New issue
Advanced search Search tips

Issue 613024 link

Starred by 3 users
Status: Fixed
Owner:
pkotw...@chromium.org
Closed: Jul 2016
Cc:
hanxi@chromium.org
pkotw...@chromium.org
yfried...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 3
Type: Bug



Sign in to add a comment

Figure out what security checks need to be done prior to delegate displaying notification to WebAPK

Project Member Reported by pkotw...@chromium.org, May 19 2016 
Figure out what security checks need to be done prior to delegate displaying notification to WebAPK

Comment 1 by yfried...@chromium.org, Jun 30 2016

Status: WontFix (was: Untriaged)
We've implemented these checks by: 
1) chrome check whether the webapk is a valid webapk
2) webapk checking caller is chrome

Comment 2 by yfried...@chromium.org, Jun 30 2016

Blocking: -524670

Comment 3 by pkotw...@chromium.org, Jul 1 2016

Status: (was: WontFix)
This bug is not WontFix. Our use of WebApkUtils#isValidWebApk() and WebApkUtils#queryWebApkPackage() is inconsistent. When is WebApkUtils#isValidWebApk() sufficient and when are both WebApkUtils#isValidWebApk() and WebApkUtils#queryWebApkPackage() required? I have https://codereview.chromium.org/2109033002/ up for review to address this issue.

Comment 4 by pkotw...@chromium.org, Jul 1 2016

Owner: pkotw...@chromium.org
Status: Started
Project Member

Comment 5 by bugdroid1@chromium.org, Jul 5 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/82d265d97abff26f8ed3e432c63ee2fcfd456e99

commit 82d265d97abff26f8ed3e432c63ee2fcfd456e99
Author: pkotwicz <pkotwicz@chromium.org>
Date: Tue Jul 05 19:38:44 2016

Cleanup usage of WebApkValidator in notification code

This CL:
- Makes calls to WebApkValidator#queryWebApkPackage() and
  WebApkValidator#findWebApkPackage() call WebApkValidator#isValidWebApk().
- Removes WebApkValidator#queryWebApkPackage() call from
  NotificationPlatformBridge#dispatchNotificationEvent(). The check is
  unnecessary because
  org.chromium.chrome.browser.notifications.NotificationService is not
  exported.

BUG= 613024 

Review-Url: https://codereview.chromium.org/2109033002
Cr-Commit-Position: refs/heads/master@{#403816}

[modify] https://crrev.com/82d265d97abff26f8ed3e432c63ee2fcfd456e99/chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationDelegate.java
[modify] https://crrev.com/82d265d97abff26f8ed3e432c63ee2fcfd456e99/chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationDelegateImpl.java
[modify] https://crrev.com/82d265d97abff26f8ed3e432c63ee2fcfd456e99/chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java
[modify] https://crrev.com/82d265d97abff26f8ed3e432c63ee2fcfd456e99/chrome/android/java/src/org/chromium/chrome/browser/notifications/NotificationPlatformBridge.java
[modify] https://crrev.com/82d265d97abff26f8ed3e432c63ee2fcfd456e99/chrome/android/java/src/org/chromium/chrome/browser/webapps/WebappLauncherActivity.java
[modify] https://crrev.com/82d265d97abff26f8ed3e432c63ee2fcfd456e99/chrome/android/javatests/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandlerTest.java
[modify] https://crrev.com/82d265d97abff26f8ed3e432c63ee2fcfd456e99/chrome/android/webapk/libs/client/junit/src/org/chromium/webapk/lib/client/WebApkValidatorTest.java
[modify] https://crrev.com/82d265d97abff26f8ed3e432c63ee2fcfd456e99/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkValidator.java

Comment 6 by pkotw...@chromium.org, Jul 6 2016

Status: Fixed (was: Started)

Sign in to add a comment