[FedCM] Implement intrusion mitigation via cooldown finch experiment 1/2
To mitigate the intrusion issue, this patch increases the current cooldown period via a Finch experiment to make sure the changes do not negatively impact other successful metrics. A follow up patch will add another experiment to improve the cooldown logic. Bug: 398888508 Change-Id: Ia59e20f6699773d0a2b11fe58bb4e8319a7f0b62 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6297528 Reviewed-by: Thomas Nguyen <tungnh@chromium.org> Commit-Queue: Yi Gu <yigu@chromium.org> Cr-Commit-Position: refs/heads/main@{#1426251}
This commit is contained in:
components/permissions
features.ccfeatures.hpermission_decision_auto_blocker.ccpermission_decision_auto_blocker_unittest.cc
testing/variations
@@ -120,6 +120,12 @@ BASE_FEATURE(kCpssQuietChipTextUpdate,
|
||||
BASE_FEATURE(kCpssUseTfliteSignatureRunner,
|
||||
"CpssUseTfliteSignatureRunner",
|
||||
base::FEATURE_DISABLED_BY_DEFAULT);
|
||||
|
||||
// When enabled, FederatedIdentityApiEmbargoDurationDismiss will use values from
|
||||
// a field trial.
|
||||
BASE_FEATURE(kFedCmUpdatedCooldownPeriod,
|
||||
"FedCmUpdatedCooldownPeriod",
|
||||
base::FEATURE_DISABLED_BY_DEFAULT);
|
||||
} // namespace features
|
||||
namespace feature_params {
|
||||
|
||||
|
@@ -75,6 +75,9 @@ BASE_DECLARE_FEATURE(kCpssQuietChipTextUpdate);
|
||||
COMPONENT_EXPORT(PERMISSIONS_COMMON)
|
||||
BASE_DECLARE_FEATURE(kCpssUseTfliteSignatureRunner);
|
||||
|
||||
COMPONENT_EXPORT(PERMISSIONS_COMMON)
|
||||
BASE_DECLARE_FEATURE(kFedCmUpdatedCooldownPeriod);
|
||||
|
||||
} // namespace features
|
||||
namespace feature_params {
|
||||
|
||||
|
@@ -49,14 +49,6 @@ constexpr int kDefaultEmbargoDays = 7;
|
||||
// automatically blocked.
|
||||
constexpr int kFederatedIdentityApiDismissalsBeforeBlock = 1;
|
||||
|
||||
// The durations that an origin will stay under embargo for the
|
||||
// FEDERATED_IDENTITY_API permission due to the user explicitly dismissing the
|
||||
// permission prompt.
|
||||
constexpr auto kFederatedIdentityApiEmbargoDurationDismiss =
|
||||
std::to_array<base::TimeDelta>({base::Hours(2) /* 1st dismissal */,
|
||||
base::Days(1) /* 2nd dismissal */,
|
||||
base::Days(7), base::Days(28)});
|
||||
|
||||
// The duration that an origin will stay under embargo for the
|
||||
// FEDERATED_IDENTITY_AUTO_REAUTHN_PERMISSION permission due to an auto re-authn
|
||||
// prompt being displayed recently.
|
||||
@@ -154,12 +146,26 @@ int GetDismissalsBeforeBlockForContentSettingsType(
|
||||
base::TimeDelta GetEmbargoDurationForContentSettingsType(
|
||||
ContentSettingsType permission,
|
||||
int dismiss_count) {
|
||||
// The durations that an origin will stay under embargo for the
|
||||
// FEDERATED_IDENTITY_API permission due to the user explicitly dismissing the
|
||||
// permission prompt.
|
||||
auto FederatedIdentityApiEmbargoDurationDismiss =
|
||||
std::to_array<base::TimeDelta>(
|
||||
{base::Hours(base::GetFieldTrialParamByFeatureAsInt(
|
||||
features::kFedCmUpdatedCooldownPeriod, "FirstDismissal", 2)),
|
||||
base::Days(base::GetFieldTrialParamByFeatureAsInt(
|
||||
features::kFedCmUpdatedCooldownPeriod, "SecondDismissal", 1)),
|
||||
base::Days(base::GetFieldTrialParamByFeatureAsInt(
|
||||
features::kFedCmUpdatedCooldownPeriod, "ThirdDismissal", 7)),
|
||||
base::Days(base::GetFieldTrialParamByFeatureAsInt(
|
||||
features::kFedCmUpdatedCooldownPeriod, "FourthDismissal", 28))});
|
||||
|
||||
if (permission == ContentSettingsType::FEDERATED_IDENTITY_API) {
|
||||
int duration_index =
|
||||
std::clamp(dismiss_count - 1, 0,
|
||||
static_cast<int>(
|
||||
kFederatedIdentityApiEmbargoDurationDismiss.size() - 1));
|
||||
return kFederatedIdentityApiEmbargoDurationDismiss[duration_index];
|
||||
FederatedIdentityApiEmbargoDurationDismiss.size() - 1));
|
||||
return FederatedIdentityApiEmbargoDurationDismiss[duration_index];
|
||||
}
|
||||
|
||||
if (permission ==
|
||||
|
@@ -863,6 +863,9 @@ void CheckFederatedIdentityAutoReauthnEmbargoLiftedAfterTimeElapsing(
|
||||
|
||||
TEST_F(PermissionDecisionAutoBlockerUnitTest,
|
||||
TestDismissFederatedIdentityApiBackoff) {
|
||||
base::test::ScopedFeatureList list;
|
||||
list.InitAndEnableFeature(features::kFedCmUpdatedCooldownPeriod);
|
||||
|
||||
GURL url("https://www.google.com");
|
||||
clock()->SetNow(base::Time::Now());
|
||||
|
||||
@@ -875,30 +878,40 @@ TEST_F(PermissionDecisionAutoBlockerUnitTest,
|
||||
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
||||
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
||||
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
||||
autoblocker(), clock(), url, base::Hours(2));
|
||||
autoblocker(), clock(), url,
|
||||
base::Hours(base::GetFieldTrialParamByFeatureAsInt(
|
||||
features::kFedCmUpdatedCooldownPeriod, "FirstDismissal", 2)));
|
||||
|
||||
// 1 day embargo for 2nd dismissal
|
||||
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
||||
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
||||
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
||||
autoblocker(), clock(), url, base::Days(1));
|
||||
autoblocker(), clock(), url,
|
||||
base::Days(base::GetFieldTrialParamByFeatureAsInt(
|
||||
features::kFedCmUpdatedCooldownPeriod, "SecondDismissal", 1)));
|
||||
|
||||
// 7 day embargo for 3rd dismissal
|
||||
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
||||
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
||||
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
||||
autoblocker(), clock(), url, base::Days(7));
|
||||
autoblocker(), clock(), url,
|
||||
base::Days(base::GetFieldTrialParamByFeatureAsInt(
|
||||
features::kFedCmUpdatedCooldownPeriod, "ThirdDismissal", 7)));
|
||||
|
||||
// 28 day embargo for 4th dismissal (and all additional dismissals)
|
||||
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
||||
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
||||
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
||||
autoblocker(), clock(), url, base::Days(28));
|
||||
autoblocker(), clock(), url,
|
||||
base::Days(base::GetFieldTrialParamByFeatureAsInt(
|
||||
features::kFedCmUpdatedCooldownPeriod, "FourthDismissal", 28)));
|
||||
|
||||
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
||||
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
||||
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
||||
autoblocker(), clock(), url, base::Days(28));
|
||||
autoblocker(), clock(), url,
|
||||
base::Days(base::GetFieldTrialParamByFeatureAsInt(
|
||||
features::kFedCmUpdatedCooldownPeriod, "FourthDismissal", 28)));
|
||||
|
||||
// Return to 2 hour embargo after
|
||||
// PermissionDecisionAutoBlocker::RemoveEmbargoAndResetCounts()
|
||||
@@ -911,7 +924,9 @@ TEST_F(PermissionDecisionAutoBlockerUnitTest,
|
||||
EXPECT_TRUE(autoblocker()->RecordDismissAndEmbargo(
|
||||
url, ContentSettingsType::FEDERATED_IDENTITY_API, false));
|
||||
CheckFederatedIdentityApiEmbargoLiftedAfterTimeElapsing(
|
||||
autoblocker(), clock(), url, base::Hours(2));
|
||||
autoblocker(), clock(), url,
|
||||
base::Hours(base::GetFieldTrialParamByFeatureAsInt(
|
||||
features::kFedCmUpdatedCooldownPeriod, "FourthDismissal", 2)));
|
||||
}
|
||||
|
||||
TEST_F(PermissionDecisionAutoBlockerUnitTest,
|
||||
|
@@ -9724,6 +9724,32 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"FedCmIntrusionMitigation": [
|
||||
{
|
||||
"platforms": [
|
||||
"android",
|
||||
"android_weblayer",
|
||||
"chromeos",
|
||||
"linux",
|
||||
"mac",
|
||||
"windows"
|
||||
],
|
||||
"experiments": [
|
||||
{
|
||||
"name": "UpdatedCooldownPeriod",
|
||||
"params": {
|
||||
"FirstDismissal": "24",
|
||||
"FourthDismissal": "28",
|
||||
"SecondDismissal": "5",
|
||||
"ThirdDismissal": "14"
|
||||
},
|
||||
"enable_features": [
|
||||
"FedCmUpdatedCooldownPeriod"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"FeedLoadingPlaceholder": [
|
||||
{
|
||||
"platforms": [
|
||||
|
Reference in New Issue
Block a user