[AW] Package name logging ComponentInstallerPolicy

Add ComponentInstallerPolicy for WebViewAppsPackageNamesAllowlist.
Registration is gated behind a command line flag.

Bug: 1202702
Test: android_webview_unittests
Change-Id: I78e21c0601dc7e7557f2c164ed5c28d4b3767505
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2860008
Reviewed-by: Mugdha Lakhani <nator@chromium.org>
Reviewed-by: Hazem Ashmawy <hazems@chromium.org>
Commit-Queue: Laís Minchillo <laisminchillo@chromium.org>
Auto-Submit: Laís Minchillo <laisminchillo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#886050}

android_webview/common/aw_features.cc

@@ -58,9 +58,10 @@ const base::Feature kWebViewMeasureScreenCoverage{
 const base::Feature kWebViewOriginTrials{"WebViewOriginTrials",
                                          base::FEATURE_DISABLED_BY_DEFAULT};
 
-// Enables package name logging for the most popular WebView embedders.
-const base::Feature kWebViewPackageNameLogging{
-    "WebViewPackageNameLogging", base::FEATURE_DISABLED_BY_DEFAULT};
+// Enables package name logging for the most popular WebView embedders that are
+// on a dynamically generated allowlist.
+const base::Feature kWebViewAppsPackageNamesAllowlist{
+    "WebViewAppsPackageNamesAllowlist", base::FEATURE_DISABLED_BY_DEFAULT};
 
 // Restricts all of WebView's out-of-process renderer threads to use only LITTLE
 // cores on big.LITTLE architectures when the power mode is idle.

android_webview/common/aw_features.h

@@ -14,6 +14,7 @@ namespace features {
 // alongside the definition of their values in the .cc file.
 
 // Alphabetical:
+extern const base::Feature kWebViewAppsPackageNamesAllowlist;
 extern const base::Feature kWebViewBrotliSupport;
 extern const base::Feature kWebViewConnectionlessSafeBrowsing;
 extern const base::Feature kWebViewCpuAffinityRestrictToLittleCores;
@@ -23,7 +24,6 @@ extern const base::Feature kWebViewJavaJsBridgeMojo;
 extern const base::Feature kWebViewMeasureScreenCoverage;
 extern const base::Feature kWebViewMixedContentAutoupgrades;
 extern const base::Feature kWebViewOriginTrials;
-extern const base::Feature kWebViewPackageNameLogging;
 extern const base::Feature kWebViewPowerSchedulerThrottleIdle;
 extern const base::Feature kWebViewSuppressDifferentOriginSubframeJSDialogs;
 extern const base::Feature kWebViewTestFeature;

android_webview/common/aw_switches.cc

@@ -53,4 +53,8 @@ const char kFinchSeedMinUpdatePeriod[] = "finch-seed-min-update-period";
 const char kWebViewEnableModernCookieSameSite[] =
     "webview-enable-modern-cookie-same-site";
 
+// Enables downloading Apps Package Names Allowlist.
+const char kWebViewAppsPackageNamesAllowlist[] =
+    "webview-apps-package-names-allowlist";
+
 }  // namespace switches

android_webview/common/aw_switches.h

@@ -18,6 +18,7 @@ extern const char kFinchSeedIgnorePendingDownload[];
 extern const char kFinchSeedMinDownloadPeriod[];
 extern const char kFinchSeedMinUpdatePeriod[];
 extern const char kWebViewEnableModernCookieSameSite[];
+extern const char kWebViewAppsPackageNamesAllowlist[];
 
 }  // namespace switches
 

android_webview/nonembedded/BUILD.gn

@@ -130,6 +130,8 @@ source_set("nonembedded") {
     "component_updater/aw_component_updater_configurator.h",
     "component_updater/installer_policies/aw_origin_trials_component_installer.cc",
     "component_updater/installer_policies/aw_origin_trials_component_installer.h",
+    "component_updater/installer_policies/aw_package_names_allowlist_component_installer_policy.cc",
+    "component_updater/installer_policies/aw_package_names_allowlist_component_installer_policy.h",
     "component_updater/installer_policies/aw_trust_token_key_commitments_component_installer_policy.cc",
     "component_updater/installer_policies/aw_trust_token_key_commitments_component_installer_policy.h",
     "component_updater/registration.cc",

android_webview/nonembedded/component_updater/installer_policies/aw_package_names_allowlist_component_installer_policy.cc

@@ -0,0 +1,121 @@
+// Copyright 2021 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "android_webview/nonembedded/component_updater/installer_policies/aw_package_names_allowlist_component_installer_policy.h"
+
+#include <cstdint>
+#include <memory>
+#include <string>
+#include <utility>
+#include <vector>
+
+#include "android_webview/nonembedded/component_updater/aw_component_installer_policy_delegate.h"
+#include "base/files/file_path.h"
+#include "base/files/file_util.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_refptr.h"
+#include "base/path_service.h"
+#include "base/stl_util.h"
+#include "base/values.h"
+#include "base/version.h"
+#include "components/component_updater/component_installer.h"
+#include "components/component_updater/component_updater_paths.h"
+
+namespace {
+
+// The SHA256 of the SubjectPublicKeyInfo used to sign the extension.
+// The extension id is: aemllinfpjdgcldgaelcgakpjmaekbai
+const uint8_t kWebViewAppsPackageNamesAllowlistPublicKeySHA256[32] = {
+    0x04, 0xcb, 0xb8, 0xd5, 0xf9, 0x36, 0x2b, 0x36, 0x04, 0xb2, 0x60,
+    0xaf, 0x9c, 0x04, 0xa1, 0x08, 0xa3, 0xe9, 0xdc, 0x92, 0x46, 0xe7,
+    0xae, 0xc8, 0x3e, 0x32, 0x6f, 0x74, 0x43, 0x02, 0xf3, 0x7e};
+
+const char kWebViewAppsPackageNamesAllowlistName[] =
+    "WebViewAppsPackageNamesAllowlist";
+
+}  // namespace
+
+namespace android_webview {
+
+AwPackageNamesAllowlistComponentInstallerPolicy::
+    AwPackageNamesAllowlistComponentInstallerPolicy() {
+  std::vector<uint8_t> hash;
+  GetHash(&hash);
+  delegate_ = std::make_unique<AwComponentInstallerPolicyDelegate>(hash);
+}
+
+AwPackageNamesAllowlistComponentInstallerPolicy::
+    ~AwPackageNamesAllowlistComponentInstallerPolicy() = default;
+
+update_client::CrxInstaller::Result
+AwPackageNamesAllowlistComponentInstallerPolicy::OnCustomInstall(
+    const base::DictionaryValue& manifest,
+    const base::FilePath& install_dir) {
+  // Nothing custom here.
+  return update_client::CrxInstaller::Result(/* error = */ 0);
+}
+
+void AwPackageNamesAllowlistComponentInstallerPolicy::OnCustomUninstall() {
+  delegate_->OnCustomUninstall();
+}
+
+void AwPackageNamesAllowlistComponentInstallerPolicy::ComponentReady(
+    const base::Version& version,
+    const base::FilePath& install_dir,
+    std::unique_ptr<base::DictionaryValue> manifest) {
+  delegate_->ComponentReady(version, install_dir, std::move(manifest));
+}
+
+void RegisterWebViewAppsPackageNamesAllowlistComponent(
+    base::OnceCallback<bool(const update_client::CrxComponent&)>
+        register_callback,
+    base::OnceClosure registration_finished) {
+  base::MakeRefCounted<component_updater::ComponentInstaller>(
+      std::make_unique<AwPackageNamesAllowlistComponentInstallerPolicy>())
+      ->Register(std::move(register_callback),
+                 std::move(registration_finished));
+}
+
+bool AwPackageNamesAllowlistComponentInstallerPolicy::
+    SupportsGroupPolicyEnabledComponentUpdates() const {
+  return false;
+}
+
+bool AwPackageNamesAllowlistComponentInstallerPolicy::
+    RequiresNetworkEncryption() const {
+  return false;
+}
+
+// Called during startup and installation before ComponentReady().
+bool AwPackageNamesAllowlistComponentInstallerPolicy::VerifyInstallation(
+    const base::DictionaryValue& manifest,
+    const base::FilePath& install_dir) const {
+  return manifest.HasKey(kWebViewAppsPackageNamesAllowlistName);
+}
+
+base::FilePath
+AwPackageNamesAllowlistComponentInstallerPolicy::GetRelativeInstallDir() const {
+  return base::FilePath(FILE_PATH_LITERAL("WebViewAppsPackageNamesAllowlist"));
+}
+
+void AwPackageNamesAllowlistComponentInstallerPolicy::GetHash(
+    std::vector<uint8_t>* hash) const {
+  DCHECK(hash);
+  hash->assign(
+      kWebViewAppsPackageNamesAllowlistPublicKeySHA256,
+      kWebViewAppsPackageNamesAllowlistPublicKeySHA256 +
+          base::size(kWebViewAppsPackageNamesAllowlistPublicKeySHA256));
+}
+
+std::string AwPackageNamesAllowlistComponentInstallerPolicy::GetName() const {
+  return kWebViewAppsPackageNamesAllowlistName;
+}
+
+update_client::InstallerAttributes
+AwPackageNamesAllowlistComponentInstallerPolicy::GetInstallerAttributes()
+    const {
+  return update_client::InstallerAttributes();
+}
+
+}  // namespace android_webview

android_webview/nonembedded/component_updater/installer_policies/aw_package_names_allowlist_component_installer_policy.h

@@ -0,0 +1,71 @@
+// Copyright 2021 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef ANDROID_WEBVIEW_NONEMBEDDED_COMPONENT_UPDATER_INSTALLER_POLICIES_AW_PACKAGE_NAMES_ALLOWLIST_COMPONENT_INSTALLER_POLICY_H_
+#define ANDROID_WEBVIEW_NONEMBEDDED_COMPONENT_UPDATER_INSTALLER_POLICIES_AW_PACKAGE_NAMES_ALLOWLIST_COMPONENT_INSTALLER_POLICY_H_
+
+#include <cstdint>
+#include <memory>
+#include <string>
+#include <utility>
+#include <vector>
+
+#include "android_webview/nonembedded/component_updater/aw_component_installer_policy_delegate.h"
+#include "base/callback.h"
+#include "base/files/file_path.h"
+#include "base/values.h"
+#include "base/version.h"
+#include "components/component_updater/component_installer.h"
+
+namespace base {
+class DictionaryValue;
+class FilePath;
+class Version;
+}  // namespace base
+
+namespace android_webview {
+
+class AwPackageNamesAllowlistComponentInstallerPolicy
+    : public component_updater::ComponentInstallerPolicy {
+ public:
+  AwPackageNamesAllowlistComponentInstallerPolicy();
+  ~AwPackageNamesAllowlistComponentInstallerPolicy() override;
+  AwPackageNamesAllowlistComponentInstallerPolicy(
+      const AwPackageNamesAllowlistComponentInstallerPolicy&) = delete;
+  AwPackageNamesAllowlistComponentInstallerPolicy& operator=(
+      const AwPackageNamesAllowlistComponentInstallerPolicy&) = delete;
+
+  void GetHash(std::vector<uint8_t>* hash) const override;
+
+ protected:
+  // The following methods override ComponentInstallerPolicy.
+  bool SupportsGroupPolicyEnabledComponentUpdates() const override;
+  bool RequiresNetworkEncryption() const override;
+  update_client::CrxInstaller::Result OnCustomInstall(
+      const base::DictionaryValue& manifest,
+      const base::FilePath& install_dir) override;
+  void OnCustomUninstall() override;
+  bool VerifyInstallation(const base::DictionaryValue& manifest,
+                          const base::FilePath& install_dir) const override;
+  void ComponentReady(const base::Version& version,
+                      const base::FilePath& install_dir,
+                      std::unique_ptr<base::DictionaryValue> manifest) override;
+  base::FilePath GetRelativeInstallDir() const override;
+  std::string GetName() const override;
+  update_client::InstallerAttributes GetInstallerAttributes() const override;
+
+ private:
+  std::unique_ptr<AwComponentInstallerPolicyDelegate> delegate_;
+};
+
+// Call once during startup to make the component update service aware of
+// the package name logging component.
+void RegisterWebViewAppsPackageNamesAllowlistComponent(
+    base::OnceCallback<bool(const update_client::CrxComponent&)>
+        register_callback,
+    base::OnceClosure registration_finished);
+
+}  // namespace android_webview
+
+#endif  // ANDROID_WEBVIEW_NONEMBEDDED_COMPONENT_UPDATER_INSTALLER_POLICIES_AW_PACKAGE_NAMES_ALLOWLIST_COMPONENT_INSTALLER_POLICY_H_

android_webview/nonembedded/component_updater/installer_policies/aw_package_names_allowlist_component_installer_policy_unittest.cc

@@ -0,0 +1,60 @@
+// Copyright 2021 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "android_webview/nonembedded/component_updater/installer_policies/aw_package_names_allowlist_component_installer_policy.h"
+
+#include <vector>
+
+#include "android_webview/common/aw_switches.h"
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_refptr.h"
+#include "base/stl_util.h"
+#include "base/test/task_environment.h"
+#include "base/values.h"
+#include "base/version.h"
+#include "components/update_client/utils.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace android_webview {
+
+const uint8_t kWebViewAppsPackageNamesAllowlistPublicKeySHA256[32] = {
+    0x04, 0xcb, 0xb8, 0xd5, 0xf9, 0x36, 0x2b, 0x36, 0x04, 0xb2, 0x60,
+    0xaf, 0x9c, 0x04, 0xa1, 0x08, 0xa3, 0xe9, 0xdc, 0x92, 0x46, 0xe7,
+    0xae, 0xc8, 0x3e, 0x32, 0x6f, 0x74, 0x43, 0x02, 0xf3, 0x7e};
+
+class AwPackageNamesAllowlistComponentInstallerPolicyTest
+    : public ::testing::Test {
+ public:
+  AwPackageNamesAllowlistComponentInstallerPolicyTest() = default;
+
+ protected:
+  base::test::TaskEnvironment env_;
+};
+
+// TODO(crbug.com/1202702): Add a test that calls
+// RegisterWebViewAppsPackageNamesAllowlistComponent() and checks that
+// registration_finished is called.
+
+TEST_F(AwPackageNamesAllowlistComponentInstallerPolicyTest, ComponentHash) {
+  auto policy =
+      std::make_unique<AwPackageNamesAllowlistComponentInstallerPolicy>();
+
+  std::vector<uint8_t> expected;
+  expected.assign(
+      kWebViewAppsPackageNamesAllowlistPublicKeySHA256,
+      kWebViewAppsPackageNamesAllowlistPublicKeySHA256 +
+          base::size(kWebViewAppsPackageNamesAllowlistPublicKeySHA256));
+
+  std::vector<uint8_t> actual;
+  policy->GetHash(&actual);
+
+  EXPECT_EQ(expected, actual);
+
+  std::string expected_id = "aemllinfpjdgcldgaelcgakpjmaekbai";
+  std::string actual_id = update_client::GetCrxIdFromPublicKeyHash(actual);
+
+  EXPECT_EQ(expected_id, actual_id);
+}
+
+}  // namespace android_webview

android_webview/nonembedded/component_updater/registration.cc

@@ -6,26 +6,40 @@
 
 #include <memory>
 
+#include "android_webview/common/aw_switches.h"
 #include "android_webview/nonembedded/component_updater/installer_policies/aw_origin_trials_component_installer.h"
+#include "android_webview/nonembedded/component_updater/installer_policies/aw_package_names_allowlist_component_installer_policy.h"
 #include "android_webview/nonembedded/component_updater/installer_policies/aw_trust_token_key_commitments_component_installer_policy.h"
 #include "base/barrier_closure.h"
 #include "base/callback.h"
 #include "base/callback_helpers.h"
+#include "base/command_line.h"
 
 namespace android_webview {
 
 // Update when changing the components WebView registers.
-constexpr int kNumWebViewComponents = 2;
+constexpr int kNumWebViewComponents = 3;
 
 void RegisterComponentsForUpdate(
     base::RepeatingCallback<bool(const update_client::CrxComponent&)>
         register_callback,
     base::OnceClosure on_finished) {
+  // TODO(crbug.com/1202702): remove command line flag
+  bool package_names_allowlist_enabled =
+      base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kWebViewAppsPackageNamesAllowlist);
+  int num_webview_components =
+      package_names_allowlist_enabled ? kNumWebViewComponents : 2;
+
   base::RepeatingClosure barrier_closure = base::BarrierClosure(
-      kNumWebViewComponents, base::BindOnce(std::move(on_finished)));
+      num_webview_components, base::BindOnce(std::move(on_finished)));
 
   RegisterOriginTrialsComponent(register_callback, barrier_closure);
   RegisterTrustTokensComponent(register_callback, barrier_closure);
+  if (package_names_allowlist_enabled) {
+    RegisterWebViewAppsPackageNamesAllowlistComponent(register_callback,
+                                                      barrier_closure);
+  }
 }
 
 }  // namespace android_webview

android_webview/test/BUILD.gn

@@ -533,6 +533,7 @@ test("android_webview_unittests") {
     "../nonembedded/component_updater/aw_component_installer_policy_delegate_unittest.cc",
     "../nonembedded/component_updater/aw_component_update_service_test.cc",
     "../nonembedded/component_updater/aw_component_updater_configurator_unittest.cc",
+    "../nonembedded/component_updater/installer_policies/aw_package_names_allowlist_component_installer_policy_unittest.cc",
   ]
 
   deps += [ "//v8:v8_external_startup_data_assets" ]