corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1824235: Remove testGranularityMask from RFP and rename RFPLite r=timhuang

Browse Source 
- Rename RFPLite to privacy.fingerprintingProtection (FPP)
 - Create two pbmode prefs that will enable RFP/FPP in PBMode
   only. The original prefs will enable it in both modes.
 - Make exempting Web Extensions the default behavior
 - If there are website exemptions in the exemptedDomains pref,
   exempt them unconditionally
 - Use the timezone testing pref to determine whether or not we
   call _tzset on Windows

Differential Revision: https://phabricator.services.mozilla.com/D174014
This commit is contained in:
Tom Ritter
2023-04-11 17:15:35 +00:00
parent 7f3b4c34ee
commit 83df61141b
12 changed files with 93 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
dom/base/nsContentUtils.cpp
View File

@@ -741,9 +741,10 @@ class nsContentUtils::UserInteractionObserver final
static constexpr nsLiteralCString kRfpPrefs[] = {
"privacy.resistFingerprinting"_ns,
"privacy.resistFingerprintingLite"_ns,
"privacy.resistFingerprintingLite.overrides"_ns,
"privacy.resistFingerprinting.testGranularityMask"_ns,
"privacy.resistFingerprinting.pbmode"_ns,
"privacy.fingerprintingProtection"_ns,
"privacy.fingerprintingProtection.pbmode"_ns,
"privacy.fingerprintingProtection.overrides"_ns,
};
static void RecomputeResistFingerprintingAllDocs(const char*, void*) {
@@ -2202,10 +2203,6 @@ inline bool CookieJarSettingsSaysShouldResistFingerprinting(
return cookieJarSettings->GetShouldResistFingerprinting();
}
// These constants are used for privacy.resistFingerprinting.testGranularityMask
const unsigned int sWebExtensionExemptMask = 0x01;
const unsigned int sNonPBMExemptMask = 0x02;
const unsigned int sSpecificDomainsExemptMask = 0x04;
const char* kExemptedDomainsPrefName =
"privacy.resistFingerprinting.exemptedDomains";
@@ -2331,41 +2328,34 @@ bool nsContentUtils::ShouldResistFingerprinting_dangerous(
return false;
}
if (StaticPrefs::privacy_resistFingerprinting_testGranularityMask() &
sNonPBMExemptMask) {
// if non-PBM exempt mask is true, exempt non-PBM channels.
if (!StaticPrefs::privacy_resistFingerprinting_DoNotUseDirectly() &&
!StaticPrefs::privacy_fingerprintingProtection_DoNotUseDirectly()) {
// If neither of the 'regular' RFP prefs are set, then one (or both)
// of the PBM-Only prefs are set (or we would have failed the
// Positive return check.) Therefore, if we are not in PBM, return false
if (aOriginAttributes.mPrivateBrowsingId == 0) {
return false;
}
}
bool isExemptDomain = false;
// Exclude internal schemes
// Exclude internal schemes and web extensions
if (aURI->SchemeIs("about") || aURI->SchemeIs("chrome") ||
aURI->SchemeIs("resource") || aURI->SchemeIs("view-source")) {
aURI->SchemeIs("resource") || aURI->SchemeIs("view-source") ||
aURI->SchemeIs("moz-extension")) {
return false;
}
if (StaticPrefs::privacy_resistFingerprinting_testGranularityMask() &
sWebExtensionExemptMask) {
if (aURI->SchemeIs("moz-extension")) {
return false;
}
}
nsAutoCString list;
Preferences::GetCString(kExemptedDomainsPrefName, list);
ToLowerCase(list);
isExemptDomain = IsURIInList(aURI, list);
if (StaticPrefs::privacy_resistFingerprinting_testGranularityMask() &
sSpecificDomainsExemptMask) {
nsAutoCString list;
Preferences::GetCString(kExemptedDomainsPrefName, list);
ToLowerCase(list);
isExemptDomain = IsURIInList(aURI, list);
if (MOZ_LOG_TEST(nsContentUtils::ResistFingerprintingLog(),
mozilla::LogLevel::Debug)) {
nsAutoCString url;
aURI->GetHost(url);
LogDomainAndPrefList(kExemptedDomainsPrefName, url, isExemptDomain);
}
if (MOZ_LOG_TEST(nsContentUtils::ResistFingerprintingLog(),
mozilla::LogLevel::Debug)) {
nsAutoCString url;
aURI->GetHost(url);
LogDomainAndPrefList(kExemptedDomainsPrefName, url, isExemptDomain);
}
return !isExemptDomain;
@@ -2419,9 +2409,11 @@ bool nsContentUtils::ShouldResistFingerprinting_dangerous(
auto originAttributes =
BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
if (StaticPrefs::privacy_resistFingerprinting_testGranularityMask() &
sNonPBMExemptMask) {
// if non-PBM exempt mask is true, exempt non-PBM channels.
if (!StaticPrefs::privacy_resistFingerprinting_DoNotUseDirectly() &&
!StaticPrefs::privacy_fingerprintingProtection_DoNotUseDirectly()) {
// If neither of the 'regular' RFP prefs are set, then one (or both)
// of the PBM-Only prefs are set (or we would have failed the
// Positive return check.) Therefore, if we are not in PBM, return false
if (originAttributes.mPrivateBrowsingId == 0) {
return false;
}
@@ -2433,24 +2425,19 @@ bool nsContentUtils::ShouldResistFingerprinting_dangerous(
return false;
}
if (StaticPrefs::privacy_resistFingerprinting_testGranularityMask() &
sWebExtensionExemptMask) {
if (BasePrincipal::Cast(aPrincipal)->AddonPolicy()) {
return false;
}
// Web extension principals are also excluded
if (BasePrincipal::Cast(aPrincipal)->AddonPolicy()) {
return false;
}
bool isExemptDomain = false;
if (StaticPrefs::privacy_resistFingerprinting_testGranularityMask() &
sSpecificDomainsExemptMask) {
aPrincipal->IsURIInPrefList(kExemptedDomainsPrefName, &isExemptDomain);
aPrincipal->IsURIInPrefList(kExemptedDomainsPrefName, &isExemptDomain);
if (MOZ_LOG_TEST(nsContentUtils::ResistFingerprintingLog(),
mozilla::LogLevel::Debug)) {
nsAutoCString origin;
aPrincipal->GetAsciiOrigin(origin);
LogDomainAndPrefList(kExemptedDomainsPrefName, origin, isExemptDomain);
}
if (MOZ_LOG_TEST(nsContentUtils::ResistFingerprintingLog(),
mozilla::LogLevel::Debug)) {
nsAutoCString origin;
aPrincipal->GetAsciiOrigin(origin);
LogDomainAndPrefList(kExemptedDomainsPrefName, origin, isExemptDomain);
}
// If we've gotten here we have (probably) passed the CookieJarSettings