Skip to content

GitLab

T
tangled
Commit add2f7a1 authored by Christopher Cameron's avatar Christopher Cameron Committed by Commit Bot
Browse files
Options

Disable app shim signature check 

App shims aren't starting on 73.0.3677.0.

TBR=sdy

Bug: 624228
Change-Id: Ied8fdac4986b61db99333527b118f319d808d5c7
Reviewed-on: https://chromium-review.googlesource.com/c/1424159
Commit-Queue: ccameron <ccameron@chromium.org>
Reviewed-by: default avatarccameron <ccameron@chromium.org>
Cr-Commit-Position: refs/heads/master@{#624478}
parent 1d3dead2
Show whitespace changes
Inline Side-by-side
Showing with 9 additions and 6 deletions
chrome/browser/apps/app_shim/extension_app_shim_handler_mac.cc
View file @ add2f7a1
...@@ -114,6 +114,14 @@ bool FocusHostedAppWindows(const std::set<Browser*>& browsers) { ...@@ -114,6 +114,14 @@ bool FocusHostedAppWindows(const std::set<Browser*>& browsers) {
// - False otherwise (e.g. the shim doesn't satisfy the browser's designated // - False otherwise (e.g. the shim doesn't satisfy the browser's designated
// requirement, or the browser is an official Chrome build but unsigned). // requirement, or the browser is an official Chrome build but unsigned).
bool IsAcceptablyCodeSigned(pid_t pid) { bool IsAcceptablyCodeSigned(pid_t pid) {
// Only require signatures for official Chrome builds.
#if !defined(OFFICIAL_BUILD) || !defined(GOOGLE_CHROME_BUILD)
return true;
#endif
// TODO(https://crbug.com/624228): Re-enable signature checking when shims
// can start.
return true;
base::ScopedCFTypeRef<SecCodeRef> own_code; base::ScopedCFTypeRef<SecCodeRef> own_code;
base::ScopedCFTypeRef<SecRequirementRef> own_designated_requirement; base::ScopedCFTypeRef<SecRequirementRef> own_designated_requirement;
...@@ -128,13 +136,7 @@ bool IsAcceptablyCodeSigned(pid_t pid) { ...@@ -128,13 +136,7 @@ bool IsAcceptablyCodeSigned(pid_t pid) {
SecCodeCopyDesignatedRequirement( SecCodeCopyDesignatedRequirement(
own_code, kSecCSDefaultFlags, own_code, kSecCSDefaultFlags,
own_designated_requirement.InitializeInto()) != errSecSuccess) { own_designated_requirement.InitializeInto()) != errSecSuccess) {
#if defined(OFFICIAL_BUILD) && defined(GOOGLE_CHROME_BUILD)
// This is an official Chrome build, which should always be signed. Fail.
return false; return false;
#else
// This is some other kind of unsigned build (like a local one). Pass.
return true;
#endif
} }
base::ScopedCFTypeRef<SecCodeRef> guest_code; base::ScopedCFTypeRef<SecCodeRef> guest_code;
...@@ -639,6 +641,7 @@ void ExtensionAppShimHandler::OnExtensionEnabled( ...@@ -639,6 +641,7 @@ void ExtensionAppShimHandler::OnExtensionEnabled(
// If the connecting shim process doesn't have an acceptable code signature, // If the connecting shim process doesn't have an acceptable code signature,
// reject the connection and recreate the shim. // reject the connection and recreate the shim.
if (!IsAcceptablyCodeSigned(bootstrap->GetAppShimPid())) { if (!IsAcceptablyCodeSigned(bootstrap->GetAppShimPid())) {
LOG(WARNING) << "Attaching app shim process is not signed, regenerating.";
if (bootstrap->GetLaunchType() == APP_SHIM_LAUNCH_NORMAL) { if (bootstrap->GetLaunchType() == APP_SHIM_LAUNCH_NORMAL) {
constexpr bool recreate_shims = true; constexpr bool recreate_shims = true;
delegate_->LaunchShim(profile, extension, recreate_shims, delegate_->LaunchShim(profile, extension, recreate_shims,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment