Add a DBus method to check if USBGuard should be enabled on CrOS.

This feature flag gates the use of USBGuard on Chrome OS for blocking new USB devices from being used by the linux kernel at the lockscreen. CQ-DEPEND=CL:1154326 BUG=None TEST=verify that dbus-send works for CrOS. Signed-off-by: Allen Webb <allenwebb@google.com> Change-Id: Iba101f04b1882c3dbad539bf418457129d2cdf17 Reviewed-on: https://chromium-review.googlesource.com/1161011Reviewed-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Steven Bennetts <stevenjb@chromium.org> Cr-Commit-Position: refs/heads/master@{#580948}

Add a DBus method to check if USBGuard should be enabled on CrOS.
This feature flag gates the use of USBGuard on Chrome OS for blocking new USB devices from being used by the linux kernel at the lockscreen. CQ-DEPEND=CL:1154326 BUG=None TEST=verify that dbus-send works for CrOS. Signed-off-by: Allen Webb <allenwebb@google.com> Change-Id: Iba101f04b1882c3dbad539bf418457129d2cdf17 Reviewed-on: https://chromium-review.googlesource.com/1161011Reviewed-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Steven Bennetts <stevenjb@chromium.org> Cr-Commit-Position: refs/heads/master@{#580948}
631ac11a · Allen Webb · Commit Bot · e87b1789 · 631ac11a · 631ac11a
Commit 631ac11a authored Aug 06, 2018 by Allen Webb Committed by Commit Bot Aug 06, 2018
6 changed files
--- a/chrome/browser/chromeos/dbus/finch_features_service_provider_delegate.cc
+++ b/chrome/browser/chromeos/dbus/finch_features_service_provider_delegate.cc
@@ -4,10 +4,12 @@
 #include "chrome/browser/chromeos/dbus/finch_features_service_provider_delegate.h"
+#include "base/feature_list.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/crostini/crostini_util.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/profiles/profile_manager.h"
+#include "chrome/common/chrome_features.h"
 namespace chromeos {
@@ -28,4 +30,8 @@ bool FinchFeaturesServiceProviderDelegate::IsCrostiniEnabled(
  return IsCrostiniAllowedForProfile(profile);
 }
+bool FinchFeaturesServiceProviderDelegate::IsUsbguardEnabled() {
+  return base::FeatureList::IsEnabled(features::kUsbguard);
+}
 }  // namespace chromeos
--- a/chrome/browser/chromeos/dbus/finch_features_service_provider_delegate.h
+++ b/chrome/browser/chromeos/dbus/finch_features_service_provider_delegate.h
@@ -19,6 +19,7 @@ class FinchFeaturesServiceProviderDelegate
  // ChromeServiceProvider::Delegate:
  bool IsCrostiniEnabled(const std::string& user_id_hash) override;
+  bool IsUsbguardEnabled() override;
 private:
  DISALLOW_COPY_AND_ASSIGN(FinchFeaturesServiceProviderDelegate);

--- a/chrome/common/chrome_features.cc
+++ b/chrome/common/chrome_features.cc
@@ -649,6 +649,9 @@ const base::Feature kCrOSEnableUSMUserService{"CrOSEnableUSMUserService",
 // Enables or disables initialization & use of the Chrome OS ML Service.
 const base::Feature kMachineLearningService{"MachineLearningService",
                                            base::FEATURE_DISABLED_BY_DEFAULT};
+// Enable USBGuard at the lockscreen on Chrome OS.
+const base::Feature kUsbguard{"USBGuard", base::FEATURE_DISABLED_BY_DEFAULT};
 #endif  // defined(OS_CHROMEOS)
 #if !defined(OS_ANDROID)

--- a/chrome/common/chrome_features.h
+++ b/chrome/common/chrome_features.h
@@ -351,6 +351,8 @@ extern const base::Feature kTPMFirmwareUpdate;
 extern const base::Feature kCrOSEnableUSMUserService;
 extern const base::Feature kMachineLearningService;
+extern const base::Feature kUsbguard;
 #endif  // defined(OS_CHROMEOS)
 #if !defined(OS_ANDROID)

--- a/chromeos/dbus/services/chrome_features_service_provider.cc
+++ b/chromeos/dbus/services/chrome_features_service_provider.cc
@@ -28,6 +28,13 @@ void ChromeFeaturesServiceProvider::Start(
                          weak_ptr_factory_.GetWeakPtr()),
      base::BindRepeating(&ChromeFeaturesServiceProvider::OnExported,
                          weak_ptr_factory_.GetWeakPtr()));
+  exported_object->ExportMethod(
+      kChromeFeaturesServiceInterface,
+      kChromeFeaturesServiceIsUsbguardEnabledMethod,
+      base::BindRepeating(&ChromeFeaturesServiceProvider::IsUsbguardEnabled,
+                          weak_ptr_factory_.GetWeakPtr()),
+      base::BindRepeating(&ChromeFeaturesServiceProvider::OnExported,
+                          weak_ptr_factory_.GetWeakPtr()));
 }
 void ChromeFeaturesServiceProvider::OnExported(
@@ -59,4 +66,14 @@ void ChromeFeaturesServiceProvider::IsCrostiniEnabled(
  response_sender.Run(std::move(response));
 }
+void ChromeFeaturesServiceProvider::IsUsbguardEnabled(
+    dbus::MethodCall* method_call,
+    dbus::ExportedObject::ResponseSender response_sender) {
+  std::unique_ptr<dbus::Response> response =
+      dbus::Response::FromMethodCall(method_call);
+  dbus::MessageWriter writer(response.get());
+  writer.AppendBool(delegate_->IsUsbguardEnabled());
+  response_sender.Run(std::move(response));
+}
 }  // namespace chromeos
--- a/chromeos/dbus/services/chrome_features_service_provider.h
+++ b/chromeos/dbus/services/chrome_features_service_provider.h
@@ -41,6 +41,7 @@ class CHROMEOS_EXPORT ChromeFeaturesServiceProvider
    virtual ~Delegate() {}
    virtual bool IsCrostiniEnabled(const std::string& user_id_hash) = 0;
+    virtual bool IsUsbguardEnabled() = 0;
   private:
    DISALLOW_COPY_AND_ASSIGN(Delegate);
@@ -62,6 +63,8 @@ class CHROMEOS_EXPORT ChromeFeaturesServiceProvider
  // Called on UI thread in response to a D-Bus request.
  void IsCrostiniEnabled(dbus::MethodCall* method_call,
                         dbus::ExportedObject::ResponseSender response_sender);
+  void IsUsbguardEnabled(dbus::MethodCall* method_call,
+                         dbus::ExportedObject::ResponseSender response_sender);
  std::unique_ptr<Delegate> delegate_;
  // Keep this last so that all weak pointers will be invalidated at the