chromium/src
0
Fork 0
Code Activity
Files
d5ca067e2e2eb715bb4cc5426d10adfff0314a68
src/content/browser/network_service_client.h
Chris Thompson dfd934f967 Add UseCounter for potential PNA 2.0 breakage 
For our new approach to Private Network Access (PNA) restrictions, we
plan to trigger a permission prompt for requests from public sites to
private network endpoints. For HTTP subresources, the permission prompt
only works if we can _a priori_ know that the request is to a private
endpoint (so we can trigger the prompt _before_ it gets blocked as mixed
content). This CL adds a new UseCounter to track cases where:

- The request was from a non-secure context,
- The request was to a URL that is not potentially trustworthy,
- The request is to a less-public address space than the client making
  the request,
- The request, once connected, was determined to be to a private or
  local address space, and
- The request was not known a priori to be private/local.

We "a priori" know that a request is private/local if the
targetAddressSpace fetch param is specified, if the request is to a
`.local` domain, or if the request is to a private/local IP address
literal (or `localhost`).

(We restrict this breakage count to requests from non-secure contexts
only because (1) such requests from secure contexts would already be
blocked as mixed content today, but (2) PNA 2.0 will require that these
sites migrate to HTTPS in order to request permission.)

This logging is collected via `network::URLLoader::OnConnected()`
triggering a new `OnUrlLoaderConnectedToPrivateNetwork()` mojo API on
the `URLLoaderNetworkServiceObserver` (following the pattern of the
existing `OnWebSocketConnectedToPrivateNetwork()` API), which lets the
browser log the UseCounter.

Bug: 396085727
Change-Id: I9091e1d3902a4b92e6927b6cdb577d8c492c51c2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6259197
Reviewed-by: Joe Downing <joedow@chromium.org>
Reviewed-by: Kenichi Ishibashi <bashi@chromium.org>
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Hubert Chao <hchao@chromium.org>
Reviewed-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Chris Thompson <cthomp@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1420322}
2025-02-13 22:34:57 -08:00

170 lines
6.5 KiB
C++
Raw Blame History

// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_BROWSER_NETWORK_SERVICE_CLIENT_H_
#define CONTENT_BROWSER_NETWORK_SERVICE_CLIENT_H_
#include <memory>
#include <string>
#include <vector>
#include "base/memory/memory_pressure_listener.h"
#include "base/unguessable_token.h"
#include "build/build_config.h"
#include "content/browser/network/socket_broker_impl.h"
#include "mojo/public/cpp/bindings/pending_receiver.h"
#include "mojo/public/cpp/bindings/receiver.h"
#include "mojo/public/cpp/bindings/receiver_set.h"
#include "mojo/public/cpp/bindings/remote.h"
#include "net/cert/cert_database.h"
#include "services/network/public/mojom/network_change_manager.mojom.h"
#include "services/network/public/mojom/network_service.mojom.h"
#include "services/network/public/mojom/url_loader_network_service_observer.mojom.h"
#include "url/gurl.h"
#if BUILDFLAG(IS_ANDROID)
#include "base/android/application_status_listener.h"
#endif
namespace content {
class WebRtcConnectionsObserver;
class NetworkServiceClient
: public network::mojom::URLLoaderNetworkServiceObserver,
#if BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX)
public net::NetworkChangeNotifier::ConnectionTypeObserver,
public net::NetworkChangeNotifier::MaxBandwidthObserver,
public net::NetworkChangeNotifier::IPAddressObserver,
#endif
public net::CertDatabase::Observer {
public:
NetworkServiceClient();
NetworkServiceClient(const NetworkServiceClient&) = delete;
NetworkServiceClient& operator=(const NetworkServiceClient&) = delete;
~NetworkServiceClient() override;
mojo::PendingRemote<network::mojom::URLLoaderNetworkServiceObserver>
BindURLLoaderNetworkServiceObserver();
// Called when SetParams() is called on the associated network service.
void OnNetworkServiceInitialized(network::mojom::NetworkService* service);
// net::CertDatabase::Observer implementation:
void OnTrustStoreChanged() override;
void OnClientCertStoreChanged() override;
void OnMemoryPressure(
base::MemoryPressureListener::MemoryPressureLevel memory_presure_level);
// Called when there is a change in the count of media connections that
// require low network latency.
void OnPeerToPeerConnectionsCountChange(uint32_t count);
#if BUILDFLAG(IS_ANDROID)
void OnApplicationStateChange(base::android::ApplicationState state);
#endif
#if BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX)
// net::NetworkChangeNotifier::ConnectionTypeObserver implementation:
void OnConnectionTypeChanged(
net::NetworkChangeNotifier::ConnectionType type) override;
// net::NetworkChangeNotifier::MaxBandwidthObserver implementation:
void OnMaxBandwidthChanged(
double max_bandwidth_mbps,
net::NetworkChangeNotifier::ConnectionType type) override;
// net::NetworkChangeNotifier::IPAddressObserver implementation:
void OnIPAddressChanged() override;
#endif // BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX)
#if BUILDFLAG(IS_WIN)
// Called when the network service sandbox is enabled.
mojo::PendingRemote<network::mojom::SocketBroker> BindSocketBroker();
#endif
private:
// network::mojom::URLLoaderNetworkServiceObserver overrides.
void OnSSLCertificateError(const GURL& url,
int net_error,
const net::SSLInfo& ssl_info,
bool fatal,
OnSSLCertificateErrorCallback response) override;
void OnCertificateRequested(
const std::optional<base::UnguessableToken>& window_id,
const scoped_refptr<net::SSLCertRequestInfo>& cert_info,
mojo::PendingRemote<network::mojom::ClientCertificateResponder>
cert_responder) override;
void OnAuthRequired(
const std::optional<base::UnguessableToken>& window_id,
int32_t request_id,
const GURL& url,
bool first_auth_attempt,
const net::AuthChallengeInfo& auth_info,
const scoped_refptr<net::HttpResponseHeaders>& head_headers,
mojo::PendingRemote<network::mojom::AuthChallengeResponder>
auth_challenge_responder) override;
void OnPrivateNetworkAccessPermissionRequired(
const GURL& url,
const net::IPAddress& ip_address,
const std::optional<std::string>& private_network_device_id,
const std::optional<std::string>& private_network_device_name,
OnPrivateNetworkAccessPermissionRequiredCallback callback) override;
void OnClearSiteData(
const GURL& url,
const std::string& header_value,
int load_flags,
const std::optional<net::CookiePartitionKey>& cookie_partition_key,
bool partitioned_state_allowed_only,
OnClearSiteDataCallback callback) override;
void OnLoadingStateUpdate(network::mojom::LoadInfoPtr info,
OnLoadingStateUpdateCallback callback) override;
void OnDataUseUpdate(int32_t network_traffic_annotation_id_hash,
int64_t recv_bytes,
int64_t sent_bytes) override;
void OnSharedStorageHeaderReceived(
const url::Origin& request_origin,
std::vector<network::mojom::SharedStorageModifierMethodWithOptionsPtr>
methods_with_options,
const std::optional<std::string>& with_lock,
OnSharedStorageHeaderReceivedCallback callback) override;
void Clone(
mojo::PendingReceiver<network::mojom::URLLoaderNetworkServiceObserver>
listener) override;
void OnWebSocketConnectedToPrivateNetwork(
network::mojom::IPAddressSpace ip_address_space) override;
void OnUrlLoaderConnectedToPrivateNetwork(
const GURL& request_url,
network::mojom::IPAddressSpace response_address_space,
network::mojom::IPAddressSpace client_address_space,
network::mojom::IPAddressSpace target_address_space) override;
std::unique_ptr<base::MemoryPressureListener> memory_pressure_listener_;
std::unique_ptr<WebRtcConnectionsObserver> webrtc_connections_observer_;
#if BUILDFLAG(IS_ANDROID)
std::unique_ptr<base::android::ApplicationStatusListener>
app_status_listener_;
#endif
#if BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX)
mojo::Remote<network::mojom::NetworkChangeManager> network_change_manager_;
#endif // BUILDFLAG(IS_ANDROID)
#if BUILDFLAG(IS_WIN)
SocketBrokerImpl socket_broker_;
#endif // BUILDFLAG(IS_WIN)
mojo::ReceiverSet<network::mojom::URLLoaderNetworkServiceObserver>
url_loader_network_service_observers_;
};
} // namespace content
#endif // CONTENT_BROWSER_NETWORK_SERVICE_CLIENT_H_
View Git Blame Copy Permalink