-
Notifications
You must be signed in to change notification settings - Fork 6.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bruschetta: Enable security key forwarding on lacros
Currently messages for gnubbyd from the VM flow like this: VM -> cicerone -> ash::VmSKForwardingServiceProvider -> ash::guest_os::VmSKForwardingNativeMessageHost -> forwarding extension -> gnubbyd With this CL the flow is now: VM -> cicerone -> ash::VmSKForwardingServiceProvider -> guest_os::GuestOsSkForwarder -> crosapi mojo link to lacros -> guest_os::VmSkForwardingService -> guest_os::VmSKForwardingNativeMessageHost -> forwarding extension -> gnubbyd Additionally, some plumbing is required to establish the mojo connection. This flows in the opposite direction: guest_os::VmSkForwardingService -> crosapi::GuestOsSkForwarderFactoryAsh -> guest_os::GuestOsSkForwarder To support both lacros-only and lacros-disabled, guest_os::GuestOsSkForwarder will pass the message either to the old code path or the new, depending on the lacros enabled state. This unfortunately means the code in VmSKForwardingNativeMessageHost is duplicated temporarily, but the copy in ash can be removed once running without lacros is no longer supported. Bug: b:295083119 Change-Id: I3a0137af150e9fe787f4bce17b0a4a622bf6371e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4944758 Reviewed-by: Stefan Kuhne <skuhne@chromium.org> Reviewed-by: Nic Hollingum <hollingum@google.com> Reviewed-by: Sergey Ulanov <sergeyu@chromium.org> Reviewed-by: Emil Mikulic <easy@google.com> Commit-Queue: Fergus Dall <sidereal@google.com> Cr-Commit-Position: refs/heads/main@{#1212501}
- Loading branch information
1 parent
79fcc6c
commit 0277cfa
Showing
29 changed files
with
721 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
34 changes: 34 additions & 0 deletions
34
chrome/browser/ash/crosapi/guest_os_sk_forwarder_factory_ash.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
// Copyright 2023 The Chromium Authors | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include "chrome/browser/ash/crosapi/guest_os_sk_forwarder_factory_ash.h" | ||
|
||
#include "chrome/browser/ash/guest_os/public/guest_os_service.h" | ||
#include "chrome/browser/profiles/profile_manager.h" | ||
|
||
namespace crosapi { | ||
|
||
GuestOsSkForwarderFactoryAsh::GuestOsSkForwarderFactoryAsh() | ||
: receiver_(this) {} | ||
|
||
GuestOsSkForwarderFactoryAsh::~GuestOsSkForwarderFactoryAsh() = default; | ||
|
||
void GuestOsSkForwarderFactoryAsh::BindReceiver( | ||
mojo::PendingReceiver<mojom::GuestOsSkForwarderFactory> receiver) { | ||
receiver_.reset(); | ||
receiver_.Bind(std::move(receiver)); | ||
} | ||
|
||
void GuestOsSkForwarderFactoryAsh::BindGuestOsSkForwarder( | ||
mojo::PendingRemote<mojom::GuestOsSkForwarder> remote) { | ||
Profile* profile = ProfileManager::GetPrimaryUserProfile(); | ||
|
||
auto* service = guest_os::GuestOsService::GetForProfile(profile); | ||
|
||
if (service) { | ||
service->SkForwarder()->BindCrosapiRemote(std::move(remote)); | ||
} | ||
} | ||
|
||
} // namespace crosapi |
32 changes: 32 additions & 0 deletions
32
chrome/browser/ash/crosapi/guest_os_sk_forwarder_factory_ash.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
// Copyright 2023 The Chromium Authors | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#ifndef CHROME_BROWSER_ASH_CROSAPI_GUEST_OS_SK_FORWARDER_FACTORY_ASH_H_ | ||
#define CHROME_BROWSER_ASH_CROSAPI_GUEST_OS_SK_FORWARDER_FACTORY_ASH_H_ | ||
|
||
#include "chromeos/crosapi/mojom/guest_os_sk_forwarder.mojom.h" | ||
#include "mojo/public/cpp/bindings/pending_remote.h" | ||
#include "mojo/public/cpp/bindings/receiver.h" | ||
|
||
namespace crosapi { | ||
class GuestOsSkForwarderFactoryAsh : public mojom::GuestOsSkForwarderFactory { | ||
public: | ||
GuestOsSkForwarderFactoryAsh(); | ||
GuestOsSkForwarderFactoryAsh(const GuestOsSkForwarderFactoryAsh&) = delete; | ||
GuestOsSkForwarderFactoryAsh& operator=(const GuestOsSkForwarderFactoryAsh&) = | ||
delete; | ||
~GuestOsSkForwarderFactoryAsh() override; | ||
|
||
void BindReceiver( | ||
mojo::PendingReceiver<mojom::GuestOsSkForwarderFactory> receiver); | ||
|
||
void BindGuestOsSkForwarder( | ||
mojo::PendingRemote<mojom::GuestOsSkForwarder> remote) override; | ||
|
||
private: | ||
mojo::Receiver<mojom::GuestOsSkForwarderFactory> receiver_; | ||
}; | ||
} // namespace crosapi | ||
|
||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
43 changes: 43 additions & 0 deletions
43
chrome/browser/ash/guest_os/public/guest_os_sk_forwarder.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
// Copyright 2023 The Chromium Authors | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#include "chrome/browser/ash/guest_os/public/guest_os_sk_forwarder.h" | ||
|
||
#include "chrome/browser/ash/crosapi/browser_util.h" | ||
#include "chrome/browser/ash/guest_os/vm_sk_forwarding_native_message_host.h" | ||
#include "mojo/public/cpp/bindings/callback_helpers.h" | ||
|
||
namespace guest_os { | ||
|
||
GuestOsSkForwarder::GuestOsSkForwarder() = default; | ||
GuestOsSkForwarder::~GuestOsSkForwarder() = default; | ||
|
||
void GuestOsSkForwarder::BindCrosapiRemote( | ||
mojo::PendingRemote<crosapi::mojom::GuestOsSkForwarder> remote) { | ||
remote_.reset(); | ||
remote_.Bind(std::move(remote)); | ||
} | ||
|
||
void GuestOsSkForwarder::DeliverMessageToSKForwardingExtension( | ||
Profile* profile, | ||
const std::string& json_message, | ||
crosapi::mojom::GuestOsSkForwarder::ForwardRequestCallback callback) { | ||
// Signal errors or non-response with an empty string. | ||
callback = | ||
mojo::WrapCallbackWithDefaultInvokeIfNotRun(std::move(callback), ""); | ||
|
||
if (crosapi::browser_util::IsLacrosEnabled()) { | ||
if (remote_.is_bound() && remote_.is_connected()) { | ||
remote_->ForwardRequest(json_message, std::move(callback)); | ||
} | ||
} else { | ||
// TODO(b/306296365) Once we require lacros, remove this branch and the ash | ||
// copy of VmSKForwardingNativeMessageHost | ||
ash::guest_os::VmSKForwardingNativeMessageHost:: | ||
DeliverMessageToSKForwardingExtension(profile, json_message, | ||
std::move(callback)); | ||
} | ||
} | ||
|
||
} // namespace guest_os |
40 changes: 40 additions & 0 deletions
40
chrome/browser/ash/guest_os/public/guest_os_sk_forwarder.h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
// Copyright 2023 The Chromium Authors | ||
// Use of this source code is governed by a BSD-style license that can be | ||
// found in the LICENSE file. | ||
|
||
#ifndef CHROME_BROWSER_ASH_GUEST_OS_PUBLIC_GUEST_OS_SK_FORWARDER_H_ | ||
#define CHROME_BROWSER_ASH_GUEST_OS_PUBLIC_GUEST_OS_SK_FORWARDER_H_ | ||
|
||
#include <string> | ||
|
||
#include "chromeos/crosapi/mojom/guest_os_sk_forwarder.mojom.h" | ||
#include "mojo/public/cpp/bindings/pending_remote.h" | ||
#include "mojo/public/cpp/bindings/remote.h" | ||
|
||
class Profile; | ||
|
||
namespace guest_os { | ||
|
||
class GuestOsSkForwarder { | ||
public: | ||
GuestOsSkForwarder(); | ||
~GuestOsSkForwarder(); | ||
|
||
GuestOsSkForwarder(const GuestOsSkForwarder&) = delete; | ||
GuestOsSkForwarder& operator=(const GuestOsSkForwarder&) = delete; | ||
|
||
void DeliverMessageToSKForwardingExtension( | ||
Profile* profile, | ||
const std::string& json_message, | ||
crosapi::mojom::GuestOsSkForwarder::ForwardRequestCallback); | ||
|
||
void BindCrosapiRemote( | ||
mojo::PendingRemote<crosapi::mojom::GuestOsSkForwarder> remote); | ||
|
||
private: | ||
mojo::Remote<crosapi::mojom::GuestOsSkForwarder> remote_; | ||
}; | ||
|
||
} // namespace guest_os | ||
|
||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.