Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(790)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc

Issue 2838423003: Make sure challenging user keys doesn't work in signin profile. (Closed)
Patch Set: Rebased Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h ('k') | chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
diff --git a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
index 2edc30d4f7e4c7b6c370e474f98817e72dc36299..11e93b83263e420dcf4df93e8d5193483b3e6e97 100644
--- a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
+++ b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc
@@ -141,7 +141,7 @@ bool EPKPChallengeKeyBase::IsEnterpriseDevice() const {
}
bool EPKPChallengeKeyBase::IsExtensionWhitelisted() const {
- if (chromeos::ProfileHelper::IsSigninProfile(profile_)) {
+ if (!chromeos::ProfileHelper::Get()->GetUserByProfile(profile_)) {
// Only allow remote attestation for apps that were force-installed on the
// login/signin screen.
// TODO(drcrash): Use a separate device-wide policy for the API.
@@ -340,7 +340,7 @@ void EPKPChallengeMachineKey::Run(
}
// Check whether the user is managed unless the signin profile is used.
- if (!chromeos::ProfileHelper::IsSigninProfile(profile_) &&
+ if (chromeos::ProfileHelper::Get()->GetUserByProfile(profile_) &&
!IsUserAffiliated()) {
callback_.Run(false, kUserNotManaged);
return;
@@ -443,6 +443,8 @@ const char EPKPChallengeUserKey::kKeyRegistrationFailedError[] =
"Key registration failed.";
const char EPKPChallengeUserKey::kUserPolicyDisabledError[] =
"Remote attestation is not enabled for your account.";
+const char EPKPChallengeUserKey::kUserKeyNotAvailable[] =
+ "User keys cannot be challenged in this profile.";
const char EPKPChallengeUserKey::kKeyName[] = "attest-ent-user";
@@ -477,6 +479,12 @@ void EPKPChallengeUserKey::Run(scoped_refptr<UIThreadExtensionFunction> caller,
profile_ = ChromeExtensionFunctionDetails(caller.get()).GetProfile();
extension_ = scoped_refptr<const Extension>(caller->extension());
+ // Check if user keys are available in this profile.
+ if (!chromeos::ProfileHelper::Get()->GetUserByProfile(profile_)) {
+ callback_.Run(false, EPKPChallengeUserKey::kUserKeyNotAvailable);
+ return;
+ }
+
// Check if RA is enabled in the user policy.
if (!IsRemoteAttestationEnabledForUser()) {
callback_.Run(false, kUserPolicyDisabledError);
« no previous file with comments | « chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h ('k') | chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698