New issue
Advanced search Search tips

Issue 833855 link

Starred by 1 user
Status: Fixed
Owner:
derat@chromium.org
Closed: Nov 8
Cc:
kerrnel@chromium.org
derat@chromium.org
mnissler@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

Enforce OWNERS checks on Chrome's D-Bus permission files

Project Member Reported by jorgelo@chromium.org, Apr 17 2018 
//ash/dbus/org.chromium.*.conf (soon)
//chrome/browser/chromeos/dbus/org.chromium.*.conf
//chromeos/dbus/services/org.chromium.*.conf

Need to have OWNERS coverage.
Project Member

Comment 1 by bugdroid1@chromium.org, May 18 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/61f6b07a9b9d8546be1409b5e4a77337f3a9f7e6

commit 61f6b07a9b9d8546be1409b5e4a77337f3a9f7e6
Author: Daniel Erat <derat@chromium.org>
Date: Fri May 18 12:32:40 2018

autotest: Remove LibCrosService from security_DbusOwners.

Remove org.chromium.LibCrosService from
security_DbusOwners's baseline list of services that should
be owned by the chronos user.

BUG= chromium:692246 ,chromium:712861, chromium:833855 
TEST=none
CQ-DEPEND=I72ae7c759b75a5a9c3c38019835c02c99995ec5d

Change-Id: Ib05fd84a7d88ad9125aa56d468c678841c68a4ca
Reviewed-on: https://chromium-review.googlesource.com/1060469
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>

[modify] https://crrev.com/61f6b07a9b9d8546be1409b5e4a77337f3a9f7e6/client/site_tests/security_DbusOwners/baseline

Comment 2 by derat@chromium.org, Nov 4

Owner: derat@chromium.org
Status: Started (was: Available)
Project Member

Comment 3 by bugdroid1@chromium.org, Nov 6 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7abdae1ed18e87da28e73c31b5e22f4616172872

commit 7abdae1ed18e87da28e73c31b5e22f4616172872
Author: Daniel Erat <derat@chromium.org>
Date: Tue Nov 06 20:34:02 2018

chromeos: Add //chromeos/dbus/SECURITY_OWNERS.

Require that a member of the security team reviews changes
to org.chromium.*.conf files in //ash/dbus and
//chrome/browser/chromeos/dbus that specify permissions for
D-Bus services provided by Chrome.

Also add myself to //chromeos/dbus/OWNERS (since I'm already
in //chromeos/OWNERS and end up reviewing many of these
changes).

Bug:  833855 
Change-Id: Ib2de0547a105909a66e56bdd3fb80155e53c3c24
Reviewed-on: https://chromium-review.googlesource.com/c/1316354
Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org>
Reviewed-by: Elijah Taylor <elijahtaylor@chromium.org>
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Commit-Queue: Dan Erat <derat@chromium.org>
Cr-Commit-Position: refs/heads/master@{#605808}
[add] https://crrev.com/7abdae1ed18e87da28e73c31b5e22f4616172872/ash/dbus/OWNERS
[modify] https://crrev.com/7abdae1ed18e87da28e73c31b5e22f4616172872/chrome/browser/chromeos/dbus/OWNERS
[add] https://crrev.com/7abdae1ed18e87da28e73c31b5e22f4616172872/chromeos/SECURITY_OWNERS
[modify] https://crrev.com/7abdae1ed18e87da28e73c31b5e22f4616172872/chromeos/dbus/OWNERS
[modify] https://crrev.com/7abdae1ed18e87da28e73c31b5e22f4616172872/components/arc/common/ARC_SECURITY_OWNERS

Comment 4 by derat@chromium.org, Nov 8

Status: Fixed (was: Started)
Project Member

Comment 5 by bugdroid1@chromium.org, Dec 7 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/5410aeb893f209888b226fa6125ebad39aff68e7

commit 5410aeb893f209888b226fa6125ebad39aff68e7
Author: Daniel Erat <derat@chromium.org>
Date: Fri Dec 07 06:06:49 2018

autotest: Delete security_DbusOwners test.

Delete the security_DbusOwners test, which doesn't actually
check anything (it has an empty baseline file). Chrome's
D-Bus services are now audited by the security by virtue of
OWNERS files in the Chromium repository.

BUG= chromium:833855 
TEST=none

Change-Id: I132862e710a7cca1deb6ad72405deea372eb1877
Reviewed-on: https://chromium-review.googlesource.com/1364092
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[delete] https://crrev.com/9ccbe22723a5ecb1d31ea4b4957b7eb7e51f390a/client/site_tests/security_DbusOwners/security_DbusOwners.py
[delete] https://crrev.com/9ccbe22723a5ecb1d31ea4b4957b7eb7e51f390a/client/site_tests/security_DbusOwners/control
[delete] https://crrev.com/9ccbe22723a5ecb1d31ea4b4957b7eb7e51f390a/client/site_tests/security_DbusOwners/baseline

Sign in to add a comment