Google Git
Sign in
chromium / chromiumos / platform / cryptohome / 921640d1f03e3746fe3dc4cdd59a4d6f765e608d
commit921640d1f03e3746fe3dc4cdd59a4d6f765e608d[log] [tgz]
authorDarren Krahn <dkrahn@chromium.org>Tue Sep 17 10:23:40 2013
committerchrome-internal-fetch <chrome-internal-fetch@google.com>Thu Sep 19 18:07:22 2013
treeedf82f5c7b5aea2db3511bbc95d4aae7b34b8b02
parent510cab8f594a2f7b667255cd938f5afb1b3637a9 [diff]
Make chaps database permissions more robust.

We have seen instances where chaps database permissions / ownership are not
right and there is no workaround short of removing the account.  Although the
root cause is not known, this CL checks all permissions and ownership before
loading a token and makes any necessary corrections, logging warnings if
corrections are necessary.  If the permissions or ownership cannot be fixed,
the token will not be loaded.

BUG=chromium:268974
TEST=unit, manual

Change-Id: Id2936753339da51ae905d044863aafa3af4ab083
Reviewed-on: https://chromium-review.googlesource.com/169750
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Commit-Queue: Darren Krahn <dkrahn@chromium.org>
Tested-by: Darren Krahn <dkrahn@chromium.org>
6 files changed
tree: edf82f5c7b5aea2db3511bbc95d4aae7b34b8b02
  1. etc/
  2. share/
  3. attestation.cc
  4. attestation.h
  5. attestation.proto
  6. attestation_task.cc
  7. attestation_task.h
  8. attestation_unittest.cc
  9. common.mk
  10. credentials.h
  11. crypto.cc
  12. crypto.h
  13. crypto_unittest.cc
  14. cryptohome-path.cc
  15. cryptohome.cc
  16. cryptohome.xml
  17. cryptohome_common.h
  18. cryptohome_event_source.cc
  19. cryptohome_event_source.h
  20. cryptohome_event_source_unittest.cc
  21. cryptohome_testrunner.cc
  22. cryptohomed.cc
  23. cryptolib.cc
  24. cryptolib.h
  25. email_to_image
  26. homedirs.cc
  27. homedirs.h
  28. homedirs_unittest.cc
  29. inherit-review-settings-ok
  30. install_attributes.cc
  31. install_attributes.h
  32. install_attributes.proto
  33. install_attributes_unittest.cc
  34. interface.cc
  35. interface.h
  36. keystore.h
  37. LICENSE
  38. lockbox-cache-main.cc
  39. lockbox-cache-tpm.cc
  40. lockbox-cache-tpm.h
  41. lockbox-cache.cc
  42. lockbox-cache.h
  43. lockbox.cc
  44. lockbox.h
  45. lockbox_unittest.cc
  46. make_tests.cc
  47. make_tests.h
  48. make_tests.sh
  49. Makefile
  50. marshal.list
  51. mock_crypto.h
  52. mock_homedirs.cc
  53. mock_homedirs.h
  54. mock_install_attributes.cc
  55. mock_install_attributes.h
  56. mock_keystore.cc
  57. mock_keystore.h
  58. mock_lockbox.cc
  59. mock_lockbox.h
  60. mock_mount.cc
  61. mock_mount.h
  62. mock_mount_factory.h
  63. mock_platform.cc
  64. mock_platform.h
  65. mock_service.cc
  66. mock_service.h
  67. mock_tpm.cc
  68. mock_tpm.h
  69. mock_user_oldest_activity_timestamp_cache.cc
  70. mock_user_oldest_activity_timestamp_cache.h
  71. mock_user_session.cc
  72. mock_user_session.h
  73. mock_vault_keyset.cc
  74. mock_vault_keyset.h
  75. mock_vault_keyset_factory.h
  76. mount-encrypted.c
  77. mount-encrypted.h
  78. mount-helpers.c
  79. mount-helpers.h
  80. mount.cc
  81. mount.h
  82. mount_factory.cc
  83. mount_factory.h
  84. mount_stack.cc
  85. mount_stack.h
  86. mount_stack_unittest.cc
  87. mount_task.cc
  88. mount_task.h
  89. mount_task_unittest.cc
  90. mount_unittest.cc
  91. OWNERS
  92. pam_mount.conf.xml
  93. pkcs11_init.cc
  94. pkcs11_init.h
  95. pkcs11_keystore.cc
  96. pkcs11_keystore.h
  97. pkcs11_keystore_unittest.cc
  98. platform.cc
  99. platform.h
  100. README
  101. README.dbus
  102. README.homedirs
  103. README.lockbox
  104. README.tpm
  105. service.cc
  106. service.h
  107. service_unittest.cc
  108. stateful_recovery.cc
  109. stateful_recovery.h
  110. stateful_recovery_unittest.cc
  111. stub_tpm.h
  112. tpm.cc
  113. tpm.h
  114. tpm_init.cc
  115. tpm_init.h
  116. tpm_status.proto
  117. user_oldest_activity_timestamp_cache.cc
  118. user_oldest_activity_timestamp_cache.h
  119. user_oldest_activity_timestamp_cache_unittest.cc
  120. user_session.cc
  121. user_session.h
  122. user_session_unittest.cc
  123. username_passkey.cc
  124. username_passkey.h
  125. username_passkey_unittest.cc
  126. vault_keyset.cc
  127. vault_keyset.h
  128. vault_keyset.proto
  129. vault_keyset_factory.cc
  130. vault_keyset_factory.h
  131. vault_keyset_unittest.cc
  132. WATCHLISTS