Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-23 21:01:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1670447: Deprecate randomDataOnCanvasExtract. r=tjr

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D226821
This commit is contained in:
Fatih 2024-11-06 13:32:22 +00:00
parent f7f8b28ee7
commit d8ad1f1b44
3 changed files with 28 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
browser/base/content/test/permissions/browser_canvas_fingerprinting_resistance.js
View File

@ -3,9 +3,7 @@
* required for canvas data extraction.
* This tests whether the site permission prompt for canvas data extraction
* works properly.
* When "privacy.resistFingerprinting.randomDataOnCanvasExtract" is true,
* canvas data extraction results in random data, and when it is false, canvas
* data extraction results in all-white data.
* Canvas data extraction should result in random data.
*/
"use strict";
@ -48,8 +46,6 @@ function initTab() {
return canvas;
};
let placeholder = drawCanvas("white");
contentWindow.kPlaceholderData = placeholder.toDataURL();
let canvas = drawCanvas("cyan", "canvas-id-canvas");
contentWindow.kPlacedData = canvas.toDataURL();
is(
@ -57,17 +53,9 @@ function initTab() {
contentWindow.kPlacedData,
"privacy.resistFingerprinting = false, canvas data == placed data"
);
isnot(
canvas.toDataURL(),
contentWindow.kPlaceholderData,
"privacy.resistFingerprinting = false, canvas data != placeholder data"
);
}
function enableResistFingerprinting(
randomDataOnCanvasExtract,
autoDeclineNoInput
) {
function enableResistFingerprinting(autoDeclineNoInput) {
return SpecialPowers.pushPrefEnv({
set: [
["privacy.fingerprintingProtection", true],
@ -78,10 +66,6 @@ function enableResistFingerprinting(
? ",+CanvasExtractionBeforeUserInputIsBlocked"
: ""),
],
[
"privacy.resistFingerprinting.randomDataOnCanvasExtract",
randomDataOnCanvasExtract,
],
],
});
}
@ -94,7 +78,7 @@ function promisePopupHidden() {
return BrowserTestUtils.waitForEvent(PopupNotifications.panel, "popuphidden");
}
function extractCanvasData(randomDataOnCanvasExtract, grantPermission) {
function extractCanvasData(grantPermission) {
let contentWindow = content.wrappedJSObject;
let canvas = contentWindow.document.getElementById("canvas-id-canvas");
let canvasData = canvas.toDataURL();
@ -104,51 +88,18 @@ function extractCanvasData(randomDataOnCanvasExtract, grantPermission) {
contentWindow.kPlacedData,
"privacy.resistFingerprinting = true, permission granted, canvas data == placed data"
);
if (!randomDataOnCanvasExtract) {
isnot(
canvasData,
contentWindow.kPlaceholderData,
"privacy.resistFingerprinting = true and randomDataOnCanvasExtract = false, permission granted, canvas data != placeholderdata"
);
}
} else if (grantPermission === false) {
isnot(
canvasData,
contentWindow.kPlacedData,
"privacy.resistFingerprinting = true, permission denied, canvas data != placed data"
);
if (!randomDataOnCanvasExtract) {
is(
canvasData,
contentWindow.kPlaceholderData,
"privacy.resistFingerprinting = true and randomDataOnCanvasExtract = false, permission denied, canvas data == placeholderdata"
);
} else {
isnot(
canvasData,
contentWindow.kPlaceholderData,
"privacy.resistFingerprinting = true and randomDataOnCanvasExtract = true, permission denied, canvas data != placeholderdata"
);
}
} else {
isnot(
canvasData,
contentWindow.kPlacedData,
"privacy.resistFingerprinting = true, requesting permission, canvas data != placed data"
);
if (!randomDataOnCanvasExtract) {
is(
canvasData,
contentWindow.kPlaceholderData,
"privacy.resistFingerprinting = true and randomDataOnCanvasExtract = false, requesting permission, canvas data == placeholderdata"
);
} else {
isnot(
canvasData,
contentWindow.kPlaceholderData,
"privacy.resistFingerprinting = true and randomDataOnCanvasExtract = true, requesting permission, canvas data != placeholderdata"
);
}
}
}
@ -170,19 +121,11 @@ function testPermission() {
return Services.perms.testPermissionFromPrincipal(kPrincipal, kPermission);
}
async function withNewTabNoInput(
randomDataOnCanvasExtract,
grantPermission,
browser
) {
async function withNewTabNoInput(grantPermission, browser) {
await SpecialPowers.spawn(browser, [], initTab);
await enableResistFingerprinting(randomDataOnCanvasExtract, false);
await enableResistFingerprinting(false);
let popupShown = promisePopupShown();
await SpecialPowers.spawn(
browser,
[randomDataOnCanvasExtract],
extractCanvasData
);
await SpecialPowers.spawn(browser, [], extractCanvasData);
await popupShown;
let popupHidden = promisePopupHidden();
if (grantPermission) {
@ -194,34 +137,28 @@ async function withNewTabNoInput(
await popupHidden;
is(testPermission(), Services.perms.DENY_ACTION, "permission denied");
}
await SpecialPowers.spawn(
browser,
[randomDataOnCanvasExtract, grantPermission],
extractCanvasData
);
await SpecialPowers.spawn(browser, [grantPermission], extractCanvasData);
await SpecialPowers.popPrefEnv();
}
async function doTestNoInput(randomDataOnCanvasExtract, grantPermission) {
async function doTestNoInput(grantPermission) {
await BrowserTestUtils.withNewTab(
kUrl,
withNewTabNoInput.bind(null, randomDataOnCanvasExtract, grantPermission)
withNewTabNoInput.bind(null, grantPermission)
);
Services.perms.removeFromPrincipal(kPrincipal, kPermission);
}
// With auto-declining disabled (not the default)
// Tests clicking "Don't Allow" button of the permission prompt.
add_task(doTestNoInput.bind(null, true, false));
add_task(doTestNoInput.bind(null, false, false));
add_task(doTestNoInput.bind(null, false));
// Tests clicking "Allow" button of the permission prompt.
add_task(doTestNoInput.bind(null, true, true));
add_task(doTestNoInput.bind(null, false, true));
add_task(doTestNoInput.bind(null, true));
async function withNewTabAutoBlockNoInput(randomDataOnCanvasExtract, browser) {
async function withNewTabAutoBlockNoInput(browser) {
await SpecialPowers.spawn(browser, [], initTab);
await enableResistFingerprinting(randomDataOnCanvasExtract, true);
await enableResistFingerprinting(true);
let noShowHandler = () => {
ok(false, "The popup notification should not show in this case.");
@ -235,11 +172,7 @@ async function withNewTabAutoBlockNoInput(randomDataOnCanvasExtract, browser) {
);
// Try to extract canvas data without user inputs.
await SpecialPowers.spawn(
browser,
[randomDataOnCanvasExtract],
extractCanvasData
);
await SpecialPowers.spawn(browser, [], extractCanvasData);
await promisePopupObserver;
info("There should be no popup shown on the panel.");
@ -260,20 +193,16 @@ async function withNewTabAutoBlockNoInput(randomDataOnCanvasExtract, browser) {
await SpecialPowers.popPrefEnv();
}
async function doTestAutoBlockNoInput(randomDataOnCanvasExtract) {
async function doTestAutoBlockNoInput() {
await BrowserTestUtils.withNewTab(
kUrl,
withNewTabAutoBlockNoInput.bind(null, randomDataOnCanvasExtract)
withNewTabAutoBlockNoInput.bind(null)
);
}
add_task(doTestAutoBlockNoInput.bind(null, true));
add_task(doTestAutoBlockNoInput.bind(null, false));
add_task(doTestAutoBlockNoInput.bind(null));
function extractCanvasDataUserInput(
randomDataOnCanvasExtract,
grantPermission
) {
function extractCanvasDataUserInput(grantPermission) {
let contentWindow = content.wrappedJSObject;
let canvas = contentWindow.document.getElementById("canvas-id-canvas");
let canvasData = canvas.toDataURL();
@ -283,61 +212,24 @@ function extractCanvasDataUserInput(
contentWindow.kPlacedData,
"privacy.resistFingerprinting = true, permission granted, canvas data == placed data"
);
if (!randomDataOnCanvasExtract) {
isnot(
canvasData,
contentWindow.kPlaceholderData,
"privacy.resistFingerprinting = true and randomDataOnCanvasExtract = false, permission granted, canvas data != placeholderdata"
);
}
} else if (grantPermission === false) {
isnot(
canvasData,
contentWindow.kPlacedData,
"privacy.resistFingerprinting = true, permission denied, canvas data != placed data"
);
if (!randomDataOnCanvasExtract) {
is(
canvasData,
contentWindow.kPlaceholderData,
"privacy.resistFingerprinting = true and randomDataOnCanvasExtract = false, permission denied, canvas data == placeholderdata"
);
} else {
isnot(
canvasData,
contentWindow.kPlaceholderData,
"privacy.resistFingerprinting = true and randomDataOnCanvasExtract = true, permission denied, canvas data != placeholderdata"
);
}
} else {
isnot(
canvasData,
contentWindow.kPlacedData,
"privacy.resistFingerprinting = true, requesting permission, canvas data != placed data"
);
if (!randomDataOnCanvasExtract) {
is(
canvasData,
contentWindow.kPlaceholderData,
"privacy.resistFingerprinting = true and randomDataOnCanvasExtract = false, requesting permission, canvas data == placeholderdata"
);
} else {
isnot(
canvasData,
contentWindow.kPlaceholderData,
"privacy.resistFingerprinting = true and randomDataOnCanvasExtract = true, requesting permission, canvas data != placeholderdata"
);
}
}
}
async function withNewTabInput(
randomDataOnCanvasExtract,
grantPermission,
browser
) {
async function withNewTabInput(grantPermission, browser) {
await SpecialPowers.spawn(browser, [], initTab);
await enableResistFingerprinting(randomDataOnCanvasExtract, true);
await enableResistFingerprinting(true);
let popupShown = promisePopupShown();
await SpecialPowers.spawn(browser, [], function () {
E10SUtils.wrapHandlingUserInput(content, true, function () {
@ -358,25 +250,23 @@ async function withNewTabInput(
}
await SpecialPowers.spawn(
browser,
[randomDataOnCanvasExtract, grantPermission],
[grantPermission],
extractCanvasDataUserInput
);
await SpecialPowers.popPrefEnv();
}
async function doTestInput(randomDataOnCanvasExtract, grantPermission) {
async function doTestInput(grantPermission) {
await BrowserTestUtils.withNewTab(
kUrl,
withNewTabInput.bind(null, randomDataOnCanvasExtract, grantPermission)
withNewTabInput.bind(null, grantPermission)
);
Services.perms.removeFromPrincipal(kPrincipal, kPermission);
}
// With auto-declining enabled (the default)
// Tests clicking "Don't Allow" button of the permission prompt.
add_task(doTestInput.bind(null, true, false));
add_task(doTestInput.bind(null, false, false));
add_task(doTestInput.bind(null, false));
// Tests clicking "Allow" button of the permission prompt.
add_task(doTestInput.bind(null, true, true));
add_task(doTestInput.bind(null, false, true));
add_task(doTestInput.bind(null, true));

11
dom/canvas/GeneratePlaceholderCanvasData.h
View File

@ -17,18 +17,13 @@
namespace mozilla::dom {
/**
* When privacy.resistFingerprinting.randomDataOnCanvasExtract is true, tries
* to generate random data for placeholder canvas by sampling
* RANDOM_BYTES_TO_SAMPLE bytes and then returning it. If this fails or if
* privacy.resistFingerprinting.randomDataOnCanvasExtract is false, returns
* nullptr.
* This function tries to generate random data for placeholder canvas by
* sampling RANDOM_BYTES_TO_SAMPLE bytes and then returning it. If it fails,
* returns nullptr.
*
* @return uint8_t* output buffer
*/
inline uint8_t* TryToGenerateRandomDataForPlaceholderCanvasData() {
if (!StaticPrefs::privacy_resistFingerprinting_randomDataOnCanvasExtract()) {
return nullptr;
}
nsresult rv;
nsCOMPtr<nsIRandomGenerator> rg =
do_GetService("@mozilla.org/security/random-generator;1", &rv);

7
modules/libpref/init/StaticPrefList.yaml
View File

@ -14953,13 +14953,6 @@
value: false
mirror: always
# Whether canvas extraction should result in random data. If false, canvas
# extraction results in all-white, opaque pixel data.
- name: privacy.resistFingerprinting.randomDataOnCanvasExtract
type: RelaxedAtomicBool
value: true
mirror: always
# The log level for browser console messages logged in RFPHelper.sys.mjs. Change to
# 'All' and restart to see the messages.
- name: privacy.resistFingerprinting.jsmloglevel