New issue
Advanced search Search tips

Issue 853198 link

Starred by 4 users
Status: Fixed
Owner:
nverne@chromium.org
Closed: Jun 2018
Cc:
jkardatzke@chromium.org
nverne@chromium.org
zalcorn@chromium.org
r...@chromium.org
jdufault@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

Disable Crostini for Unicorn accounts

Project Member Reported by tbuck...@chromium.org, Jun 15 2018 
Chrome version: 69.0.3455.1
OS: Chrome

Unicorn accounts can currently enable Crostini. We should hide the settings and prevent access to vmc for these users.

Comment 1 by nverne@chromium.org, Jun 18 2018 

Accessing vmc through crosh might be hard to prevent - can't users edit the js of crosh using devtools?

Perhaps we need concierge_client binary to check whether the owner_id is permitted to access vmc, via a dbus call to a service in Chrome?

Comment 2 by nverne@chromium.org, Jun 19 2018 

In answer to my own question, No, editing js won't let users bypass any profile checking. The crosh source is not js, and is not editable via devtools.

Comment 3 by nverne@chromium.org, Jun 19 2018

Owner: nverne@chromium.org

Comment 4 by nverne@chromium.org, Jun 19 2018

Status: Started (was: Available)

Comment 6 by nverne@chromium.org, Jun 22 2018

Status: Fixed (was: Started)
Project Member

Comment 7 by bugdroid1@chromium.org, Jul 7 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/d8f264efe3e6289e86cbb34ce18212b2c53d65e4

commit d8f264efe3e6289e86cbb34ce18212b2c53d65e4
Author: Nicholas Verne <nverne@chromium.org>
Date: Sat Jul 07 01:48:47 2018

crosh: send user_id_hash in messages to ChromeFeaturesService.

BUG= chromium:853198 
TEST=manual testing.

Change-Id: I33a5783221eddb389c43a3d4d9ad60b64c94f400
Reviewed-on: https://chromium-review.googlesource.com/1127503
Commit-Ready: Nicholas Verne <nverne@chromium.org>
Tested-by: Nicholas Verne <nverne@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/d8f264efe3e6289e86cbb34ce18212b2c53d65e4/crosh/crosh
Project Member

Comment 8 by bugdroid1@chromium.org, Jul 26 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6adb1477be48d08b13f03353ae914c9551fe8cf0

commit 6adb1477be48d08b13f03353ae914c9551fe8cf0
Author: Nicholas Verne <nverne@chromium.org>
Date: Thu Jul 26 06:02:47 2018

Log an error when failing to pop user_id_hash

Bug:  853198 
Change-Id: I7e277fc98176a203e8fe13349cc77402546bff70
Reviewed-on: https://chromium-review.googlesource.com/1150942
Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org>
Commit-Queue: Nicholas Verne <nverne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#578215}
[modify] https://crrev.com/6adb1477be48d08b13f03353ae914c9551fe8cf0/chromeos/dbus/services/chrome_features_service_provider.cc

Sign in to add a comment