ChromeOS support: ChromeOS tables (add chromeos to existing table: screenlock, new table: system_state) (#12358)

2024-11-06 08:55:24 +00:00 · 2023-06-26 11:18:12 -07:00 · 2023-06-26 11:18:12 -07:00 · 044935b02f
commit 044935b02f
parent 792e9c7cd1
7 changed files with 744 additions and 1700 deletions
--- a/ee/fleetd-chrome/src/db.ts
+++ b/ee/fleetd-chrome/src/db.ts
@ -9,7 +9,9 @@ import TableNetworkInterfaces from "./tables/network_interfaces";
 import TableOsqueryInfo from "./tables/osquery_info";
 import TableOSVersion from "./tables/os_version";
 import TablePrivacyPreferences from "./tables/privacy_preferences";
+import TableScreenLock from "./tables/screenlock";
 import TableSystemInfo from "./tables/system_info";
+import TableSystemState from "./tables/system_state";
 import TableUsers from "./tables/users";

 export default class VirtualDatabase {
@ -32,12 +34,14 @@ export default class VirtualDatabase {
      db,
      new TableNetworkInterfaces(sqlite3, db)
    );
-    VirtualDatabase.register(sqlite3, db, new TableSystemInfo(sqlite3, db));
    VirtualDatabase.register(
      sqlite3,
      db,
      new TablePrivacyPreferences(sqlite3, db)
    );
+    VirtualDatabase.register(sqlite3, db, new TableScreenLock(sqlite3, db));
+    VirtualDatabase.register(sqlite3, db, new TableSystemInfo(sqlite3, db));
+    VirtualDatabase.register(sqlite3, db, new TableSystemState(sqlite3, db));
    VirtualDatabase.register(sqlite3, db, new TableOSVersion(sqlite3, db));
    VirtualDatabase.register(sqlite3, db, new TableOsqueryInfo(sqlite3, db));
    VirtualDatabase.register(sqlite3, db, new TableUsers(sqlite3, db));
--- a/ee/fleetd-chrome/src/manifest.json
+++ b/ee/fleetd-chrome/src/manifest.json
@ -27,6 +27,7 @@
    "history",
    "identity",
    "identity.email",
+    "idle",
    "loginState",
    "management",
    "privacy",
--- a/ee/fleetd-chrome/src/tables/screenlock.ts
+++ b/ee/fleetd-chrome/src/tables/screenlock.ts
@ -0,0 +1,18 @@
+import Table from "./Table";
+
+export default class TableScreenLock extends Table {
+  name = "screenlock";
+  columns = ["enabled", "grace_period"];
+
+  async generate() {
+    const delay = (await new Promise((resolve) =>
+      chrome.idle.getAutoLockDelay(resolve)
+    )) as number;
+
+    // Converts Chrome response to match Osquery's macOS screenlock schema
+    const enabled = delay > 0 ? 1 : 0;
+    const gracePeriod = delay > 0 ? delay : -1;
+
+    return [{ enabled, grace_period: gracePeriod }];
+  }
+}
--- a/ee/fleetd-chrome/src/tables/system_state.ts
+++ b/ee/fleetd-chrome/src/tables/system_state.ts
@ -0,0 +1,21 @@
+import Table from "./Table";
+
+export default class TableSystemState extends Table {
+  name = "system_state";
+  columns = ["idle_state"];
+
+  async generate() {
+    const autoLockDelay = (await new Promise((resolve) =>
+      chrome.idle.getAutoLockDelay(resolve)
+    )) as number;
+
+    // Idle time is set to 20% of the user's autolock time or defaults to 30 seconds
+    const idleStateDelay = autoLockDelay > 0 ? 0.2 * autoLockDelay : 30;
+
+    const idleState = (await new Promise((resolve) =>
+      chrome.idle.queryState(idleStateDelay, resolve)
+    )) as string;
+
+    return [{ idle_state: idleState }];
+  }
+}
--- a/schema/osquery_fleet_schema.json
+++ b/schema/osquery_fleet_schema.json
--- a/schema/tables/screenlock.yml
+++ b/schema/tables/screenlock.yml
@ -1,7 +1,9 @@
 name: screenlock
-description: >- 
-  macOS screenlock status
-notes: >- 
-  - Only fetches results for osquery's current logged-in user context. If osquery is running as root, this table will return no results. 
-  
-  - The user must also have recently logged in in order to show the latest setting. 
+platforms:
+  - darwin
+  - chrome
+description: >-
+  Returns if the screen locks automatically and the time, in seconds, it takes until the screen is locked automatically while idle.  For macOS, this table will return no results if osquery is running as root.
+notes: >-
+  - For macOS, this only fetches results for osquery's current logged-in user context. The user must also have recently logged in.
+  - For ChromeOS, this table is not a core osquery table. It is included as part of the Fleetd Chrome extension.
--- a/schema/tables/system_state.yml
+++ b/schema/tables/system_state.yml
@ -0,0 +1,20 @@
+name: system_state
+platforms:
+  - chrome
+description: Returns "locked" if the system is locked, "idle" if the user has not generated any input for a specified number of seconds, or "active" otherwise. Idle time is set to 20% of the user's autolock time or defaults to 30 seconds if autolock is not set.
+examples: >-
+  Returns "locked", "idle", or "active".
+
+  ```
+
+  SELECT idle_state FROM system_state;
+
+  ```
+columns:
+  - name: idle_state
+    type: string
+    description: Returns "locked", "idle", or "active".
+    required: false
+evented: false
+notes: >-
+  - This table is not a core osquery table. It is included as part of the Fleetd Chrome extension.