[dbsc] Handle transient cryptographic signing errors [chromium/src : main]

0 views
Skip to first unread message

gwsq (Gerrit)

unread,
10:41 AM (4 hours ago) 10:41 AM
to Jan Wilken Dörrie, Chromium IPC Reviews, Antonio Sartori, Alex Rudenko, Alex Ilin, Chromium LUCI CQ, Chromium Metrics Reviews, android-bu...@system.gserviceaccount.com, blink-re...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org, devtools...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org, asvitkine...@chromium.org
Attention needed from Alex Ilin, Alex Rudenko, Antonio Sartori and Jan Wilken Dörrie

Message from gwsq

From googleclient/chrome/chromium_gwsq/ipc/config.gwsq:
IPC: antonio...@chromium.org

📎 It looks like you’re making a possibly security-sensitive change! 📎 IPC security review isn’t a rubberstamp, so your friendly security reviewer will need a fair amount of context to review your CL effectively. Please review your CL description and code comments to make sure they provide context for someone unfamiliar with your project/area. Pay special attention to where data comes from and which processes it flows between (and their privilege levels). Feel free to point your security reviewer at design docs, bugs, or other links if you can’t reasonably make a self-contained CL description. (Also see https://cbea.ms/git-commit/).

IPC reviewer(s): antonio...@chromium.org


Reviewer source(s):
antonio...@chromium.org is from context(googleclient/chrome/chromium_gwsq/ipc/config.gwsq)

Open in Gerrit

Related details

Attention is currently required from:
  • Alex Ilin
  • Alex Rudenko
  • Antonio Sartori
  • Jan Wilken Dörrie
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement is not satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I54c6db1338e222ff39ee7b06efb226bb6a6a6964
Gerrit-Change-Number: 7807641
Gerrit-PatchSet: 12
Gerrit-Owner: Jan Wilken Dörrie <jdoe...@chromium.org>
Gerrit-Reviewer: Alex Ilin <alex...@chromium.org>
Gerrit-Reviewer: Alex Rudenko <alexr...@chromium.org>
Gerrit-Reviewer: Antonio Sartori <antonio...@chromium.org>
Gerrit-Reviewer: Jan Wilken Dörrie <jdoe...@chromium.org>
Gerrit-CC: Chromium IPC Reviews <chrome-ip...@google.com>
Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
Gerrit-CC: gwsq
Gerrit-Attention: Alex Ilin <alex...@chromium.org>
Gerrit-Attention: Jan Wilken Dörrie <jdoe...@chromium.org>
Gerrit-Attention: Alex Rudenko <alexr...@chromium.org>
Gerrit-Attention: Antonio Sartori <antonio...@chromium.org>
Gerrit-Comment-Date: Tue, 05 May 2026 14:40:39 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

Alex Rudenko (Gerrit)

unread,
11:12 AM (3 hours ago) 11:12 AM
to Jan Wilken Dörrie, Chromium IPC Reviews, Antonio Sartori, Alex Ilin, Chromium LUCI CQ, Chromium Metrics Reviews, android-bu...@system.gserviceaccount.com, blink-re...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org, devtools...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org, asvitkine...@chromium.org
Attention needed from Alex Ilin, Antonio Sartori and Jan Wilken Dörrie

Alex Rudenko voted and added 1 comment

Votes added by Alex Rudenko

Code-Review+1

1 comment

Patchset-level comments
File-level comment, Patchset 13 (Latest):
Alex Rudenko . resolved

devtools lgtm

Open in Gerrit

Related details

Attention is currently required from:
  • Alex Ilin
  • Antonio Sartori
  • Jan Wilken Dörrie
    Submit Requirements:
      • requirement satisfiedCode-Coverage
      • requirement is not satisfiedCode-Owners
      • requirement satisfiedCode-Review
      • requirement satisfiedReview-Enforcement
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: comment
      Gerrit-Project: chromium/src
      Gerrit-Branch: main
      Gerrit-Change-Id: I54c6db1338e222ff39ee7b06efb226bb6a6a6964
      Gerrit-Change-Number: 7807641
      Gerrit-PatchSet: 13
      Gerrit-Owner: Jan Wilken Dörrie <jdoe...@chromium.org>
      Gerrit-Reviewer: Alex Ilin <alex...@chromium.org>
      Gerrit-Reviewer: Alex Rudenko <alexr...@chromium.org>
      Gerrit-Reviewer: Antonio Sartori <antonio...@chromium.org>
      Gerrit-Reviewer: Jan Wilken Dörrie <jdoe...@chromium.org>
      Gerrit-CC: Chromium IPC Reviews <chrome-ip...@google.com>
      Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
      Gerrit-CC: gwsq
      Gerrit-Attention: Alex Ilin <alex...@chromium.org>
      Gerrit-Attention: Jan Wilken Dörrie <jdoe...@chromium.org>
      Gerrit-Attention: Antonio Sartori <antonio...@chromium.org>
      Gerrit-Comment-Date: Tue, 05 May 2026 15:12:37 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: Yes
      satisfied_requirement
      unsatisfied_requirement
      open
      diffy

      Antonio Sartori (Gerrit)

      unread,
      11:23 AM (3 hours ago) 11:23 AM
      to Jan Wilken Dörrie, Alex Rudenko, Chromium IPC Reviews, Alex Ilin, Chromium LUCI CQ, Chromium Metrics Reviews, android-bu...@system.gserviceaccount.com, blink-re...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org, devtools...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org, asvitkine...@chromium.org
      Attention needed from Alex Ilin and Jan Wilken Dörrie

      Antonio Sartori voted and added 1 comment

      Votes added by Antonio Sartori

      Code-Review+1

      1 comment

      Patchset-level comments
      Antonio Sartori . resolved

      mojo LGTM

      Open in Gerrit

      Related details

      Attention is currently required from:
      • Alex Ilin
      • Jan Wilken Dörrie
      Gerrit-Comment-Date: Tue, 05 May 2026 15:23:12 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: Yes
      satisfied_requirement
      unsatisfied_requirement
      open
      diffy

      Alex Ilin (Gerrit)

      unread,
      1:00 PM (1 hour ago) 1:00 PM
      to Jan Wilken Dörrie, Alex Ilin, Antonio Sartori, Alex Rudenko, Chromium IPC Reviews, Chromium LUCI CQ, Chromium Metrics Reviews, android-bu...@system.gserviceaccount.com, blink-re...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org, devtools...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org, asvitkine...@chromium.org
      Attention needed from Jan Wilken Dörrie

      Alex Ilin voted and added 3 comments

      Votes added by Alex Ilin

      Code-Review+1

      3 comments

      Patchset-level comments
      File-level comment, Patchset 14 (Latest):
      Alex Ilin . resolved

      LGTM % remaining comments

      File net/device_bound_sessions/registration_fetcher_unittest.cc
      Line 1883, Patchset 14 (Parent): base::unexpected(unexportable_keys::ServiceError::kCryptoApiFailed)));
      Alex Ilin . unresolved

      Do we still need to update these tests? It looks like we could keep them as is and make them test persistent errors.

      File net/device_bound_sessions/session_service_impl.cc
      Line 1189, Patchset 14 (Latest): if (refresh_result == RefreshResult::kFatalError) {
      Alex Ilin . unresolved

      Hmm, is it guaranteed that a session should be deleted only if `error.GetRefreshResult()` returns `kFatalError`?

      It'd be nice to add a session_error_unittest.cc verifying this invariant.

      `error.GetRefreshResult() != kFatalError` -> `!error.GetDeletionReason().has_value()`

      Alternatively, I'd be fine with keeping the existing code structure:

      ```
                    SessionError::ErrorType error_type = error.type;
                      if (std::optional<DeletionReason> deletion_reason =
                              error.GetDeletionReason();
                          deletion_reason.has_value()) {
                        DeleteSessionAndNotify(*deletion_reason, session_key,
                                               on_access_callback);
                        UnblockDeferredRequests(session_key,
                          error.GetRefreshResult().value_or(RefreshResult::kFatalError),
                          std::move(error));
                      } else {
                        // can be moved outside of the "else" block
                        UnblockDeferredRequests(session_key, 
                          error.GetRefreshResult().value_or(RefreshResult::kUnreachable),
                          std::move(error));
                      }
      ```
      Open in Gerrit

      Related details

      Attention is currently required from:
      • Jan Wilken Dörrie
      Submit Requirements:
      • requirement satisfiedCode-Coverage
      • requirement satisfiedCode-Owners
      • requirement satisfiedCode-Review
      • requirement is not satisfiedNo-Unresolved-Comments
      • requirement satisfiedReview-Enforcement
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: comment
      Gerrit-Project: chromium/src
      Gerrit-Branch: main
      Gerrit-Change-Id: I54c6db1338e222ff39ee7b06efb226bb6a6a6964
      Gerrit-Change-Number: 7807641
      Gerrit-PatchSet: 14
      Gerrit-Owner: Jan Wilken Dörrie <jdoe...@chromium.org>
      Gerrit-Reviewer: Alex Ilin <alex...@chromium.org>
      Gerrit-Reviewer: Alex Rudenko <alexr...@chromium.org>
      Gerrit-Reviewer: Antonio Sartori <antonio...@chromium.org>
      Gerrit-Reviewer: Jan Wilken Dörrie <jdoe...@chromium.org>
      Gerrit-CC: Chromium IPC Reviews <chrome-ip...@google.com>
      Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
      Gerrit-CC: gwsq
      Gerrit-Attention: Jan Wilken Dörrie <jdoe...@chromium.org>
      Gerrit-Comment-Date: Tue, 05 May 2026 17:00:29 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: Yes
      satisfied_requirement
      unsatisfied_requirement
      open
      diffy

      Jan Wilken Dörrie (Gerrit)

      unread,
      2:10 PM (5 minutes ago) 2:10 PM
      to Alex Ilin, Antonio Sartori, Alex Rudenko, Chromium IPC Reviews, Chromium LUCI CQ, Chromium Metrics Reviews, android-bu...@system.gserviceaccount.com, blink-re...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org, devtools...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org, asvitkine...@chromium.org

      Jan Wilken Dörrie added 3 comments

      File net/device_bound_sessions/registration_fetcher_unittest.cc
      Line 1883, Patchset 14 (Parent): base::unexpected(unexportable_keys::ServiceError::kCryptoApiFailed)));
      Alex Ilin . resolved

      Do we still need to update these tests? It looks like we could keep them as is and make them test persistent errors.

      Jan Wilken Dörrie

      Done

      File net/device_bound_sessions/session_service_impl.cc
      Line 1189, Patchset 14: if (refresh_result == RefreshResult::kFatalError) {
      Alex Ilin . resolved

      Hmm, is it guaranteed that a session should be deleted only if `error.GetRefreshResult()` returns `kFatalError`?

      It'd be nice to add a session_error_unittest.cc verifying this invariant.

      `error.GetRefreshResult() != kFatalError` -> `!error.GetDeletionReason().has_value()`

      Alternatively, I'd be fine with keeping the existing code structure:

      ```
                    SessionError::ErrorType error_type = error.type;
                      if (std::optional<DeletionReason> deletion_reason =
                              error.GetDeletionReason();
                          deletion_reason.has_value()) {
                        DeleteSessionAndNotify(*deletion_reason, session_key,
                                               on_access_callback);
                        UnblockDeferredRequests(session_key,
                          error.GetRefreshResult().value_or(RefreshResult::kFatalError),
                          std::move(error));
                      } else {
                        // can be moved outside of the "else" block
                        UnblockDeferredRequests(session_key, 
                          error.GetRefreshResult().value_or(RefreshResult::kUnreachable),
                          std::move(error));
                      }
      ```
      Jan Wilken Dörrie

      Good point, I kept the existing structure now.

      File net/device_bound_sessions/session_service_impl_unittest.cc
      Line 2196, Patchset 14: base::unexpected(unexportable_keys::ServiceError::kKeyNotReady));
      Jan Wilken Dörrie . resolved

      FYI, I changed this test, because kKeyNotReady is now a transient error and the session does not get deleted.

      Open in Gerrit

      Related details

      Attention set is empty
      Submit Requirements:
        • requirement satisfiedCode-Coverage
        • requirement satisfiedCode-Owners
        • requirement satisfiedCode-Review
        • requirement satisfiedReview-Enforcement
        Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
        Gerrit-MessageType: comment
        Gerrit-Project: chromium/src
        Gerrit-Branch: main
        Gerrit-Change-Id: I54c6db1338e222ff39ee7b06efb226bb6a6a6964
        Gerrit-Change-Number: 7807641
        Gerrit-PatchSet: 16
        Gerrit-Owner: Jan Wilken Dörrie <jdoe...@chromium.org>
        Gerrit-Reviewer: Alex Ilin <alex...@chromium.org>
        Gerrit-Reviewer: Alex Rudenko <alexr...@chromium.org>
        Gerrit-Reviewer: Antonio Sartori <antonio...@chromium.org>
        Gerrit-Reviewer: Jan Wilken Dörrie <jdoe...@chromium.org>
        Gerrit-CC: Chromium IPC Reviews <chrome-ip...@google.com>
        Gerrit-CC: Chromium Metrics Reviews <chromium-met...@google.com>
        Gerrit-CC: gwsq
        Gerrit-Comment-Date: Tue, 05 May 2026 18:10:33 +0000
        Gerrit-HasComments: Yes
        Gerrit-Has-Labels: No
        Comment-In-Reply-To: Alex Ilin <alex...@chromium.org>
        satisfied_requirement
        open
        diffy

        Jan Wilken Dörrie (Gerrit)

        unread,
        2:10 PM (5 minutes ago) 2:10 PM
        to Alex Ilin, Antonio Sartori, Alex Rudenko, Chromium IPC Reviews, Chromium LUCI CQ, Chromium Metrics Reviews, android-bu...@system.gserviceaccount.com, blink-re...@chromium.org, blink-...@chromium.org, devtools-re...@chromium.org, devtools...@chromium.org, net-r...@chromium.org, network-ser...@chromium.org, asvitkine...@chromium.org

        Jan Wilken Dörrie voted Commit-Queue+2

        Commit-Queue+2
        Gerrit-Comment-Date: Tue, 05 May 2026 18:10:42 +0000
        Gerrit-HasComments: No
        Gerrit-Has-Labels: Yes
        satisfied_requirement
        open
        diffy
        Reply all
        Reply to author
        Forward
        0 new messages