In the current setup flow which runs post-OOBE, the user is prompted for their password before being allowed to set a multi-device host. When the password is entered successfully, an auth token is fetched and is passed to the SetHostDevice() API function at [1].
In OOBE mode, the user has *just* entered their password, so there is no need to prompt the user a second time. However, since the API function requires that a valid auth token be passed, the function is not applicable for this case.
Thus, we must create a new Mojo function for this specific purpose; the function would only need one parameter (the device ID) and would not take an auth token as a parameter.
Unfortunately, the new function cannot simply be added to the same interface because the existing flow would still have access to that interface. This means that, if this API function were added to the same interface, a malicious user could bypass our security checks by opening the DevTools for the post-OOBE flow and using the JS console to call this new API function without having to pass a token at all.
Thus, a new interface must be created, and that interface should only be exposed to the OOBE version.
I've chatted with dcheng@ (security reviewer) about this change, and he agrees it is the correct approach.
[1] https://cs.chromium.org/chromium/src/chromeos/services/multidevice_setup/public/mojom/multidevice_setup.mojom?l=148
Comment 1 by khorimoto@chromium.org
, Sep 14