New issue
Advanced search Search tips

Issue 705347 link

Starred by 2 users
Status: Untriaged
Owner: ----
Cc:
xiy...@chromium.org
msw@chromium.org
blundell@chromium.org
sky@chromium.org
sa...@chromium.org
mustash-bugs@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

mash: services connecting to per-profile services should run with the right user ID

Project Member Reported by tibell@chromium.org, Mar 27 2017 
New upcoming per-profile services, such as the identity service and the pref service, run one service instance for every user ID that's associated with a profile. These services expect to be connected to by a service that runs with the same user ID as they are using. This, among other things, helps us to more easily reasoning about security.

Currently mash runs as the root user ID. Ideally it would eventually run (some of) its services as the user ID it want to talk to other services as.

Comment 1 by jamescook@chromium.org, Jul 27 2017

Cc: sa...@chromium.org
How would this interact with multiprofile support in mash?

We might want to have connections to the pref service for each profile in the session. (For example, it's possible to have the browser windows from multiple profiles on the screen at the same time.)

Alternately, we might continue our approach of a single connection to the active user's pref service. But would ash switch its user id in that case? Have some kind of proxy?

Comment 2 by blundell@chromium.org, Jul 27 2017 

In your example, which service would each of those browser windows be running in? i.e., would it be the same instance of the service or would there be one instance of the service for each profile? If the latter, things should work as expected I would think.

Comment 3 by jamescook@chromium.org, Jul 27 2017

Cc: msw@chromium.org sky@chromium.org
Today in mash there is one instance of the ash service. There may be browser windows from multiple profiles. I presume there's only one instance of the content_browser service - is that right?

So it would be one ash service, one content_browser service, but multiple per-profile pref services?

Comment 4 by sky@chromium.org, Jul 27 2017 

For mushrome and at least the first release of mash we have no intention of properly supporting user ids in ash/mus. The model we're taking for these releases is that chrome ends up configuring state in ash. So, when there is a profile switch chrome should tell ash.

It's my understanding most of the shell is driven by the main profile, which may differ from the profile of the active browser. Is there any state in shell were we differentiate between the two?

I believe ash currently connects directly to the pref service. Seems like we should have chrome pass a handle to the prefs service, that way chrome can call this function any time the profile switches.

Comment 5 by jamescook@chromium.org, Jul 28 2017 

Currently chrome informs ash about profile switch. Mash has a connection to the active user's profile pref service. It works OK. There are complications (for example, on multiprofile user switch there is a time window when the active user PrefService* is null -- after Chrome has told ash to switch users but before ash has connected to the new user's mojo pref service).

Frankly, I wish we could throw away ash's current multiprofile implementation and do something new, but that's out of scope for this discussion.

Per #4, it would be nice if the user profile switch and connection to the new profile pref service were atomic from ash's perspective, but that's a different bug I think. Filed issue 749906

For now I guess there's nothing to do on this bug.

Comment 6 by lafo...@chromium.org, Feb 26 2018

Components: -Internals>MUS Internals>Services>WindowService

Comment 7 by jamescook@chromium.org, Apr 19 2018

Components: -Internals>Services>WindowService Internals>Services>Ash
Labels: -Proj-Mustash-Mash

Sign in to add a comment