[PM-7486] Detect Libsecret Service

[MGibson1]

Type of change

- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

We currently rely on a libsecret provider to store user-account secrets on linux. Auth tokens were moved to Secure storage if available with #7975, but this expands our dependencies to include something that provides libsecret without explicitly listing it.

This PR gracefully degrade request token storage to disk when OS-sponsored storage is unavailable.

Draft reason

Still vetting dbus and likely need build environment updates to ensure dbus headers are available to them.

Code changes

• desktop_native: add a osSupportsSecuredStorage that syncronously indicates whether or not the host operating system supports encrypted disk storage.
  • windows/mac: this is built into the OS and so is always true
  • linux: Attempts to get an unlabeled password. Empirically, missing libsecret provider results in an Err response and indicates that the OS is not set up for user account encrypted storage.
• electron platform utils service / main: use the new native interface to deterine whether or not the OS supports secure storage. This interface was already in place on TokenService
• desktop-credential-listener / preload: We specifically want sync IPC in this case because the result is important for service initialization.

Before you submit

• Please add unit tests where it makes sense to do so (encouraged but not required)
• If this change requires a documentation update - notify the documentation team
• If this change has particular deployment requirements - notify the DevOps team
• Ensure that all UI additions follow WCAG AA requirements

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 8 lines in your changes are missing coverage. Please review.

Project coverage is 27.65%. Comparing base (7f207d2) to head (a0bffc2).

Files	Patch %	Lines
apps/desktop/src/app/services/services.module.ts	0.00%	3 Missing ⚠️
...atform/main/desktop-credential-storage-listener.ts	0.00%	2 Missing ⚠️
apps/desktop/src/main.ts	0.00%	1 Missing ⚠️
apps/desktop/src/platform/preload.ts	0.00%	1 Missing ⚠️
...atform/services/electron-platform-utils.service.ts	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8776      +/-   ##
==========================================
- Coverage   27.65%   27.65%   -0.01%     
==========================================
  Files        2376     2376              
  Lines       69193    69196       +3     
  Branches    12950    12950              
==========================================
  Hits        19133    19133              
- Misses      48624    48627       +3     
  Partials     1436     1436              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Checkmarx One – Scan Summary & Details – 7bcf52ca-829f-4da3-baf1-9d2d3b570566

No New Or Fixed Issues Found

[MGibson1]

Looking in to linker issue with desktop native module build

[bwdil]

@MGibson1 the commits in this PR are not signed.

[MGibson1]

@bwdil thanks for the heads up! That's a catch-22 of sorts. It's because to replicate the issue I was forced to work on a system that didn't have my typical secret service set up.

[MGibson1]

signed commits

[bwdil]

I do not see any risk by simply querying dbus names and searching for org.freedesktop.secrets which is similar to performing the following:

dbus-send --session --dest=org.freedesktop.DBus --type=method_call --print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames | grep 'org.freedesktop.secrets'

Result
string "org.freedesktop.secrets"

However, what we do after the query matters, so I reviewed the zbus project and tested the logic in your code, which produces the expected results (you know what you're doing and the approach is good).

I would note that the zbus project doesn't have any information regarding the handling of security vulnerabilities in SECURITY.md at https://github.com/dbus2/zbus/security

And since we're using zbus API to essentially broker the validation of libsecret provider on a host where we need to securely store secrets, we want to make sure that the maintainer is security conscious.

[bwdil]

I'd note too that zbus api does not provide any assurances on what comes back from the message bus, so I think we are just trusting that org.freedesktop.secrets belongs to org.freedesktop.DBus if this is the only gate before we hand deliver secrets, then I would be concerned that using a string value from the message bus could be spoofed.

[MGibson1]

I agree with what you're saying except for

trusting that org.freedesktop.secrets belongs to org.freedesktop.DBus

We actually have no expectation that the DBus service has anything to do with what is providing the secrets service. What we're trusting is that the machine we're running on does not have a bad actor running a service as a libsecret provider.

At that point, though, we're just taking issue with the way an OS's secure storage works -- which is fine and we've done before -- but the alternative in this case is to store the access tokens and refresh tokens in plaintext to a well-known location on disk. Without handling some form of PAM listening service ourselves I don't currently know a better way to do it. Even then, validating the receiving end of IPC is roughly impossible without a trusted intermediary hosting/validating both services.

[Hinton]

LGTM, not sure if we need to be so verbose about the naming, and the rust module doesn't currently convery a secure storage concept. Imho from the module scope perspective it would be better to convey that the passwords module is supported or not.

[Hinton]

We could probably shorten this and just call it osSupport or enabled.

[MGibson1]

went with osSupport. Everything is namespaced to passwords, so I quite liked that readability