui/webui/options/browser_options_handler.cc
[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/chrome/browser/ui/webui/settings/md_settings_ui.cc
[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/chrome/common/pref_names.cc
[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/chrome/common/pref_names.h
[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/chrome/test/data/policy/policy_test_cases.json
[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/components/policy/resources/policy_templates.json
[modify] https://crrev.com/2502899929baa186318f39e1394701974d7acec5/tools/metrics/histograms/histograms.xml
Project Member

Comment 7 by bugdroid1@chromium.org, Dec 9 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a5173075c1a5c6abc3aafeff4116bf2f57d8a644

commit a5173075c1a5c6abc3aafeff4116bf2f57d8a644
Author: sammiequon <sammiequon@chromium.org>
Date: Fri Dec 09 16:07:14 2016

cros: Added a new function to quick unlock api for checking unfinished pins.

This function will check pins against user policies. Currently the checking logic is in javascript code, but we want to move it to C++.

BUG= 612271 
TEST=unit_tests --gtest_filter="QuickUnlockPrivateUnitTest.*"

Review-Url: https://codereview.chromium.org/2374303002
Cr-Commit-Position: refs/heads/master@{#437552}

[modify] https://crrev.com/a5173075c1a5c6abc3aafeff4116bf2f57d8a644/chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.cc
[modify] https://crrev.com/a5173075c1a5c6abc3aafeff4116bf2f57d8a644/chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api.h
[modify] https://crrev.com/a5173075c1a5c6abc3aafeff4116bf2f57d8a644/chrome/browser/chromeos/extensions/quick_unlock_private/quick_unlock_private_api_unittest.cc
[modify] https://crrev.com/a5173075c1a5c6abc3aafeff4116bf2f57d8a644/chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.cc
[modify] https://crrev.com/a5173075c1a5c6abc3aafeff4116bf2f57d8a644/chrome/browser/policy/configuration_policy_handler_list_factory.cc
[modify] https://crrev.com/a5173075c1a5c6abc3aafeff4116bf2f57d8a644/chrome/common/extensions/api/quick_unlock_private.idl
[modify] https://crrev.com/a5173075c1a5c6abc3aafeff4116bf2f57d8a644/chrome/common/pref_names.cc
[modify] https://crrev.com/a5173075c1a5c6abc3aafeff4116bf2f57d8a644/chrome/common/pref_names.h
[modify] https://crrev.com/a5173075c1a5c6abc3aafeff4116bf2f57d8a644/chrome/test/data/policy/policy_test_cases.json
[modify] https://crrev.com/a5173075c1a5c6abc3aafeff4116bf2f57d8a644/components/policy/resources/policy_templates.json
[modify] https://crrev.com/a5173075c1a5c6abc3aafeff4116bf2f57d8a644/extensions/browser/extension_function_histogram_value.h
[modify] https://crrev.com/a5173075c1a5c6abc3aafeff4116bf2f57d8a644/tools/metrics/histograms/histograms.xml

Comment 8 by krishna...@chromium.org, Dec 21 2016 

@sammiequon - have all the CLs for this feature checked. Is this ready to be tested. If yes, could you please update the status to Fixed.

Comment 9 Deleted

Project Member

Comment 10 by bugdroid1@chromium.org, Jan 4 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7ce2c3e2cc6caf9d0015ad102866f05adf29dd51

commit 7ce2c3e2cc6caf9d0015ad102866f05adf29dd51
Author: sammiequon <sammiequon@chromium.org>
Date: Wed Jan 04 00:24:00 2017

cros: Tweaked the good/bad pin checking on the js to use the new quick unlock api function.

BUG= 612271 
TEST=browser_tests --gtest_filter="CrSettingsPeoplePageSetupPinDialogTest*"
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation

Review-Url: https://codereview.chromium.org/2376293005
Cr-Commit-Position: refs/heads/master@{#441263}

[modify] https://crrev.com/7ce2c3e2cc6caf9d0015ad102866f05adf29dd51/chrome/app/settings_strings.grdp
[modify] https://crrev.com/7ce2c3e2cc6caf9d0015ad102866f05adf29dd51/chrome/browser/resources/settings/people_page/setup_pin_dialog.html
[modify] https://crrev.com/7ce2c3e2cc6caf9d0015ad102866f05adf29dd51/chrome/browser/resources/settings/people_page/setup_pin_dialog.js
[modify] https://crrev.com/7ce2c3e2cc6caf9d0015ad102866f05adf29dd51/chrome/browser/ui/webui/options/browser_options_handler.cc
[modify] https://crrev.com/7ce2c3e2cc6caf9d0015ad102866f05adf29dd51/chrome/browser/ui/webui/settings/md_settings_localized_strings_provider.cc
[modify] https://crrev.com/7ce2c3e2cc6caf9d0015ad102866f05adf29dd51/chrome/test/data/webui/settings/fake_quick_unlock_private.js
[modify] https://crrev.com/7ce2c3e2cc6caf9d0015ad102866f05adf29dd51/chrome/test/data/webui/settings/quick_unlock_authenticate_browsertest_chromeos.js
[modify] https://crrev.com/7ce2c3e2cc6caf9d0015ad102866f05adf29dd51/third_party/closure_compiler/externs/quick_unlock_private.js
[modify] https://crrev.com/7ce2c3e2cc6caf9d0015ad102866f05adf29dd51/third_party/closure_compiler/interfaces/quick_unlock_private_interface.js

Comment 11 by krishna...@chromium.org, Jan 12 2017

Labels: -M-55 M-56
@sammiequon - have all the CLs for this feature checked. Is this ready to be tested. If yes, could you please update the status to Fixed. 
Moving the Release milestone.

Comment 12 by sammiequon@chromium.org, Jan 12 2017

Status: Fixed (was: Assigned)

Comment 13 by trapti@chromium.org, Jan 12 2017

Labels: -M-56 M-57

Comment 14 by trapti@chromium.org, Jan 14 2017 

Is it available for all devices in M57?

Comment 15 by jdufault@chromium.org, Jan 14 2017 

Re #14: Yes

Comment 16 by trapti@chromium.org, Jan 18 2017

Status: Verified (was: Fixed)
Working on Peppy.Tried setting policy through YAPS.Could set PIN and see keypad on screen lock.

Columns
M	ChromeOS	Chrome	ARC	Type	Channel
57	9195.0.0	57.0.2984.0	3640982	release	dev

Sign in to add a comment