Skip to content

GitLab

T
tangled
Commit 8173aa83 authored by Alexander Hendrich's avatar Alexander Hendrich Committed by Commit Bot
Browse files
Options

[Extensions] Hardcode dialog titles for login screen extension UI 

So far the login screen extension UI window's dialog title was in the
form of "This authentication service is hosted by <<<EXTENSION_NAME>>>",
with <<<EXTENSION_NAME>>> being replaced by the extension's short name.
Privacy (yzd@) requested to update the title so that the extension has
no control over it, since a compromised extension could just have
"Google" as its short name, which would lead to a misleading dialog
title.
Since the list of extensions being able to display login screen UI is
very small, we will just hardcode the respective dialog title per
extension.


Bug: 997167
Change-Id: Iedd5b469df65cf1e125bcca5c5edc6bb71448e82
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1768626Reviewed-by: default avatarZakhar Voit <voit@google.com>
Commit-Queue: Alexander Hendrich <hendrich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#690351}
parent eb8b6a90
Hide whitespace changes
Inline Side-by-side
Showing with 30 additions and 4 deletions
chrome/browser/chromeos/extensions/login_screen/login_screen_ui/login_screen_extension_ui_handler.cc
View file @ 8173aa83
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
#include "ash/public/cpp/login_screen.h" #include "ash/public/cpp/login_screen.h"
#include "ash/public/cpp/login_screen_model.h" #include "ash/public/cpp/login_screen_model.h"
#include "ash/public/cpp/login_types.h" #include "ash/public/cpp/login_types.h"
#include "base/macros.h"
#include "chrome/browser/chromeos/login/ui/login_screen_extension_ui/login_screen_extension_ui_create_options.h" #include "chrome/browser/chromeos/login/ui/login_screen_extension_ui/login_screen_extension_ui_create_options.h"
#include "chrome/browser/chromeos/login/ui/login_screen_extension_ui/login_screen_extension_ui_window.h" #include "chrome/browser/chromeos/login/ui/login_screen_extension_ui/login_screen_extension_ui_window.h"
#include "chrome/browser/chromeos/profiles/profile_helper.h" #include "chrome/browser/chromeos/profiles/profile_helper.h"
...@@ -31,6 +32,30 @@ const char kErrorNotOnLoginOrLockScreen[] = ...@@ -31,6 +32,30 @@ const char kErrorNotOnLoginOrLockScreen[] =
LoginScreenExtensionUiHandler* g_instance = nullptr; LoginScreenExtensionUiHandler* g_instance = nullptr;
struct HardcodedExtensionNameMapping {
const char* extension_id;
const char* extension_name;
};
// Hardcoded extension names to be used in the window's dialog title.
// Intentionally not using |extension->name()| here to prevent a compromised
// extension from being able to control the dialog title's content.
const HardcodedExtensionNameMapping kHardcodedExtensionNameMappings[] = {
{"cdgickkdpbekbnalbmpgochbninibkko", "Imprivata"},
{"lpimkpkllnkdlcigdbgmabfplniahkgm", "Imprivata"},
{"oclffehlkdgibkainkilopaalpdobkan", "LoginScreenUi test extension"},
};
std::string GetHardcodedExtensionName(const extensions::Extension* extension) {
for (const HardcodedExtensionNameMapping& mapping :
kHardcodedExtensionNameMappings) {
if (mapping.extension_id == extension->id())
return mapping.extension_name;
}
NOTREACHED();
return "UNKNOWN EXTENSION";
}
bool CanUseLoginScreenUiApi(const extensions::Extension* extension) { bool CanUseLoginScreenUiApi(const extensions::Extension* extension) {
return extensions::ExtensionRegistry::Get(ProfileHelper::GetSigninProfile()) return extensions::ExtensionRegistry::Get(ProfileHelper::GetSigninProfile())
->enabled_extensions() ->enabled_extensions()
...@@ -93,8 +118,8 @@ bool LoginScreenExtensionUiHandler::Show(const extensions::Extension* extension, ...@@ -93,8 +118,8 @@ bool LoginScreenExtensionUiHandler::Show(const extensions::Extension* extension,
} }
LoginScreenExtensionUiCreateOptions create_options( LoginScreenExtensionUiCreateOptions create_options(
extension->short_name(), extension->GetResourceURL(resource_path), GetHardcodedExtensionName(extension),
can_be_closed_by_user, extension->GetResourceURL(resource_path), can_be_closed_by_user,
base::BindOnce( base::BindOnce(
base::IgnoreResult( base::IgnoreResult(
&LoginScreenExtensionUiHandler::RemoveWindowForExtension), &LoginScreenExtensionUiHandler::RemoveWindowForExtension),
......
chrome/browser/chromeos/extensions/login_screen/login_screen_ui/login_screen_extension_ui_handler_unittest.cc
View file @ 8173aa83
...@@ -124,7 +124,8 @@ class LoginScreenExtensionUiHandlerUnittest : public testing::Test { ...@@ -124,7 +124,8 @@ class LoginScreenExtensionUiHandlerUnittest : public testing::Test {
session_manager_.SetSessionState( session_manager_.SetSessionState(
session_manager::SessionState::LOGIN_PRIMARY); session_manager::SessionState::LOGIN_PRIMARY);
extension_ = extensions::ExtensionBuilder("test" /*extension_name*/) extension_ = extensions::ExtensionBuilder(
/*extension_name=*/"LoginScreenUi test extension")
.SetID(kWhitelistedExtensionID1) .SetID(kWhitelistedExtensionID1)
.SetLocation(extensions::Manifest::EXTERNAL_POLICY) .SetLocation(extensions::Manifest::EXTERNAL_POLICY)
.AddPermission(kPermissionName) .AddPermission(kPermissionName)
...@@ -286,7 +287,7 @@ TEST_F(LoginScreenExtensionUiHandlerUnittest, WindowClosedOnUnlock) { ...@@ -286,7 +287,7 @@ TEST_F(LoginScreenExtensionUiHandlerUnittest, WindowClosedOnUnlock) {
TEST_F(LoginScreenExtensionUiHandlerUnittest, TwoExtensionsInParallel) { TEST_F(LoginScreenExtensionUiHandlerUnittest, TwoExtensionsInParallel) {
scoped_refptr<const extensions::Extension> other_extension = scoped_refptr<const extensions::Extension> other_extension =
extensions::ExtensionBuilder("other extension" /*extension_name*/) extensions::ExtensionBuilder(/*extension_name=*/"Imprivata")
.SetID(kWhitelistedExtensionID2) .SetID(kWhitelistedExtensionID2)
.SetLocation(extensions::Manifest::EXTERNAL_POLICY) .SetLocation(extensions::Manifest::EXTERNAL_POLICY)
.AddPermission(kPermissionName) .AddPermission(kPermissionName)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment