Activate keychain reauthorization.

Activate the keychain reauthorization. Reauthorization will be performed if the users preferences (cfprefs) indicate that the operation has been attempted less than 2 times previously, and that the operation has not previously succeeded. The number of attempts is set before the operation, so that a crashy operation stops running after a finite number of attempts. After successful completion, the preferences are updated so that the operation is never run again. This CL also updates the designated requirement with a new hash. BUG=629906 Review-Url: https://codereview.chromium.org/2738053007 Cr-Commit-Position: refs/heads/master@{#456122}

Activate keychain reauthorization.
Activate the keychain reauthorization. Reauthorization will be performed if the users preferences (cfprefs) indicate that the operation has been attempted less than 2 times previously, and that the operation has not previously succeeded. The number of attempts is set before the operation, so that a crashy operation stops running after a finite number of attempts. After successful completion, the preferences are updated so that the operation is never run again. This CL also updates the designated requirement with a new hash. BUG=629906 Review-Url: https://codereview.chromium.org/2738053007 Cr-Commit-Position: refs/heads/master@{#456122}
26eeef03 · kerrnel · Commit bot · bee49a23 · 26eeef03 · 26eeef03
Commit 26eeef03 authored Mar 10, 2017 by kerrnel Committed by Commit bot Mar 10, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 2 deletions

chrome/browser/chrome_browser_main_mac.mm chrome/browser/chrome_browser_main_mac.mm +12 -0

chrome/installer/mac/sign_app.sh.in chrome/installer/mac/sign_app.sh.in +5 -2

No files found.
--- a/chrome/browser/chrome_browser_main_mac.mm
+++ b/chrome/browser/chrome_browser_main_mac.mm
@@ -21,6 +21,7 @@
 #include "chrome/browser/browser_process.h"
 #import "chrome/browser/chrome_browser_application_mac.h"
 #include "chrome/browser/mac/install_from_dmg.h"
+#include "chrome/browser/mac/keychain_reauthorize.h"
 #import "chrome/browser/mac/keystone_glue.h"
 #include "chrome/browser/mac/mac_startup_profiler.h"
 #include "chrome/browser/ui/app_list/app_list_service.h"
@@ -156,6 +157,17 @@ void ChromeBrowserMainPartsMac::PreMainMessageLoopStart() {
    [object retain];
  // Make sure the app controller has been created.
  DCHECK([NSApp delegate]);
+
+  // Do Keychain reauthorization. This gets two chances to run. If the first
+  // try doesn't complete successfully (crashes or is interrupted for any
+  // reason), there will be a second chance. Once this step completes
+  // successfully, it should never have to run again.
+  NSString* const keychain_reauthorize_pref =
+      @"KeychainReauthorizeInAppSpring2017";
+  const int kKeychainReauthorizeMaxTries = 2;
+
+  chrome::KeychainReauthorizeIfNeeded(keychain_reauthorize_pref,
+                                      kKeychainReauthorizeMaxTries);
 }

 void ChromeBrowserMainPartsMac::PostMainMessageLoopStart() {

--- a/chrome/installer/mac/sign_app.sh.in
+++ b/chrome/installer/mac/sign_app.sh.in
@@ -47,9 +47,12 @@ helper_app="${versioned_dir}/@MAC_PRODUCT_NAME@ Helper.app"

 requirement_string="\
 designated => \
-(identifier \"com.google.Chrome\" or identifier \"com.google.Chrome.canary\") \
+(identifier \"com.google.Chrome\" or \
+identifier \"com.google.Chrome.beta\" or \
+identifier \"com.google.Chrome.dev\" or \
+identifier \"com.google.Chrome.canary\") \
 and (certificate leaf = H\"85cee8254216185620ddc8851c7a9fc4dfe120ef\" or \
-certificate leaf = H\"34f0bdf7f87d4f3a955862c351472e52250e4c2b\") \
+certificate leaf = H\"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a\") \
 "

 enforcement_flags="restrict"