0

[Privacy Sandbox] Chrome client layer implementation of local

unpartitioned data access attestation check.

Implement the browser client layer check of the new attestation API.
Apply this check for shared storage get.

Browser tests for testing shared storage get with respect to the new
attestation check is added in:
chrome/browser/storage/shared_storage_browsertest.cc.

Update other existing tests to work with this check.

Please note other than the attestation, the local unpartitioned data
access is also gated on 3pc setting. See crrev.com/c/5860019.

Bug: 361375807
Change-Id: I338bb9fa756b9e2b793f3bf4a491281cd41409f6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5854085
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: Xiaochen Zhou <xiaochenzh@chromium.org>
Reviewed-by: Shivani Sharma <shivanisha@chromium.org>
Reviewed-by: Eric Seckler <eseckler@chromium.org>
Reviewed-by: Cammie Smith Barnes <cammie@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1370560}
This commit is contained in:
Xiaochen Zhou
2024-10-18 14:14:03 +00:00
committed by Chromium LUCI CQ
parent c8bf3beec3
commit e653034d14
15 changed files with 466 additions and 13 deletions

@ -157,6 +157,13 @@ class MockPrivateAggregationContentBrowserClientBase : public SuperClass {
std::string* out_debug_message,
bool* out_block_is_site_setting_specific),
(override));
MOCK_METHOD(bool,
IsFencedFramesLocalUnpartitionedDataAccessAllowed,
(content::BrowserContext * browser_context,
content::RenderFrameHost* rfh,
const url::Origin& top_frame_origin,
const url::Origin& accessing_origin),
(override));
MOCK_METHOD(bool,
IsPrivacySandboxReportingDestinationAttested,
(content::BrowserContext * browser_context,

@ -7083,6 +7083,14 @@ class SharedStorageFencedFrameDocumentGetBrowserTest
blink::features::kFencedFramesLocalUnpartitionedDataAccess);
}
void SetUpOnMainThread() override {
SharedStorageFencedFrameInteractionBrowserTest::SetUpOnMainThread();
// Bypass local unpartitioned data access attestation check.
ON_CALL(browser_client(), IsFencedFramesLocalUnpartitionedDataAccessAllowed)
.WillByDefault(testing::Return(true));
}
private:
base::test::ScopedFeatureList fenced_frame_feature_;
};

@ -61,6 +61,15 @@ using GetResult = storage::SharedStorageManager::GetResult;
} // namespace
const char kFencedFrameLocalUnpartitionedDataAccessDisabledMessage[] =
"Fenced frame local unpartitioned data access is disabled";
const char
kFencedFrameLocalUnpartitionedDataAccessWithoutRevokeNetworkMessage[] =
"sharedStorage.get() is not allowed in a fenced frame until network "
"access for it and all descendent frames has been revoked with "
"window.fence.disableUntrustedNetwork()";
const char kSharedStorageDisabledMessage[] = "sharedStorage is disabled";
const char kSharedStorageSelectURLDisabledMessage[] =
@ -212,13 +221,13 @@ void SharedStorageDocumentServiceImpl::SharedStorageGet(
return;
}
std::string debug_message;
if (!IsSharedStorageAllowed(&debug_message)) {
std::move(callback).Run(blink::mojom::SharedStorageGetStatus::kError,
/*error_message=*/
GetSharedStorageErrorMessage(
debug_message, kSharedStorageDisabledMessage),
/*value=*/{});
if (!IsLocalUnpartitionedDataAccessAllowed(
/*accessing_origin=*/render_frame_host().GetLastCommittedOrigin())) {
std::move(callback).Run(
blink::mojom::SharedStorageGetStatus::kError,
/*error_message=*/
kFencedFrameLocalUnpartitionedDataAccessDisabledMessage,
/*value=*/{});
return;
}
@ -227,9 +236,7 @@ void SharedStorageDocumentServiceImpl::SharedStorageGet(
std::move(callback).Run(
blink::mojom::SharedStorageGetStatus::kError,
/*error_message=*/
"sharedStorage.get() is not allowed in a fenced frame until network "
"access for it and all descendent frames has been revoked with "
"window.fence.disableUntrustedNetwork()",
kFencedFrameLocalUnpartitionedDataAccessWithoutRevokeNetworkMessage,
/*value=*/{});
return;
}
@ -524,6 +531,16 @@ bool SharedStorageDocumentServiceImpl::IsSharedStorageAllowedForOrigin(
out_block_is_site_setting_specific);
}
bool SharedStorageDocumentServiceImpl::IsLocalUnpartitionedDataAccessAllowed(
const url::Origin& accessing_origin) {
return GetContentClient()
->browser()
->IsFencedFramesLocalUnpartitionedDataAccessAllowed(
render_frame_host().GetBrowserContext(), &render_frame_host(),
/*top_frame_origin=*/main_frame_origin_,
/*accessing_origin=*/accessing_origin);
}
bool SharedStorageDocumentServiceImpl::IsSharedStorageAddModuleAllowedForOrigin(
const url::Origin& accessing_origin,
std::string* out_debug_message,

@ -29,6 +29,10 @@ class RenderFrameHost;
class SharedStorageWorkletHost;
class SharedStorageWorkletHostManager;
extern CONTENT_EXPORT const char
kFencedFrameLocalUnpartitionedDataAccessDisabledMessage[];
extern CONTENT_EXPORT const char
kFencedFrameLocalUnpartitionedDataAccessWithoutRevokeNetworkMessage[];
extern CONTENT_EXPORT const char kSharedStorageDisabledMessage[];
extern CONTENT_EXPORT const char kSharedStorageSelectURLDisabledMessage[];
extern CONTENT_EXPORT const char kSharedStorageAddModuleDisabledMessage[];
@ -108,6 +112,9 @@ class CONTENT_EXPORT SharedStorageDocumentServiceImpl final
std::string* out_debug_message,
bool* out_block_is_site_specific);
bool IsLocalUnpartitionedDataAccessAllowed(
const url::Origin& accessing_origin);
bool IsSharedStorageAddModuleAllowedForOrigin(
const url::Origin& accessing_origin,
std::string* out_debug_message,

@ -623,6 +623,14 @@ bool ContentBrowserClient::IsSharedStorageSelectURLAllowed(
return false;
}
bool ContentBrowserClient::IsFencedFramesLocalUnpartitionedDataAccessAllowed(
content::BrowserContext* browser_context,
content::RenderFrameHost* rfh,
const url::Origin& top_frame_origin,
const url::Origin& accessing_origin) {
return false;
}
bool ContentBrowserClient::IsPrivateAggregationAllowed(
content::BrowserContext* browser_context,
const url::Origin& top_frame_origin,

@ -1129,6 +1129,14 @@ class CONTENT_EXPORT ContentBrowserClient {
std::string* out_debug_message,
bool* out_block_is_site_setting_specific);
// Allows the embedder to control if fenced frame gated Shared Storage API
// operations can happen in a given context.
virtual bool IsFencedFramesLocalUnpartitionedDataAccessAllowed(
content::BrowserContext* browser_context,
content::RenderFrameHost* rfh,
const url::Origin& top_frame_origin,
const url::Origin& accessing_origin);
// Allows the embedder to control if Private Aggregation API operations can
// happen in a given context.
//

@ -107,6 +107,15 @@ GetSharedStorageWorkletHostManagerForStoragePartition(
->GetSharedStorageWorkletHostManager();
}
std::string GetFencedFrameLocalUnpartitionedDataAccessDisabledMessage() {
return kFencedFrameLocalUnpartitionedDataAccessDisabledMessage;
}
std::string
GetFencedFrameLocalUnpartitionedDataAccessWithoutRevokeNetworkMessage() {
return kFencedFrameLocalUnpartitionedDataAccessWithoutRevokeNetworkMessage;
}
std::string GetSharedStorageDisabledMessage() {
return kSharedStorageDisabledMessage;
}

@ -36,6 +36,11 @@ SharedStorageWorkletHostManager*
GetSharedStorageWorkletHostManagerForStoragePartition(
StoragePartition* storage_partition);
std::string GetFencedFrameLocalUnpartitionedDataAccessDisabledMessage();
std::string
GetFencedFrameLocalUnpartitionedDataAccessWithoutRevokeNetworkMessage();
std::string GetSharedStorageDisabledMessage();
std::string GetSharedStorageSelectURLDisabledMessage();

@ -524,6 +524,15 @@ bool ShellContentBrowserClient::IsSharedStorageSelectURLAllowed(
return true;
}
bool ShellContentBrowserClient::
IsFencedFramesLocalUnpartitionedDataAccessAllowed(
content::BrowserContext* browser_context,
content::RenderFrameHost* rfh,
const url::Origin& top_frame_origin,
const url::Origin& accessing_origin) {
return true;
}
bool ShellContentBrowserClient::IsCookieDeprecationLabelAllowed(
content::BrowserContext* browser_context) {
return true;

@ -82,6 +82,11 @@ class ShellContentBrowserClient : public ContentBrowserClient {
const url::Origin& accessing_origin,
std::string* out_debug_message,
bool* out_block_is_site_setting_specific) override;
bool IsFencedFramesLocalUnpartitionedDataAccessAllowed(
content::BrowserContext* browser_context,
content::RenderFrameHost* rfh,
const url::Origin& top_frame_origin,
const url::Origin& accessing_origin) override;
bool IsCookieDeprecationLabelAllowed(
content::BrowserContext* browser_context) override;
bool IsCookieDeprecationLabelAllowedForContext(