Suppress keychain user confirmation dialog for SC API

The secure connect extension API should not show any user confirmation dialog as it's admin's responsibility to confirm it ahead of time. Disable the dialog temporarily when quering the password from Keychain. Bug: 1077078 Change-Id: I6c3426e2cd58149fa4ef74cb1a8f7c8eaab5556f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2358905Reviewed-by: Gustavo Sacomoto <sacomoto@chromium.org> Commit-Queue: Owen Min <zmin@chromium.org> Cr-Commit-Position: refs/heads/master@{#799104}

Suppress keychain user confirmation dialog for SC API
The secure connect extension API should not show any user confirmation dialog as it's admin's responsibility to confirm it ahead of time. Disable the dialog temporarily when quering the password from Keychain. Bug: 1077078 Change-Id: I6c3426e2cd58149fa4ef74cb1a8f7c8eaab5556f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2358905Reviewed-by: Gustavo Sacomoto <sacomoto@chromium.org> Commit-Queue: Owen Min <zmin@chromium.org> Cr-Commit-Position: refs/heads/master@{#799104}
f64ce534 · Owen Min · Commit Bot · d34e93e7 · f64ce534
Commit f64ce534 authored Aug 18, 2020 by Owen Min Committed by Commit Bot Aug 18, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 0 deletions

chrome/browser/extensions/api/enterprise_reporting_private/chrome_desktop_report_request_helper.cc ...reporting_private/chrome_desktop_report_request_helper.cc +28 -0

No files found.
--- a/chrome/browser/extensions/api/enterprise_reporting_private/chrome_desktop_report_request_helper.cc
+++ b/chrome/browser/extensions/api/enterprise_reporting_private/chrome_desktop_report_request_helper.cc
@@ -133,6 +133,31 @@ LONG CreateRandomSecret(std::string* secret) {
 constexpr char kServiceName[] = "Endpoint Verification Safe Storage";
 constexpr char kAccountName[] = "Endpoint Verification";

+class ScopedKeychianUserInteractionAllowed {
+ public:
+  explicit ScopedKeychianUserInteractionAllowed(Boolean allowed) {
+    status_ = SecKeychainGetUserInteractionAllowed(&was_allowed_);
+    if (status_ != noErr)
+      return;
+    if (was_allowed_ == allowed)
+      return;
+    status_ = SecKeychainSetUserInteractionAllowed(allowed);
+    needs_reset_ = true;
+  }
+
+  ~ScopedKeychianUserInteractionAllowed() {
+    if (needs_reset_)
+      SecKeychainSetUserInteractionAllowed(was_allowed_);
+  }
+
+  OSStatus status() { return status_; }
+
+ private:
+  OSStatus status_;
+  Boolean was_allowed_;
+  bool needs_reset_ = false;
+};
+
 OSStatus AddRandomPasswordToKeychain(const crypto::AppleKeychain& keychain,
                                     std::string* secret) {
  // Generate a password with 128 bits of randomness.
@@ -154,6 +179,9 @@ OSStatus ReadEncryptedSecret(std::string* password, bool force_recreate) {
  crypto::AppleKeychain keychain;
  password->clear();
  base::ScopedCFTypeRef<SecKeychainItemRef> item_ref;
+  ScopedKeychianUserInteractionAllowed user_interaction_allowed(FALSE);
+  if (user_interaction_allowed.status() != noErr)
+    return user_interaction_allowed.status();
  OSStatus status = keychain.FindGenericPassword(
      strlen(kServiceName), kServiceName, strlen(kAccountName), kAccountName,
      &password_length, &password_data, item_ref.InitializeInto());