Bug 1936904 - add nimbus feature to fenix to control certificate transparency mode r=geckoview-reviewers,android-reviewers,ohall,calu
Differential Revision: https://phabricator.services.mozilla.com/D231990
This commit is contained in:
Dana Keeler
@@ -1385,6 +1385,10 @@ class GeckoEngine(
|
||||
override var cookieBehaviorOptInPartitioningPBM: Boolean
|
||||
get() = runtime.settings.cookieBehaviorOptInPartitioningPBM
|
||||
set(value) { runtime.settings.setCookieBehaviorOptInPartitioningPBM(value) }
|
||||
|
||||
override var certificateTransparencyMode: Int
|
||||
get() = runtime.settings.certificateTransparencyMode
|
||||
set(value) { runtime.settings.setCertificateTransparencyMode(value) }
|
||||
}.apply {
|
||||
defaultSettings?.let {
|
||||
this.javascriptEnabled = it.javascriptEnabled
|
||||
@@ -1421,6 +1425,7 @@ class GeckoEngine(
|
||||
this.parallelMarkingEnabled = it.parallelMarkingEnabled
|
||||
this.cookieBehaviorOptInPartitioning = it.cookieBehaviorOptInPartitioning
|
||||
this.cookieBehaviorOptInPartitioningPBM = it.cookieBehaviorOptInPartitioningPBM
|
||||
this.certificateTransparencyMode = it.certificateTransparencyMode
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -309,6 +309,11 @@ abstract class Settings {
|
||||
* Setting to control the cookie behavior opt-in partitioning in private browsing mode.
|
||||
*/
|
||||
open var cookieBehaviorOptInPartitioningPBM: Boolean by UnsupportedSetting()
|
||||
|
||||
/**
|
||||
* Setting to control how Certificate Transparency information is processed.
|
||||
*/
|
||||
open var certificateTransparencyMode: Int by UnsupportedSetting()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -371,6 +376,7 @@ data class DefaultSettings(
|
||||
val getDesktopMode: () -> Boolean = { false },
|
||||
override var cookieBehaviorOptInPartitioning: Boolean = false,
|
||||
override var cookieBehaviorOptInPartitioningPBM: Boolean = false,
|
||||
override var certificateTransparencyMode: Int = 0,
|
||||
) : Settings() {
|
||||
override val desktopModeEnabled: Boolean
|
||||
get() = getDesktopMode()
|
||||
|
||||
@@ -621,6 +621,15 @@ features:
|
||||
type: Boolean
|
||||
default: true
|
||||
|
||||
pki:
|
||||
description: Certificate verification configuration
|
||||
variables:
|
||||
certificateTransparencyMode:
|
||||
description: >
|
||||
What mode Certificate Transparency is in (0=disable, 1=telemetry only, 2=enforce).
|
||||
type: Int
|
||||
default: 0
|
||||
|
||||
javascript:
|
||||
description: Enables Javascript Engine (Spidermonkey) features
|
||||
variables:
|
||||
|
||||
@@ -186,6 +186,7 @@ class Core(
|
||||
webContentIsolationStrategy = WebContentIsolationStrategy.ISOLATE_HIGH_VALUE,
|
||||
fetchPriorityEnabled = FxNimbus.features.networking.value().fetchPriorityEnabled,
|
||||
parallelMarkingEnabled = FxNimbus.features.javascript.value().parallelMarkingEnabled,
|
||||
certificateTransparencyMode = FxNimbus.features.pki.value().certificateTransparencyMode,
|
||||
)
|
||||
|
||||
// Apply fingerprinting protection overrides if the feature is enabled in Nimbus
|
||||
|
||||
@@ -859,6 +859,7 @@ package org.mozilla.geckoview {
|
||||
method public int getAllowInsecureConnections();
|
||||
method @NonNull public String[] getArguments();
|
||||
method public boolean getAutomaticFontSizeAdjustment();
|
||||
method @NonNull public int getCertificateTransparencyMode();
|
||||
method @Nullable public String getConfigFilePath();
|
||||
method public boolean getConsoleOutputEnabled();
|
||||
method @NonNull public ContentBlocking.Settings getContentBlocking();
|
||||
@@ -911,6 +912,7 @@ package org.mozilla.geckoview {
|
||||
method @NonNull public GeckoRuntimeSettings setAboutConfigEnabled(boolean);
|
||||
method @NonNull public GeckoRuntimeSettings setAllowInsecureConnections(int);
|
||||
method @NonNull public GeckoRuntimeSettings setAutomaticFontSizeAdjustment(boolean);
|
||||
method @NonNull public GeckoRuntimeSettings setCertificateTransparencyMode(int);
|
||||
method @NonNull public GeckoRuntimeSettings setConsoleOutputEnabled(boolean);
|
||||
method @NonNull public GeckoRuntimeSettings setCookieBehaviorOptInPartitioning(boolean);
|
||||
method @NonNull public GeckoRuntimeSettings setCookieBehaviorOptInPartitioningPBM(boolean);
|
||||
|
||||
@@ -646,6 +646,34 @@ class RuntimeSettingsTest : BaseSessionTest() {
|
||||
)
|
||||
}
|
||||
|
||||
@Test
|
||||
fun certificateTransparencyMode() {
|
||||
val geckoRuntimeSettings = sessionRule.runtime.settings
|
||||
|
||||
assertThat(
|
||||
"Certificate Transparency mode should default to 0",
|
||||
geckoRuntimeSettings.certificateTransparencyMode,
|
||||
equalTo(0),
|
||||
)
|
||||
|
||||
geckoRuntimeSettings.setCertificateTransparencyMode(2)
|
||||
|
||||
assertThat(
|
||||
"Certificate Transparency mode should be set to 2",
|
||||
geckoRuntimeSettings.certificateTransparencyMode,
|
||||
equalTo(2),
|
||||
)
|
||||
|
||||
val preference =
|
||||
(sessionRule.getPrefs("security.pki.certificate_transparency.mode").get(0)) as Int
|
||||
|
||||
assertThat(
|
||||
"Certificate Transparency mode pref should be set to 2",
|
||||
preference,
|
||||
equalTo(2),
|
||||
)
|
||||
}
|
||||
|
||||
@Test
|
||||
fun parallelMarkingEnabling() {
|
||||
val geckoRuntimeSettings = sessionRule.runtime.settings
|
||||
|
||||
@@ -681,6 +681,8 @@ public final class GeckoRuntimeSettings extends RuntimeSettings {
|
||||
new Pref<Boolean>("network.cookie.cookieBehavior.optInPartitioning", false);
|
||||
/* package */ final Pref<Boolean> mCookieBehaviorOptInPartitioningPBM =
|
||||
new Pref<Boolean>("network.cookie.cookieBehavior.optInPartitioning.pbmode", false);
|
||||
/* package */ final Pref<Integer> mCertificateTransparencyMode =
|
||||
new Pref<Integer>("security.pki.certificate_transparency.mode", 0);
|
||||
|
||||
/* package */ int mPreferredColorScheme = COLOR_SCHEME_SYSTEM;
|
||||
|
||||
@@ -1028,6 +1030,28 @@ public final class GeckoRuntimeSettings extends RuntimeSettings {
|
||||
return mFetchPriorityEnabled.get();
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the pref to control security.pki.certificate_transparency.mode.
|
||||
*
|
||||
* @param mode What to set the certificate transparency mode to. 0 disables certificate
|
||||
* transparency entirely. 1 enables certificate transparency, but only collects telemetry. 2
|
||||
* enforces certificate transparency.
|
||||
* @return This GeckoRuntimeSettings instance
|
||||
*/
|
||||
public @NonNull GeckoRuntimeSettings setCertificateTransparencyMode(final int mode) {
|
||||
mCertificateTransparencyMode.commit(mode);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the value of security.pki.certificate_transparency.mode.
|
||||
*
|
||||
* @return What certificate transparency mode has been set.
|
||||
*/
|
||||
public @NonNull int getCertificateTransparencyMode() {
|
||||
return mCertificateTransparencyMode.get();
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the pref to control whether javascript.options.mem.gc_parallel_marking is enabled.
|
||||
*
|
||||
|
||||
@@ -12,6 +12,12 @@ exclude: true
|
||||
# GeckoView API Changelog.
|
||||
|
||||
⚠️ breaking change and deprecation notices
|
||||
|
||||
## v136
|
||||
- Added support for controlling `security.pki.certificate_transparency.mode` via [`GeckoRuntimeSettings.setCertificateTransparencyMode`][136.1]
|
||||
|
||||
[136.1]: {{javadoc_uri}}/GeckoRuntimeSettings.html#setCertificateTransparencyMode
|
||||
|
||||
## v134
|
||||
- ⚠️ [`WebExtensionController.PromptDelegate.onInstallPrompt`][133.5] is removed see https://bugzilla.mozilla.org/show_bug.cgi?id=1919374 for more details.
|
||||
- Added support for controlling `javascript.options.mem.gc_parallel_marking` via [`GeckoRuntimeSettings.setParallelMarkingEnabled`][134.1]
|
||||
@@ -1650,4 +1656,4 @@ to allow adding gecko profiler markers.
|
||||
[65.24]: {{javadoc_uri}}/CrashReporter.html#sendCrashReport(android.content.Context,android.os.Bundle,java.lang.String)
|
||||
[65.25]: {{javadoc_uri}}/GeckoResult.html
|
||||
|
||||
[api-version]: 10698f170c29b8740cbc90a7eaabb75f0150cbd0
|
||||
[api-version]: c788c1f495510877da5f40f7e81942b07653d2cc
|
||||
|
||||
Reference in New Issue
Block a user