Explainer: https://github.com/WICG/shared-storage/pull/199
Key points:
- `SharedStorageWorkletNavigator` is a new interface that only
supports `locks`. Implementation-wise, we inherit NavigatorBase
so it's compatible with the LockManager implementation. Some
methods are obviously unreachable (e.g. GetAcceptLanguages()).
- Add the member `LockManager<OriginLockGroupId> lock_manager_;` to
SharedStorageWorkletHostManager: The locks have a shared storage
specific scope (separate from the Window/Worker locks), and are
further partitioned by shared storage origin.
Bug: 373899210
Change-Id: I9908962949088356c2a61c1556183ccd5772985f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5937903
Reviewed-by: Ayu Ishii <ayui@chromium.org>
Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org>
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Commit-Queue: Yao Xiao <yaoxia@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1370865}
There are now three directories containing origin trial-related
mojoms under third_party/blink/public/mojom:
- origin_trials
- origin_trial_state
- origin_trial_feature
There doesn't seem to be any technical reason for the separation.
Instead, it seems to be coincidental from different teams landing code
at different times (including renames).
To improve cohesion, the intent is to move all the mojoms into one
directory, specifically `origin_trials`. This CL removes the `origin_trial_state` directory, as a first step.
Change-Id: I355fb7120efa51e6d881f3045f527ff173d9c142
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5925798
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Joe Mason <joenotcharles@google.com>
Commit-Queue: Jason Chase <chasej@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1369481}
As of this CL, WebNN will no longer use ChromeOS's ModelLoader API from
the ML Service to execute TFLite models. ChromeOS will use the same
copy of TFLite that's used on other platforms (the one that's shipped
with the browser)
This removes the only consumer of the ModelLoader API, so that
interface will be removed in a follow-up CL
Bug: 350407897
Change-Id: I3ea5a7e2796d9ca3216008d005985412658cc8e1
Cq-Include-Trybots: luci.chromium.try:mac14-blink-rel,win11-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5868415
Reviewed-by: Alex Gough <ajgo@chromium.org>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Kyle Charbonneau <kylechar@chromium.org>
Commit-Queue: Austin Sullivan <asully@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1356602}
Add indexed_db namespace and remove IndexedDB prefix from many classes.
The indexed_db namespace already existed but was used sparingly. Use it
more thoroughly in //content/browser/indexed_db and
//components/services/storage/indexed_db
Bug: none
Change-Id: Id4bb701a86bd25645737bd045b71d4964adef422
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5854146
Reviewed-by: Mike Wasserman <msw@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: John Lee <johntlee@chromium.org>
Commit-Queue: Evan Stade <estade@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1355379}
Why:
This change will allow the reuse of existing components that already
utilize BrowserInterfaceBroker for Mojo connection setup. One
potential example is blink::LockManager for Web Locks API support,
which sets up a mojom::blink::LockManager connection. Regardless,
the BrowserInterfaceBroker provides a streamlined approach to
bootstrap Mojo service connections.
Note:
- 1. No behavior change -- I went through the caller sites for
WorkletGlobalScope::GetBrowserInterfaceBroker() and identified
ukm::mojom::UkmRecorderFactory as the only potential interface that
can be requested within a SharedStorageWorklet. To maintain code
simplicity, we avoid special-casing renderer logic and disable
ukm::mojom::UkmRecorderFactory on the browser side.
- 2. Other usages appear to originate from non-(SharedStorage)Worklet
contexts. If any usages were overlooked, this could lead to
renderer crashes. We will actively monitor overall crash reports
to promptly address any issues arising from this change.
Bug: 365578420
Change-Id: Ie0df93761f3194b6a90a4b7e7b867a43047a69b9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5847692
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Yao Xiao <yaoxia@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1355290}
Stops guarding code behind kAnchorElementInteraction, which has been
enabled for more than a year and is now only being used for two
parameters. Removes kAnchorElementMouseMotionEstimator which was
always enabled by default.
Change-Id: I4dfd95879260947681d3e2b2a89c96cf3846f1bb
Bug: 40268716
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5845653
Reviewed-by: danakj <danakj@chromium.org>
Commit-Queue: Adithya Srinivasan <adithyas@chromium.org>
Reviewed-by: Jeremy Roman <jbroman@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1353320}
This is a reland of commit d37f2ff988
Now we are adding AITextSessionSet either as a DocumentUserData (for
document) or SupportsUserData::Data (for workers). There is at most
1 AITextSessionSet per BucketContext, but we can create multiple
AITextSessions and store them in the AITestSessionSet. This solves
the problem that causes the revert of the previous CL.
There is also some refactor done to make the code more organized,
and easier for future changes to support more AI features.
Please compare patch set 7 against patch set 1 for the change.
Original change's description:
> Prompt API: bind the lifetime of AITextSession to the BucketContext
>
> According to the guideline, it's discouraged to bind a document-scoped
> object to the receiver, since the IPC connection may be kept beyond
> the document's life time.
>
> In this CL, the AITextSession object will own the receiver, and it
> will be either
> - added to the BucketContext through SupportsUserData if it's for
> workers, or
> - wrapped in a DocumentUserData if it's for document.
>
> More information can be found from this doc: https://docs.google.com/document/d/1oVIEXqqjBEEq5VqPgQXiHfN5u8fKDz6IAf-AczJGXIU
>
> Bug: 356809696
> Change-Id: I42e04f2729c6330433e745f88379a134db191b73
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5759567
> Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
> Reviewed-by: Tsuyoshi Horo <horo@chromium.org>
> Commit-Queue: Mingyu Lei <leimy@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1339002}
Bug: 356809696
Change-Id: I59553fb27929ba8a40b8c14dc0d919135722e8f1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5775466
Reviewed-by: Jiacheng Guo <gjc@google.com>
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Commit-Queue: Mingyu Lei <leimy@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Reviewed-by: Tsuyoshi Horo <horo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1342131}
This reverts commit d37f2ff988.
Reason for revert: DocumentService should be used instead of DocumentUserData
Original change's description:
> Prompt API: bind the lifetime of AITextSession to the BucketContext
>
> According to the guideline, it's discouraged to bind a document-scoped
> object to the receiver, since the IPC connection may be kept beyond
> the document's life time.
>
> In this CL, the AITextSession object will own the receiver, and it
> will be either
> - added to the BucketContext through SupportsUserData if it's for
> workers, or
> - wrapped in a DocumentUserData if it's for document.
>
> More information can be found from this doc: https://docs.google.com/document/d/1oVIEXqqjBEEq5VqPgQXiHfN5u8fKDz6IAf-AczJGXIU
>
> Bug: 356809696
> Change-Id: I42e04f2729c6330433e745f88379a134db191b73
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5759567
> Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
> Reviewed-by: Tsuyoshi Horo <horo@chromium.org>
> Commit-Queue: Mingyu Lei <leimy@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1339002}
Bug: 356809696
Change-Id: I6327617ff5b15746a2ef30b6d5d7866539f1ef07
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5775762
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Owners-Override: Rakina Zata Amni <rakina@chromium.org>
Commit-Queue: Rakina Zata Amni <rakina@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1339478}
According to the guideline, it's discouraged to bind a document-scoped
object to the receiver, since the IPC connection may be kept beyond
the document's life time.
In this CL, the AITextSession object will own the receiver, and it
will be either
- added to the BucketContext through SupportsUserData if it's for
workers, or
- wrapped in a DocumentUserData if it's for document.
More information can be found from this doc: https://docs.google.com/document/d/1oVIEXqqjBEEq5VqPgQXiHfN5u8fKDz6IAf-AczJGXIU
Bug: 356809696
Change-Id: I42e04f2729c6330433e745f88379a134db191b73
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5759567
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Reviewed-by: Tsuyoshi Horo <horo@chromium.org>
Commit-Queue: Mingyu Lei <leimy@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1339002}
We've already disallowed RTCPeerConnection in fenced frames in the
renderer (behind a flag). This should prevent WebRTC P2P connections from being established legitimately. See renderer CL here:
https://chromium-review.googlesource.com/c/chromium/src/+/5527514
However, we should have an extra layer of protection in the browser
to defend against a compromised renderer. This change prevents
the browser from binding a P2PSocketManager in the network service
if the corresponding frame is in a fenced frame tree. Essentially
we've severed the connection between the fenced frame and the
network service by using the browser as an intermediary, so that
no P2P connections can be established within the frame.
This does feel like a roundabout way to achieve the desired behavior. However, from what I can tell, RTCPeerConnection doesn't have a "host object" in the browser, and creating peer-to-peer sockets occurs directly between the renderer and the network service via IPC[1]. So blocking that IPC connection from being established in the trusted browser process seemed like the next best thing.
I don't think there's a great way to test this change, since the renderer already prevents p2p communication, so a browsertest that tries to exercise the RTCPeerConnection API won't provide additional coverage. Additionally, we can't probe the network service to see if the P2PSocketManager exists or not.
[1]: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/platform/p2p/ipc_socket_factory.cc;drc=b0b102b6582fe1fca4a5eb6b156f198113674ec7;l=392
Change-Id: I492ab7bd7e900a0ca009e9a880c871a77d9ee76a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5672111
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Guido Urdaneta <guidou@chromium.org>
Commit-Queue: Andrew Verge <averge@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1322704}
For now it exposes the same method as the PressureManager Mojo interface
in //services, but they will ultimately diverge when the latter starts
supporting virtual pressure sources.
Make Blink's FakePressureService inherit from WebPressureManager, not
//service's PressureManager. SetBinderForTesting() can only intercept
requests from Blink, which means it should be intercepting attempts to
connect to the WebPressureManager interface instead.
Bug: 347031400
Change-Id: I19da6513c2e5328780ea0f7ec9bc66e4ce9d9e26
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5660418
Reviewed-by: Arnaud Mandy <arnaud.mandy@intel.com>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: danakj <danakj@chromium.org>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Commit-Queue: Raphael Kubo Da Costa <raphael.kubo.da.costa@intel.com>
Cr-Commit-Position: refs/heads/main@{#1321579}
This field is:
* Unsafe in presence of Oilpan (see https://crbug.com/40261265)
* Not actually used - there are no callers of
`AgentGroupScheduler::GetBrowserInterfaceBroker`. This method was
added in https://crrev.com/c/2677585 and AFAICT no callers have ever
been added later - for example this command finds no other commits:
`git log -S AgentSched -- content/browser/browser_interface_binders.cc`
Removing this field also helps to make progress on
https://crbug.com/41482945 - this field is related to 1 out of 5 callers
of `BrowserInterfaceBrokerProxy::Bind` and the linked bug requires
passing `ContextLifecycleNotifier` to `HeapMojoRemote`. I note that
`AgentGroupSchedulerImpl::BindInterfaceBroker` seems to be the only
caller of `BrowserInterfaceBrokerProxy::Bind` which doesn't have a 1:1
relationship with a `ContextLifecycleNotifier` (which IIUC roughly
corresponds to the `ExecutionContext`). The other callers are 1)
constructor of `WorkerGlobalScope`, 2) constructor of
`content::RenderFrameImpl`, 3)
`MojoBindingContext::SetMojoJSInterfaceBroker` (we ignore here
`GetEmptyBrowserInterfaceBroker` which doesn't actually need to bind an
actual mojo remote).
Fixed: 40261265
Bug: 41482945
Change-Id: Id07826bb008bea6157a30868a56ad05ad3bbc675
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5646657
Reviewed-by: Francois Pierre Doray <fdoray@chromium.org>
Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
Auto-Submit: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Emily Stark <estark@chromium.org>
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Scott Haseley <shaseley@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1319775}
This CL adds an "Inspect" action in chrome://indexeddb-internals
for each client (tab/worker) making IDB transactions.
Web developers can use this to identify the exact tab that
transactions originated from.
Bug: 336960312
Fuchsia-Binary-Size: Uncompressed growth (8K) is below threshold
Change-Id: Ib8452afb421bb95781d2e9bcf908d56d531e01ce
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5607565
Reviewed-by: Brad Triebwasser <btriebw@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Evan Stade <estade@chromium.org>
Commit-Queue: Abhishek Shanthkumar <abhishek.shanthkumar@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#1318574}
The prompt API is now able to run on shared workers and service
workers. This CL also adds some WPTs to test that using the mock
implementation of AIManager.
Bug: 342939487
Change-Id: Ib615497d49403b64930dc99cf6005f28a17d4d14
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5613194
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Commit-Queue: Mingyu Lei <leimy@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1315035}
This CL adds a mock implementation of model_execution from //content,
so we can write WPT for the API.
Bug: 330833021
Change-Id: I83ffd0d0438629864701e1d65d93cbe27f4363c1
Fuchsia-Binary-Size: The increase looks quite random, and this CL is only adding a mock implementation.
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5440485
Reviewed-by: Fergal Daly <fergal@chromium.org>
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Commit-Queue: Mingyu Lei <leimy@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1286344}
This CL:
- Moves the real world identity code out of
federated_auth_request_impl.cc
- Changes credentials_container.cc to route through
mojom::blink::DigitalIdentityRequest instead of through
mojom::blink::FederatedAuthRequest
BUG=1524182
Change-Id: I4db090cef50994b0ee4edc1038b7a6b57afc585b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5259483
Commit-Queue: Peter Kotwicz <pkotwicz@chromium.org>
Reviewed-by: danakj <danakj@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1257562}
It's becoming clear that the posture is not a global state. On Android
the posture is tied to an Activity : for example an Android Activity can
be on an external screen or two Chrome instances side by side and Android does not return the physical posture of the device. While right now Windows is a global state we can imagine scenarios like this where the "logical" posture doesn't match the physical posture.
This patch moves the device_posture mojo implementation out of services/. This means that now it is attached to a given web content. This allows us to simplify some of the implementation now that we can assume the receivers are from the same web content.
Also now that we are in the content/ layer we can directly hook into the device posture classes to implement the viewport segments support in RWHA.
Bug: 1517764
Change-Id: I173d6913d953134dc6f1973d511b5e874de38158
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5202826
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Bo Liu <boliu@chromium.org>
Commit-Queue: Alexis Menard <alexis.menard@intel.com>
Cr-Commit-Position: refs/heads/main@{#1253273}
https://crrev.com/ab904a46 added the ability to use the
'publickey-credentials-create' permissions policy for WebAuthn
credential creation in a cross-origin iframe. However, if the
credential was for SPC (i.e., has the "payment" extension
specified), it still required the 'payment' permission policy.
This CL changes it so that SPC credential creation can occur in a
cross-origin iframe that has *either* the 'payment' (for backwards
compatibility) or 'publickey-credentials-create' policy.
In order to have content/browser/webauth/webauth_browsertest.cc
cover SPC credential creation, we needed //content to have some
sort of PaymentCredential mojo service. As such, this CL also adds
a stub PaymentCredential service for //content (which is overridden
with the real version for //chrome). This has the side effect of
making a WPT test start passing (as it was only failing due to the
lack of a //content hook for the given mojo API).
The change is still behind the
WebAuthnAllowCreateInCrossOriginFrame flag.
Bug: 1512605
Change-Id: Icfd61c5c294e85a5c273b2ff8ccca13e1070dab6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5141746
Commit-Queue: Stephen McGruer <smcgruer@chromium.org>
Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1248755}
Adds blink::mojom::ModelManager implementation and binding logic from
the browser process. It has 1-to-1 association with the RFH and provides
method to create new session.
of the API, more test will be added when it's more finalized.
Bug: 1513585
Low-Coverage-Reason: TESTS_IN_SEPARATE_CL this is an early prototype
Change-Id: I26ae7b2c9b7f563c9fd8295b4411c56b283e0aef
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5143649
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Clark DuVall <cduvall@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Commit-Queue: Mingyu Lei <leimy@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1247009}
Moves the c++ definition of this feature to mojo, and annotates
the key interfaces with RuntimeFeature= attribute to gate use
and serialization on the feature state.
Note: moves {ml_graph_test_mojo.cc => ml_graph_mojo_test.cc} to
allow blink presubmits to ignore the file.
DanglingUntriaged-notes: renaming existing file.
Bug: 1273291
Change-Id: I6b8dd360945ae1f70dcf0ba1502feb1bdded4fef
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5120103
Reviewed-by: Peter McNeeley <petermcneeley@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Jiewei Qian <qjw@chromium.org>
Reviewed-by: Dominic Farolino <dom@chromium.org>
Reviewed-by: Erik Chen <erikchen@chromium.org>
Reviewed-by: Bo Liu <boliu@chromium.org>
Reviewed-by: Mustafa Emre Acer <meacer@chromium.org>
Reviewed-by: ningxin hu <ningxin.hu@intel.com>
Cr-Commit-Position: refs/heads/main@{#1238848}
This CL splits PressureServiceImpl into PressureServiceBase and
PressureServiceForFrame. PressureServiceBase holds common functions
for both frame and workers. PressureServiceForFrame holds functions
only for frame. There will be a class named PressureServiceForWorker
holding functions only for workers.
Bug: 1500467
Change-Id: I877eb3b3b7310a3b79c4d5bd916986c2fafb9be8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4951054
Reviewed-by: Sam McNally <sammc@chromium.org>
Reviewed-by: Raphael Kubo Da Costa <raphael.kubo.da.costa@intel.com>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Commit-Queue: Wei4 Wang <wei4.wang@intel.com>
Cr-Commit-Position: refs/heads/main@{#1237347}
This CL partially reverts commit [1] to re-route CP through
content/browser. The reason for revert is: privacy test is currently
done in Blink. However, we can not get enough information to implement
improved privacy test [2] in Blink. So we should re-route CP through
content/browser first, then we can move privacy test from Blink to
content/browser.
This CL reuses existing mojom IPC (mojom.PressureClient and
mojom.PressureManager) on both sides of the browser module. The code
path is as follows:
blink::PressureObserverManager -> mojom.PressureManager
-> content::PressureServiceImpl -> mojom.PressureManager
-> device::PressureManagerImpl
device::PressureManagerImpl -> mojom.PressureClient
-> content::PressureClientImpl-> mojom.PressureClient
-> blink::PressureClientImpl
[1] https://chromium-review.googlesource.com/c/chromium/src/+/4126666
[2] https://github.com/w3c/compute-pressure/pull/238/files
Bug: 1500467
Change-Id: I8ce020a796a275c0851e5927f920c95391822d51
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4945517
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Raphael Kubo Da Costa <raphael.kubo.da.costa@intel.com>
Commit-Queue: Wei4 Wang <wei4.wang@intel.com>
Cr-Commit-Position: refs/heads/main@{#1237327}
