Closed Bug 1724376 Opened 3 years ago Closed 3 years ago

Add a privileged non-document requestStorageAccess API for Shims

Categories

(Core :: Privacy: Anti-Tracking, enhancement, P1)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
95 Branch
Tracking Flags:
Tracking Status
firefox95 --- fixed

People

(Reporter: johannh, Assigned: timhuang)

References

(Blocks 3 open bugs)

Details

Attachments

(10 files, 4 obsolete files)

Bug 1724376 - Part 1: Add a new storage access grant reason for the privilege API. r?dimi!,pbz!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1724376 - Part 2: Add a RejectForeignAllowList::Check() for principal. r?dimi!,pbz!,sstreich!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1724376 - Part 3: Add ContentBlocking::CheckTrackerForPrincipal(). r?dimi!,pbz!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1724376 - Part 4: Add a ContentBlocking::AsyncShouldAllowAccessFor(). r?dimi!,pbz!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1724376 - Part 5: Add support of calling ContentBlocking::AllowAccessFor() for the privilege request storage access API. r?dimi!,pbz!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1724376 - Part 6: Implement StorageAccess::AsyncStorageDisabledByAntiTracking(). r?dimi,pbz!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1724376 - Part 7: Implement Document::RequestStorageAccessForOrigin() r?pbz,dimi
48 bytes, text/x-phabricator-request
Details | Review
Bug 1724376 - Part 8: Use the given origin of the privilege API as the third-party origin in the storage access prompt. r?pbz
48 bytes, text/x-phabricator-request
Details | Review
Bug 1724376 - Part 9: Add a test for the privilege storage access API. r?pbz
48 bytes, text/x-phabricator-request
Details | Review
Bug 1724376 - Part 10: Only expose the privilege SSA to system prinicpal and content scripts of webcompt extension. r?dimi
48 bytes, text/x-phabricator-request
Details | Review

As a way of mitigating some of the breakage we've seen with dFPI without compromising on user privacy or giving websites unfair advantages, we want to write shims that call the Storage Access API on behalf of a website. To avoid some of the complexity of creating a third-party iframe and modifying the site's UI, we'd like to create a new API only accessible to privileged WebExtensions. The function signature could look something like this:

document.requestStorageAccessForOrigin(String origin) -> Promise

where origin would be the origin of the third party, which would then request access for the top-level BC of document. In the regular web-exposed rSA, document belongs to the third-party iframe. We don't want that here since this API is expected to be most frequently called outside of the correct iframe.

Note that this is just a hand-wavy suggestion from me, there might be reasons for the API to e.g. not live on the document or have another shape. It shouldn't really matter as long as we meet the requirements outlined here :)

Besides this special signature, this API should still enforce the same requirements such as user interaction and the automatic grant for up to 5 first-party origins before prompting.

Assignee: nobody → tihuang

To differentiate the privilege API calls, we need to add a new grant
reason for it.

We add a ContentBlocking::CheckTrackerForPrincipal() which checks
whether a principal belongs to a tracker.

Depends on D123800

To differentiate the privilege API calls, we need to add a new grant
reason for it.

We add a ContentBlocking::CheckTrackerForPrincipal() which checks
whether a principal belongs to a tracker.

Depends on D123804

Attachment #9238219 - Attachment is obsolete: true
Attachment #9238220 - Attachment is obsolete: true
Attachment #9238221 - Attachment is obsolete: true
Attachment #9238222 - Attachment is obsolete: true
Attachment #9238223 - Attachment description: WIP: Bug 1724376 - Part 1: Add a new storage access grant reason for the privilege API. r?dimi → Bug 1724376 - Part 1: Add a new storage access grant reason for the privilege API. r?dimi!,pbz!
Attachment #9238224 - Attachment description: WIP: Bug 1724376 - Part 2: Add a RejectForeignAllowList::Check() for principal. r?dimi → Bug 1724376 - Part 2: Add a RejectForeignAllowList::Check() for principal. r?dimi!,pbz!
Attachment #9238225 - Attachment description: WIP: Bug 1724376 - Part 3: Add ContentBlocking::CheckTrackerForPrincipal(). r?dimi → Bug 1724376 - Part 3: Add ContentBlocking::CheckTrackerForPrincipal(). r?dimi!,pbz!
Attachment #9238226 - Attachment description: WIP: Bug 1724376 - Part 4: Add a ContentBlocking::AsyncShouldAllowAccessFor(). r?dimi → Bug 1724376 - Part 4: Add a ContentBlocking::AsyncShouldAllowAccessFor(). r?dimi!,pbz!
Attachment #9238227 - Attachment description: WIP: Bug 1724376 - Part 5: Add support of calling ContentBlocking::AllowAccessFor() for the privilege request storage access API. r?dimi → Bug 1724376 - Part 5: Add support of calling ContentBlocking::AllowAccessFor() for the privilege request storage access API. r?dimi!,pbz!
Attachment #9238228 - Attachment description: WIP: Bug 1724376 - Part 6: Implement StorageAccess::AsyncStorageDisabledByAntiTracking(). r?dimi,pbz! → Bug 1724376 - Part 6: Implement StorageAccess::AsyncStorageDisabledByAntiTracking(). r?dimi,pbz!
Attachment #9238229 - Attachment description: WIP: Bug 1724376 - Part 7: Implement Document::RequestStorageAccessForOrigin() r?pbz,dimi → Bug 1724376 - Part 7: Implement Document::RequestStorageAccessForOrigin() r?pbz,dimi
Attachment #9238230 - Attachment description: WIP: Bug 1724376 - Part 8: Use the given origin of the privilege API as the third-party origin in the storage access prompt. r?pbz → Bug 1724376 - Part 8: Use the given origin of the privilege API as the third-party origin in the storage access prompt. r?pbz
Attachment #9238231 - Attachment description: WIP: Bug 1724376 - Part 9: Add a test for the privilege storage access API. r?pbz → Bug 1724376 - Part 9: Add a test for the privilege storage access API. r?pbz
Attachment #9238224 - Attachment description: Bug 1724376 - Part 2: Add a RejectForeignAllowList::Check() for principal. r?dimi!,pbz! → Bug 1724376 - Part 2: Add a RejectForeignAllowList::Check() for principal. r?dimi!,pbz!,sstreich!

This patch changes the way how we decide to expose the privilege SSA to
document interface. We will expose the interface for system principal
and the content script of the webcompat extension only.

Depends on D123811

Blocks: 1733330
Blocks: 1733331
Pushed by tihuang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6aad4b4f5657 Part 1: Add a new storage access grant reason for the privilege API. r=dimi,pbz https://hg.mozilla.org/integration/autoland/rev/aa49afe2bc68 Part 2: Add a RejectForeignAllowList::Check() for principal. r=dimi,pbz,ckerschb https://hg.mozilla.org/integration/autoland/rev/4ae2f9a20a08 Part 3: Add ContentBlocking::CheckTrackerForPrincipal(). r=dimi,pbz https://hg.mozilla.org/integration/autoland/rev/339baf19d3c6 Part 4: Add a ContentBlocking::AsyncShouldAllowAccessFor(). r=dimi,pbz https://hg.mozilla.org/integration/autoland/rev/4676337166a2 Part 5: Add support of calling ContentBlocking::AllowAccessFor() for the privilege request storage access API. r=dimi,pbz https://hg.mozilla.org/integration/autoland/rev/2231210a2556 Part 6: Implement StorageAccess::AsyncStorageDisabledByAntiTracking(). r=dimi,pbz https://hg.mozilla.org/integration/autoland/rev/a0dd38e4d95e Part 7: Implement Document::RequestStorageAccessForOrigin() r=dimi,edgar https://hg.mozilla.org/integration/autoland/rev/85856ecdc954 Part 8: Use the given origin of the privilege API as the third-party origin in the storage access prompt. r=pbz https://hg.mozilla.org/integration/autoland/rev/a46e077a1ab9 Part 9: Add a test for the privilege storage access API. r=pbz https://hg.mozilla.org/integration/autoland/rev/569bb2f56d66 Part 10: Only expose the privilege SSA to system prinicpal and content scripts of webcompt extension. r=dimi,edgar
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: