Closed Bug 1579753 Opened 1 year ago Closed 11 months ago

[wpt-sync] Sync PR 18921 - [NativeFileSystem] Make FileSystemHandle transferable

Categories

(Testing :: web-platform-tests, task, P4)

task

Tracking

(firefox72 fixed)

RESOLVED FIXED
mozilla72
Tracking Status
firefox72 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

()

Details

(Whiteboard: [wptsync downstream])

Attachments

(2 files)

Sync web-platform-tests PR 18921 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/18921
Details from upstream follow.

Steve Becker <stevebe@microsoft.com> wrote:

[NativeFileSystem] Make FileSystemHandle transferable

Bug: 955192

Updates postMessage() to clone FileSystemFileHandle and
FileSystemDirectoryHandle objects for same origin targets. Including
a FileSystemHandle object with a cross origin message fails by
dispatching a 'messageerror' event instead of 'message' event.

The change consists of four parts:

(1) Updates V8ScriptValueSerializerForModules to serialize
FileSystemFileHandle and FileSystemDirectoryHandle into
blink::SerializedScriptValue, by following these steps:

  • Write a tag for the handle type (file or directory).

  • Write the name of the file or directory.

  • Creates a mojom::blink::NativeFileSystemTransferTokenPtr by calling
    blink:NativeFileSystemHandle::Transfer(). This token informs the
    storage::NativeFileSystemManagerImpl that a transfer is in progress.
    The NativeFileSystemManagerImpl creates a
    NativeFileSystemTransferTokenImpl to store the information required
    to clone the handle.

  • Stores the token in
    blink::SerializedScriptValue::native_file_system_tokens_. This
    array tracks all cloned FileSystemFileHandle. The
    blink::mojom::CloneableMessage struct is also updated to hold this
    array for MessagePort and BroadcastChannels.

  • Write the index of the token in the native_file_system_tokens_
    array.

(2) Updates V8ScriptValueDeserializerForModules to deserialize
FileSystemFileHandle objects when creating clones for the message
targets. This is the inverse of (1). Deserializing uses
mojom::blink::NativeFileSystemManager to redeem the token, which
creates the mojom::blink::NativeFileSystemFileHandlePtr or
mojom::blink::NativeFileSystemDirectoryHandlePtr using the info
stored by NativeFileSystemTransferTokenImpl.

(3) Updates content::NativeFileSystemManagerImpl to support token
transfers. To redeem a token, NativeFileSystemManagerImpl receives
a mojo message that includes the token as well as a request for a
handle interface like mojom::blink::NativeFileSystemFileHandlePtr.
NativeFileSystemManagerImpl finds the token and then binds the request.
Token redemption does not return any results. Token redemption should
never fail, unless a render process is misbehaving.
NativeFileSystemManagerImpl performs a few sanity checks before binding
the mojo request, including a token existence check, a handle type
check and an origin check. If any of the sanity checks fail,
NativeFileSystemManagerImpl reports a bad mojo message and does NOT
bind the FileSystemHandle.

(4) Adds a cross origin check to window and message port messaging.
Most message targets, like dedicated workers, are same origin only.
However, both windows and message port messages can go cross origin.
When a cross origin message includes a FileSystemHandle, the message
must fail with a 'messageerror' event to prevent cross origin access
to the FileSystemHandle.

Messaging between windows already included origin information before
this change. This change adds a NativeFileSystem origin check before
dispatching a message event to a window. The message event is
replaced with a message error when a cross origin NativeFileSystem
object exists in the message data.

For message ports, no sender origin information existed before this
change. This change updates the CloneableMessage structs to
include a 'sender_origin' url::Origin property. Message ports use
this property to perform the same cross origin NativeFileSystem
check as the window.

The NativeFileSystemManagerImpl performs an additional origin check
before binding the FileSystemHandle mojo request. The
NativeFileSystemManagerImpl cannot trust the postMessage() origin
check performed in the render process.

Change-Id: Ieeb76bd8102067d70c5d7719622ecd4930c3a88f
Reviewed-on: https://chromium-review.googlesource.com/1791942
WPT-Export-Revision: 1b81510fe5982c0676ff61c09550e20c7889105b

Whiteboard: [wptsync downstream] → [wptsync downstream error]
Whiteboard: [wptsync downstream error] → [wptsync downstream]
Whiteboard: [wptsync downstream] → [wptsync downstream error]
Whiteboard: [wptsync downstream error] → [wptsync downstream]
Whiteboard: [wptsync downstream] → [wptsync downstream error]
Whiteboard: [wptsync downstream error] → [wptsync downstream]
Whiteboard: [wptsync downstream] → [wptsync downstream error]
Whiteboard: [wptsync downstream error] → [wptsync downstream]

GitHub CI Results

wpt.fyi PR Results Base Results

Ran 8 tests and 70 subtests

Firefox

OK : 8
FAIL: 70

Chrome

OK : 8
FAIL: 70

Safari

OK : 8
FAIL : 66

New tests that's don't pass

/native-file-system/native_FileSystemBaseHandle-postMessage.tentative.https.manual.window.html
Send and receive messages using a same origin window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a blob window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a dedicated worker.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a sandboxed same origin iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a shared worker.: Firefox: FAIL, Chrome: FAIL, Safari: MISSING
Send and receive messages using an iframe srcdoc.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
User granted write access.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
User succesfully selected an empty directory.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a sandboxed same origin window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a same origin iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a blob iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a service worker.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL

/native-file-system/native_FileSystemBaseHandle-postMessage-Error.tentative.https.manual.window.html
Fail to send messages to a data URI iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a cross origin window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a sandboxed window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a cross origin message port in an iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a message port in a sandboxed window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send messages using a message port in a data URI iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a message port in a sandboxed iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a cross origin message port in a window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a sandboxed iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
User succesfully selected an empty directory.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a cross origin iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
User granted write access.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL

/native-file-system/sandboxed_FileSystemBaseHandle-postMessage-MessagePort.tentative.https.window.html
Send and receive messages using a message port in a sandboxed same origin window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a same origin iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a shared worker.: Firefox: FAIL, Chrome: FAIL, Safari: MISSING
Send and receive messages using a message port in a dedicated worker.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a sandboxed same origin iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a blob iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in an iframe srcdoc.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a blob window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a same origin window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a service worker.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL

/native-file-system/sandboxed_FileSystemBaseHandle-postMessage-BroadcastChannel.tentative.https.window.html
Send and receive messages using a broadcast channel in an iframe, dedicated worker and service worker.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL

/native-file-system/native_FileSystemBaseHandle-postMessage-MessagePort.tentative.https.manual.window.html
Send and receive messages using a message port in a sandboxed same origin iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a service worker.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a sandboxed same origin window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a same origin iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a shared worker.: Firefox: FAIL, Chrome: FAIL, Safari: MISSING
User granted write access.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
User succesfully selected an empty directory.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a blob iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in an iframe srcdoc.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a blob window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a same origin window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a message port in a dedicated worker.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL

/native-file-system/sandboxed_FileSystemBaseHandle-postMessage-Error.tentative.https.window.html
Fail to send messages to a data URI iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a cross origin window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a sandboxed window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a cross origin message port in an iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a message port in a sandboxed window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send messages using a message port in a data URI iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a message port in a sandboxed iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a cross origin message port in a window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a sandboxed iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Fail to send and receive messages using a cross origin iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL

/native-file-system/native_FileSystemBaseHandle-postMessage-BroadcastChannel.tentative.https.manual.window.html
User succesfully selected an empty directory.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a broadcast channel in an iframe, dedicated worker and service worker.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
User granted write access.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL

/native-file-system/sandboxed_FileSystemBaseHandle-postMessage.tentative.https.window.html
Send and receive messages using a same origin window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a blob window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a dedicated worker.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a sandboxed same origin iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a shared worker.: Firefox: FAIL, Chrome: FAIL, Safari: MISSING
Send and receive messages using an iframe srcdoc.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a sandboxed same origin window.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a same origin iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a blob iframe.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL
Send and receive messages using a service worker.: Firefox: FAIL, Chrome: FAIL, Safari: FAIL

Automatic update from web-platform-tests
[NativeFileSystem] Make FileSystemHandle cloneable

Updates postMessage() to clone FileSystemFileHandle and
FileSystemDirectoryHandle objects for same origin targets. Including
a FileSystemHandle object with a cross origin message fails by
dispatching a 'messageerror' event instead of 'message' event.

The change consists of four parts:

(1) Updates V8ScriptValueSerializerForModules to serialize
FileSystemFileHandle and FileSystemDirectoryHandle into
blink::SerializedScriptValue, by following these steps:

  • Write a tag for the handle type (file or directory).

  • Write the name of the file or directory.

  • Creates a mojom::blink::NativeFileSystemTransferTokenPtr by calling
    blink:NativeFileSystemHandle::Transfer(). This token informs the
    storage::NativeFileSystemManagerImpl that a transfer is in progress.
    The NativeFileSystemManagerImpl creates a
    NativeFileSystemTransferTokenImpl to store the information required
    to clone the handle.

  • Stores the token in
    blink::SerializedScriptValue::native_file_system_tokens_. This
    array tracks all cloned FileSystemFileHandle. The
    blink::mojom::CloneableMessage struct is also updated to hold this
    array for MessagePort and BroadcastChannels.

  • Write the index of the token in the native_file_system_tokens_
    array.

(2) Updates V8ScriptValueDeserializerForModules to deserialize
FileSystemFileHandle objects when creating clones for the message
targets. This is the inverse of (1). Deserializing uses
mojom::blink::NativeFileSystemManager to redeem the token, which
creates the mojom::blink::NativeFileSystemFileHandlePtr or
mojom::blink::NativeFileSystemDirectoryHandlePtr using the info
stored by NativeFileSystemTransferTokenImpl.

(3) Updates content::NativeFileSystemManagerImpl to support token
transfers. To redeem a token, NativeFileSystemManagerImpl receives
a mojo message that includes the token as well as a request for a
handle interface like mojom::blink::NativeFileSystemFileHandlePtr.
NativeFileSystemManagerImpl finds the token and then binds the request.
Token redemption does not return any results. Token redemption should
never fail, unless a render process is misbehaving.
NativeFileSystemManagerImpl performs a few sanity checks before binding
the mojo request, including a token existence check, a handle type
check and an origin check. If any of the sanity checks fail,
NativeFileSystemManagerImpl silently fails closing the redeemed
FileHandle's pipe.

(4) Adds a cross origin check to window and message port messaging.
Most message targets, like dedicated workers, are same origin only.
However, both windows and message port messages can go cross origin.
When a cross origin message includes a FileSystemHandle, the message
must fail with a 'messageerror' event to prevent cross origin access
to the FileSystemHandle.

Messaging between windows already included origin information before
this change. This change adds a NativeFileSystem origin check before
dispatching a message event to a window. The message event is
replaced with a message error when a cross origin NativeFileSystem
object exists in the message data.

For message ports, no sender origin information existed before this
change. This change updates the CloneableMessage structs to
include a 'sender_origin' url::Origin property. Message ports use
this property to perform the same cross origin NativeFileSystem
check as the window.

The NativeFileSystemManagerImpl performs an additional origin check
before binding the FileSystemHandle mojo request. The
NativeFileSystemManagerImpl cannot trust the postMessage() origin
check performed in the render process.

Bug: 955192
Change-Id: Ieeb76bd8102067d70c5d7719622ecd4930c3a88f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1791942
Commit-Queue: Steve Becker <stevebe@microsoft.com>
Reviewed-by: Jeremy Roman <jbroman@chromium.org>
Reviewed-by: Yuki Shiino <yukishiino@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Olivier Yiptong <oyiptong@chromium.org>
Cr-Commit-Position: refs/heads/master@{#709407}

--

wpt-commits: 474923949524b5c05a9e6f28ec082fdca87078de
wpt-pr: 18921

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/440468a2fa92
[wpt PR 18921] - [NativeFileSystem] Make FileSystemHandle cloneable, a=testonly
https://hg.mozilla.org/integration/autoland/rev/154a7e140b2f
[wpt PR 18921] - Update wpt metadata, a=testonly
Status: NEW → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
You need to log in before you can comment on or make changes to this bug.