New issue
Advanced search Search tips

Issue 702308 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Apr 2017
Cc:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

chromeos::LoginState::Get()->GetLoggedInUserType() doesn't return owner for a owner

Project Member Reported by abhishekbh@google.com, Mar 16 2017

Issue description

Caught this using CTS for Android on Chrome OS.

1. Ensure you are the "owner" account of the Chromebook 
2. TEST=run cts -c android.net.wifi.cts.WifiEnterpriseConfigTest -m
   testAddEapNetwork
3. CTS will fail. Upon debugging you will see the IsDeviceOwner() function calls chromeos::LoginState::Get()->GetLoggedInUserType() which will return LOGGED_IN_USER_REGULAR instead of LOGGED_IN_USER_OWNER.

This happens way after boot with a 100% repro. 

I have a CL out (https://codereview.chromium.org/2756443003/) that uses the User Manager APIs that correctly returns the OWNER status.
 
Project Member

Comment 1 by bugdroid1@chromium.org, Apr 4 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c8310bb706ce377ab64aac321f6e8f286826b360

commit c8310bb706ce377ab64aac321f6e8f286826b360
Author: xiyuan <xiyuan@chromium.org>
Date: Tue Apr 04 21:05:39 2017

cros: Fix flaky owner detection

When owner key is generated for a consumer owner, OwnerKeySet is
called on both DeviceSettingsService and OwnerSettingsServiceChromeOS.
Code that watches for ownership signal from DeviceSettingsService
(either as an observer or via NOTIFICATION_OWNERSHIP_STATUS_CHANGED)
also expects that the private part of the owner is available at the
time the signal is generated. However, the private key loading
in OwnerSettingsServiceChromeOS is independent of load operations
in DeviceSettingsService. The private key may or may not be loaded
when a load operation finishes. The CL adds an explicit flag about
whether a consumer ownership is going to be established. When the
flag is set, DeviceSettingsService defers all loads until InitOwner
is called, which happens when the private key is loaded.

Another problem is that a bool flag |is_current_user_owner_| is
used but it is not updated when switching active user. This causes
incorrect value returned for IsCurrentUserOwner call. The CL fixes
the problems by replacing the bool flag with comparing active user
AccountId with owner AccountId. Security is not reduced because the
owner account id is part of the signed policy blob and only set to
UserManager after policy blob is validated.

BUG= 702308 ,  706820 
TEST=DeviceSettingsServiceTest.LoadDeferredDuringOwnershipEastablishment

Review-Url: https://codereview.chromium.org/2779973007
Cr-Commit-Position: refs/heads/master@{#461835}

[modify] https://crrev.com/c8310bb706ce377ab64aac321f6e8f286826b360/chrome/browser/chromeos/login/existing_user_controller.cc
[modify] https://crrev.com/c8310bb706ce377ab64aac321f6e8f286826b360/chrome/browser/chromeos/login/users/chrome_user_manager_impl.cc
[modify] https://crrev.com/c8310bb706ce377ab64aac321f6e8f286826b360/chrome/browser/chromeos/login/users/chrome_user_manager_impl.h
[modify] https://crrev.com/c8310bb706ce377ab64aac321f6e8f286826b360/chrome/browser/chromeos/settings/device_settings_service.cc
[modify] https://crrev.com/c8310bb706ce377ab64aac321f6e8f286826b360/chrome/browser/chromeos/settings/device_settings_service.h
[modify] https://crrev.com/c8310bb706ce377ab64aac321f6e8f286826b360/chrome/browser/chromeos/settings/device_settings_service_unittest.cc
[modify] https://crrev.com/c8310bb706ce377ab64aac321f6e8f286826b360/components/user_manager/user_manager_base.cc
[modify] https://crrev.com/c8310bb706ce377ab64aac321f6e8f286826b360/components/user_manager/user_manager_base.h

Status: Fixed (was: Assigned)
Project Member

Comment 3 by bugdroid1@chromium.org, Apr 6 2017

Labels: merge-merged-3029
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/33ef6173cda18bb0e9bf1d890318216b59483207

commit 33ef6173cda18bb0e9bf1d890318216b59483207
Author: Xiyuan Xia <xiyuan@google.com>
Date: Thu Apr 06 15:57:34 2017

Merge "cros: Fix flaky owner detection"

> When owner key is generated for a consumer owner, OwnerKeySet is
> called on both DeviceSettingsService and OwnerSettingsServiceChromeOS.
> Code that watches for ownership signal from DeviceSettingsService
> (either as an observer or via NOTIFICATION_OWNERSHIP_STATUS_CHANGED)
> also expects that the private part of the owner is available at the
> time the signal is generated. However, the private key loading
> in OwnerSettingsServiceChromeOS is independent of load operations
> in DeviceSettingsService. The private key may or may not be loaded
> when a load operation finishes. The CL adds an explicit flag about
> whether a consumer ownership is going to be established. When the
> flag is set, DeviceSettingsService defers all loads until InitOwner
> is called, which happens when the private key is loaded.
>
> Another problem is that a bool flag |is_current_user_owner_| is
> used but it is not updated when switching active user. This causes
> incorrect value returned for IsCurrentUserOwner call. The CL fixes
> the problems by replacing the bool flag with comparing active user
> AccountId with owner AccountId. Security is not reduced because the
> owner account id is part of the signed policy blob and only set to
> UserManager after policy blob is validated.
>
> BUG= 702308 ,  706820 
> TEST=DeviceSettingsServiceTest.LoadDeferredDuringOwnershipEastablishment
>
> Review-Url: https://codereview.chromium.org/2779973007
> Cr-Commit-Position: refs/heads/master@{#461835}
> (cherry picked from commit c8310bb706ce377ab64aac321f6e8f286826b360)

Review-Url: https://codereview.chromium.org/2798343003 .
Cr-Commit-Position: refs/branch-heads/3029@{#606}
Cr-Branched-From: 939b32ee5ba05c396eef3fd992822fcca9a2e262-refs/heads/master@{#454471}

[modify] https://crrev.com/33ef6173cda18bb0e9bf1d890318216b59483207/chrome/browser/chromeos/login/existing_user_controller.cc
[modify] https://crrev.com/33ef6173cda18bb0e9bf1d890318216b59483207/chrome/browser/chromeos/login/users/chrome_user_manager_impl.cc
[modify] https://crrev.com/33ef6173cda18bb0e9bf1d890318216b59483207/chrome/browser/chromeos/login/users/chrome_user_manager_impl.h
[modify] https://crrev.com/33ef6173cda18bb0e9bf1d890318216b59483207/chrome/browser/chromeos/settings/device_settings_service.cc
[modify] https://crrev.com/33ef6173cda18bb0e9bf1d890318216b59483207/chrome/browser/chromeos/settings/device_settings_service.h
[modify] https://crrev.com/33ef6173cda18bb0e9bf1d890318216b59483207/chrome/browser/chromeos/settings/device_settings_service_unittest.cc
[modify] https://crrev.com/33ef6173cda18bb0e9bf1d890318216b59483207/components/user_manager/user_manager_base.cc
[modify] https://crrev.com/33ef6173cda18bb0e9bf1d890318216b59483207/components/user_manager/user_manager_base.h

Sign in to add a comment