Merge lp://qastaging/~mterry/unity8/tablet-security into lp://qastaging/unity8

Proposed by Michael Terry
Status: Merged
Approved by: Michael Zanetti
Approved revision: 1278
Merged at revision: 1350
Proposed branch: lp://qastaging/~mterry/unity8/tablet-security
Merge into: lp://qastaging/unity8
Diff against target: 917 lines (+518/-75)
9 files modified
qml/Greeter/Greeter.qml (+13/-1)
qml/Greeter/GreeterContent.qml (+12/-0)
qml/Greeter/LoginList.qml (+19/-6)
qml/Shell.qml (+74/-40)
tests/qmltests/CMakeLists.txt (+1/-0)
tests/qmltests/Greeter/tst_MultiGreeter.qml (+2/-2)
tests/qmltests/tst_Shell.qml (+1/-0)
tests/qmltests/tst_ShellWithPin.qml (+107/-26)
tests/qmltests/tst_TabletShell.qml (+289/-0)
To merge this branch: bzr merge lp://qastaging/~mterry/unity8/tablet-security
Reviewer Review Type Date Requested Status
PS Jenkins bot (community) continuous-integration Needs Fixing
Michael Zanetti (community) Approve
Unity Team Pending
Review via email: mp+234219@code.qastaging.launchpad.net

Commit message

Fix some security issues with the tablet greeter, which allowed the lockscreen to be bypassed. (LP: #1367715)

Recent greeter fixes for phone mode did not fully take the tablet scenario into account. This branch does three main things:

1) Rename fakeActiveForApp because it is nothing but confusing. I renamed the variable itself to lockedApp and added a new variable hasLockedApp, which is infinitely clearer than fakeActiveForApp !== "", which is what we used to use. Since that is a very security-sensitive variable, I figured it's best to be clear.

2) Closed a security bug where if the user could plug in a phone showing the emergency dialer to a bigger screen, thus switching to tablet mode, they could get access to other apps.

3) Closed a security bug where the tablet lockscreen could be left-swiped away.

4) Closed a security bug where the tablet would unlock itself if you launched an app from the indicators or launcher. Now it just focuses the prompt field (much like how the phone shows the lockscreen pin pad).

Description of the change

Fix some security issues with the tablet greeter, which allowed the lockscreen to be bypassed. (LP: #1367715)

Recent greeter fixes for phone mode did not fully take the tablet scenario into account. This branch does four main things:

1) Rename fakeActiveForApp because it is nothing but confusing. I renamed the variable itself to lockedApp and added a new variable hasLockedApp, which is infinitely clearer than fakeActiveForApp !== "", which is what we used to use. Since that is a very security-sensitive variable, I figured it's best to be clear.

2) Closed a security bug where if the user could plug in a phone showing the emergency dialer to a bigger screen, thus switching to tablet mode, they could get access to other apps.

3) Closed a security bug where the tablet lockscreen could be left-swiped away.

4) Closed a security bug where the tablet would unlock itself if you launched an app from the indicators or launcher. Now it just focuses the prompt field (much like how the phone shows the lockscreen pin pad).

This whole branch has really brought home how much the lockscreen/greeter interactions need to be tied more closely together and abstracted. Having them strewn throughout Shell.qml is error-prone and adds a lot of logic to the "master file" that I'd rather have in isolated qml files.

Ideally we'd have one bundled "Greeter" object that would expose a clear API to Shell.qml and would just "do the right thing" regardless of tablet, phone-with-pin, phone-with-passphrase, and phone-with-swipe.

But that's a bigger project for another day.

== Checklist ==

 * Are there any related MPs required for this MP to build/function as expected? Please list.
 No

 * Did you perform an exploratory manual test run of your code change and any related functionality?
 Yes

 * Did you make sure that your branch does not contain spurious tags?
 Yes

 * If you changed the packaging (debian), did you subscribe the ubuntu-unity team to this MP?
 NA

 * If you changed the UI, has there been a design review?
 NA

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :
review: Needs Fixing (continuous-integration)
Revision history for this message
MichaƂ Sawicz (saviq) wrote :

Think we could get some tests confirming these behaviours?

Revision history for this message
Michael Terry (mterry) wrote :

Yeah, fair. Will work on that.

Revision history for this message
Michael Terry (mterry) wrote :

OK, tests added, review away.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :
review: Needs Fixing (continuous-integration)
1267. By Michael Terry

Make ShellWithPin tests more reliable by waiting for rendering

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :
review: Needs Fixing (continuous-integration)
1268. By Michael Terry

Make ShellWithPin tests more reliable

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :
review: Needs Fixing (continuous-integration)
Revision history for this message
Albert Astals Cid (aacid) wrote :

Text conflict in qml/Shell.qml
1 conflicts encountered.

1269. By Michael Terry

Merge from trunk

Revision history for this message
Michael Terry (mterry) wrote :

Merged from trunk.

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :
review: Needs Fixing (continuous-integration)
1270. By Michael Terry

Merge from trunk

1271. By Michael Terry

Fix tests

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :
review: Needs Fixing (continuous-integration)
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :
review: Needs Fixing (continuous-integration)
1272. By Michael Terry

Fix MultiGreeter qmluitest

Revision history for this message
Albert Astals Cid (aacid) wrote :

Text conflict in qml/Shell.qml
1 conflicts encountered.

1273. By Michael Terry

Merge from trunk

Revision history for this message
Michael Terry (mterry) wrote :

Merged from trunk

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :
review: Needs Fixing (continuous-integration)
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :
review: Needs Fixing (continuous-integration)
Revision history for this message
Michael Zanetti (mzanetti) wrote :

hmm... running tryTabletShell I can still unlock it by doing a left edge swipe...

Also see one inline comment.

testing it on the phone seems to behave as expected

review: Needs Fixing
Revision history for this message
Michael Terry (mterry) wrote :

Replied inline to your comment, will look at tryTabletShell.

1274. By Michael Terry

Merge from trunk

1275. By Michael Terry

Prevent dash logins in tablet mode

Revision history for this message
Michael Terry (mterry) wrote :

OK, fixed the left-drag-unlock for locked users! Whoops, that was the result of a bad merge.

1276. By Michael Terry

Make password login test a little more reliable

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :
review: Needs Fixing (continuous-integration)
1277. By Michael Terry

expand comments

1278. By Michael Terry

Add wait(500) to properly test leftEdgeDrag

Revision history for this message
Michael Zanetti (mzanetti) wrote :

 * Did you perform an exploratory manual test run of the code change and any related functionality?

yes

 * Did CI run pass? If not, please explain why.

seems dead currently :/

 * Did you make sure that the branch does not contain spurious tags?

yes

review: Approve
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :
review: Needs Fixing (continuous-integration)
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :
review: Needs Fixing (continuous-integration)
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :
review: Needs Fixing (continuous-integration)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches