Proposal to extend the chrome.enterprise.deviceAttributes API

[Pavol Marko]

Hi all,

We're proposing to extend the Chrome OS-only enterpise API chrome.enterprise.deviceAttributes.

In short: We'd like to add read-only access to the device Serial Number and administrator-set Asset ID to policy force-installed extensions on affiliated user sessions.

The full proposal is here:

https://docs.google.com/document/d/1NDt1enxSbKrbwo-BH4qgCbg2M5EWB6igkpe1le0Egk0/edit

Please let me know what you think!

Thanks,

Pavol 

[Devlin Cronin]

This LGTM (and is in review here: https://chromium-review.googlesource.com/c/chromium/src/+/876365).

+meacer@ or +estark@, mind giving this a quick once-over from a security perspective?  (I don't see anything worrisome, but just to be sure)

[Pavol Marko]

Friendly ping :-)

[Pavol Marko]

Hey all, I'd like to proceed with this extension of the deviceAttributes API tomorrow if there's no pushback.

CL: https://chromium-review.googlesource.com/c/chromium/src/+/876365

Thanks!

[Mustafa Emre Acer]

Apologies for the delay.

From a security point of view the changes (adding getters for serial number and asset ID) look okay as this will be restricted to enterprise enrolled devices.

However, you might want to get an opinion from the privacy team as well, since the serial number is a unique identifier.

--
You received this message because you are subscribed to the Google Groups "apps-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to apps-dev+unsubscribe@chromium.org.

[Pavol Marko]

Hi Mustafa,

Would you mind flipping the bit on https://bugs.chromium.org/p/chromium/issues/detail?id=813015 ?

One of the results from the privacy review was that we now have an extension api modifcation tracking bug (!= launch bug) for this.

Thanks!

[Pavol Marko]

+Thiemo +extension-api-reviews as per new contents of https://chromium.googlesource.com/chromium/src/+/master/extensions/docs/new_api_proposal.md .