Provide unrestricted USB API access for Kiosk Apps. |
||||||||||||||||||||||
Issue descriptionTo prevent fingerprinting a user, we require apps to declare all the device types it needs to use in its manifest. In a kiosk-only scenario, the user is a robot account and that one app (and apps it chooses to load) are the only ones running. In this scenario, fingerprinting doesn't apply. For apps running with the kiosk-only permission, we should allow access to any attached USB devices without requiring declaration in the manifest.
,
Jul 18 2016
,
Jul 27 2016
Auto-assigning a reviewer to this review.
,
Jul 28 2016
This does not look like a launch review bug. If you want to give privacy a heads-up, please use the Privacy component, not the Review-Privacy label. If you have concrete questions or requests, please consider sending an e-mail to the privacy team. I'm not sure who was the previous owner of this, so sending this to rkc@ for triaging.
,
Jul 29 2016
Yep, just wanted to give privacy a heads up that we're doing this - if you have any objections, please let us know. Assigning to Toni since he's already working on Kiosk permissions.
,
Aug 1 2016
+bartfab for heads-up
,
Aug 1 2016
Sounds reasonable for kiosk mode. Public Sessions would be another story.
,
Aug 9 2016
,
Aug 9 2016
This should probably look at session type. Initially let's keep it restricted to Kiosk, till we have a clearer idea of what the public_session session type will entail.
,
Aug 10 2016
(Privacy team noticed this, and for concrete questions please follow #4. Until then, removing myself from Cc.)
,
Aug 24 2016
,
Aug 24 2016
,
Aug 24 2016
,
Oct 7 2016
,
Oct 21 2016
,
Oct 27 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb commit 2d0dff8d82ef6b4ba129f77f542e02391b7b04fb Author: tbarzic <tbarzic@chromium.org> Date: Thu Oct 27 22:09:00 2016 Allow interfaceClass USB device permissions Introduces interfaceClass parameter to usbDevice permission. The parameter is used to match permission to all USB device that expose an interface with the provided class. The interfaceClass permission will be matched against all interfaces supported by any of USB device configurations. USB device permission with interfaceClass set will only be taken into account when determining device availability in kiosk sessions. To support filtering devices that specify (only) device level class (e.g. hub class is device descriptor class), when testing interfaceClass permission parameter, take device class into account (in addition to all interface classes). Since extracting set of supported interfaces or a device is not as trivial as getting vendor/product ID, introduce helper factory methods for UsbDevicePermisison::CheckParam that will create check param for a USB device. Also, since usbDevice permission is used by hid API too, add a method for creating check param for HID devices. For those, set of interface classes will be set to HID interface class: 3. BUG= 629223 Review-Url: https://codereview.chromium.org/2418353002 Cr-Commit-Position: refs/heads/master@{#428154} [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/chrome/browser/chromeos/printer_detector/printer_detector.cc [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/chrome/browser/extensions/permission_messages_unittest.cc [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/chrome/browser/ui/webui/print_preview/extension_printer_handler.cc [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/chrome/common/extensions/permissions/chrome_permission_message_provider_unittest.cc [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/device/usb/mock_usb_device.cc [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/device/usb/mock_usb_device.h [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/extensions/browser/api/hid/hid_device_manager.cc [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/extensions/browser/api/usb/usb_api.cc [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/extensions/browser/api/usb/usb_event_router.cc [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/extensions/common/BUILD.gn [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/extensions/common/api/_behavior_features.json [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/extensions/common/extension_messages.h [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/extensions/common/features/behavior_feature.cc [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/extensions/common/features/behavior_feature.h [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/extensions/common/permissions/usb_device_permission.cc [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/extensions/common/permissions/usb_device_permission.h [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/extensions/common/permissions/usb_device_permission_data.cc [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/extensions/common/permissions/usb_device_permission_data.h [modify] https://crrev.com/2d0dff8d82ef6b4ba129f77f542e02391b7b04fb/extensions/common/permissions/usb_device_permission_unittest.cc
,
Oct 28 2016
This should work now, but has yet to be enabled for stable channel. One unexpected issue is that Web Store rejects apps with USB devices permissions with no vendorId property set - this should be fixed, but until then a workaround would be to simply set vendorId to -1
,
Nov 24 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/438efe78ab6e2caa5d5a63967aea4b6544831dc8 commit 438efe78ab6e2caa5d5a63967aea4b6544831dc8 Author: lof84 <lof84@yandex-team.ru> Date: Thu Nov 24 12:05:10 2016 Fix USB device permissions tests BUG= 629223 R=tbarzic, reillyg@chromium.org, meacer@chromium.org Review-Url: https://codereview.chromium.org/2515353006 Cr-Commit-Position: refs/heads/master@{#434312} [modify] https://crrev.com/438efe78ab6e2caa5d5a63967aea4b6544831dc8/extensions/common/permissions/usb_device_permission_unittest.cc
,
Dec 6 2016
Have we tested this and what about issue #17 (seems like the workaround is very simple)
,
Dec 6 2016
the issue in comment #17 has been handled.
,
Dec 6 2016
Super! Thank you!
,
Dec 6 2016
How can someone outside of Google test this?
,
Dec 8 2016
,
Dec 8 2016
,
Dec 21 2016
I ran tests of this feature on 57.0.2951.0 / 9086.0.0 dev branch, and results look good to me.
I added multiple manifest permission lines (one at a time) containing { 'interfaceClass': X } where X was (1, 3, 14), and verified that the webstore accepted the manifest, and that chrome.usb.getDevices and chrome.hid.getDevices worked as expected, returning just the right subset of devices that were targeted by the union of the present lines.
,
Jan 13 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/aea9d3950199ed22d60da79e6bd5b72c106f5775 commit aea9d3950199ed22d60da79e6bd5b72c106f5775 Author: tbarzic <tbarzic@chromium.org> Date: Fri Jan 13 06:14:19 2017 Enable USB device permission for interface class for stable BUG= 629223 Review-Url: https://codereview.chromium.org/2614663005 Cr-Commit-Position: refs/heads/master@{#443504} [modify] https://crrev.com/aea9d3950199ed22d60da79e6bd5b72c106f5775/chrome/common/extensions/docs/templates/articles/app_usb.html [modify] https://crrev.com/aea9d3950199ed22d60da79e6bd5b72c106f5775/extensions/common/api/_behavior_features.json
,
Jan 14 2017
,
Jan 14 2017
,
Mar 3 2017
,
Mar 3 2017
,
Aug 1 2017
,
Jan 22 2018
|
||||||||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||||||||
Comment 1 by r...@chromium.org
, Jul 18 2016