Prevent users from entering multi-user session if Lacros is enabled.
Currently we check if Lacros is running. But we instead want to check if Lacros is enabled. We use `IsLacrosEnableForMigration()` instead of `IsLacrosEnabled()` because we consider Lacros to be enabled in case migration failed but otherwise Lacros is enabled. Details: go/disable-lacros-in-multi-user-session. session is blocked. Bug: 1454681 Test: unit_tests, manually enable Lacros and confirm that multi-user Change-Id: I22500f015f540ba8d9c44c6effa23ad179b42561 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4613286 Reviewed-by: Hidehiko Abe <hidehiko@chromium.org> Commit-Queue: Yuta Hijikata <ythjkt@chromium.org> Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Cr-Commit-Position: refs/heads/main@{#1161558}
This commit is contained in:
Yuta Hijikata
committed by
Chromium LUCI CQ
Chromium LUCI CQ
parent
fffadbc649
commit
61562c15f7
@ -423,8 +423,8 @@ Style notes:
|
||||
<message name="IDS_ASH_STATUS_TRAY_POWER_OFF" desc="The label used for the button in the status tray to turn off the device.">
|
||||
Power off
|
||||
</message>
|
||||
<message name="IDS_ASH_STATUS_TRAY_MESSAGE_NOT_ALLOWED_LACROS" desc="The error message multiple signin is prevented because Lacros is running.">
|
||||
Signing in a second user is not supported while the Lacros browser is running. Please use a second browser profile in Lacros instead or close Lacros and try again.
|
||||
<message name="IDS_ASH_STATUS_TRAY_MESSAGE_NOT_ALLOWED_LACROS" desc="The error message multiple signin is prevented because Lacros is enabled.">
|
||||
Signing in a second user is not supported if Lacros is enabled. Please use a second browser profile in Lacros instead or disable Lacros and try again.
|
||||
</message>
|
||||
<message name="IDS_ASH_STATUS_TRAY_SIGN_IN_ANOTHER_ACCOUNT" desc="The string for the button which lets the user add another account to the current session.">
|
||||
Sign in another user...
|
||||
|
||||
@ -1 +1 @@
|
||||
fb7b7cd19f099a994a83d0a20c7efb8e9cbd4fab
|
||||
1da2c5b016f5d8b65d00a516ee46d49da1091a70
|
||||
@ -31,9 +31,8 @@ enum class AddUserSessionPolicy {
|
||||
ERROR_MAXIMUM_USERS_REACHED,
|
||||
// Disallowed multi-profile because device is locked to single user.
|
||||
ERROR_LOCKED_TO_SINGLE_USER,
|
||||
// Disallowed multi-profile because Lacros is running, launching or
|
||||
// terminating.
|
||||
ERROR_LACROS_RUNNING,
|
||||
// Disallowed multi-profile because Lacros is enabled.
|
||||
ERROR_LACROS_ENABLED,
|
||||
};
|
||||
|
||||
// Defines the cycle direction for |CycleActiveUser|.
|
||||
|
||||
@ -356,7 +356,7 @@ UserChooserView::UserChooserView(
|
||||
AddChildView(CreateAddUserErrorView(l10n_util::GetStringUTF16(
|
||||
IDS_ASH_STATUS_TRAY_MESSAGE_NOT_ALLOWED_PRIMARY_USER)));
|
||||
break;
|
||||
case AddUserSessionPolicy::ERROR_LACROS_RUNNING:
|
||||
case AddUserSessionPolicy::ERROR_LACROS_ENABLED:
|
||||
AddChildView(CreateAddUserErrorView(l10n_util::GetStringUTF16(
|
||||
IDS_ASH_STATUS_TRAY_MESSAGE_NOT_ALLOWED_LACROS)));
|
||||
break;
|
||||
|
||||
@ -265,7 +265,10 @@ void SessionControllerClientImpl::ShowMultiProfileLogin() {
|
||||
DCHECK(!UserManager::Get()->GetUsersAllowedForMultiProfile().empty());
|
||||
|
||||
// Lacros and multiprofile are mutually exclusive.
|
||||
DCHECK(!crosapi::BrowserManager::Get()->IsRunningOrWillRun());
|
||||
const auto* primary_user = UserManager::Get()->GetPrimaryUser();
|
||||
DCHECK(primary_user);
|
||||
DCHECK(!crosapi::browser_util::IsLacrosEnabledForMigration(
|
||||
primary_user, crosapi::browser_util::PolicyInitState::kAfterInit));
|
||||
|
||||
// Don't show the dialog if any logged-in user in the multi-profile session
|
||||
// dismissed it.
|
||||
@ -331,9 +334,11 @@ bool SessionControllerClientImpl::IsMultiProfileAvailable() {
|
||||
ash::SessionTerminationManager::Get()->IsLockedToSingleUser()) {
|
||||
return false;
|
||||
}
|
||||
// Multiprofile mode is not allowed when Lacros is running.
|
||||
if (crosapi::BrowserManager::Get() &&
|
||||
crosapi::BrowserManager::Get()->IsRunningOrWillRun()) {
|
||||
// Multiprofile mode is not allowed if Lacros is enabled.
|
||||
const auto* primary_user = UserManager::Get()->GetPrimaryUser();
|
||||
if (primary_user &&
|
||||
crosapi::browser_util::IsLacrosEnabledForMigration(
|
||||
primary_user, crosapi::browser_util::PolicyInitState::kAfterInit)) {
|
||||
return false;
|
||||
}
|
||||
size_t users_logged_in = UserManager::Get()->GetLoggedInUsers().size();
|
||||
@ -410,17 +415,12 @@ SessionControllerClientImpl::GetAddUserSessionPolicy() {
|
||||
return ash::AddUserSessionPolicy::ERROR_MAXIMUM_USERS_REACHED;
|
||||
}
|
||||
|
||||
// Multiprofile mode is not allowed when Lacros is running.
|
||||
if (crosapi::BrowserManager::Get()) {
|
||||
// If Lacros is the primary browser then it's functionally always running.
|
||||
if (crosapi::BrowserManager::Get()->IsRunningOrWillRun() ||
|
||||
crosapi::browser_util::IsLacrosPrimaryBrowser()) {
|
||||
return ash::AddUserSessionPolicy::ERROR_LACROS_RUNNING;
|
||||
const auto* primary_user = user_manager->GetPrimaryUser();
|
||||
if (primary_user) {
|
||||
if (crosapi::browser_util::IsLacrosEnabledForMigration(
|
||||
primary_user, crosapi::browser_util::PolicyInitState::kAfterInit)) {
|
||||
return ash::AddUserSessionPolicy::ERROR_LACROS_ENABLED;
|
||||
}
|
||||
} else {
|
||||
// If multiprofile is queried while browser manager is not set,
|
||||
// we want to make sure that this is done before any user logs in.
|
||||
DCHECK(user_manager->GetLoggedInUsers().empty());
|
||||
}
|
||||
|
||||
return ash::AddUserSessionPolicy::ALLOWED;
|
||||
|
||||
@ -8,12 +8,14 @@
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
#include "ash/constants/ash_features.h"
|
||||
#include "ash/constants/ash_pref_names.h"
|
||||
#include "base/functional/bind.h"
|
||||
#include "base/memory/ptr_util.h"
|
||||
#include "base/memory/raw_ptr.h"
|
||||
#include "base/run_loop.h"
|
||||
#include "base/strings/string_number_conversions.h"
|
||||
#include "base/test/scoped_feature_list.h"
|
||||
#include "base/time/time.h"
|
||||
#include "chrome/browser/ash/crosapi/fake_browser_manager.h"
|
||||
#include "chrome/browser/ash/login/users/fake_chrome_user_manager.h"
|
||||
@ -276,13 +278,16 @@ TEST_F(SessionControllerClientImplTest, MultiProfileDisallowedByUserPolicy) {
|
||||
EXPECT_EQ(ash::AddUserSessionPolicy::ALLOWED,
|
||||
SessionControllerClientImpl::GetAddUserSessionPolicy());
|
||||
|
||||
browser_manager_->StartRunning();
|
||||
EXPECT_EQ(ash::AddUserSessionPolicy::ERROR_LACROS_RUNNING,
|
||||
SessionControllerClientImpl::GetAddUserSessionPolicy());
|
||||
|
||||
browser_manager_->StopRunning();
|
||||
EXPECT_EQ(ash::AddUserSessionPolicy::ALLOWED,
|
||||
SessionControllerClientImpl::GetAddUserSessionPolicy());
|
||||
{
|
||||
// It should be disabled if Lacros is enabled.
|
||||
base::test::ScopedFeatureList feature_list;
|
||||
feature_list.InitWithFeatures(
|
||||
{ash::features::kLacrosSupport, ash::features::kLacrosPrimary,
|
||||
ash::features::kLacrosOnly},
|
||||
{});
|
||||
EXPECT_EQ(ash::AddUserSessionPolicy::ERROR_LACROS_ENABLED,
|
||||
SessionControllerClientImpl::GetAddUserSessionPolicy());
|
||||
}
|
||||
|
||||
user_profile->GetPrefs()->SetString(
|
||||
prefs::kMultiProfileUserBehavior,
|
||||
|
||||
Reference in New Issue
Block a user