-
Notifications
You must be signed in to change notification settings - Fork 6.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[CrOS HaTS] Fix UAF issue with HatsDialog
When switching users, the current implementation of HatsDialog always passes in the active user sessions, which may have changed since the original HaTS notification was clicked. Since the UI context that is tied to that user may no longer be available, a UAF can occur in this situation. This change checks to see if the current user is still the same user that activated the notification, ensuring that the UI context will exist before creating the dialog. It also moves the triggering logic for the HatsDialog into the HatsNotificationController. This allows the controller to properly handle the life-cycle of the dialog, and prevents the UAF issue that originally occurred. There are three different scenarios that were manually tested: 1. Normal path: The user stays logged in and sees the dialog as expected. 2. Switch path: The user clicks the notification and switches to a different account before the dialog is displayed. In this case, the dialog will not be displayed since a different user is using the device. 3. Switch back path: The user clicks the notification, switches to a different account, and then switches back to the original account before the dialog is displayed. In this case, the dialog is displayed since the original user has a valid UI context. These tests were conducted by adding a `sleep(20);` call to the beginning of `HatsDialog::GetFormattedSiteContext` to allow the tester time to manually switch between accounts. The following arguments were supplied to the built chrome binary invocation: `--login-manager --force-happiness-tracking-system --enable-features=HappinessTrackingSystem:prob/1.0/trigger_id/test` Note: This CL is not unit tested due to the current design of the class, which does not have a unittest file. A refactor would be required to add a test, which is tracked by b/232329702. LOW_COVERAGE_REASON=Only moved logic/tests, did not change tests Bug: 1320139, 1319229 Change-Id: I73b52623a47a2f63ee961326a59ae94168aff0e9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3828048 Reviewed-by: Miriam Zimmerman <mutexlox@chromium.org> Commit-Queue: Jack Shira <jackshira@google.com> Cr-Commit-Position: refs/heads/main@{#1043675}
- Loading branch information
Jack Shira
authored and
Chromium LUCI CQ
committed
Sep 6, 2022
1 parent
b4d2da1
commit 209ccf9
Showing
6 changed files
with
179 additions
and
183 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.