Issue 890104 link

Starred by 3 users

Issue metadata

Status:	Fixed
Merged:	issue 840444
Owner:	jam@chromium.org
Closed:	Oct 2
Cc:	dougt@chromium.org eroman@chromium.org rsleevi@chromium.org mmenke@chromium.org mattm@chromium.org eranm@chromium.org asymmetric@chromium.org
Components:	Internals>Network>CertTrans Internals>Services>Network
EstimatedDays:	----
NextAction:	----
OS:	Linux , Android , Windows , Chrome , Mac
Pri:	1
Type:	Bug
Proj-Servicification Proj-Servicification-Stable

SetCTPolicy not called on platform app NetworkContexts, not called against on network service restart

Project Member Reported by mmenke@chromium.org, Sep 28

Issue description

ProfileImpl::UpdateCTPolicy SetCTPolicy is only called on (non-incognito) profile creation, and only applies settings to the profile's main NetworkContext that one time.

In particular, it doesn't apply the settings on network service restart, or to app NetworkContexts, or to incognito NetworkContext.  Not sure if the last is desired or not, but the others are presumably bugs.

This bug affects production code, not just the case when the network service is enabled.  Not sure the priority of this, or how to test it.

Comment 1 by rsleevi@chromium.org, Sep 28

The first is a bug, and is related to  Issue 840444 .

The second is not a bug, nor is the latter. That is, UpdateCTPolicy/SetCTPolicy are for Enterprise Policies tied to a specific profile, not for the general browser or apps. In the old code (that is, before https://chromium.googlesource.com/chromium/src/+/9e79cf0ca820c9c83af104df0555550e86ce0048 ), the CTPolicyManager was associated with the TransportSecurityState. Any contexts cloned from the main profile would inherit both the current settings and any future changes. If App Contexts were cloned from the Main Context, then this would propagate settings. I don't know how this works in the S13N world or if this is now handled differently.

Comment 2 by rsleevi@chromium.org, Sep 28

Labels: Proj-Servicification

Comment 3 by mmenke@chromium.org, Sep 28

In the new world, there is no concept of "cloning" a NetworkContext, so they aren't inherited by apps.  They were before.  I assume the old behavior is the desired one.

Comment 4 by mmenke@chromium.org, Sep 28

Mergedinto: 840444
Status: Duplicate (was: Untriaged)

Marking this a dupe of  issue 840444  (If we want to hook it up to apps, easy enough to do in the same CL).

Comment 5 by rsleevi@chromium.org, Sep 28

Status: Untriaged (was: Duplicate)

Actually, I should unmerge. 840444 is about the NetworkService configuration for CT, this would be about the NetworkContext configuration. I know there's OnNetworkServiceCreated, but what signals exist for a NetworkContext consumer to know to reconfigure a given context (e.g. the ProfileImpl?)

Comment 6 by rsleevi@chromium.org, Sep 28

Cc: eroman@chromium.org mattm@chromium.org

Comment 7 by mmenke@chromium.org, Sep 28

There isn't one...Which is why it should be with the code that creates and manages all settings for NetworkContexts (ProfileNetworkContextService).  All NetworkContext state management should go there or SystemNetworkContextManager.

Comment 8 by rsleevi@chromium.org, Sep 28

I see. Doug and John did the design for this, I don't feel qualified to sort it out. Hopefully Eric or Matt may have time.

Comment 9 by jam@chromium.org, Sep 28

Labels: Proj-Servicification-Stable
Owner: jam@chromium.org
Status: Assigned (was: Untriaged)

I can take a look at this.

Comment 10 by jam@chromium.org, Sep 28

Components: Internals>Services>Network
Labels: -Pri-2 OS-Android OS-Chrome OS-Linux OS-Mac OS-Windows Pri-1

Project Member

Comment 11 by bugdroid1@chromium.org, Sep 28

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/39d0a6717bf35111459d43f40795d412f0d4a553

commit 39d0a6717bf35111459d43f40795d412f0d4a553
Author: John Abd-El-Malek <jam@chromium.org>
Date: Fri Sep 28 22:14:05 2018

Fix SetCTPolicy not getting called on network service restart.

Bug:  890104 
Change-Id: Id2f726cf4a2052080c1f984cb5844f1d084bf1b0
Reviewed-on: https://chromium-review.googlesource.com/1249732
Commit-Queue: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#595230}
[modify] https://crrev.com/39d0a6717bf35111459d43f40795d412f0d4a553/chrome/browser/net/profile_network_context_service.cc
[modify] https://crrev.com/39d0a6717bf35111459d43f40795d412f0d4a553/chrome/browser/net/profile_network_context_service.h
[modify] https://crrev.com/39d0a6717bf35111459d43f40795d412f0d4a553/chrome/browser/policy/policy_browsertest.cc
[modify] https://crrev.com/39d0a6717bf35111459d43f40795d412f0d4a553/chrome/browser/profiles/profile_impl.cc
[modify] https://crrev.com/39d0a6717bf35111459d43f40795d412f0d4a553/chrome/browser/profiles/profile_impl.h

Comment 12 by jam@chromium.org, Oct 2

Status: Fixed (was: Assigned)

►

Issue 890104 link

Issue metadata

SetCTPolicy not called on platform app NetworkContexts, not called against on network service restart

Issue description

Comment 1 by rsleevi@chromium.org, Sep 28

Comment 1 Deleted

Comment 2 by rsleevi@chromium.org, Sep 28

Comment 2 Deleted

Comment 3 by mmenke@chromium.org, Sep 28

Comment 3 Deleted

Comment 4 by mmenke@chromium.org, Sep 28

Comment 4 Deleted

Comment 5 by rsleevi@chromium.org, Sep 28

Comment 5 Deleted

Comment 6 by rsleevi@chromium.org, Sep 28

Comment 6 Deleted

Comment 7 by mmenke@chromium.org, Sep 28

Comment 7 Deleted

Comment 8 by rsleevi@chromium.org, Sep 28

Comment 8 Deleted

Comment 9 by jam@chromium.org, Sep 28

Comment 9 Deleted

Comment 10 by jam@chromium.org, Sep 28

Comment 10 Deleted

Comment 11 by bugdroid1@chromium.org, Sep 28

Comment 11 Deleted

Comment 12 by jam@chromium.org, Oct 2

Comment 12 Deleted

Sign in to add a comment