Add a dummy entry with libsecret when initializing OSCrypt.

components/os_crypt/libsecret_util_linux.cc

Index: components/os_crypt/libsecret_util_linux.cc
diff --git a/components/os_crypt/libsecret_util_linux.cc b/components/os_crypt/libsecret_util_linux.cc
index 358bc1b57afffb2792d81ba15927d8867490939e..3c01ed05c6464b4a15fe2595a8c05885cdba257f 100644
--- a/components/os_crypt/libsecret_util_linux.cc
+++ b/components/os_crypt/libsecret_util_linux.cc
@@ -13,6 +13,21 @@
 // LibsecretLoader
 //
 
+namespace {
+
+// TODO(crbug.com/660005) A message that is attached to useless entries that we
+// create, to explain its existence.
+const char kExplanationMessage[] =
+    "Because of quirks in the gnome libsecret API, Chrome needs to store a "
+    "dummy entry to quarantee that this keyring was properly unlocked. More "
+    "details at http://crbug.com/660005.";
+
+// True if we're already ensured that the default keyring has been unlocked
+// once.
+bool s_ensured_keyring_unlocked = false;

[vasilii, 2016/10/28 12:56:06]

Are you thread-safe?
I'm not a big fan of globals. Is EnsureKeyringUnlocked called very often?
Also I'd like to protect against the cases when Keyring is locked not on
start-up but later.

[cfroussios, 2016/10/28 13:50:12]

EnsureDefaultUnlocked() is not necessary if a keyring is re-locked. The regular
calls will trigger the necessary prompt (I fixed that in
https://codereview.chromium.org/2441653002). EnsureDefaultUnlocked() is needed
specifically to address the problem where secret_service_search will ignore a
keyring if it's never opened since rebooting.

Calling EnsureDefaultUnlocked() more than once is redundant. The reason for the
s_ensured_keyring_unlocked is to reduce unnecessary interactions with libsecret.
We can do the same thing from the side of the Password Manager if you think it's
more appropriate.

[vasilii, 2016/10/28 14:17:48]

Given that you call the method only once from KeyStorageLibsecret::Init() but
many from the password manager, I'd move the flag there.

[cfroussios, 2016/10/28 14:36:39]

Done.

+
+}  // namespace
+
 decltype(
     &::secret_password_store_sync) LibsecretLoader::secret_password_store_sync;
 decltype(
@@ -113,6 +128,39 @@ bool LibsecretLoader::LibsecretIsAvailable() {
   return success;
 }
 
+// TODO(crbug.com/660005) This is needed to properly unlock the default keyring.
+// We don't need to ever read it.
+void LibsecretLoader::EnsureKeyringUnlocked() {
+  if (s_ensured_keyring_unlocked)
+    return;
+
+  VLOG(1) << "Adding dummy entry to keyring to ensure that it unlocked "
+             "properly.";

[vasilii, 2016/10/28 12:56:06]

Do you need this print on every startup?

[cfroussios, 2016/10/28 14:36:39]

Done.

+
+  const SecretSchema kDummySchema = {
+      "_chrome_dummy_schema_for_unlocking",
+      SECRET_SCHEMA_NONE,
+      {{"explanation", SECRET_SCHEMA_ATTRIBUTE_STRING},
+       {nullptr, SECRET_SCHEMA_ATTRIBUTE_STRING}}};
+
+  GError* error = nullptr;
+  bool success = LibsecretLoader::secret_password_store_sync(
+      &kDummySchema, nullptr /* default keyring */,
+      "Chrome Safe Storage Control" /* entry title */,
+      "The meaning of life" /* password */, nullptr, &error, "explanation",
+      kExplanationMessage,
+      nullptr /* null-terminated variable argument list */);
+  if (error) {
+    VLOG(1) << "Dummy store to unlock the default keyring failed: "
+            << error->message;
+    g_error_free(error);
+  } else if (!success) {
+    VLOG(1) << "Dummy store to unlock the default keyring failed.";
+  } else {
+    s_ensured_keyring_unlocked = true;
+  }
+}
+
 //
 // LibsecretAttributesBuilder
 //