New issue
Advanced search Search tips

Issue 919903 link

Starred by 1 user
Status: Fixed
Owner:
allenwebb@google.com
Closed: Jan 9
Cc:
mnissler@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug

Blocking:
issue 921058



Sign in to add a comment

USB Bouncer: userdb not accessible when generating the rules.conf file for usbguard-daemon.

Project Member Reported by allenwebb@google.com, Jan 8 
USB Bouncer was making the user whitelist database completely inaccessible at the lock screen. This led to the rules.conf being generated from the global whitelist database which only includes currently connected devices.

Instead the user whitelist database should be read-only at the lock screen so that the rules.conf can be generated from the user database while keeping newly connected devices at the lock screen from being added to the user whitelist database (unless they are still present when the user unlocks the device).

Comment 1 by allenwebb@google.com, Jan 8

Status: Started (was: Untriaged)
Project Member

Comment 2 by bugdroid1@chromium.org, Jan 9 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/bda204b3be5881a194a7e83270e118cedec3870b

commit bda204b3be5881a194a7e83270e118cedec3870b
Author: Allen Webb <allenwebb@google.com>
Date: Wed Jan 09 23:46:59 2019

usb_bouncer: Move lockscreen state logic out of userdb initializaiton.

This adds a user_db_read_only flag to EntryManager that allows the
rules.conf to be generated from the user device whitelist database
instead of it falling back on the global database which only includes
currently connected devices.

Unit tests were added to test for the case when the lock screen is
shown.

BUG= chromium:919903 
TEST=FEATURES=test emerge-${BOARD} usb_bouncer

Change-Id: I76edc2b5359da41a4453ed0c82b2aabe5d957e12
Reviewed-on: https://chromium-review.googlesource.com/1391439
Commit-Ready: Allen Webb <allenwebb@google.com>
Tested-by: Allen Webb <allenwebb@google.com>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>

[modify] https://crrev.com/bda204b3be5881a194a7e83270e118cedec3870b/usb_bouncer/entry_manager_test.cc
[modify] https://crrev.com/bda204b3be5881a194a7e83270e118cedec3870b/usb_bouncer/entry_manager_test_util.h
[modify] https://crrev.com/bda204b3be5881a194a7e83270e118cedec3870b/usb_bouncer/entry_manager.h
[modify] https://crrev.com/bda204b3be5881a194a7e83270e118cedec3870b/usb_bouncer/util.h
[modify] https://crrev.com/bda204b3be5881a194a7e83270e118cedec3870b/usb_bouncer/util.cc
[modify] https://crrev.com/bda204b3be5881a194a7e83270e118cedec3870b/usb_bouncer/entry_manager_test_util.cc
[modify] https://crrev.com/bda204b3be5881a194a7e83270e118cedec3870b/usb_bouncer/entry_manager.cc

Comment 3 by allenwebb@google.com, Jan 9

Status: Fixed (was: Started)

Comment 4 by allenwebb@google.com, Jan 11

Blocking: 921058

Sign in to add a comment