Reland "[PasswordManager] Stop Using Native Backends on Linux systems"

This is a reland of 6811de35 It was reverted due to crbug.com/988010 The underlying issue was unrelated to that patch and has been fixed in https://chromium-review.googlesource.com/c/chromium/src/+/1722841 No changes are introduced and hence TBR'ing original reviewers. Original change's description: > [PasswordManager] Stop Using Native Backends on Linux systems > > Recent migrations moved all users who have been using the keying to the > LoginDatabase. This CL forces all users to using LoginDatabase > instead of native backends on Linux. > > TBR=pcc@chromium.org > > Change-Id: Ibac11e68d8f354ecf7f3c9828d95777ea5b3df60 > Bug: 950269, 950267 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1713560 > Reviewed-by: Mohamed Amir Yosef <mamir@chromium.org> > Reviewed-by: Peter Collingbourne <pcc@chromium.org> > Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> > Reviewed-by: Christos Froussios <cfroussios@chromium.org> > Commit-Queue: Mohamed Amir Yosef <mamir@chromium.org> > Cr-Commit-Position: refs/heads/master@{#681042} TBR=cfroussios@chromium.org,vasilii@chromium.org,pcc@chromium.org Bug: 950269, 950267 Change-Id: I1f091e18f6e23da8a2c8588c9a00bdb08fbda2f0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1722964Reviewed-by: Mohamed Amir Yosef <mamir@chromium.org> Commit-Queue: Mohamed Amir Yosef <mamir@chromium.org> Cr-Commit-Position: refs/heads/master@{#681798}

Reland "[PasswordManager] Stop Using Native Backends on Linux systems"
This is a reland of 6811de35 It was reverted due to crbug.com/988010 The underlying issue was unrelated to that patch and has been fixed in https://chromium-review.googlesource.com/c/chromium/src/+/1722841 No changes are introduced and hence TBR'ing original reviewers. Original change's description: > [PasswordManager] Stop Using Native Backends on Linux systems > > Recent migrations moved all users who have been using the keying to the > LoginDatabase. This CL forces all users to using LoginDatabase > instead of native backends on Linux. > > TBR=pcc@chromium.org > > Change-Id: Ibac11e68d8f354ecf7f3c9828d95777ea5b3df60 > Bug: 950269, 950267 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1713560 > Reviewed-by: Mohamed Amir Yosef <mamir@chromium.org> > Reviewed-by: Peter Collingbourne <pcc@chromium.org> > Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> > Reviewed-by: Christos Froussios <cfroussios@chromium.org> > Commit-Queue: Mohamed Amir Yosef <mamir@chromium.org> > Cr-Commit-Position: refs/heads/master@{#681042} TBR=cfroussios@chromium.org,vasilii@chromium.org,pcc@chromium.org Bug: 950269, 950267 Change-Id: I1f091e18f6e23da8a2c8588c9a00bdb08fbda2f0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1722964Reviewed-by: Mohamed Amir Yosef <mamir@chromium.org> Commit-Queue: Mohamed Amir Yosef <mamir@chromium.org> Cr-Commit-Position: refs/heads/master@{#681798}
33cff2fc · Mohamed Amir Yosef · Commit Bot · 5ee28d3d · 33cff2fc · 5ee28d3d
Commit 33cff2fc authored Jul 29, 2019 by Mohamed Amir Yosef Committed by Commit Bot Jul 29, 2019
19 changed files
--- a/chrome/browser/BUILD.gn
+++ b/chrome/browser/BUILD.gn
@@ -3850,8 +3850,6 @@ jumbo_split_static_library("browser") {
      "first_run/upgrade_util_linux.cc",
      "first_run/upgrade_util_linux.h",
      "icon_loader_auralinux.cc",
-      "password_manager/native_backend_kwallet_x.cc",
-      "password_manager/native_backend_kwallet_x.h",
      "platform_util_linux.cc",
      "shell_integration_linux.cc",
      "shell_integration_linux.h",
@@ -3883,16 +3881,6 @@ jumbo_split_static_library("browser") {
      ]
    }
-    # libsecret hard depends on GLib.
-    if (use_glib) {
-      sources += [
-        "password_manager/native_backend_libsecret.cc",
-        "password_manager/native_backend_libsecret.h",
-      ]
-      defines += [ "USE_LIBSECRET" ]
-      deps += [ "//third_party/libsecret" ]
-    }
    if (use_ozone) {
      sources += [
        "fullscreen_ozone.cc",
@@ -5083,14 +5071,6 @@ jumbo_split_static_library("browser") {
    configs += [ "//printing:cups" ]
  }
-  if (use_gnome_keyring) {
-    sources += [
-      "password_manager/native_backend_gnome_x.cc",
-      "password_manager/native_backend_gnome_x.h",
-    ]
-    configs += [ "//components/os_crypt:gnome_keyring" ]
-  }
  if (use_nss_certs) {
    sources += [
      "certificate_manager_model.cc",

--- a/chrome/browser/password_manager/native_backend_gnome_x.cc
+++ b/chrome/browser/password_manager/native_backend_gnome_x.cc
--- a/chrome/browser/password_manager/native_backend_gnome_x.h
+++ b/chrome/browser/password_manager/native_backend_gnome_x.h
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-#ifndef CHROME_BROWSER_PASSWORD_MANAGER_NATIVE_BACKEND_GNOME_X_H_
-#define CHROME_BROWSER_PASSWORD_MANAGER_NATIVE_BACKEND_GNOME_X_H_
-#include <memory>
-#include <string>
-#include <vector>
-#include "base/compiler_specific.h"
-#include "base/macros.h"
-#include "base/memory/ref_counted.h"
-#include "base/sequenced_task_runner.h"
-#include "base/time/time.h"
-#include "chrome/browser/password_manager/password_store_factory.h"
-#include "chrome/browser/password_manager/password_store_x.h"
-#include "chrome/browser/profiles/profile.h"
-#include "components/os_crypt/keyring_util_linux.h"
-namespace autofill {
-struct PasswordForm;
-}
-// NativeBackend implementation using GNOME Keyring.
-class NativeBackendGnome : public PasswordStoreX::NativeBackend,
-                           public GnomeKeyringLoader {
- public:
-  explicit NativeBackendGnome(LocalProfileId id);
-  ~NativeBackendGnome() override;
-  bool Init() override;
-  // Implements NativeBackend interface.
-  password_manager::PasswordStoreChangeList AddLogin(
-      const autofill::PasswordForm& form) override;
-  bool UpdateLogin(const autofill::PasswordForm& form,
-                   password_manager::PasswordStoreChangeList* changes) override;
-  bool RemoveLogin(const autofill::PasswordForm& form,
-                   password_manager::PasswordStoreChangeList* changes) override;
-  bool RemoveLoginsCreatedBetween(
-      base::Time delete_begin,
-      base::Time delete_end,
-      password_manager::PasswordStoreChangeList* changes) override;
-  bool DisableAutoSignInForOrigins(
-      const base::Callback<bool(const GURL&)>& origin_filter,
-      password_manager::PasswordStoreChangeList* changes) override;
-  bool GetLogins(
-      const password_manager::PasswordStore::FormDigest& form,
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) override;
-  bool GetAutofillableLogins(
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) override;
-  bool GetBlacklistLogins(
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) override;
-  bool GetAllLogins(
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) override;
-  scoped_refptr<base::SequencedTaskRunner> GetBackgroundTaskRunner() override;
- private:
-  // Adds a login form without checking for one to replace first.
-  bool RawAddLogin(const autofill::PasswordForm& form);
-  // Retrieves all autofillable or all blacklisted credentials (depending on
-  // |autofillable|) from the keyring into |forms|, overwriting the original
-  // contents of |forms|. Returns true on success.
-  bool GetLoginsList(bool autofillable,
-                     std::vector<std::unique_ptr<autofill::PasswordForm>>*
-                         forms) WARN_UNUSED_RESULT;
-  // The app string, possibly based on the local profile id.
-  std::string app_string_;
-  scoped_refptr<base::SequencedTaskRunner> main_task_runner_;
-  scoped_refptr<base::SequencedTaskRunner> background_task_runner_;
-  DISALLOW_COPY_AND_ASSIGN(NativeBackendGnome);
-};
-#endif  // CHROME_BROWSER_PASSWORD_MANAGER_NATIVE_BACKEND_GNOME_X_H_
--- a/chrome/browser/password_manager/native_backend_gnome_x_unittest.cc
+++ b/chrome/browser/password_manager/native_backend_gnome_x_unittest.cc
--- a/chrome/browser/password_manager/native_backend_kwallet_x.cc
+++ b/chrome/browser/password_manager/native_backend_kwallet_x.cc
--- a/chrome/browser/password_manager/native_backend_kwallet_x.h
+++ b/chrome/browser/password_manager/native_backend_kwallet_x.h
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-#ifndef CHROME_BROWSER_PASSWORD_MANAGER_NATIVE_BACKEND_KWALLET_X_H_
-#define CHROME_BROWSER_PASSWORD_MANAGER_NATIVE_BACKEND_KWALLET_X_H_
-#include <memory>
-#include <string>
-#include <vector>
-#include "base/compiler_specific.h"
-#include "base/macros.h"
-#include "base/memory/ref_counted.h"
-#include "base/nix/xdg_util.h"
-#include "base/sequenced_task_runner.h"
-#include "base/time/time.h"
-#include "chrome/browser/password_manager/password_store_factory.h"
-#include "chrome/browser/password_manager/password_store_x.h"
-#include "chrome/browser/profiles/profile.h"
-#include "components/os_crypt/kwallet_dbus.h"
-namespace autofill {
-struct PasswordForm;
-}
-namespace base {
-class Pickle;
-class WaitableEvent;
-}
-// NativeBackend implementation using KWallet.
-class NativeBackendKWallet : public PasswordStoreX::NativeBackend {
- public:
-  NativeBackendKWallet(LocalProfileId id,
-                       base::nix::DesktopEnvironment desktop_env);
-  ~NativeBackendKWallet() override;
-  bool Init() override;
-  // Implements NativeBackend interface.
-  password_manager::PasswordStoreChangeList AddLogin(
-      const autofill::PasswordForm& form) override;
-  bool UpdateLogin(const autofill::PasswordForm& form,
-                   password_manager::PasswordStoreChangeList* changes) override;
-  bool RemoveLogin(const autofill::PasswordForm& form,
-                   password_manager::PasswordStoreChangeList* changes) override;
-  bool RemoveLoginsCreatedBetween(
-      base::Time delete_begin,
-      base::Time delete_end,
-      password_manager::PasswordStoreChangeList* changes) override;
-  bool DisableAutoSignInForOrigins(
-      const base::Callback<bool(const GURL&)>& origin_filter,
-      password_manager::PasswordStoreChangeList* changes) override;
-  bool GetLogins(
-      const password_manager::PasswordStore::FormDigest& form,
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) override;
-  bool GetAutofillableLogins(
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) override;
-  bool GetBlacklistLogins(
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) override;
-  bool GetAllLogins(
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) override;
-  scoped_refptr<base::SequencedTaskRunner> GetBackgroundTaskRunner() override;
- protected:
-  // Invalid handle returned by WalletHandle().
-  static const int kInvalidKWalletHandle = -1;
-  // Internally used by Init(), but also for testing to provide a mock bus.
-  bool InitWithBus(scoped_refptr<dbus::Bus> optional_bus);
-  // Deserializes a list of PasswordForms from the wallet.
-  static std::vector<std::unique_ptr<autofill::PasswordForm>> DeserializeValue(
-      const std::string& signon_realm,
-      const base::Pickle& pickle);
- private:
-  enum InitResult {
-    INIT_SUCCESS,    // Init succeeded.
-    TEMPORARY_FAIL,  // Init failed, but might succeed after StartKWalletd().
-    PERMANENT_FAIL   // Init failed, and is not likely to work later either.
-  };
-  enum class BlacklistOptions { AUTOFILLABLE, BLACKLISTED };
-  // Initialization.
-  InitResult InitWallet();
-  void InitOnBackgroundTaskRunner(scoped_refptr<dbus::Bus> optional_bus,
-                                  base::WaitableEvent* event,
-                                  bool* success);
-  // Overwrites |forms| with all credentials matching |signon_realm|. Returns
-  // true on success.
-  bool GetLoginsList(const std::string& signon_realm,
-                     int wallet_handle,
-                     std::vector<std::unique_ptr<autofill::PasswordForm>>*
-                         forms) WARN_UNUSED_RESULT;
-  // Overwrites |forms| with all credentials matching |options|. Returns true on
-  // success.
-  bool GetLoginsList(BlacklistOptions options,
-                     int wallet_handle,
-                     std::vector<std::unique_ptr<autofill::PasswordForm>>*
-                         forms) WARN_UNUSED_RESULT;
-  // Overwrites |forms| with all stored credentials. Returns true on success.
-  bool GetAllLoginsInternal(
-      int wallet_handle,
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms)
-      WARN_UNUSED_RESULT;
-  // Writes a list of PasswordForms to the wallet with the given signon_realm.
-  // Overwrites any existing list for this signon_realm. Removes the entry if
-  // |forms| is empty. Returns true on success.
-  bool SetLoginsList(
-      const std::vector<std::unique_ptr<autofill::PasswordForm>>& forms,
-      const std::string& signon_realm,
-      int wallet_handle);
-  // Opens the wallet and ensures that the "Chrome Form Data" folder exists.
-  // Returns kInvalidWalletHandle on error.
-  int WalletHandle();
-  // Generates a profile-specific folder name based on profile_id_.
-  std::string GetProfileSpecificFolderName() const;
-  // The local profile id, used to generate the folder name.
-  const LocalProfileId profile_id_;
-  KWalletDBus kwallet_dbus_;
-  // The KWallet folder name, possibly based on the local profile id.
-  std::string folder_name_;
-  // The name of the wallet we've opened. Set during Init().
-  std::string wallet_name_;
-  // The application name (e.g. "Chromium"), shown in KWallet auth dialogs.
-  const std::string app_name_;
-  DISALLOW_COPY_AND_ASSIGN(NativeBackendKWallet);
-};
-#endif  // CHROME_BROWSER_PASSWORD_MANAGER_NATIVE_BACKEND_KWALLET_X_H_
--- a/chrome/browser/password_manager/native_backend_kwallet_x_unittest.cc
+++ b/chrome/browser/password_manager/native_backend_kwallet_x_unittest.cc
--- a/chrome/browser/password_manager/native_backend_libsecret.cc
+++ b/chrome/browser/password_manager/native_backend_libsecret.cc
--- a/chrome/browser/password_manager/native_backend_libsecret.h
+++ b/chrome/browser/password_manager/native_backend_libsecret.h
-// Copyright (c) 2015 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-#ifndef CHROME_BROWSER_PASSWORD_MANAGER_NATIVE_BACKEND_LIBSECRET_H_
-#define CHROME_BROWSER_PASSWORD_MANAGER_NATIVE_BACKEND_LIBSECRET_H_
-#include <memory>
-#include <string>
-#include <vector>
-#include "base/compiler_specific.h"
-#include "base/macros.h"
-#include "base/sequenced_task_runner.h"
-#include "base/time/time.h"
-#include "chrome/browser/password_manager/password_store_factory.h"
-#include "chrome/browser/password_manager/password_store_x.h"
-#include "chrome/browser/profiles/profile.h"
-#include "components/os_crypt/libsecret_util_linux.h"
-namespace autofill {
-struct PasswordForm;
-}
-class NativeBackendLibsecret : public PasswordStoreX::NativeBackend {
- public:
-  explicit NativeBackendLibsecret(LocalProfileId id);
-  ~NativeBackendLibsecret() override;
-  bool Init() override;
-  // Implements NativeBackend interface.
-  password_manager::PasswordStoreChangeList AddLogin(
-      const autofill::PasswordForm& form) override;
-  bool UpdateLogin(const autofill::PasswordForm& form,
-                   password_manager::PasswordStoreChangeList* changes) override;
-  bool RemoveLogin(const autofill::PasswordForm& form,
-                   password_manager::PasswordStoreChangeList* changes) override;
-  bool RemoveLoginsCreatedBetween(
-      base::Time delete_begin,
-      base::Time delete_end,
-      password_manager::PasswordStoreChangeList* changes) override;
-  bool DisableAutoSignInForOrigins(
-      const base::Callback<bool(const GURL&)>& origin_filter,
-      password_manager::PasswordStoreChangeList* changes) override;
-  bool GetLogins(
-      const password_manager::PasswordStore::FormDigest& form,
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) override;
-  bool GetAutofillableLogins(
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) override;
-  bool GetBlacklistLogins(
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) override;
-  bool GetAllLogins(
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) override;
-  scoped_refptr<base::SequencedTaskRunner> GetBackgroundTaskRunner() override;
- private:
-  // Returns credentials matching |lookup_form| via |forms|.
-  bool AddUpdateLoginSearch(
-      const autofill::PasswordForm& lookup_form,
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms);
-  // Adds a login form without checking for one to replace first.
-  bool RawAddLogin(const autofill::PasswordForm& form);
-  enum GetLoginsListOptions {
-    ALL_LOGINS,
-    AUTOFILLABLE_LOGINS,
-    BLACKLISTED_LOGINS,
-  };
-  // Retrieves credentials matching |options| from the keyring into |forms|,
-  // overwriting the original contents of |forms|. If |lookup_form| is not NULL,
-  // only retrieves credentials PSL-matching it. Returns true on success.
-  bool GetLoginsList(
-      const password_manager::PasswordStore::FormDigest* lookup_form,
-      GetLoginsListOptions options,
-      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms)
-      WARN_UNUSED_RESULT;
-  // Convert data get from Libsecret to Passwordform. Uses |lookup_form| for
-  // additional (PSL) matching, if present.
-  std::vector<std::unique_ptr<autofill::PasswordForm>> ConvertFormList(
-      GList* found,
-      const password_manager::PasswordStore::FormDigest* lookup_form);
-  // The app string, possibly based on the local profile id.
-  std::string app_string_;
-  // True if we're already ensured that the default keyring has been unlocked
-  // once.
-  bool ensured_keyring_unlocked_;
-  DISALLOW_COPY_AND_ASSIGN(NativeBackendLibsecret);
-};
-#endif  // CHROME_BROWSER_PASSWORD_MANAGER_NATIVE_BACKEND_LIBSECRET_H_
--- a/chrome/browser/password_manager/native_backend_libsecret_unittest.cc
+++ b/chrome/browser/password_manager/native_backend_libsecret_unittest.cc
--- a/chrome/browser/password_manager/password_store_factory.cc
+++ b/chrome/browser/password_manager/password_store_factory.cc
@@ -49,14 +49,6 @@
 #elif defined(OS_CHROMEOS) || defined(OS_ANDROID)
 // Don't do anything. We're going to use the default store.
 #elif defined(USE_X11)
-#include "components/os_crypt/key_storage_util_linux.h"
-#if defined(USE_GNOME_KEYRING)
-#include "chrome/browser/password_manager/native_backend_gnome_x.h"
-#endif
-#if defined(USE_LIBSECRET)
-#include "chrome/browser/password_manager/native_backend_libsecret.h"
-#endif
-#include "chrome/browser/password_manager/native_backend_kwallet_x.h"
 #include "chrome/browser/password_manager/password_store_x.h"
 #endif
@@ -180,96 +172,9 @@ PasswordStoreFactory::BuildServiceInstanceFor(
 #if defined(OS_WIN)
  ps = new password_manager::PasswordStoreDefault(std::move(login_db));
 #elif defined(OS_CHROMEOS) || defined(OS_ANDROID) || defined(OS_MACOSX)
-  // For now, we use PasswordStoreDefault. We might want to make a native
-  // backend for PasswordStoreX (see below) in the future though.
  ps = new password_manager::PasswordStoreDefault(std::move(login_db));
 #elif defined(USE_X11)
-  // On POSIX systems, we try to use the "native" password management system of
+  ps = new PasswordStoreX(std::move(login_db), profile->GetPrefs());
-  // the desktop environment currently running, allowing GNOME Keyring in XFCE.
-  // (In all cases we fall back on the basic store in case of failure.)
-  base::nix::DesktopEnvironment desktop_env = GetDesktopEnvironment();
-  std::string store_type =
-      base::CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
-          switches::kPasswordStore);
-  LinuxBackendUsed used_backend = PLAINTEXT;
-  PrefService* prefs = profile->GetPrefs();
-  LocalProfileId id = GetLocalProfileId(prefs);
-  bool use_preference = base::CommandLine::ForCurrentProcess()->HasSwitch(
-      switches::kEnableEncryptionSelection);
-  bool use_backend = true;
-  if (use_preference) {
-    base::FilePath user_data_dir;
-    chrome::GetDefaultUserDataDirectory(&user_data_dir);
-    use_backend = os_crypt::GetBackendUse(user_data_dir);
-  }
-  os_crypt::SelectedLinuxBackend selected_backend =
-      os_crypt::SelectBackend(store_type, use_backend, desktop_env);
-  std::unique_ptr<PasswordStoreX::NativeBackend> backend;
-  if (selected_backend == os_crypt::SelectedLinuxBackend::KWALLET ||
-      selected_backend == os_crypt::SelectedLinuxBackend::KWALLET5) {
-    VLOG(1) << "Trying KWallet for password storage.";
-    base::nix::DesktopEnvironment used_desktop_env =
-        selected_backend == os_crypt::SelectedLinuxBackend::KWALLET
-            ? base::nix::DESKTOP_ENVIRONMENT_KDE4
-            : base::nix::DESKTOP_ENVIRONMENT_KDE5;
-    backend.reset(new NativeBackendKWallet(id, used_desktop_env));
-    if (backend->Init()) {
-      VLOG(1) << "Using KWallet for password storage.";
-      used_backend = KWALLET;
-    } else {
-      backend.reset();
-    }
-  } else if (selected_backend == os_crypt::SelectedLinuxBackend::GNOME_ANY ||
-             selected_backend ==
-                 os_crypt::SelectedLinuxBackend::GNOME_KEYRING ||
-             selected_backend ==
-                 os_crypt::SelectedLinuxBackend::GNOME_LIBSECRET) {
-#if defined(USE_LIBSECRET)
-    if (selected_backend == os_crypt::SelectedLinuxBackend::GNOME_ANY ||
-        selected_backend == os_crypt::SelectedLinuxBackend::GNOME_LIBSECRET) {
-      VLOG(1) << "Trying libsecret for password storage.";
-      backend.reset(new NativeBackendLibsecret(id));
-      if (backend->Init()) {
-        VLOG(1) << "Using libsecret keyring for password storage.";
-        used_backend = LIBSECRET;
-      } else {
-        backend.reset();
-      }
-    }
-#endif  // defined(USE_LIBSECRET)
-#if defined(USE_GNOME_KEYRING)
-    if (!backend.get() &&
-        (selected_backend == os_crypt::SelectedLinuxBackend::GNOME_ANY ||
-         selected_backend == os_crypt::SelectedLinuxBackend::GNOME_KEYRING)) {
-      VLOG(1) << "Trying GNOME keyring for password storage.";
-      backend.reset(new NativeBackendGnome(id));
-      if (backend->Init()) {
-        VLOG(1) << "Using GNOME keyring for password storage.";
-        used_backend = GNOME_KEYRING;
-      } else {
-        backend.reset();
-      }
-    }
-#endif  // defined(USE_GNOME_KEYRING)
-  }
-  if (!backend.get()) {
-    LOG(WARNING) << "Using basic (unencrypted) store for password storage. "
-        "See "
-        "https://chromium.googlesource.com/chromium/src/+/master/docs/linux_password_storage.md"
-        " for more information about password storage options.";
-  }
-  ps = new PasswordStoreX(
-      std::move(login_db),
-      profile->GetPath().Append(password_manager::kLoginDataFileName),
-      profile->GetPath().Append(password_manager::kSecondLoginDataFileName),
-      std::move(backend), prefs);
-  RecordBackendStatistics(desktop_env, store_type, used_backend);
 #elif defined(USE_OZONE)
  ps = new password_manager::PasswordStoreDefault(std::move(login_db));
 #else

--- a/chrome/browser/password_manager/password_store_x.cc
+++ b/chrome/browser/password_manager/password_store_x.cc
--- a/chrome/browser/password_manager/password_store_x.h
+++ b/chrome/browser/password_manager/password_store_x.h
@@ -21,13 +21,10 @@ namespace password_manager {
 class LoginDatabase;
 }
-// PasswordStoreX is used on Linux and other non-Windows, non-Mac OS X
+// PasswordStoreX is used on Linux and other non-Windows, non-Mac OS X operating
-// operating systems. It uses a "native backend" to actually store the password
+// systems. It is used as a proxy for the PasswordStoreDefault that basically
-// data when such a backend is available, and otherwise falls back to using the
+// takes care of migrating the passwords of the users to login database. Once
-// login database like PasswordStoreDefault. It also handles automatically
+// all users are migrated we should delete this class.
-// migrating password data to a native backend from the login database.
-//
-// There are currently native backends for GNOME Keyring and KWallet.
 class PasswordStoreX : public password_manager::PasswordStoreDefault {
 public:
  // The state of the migration from native backends and an unencrypted loginDB
@@ -61,73 +58,7 @@ class PasswordStoreX : public password_manager::PasswordStoreDefault {
    FAILED_WRITE_TO_ENCRYPTED,
  };
-  // NativeBackends more or less implement the PaswordStore interface, but
-  // with return values rather than implicit consumer notification.
-  class NativeBackend {
-   public:
-    virtual ~NativeBackend() {}
-    virtual bool Init() = 0;
-    virtual password_manager::PasswordStoreChangeList AddLogin(
-        const autofill::PasswordForm& form) = 0;
-    // Updates |form| and appends the changes to |changes|. |changes| shouldn't
-    // be null. Returns false iff the operation failed due to a system backend
-    // error.
-    virtual bool UpdateLogin(
-        const autofill::PasswordForm& form,
-        password_manager::PasswordStoreChangeList* changes) = 0;
-    // Removes |form| and appends the changes to |changes|. |changes| shouldn't
-    // be null. Returns false iff the operation failed due to a system backend
-    // error.
-    virtual bool RemoveLogin(
-        const autofill::PasswordForm& form,
-        password_manager::PasswordStoreChangeList* changes) = 0;
-    // Removes all logins created/synced from |delete_begin| onwards (inclusive)
-    // and before |delete_end|. You may use a null Time value to do an unbounded
-    // delete in either direction.
-    virtual bool RemoveLoginsCreatedBetween(
-        base::Time delete_begin,
-        base::Time delete_end,
-        password_manager::PasswordStoreChangeList* changes) = 0;
-    // Sets the 'skip_zero_click' flag to 'true' for all logins in the database
-    // that match |origin_filter|.
-    virtual bool DisableAutoSignInForOrigins(
-        const base::Callback<bool(const GURL&)>& origin_filter,
-        password_manager::PasswordStoreChangeList* changes) = 0;
-    // The three methods below overwrite |forms| with all stored credentials
-    // matching |form|, all stored non-blacklisted credentials, and all stored
-    // blacklisted credentials, respectively. On success, they return true.
-    virtual bool GetLogins(const FormDigest& form,
-                           std::vector<std::unique_ptr<autofill::PasswordForm>>*
-                               forms) WARN_UNUSED_RESULT = 0;
-    virtual bool GetAutofillableLogins(
-        std::vector<std::unique_ptr<autofill::PasswordForm>>* forms)
-        WARN_UNUSED_RESULT = 0;
-    virtual bool GetBlacklistLogins(
-        std::vector<std::unique_ptr<autofill::PasswordForm>>* forms)
-        WARN_UNUSED_RESULT = 0;
-    virtual bool GetAllLogins(
-        std::vector<std::unique_ptr<autofill::PasswordForm>>* forms)
-        WARN_UNUSED_RESULT = 0;
-    // Returns the background thread in case the backend uses one, or null.
-    virtual scoped_refptr<base::SequencedTaskRunner>
-    GetBackgroundTaskRunner() = 0;
-  };
-  // |backend| may be NULL in which case this PasswordStoreX will act the same
-  // as PasswordStoreDefault. |login_db| is the default location and does not
-  // use encryption. |login_db_file| is the location of |login_db|.
-  // |encrypted_login_db_file| is a separate file and is used for the migration
-  // to encryption.
  PasswordStoreX(std::unique_ptr<password_manager::LoginDatabase> login_db,
-                 base::FilePath login_db_file,
-                 base::FilePath encrypted_login_db_file,
-                 std::unique_ptr<NativeBackend> backend,
                 PrefService* prefs);
  // RefcountedKeyedService:
@@ -143,8 +74,6 @@ class PasswordStoreX : public password_manager::PasswordStoreDefault {
      override;
 private:
-  friend class PasswordStoreXTest;
  ~PasswordStoreX() override;
  // Implements PasswordStore interface.
@@ -174,38 +103,9 @@ class PasswordStoreX : public password_manager::PasswordStoreDefault {
  bool FillBlacklistLogins(
      std::vector<std::unique_ptr<autofill::PasswordForm>>* forms) override;
-  // Check to see whether migration from the unencrypted loginDB is necessary,
+  // Checks whether the login database is encrypted or not.
-  // and perform it if so. Additionally, if the migration to encryption is
-  // enabled, then the passwords will also be copied into the encrypted login
-  // database and PasswordStoreX will serve from there. If this migration was
-  // completed in a previous run, CheckMigration will simply enable serving from
-  // the encrypted login database.
  void CheckMigration();
-  // Return true if we should try using the native backend.
-  bool use_native_backend() { return !!backend_.get(); }
-  // Return true if we can fall back on the default store, warning the first
-  // time we call it when falling back is necessary. See |allow_fallback_|.
-  bool allow_default_store();
-  // Synchronously migrates all the passwords stored in the login database
-  // (PasswordStoreDefault) to the native backend. If successful, the login
-  // database will be left with no stored passwords, and the number of passwords
-  // migrated will be returned. (This might be 0 if migration was not
-  // necessary.) Returns < 0 on failure.
-  ssize_t MigrateToNativeBackend();
-  // Moves the passwords from the backend to a temporary login database, using
-  // encryption, and then moves them over to the standard location. This
-  // operation can take a significant amount of time.
-  void MigrateToEncryptedLoginDB();
-  // Synchronously copies everything from the |backend_| to |login_db|. Returns
-  // COPIED_ALL on success and FAILED on error.
-  MigrationToLoginDBStep CopyBackendToLoginDB(
-      password_manager::LoginDatabase* login_db);
  // Update |migration_to_login_db_step_| and |migration_step_pref_|.
  void UpdateMigrationToLoginDBStep(MigrationToLoginDBStep step);
@@ -213,19 +113,8 @@ class PasswordStoreX : public password_manager::PasswordStoreDefault {
  // thread.
  void UpdateMigrationPref(MigrationToLoginDBStep step);
-  // The native backend in use, or NULL if none.
-  std::unique_ptr<NativeBackend> backend_;
-  // The location of the PasswordStoreDefault's database.
-  const base::FilePath login_db_file_;
-  // A second login database, which will hold encrypted values during migration.
-  const base::FilePath encrypted_login_db_file_;
  // Whether we have already attempted migration to the native store.
  bool migration_checked_;
-  // Whether we should allow falling back to the default store. If there is
-  // nothing to migrate, then the first attempt to use the native store will
-  // be the first time we try to use it and we should allow falling back. If
-  // we have migrated successfully, then we do not allow falling back.
-  bool allow_fallback_;
  // Tracks the last completed step in the migration from the native backends to
  // LoginDB.
  IntegerPrefMember migration_step_pref_;

--- a/chrome/browser/password_manager/password_store_x_unittest.cc
+++ b/chrome/browser/password_manager/password_store_x_unittest.cc
--- a/chrome/test/BUILD.gn
+++ b/chrome/test/BUILD.gn
@@ -4433,7 +4433,6 @@ test("unit_tests") {
  }
  if (!is_chromeos && is_linux) {
    sources += [
-      "../browser/password_manager/native_backend_kwallet_x_unittest.cc",
      "../browser/shell_integration_linux_unittest.cc",
      "../browser/ui/input_method/input_method_engine_unittest.cc",
    ]
@@ -4676,21 +4675,6 @@ test("unit_tests") {
  } else {
    sources -= [ "../browser/password_manager/password_store_x_unittest.cc" ]
  }
-  if (use_gnome_keyring && current_cpu == "x64") {
-    # Only add this test for 64 bit builds because otherwise we need the 32
-    # bit library on 64 bit systems when running this test.
-    sources +=
-        [ "../browser/password_manager/native_backend_gnome_x_unittest.cc" ]
-    configs += [
-      "//components/os_crypt:gnome_keyring",
-      "//components/os_crypt:gnome_keyring_direct",
-    ]
-  }
-  if (is_linux && !is_chromeos && !use_ozone) {
-    sources +=
-        [ "../browser/password_manager/native_backend_libsecret_unittest.cc" ]
-    deps += [ "//third_party/libsecret" ]
-  }
  if (is_linux && use_aura) {
    deps += [ "//ui/aura:test_support" ]
    if (use_dbus) {

--- a/components/password_manager/core/browser/login_database.cc
+++ b/components/password_manager/core/browser/login_database.cc
@@ -1459,6 +1459,12 @@ bool LoginDatabase::GetAllLoginsWithBlacklistSetting(
  return true;
 }
+bool LoginDatabase::IsEmpty() {
+  sql::Statement s(
+      db_.GetCachedStatement(SQL_FROM_HERE, "SELECT COUNT(*) FROM logins"));
+  return s.Step() && s.ColumnInt(0) == 0;
+}
 bool LoginDatabase::DeleteAndRecreateDatabaseFile() {
  DCHECK(db_.is_open());
  meta_table_.Reset();

--- a/components/password_manager/core/browser/login_database.h
+++ b/components/password_manager/core/browser/login_database.h
@@ -152,6 +152,8 @@ class LoginDatabase : public PasswordStoreSync::MetadataStore {
  // whether further use of this login database will succeed is unspecified.
  bool DeleteAndRecreateDatabaseFile();
+  bool IsEmpty();
  // On MacOS, it deletes all logins from the database that cannot be decrypted
  // when encryption key from Keychain is available. If the Keychain is locked,
  // it does nothing and returns ENCRYPTION_UNAVAILABLE. If it's not running on

--- a/components/password_manager/core/browser/login_database_unittest.cc
+++ b/components/password_manager/core/browser/login_database_unittest.cc
@@ -283,6 +283,7 @@ TEST_F(LoginDatabaseTest, Logins) {
  // Verify the database is empty.
  EXPECT_TRUE(db().GetAutofillableLogins(&result));
  EXPECT_EQ(0U, result.size());
+  EXPECT_TRUE(db().IsEmpty());
  EXPECT_EQ(db().GetAllLogins(&key_to_form_map), FormRetrievalResult::kSuccess);
  EXPECT_EQ(0U, key_to_form_map.size());
@@ -299,6 +300,7 @@ TEST_F(LoginDatabaseTest, Logins) {
  EXPECT_TRUE(db().GetAutofillableLogins(&result));
  ASSERT_EQ(1U, result.size());
  EXPECT_EQ(form, *result[0]);
+  EXPECT_FALSE(db().IsEmpty());
  result.clear();
  EXPECT_EQ(db().GetAllLogins(&key_to_form_map), FormRetrievalResult::kSuccess);
@@ -391,6 +393,7 @@ TEST_F(LoginDatabaseTest, Logins) {
  EXPECT_EQ(2, changes[0].primary_key());
  EXPECT_TRUE(db().GetAutofillableLogins(&result));
  EXPECT_EQ(0U, result.size());
+  EXPECT_TRUE(db().IsEmpty());
 }
 TEST_F(LoginDatabaseTest, AddLoginReturnsPrimaryKey) {

--- a/tools/cfi/blacklist.txt
+++ b/tools/cfi/blacklist.txt
@@ -159,8 +159,6 @@ src:*device/udev_linux/udev1_loader.cc
 src:*ui/gl/gl_bindings_autogen_*
 src:*components/os_crypt/*
-src:*chrome/browser/password_manager/native_backend_gnome_x.cc
-src:*chrome/browser/password_manager/native_backend_libsecret*
 src:*content/browser/accessibility/browser_accessibility_auralinux.cc
 src:*ui/accessibility/platform/ax_platform_node_auralinux.cc