New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 672093 link

Starred by 2 users

Issue metadata

Status: Archived
Owner:
Closed: Feb 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug

Blocked on:
issue 689539



Sign in to add a comment

Public Session whitelisting - prompt the user for desktopCapture/tabCapture requests

Project Member Reported by isandrk@chromium.org, Dec 7 2016

Issue description

In Public Sessions, extensions (and apps) are force-installed by admin policy so the user does not get a chance to review the permissions for these extensions. This is not acceptable from a security/privacy standpoint, so when an extension uses one of the capture APIs for the first time, we show the user a dialog where they can choose whether to allow the extension access to that API.


-------------------------------------------------------------------

This bug is now for tracking only desktopCapture/tabCapture requests!
pageCapture is tracked @ crbug.com/689478 (couldn't edit the bug title)

-------------------------------------------------------------------
 
desktopCapture API is already good in its current form because the user is always prompted whether they want to allow capture. Attaching a screenshot showcasing this.
Screenshot from 2016-12-06 20:05:28.png
254 KB View Download
Attaching a screenshot showcasing the new prompt for tabCapture requests.


Screenshot from 2016-12-07 15:21:53.png
141 KB View Download

Comment 3 by kolos@chromium.org, Dec 12 2016

Components: Privacy
Attaching screenshot for new prompt for pageCapture requests.


Screenshot from 2016-12-12 18:42:31.png
145 KB View Download
Project Member

Comment 5 by bugdroid1@chromium.org, Dec 14 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1f9314626715713912e784d10ada39770fa80c1f

commit 1f9314626715713912e784d10ada39770fa80c1f
Author: isandrk <isandrk@chromium.org>
Date: Wed Dec 14 19:36:46 2016

Public Sessions - prompt the user for tabCapture requests

In Public Sessions, extensions (and apps) are force-installed by admin policy so the user does not get a chance to review the permissions for these extensions. This is not acceptable from a security/privacy standpoint, so when an extension uses the TabCapture API for the first time, we show the user a dialog where they can choose whether to allow the extension access to the API.

This CL will also whitelist desktopCapture manifest permission feature as it's already safe in its current form (user is prompted) together with tabCapture.

BUG= 672093 

Review-Url: https://codereview.chromium.org/2558843002
Cr-Commit-Position: refs/heads/master@{#438594}

[modify] https://crrev.com/1f9314626715713912e784d10ada39770fa80c1f/chrome/browser/BUILD.gn
[modify] https://crrev.com/1f9314626715713912e784d10ada39770fa80c1f/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc
[modify] https://crrev.com/1f9314626715713912e784d10ada39770fa80c1f/chrome/browser/media/webrtc/media_capture_devices_dispatcher.cc
[add] https://crrev.com/1f9314626715713912e784d10ada39770fa80c1f/chrome/browser/media/webrtc/public_session_tab_capture_access_handler.cc
[add] https://crrev.com/1f9314626715713912e784d10ada39770fa80c1f/chrome/browser/media/webrtc/public_session_tab_capture_access_handler.h

Labels: Review-Privacy
@Ivan, 
Is this ready to test on R57. If yes, could you please update the status to Fixed.

@sduraisamy,
Could we please request for a Privacy Review and an Accessibility Review for this.



@Krishna: not yet, one more CL needs to land.
Labels: M-57
Labels: OS-Chrome
Cc: glevin@chromium.org
Labels: LaunchIssue-NA
Greg - here's a one off review.
Status: Fixed (was: Started)
So I've split off a part of this bug to crbug.com/689478 (pageCapture). This bug is now for tracking only desktopCapture/tabCapture requests. I'd update the title of this bug as well, but I'm unsure how.

@Krishna, ready for testing on R57.
Description: Show this description
Cc: krishna...@chromium.org
Description: Show this description
Summary: Public Session whitelisting - prompt the user for desktopCapture/tabCapture requests (was: Public Session whitelisting - prompt the user for desktopCapture/tabCapture/pageCapture requests)
Blockedon: 689539
Labels: -Pri-2 Pri-1
Labels: Merge-Request-57
Tested this on R58(9287.0.0). 
verified that extensions that request for desktopCapture and tabCapture can be whitelisted in Public Sessions and that the corresponding prompts requesting USer permissions are being requested.
Project Member

Comment 19 by sheriffbot@chromium.org, Feb 17 2017

Labels: -Merge-Request-57 Hotlist-Merge-Approved Merge-Approved-57
Your change meets the bar and is auto-approved for M57. Please go ahead and merge the CL to branch 2987 manually. Please contact milestone owner if you have questions.
Owners: amineer@(clank), cmasso@(bling), ketakid@(cros), govind@(desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: -Hotlist-Merge-Approved -Merge-Approved-57
This has been commited before the branching point for M57 therefore it's already in it. Removing Merge-Request flag.


Thanks for reviewing Krishna!
Sorry for the late response.  I'm assuming that no new data is collected anywhere in this feature, except perhaps for recording the user's selection in this dialog?  If not, this looks fine from a privacy standpoint.
Greg: Correct, only the user selection is recorded.
Cc: isandrk@chromium.org
Owner: glevin@chromium.org
Labels: VerifyIn-61

Comment 25 by dchan@chromium.org, Jan 22 2018

Status: Archived (was: Fixed)

Sign in to add a comment