[crd host][linux] Match login usernames in daemon process [chromium/src : main]

0 views
Skip to first unread message

Yuwei Huang (Gerrit)

unread,
Feb 12, 2026, 7:21:14 PM (9 days ago) Feb 12
to Joe Downing, Lambros Lambrou, Chromium LUCI CQ, chromium...@chromium.org, chromotin...@chromium.org, ipc-securi...@chromium.org
Attention needed from Joe Downing

Yuwei Huang voted and added 1 comment

Votes added by Yuwei Huang

Commit-Queue+1

1 comment

Patchset-level comments
File-level comment, Patchset 4 (Latest):
Yuwei Huang . resolved

PTAL thanks!

Open in Gerrit

Related details

Attention is currently required from:
  • Joe Downing
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement is not satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I0a01ce06643417e8c4ee6ec3fbd9d4fe2bbce3bb
Gerrit-Change-Number: 7573022
Gerrit-PatchSet: 4
Gerrit-Owner: Yuwei Huang <yuw...@chromium.org>
Gerrit-Reviewer: Joe Downing <joe...@chromium.org>
Gerrit-Reviewer: Yuwei Huang <yuw...@chromium.org>
Gerrit-CC: Lambros Lambrou <lambros...@chromium.org>
Gerrit-Attention: Joe Downing <joe...@chromium.org>
Gerrit-Comment-Date: Fri, 13 Feb 2026 00:21:00 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
satisfied_requirement
unsatisfied_requirement
open
diffy

Joe Downing (Gerrit)

unread,
Feb 13, 2026, 1:32:17 PM (8 days ago) Feb 13
to Yuwei Huang, Lambros Lambrou, Chromium LUCI CQ, chromium...@chromium.org, chromotin...@chromium.org, ipc-securi...@chromium.org
Attention needed from Yuwei Huang

Joe Downing added 2 comments

File remoting/host/base/desktop_environment_options.h
Line 80, Patchset 5 (Latest): std::vector<std::string>& allowed_login_usernames();
const std::vector<std::string>& allowed_login_usernames() const;
Joe Downing . unresolved

I don't think this belongs here. This feels like a policy related field rather than a behavior.

File remoting/host/linux/desktop_session_factory_linux.cc
Line 57, Patchset 5 (Latest): const std::vector<std::string>& allowed_login_usernames,
Joe Downing . unresolved

I think this should just be 'required_username' or 'username' which, if empty means no policy is set (or you can use std::optional if you want instead of empty).

The gist is that if the 'MatchUsername' policy is set, it is reasonable to assume that this is an enterprise configuration and it is reasonable to expect that the usernames in the host config (and from the initial heartbeat) will match but potentially have different domains due to the Gaia dependency.

IMO it would be cleaner to provide a single username which is used for injecting or reconnecting to a Desktop process and there isn't a use case where the username will vary (unless it's empty and the host has no policy set).

Open in Gerrit

Related details

Attention is currently required from:
  • Yuwei Huang
Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement is not satisfiedCode-Owners
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I0a01ce06643417e8c4ee6ec3fbd9d4fe2bbce3bb
    Gerrit-Change-Number: 7573022
    Gerrit-PatchSet: 5
    Gerrit-Owner: Yuwei Huang <yuw...@chromium.org>
    Gerrit-Reviewer: Joe Downing <joe...@chromium.org>
    Gerrit-Reviewer: Yuwei Huang <yuw...@chromium.org>
    Gerrit-CC: Lambros Lambrou <lambros...@chromium.org>
    Gerrit-Attention: Yuwei Huang <yuw...@chromium.org>
    Gerrit-Comment-Date: Fri, 13 Feb 2026 18:32:08 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Yuwei Huang (Gerrit)

    unread,
    Feb 13, 2026, 7:35:57 PM (8 days ago) Feb 13
    to Joe Downing, Lambros Lambrou, Chromium LUCI CQ, chromium...@chromium.org, chromotin...@chromium.org, ipc-securi...@chromium.org
    Attention needed from Joe Downing

    Yuwei Huang voted and added 3 comments

    Votes added by Yuwei Huang

    Commit-Queue+1

    3 comments

    Patchset-level comments
    File-level comment, Patchset 7:
    Yuwei Huang . resolved

    I just rewrote this CL to hook into `OnUpdateHostOwner()`. PTAL!

    File remoting/host/base/desktop_environment_options.h
    Line 80, Patchset 5: std::vector<std::string>& allowed_login_usernames();

    const std::vector<std::string>& allowed_login_usernames() const;
    Joe Downing . resolved

    I don't think this belongs here. This feels like a policy related field rather than a behavior.

    Yuwei Huang

    Done

    File remoting/host/linux/desktop_session_factory_linux.cc
    Line 57, Patchset 5: const std::vector<std::string>& allowed_login_usernames,
    Joe Downing . resolved

    I think this should just be 'required_username' or 'username' which, if empty means no policy is set (or you can use std::optional if you want instead of empty).

    The gist is that if the 'MatchUsername' policy is set, it is reasonable to assume that this is an enterprise configuration and it is reasonable to expect that the usernames in the host config (and from the initial heartbeat) will match but potentially have different domains due to the Gaia dependency.

    IMO it would be cleaner to provide a single username which is used for injecting or reconnecting to a Desktop process and there isn't a use case where the username will vary (unless it's empty and the host has no policy set).

    Yuwei Huang

    Done

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Joe Downing
    Submit Requirements:
      • requirement satisfiedCode-Coverage
      • requirement is not satisfiedCode-Owners
      • requirement is not satisfiedCode-Review
      • requirement is not satisfiedReview-Enforcement
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: comment
      Gerrit-Project: chromium/src
      Gerrit-Branch: main
      Gerrit-Change-Id: I0a01ce06643417e8c4ee6ec3fbd9d4fe2bbce3bb
      Gerrit-Change-Number: 7573022
      Gerrit-PatchSet: 8
      Gerrit-Owner: Yuwei Huang <yuw...@chromium.org>
      Gerrit-Reviewer: Joe Downing <joe...@chromium.org>
      Gerrit-Reviewer: Yuwei Huang <yuw...@chromium.org>
      Gerrit-CC: Lambros Lambrou <lambros...@chromium.org>
      Gerrit-Attention: Joe Downing <joe...@chromium.org>
      Gerrit-Comment-Date: Sat, 14 Feb 2026 00:35:51 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: Yes
      Comment-In-Reply-To: Joe Downing <joe...@chromium.org>
      satisfied_requirement
      unsatisfied_requirement
      open
      diffy

      Joe Downing (Gerrit)

      unread,
      Feb 17, 2026, 12:32:13 PM (4 days ago) Feb 17
      to Yuwei Huang, Lambros Lambrou, Chromium LUCI CQ, chromium...@chromium.org, chromotin...@chromium.org, ipc-securi...@chromium.org
      Attention needed from Yuwei Huang

      Joe Downing added 4 comments

      Patchset-level comments
      File-level comment, Patchset 10 (Latest):
      Joe Downing . resolved

      looks way better to me but I have one question about however username is provide.

      File remoting/host/linux/desktop_session_factory_linux.cc
      Line 285, Patchset 10 (Latest): required_username_ = username;
      Joe Downing . unresolved

      You only need to set this value once per network process lifetime so I think it would be good to pass it in when a desktop session is created however if that isn't feasible, then maybe check it here to ensure it doesn't change.

      Line 440, Patchset 10 (Latest): // it is ready, so we just return true here.
      Joe Downing . unresolved

      Did you want to return true here to match the comment? :)

      File remoting/host/mojom/desktop_session.mojom
      Line 258, Patchset 10 (Latest): SetRequiredUsername(string username);
      Joe Downing . unresolved

      Could this be a param in CreateDesktopSession? I think the gist is that the username will not change during the lifetime of the network process so it should be known at start-up and the value could be provided when the desktop session is created.

      Open in Gerrit

      Related details

      Attention is currently required from:
      • Yuwei Huang
      Submit Requirements:
        • requirement satisfiedCode-Coverage
        • requirement is not satisfiedCode-Owners
        • requirement is not satisfiedCode-Review
        • requirement is not satisfiedNo-Unresolved-Comments
        • requirement is not satisfiedReview-Enforcement
        Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
        Gerrit-MessageType: comment
        Gerrit-Project: chromium/src
        Gerrit-Branch: main
        Gerrit-Change-Id: I0a01ce06643417e8c4ee6ec3fbd9d4fe2bbce3bb
        Gerrit-Change-Number: 7573022
        Gerrit-PatchSet: 10
        Gerrit-Owner: Yuwei Huang <yuw...@chromium.org>
        Gerrit-Reviewer: Joe Downing <joe...@chromium.org>
        Gerrit-Reviewer: Yuwei Huang <yuw...@chromium.org>
        Gerrit-CC: Lambros Lambrou <lambros...@chromium.org>
        Gerrit-Attention: Yuwei Huang <yuw...@chromium.org>
        Gerrit-Comment-Date: Tue, 17 Feb 2026 17:32:07 +0000
        Gerrit-HasComments: Yes
        Gerrit-Has-Labels: No
        satisfied_requirement
        unsatisfied_requirement
        open
        diffy

        Yuwei Huang (Gerrit)

        unread,
        Feb 17, 2026, 4:52:30 PM (4 days ago) Feb 17
        to Joe Downing, Lambros Lambrou, Chromium LUCI CQ, chromium...@chromium.org, chromotin...@chromium.org, ipc-securi...@chromium.org
        Attention needed from Joe Downing

        Yuwei Huang added 4 comments

        Patchset-level comments
        File remoting/host/linux/desktop_session_factory_linux.cc
        Line 285, Patchset 10: required_username_ = username;
        Joe Downing . resolved

        You only need to set this value once per network process lifetime so I think it would be good to pass it in when a desktop session is created however if that isn't feasible, then maybe check it here to ensure it doesn't change.

        Yuwei Huang

        Done

        Line 440, Patchset 10: // it is ready, so we just return true here.
        Joe Downing . resolved

        Did you want to return true here to match the comment? :)

        Yuwei Huang

        Oops... Done!

        File remoting/host/mojom/desktop_session.mojom
        Line 258, Patchset 10: SetRequiredUsername(string username);
        Joe Downing . resolved

        Could this be a param in CreateDesktopSession? I think the gist is that the username will not change during the lifetime of the network process so it should be known at start-up and the value could be provided when the desktop session is created.

        Yuwei Huang

        Done

        Open in Gerrit

        Related details

        Attention is currently required from:
        • Joe Downing
        Submit Requirements:
          • requirement satisfiedCode-Coverage
          • requirement is not satisfiedCode-Owners
          • requirement is not satisfiedCode-Review
          • requirement is not satisfiedReview-Enforcement
          Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
          Gerrit-MessageType: comment
          Gerrit-Project: chromium/src
          Gerrit-Branch: main
          Gerrit-Change-Id: I0a01ce06643417e8c4ee6ec3fbd9d4fe2bbce3bb
          Gerrit-Change-Number: 7573022
          Gerrit-PatchSet: 12
          Gerrit-Owner: Yuwei Huang <yuw...@chromium.org>
          Gerrit-Reviewer: Joe Downing <joe...@chromium.org>
          Gerrit-Reviewer: Yuwei Huang <yuw...@chromium.org>
          Gerrit-CC: Lambros Lambrou <lambros...@chromium.org>
          Gerrit-Attention: Joe Downing <joe...@chromium.org>
          Gerrit-Comment-Date: Tue, 17 Feb 2026 21:52:23 +0000
          Gerrit-HasComments: Yes
          Gerrit-Has-Labels: No
          Comment-In-Reply-To: Joe Downing <joe...@chromium.org>
          satisfied_requirement
          unsatisfied_requirement
          open
          diffy

          Joe Downing (Gerrit)

          unread,
          Feb 17, 2026, 5:33:01 PM (4 days ago) Feb 17
          to Yuwei Huang, Lambros Lambrou, Chromium LUCI CQ, chromium...@chromium.org, chromotin...@chromium.org, ipc-securi...@chromium.org
          Attention needed from Yuwei Huang

          Joe Downing voted Code-Review+1

          Code-Review+1
          Open in Gerrit

          Related details

          Attention is currently required from:
          • Yuwei Huang
          Submit Requirements:
            • requirement satisfiedCode-Coverage
            • requirement is not satisfiedCode-Owners
            • requirement satisfiedCode-Review
            • requirement satisfiedReview-Enforcement
            Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
            Gerrit-MessageType: comment
            Gerrit-Project: chromium/src
            Gerrit-Branch: main
            Gerrit-Change-Id: I0a01ce06643417e8c4ee6ec3fbd9d4fe2bbce3bb
            Gerrit-Change-Number: 7573022
            Gerrit-PatchSet: 13
            Gerrit-Owner: Yuwei Huang <yuw...@chromium.org>
            Gerrit-Reviewer: Joe Downing <joe...@chromium.org>
            Gerrit-Reviewer: Yuwei Huang <yuw...@chromium.org>
            Gerrit-CC: Lambros Lambrou <lambros...@chromium.org>
            Gerrit-Attention: Yuwei Huang <yuw...@chromium.org>
            Gerrit-Comment-Date: Tue, 17 Feb 2026 22:32:55 +0000
            Gerrit-HasComments: No
            Gerrit-Has-Labels: Yes
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Yuwei Huang (Gerrit)

            unread,
            Feb 17, 2026, 5:35:13 PM (4 days ago) Feb 17
            to Chromium IPC Reviews, Joe Downing, Lambros Lambrou, Chromium LUCI CQ, chromium...@chromium.org, chromotin...@chromium.org, ipc-securi...@chromium.org
            Attention needed from Chromium IPC Reviews

            Yuwei Huang added 1 comment

            Patchset-level comments
            File-level comment, Patchset 13 (Latest):
            Yuwei Huang . resolved

            Thanks! Adding IPC reviewer.

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Chromium IPC Reviews
            Submit Requirements:
            • requirement satisfiedCode-Coverage
            • requirement is not satisfiedCode-Owners
            • requirement satisfiedCode-Review
            • requirement satisfiedReview-Enforcement
            Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
            Gerrit-MessageType: comment
            Gerrit-Project: chromium/src
            Gerrit-Branch: main
            Gerrit-Change-Id: I0a01ce06643417e8c4ee6ec3fbd9d4fe2bbce3bb
            Gerrit-Change-Number: 7573022
            Gerrit-PatchSet: 13
            Gerrit-Owner: Yuwei Huang <yuw...@chromium.org>
            Gerrit-Reviewer: Chromium IPC Reviews <chrome-ip...@google.com>
            Gerrit-Reviewer: Joe Downing <joe...@chromium.org>
            Gerrit-Reviewer: Yuwei Huang <yuw...@chromium.org>
            Gerrit-CC: Lambros Lambrou <lambros...@chromium.org>
            Gerrit-Attention: Chromium IPC Reviews <chrome-ip...@google.com>
            Gerrit-Comment-Date: Tue, 17 Feb 2026 22:35:07 +0000
            Gerrit-HasComments: Yes
            Gerrit-Has-Labels: No
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            gwsq (Gerrit)

            unread,
            Feb 17, 2026, 5:37:24 PM (4 days ago) Feb 17
            to Yuwei Huang, Chromium IPC Reviews, Alex Gough, Joe Downing, Lambros Lambrou, Chromium LUCI CQ, chromium...@chromium.org, chromotin...@chromium.org, ipc-securi...@chromium.org
            Attention needed from Alex Gough

            Message from gwsq

            From googleclient/chrome/chromium_gwsq/ipc/config.gwsq:
            IPC: aj...@chromium.org

            📎 It looks like you’re making a possibly security-sensitive change! 📎 IPC security review isn’t a rubberstamp, so your friendly security reviewer will need a fair amount of context to review your CL effectively. Please review your CL description and code comments to make sure they provide context for someone unfamiliar with your project/area. Pay special attention to where data comes from and which processes it flows between (and their privilege levels). Feel free to point your security reviewer at design docs, bugs, or other links if you can’t reasonably make a self-contained CL description. (Also see https://cbea.ms/git-commit/).

            IPC reviewer(s): aj...@chromium.org


            Reviewer source(s):
            aj...@chromium.org is from context(googleclient/chrome/chromium_gwsq/ipc/config.gwsq)

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Alex Gough
            Submit Requirements:
            • requirement satisfiedCode-Coverage
            • requirement is not satisfiedCode-Owners
            • requirement satisfiedCode-Review
            • requirement satisfiedReview-Enforcement
            Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
            Gerrit-MessageType: comment
            Gerrit-Project: chromium/src
            Gerrit-Branch: main
            Gerrit-Change-Id: I0a01ce06643417e8c4ee6ec3fbd9d4fe2bbce3bb
            Gerrit-Change-Number: 7573022
            Gerrit-PatchSet: 13
            Gerrit-Owner: Yuwei Huang <yuw...@chromium.org>
            Gerrit-Reviewer: Alex Gough <aj...@chromium.org>
            Gerrit-Reviewer: Joe Downing <joe...@chromium.org>
            Gerrit-Reviewer: Yuwei Huang <yuw...@chromium.org>
            Gerrit-CC: Chromium IPC Reviews <chrome-ip...@google.com>
            Gerrit-CC: Lambros Lambrou <lambros...@chromium.org>
            Gerrit-CC: gwsq
            Gerrit-Attention: Alex Gough <aj...@chromium.org>
            Gerrit-Comment-Date: Tue, 17 Feb 2026 22:37:15 +0000
            Gerrit-HasComments: No
            Gerrit-Has-Labels: No
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Alex Gough (Gerrit)

            unread,
            Feb 17, 2026, 5:39:59 PM (4 days ago) Feb 17
            to Yuwei Huang, Alex Gough, Chromium IPC Reviews, Joe Downing, Lambros Lambrou, Chromium LUCI CQ, chromium...@chromium.org, chromotin...@chromium.org, ipc-securi...@chromium.org
            Attention needed from Yuwei Huang

            Alex Gough voted and added 2 comments

            Votes added by Alex Gough

            Code-Review+1

            2 comments

            Patchset-level comments
            Alex Gough . resolved

            lgtm mojom

            File remoting/host/mojom/desktop_session.mojom
            Line 241, Patchset 13 (Latest): // If non-empty, the login user of the desktop session must match `username`.
            Alex Gough . unresolved

            you could use an optional here `string?` but up to you

            Open in Gerrit

            Related details

            Attention is currently required from:
            • Yuwei Huang
            Submit Requirements:
            • requirement satisfiedCode-Coverage
            • requirement satisfiedCode-Owners
            • requirement satisfiedCode-Review
            • requirement is not satisfiedNo-Unresolved-Comments
            • requirement satisfiedReview-Enforcement
            Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
            Gerrit-MessageType: comment
            Gerrit-Project: chromium/src
            Gerrit-Branch: main
            Gerrit-Change-Id: I0a01ce06643417e8c4ee6ec3fbd9d4fe2bbce3bb
            Gerrit-Change-Number: 7573022
            Gerrit-PatchSet: 13
            Gerrit-Owner: Yuwei Huang <yuw...@chromium.org>
            Gerrit-Reviewer: Alex Gough <aj...@chromium.org>
            Gerrit-Reviewer: Joe Downing <joe...@chromium.org>
            Gerrit-Reviewer: Yuwei Huang <yuw...@chromium.org>
            Gerrit-CC: Chromium IPC Reviews <chrome-ip...@google.com>
            Gerrit-CC: Lambros Lambrou <lambros...@chromium.org>
            Gerrit-CC: gwsq
            Gerrit-Attention: Yuwei Huang <yuw...@chromium.org>
            Gerrit-Comment-Date: Tue, 17 Feb 2026 22:39:52 +0000
            Gerrit-HasComments: Yes
            Gerrit-Has-Labels: Yes
            satisfied_requirement
            unsatisfied_requirement
            open
            diffy

            Yuwei Huang (Gerrit)

            unread,
            Feb 17, 2026, 6:20:28 PM (4 days ago) Feb 17
            to Alex Gough, Chromium IPC Reviews, Joe Downing, Lambros Lambrou, Chromium LUCI CQ, chromium...@chromium.org, chromotin...@chromium.org, ipc-securi...@chromium.org

            Yuwei Huang voted and added 2 comments

            Votes added by Yuwei Huang

            Commit-Queue+2

            2 comments

            Patchset-level comments
            Yuwei Huang . resolved

            Thanks!

            File remoting/host/mojom/desktop_session.mojom
            Line 241, Patchset 13 (Latest): // If non-empty, the login user of the desktop session must match `username`.
            Alex Gough . resolved

            you could use an optional here `string?` but up to you

            Yuwei Huang

            Yeah, I considered this, but we use an empty string for this value everywhere else, so it seems more consistent to just use that.

            Open in Gerrit

            Related details

            Attention set is empty
            Submit Requirements:
              • requirement satisfiedCode-Coverage
              • requirement satisfiedCode-Owners
              • requirement satisfiedCode-Review
              • requirement satisfiedReview-Enforcement
              Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
              Gerrit-MessageType: comment
              Gerrit-Project: chromium/src
              Gerrit-Branch: main
              Gerrit-Change-Id: I0a01ce06643417e8c4ee6ec3fbd9d4fe2bbce3bb
              Gerrit-Change-Number: 7573022
              Gerrit-PatchSet: 13
              Gerrit-Owner: Yuwei Huang <yuw...@chromium.org>
              Gerrit-Reviewer: Alex Gough <aj...@chromium.org>
              Gerrit-Reviewer: Joe Downing <joe...@chromium.org>
              Gerrit-Reviewer: Yuwei Huang <yuw...@chromium.org>
              Gerrit-CC: Chromium IPC Reviews <chrome-ip...@google.com>
              Gerrit-CC: Lambros Lambrou <lambros...@chromium.org>
              Gerrit-CC: gwsq
              Gerrit-Comment-Date: Tue, 17 Feb 2026 23:20:18 +0000
              Gerrit-HasComments: Yes
              Gerrit-Has-Labels: Yes
              Comment-In-Reply-To: Alex Gough <aj...@chromium.org>
              satisfied_requirement
              open
              diffy

              Chromium LUCI CQ (Gerrit)

              unread,
              Feb 17, 2026, 6:38:53 PM (4 days ago) Feb 17
              to Yuwei Huang, Alex Gough, Chromium IPC Reviews, Joe Downing, Lambros Lambrou, chromium...@chromium.org, chromotin...@chromium.org, ipc-securi...@chromium.org

              Chromium LUCI CQ submitted the change

              Change information

              Commit message:
              [crd host][linux] Match login usernames in daemon process

              Similar to the PAM check, we cannot enforce the username match policy on
              the network process since the username would always be `_crd_network`.
              This CL fixes this by having the network process pass the required
              username to the daemon process, so that the daemon process can enforce
              the policy. This may also allow us to enforce the username match policy
              on Windows at some point.

              The login username will be checked whenever the host owner username is
              known, changed, or a new desktop session is created. It will not be
              checked for greeter sessions, since the greeter session will be run as a
              system user (e.g. `Debian-gdm`) that is generally not the host owner.
              Bug: 475611769
              Change-Id: I0a01ce06643417e8c4ee6ec3fbd9d4fe2bbce3bb
              Reviewed-by: Alex Gough <aj...@chromium.org>
              Commit-Queue: Yuwei Huang <yuw...@chromium.org>
              Reviewed-by: Joe Downing <joe...@chromium.org>
              Cr-Commit-Position: refs/heads/main@{#1586052}
              Files:
              • M remoting/host/daemon_process.cc
              • M remoting/host/daemon_process.h
              • M remoting/host/daemon_process_linux.cc
              • M remoting/host/daemon_process_unittest.cc
              • M remoting/host/daemon_process_win.cc
              • M remoting/host/desktop_session_connector.h
              • M remoting/host/desktop_session_win.cc
              • M remoting/host/desktop_session_win.h
              • M remoting/host/ipc_desktop_environment.cc
              • M remoting/host/ipc_desktop_environment.h
              • M remoting/host/ipc_desktop_environment_unittest.cc
              • M remoting/host/linux/desktop_session_factory_linux.cc
              • M remoting/host/linux/desktop_session_factory_linux.h
              • M remoting/host/mojom/desktop_session.mojom
              • M remoting/host/remoting_me2me_host.cc
              Change size: L
              Delta: 15 files changed, 190 insertions(+), 68 deletions(-)
              Branch: refs/heads/main
              Submit Requirements:
              • requirement satisfiedCode-Review: +1 by Joe Downing, +1 by Alex Gough
              Open in Gerrit
              Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
              Gerrit-MessageType: merged
              Gerrit-Project: chromium/src
              Gerrit-Branch: main
              Gerrit-Change-Id: I0a01ce06643417e8c4ee6ec3fbd9d4fe2bbce3bb
              Gerrit-Change-Number: 7573022
              Gerrit-PatchSet: 14
              Gerrit-Owner: Yuwei Huang <yuw...@chromium.org>
              Gerrit-Reviewer: Alex Gough <aj...@chromium.org>
              Gerrit-Reviewer: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>
              Gerrit-Reviewer: Joe Downing <joe...@chromium.org>
              Gerrit-Reviewer: Yuwei Huang <yuw...@chromium.org>
              Gerrit-CC: Chromium IPC Reviews <chrome-ip...@google.com>
              open
              diffy
              satisfied_requirement
              Reply all
              Reply to author
              Forward
              0 new messages