Closed Bug 1603969 Opened 1 year ago Closed 1 year ago

After storage access is granted on google docs, we still end up blocking content

Categories

(Core :: Privacy: Anti-Tracking, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla73
Tracking Status
firefox73 --- fixed

People

(Reporter: ehsan, Assigned: baku)

References

Details

Attachments

(4 files, 1 obsolete file)

Please see this pernosco recording, there is a notebook explaining the sequence of events.

After the storage access API grants storage access to the https://docs.google.com iframe, it tries to load an image from https://ssl.gstatic.com, and that fails, because we use the origin of the image load as the "granted origin" when creating the permission type, and we end up checking the 3rdPartyStorage^https://docs.google.com^https://ssl.gstatic.com permission instead of 3rdPartyStorage^https://docs.google.com.

This means that effectively once storage access is granted through the storage access API (or our heuristics), the third-party still has limited storage access and it has no way out of that, since the only way to create a 3rdPartyStorage^https://docs.google.com^https://ssl.gstatic.com is with our window.open heuristics...

This bug also causes us to not show the "Allowed" label in the Protections UI because there are blocking events logged after the unblocked event related to the permission being granted.

I tested and in Safari once storage access has been granted other subresources gain storage access as well.

Andrea, why do we need this specific logic again? It seems that a simple patch to remove this logic is green on try, and that fixes this bug.

Flags: needinfo?(amarchesini)

Before answering, I want to test something. I submitted a patch to the tryserver.

Assignee: ehsan → amarchesini
Flags: needinfo?(amarchesini)

Granted origins cause a third-party tracker browsing context to not get
full first-party storage access after successfully calling the storage
access API or a heuristic granting ephemeral access.

For example, after https://tracker.example calls the storage access API
successfully in the third-party context, they embed
https://other-tracker.example, and that load fails because of ETP
restrictions. Here what happens is that https://other-tracker.example
is mistakenly considered the granted origin, and because such a
permission doesn't exist, access is denied.

This permission manager migration drops the granted origin part of the
permission type.

Attachment #9116369 - Attachment is obsolete: true
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/450eec13d73e
Part 0: Add a moz.build dependency for trackingPage.html used in browser_protections_UI.js; r=baku
https://hg.mozilla.org/integration/autoland/rev/8c3bb23a048b
Part 1: Remove the concept of granted origins from the anti-tracking backend; r=baku
https://hg.mozilla.org/integration/autoland/rev/18bf461b9630
Part 2: Update existing 'storageAccessAPI' permissions with granted origin used in them; r=baku
https://hg.mozilla.org/integration/autoland/rev/959f12e42db9
Part 3: Add an automated test to ensure that after storage access has been granted, the third-party is allowed to load images from tracking origins; r=baku

Backed out 4 changesets (bug 1603969) for failing at /browser_startup_mainthreadio.js on a CLOSED TREE.

Backout link: https://hg.mozilla.org/integration/autoland/rev/f60e166c3880576e028cf0a7cb996c389318c821

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception&revision=959f12e42db9ee90892404e748f0cd06d8a82cc8&selectedJob=281765789

Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=281765789&repo=autoland&lineNumber=1867

Log snippet:

[task 2019-12-18T18:06:52.074Z] 18:06:52 INFO - TEST-PASS | browser/base/content/test/performance/browser_startup_mainthreadio.js | fsync on /private/var/folders/qt/hzgm5cs11kb6bnh26gfs397w000017/T/tmpGn3TM5.mozrunner/permissions.sqlite-journal allowed 7 more times before opening first browser window -
[task 2019-12-18T18:06:52.074Z] 18:06:52 INFO - TEST-PASS | browser/base/content/test/performance/browser_startup_mainthreadio.js | stat on /private/var/folders/qt/hzgm5cs11kb6bnh26gfs397w000017/T/tmpGn3TM5.mozrunner/permissions.sqlite-journal allowed 26 more times before opening first browser window -
[task 2019-12-18T18:06:52.074Z] 18:06:52 INFO - Buffered messages finished
[task 2019-12-18T18:06:52.074Z] 18:06:52 INFO - TEST-UNEXPECTED-FAIL | browser/base/content/test/performance/browser_startup_mainthreadio.js | write on /private/var/folders/qt/hzgm5cs11kb6bnh26gfs397w000017/T/tmpGn3TM5.mozrunner/permissions.sqlite-journal 2 more times than expected before opening first browser window -
[task 2019-12-18T18:06:52.074Z] 18:06:52 INFO - Stack trace:
[task 2019-12-18T18:06:52.074Z] 18:06:52 INFO - chrome://mochikit/content/browser-test.js:test_ok:1292
[task 2019-12-18T18:06:52.074Z] 18:06:52 INFO - chrome://mochitests/content/browser/browser/base/content/test/performance/browser_startup_mainthreadio.js:null:898
[task 2019-12-18T18:06:52.074Z] 18:06:52 INFO - chrome://mochikit/content/browser-test.js:Tester_execTest/<:1062
[task 2019-12-18T18:06:52.074Z] 18:06:52 INFO - chrome://mochikit/content/browser-test.js:Tester_execTest:1097
[task 2019-12-18T18:06:52.078Z] 18:06:52 INFO - chrome://mochikit/content/browser-test.js:nextTest/<:925
[task 2019-12-18T18:06:52.078Z] 18:06:52 INFO - chrome://mochikit/content/tests/SimpleTest/SimpleTest.js:SimpleTest.waitForFocus/waitForFocusInner/focusedOrLoaded/<:808

Flags: needinfo?(ehsan)
Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a334451b95eb
Part 0: Add a moz.build dependency for trackingPage.html used in browser_protections_UI.js; r=baku
https://hg.mozilla.org/integration/autoland/rev/c5ad252c525b
Part 1: Remove the concept of granted origins from the anti-tracking backend; r=baku
https://hg.mozilla.org/integration/autoland/rev/2c0198f3506c
Part 2: Update existing 'storageAccessAPI' permissions with granted origin used in them; r=baku
https://hg.mozilla.org/integration/autoland/rev/c4d79087eef1
Part 3: Add an automated test to ensure that after storage access has been granted, the third-party is allowed to load images from tracking origins; r=baku

Backed out 4 changesets (bug 1603969) for failing at /browser_startup_mainthreadio.js on a CLOSED TREE.

Backout link: https://hg.mozilla.org/integration/autoland/rev/8e4bf1412364d275c57c29a03a0d4ed3964042b7

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception&revision=c4d79087eef1bbdf20ab8ec5033aadb9cfde370c&selectedJob=281817256

Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=281817256&repo=autoland&lineNumber=2226

Log snippet:
[task 2019-12-18T23:37:43.500Z] 23:37:43 INFO - TEST-PASS | browser/base/content/test/performance/browser_startup_mainthreadio.js | stat on C:\Users\task_1576711785\AppData\Local\Temp\tmp_rqevv.mozrunner\cookies.sqlite-wal as many times as expected before opening first browser window -
[task 2019-12-18T23:37:43.501Z] 23:37:43 INFO - Buffered messages finished
[task 2019-12-18T23:37:43.501Z] 23:37:43 INFO - TEST-UNEXPECTED-FAIL | browser/base/content/test/performance/browser_startup_mainthreadio.js | fsync on C:\Users\task_1576711785\AppData\Local\Temp\tmp_rqevv.mozrunner\permissions.sqlite 1 more times than expected before opening first browser window -
[task 2019-12-18T23:37:43.501Z] 23:37:43 INFO - Stack trace:
[task 2019-12-18T23:37:43.501Z] 23:37:43 INFO - chrome://mochikit/content/browser-test.js:test_ok:1292
[task 2019-12-18T23:37:43.501Z] 23:37:43 INFO - chrome://mochitests/content/browser/browser/base/content/test/performance/browser_startup_mainthreadio.js:null:898
[task 2019-12-18T23:37:43.502Z] 23:37:43 INFO - chrome://mochikit/content/browser-test.js:Tester_execTest/<:1062
[task 2019-12-18T23:37:43.502Z] 23:37:43 INFO - chrome://mochikit/content/browser-test.js:Tester_execTest:1097
[task 2019-12-18T23:37:43.502Z] 23:37:43 INFO - chrome://mochikit/content/browser-test.js:nextTest/<:925
[task 2019-12-18T23:37:43.502Z] 23:37:43 INFO - chrome://mochikit/content/tests/SimpleTest/SimpleTest.js:SimpleTest.waitForFocus/waitForFocusInner/focusedOrLoaded/<:808
[task 2019-12-18T23:37:43.502Z] 23:37:43 INFO - TEST-PASS | browser/base/content/test/performance/browser_startup_mainthreadio.js | read on C:\Users\task_1576711785\AppData\Local\Temp\tmp_rqevv.mozrunner\permissions.sqlite as many times as expected before opening first browser window -
[task 2019-12-18T23:37:43.502Z] 23:37:43 INFO - TEST-PASS | browser/base/content/test/performance/browser_startup_mainthreadio.js | stat on C:\Users\task_1576711785\AppData\Local\Temp\tmp_rqevv.mozrunner\permissions.sqlite as many times as expected before opening first browser window -
[task 2019-12-18T23:37:43.503Z] 23:37:43 INFO - TEST-PASS | browser/base/content/test/performance/browser_startup_mainthreadio.js | write on C:\Users\task_1576711785\AppData\Local\Temp\tmp_rqevv.mozrunner\permissions.sqlite allowed 2 more times before opening first browser window -
[task 2019-12-18T23:37:43.503Z] 23:37:43 INFO - Not taking screenshot here: see the one that was previously logged

Pushed by eakhgari@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b334df2b9432
Part 0: Add a moz.build dependency for trackingPage.html used in browser_protections_UI.js; r=baku
https://hg.mozilla.org/integration/autoland/rev/e9201bce4739
Part 1: Remove the concept of granted origins from the anti-tracking backend; r=baku
https://hg.mozilla.org/integration/autoland/rev/90cfe8b05b7f
Part 2: Update existing 'storageAccessAPI' permissions with granted origin used in them; r=baku
https://hg.mozilla.org/integration/autoland/rev/9f5b767d83ed
Part 3: Add an automated test to ensure that after storage access has been granted, the third-party is allowed to load images from tracking origins; r=baku
Flags: needinfo?(ehsan)
You need to log in before you can comment on or make changes to this bug.