[FedCM] Implement intrusion mitigation via cooldown finch experiment 1/2
To mitigate the intrusion issue, this patch increases the current cooldown period via a Finch experiment to make sure the changes do not negatively impact other successful metrics. A follow up patch will add another experiment to improve the cooldown logic. Bug: 398888508 Change-Id: Ia59e20f6699773d0a2b11fe58bb4e8319a7f0b62 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6297528 Reviewed-by: Thomas Nguyen <tungnh@chromium.org> Commit-Queue: Yi Gu <yigu@chromium.org> Cr-Commit-Position: refs/heads/main@{#1426251}
This commit is contained in:
Yi Gu
components/permissions
features.ccfeatures.hpermission_decision_auto_blocker.ccpermission_decision_auto_blocker_unittest.cc
testing/variations
@@ -120,6 +120,12 @@ BASE_FEATURE(kCpssQuietChipTextUpdate,
|
|||||||
BASE_FEATURE(kCpssUseTfliteSignatureRunner,
|
BASE_FEATURE(kCpssUseTfliteSignatureRunner,
|
||||||
"CpssUseTfliteSignatureRunner",
|
"CpssUseTfliteSignatureRunner",
|
||||||
base::FEATURE_DISABLED_BY_DEFAULT);
|
base::FEATURE_DISABLED_BY_DEFAULT);
|
||||||
|
|
||||||
|
// When enabled, FederatedIdentityApiEmbargoDurationDismiss will use values from
|
||||||
|
// a field trial.
|
||||||
|
BASE_FEATURE(kFedCmUpdatedCooldownPeriod,
|
||||||
|
"FedCmUpdatedCooldownPeriod",
|
||||||
|
base::FEATURE_DISABLED_BY_DEFAULT);
|
||||||
} // namespace features
|
} // namespace features
|
||||||
namespace feature_params {
|
namespace feature_params {
|
||||||
|
|
||||||
|
|||||||
@@ -75,6 +75,9 @@ BASE_DECLARE_FEATURE(kCpssQuietChipTextUpdate);
|
|||||||
COMPONENT_EXPORT(PERMISSIONS_COMMON)
|
COMPONENT_EXPORT(PERMISSIONS_COMMON)
|
||||||
BASE_DECLARE_FEATURE(kCpssUseTfliteSignatureRunner);
|
BASE_DECLARE_FEATURE(kCpssUseTfliteSignatureRunner);
|
||||||
|
|
||||||
|
COMPONENT_EXPORT(PERMISSIONS_COMMON)
|
||||||
|
BASE_DECLARE_FEATURE(kFedCmUpdatedCooldownPeriod);
|
||||||
|
|
||||||
} // namespace features
|
} // namespace features
|
||||||
namespace feature_params {
|
namespace feature_params {
|
||||||
|
|
||||||
|
|||||||
@@ -49,14 +49,6 @@ constexpr int kDefaultEmbargoDays = 7;
|
|||||||
// automatically blocked.
|
// automatically blocked.
|
||||||
constexpr int kFederatedIdentityApiDismissalsBeforeBlock = 1;
|
constexpr int kFederatedIdentityApiDismissalsBeforeBlock = 1;
|
||||||
|
|
||||||
// The durations that an origin will stay under embargo for the
|
|
||||||
// FEDERATED_IDENTITY_API permission due to the user explicitly dismissing the
|
|
||||||
// permission prompt.
|
|
||||||
constexpr auto kFederatedIdentityApiEmbargoDurationDismiss =
|
|
||||||
std::to_array<base::TimeDelta>({base::Hours(2) /* 1st dismissal */,
|
|
||||||
base::Days(1) /* 2nd dismissal */,
|
|
||||||
base::Days(7), base::Days(28)});
|
|
||||||
|
|
||||||
// The duration that an origin will stay under embargo for the
|
// The duration that an origin will stay under embargo for the
|
||||||
// FEDERATED_IDENTITY_AUTO_REAUTHN_PERMISSION permission due to an auto re-authn
|
// FEDERATED_IDENTITY_AUTO_REAUTHN_PERMISSION permission due to an auto re-authn
|
||||||
// prompt being displayed recently.
|
// prompt being displayed recently.
|
||||||
@@ -154,12 +146,26 @@ int GetDismissalsBeforeBlockForContentSettingsType(
|
|||||||
base::TimeDelta GetEmbargoDurationForContentSettingsType(
|
base::TimeDelta GetEmbargoDurationForContentSettingsType(
|
||||||
ContentSettingsType permission,
|
ContentSettingsType permission,
|
||||||
int dismiss_count) {
|
int dismiss_count) {
|
||||||
|
// The durations that an origin will stay under embargo for the
|
||||||
|
// FEDERATED_IDENTITY_API permission due to the user explicitly dismissing the
|
||||||
|
// permission prompt.
|
||||||
|
auto FederatedIdentityApiEmbargoDurationDismiss =
|
||||||
|
std::to_array<base::TimeDelta>(
|
||||||
|
{base::Hours(base::GetFieldTrialParamByFeatureAsInt(
|
||||||
|
features::kFedCmUpdatedCooldownPeriod, "FirstDismissal", 2)),
|
||||||
|
base::Days(base::GetFieldTrialParamByFeatureAsInt(
|
||||||
|
features::kFedCmUpdatedCooldownPeriod, "SecondDismissal", 1)),
|
||||||
|
base::Days(base::GetFieldTrialParamByFeatureAsInt(
|
||||||
|
features::kFedCmUpdatedCooldownPeriod, "ThirdDismissal", 7)),
|
||||||
|
base::Days(base::GetFieldTrialParamByFeatureAsInt(
|
||||||
|
features::kFedCmUpdatedCooldownPeriod, "FourthDismissal", 28))});
|
||||||
|
|
||||||
if (permission == ContentSettingsType::FEDERATED_IDENTITY_API) {
|
if (permission == ContentSettingsType::FEDERATED_IDENTITY_API) {
|
||||||
int duration_index =
|
int duration_index =
|
||||||
std::clamp(dismiss_count - 1, 0,
|
std::clamp(dismiss_count - 1, 0,
|
||||||
static_cast<int>(
|
static_cast<int>(
|
||||||
kFederatedIdentityApiEmbargoDurationDismiss.size() - 1));
|
FederatedIdentityApiEmbargoDurationDismiss.size() - 1));
|
||||||
return kFederatedIdentityApiEmbargoDurationDismiss[duration_index];
|
return FederatedIdentityApiEmbargoDurationDismiss[duration_index];
|
||||||
}
|
}
|
||||||
|
|
||||||
if (permission ==
|
if (permission ==
|
||||||
|
|||||||
@@ -863,6 +863,9 @@ void CheckFederatedIdentityAutoReauthnEmbargoLiftedAfterTimeElapsing(
|
|||||||
|
|
||||||
TEST_F(PermissionDecisionAutoBlockerUnitTest,
|
TEST_F(PermissionDecisionAutoBlockerUnitTest,
|
||||||
TestDismissFederatedIdentityApiBackoff) {
|
TestDismissFederatedIdentityApiBackoff) {
|
||||||
|
base::test::ScopedFeatureList list;
|
||||||
|
list.InitAndEnableFeature(features::kFedCmUpdatedCooldownPeriod);
|
||||||
|
|
||||||
GURL url("https://www.google.com");
|
GURL url("https://www.google.com");
|
||||||
clock()->SetNow(base::Time::Now());
|
clock()->SetNow(base::Time::Now());
|
||||||
|
|
||||||
@@ -875,30 +878,40 @@ TEST_F(PermissionDecisionAutoBlockerUnitTest,
|
|||||||
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
||||||
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
||||||
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
||||||
autoblocker(), clock(), url, base::Hours(2));
|
autoblocker(), clock(), url,
|
||||||
|
base::Hours(base::GetFieldTrialParamByFeatureAsInt(
|
||||||
|
features::kFedCmUpdatedCooldownPeriod, "FirstDismissal", 2)));
|
||||||
|
|
||||||
// 1 day embargo for 2nd dismissal
|
// 1 day embargo for 2nd dismissal
|
||||||
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
||||||
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
||||||
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
||||||
autoblocker(), clock(), url, base::Days(1));
|
autoblocker(), clock(), url,
|
||||||
|
base::Days(base::GetFieldTrialParamByFeatureAsInt(
|
||||||
|
features::kFedCmUpdatedCooldownPeriod, "SecondDismissal", 1)));
|
||||||
|
|
||||||
// 7 day embargo for 3rd dismissal
|
// 7 day embargo for 3rd dismissal
|
||||||
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
||||||
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
||||||
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
||||||
autoblocker(), clock(), url, base::Days(7));
|
autoblocker(), clock(), url,
|
||||||
|
base::Days(base::GetFieldTrialParamByFeatureAsInt(
|
||||||
|
features::kFedCmUpdatedCooldownPeriod, "ThirdDismissal", 7)));
|
||||||
|
|
||||||
// 28 day embargo for 4th dismissal (and all additional dismissals)
|
// 28 day embargo for 4th dismissal (and all additional dismissals)
|
||||||
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
||||||
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
||||||
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
||||||
autoblocker(), clock(), url, base::Days(28));
|
autoblocker(), clock(), url,
|
||||||
|
base::Days(base::GetFieldTrialParamByFeatureAsInt(
|
||||||
|
features::kFedCmUpdatedCooldownPeriod, "FourthDismissal", 28)));
|
||||||
|
|
||||||
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
||||||
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
||||||
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
||||||
autoblocker(), clock(), url, base::Days(28));
|
autoblocker(), clock(), url,
|
||||||
|
base::Days(base::GetFieldTrialParamByFeatureAsInt(
|
||||||
|
features::kFedCmUpdatedCooldownPeriod, "FourthDismissal", 28)));
|
||||||
|
|
||||||
// Return to 2 hour embargo after
|
// Return to 2 hour embargo after
|
||||||
// PermissionDecisionAutoBlocker::RemoveEmbargoAndResetCounts()
|
// PermissionDecisionAutoBlocker::RemoveEmbargoAndResetCounts()
|
||||||
@@ -911,7 +924,9 @@ TEST_F(PermissionDecisionAutoBlockerUnitTest,
|
|||||||
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
||||||
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
||||||
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
||||||
autoblocker(), clock(), url, base::Hours(2));
|
autoblocker(), clock(), url,
|
||||||
|
base::Hours(base::GetFieldTrialParamByFeatureAsInt(
|
||||||
|
features::kFedCmUpdatedCooldownPeriod, "FourthDismissal", 2)));
|
||||||
}
|
}
|
||||||
|
|
||||||
TEST_F(PermissionDecisionAutoBlockerUnitTest,
|
TEST_F(PermissionDecisionAutoBlockerUnitTest,
|
||||||
|
|||||||
@@ -9724,6 +9724,32 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
"FedCmIntrusionMitigation": [
|
||||||
|
{
|
||||||
|
"platforms": [
|
||||||
|
"android",
|
||||||
|
"android_weblayer",
|
||||||
|
"chromeos",
|
||||||
|
"linux",
|
||||||
|
"mac",
|
||||||
|
"windows"
|
||||||
|
],
|
||||||
|
"experiments": [
|
||||||
|
{
|
||||||
|
"name": "UpdatedCooldownPeriod",
|
||||||
|
"params": {
|
||||||
|
"FirstDismissal": "24",
|
||||||
|
"FourthDismissal": "28",
|
||||||
|
"SecondDismissal": "5",
|
||||||
|
"ThirdDismissal": "14"
|
||||||
|
},
|
||||||
|
"enable_features": [
|
||||||
|
"FedCmUpdatedCooldownPeriod"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
"FeedLoadingPlaceholder": [
|
"FeedLoadingPlaceholder": [
|
||||||
{
|
{
|
||||||
"platforms": [
|
"platforms": [
|
||||||
|
|||||||
Reference in New Issue
Block a user