Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(664)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/api/networking_private/networking_private_api_chromeos.cc

Issue 242983004: Disable some API calls in networkingPrivate for non-primary user (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix test Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/chromeos/login/users/user_manager_impl.cc ('k') | chromeos/login/login_state.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/api/networking_private/networking_private_api_chromeos.cc
diff --git a/chrome/browser/extensions/api/networking_private/networking_private_api_chromeos.cc b/chrome/browser/extensions/api/networking_private/networking_private_api_chromeos.cc
index 81bda9eec2e36073a7b70b72fede42f2283161c2..da710548800d51dbe37ea5ac8de7578acdf93640 100644
--- a/chrome/browser/extensions/api/networking_private/networking_private_api_chromeos.cc
+++ b/chrome/browser/extensions/api/networking_private/networking_private_api_chromeos.cc
@@ -7,17 +7,16 @@
#include "base/bind.h"
#include "base/bind_helpers.h"
#include "base/callback.h"
-#include "chrome/browser/browser_process.h"
-#include "chrome/browser/browser_process_platform_part_chromeos.h"
#include "chrome/browser/chromeos/net/network_portal_detector.h"
#include "chrome/browser/chromeos/profiles/profile_helper.h"
-#include "chrome/browser/profiles/profiles_state.h"
#include "chrome/common/extensions/api/networking_private.h"
#include "chromeos/dbus/dbus_thread_manager.h"
#include "chromeos/dbus/shill_manager_client.h"
+#include "chromeos/login/login_state.h"
#include "chromeos/network/managed_network_configuration_handler.h"
#include "chromeos/network/network_connection_handler.h"
#include "chromeos/network/network_device_handler.h"
+#include "chromeos/network/network_event_log.h"
#include "chromeos/network/network_state.h"
#include "chromeos/network/network_state_handler.h"
#include "chromeos/network/network_util.h"
@@ -25,6 +24,7 @@
#include "chromeos/network/onc/onc_translator.h"
#include "chromeos/network/onc/onc_utils.h"
#include "components/onc/onc_constants.h"
+#include "content/public/browser/browser_context.h"
#include "extensions/browser/extension_function_registry.h"
namespace api = extensions::api::networking_private;
@@ -62,9 +62,20 @@ ShillManagerClient::VerificationProperties ConvertVerificationProperties(
return output;
}
-std::string GetUserIdHash(Profile* profile) {
- return g_browser_process->platform_part()->
- profile_helper()->GetUserIdHashFromProfile(profile);
+bool GetUserIdHash(content::BrowserContext* browser_context,
+ std::string* user_hash) {
+ // Currently Chrome OS only configures networks for the primary user.
+ // Configuration attempts from other browser contexts should fail.
+ // TODO(stevenjb): use an ExtensionsBrowserClient method to access
+ // ProfileHelper when moving this to src/extensions.
+ std::string current_user_hash =
+ chromeos::ProfileHelper::GetUserIdHashFromProfile(
+ static_cast<Profile*>(browser_context));
+
+ if (current_user_hash != chromeos::LoginState::Get()->primary_user_hash())
+ return false;
+ *user_hash = current_user_hash;
+ return true;
}
bool GetServicePathFromGuid(const std::string& guid,
@@ -137,7 +148,15 @@ bool NetworkingPrivateGetManagedPropertiesFunction::RunAsync() {
return false;
std::string user_id_hash;
- GetUserIdHash(GetProfile());
+ if (!GetUserIdHash(browser_context(), &user_id_hash)) {
+ // Disallow getManagedProperties from a non-primary user context to avoid
+ // complexites with the policy code.
+ NET_LOG_ERROR("getManagedProperties called from non primary user.",
+ browser_context()->GetPath().value());
+ error_ = "Error.NonPrimaryUser";
+ return false;
+ }
+
NetworkHandler::Get()->managed_network_configuration_handler()->
GetManagedProperties(
user_id_hash,
@@ -249,8 +268,15 @@ bool NetworkingPrivateCreateNetworkFunction::RunAsync() {
EXTENSION_FUNCTION_VALIDATE(params);
std::string user_id_hash;
- if (!params->shared)
- user_id_hash = GetUserIdHash(GetProfile());
+ if (!params->shared &&
+ !GetUserIdHash(browser_context(), &user_id_hash)) {
+ // Do not allow configuring a non-shared network from a non-primary user
+ // context.
+ NET_LOG_ERROR("createNetwork called from non primary user.",
+ browser_context()->GetPath().value());
+ error_ = "Error.NonPrimaryUser";
+ return false;
+ }
scoped_ptr<base::DictionaryValue> properties_dict(
params->properties.ToValue());
« no previous file with comments | « chrome/browser/chromeos/login/users/user_manager_impl.cc ('k') | chromeos/login/login_state.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698