Google Git
Sign in
chromium / chromium / src / 4931a903f04303265bdde3bc7951dd449d9a0f9e
commit4931a903f04303265bdde3bc7951dd449d9a0f9e[log] [tgz]
authorTom Burgin <bur@chromium.org>Mon Mar 21 21:59:30 2022
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Mon Mar 21 21:59:30 2022
tree9a723fcfc60af49f91ebe4ae8da7e154c087e1bb
parent50b7b6e73b47649bfb371ed47f000e14234c6790 [diff]
Chrome on macOS: purge stale screen capture permission

If Chrome 97 or earlier was used to screen share a stale designated
requirement may be cached in the system TCC.db. This stale record can
cause issues starting with Chrome 98.0.4758.132 (extended stable),
99.0.4844.74 (stable), 100.0.4896.45 (beta), 101.0.4929.5 (dev),
101.0.4933.0 (canary). These are the first releases to be signed with
the new Developer ID certificate (https://crbug.com/1263152).

This CL will attempt to purge stale or thought to be stale screen
capture records at early startup on macOS 10.15+. See
https://crbug.com/1307502#c11 for more details.

Without the TCC reset, the checkbox in System Preferences:Security &
Privacy:Privacy:Screen Recording is wrong—it will show Chrome as
approved (checked checkbox) based on its bundle ID, but contemporary
Chromes will not match the saved designated requirement. Users looking
at the checked checkbox will see that they’ve given Chrome access, but
the system will not actually allow it access. The TCC reset revokes
Chrome’s permission based on bundle ID, so the next attempt to access
the screen will be treated the same as the initial attempt in a fresh
installation. The system will create a new entry with the updated
designated requirement on first access, the user will see an unchecked
checkbox, and by checking it, will grant Chrome access, which the
system will respect.

This doesn’t carry existing screen recording permission granted to
archaic Chromes forward to modern Chromes, but it does make it so that
the established UI flow for inspecting and granting permission works as
intended and tracks reality.

(cherry picked from commit 682276951958656e68188b004f4109b90a9ecc15)

Bug: 1307502
Change-Id: I88cf37fefc6511a9406bb8ebcab2b3e25e938e04
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3535659
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Tom Burgin <bur@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#983016}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3540053
Commit-Queue: Mark Mentovai <mark@chromium.org>
Auto-Submit: Mark Mentovai <mark@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/4951@{#24}
Cr-Branched-From: 27de6227ca357da0d57ae2c7b18da170c4651438-refs/heads/main@{#982481}
5 files changed
tree: 9a723fcfc60af49f91ebe4ae8da7e154c087e1bb
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. cloud_print/
  13. codelabs/
  14. components/
  15. content/
  16. courgette/
  17. crypto/
  18. dbus/
  19. device/
  20. docs/
  21. extensions/
  22. fuchsia/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. weblayer/
  52. .clang-format
  53. .clang-tidy
  54. .eslintrc.js
  55. .git-blame-ignore-revs
  56. .gitattributes
  57. .gitignore
  58. .gn
  59. .mailmap
  60. .rustfmt.toml
  61. .vpython
  62. .vpython3
  63. .yapfignore
  64. AUTHORS
  65. BUILD.gn
  66. CODE_OF_CONDUCT.md
  67. codereview.settings
  68. DEPS
  69. DIR_METADATA
  70. ENG_REVIEW_OWNERS
  71. LICENSE
  72. LICENSE.chromium_os
  73. OWNERS
  74. PRESUBMIT.py
  75. PRESUBMIT_test.py
  76. PRESUBMIT_test_mocks.py
  77. README.md
  78. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.