New issue
Advanced search Search tips

Issue 660721 link

Starred by 5 users

Issue metadata

Status: Verified
Owner:
Closed: Nov 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Feature



Sign in to add a comment

Add session_manager interface for unsigned policy.

Project Member Reported by tnagel@chromium.org, Oct 30 2016

Issue description

.
 
Why do you need a new interface? The existing interfaces take a PolicyFetchResponse. Can't you just continue using this, but just not include the signature fields?

Comment 2 by tnagel@chromium.org, Oct 31 2016

Cc: mnissler@chromium.org
I need to lock it down to be only accessible by authpolicyd.  Is there a better way to do it?  Also I figured that making it as explicit as possible would reduce the risk of accidental misuse.
Good point about access control, I had missed that in my original reply. Adding a separate interface seems the best way then. Please make sure that the session_manager code paths not only rely on the separate interface, but also bail out if the install attributes aren't indicating enterprisead mode.

Comment 4 by tnagel@chromium.org, Oct 31 2016

> Please make sure that the session_manager code paths not only rely on the
> separate interface, but also bail out if the install attributes aren't 
> indicating enterprisead mode.

Absolutely.  Waiting for libinstallattributes is the only reason I didn't work on this earlier.
Labels: Enterprise-Triaged
Project Member

Comment 6 by bugdroid1@chromium.org, Nov 8 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/bcaed0241304da08b99a318240edc60fc40ca6fc

commit bcaed0241304da08b99a318240edc60fc40ca6fc
Author: Thiemo Nagel <tnagel@chromium.org>
Date: Fri Nov 04 13:47:15 2016

login: Add D-Bus methods to store unsigned policy.

Only accessible by authpolicy user and locked down in install attributes
to enterprise_ad device mode.

BUG= chromium:660721 
TEST=added unittests

Change-Id: I6e78406e41298b0a9f4018299fee14a052da6ead
Reviewed-on: https://chromium-review.googlesource.com/397318
Commit-Ready: Thiemo Nagel <tnagel@chromium.org>
Tested-by: Thiemo Nagel <tnagel@chromium.org>
Reviewed-by: Roman Sorokin <rsorokin@chromium.org>

[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/dbus_error_types.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/login_manager.gyp
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/user_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_policy_service_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_dbus_adaptor.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/mock_device_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/mock_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/dbus_error_types.cc
[add] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/mock_install_attributes_reader.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_impl.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/user_policy_service_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/SessionManager.conf
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_impl_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/policy_service_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/dbus_bindings/org.chromium.SessionManagerInterface.xml
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_local_account_policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_impl.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/user_policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_dbus_adaptor.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_service.cc

Project Member

Comment 7 by bugdroid1@chromium.org, Nov 8 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/bcaed0241304da08b99a318240edc60fc40ca6fc

commit bcaed0241304da08b99a318240edc60fc40ca6fc
Author: Thiemo Nagel <tnagel@chromium.org>
Date: Fri Nov 04 13:47:15 2016

login: Add D-Bus methods to store unsigned policy.

Only accessible by authpolicy user and locked down in install attributes
to enterprise_ad device mode.

BUG= chromium:660721 
TEST=added unittests

Change-Id: I6e78406e41298b0a9f4018299fee14a052da6ead
Reviewed-on: https://chromium-review.googlesource.com/397318
Commit-Ready: Thiemo Nagel <tnagel@chromium.org>
Tested-by: Thiemo Nagel <tnagel@chromium.org>
Reviewed-by: Roman Sorokin <rsorokin@chromium.org>

[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/dbus_error_types.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/login_manager.gyp
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/user_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_policy_service_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_dbus_adaptor.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/mock_device_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/mock_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/dbus_error_types.cc
[add] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/mock_install_attributes_reader.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_impl.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/user_policy_service_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/SessionManager.conf
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_impl_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/policy_service_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/dbus_bindings/org.chromium.SessionManagerInterface.xml
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_local_account_policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_impl.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/user_policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_dbus_adaptor.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_service.cc

Status: Fixed (was: Started)

Comment 9 by dchan@google.com, May 30 2017

Labels: VerifyIn-60
Status: Verified (was: Fixed)
bulk Verify of older or not-user-facing Chromad bugs

Sign in to add a comment