Prevent ONC-pushed certificates from being used with multiprofiles.

chrome/browser/chromeos/policy/policy_cert_service.cc

Index: chrome/browser/chromeos/policy/policy_cert_service.cc
diff --git a/chrome/browser/chromeos/policy/policy_cert_service.cc b/chrome/browser/chromeos/policy/policy_cert_service.cc
index 990702d0d9c0c59fa3823e31aa352e14bc3ead86..009b6043082e705a9d8a137e1caad5ba2f5578ae 100644
--- a/chrome/browser/chromeos/policy/policy_cert_service.cc
+++ b/chrome/browser/chromeos/policy/policy_cert_service.cc
@@ -7,9 +7,9 @@
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/logging.h"
-#include "base/prefs/pref_service.h"
+#include "chrome/browser/chromeos/login/user_manager.h"
+#include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
-#include "chrome/common/pref_names.h"
 #include "content/public/browser/browser_thread.h"
 #include "net/cert/x509_certificate.h"
 
@@ -22,19 +22,20 @@ PolicyCertService::~PolicyCertService() {
 
 PolicyCertService::PolicyCertService(
     UserNetworkConfigurationUpdater* net_conf_updater,
-    PrefService* user_prefs)
+    const std::string& user_id,
+    chromeos::UserManager* user_manager)
     : cert_verifier_(NULL),
       net_conf_updater_(net_conf_updater),
-      user_prefs_(user_prefs),
+      user_id_(user_id),
+      user_manager_(user_manager),
+      has_trust_anchors_(false),
       weak_ptr_factory_(this) {
   DCHECK(net_conf_updater_);

[pneubeck (no reviews), 2013/12/17 15:25:31]

nit:
DCHECK(user_manager)

[Joao da Silva, 2013/12/17 16:36:41]

Done.

-  DCHECK(user_prefs_);
 }
 
 scoped_ptr<PolicyCertVerifier> PolicyCertService::CreatePolicyCertVerifier() {
-  base::Closure callback =
-      base::Bind(&PolicyCertService::SetUsedPolicyCertificatesOnce,
-                 weak_ptr_factory_.GetWeakPtr());
+  base::Closure callback = base::Bind(
+      &PolicyCertServiceFactory::SetUsedPolicyCertificates, user_id_);
   cert_verifier_ = new PolicyCertVerifier(
       base::Bind(base::IgnoreResult(&content::BrowserThread::PostTask),
                  content::BrowserThread::UI,
@@ -55,6 +56,19 @@ scoped_ptr<PolicyCertVerifier> PolicyCertService::CreatePolicyCertVerifier() {
 void PolicyCertService::OnTrustAnchorsChanged(
     const net::CertificateList& trust_anchors) {
   DCHECK(cert_verifier_);
+
+  // Do not use certificates installed via ONC policy if the current session has
+  // multiple profiles. This is important to make sure that any possibly tainted
+  // data is absolutely confined to the managed profile and never, ever leaks to
+  // any other profile.
+  if (user_manager_->GetLoggedInUsers().size() > 1u) {
+    LOG(ERROR) << "Ignoring ONC-pushed certificates update because multiple "
+               << "users are logged in.";
+    return;
+  }
+
+  has_trust_anchors_ = !trust_anchors.empty();
+
   // It's safe to use base::Unretained here, because it's guaranteed that
   // |cert_verifier_| outlives this object (see description of
   // CreatePolicyCertVerifier).
@@ -69,7 +83,11 @@ void PolicyCertService::OnTrustAnchorsChanged(
 }
 
 bool PolicyCertService::UsedPolicyCertificates() const {
-  return user_prefs_->GetBoolean(prefs::kUsedPolicyCertificatesOnce);
+  return PolicyCertServiceFactory::UsedPolicyCertificates(user_id_);
+}
+
+bool PolicyCertService::IsTainted() const {
+  return has_trust_anchors_ || UsedPolicyCertificates();
 }
 
 void PolicyCertService::Shutdown() {
@@ -77,11 +95,6 @@ void PolicyCertService::Shutdown() {
   net_conf_updater_->RemoveTrustedCertsObserver(this);
   OnTrustAnchorsChanged(net::CertificateList());
   net_conf_updater_ = NULL;
-  user_prefs_ = NULL;
-}
-
-void PolicyCertService::SetUsedPolicyCertificatesOnce() {
-  user_prefs_->SetBoolean(prefs::kUsedPolicyCertificatesOnce, true);
 }
 
 }  // namespace policy