New issue
Advanced search Search tips

Issue 919134 link

Starred by 2 users
Status: Untriaged
Owner: ----
Cc:
emaxx@chromium.org
ultrotter@chromium.org
steve...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

New network config from device policy doesn't override existing user/device settings

Project Member Reported by hendrich@chromium.org, Jan 4 
Chrome Version: 72 (and probably sooner as well)

What steps will reproduce the problem?
(1) Manually configure a network connection as user/device config
(2) Add a device policy for that network

What is the expected result?
Network configuration should be managed (not changeable and have policy indicators)

What happens instead?
Network remains as user setting (i.e. no policy indicators, user can edit config)

If the new network config comes from user policy, it overrides the user/device config as expected.

The scenario where we add a device network policy for an already configured network is probably not that common, but still this behavior feels wrong to me. It definitely confused me yesterday during investigation for another bug.

@stevenjb: is this working as intended or is this actually a bug?

Comment 1 by steve...@google.com, Jan 4

Cc: steve...@chromium.org emaxx@chromium.org
Labels: FoundIn-72 OS-Chrome
Owner: ----
This seems like a bug in the ONC policy application. If a new policy configuration overrides a user configuration, it should remove the user configuration (and prevent the user from creating a new configuration).

We have code in the auto connect handler to remove an individual configuration, but I don't see any other calls for individual network removal:
https://cs.chromium.org/chromium/src/chromeos/network/auto_connect_handler.cc?q=auto_connect_handler.cc&sq=package:chromium&dr&l=360

I am pretty sure that I recall there being some policy code to handle this, but I don't recall where it lives.

Comment 2 by hendrich@chromium.org, Jan 4

Cc: ultrotter@chromium.org
Labels: Hotlist-GoodFirstBug
Ok, sounds like this could also be a good starter bug. Maybe we have someone who can look into this.

Comment 3 by mmenke@chromium.org, Jan 8

Components: -Internals>Network OS>Systems>Network

Comment 4 by atwilson@google.com, Jan 11

Labels: Impacts-Enterprise

Comment 5 by atwilson@google.com, Jan 11

Labels: Enterprise-Triaged
This seems somewhat dangerous since you'd clobber the user network and it would not be restored if the policy-managed network goes away.

Comment 6 by atwilson@google.com, Today (18 hours ago)

Labels: Hotlist-Enterprise

Sign in to add a comment