Migrate Libsecret for OSCrypt to a new schema

components/os_crypt/key_storage_libsecret.cc

Index: components/os_crypt/key_storage_libsecret.cc
diff --git a/components/os_crypt/key_storage_libsecret.cc b/components/os_crypt/key_storage_libsecret.cc
index 2250775de6dd44b320501dddd349dd8a09d4b6ef..9a1ef72f4ba80498f0a06b8c00caedeed6285097 100644
--- a/components/os_crypt/key_storage_libsecret.cc
+++ b/components/os_crypt/key_storage_libsecret.cc
@@ -11,42 +11,54 @@
 
 namespace {
 
-const SecretSchema kKeystoreSchema = {
+const SecretSchema kDeprecatedSchema = {

[Lei Zhang, 2016/08/26 21:33:56]

Let's call this kKeystoreSchemaV1. (and add a comment to say deprecated in M55)
Name the new schema kKeystoreSchemaV2, because if we ever deprecate V2, we don't
want to have to name a schema kTheOtherDeprecatedSchema.

[cfroussios, 2016/08/29 09:58:42]

Done.

     "chrome_libsecret_os_crypt_password",
     SECRET_SCHEMA_NONE,
     {
         {nullptr, SECRET_SCHEMA_ATTRIBUTE_STRING},
     }};
 
+const SecretSchema kSchema = {
+    "chrome_libsecret_keyring_os_crypt_password",
+    SECRET_SCHEMA_DONT_MATCH_NAME,
+    {
+        {"application", SECRET_SCHEMA_ATTRIBUTE_STRING},
+        {nullptr, SECRET_SCHEMA_ATTRIBUTE_STRING},
+    }};
+
 }  // namespace
 
 std::string KeyStorageLibsecret::AddRandomPasswordInLibsecret() {
   std::string password;
   base::Base64Encode(base::RandBytesAsString(16), &password);
   GError* error = nullptr;
-  LibsecretLoader::secret_password_store_sync(
-      &kKeystoreSchema, nullptr, KeyStorageLinux::kKey, password.c_str(),
-      nullptr, &error, nullptr);
-
-  if (error) {
+  bool success = LibsecretLoader::secret_password_store_sync(
+      &kSchema, nullptr, KeyStorageLinux::kKey, password.c_str(), nullptr,
+      &error, "application", "chrome", nullptr);
+  if (error || !success) {
     VLOG(1) << "Libsecret lookup failed: " << error->message;
     return std::string();
   }
+
+  VLOG(1) << "OSCrypt generated a new password.";
   return password;
 }
 
 std::string KeyStorageLibsecret::GetKey() {
   GError* error = nullptr;
   LibsecretAttributesBuilder attrs;
+  attrs.Append("application", "chrome");
   SecretValue* password_libsecret = LibsecretLoader::secret_service_lookup_sync(
-      nullptr, &kKeystoreSchema, attrs.Get(), nullptr, &error);
-
+      nullptr, &kSchema, attrs.Get(), nullptr, &error);
   if (error) {
     VLOG(1) << "Libsecret lookup failed: " << error->message;
     g_error_free(error);
     return std::string();
   }
   if (!password_libsecret) {
+    std::string password = Migrate();
+    if (!password.empty())
+      return password;
     return AddRandomPasswordInLibsecret();
   }
   std::string password(
@@ -58,3 +70,34 @@ std::string KeyStorageLibsecret::GetKey() {
 bool KeyStorageLibsecret::Init() {
   return LibsecretLoader::EnsureLibsecretLoaded();
 }
+
+std::string KeyStorageLibsecret::Migrate() {
+  GError* error = nullptr;
+  LibsecretAttributesBuilder attrs;
+
+  // Detect old entry.
+  SecretValue* password_libsecret = LibsecretLoader::secret_service_lookup_sync(
+      nullptr, &kDeprecatedSchema, attrs.Get(), nullptr, &error);
+  if (error || !password_libsecret)
+    return std::string();
+
+  VLOG(1) << "OSCrypt detected a deprecated password in Libsecret.";
+  std::string password(
+      LibsecretLoader::secret_value_get_text(password_libsecret));
+
+  // Create new entry.
+  bool success = LibsecretLoader::secret_password_store_sync(
+      &kSchema, nullptr, KeyStorageLinux::kKey, password.c_str(), nullptr,
+      &error, "application", "chrome", nullptr);
+  if (error || !success)
+    return std::string();
+
+  // Delete old entry.
+  success = LibsecretLoader::secret_password_clear_sync(
+      &kDeprecatedSchema, nullptr, &error, nullptr);
+  // Even if deletion failed, we have to use the password that we created.

[Lei Zhang, 2016/08/26 21:33:56]

Move this to between lines 95-96.

[cfroussios, 2016/08/29 09:58:42]

Done.

+
+  VLOG(1) << "OSCrypt migrated from deprecated password.";
+
+  return password;
+}