[Privacy Sandbox] Chrome client layer implementation of local
unpartitioned data access attestation check. Implement the browser client layer check of the new attestation API. Apply this check for shared storage get. Browser tests for testing shared storage get with respect to the new attestation check is added in: chrome/browser/storage/shared_storage_browsertest.cc. Update other existing tests to work with this check. Please note other than the attestation, the local unpartitioned data access is also gated on 3pc setting. See crrev.com/c/5860019. Bug: 361375807 Change-Id: I338bb9fa756b9e2b793f3bf4a491281cd41409f6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5854085 Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Xiaochen Zhou <xiaochenzh@chromium.org> Reviewed-by: Shivani Sharma <shivanisha@chromium.org> Reviewed-by: Eric Seckler <eseckler@chromium.org> Reviewed-by: Cammie Smith Barnes <cammie@chromium.org> Cr-Commit-Position: refs/heads/main@{#1370560}
This commit is contained in:

committed by
Chromium LUCI CQ

parent
c8bf3beec3
commit
e653034d14
chrome/browser
content
browser
private_aggregation
shared_storage
public
browser
test
shell
headless/lib/browser
@ -157,6 +157,13 @@ class MockPrivateAggregationContentBrowserClientBase : public SuperClass {
|
||||
std::string* out_debug_message,
|
||||
bool* out_block_is_site_setting_specific),
|
||||
(override));
|
||||
MOCK_METHOD(bool,
|
||||
IsFencedFramesLocalUnpartitionedDataAccessAllowed,
|
||||
(content::BrowserContext * browser_context,
|
||||
content::RenderFrameHost* rfh,
|
||||
const url::Origin& top_frame_origin,
|
||||
const url::Origin& accessing_origin),
|
||||
(override));
|
||||
MOCK_METHOD(bool,
|
||||
IsPrivacySandboxReportingDestinationAttested,
|
||||
(content::BrowserContext * browser_context,
|
||||
|
@ -7083,6 +7083,14 @@ class SharedStorageFencedFrameDocumentGetBrowserTest
|
||||
blink::features::kFencedFramesLocalUnpartitionedDataAccess);
|
||||
}
|
||||
|
||||
void SetUpOnMainThread() override {
|
||||
SharedStorageFencedFrameInteractionBrowserTest::SetUpOnMainThread();
|
||||
|
||||
// Bypass local unpartitioned data access attestation check.
|
||||
ON_CALL(browser_client(), IsFencedFramesLocalUnpartitionedDataAccessAllowed)
|
||||
.WillByDefault(testing::Return(true));
|
||||
}
|
||||
|
||||
private:
|
||||
base::test::ScopedFeatureList fenced_frame_feature_;
|
||||
};
|
||||
|
@ -61,6 +61,15 @@ using GetResult = storage::SharedStorageManager::GetResult;
|
||||
|
||||
} // namespace
|
||||
|
||||
const char kFencedFrameLocalUnpartitionedDataAccessDisabledMessage[] =
|
||||
"Fenced frame local unpartitioned data access is disabled";
|
||||
|
||||
const char
|
||||
kFencedFrameLocalUnpartitionedDataAccessWithoutRevokeNetworkMessage[] =
|
||||
"sharedStorage.get() is not allowed in a fenced frame until network "
|
||||
"access for it and all descendent frames has been revoked with "
|
||||
"window.fence.disableUntrustedNetwork()";
|
||||
|
||||
const char kSharedStorageDisabledMessage[] = "sharedStorage is disabled";
|
||||
|
||||
const char kSharedStorageSelectURLDisabledMessage[] =
|
||||
@ -212,13 +221,13 @@ void SharedStorageDocumentServiceImpl::SharedStorageGet(
|
||||
return;
|
||||
}
|
||||
|
||||
std::string debug_message;
|
||||
if (!IsSharedStorageAllowed(&debug_message)) {
|
||||
std::move(callback).Run(blink::mojom::SharedStorageGetStatus::kError,
|
||||
/*error_message=*/
|
||||
GetSharedStorageErrorMessage(
|
||||
debug_message, kSharedStorageDisabledMessage),
|
||||
/*value=*/{});
|
||||
if (!IsLocalUnpartitionedDataAccessAllowed(
|
||||
/*accessing_origin=*/render_frame_host().GetLastCommittedOrigin())) {
|
||||
std::move(callback).Run(
|
||||
blink::mojom::SharedStorageGetStatus::kError,
|
||||
/*error_message=*/
|
||||
kFencedFrameLocalUnpartitionedDataAccessDisabledMessage,
|
||||
/*value=*/{});
|
||||
return;
|
||||
}
|
||||
|
||||
@ -227,9 +236,7 @@ void SharedStorageDocumentServiceImpl::SharedStorageGet(
|
||||
std::move(callback).Run(
|
||||
blink::mojom::SharedStorageGetStatus::kError,
|
||||
/*error_message=*/
|
||||
"sharedStorage.get() is not allowed in a fenced frame until network "
|
||||
"access for it and all descendent frames has been revoked with "
|
||||
"window.fence.disableUntrustedNetwork()",
|
||||
kFencedFrameLocalUnpartitionedDataAccessWithoutRevokeNetworkMessage,
|
||||
/*value=*/{});
|
||||
return;
|
||||
}
|
||||
@ -524,6 +531,16 @@ bool SharedStorageDocumentServiceImpl::IsSharedStorageAllowedForOrigin(
|
||||
out_block_is_site_setting_specific);
|
||||
}
|
||||
|
||||
bool SharedStorageDocumentServiceImpl::IsLocalUnpartitionedDataAccessAllowed(
|
||||
const url::Origin& accessing_origin) {
|
||||
return GetContentClient()
|
||||
->browser()
|
||||
->IsFencedFramesLocalUnpartitionedDataAccessAllowed(
|
||||
render_frame_host().GetBrowserContext(), &render_frame_host(),
|
||||
/*top_frame_origin=*/main_frame_origin_,
|
||||
/*accessing_origin=*/accessing_origin);
|
||||
}
|
||||
|
||||
bool SharedStorageDocumentServiceImpl::IsSharedStorageAddModuleAllowedForOrigin(
|
||||
const url::Origin& accessing_origin,
|
||||
std::string* out_debug_message,
|
||||
|
@ -29,6 +29,10 @@ class RenderFrameHost;
|
||||
class SharedStorageWorkletHost;
|
||||
class SharedStorageWorkletHostManager;
|
||||
|
||||
extern CONTENT_EXPORT const char
|
||||
kFencedFrameLocalUnpartitionedDataAccessDisabledMessage[];
|
||||
extern CONTENT_EXPORT const char
|
||||
kFencedFrameLocalUnpartitionedDataAccessWithoutRevokeNetworkMessage[];
|
||||
extern CONTENT_EXPORT const char kSharedStorageDisabledMessage[];
|
||||
extern CONTENT_EXPORT const char kSharedStorageSelectURLDisabledMessage[];
|
||||
extern CONTENT_EXPORT const char kSharedStorageAddModuleDisabledMessage[];
|
||||
@ -108,6 +112,9 @@ class CONTENT_EXPORT SharedStorageDocumentServiceImpl final
|
||||
std::string* out_debug_message,
|
||||
bool* out_block_is_site_specific);
|
||||
|
||||
bool IsLocalUnpartitionedDataAccessAllowed(
|
||||
const url::Origin& accessing_origin);
|
||||
|
||||
bool IsSharedStorageAddModuleAllowedForOrigin(
|
||||
const url::Origin& accessing_origin,
|
||||
std::string* out_debug_message,
|
||||
|
@ -623,6 +623,14 @@ bool ContentBrowserClient::IsSharedStorageSelectURLAllowed(
|
||||
return false;
|
||||
}
|
||||
|
||||
bool ContentBrowserClient::IsFencedFramesLocalUnpartitionedDataAccessAllowed(
|
||||
content::BrowserContext* browser_context,
|
||||
content::RenderFrameHost* rfh,
|
||||
const url::Origin& top_frame_origin,
|
||||
const url::Origin& accessing_origin) {
|
||||
return false;
|
||||
}
|
||||
|
||||
bool ContentBrowserClient::IsPrivateAggregationAllowed(
|
||||
content::BrowserContext* browser_context,
|
||||
const url::Origin& top_frame_origin,
|
||||
|
@ -1129,6 +1129,14 @@ class CONTENT_EXPORT ContentBrowserClient {
|
||||
std::string* out_debug_message,
|
||||
bool* out_block_is_site_setting_specific);
|
||||
|
||||
// Allows the embedder to control if fenced frame gated Shared Storage API
|
||||
// operations can happen in a given context.
|
||||
virtual bool IsFencedFramesLocalUnpartitionedDataAccessAllowed(
|
||||
content::BrowserContext* browser_context,
|
||||
content::RenderFrameHost* rfh,
|
||||
const url::Origin& top_frame_origin,
|
||||
const url::Origin& accessing_origin);
|
||||
|
||||
// Allows the embedder to control if Private Aggregation API operations can
|
||||
// happen in a given context.
|
||||
//
|
||||
|
@ -107,6 +107,15 @@ GetSharedStorageWorkletHostManagerForStoragePartition(
|
||||
->GetSharedStorageWorkletHostManager();
|
||||
}
|
||||
|
||||
std::string GetFencedFrameLocalUnpartitionedDataAccessDisabledMessage() {
|
||||
return kFencedFrameLocalUnpartitionedDataAccessDisabledMessage;
|
||||
}
|
||||
|
||||
std::string
|
||||
GetFencedFrameLocalUnpartitionedDataAccessWithoutRevokeNetworkMessage() {
|
||||
return kFencedFrameLocalUnpartitionedDataAccessWithoutRevokeNetworkMessage;
|
||||
}
|
||||
|
||||
std::string GetSharedStorageDisabledMessage() {
|
||||
return kSharedStorageDisabledMessage;
|
||||
}
|
||||
|
@ -36,6 +36,11 @@ SharedStorageWorkletHostManager*
|
||||
GetSharedStorageWorkletHostManagerForStoragePartition(
|
||||
StoragePartition* storage_partition);
|
||||
|
||||
std::string GetFencedFrameLocalUnpartitionedDataAccessDisabledMessage();
|
||||
|
||||
std::string
|
||||
GetFencedFrameLocalUnpartitionedDataAccessWithoutRevokeNetworkMessage();
|
||||
|
||||
std::string GetSharedStorageDisabledMessage();
|
||||
|
||||
std::string GetSharedStorageSelectURLDisabledMessage();
|
||||
|
@ -524,6 +524,15 @@ bool ShellContentBrowserClient::IsSharedStorageSelectURLAllowed(
|
||||
return true;
|
||||
}
|
||||
|
||||
bool ShellContentBrowserClient::
|
||||
IsFencedFramesLocalUnpartitionedDataAccessAllowed(
|
||||
content::BrowserContext* browser_context,
|
||||
content::RenderFrameHost* rfh,
|
||||
const url::Origin& top_frame_origin,
|
||||
const url::Origin& accessing_origin) {
|
||||
return true;
|
||||
}
|
||||
|
||||
bool ShellContentBrowserClient::IsCookieDeprecationLabelAllowed(
|
||||
content::BrowserContext* browser_context) {
|
||||
return true;
|
||||
|
@ -82,6 +82,11 @@ class ShellContentBrowserClient : public ContentBrowserClient {
|
||||
const url::Origin& accessing_origin,
|
||||
std::string* out_debug_message,
|
||||
bool* out_block_is_site_setting_specific) override;
|
||||
bool IsFencedFramesLocalUnpartitionedDataAccessAllowed(
|
||||
content::BrowserContext* browser_context,
|
||||
content::RenderFrameHost* rfh,
|
||||
const url::Origin& top_frame_origin,
|
||||
const url::Origin& accessing_origin) override;
|
||||
bool IsCookieDeprecationLabelAllowed(
|
||||
content::BrowserContext* browser_context) override;
|
||||
bool IsCookieDeprecationLabelAllowedForContext(
|
||||
|
Reference in New Issue
Block a user