Skip to content

GitLab

T
tangled
Switch branch/tag
Find file BlameHistoryPermalink
  • Joe Downing's avatar
    [MacOs Host] Provide user with a prompt to enable input injection on Mojave · 19b1b85c
    Joe Downing authored 
    This change is required due to new security restrictions in Mojave.  We can no longer
inject input w/o being added as an accessibility app in the security applet.

While this sounds like a usefulk speedbump, it causes remote access applications quite
a bit of trouble:
1.) We don't use the restricted API until a user connects so they cannot approve remotely
2.) The dialog appears to only show up once (regardless of approve/deny status)
3.) Users connecting to a locked machine will never see the dialog

This is affecting quite a few CRD users, basically everyone who upgrades to Mojave
will experience this one way or another.  This is the simplest fix (and easiest to merge)
that I could think of to unblock users.  The prompt will only be shown on 10.14+ platforms
and the request is only shown if the app has not been approved.  I'd like to look at the
user feedback after releasing this change to see if more work is needed.

One problem I anticipate is that the dialog shown doesn't have a lot of context and it
refers to the wrapper script (org.chromium.chromoting.me2me.sh) instead of Chrome Remote
Desktop.  If this is confusing, we can wrap the prompt request in a dialog where we control
the text.  My concern with checking in the feature first is that the new strings won't be
available for merging.

Another behavior to call about this impl is that the prompt will be displayed in two instances:
1.) When the host is first started (choosing enable via app/website)
2.) When the user signs in and the host service is started

Scenario #2 will have less context but that is the only way to ask for permission for
users who upgraded and had CRD installed previously.  The dialog is not displayed at the login
screen (i.e. when no one is signed in).

One last note, there is no way that I can see to specify this permission in the manifest or
set up via a script / at install time.  It requires a user action to complete.

Bug: 901021
Change-Id: I9dd1b24b6d4d083e7e019af32a0da816f6060a86
Reviewed-on: https://chromium-review.googlesource.com/c/1313170
Commit-Queue: Joe Downing <joedow@chromium.org>
Reviewed-by: default avatarJamie Walch <jamiewalch@chromium.org>
Cr-Commit-Position: refs/heads/master@{#604723}
    19b1b85c
permission_utils.h 613 Bytes