New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 849657 link

Starred by 5 users
Status: Verified
Owner:
hendrich@chromium.org
Closed: Oct 30
Cc:
ibezmenov@chromium.org
atwilson@chromium.org
hendrich@chromium.org
pmarko@chromium.org
dskaram@chromium.org
mikewilusz@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac , Fuchsia
Pri: 2
Type: Feature



Sign in to add a comment

Obfuscate values of extension policies containing passwords

Project Member Reported by hendrich@chromium.org, Jun 5 2018 
We need a way to supply passwords/passphrases using an extension policy without the user seeing the explicit passwords in chrome://policy.
We can obfuscate the values in chrome://policy by replacing all characters with "*", but for which policies should we apply this obfuscation?

Suggestions so far are all policies, which names
-end in "_hidden"
-end in "_password" or "_passphrase"
-contain the word "password" or "passphrase"

Looking at my chrome://policy I think the first suggestion makes the most sense because I already have severall policies that would match the last two suggestions, which should probably not be obfuscated (e.g. should_initialize_password=false or sso_password_selector="#loginForm #password"). 

Another alternative would be to add a new boolean into the policy schema.

Any other ideas/suggestions?

Comment 1 by mikewilusz@chromium.org, Jul 16

Cc: mikewilusz@chromium.org
Project Member

Comment 2 by bugdroid1@chromium.org, Jul 26 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b01e0beb100921e0d1a4a3f3a6a7f212780806ad

commit b01e0beb100921e0d1a4a3f3a6a7f212780806ad
Author: Pavol Marko <pmarko@chromium.org>
Date: Thu Jul 26 18:06:04 2018

Allow extension policy to specify sensitive values

Allow extension policy schemas to specify "sensitiveValue": true, which
hides the policy value from the chrome://policy UI, from policy exports
and from being sent as part of enterprise reporting.
The "sensitiveValue": true annotation can be placed on any level in the
schema declaration. An example extension storage schema may be:
{
  "type": "object",
  "properties": {
    "VisibleStringPolicy": {
      "type": "string"
    },
    "SensitiveStringPolicy": {
      "type": "string",
      "sensitiveValue": true
    },
    "VisibleDictPolicy": {
      "type": "object",
      "properties": {
        "some_bool": { "type": "boolean" },
        "some_string": { "type": "boolean" }
      }
    }
    "SensitiveDictPolicy": {
      "type": "object",
      "properties": {
        "some_bool": { "type": "boolean" },
        "some_string": { "type": "boolean" }
      },
      "sensitiveValue": true
    }
  }
}
In this case, the values of VisibleStringPolicy and VisibleDictPolicy
will be displayed on chrome://policy. The values of
SensitiveStringPolicy and SensitiveDictPolicy will be replaced with the
masking string "********"".

      browser_tests --gtest_filter=*PolicyUITest*

Test: components_unittests --gtest_filter=*Schema* && \
Bug:  849657 
Change-Id: I07fc5f30945dccd05f5ccb8f8d071e25b4105c79
Reviewed-on: https://chromium-review.googlesource.com/1140301
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Reviewed-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Maksim Ivanov <emaxx@chromium.org>
Commit-Queue: Pavol Marko <pmarko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#578367}
[modify] https://crrev.com/b01e0beb100921e0d1a4a3f3a6a7f212780806ad/chrome/browser/policy/policy_conversions.cc
[modify] https://crrev.com/b01e0beb100921e0d1a4a3f3a6a7f212780806ad/chrome/browser/ui/webui/policy_ui_browsertest.cc
[modify] https://crrev.com/b01e0beb100921e0d1a4a3f3a6a7f212780806ad/components/policy/core/common/schema.cc
[modify] https://crrev.com/b01e0beb100921e0d1a4a3f3a6a7f212780806ad/components/policy/core/common/schema.h
[modify] https://crrev.com/b01e0beb100921e0d1a4a3f3a6a7f212780806ad/components/policy/core/common/schema_internal.h
[modify] https://crrev.com/b01e0beb100921e0d1a4a3f3a6a7f212780806ad/components/policy/core/common/schema_unittest.cc
[modify] https://crrev.com/b01e0beb100921e0d1a4a3f3a6a7f212780806ad/components/policy/tools/generate_policy_source.py

Comment 3 by pmarko@chromium.org, Jul 30

Cc: hendrich@chromium.org
Labels: Merge-Request-69
Owner: pmarko@chromium.org
Requesting Merge to M-69 so this is available in time before enterprises with a yearly certificate refresh period do their 2019 refresh.
Project Member

Comment 4 by sheriffbot@chromium.org, Jul 31

Labels: -Merge-Request-69 Hotlist-Merge-Approved Merge-Approved-69
Your change meets the bar and is auto-approved for M69. Please go ahead and merge the CL to branch 3497 manually. Please contact milestone owner if you have questions.
Owners: amineer@(Android), kariahda@(iOS), cindyb@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by gov...@chromium.org, Jul 31 

Please merge your change to M69 branch 3497 by 2:00 PM PT today, so we can pick it up for this week M69 Dev/Beta release. Thank you.
Project Member

Comment 6 by bugdroid1@chromium.org, Jul 31

Labels: -merge-approved-69 merge-merged-3497
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/91ea86f6c7bad638c723c066702f2d50325a9109

commit 91ea86f6c7bad638c723c066702f2d50325a9109
Author: Pavol Marko <pmarko@chromium.org>
Date: Tue Jul 31 15:23:04 2018

[Merge to M69] Allow extension policy to specify sensitive values

Allow extension policy schemas to specify "sensitiveValue": true, which
hides the policy value from the chrome://policy UI, from policy exports
and from being sent as part of enterprise reporting.
The "sensitiveValue": true annotation can be placed on any level in the
schema declaration. An example extension storage schema may be:
{
  "type": "object",
  "properties": {
    "VisibleStringPolicy": {
      "type": "string"
    },
    "SensitiveStringPolicy": {
      "type": "string",
      "sensitiveValue": true
    },
    "VisibleDictPolicy": {
      "type": "object",
      "properties": {
        "some_bool": { "type": "boolean" },
        "some_string": { "type": "boolean" }
      }
    }
    "SensitiveDictPolicy": {
      "type": "object",
      "properties": {
        "some_bool": { "type": "boolean" },
        "some_string": { "type": "boolean" }
      },
      "sensitiveValue": true
    }
  }
}
In this case, the values of VisibleStringPolicy and VisibleDictPolicy
will be displayed on chrome://policy. The values of
SensitiveStringPolicy and SensitiveDictPolicy will be replaced with the
masking string "********"".

      browser_tests --gtest_filter=*PolicyUITest*

TBR=pmarko@chromium.org

(cherry picked from commit b01e0beb100921e0d1a4a3f3a6a7f212780806ad)

Test: components_unittests --gtest_filter=*Schema* && \
Bug:  849657 
Change-Id: I07fc5f30945dccd05f5ccb8f8d071e25b4105c79
Reviewed-on: https://chromium-review.googlesource.com/1140301
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Reviewed-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Maksim Ivanov <emaxx@chromium.org>
Commit-Queue: Pavol Marko <pmarko@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#578367}
Reviewed-on: https://chromium-review.googlesource.com/1156691
Reviewed-by: Pavol Marko <pmarko@chromium.org>
Cr-Commit-Position: refs/branch-heads/3497@{#270}
Cr-Branched-From: 271eaf50594eb818c9295dc78d364aea18c82ea8-refs/heads/master@{#576753}
[modify] https://crrev.com/91ea86f6c7bad638c723c066702f2d50325a9109/chrome/browser/policy/policy_conversions.cc
[modify] https://crrev.com/91ea86f6c7bad638c723c066702f2d50325a9109/chrome/browser/ui/webui/policy_ui_browsertest.cc
[modify] https://crrev.com/91ea86f6c7bad638c723c066702f2d50325a9109/components/policy/core/common/schema.cc
[modify] https://crrev.com/91ea86f6c7bad638c723c066702f2d50325a9109/components/policy/core/common/schema.h
[modify] https://crrev.com/91ea86f6c7bad638c723c066702f2d50325a9109/components/policy/core/common/schema_internal.h
[modify] https://crrev.com/91ea86f6c7bad638c723c066702f2d50325a9109/components/policy/core/common/schema_unittest.cc
[modify] https://crrev.com/91ea86f6c7bad638c723c066702f2d50325a9109/components/policy/tools/generate_policy_source.py

Comment 7 by pmarko@chromium.org, Jul 31

Labels: M-69 M-70
Status: Fixed (was: Assigned)
Thanks for the reminder, done.

Comment 8 by ibezmenov@chromium.org, Aug 3

Cc: ibezmenov@chromium.org
Hi Pavol,

Could you please provide verification steps (example) for this?

Thanks,
Ivan
Project Member

Comment 9 by bugdroid1@chromium.org, Aug 29 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7ee2ff272246fe376ea1077ad5aea425bfab824f

commit 7ee2ff272246fe376ea1077ad5aea425bfab824f
Author: Alexander Hendrich <hendrich@chromium.org>
Date: Wed Aug 29 11:40:30 2018

Add 'sensitiveValue' to the known schema attributes

This CL adds the boolean schema attribute 'sensitiveValue' to the known
schema attributes. This attribute is used to mask sensitive values with
a replacement value, which can be displayed in the UI.

Bug:  856901 ,  873641 ,  849657 
Change-Id: I8afb2c3255d483737db8380abd898cd15d62e84a
Reviewed-on: https://chromium-review.googlesource.com/1183235
Commit-Queue: Alexander Hendrich <hendrich@chromium.org>
Reviewed-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Pavol Marko <pmarko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#587079}
[modify] https://crrev.com/7ee2ff272246fe376ea1077ad5aea425bfab824f/components/policy/core/common/json_schema_constants.cc
[modify] https://crrev.com/7ee2ff272246fe376ea1077ad5aea425bfab824f/components/policy/core/common/json_schema_constants.h
[modify] https://crrev.com/7ee2ff272246fe376ea1077ad5aea425bfab824f/components/policy/core/common/schema.cc
[modify] https://crrev.com/7ee2ff272246fe376ea1077ad5aea425bfab824f/components/policy/core/common/schema.h

Comment 10 by ibezmenov@chromium.org, Sep 11 

hendrich@,

Could you please help with some verification steps (or example) for this?

Comment 11 by ibezmenov@chromium.org, Sep 13

Owner: hendrich@chromium.org
Status: Assigned (was: Fixed)

Comment 12 by kathrelk...@chromium.org, Oct 30

Status: Fixed (was: Assigned)
Project Member

Comment 13 by bugdroid1@chromium.org, Dec 4 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/23e53e766e5a43f7e2a658156f4cb97e4c73bb12

commit 23e53e766e5a43f7e2a658156f4cb97e4c73bb12
Author: Alexander Hendrich <hendrich@chromium.org>
Date: Tue Dec 04 08:31:13 2018

Migrate SchemaNodeMetadata to SchemaNode

This CL removes the construct of |SchemaNodeMetadata| and moves its
content |is_sensitive_value| directly into the |SchemaNode|.
|SchemaNodeMetadata| was originally implemented to save storage since
non-extension policies would never use the |SchemaNodeMetadata| and it
was only created for extension policies using 'sensitiveValue': True.
Since normal policies can also use 'sensitiveValues' now (CL:1337346),
this optimization is obsolete.

Bug: 905357,  849657 
Change-Id: I87a00f26786dd1ae0d87bb6fdb52375d437c8893
Reviewed-on: https://chromium-review.googlesource.com/c/1340263
Commit-Queue: Alexander Hendrich <hendrich@chromium.org>
Reviewed-by: Lutz Justen <ljusten@chromium.org>
Cr-Commit-Position: refs/heads/master@{#613471}
[modify] https://crrev.com/23e53e766e5a43f7e2a658156f4cb97e4c73bb12/components/policy/core/common/schema.cc
[modify] https://crrev.com/23e53e766e5a43f7e2a658156f4cb97e4c73bb12/components/policy/core/common/schema_internal.h
[modify] https://crrev.com/23e53e766e5a43f7e2a658156f4cb97e4c73bb12/components/policy/core/common/schema_unittest.cc
[modify] https://crrev.com/23e53e766e5a43f7e2a658156f4cb97e4c73bb12/components/policy/tools/generate_policy_source.py

Comment 14 by ibezmenov@chromium.org, Jan 3

Status: Verified (was: Fixed)
Marking as Verified based on https://bugs.chromium.org/p/chromium/issues/detail?id=905357#c14

Sign in to add a comment