Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for time limits for Web API permissions in brave-core #14126

Closed
pes10k opened this issue Feb 12, 2021 · 19 comments · Fixed by brave/brave-core#8378
Closed

Add support for time limits for Web API permissions in brave-core #14126

pes10k opened this issue Feb 12, 2021 · 19 comments · Fixed by brave/brave-core#8378
Assignees
@goodov
Labels
OS/Android Fixes related to Android browser functionality OS/Desktop privacy/feature User-facing privacy- & security-focused feature work. privacy/permissions privacy features related to limiting, lifetime or other permissions privacy privacy-pod Feature work for the Privacy & Web Compatibility pod QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Yes release-notes/include
Milestone
1.24.x - Release

Comments

@pes10k
Copy link
Contributor

pes10k commented Feb 12, 2021
edited
Loading

Currently, when requesting a permission, Chromium allows users to say yes or no, w/o an intermediate option.

For example, i can give google maps access to my location forever (or deny), or i can give the zoom web client access to my camera and mic forever (or deny), but there is no option to say "you can use my camera until i close the page" or "you can use my location for 24 hours".

Options

This issue is to create the ability to grant a page access to a permissioned API for the following options:

  1. Grant permission, forever (currently available)
  2. No permission, forever (currently available)
  3. Permission for this site session (i.e. until there are no more top-level documents for the eTLD+1, to align with ephemeral site storage)
  4. Permission for arbitrary amount of time

For 4, we likely wouldn't want to expose this option to users (I imagine we'd want so preset "one week" or similar options), but the implementation should allow for arbitrary lengths.

Current UI

Currently Brave uses the upstream Chromium options (and UI), which give the user only a permanent Yes or No option.
Screen Shot 2021-02-11 at 8 19 15 PM

Other Browsers

Fiirefox

Screen Shot 2021-02-11 at 8 10 07 PM

Screen Shot 2021-02-11 at 8 12 16 PM

Firefox currently has a version of this for for some permissions. By default, "allow" and "deny" apply for the page, and "Remember this decision" makes the choice permanent.

Safari

Safari similarly by default grants permission for the page, with options to make the choice permeant.
Screen Shot 2021-02-11 at 8 13 49 PM
Screen Shot 2021-02-11 at 8 14 41 PM

Out-of-Scope and Other Considerations
@pes10k pes10k added privacy privacy/feature User-facing privacy- & security-focused feature work. OS/Android Fixes related to Android browser functionality privacy-pod Feature work for the Privacy & Web Compatibility pod OS/Desktop privacy/permissions privacy features related to limiting, lifetime or other permissions labels Feb 12, 2021
@pes10k pes10k added the design/needs-mock-up needs-mockup A feature which needs design mockup to be implemented. label Feb 12, 2021
@pes10k pes10k changed the title Add optional time limits for Web API permissions Add support for time limits for Web API permissions in brave-core Feb 12, 2021
This was referenced Feb 12, 2021
Closed
Closed
@pes10k pes10k removed the design/needs-mock-up needs-mockup A feature which needs design mockup to be implemented. label Feb 12, 2021
@goodov
Copy link
Member

goodov commented Feb 15, 2021

Did some research, a possible solution looks like this:

  1. Create additional KeyedService to track expiring permissions and revoke them when it's required. The proper place is components/permissions.
  2. Reach this service and pass all data when we got the decision from a user. It can be done in the implementation of PermissionPrompt::Delegate, currently it is implemented in PermissionRequestManager (a tab helper). To pass the actual value from UI, we can extend PermissionPrompt::Delegate::Accept or add another method and call it right (or before) Accept with the desired amount of time.
    It is also possible to extend PermissionRequestImpl by adding BrowserContext and access the service directly in case PermissionRequestManager will be hard to wire.

❔ It looks like a request bubble can show many permission requests at once. The current delegate implementation assumes we accept all or decline all. The default timer implementation will also be applied to all listed permissions. Can we mention that in the issue description? I guess we can technically support different timers for different permissions requested simultaneously in the one UI bubble, but is it actually needed?

I haven't look at ephemeral storage-like behavior yet, but I assume it should not be that hard to implement knowing that the ephemeral storage feature already has some working machinery for a tab tracking which can be connected with this feature.

@pes10k
Copy link
Contributor Author

pes10k commented Feb 16, 2021

That all sounds great @goodov! Also wondering if your digging gave you a sense of how difficult it would be to partition permissions (e.g., whether google maps embedded on site A is independent of whether google maps embedded on site B, both of which are independent of what permissions https://www.google.com/maps has, etc).

Its possible upstream is already considering this (as part of the overall NetworkIsolationKey work) but if they haven't / aren't planning to, we should at least.

If that would be "easy" to do as part of this issue, I'll add and update the description above. But if it seems like a significant amount of additional work, i'll create another issue for it, and we can sequence however you both think would be best.

@iefremov
Copy link
Contributor

@pes10k Let's do step by step, having an additional issue would be fine

@goodov
Copy link
Member

goodov commented Feb 16, 2021

Extension API permissions logic uses another mechanism, not connected with PermissionManager, so it will not automagically work when we implement the Web API part. Additional implementation for the extension API is required.

Entry point for extension API permissions is PermissionsRequestFunction::Run, then the flow goes into PermissionsUpdater class. It looks like we can use this class directly in our backend to reset permissions when it's required.

@pes10k pes10k mentioned this issue Feb 18, 2021
Closed
@pes10k
Copy link
Contributor Author

pes10k commented Feb 18, 2021

@goodov would your current approach also work for an "allow until end of session" option?

@goodov
Copy link
Member

goodov commented Feb 19, 2021

@pes10k There are currently two approaches now that I'm considering.

  1. Use existing Chromium logic, it's a good approach, because it minimizes overall logic duplication between Brave and Chromium, but it will require us to make a CL to straighten the underlying interfaces in Chromium codebase (otherwise the conflict score will be super high), and possibly extend their "per session" logic so it will conform to our eTLD+1 idea instead of theirs Origin-based implementation.
  2. Create a Brave-specific service on our side and do all permission revoke steps ourselves. This way we can apply any rules we want and be not restricted by Chromium logic.

The Chromium-based option is very appealing, but it can take a lot of time, and the final result may not be as flexible as we want to, so we discussed it with Ivan and decided to implement Brave-specific variant with possible Chromium reintegration in future.

would your current approach also work for an "allow until end of session" option?

the current approach with our service will allow me to connect it with TLDEphemeralLifetime and handle "per session" lifetime without noticeable issues.

@goodov
Copy link
Member

goodov commented Mar 17, 2021
edited
Loading

Here is a discussion with Chromium folks about improving their permission constraints implementation so we can use it directly at some point. Looks like they're happy to accept my recommended changes and we can actually do this. Just need some time to implement it and make a CL.

https://bugs.chromium.org/p/chromium/issues/detail?id=1147918#c4

@goodov goodov mentioned this issue Mar 17, 2021
Merged
24 tasks
@pes10k
Copy link
Contributor Author

pes10k commented Mar 17, 2021

That sounds terrific @goodov! Would we need to wait for upstream before we can enable for Brave users then? Or can we enable in Brave while the upstream work is being sorted out?

@goodov
Copy link
Member

goodov commented Mar 18, 2021

We will enable our implementation first (currently in review) and will migrate to upstream implementation when it will be ready (may take few months to get required Chromium changes in our codebase).

@goodov
Copy link
Member

goodov commented Mar 18, 2021
edited
Loading

There are a list of some permission requests that are not handled with a general implementation. Some of them use own storage (not HostContentSettingsMap), some of them use custom HostContentSettingsMap decision set logic, some of them are even browser-wide:

  1. WidevinePermissionRequest - Widevine enabler for the whole browser. Doesn't use ContentSettings, changes browser global state. Requires a custom handler+revoker. Revoke will likely require a browser restart.
  2. RegisterProtocolHandlerPermissionRequest - registers protocol handler per site (?). Doesn't use ContentSettings, stores data in own custom backend. Requires a custom handler+revoker.
  3. DownloadPermissionRequest - allows multi-download per site, uses ContentSettings, but has its own setter. Requires a custom handler, revoke will work fine.
  4. PerDeviceProvisioningPermissionRequest - Android-specific, doesn't use ContentSettings, somehow connected to DRM (created from CreateMediaDrmStorage). Requires a custom handler+revoker.
  5. AttestationPermissionRequest - an Extension API method can trigger this request, doesn't use ContentSettings. Requires a custom handler+revoker.
  6. QuotaPermissionRequest - a DeprecatedStorageQuota API method, doesn't use ContentSettings. Requires a custom handler+revoker.
  • custom handler - means we need to have some code to handle the moment permission is accepted.
  • custom revoker - means we need to have some code to revoke the permission.

Technically it's possible to add required logic for each of this requests, but I don't think we should do this. It's very likely that each one of them will introduce some conflict to Chromium (patches, etc), it's possible that revoke of some of them can be harmful for a runtime logic, and it's possible that some of them are very rare.

From my POV, we can/should support DownloadPermissionRequest and keep other requests as is, but maybe I don't see a full picture. @pes10k what do you think?

@pes10k
Copy link
Contributor Author

pes10k commented Mar 19, 2021

I think that all sounds great @goodov ! And fwiw, I think DownloadPermissionRequest could wait till later too, as a follow up item. Especially if making deeper changes in Chromium to support the above would make it harder to partition the permissions too (which to my mind is a higher priority).

@simonhong
Copy link
Member

simonhong commented Mar 22, 2021
edited
Loading

@goodov Regarding to WidevinePermissionRequest, I think we just borrowed permission UI to ask user whether install widevine or not globally. It would be great if we can control widevine permisison per site even if widevine plugin is installed.

@goodov goodov mentioned this issue Mar 29, 2021
Merged
24 tasks
@goodov goodov mentioned this issue Apr 5, 2021
Closed
@pes10k pes10k mentioned this issue Apr 15, 2021
Closed
@LaurenWags
Copy link
Member

@pes10k @goodov could we get a test plan for this one please? Marking as QA/Blocked until we have this 👍🏻

@stephendonner stephendonner mentioned this issue Apr 19, 2021
Closed
@stephendonner
Copy link

stephendonner commented Apr 20, 2021
edited
Loading

We have a testplan in-hand (via Slack), but I'm leaving QA/Blocked until we have the uplift into 1.24.x for the until I close this window functionality, which I tested in nightly/1.25.x here: brave/brave-core#8378 (comment)

@stephendonner stephendonner added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Apr 22, 2021
@kjozwiak
Copy link
Member

Removed QA/Blocked as brave/brave-core#8585 was merged. We'll need a new build but this is ready to QA once new builds are available 👍

@stephendonner stephendonner mentioned this issue Apr 23, 2021
Open
@stephendonner
Copy link

stephendonner commented Apr 27, 2021
edited by GeetaSarvadnya
Loading

Verified PASSED using

Brave 1.24.75 Chromium: 90.0.4430.85 (Official Build) beta (x86_64)
Revision 5bc145d831c180d9ff94f29a0d7a2e1cbd30ef36-refs/branch-heads/4430@{#1311}
OS macOS Version 11.3 (Build 20E232)

NOTES (especially for the rest of the @brave/legacy_qa team):

  1. keep in mind you will encounter Location-permissions icon not dynamically removed from URL bar on permissions-lifetime timeout. #15473 (and state-related variants); window and tab state aren't updated dynamically, often (I might be filing more bugs, feel free to do so as well, of course). for shorter lifetimes, clicking on the buttons on https://permissions.info will tell you whether a permission previously granted for that site has expired or not, though.
  2. not all steps are represented with screenshots, for brevity; especially, often, the final step, which is typically just a re-hash of the first step, which already has an included screenshot
  3. use your best judgement re: steps and screenshots - there are multiple ways to verify the permissions' lifetimes are accurate throughout the UI (lock-icon flyout in the URL bar, brave://settings/content, brave://settings/content/camera, brave://settings/content/microphone, brave://settings/content/location, brave://settings/content/midi, brave://settings/content/notifications and more
  4. some screenshots are included as part of extra verification/alternate steps you might want to take to verify -- particularly of the lock-icon flyout w/permissions, as I've tried to vary a few of the places to check (as there are more than one) the permissions
  5. I purposefully also omitted the repeated posting of a screenshot for the initial step to enable Lifetime Permissions via brave://flags, since that's common to nearly all the testcases here
  6. you may and are encouraged to use sites other than https://permission.site to test, of course! if you use that site, be sure you are loading it over HTTPS, rather than HTTP, as many of the tests' buttons won't work over HTTP

Time-based cases

20-seconds, Allow permission (microphone):

  1. launch Brave using --enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
  2. load brave://flags and enable the Permissions Lifetime flag
  3. restart Brave via command-line
  4. load https://permission.site
  5. click on Microphone
  6. Give permission for 20 seconds, click Allow
  7. click on the microphone icon in the URL bar
  8. confirm it reads Continue allowing permission.site to access your microphone
  9. open brave://settings/content/microphone
  10. confirm that https://permission.site:443 is under Allow
  11. wait until the remainder of the original 20 seconds passes
  12. on https://permission.site, confirm that clicking on Microphone again re-prompts for permissions
  13. open a tab with brave://settings/content/ and confirm there's no microphone or permission.site listed under Recent activity
example example example example example
Screen Shot 2021-04-26 at 3 05 07 PM Screen Shot 2021-04-26 at 3 05 19 PM Screen Shot 2021-04-26 at 3 05 45 PM Screen Shot 2021-04-26 at 3 05 51 PM Screen Shot 2021-04-26 at 3 06 52 PM

20-seconds, Allow permission (camera + microphone):

  1. launch Brave using --enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
  2. load brave://flags and enable the Permissions Lifetime flag
  3. restart Brave via command-line
  4. load https://permission.site
  5. click on Camera + Microphone
  6. Give permission for 20 seconds, click Allow
  7. click on the lock icon in the URL bar
  8. confirm the popup shows Camera - Allow and Microphone - Allow
  9. wait the remainder of the 20 seconds
  10. click on the lock icon again
  11. confirm the popup no longer has Camera nor Microphone with any values present
example example example
Screen Shot 2021-04-26 at 3 10 09 PM Screen Shot 2021-04-26 at 3 10 17 PM Screen Shot 2021-04-26 at 3 10 36 PM

Origin-based cases

Origin-based behavior, multiple tabs (location):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load hulu.com
  4. log in
  5. Give permission until I close this page
  6. click Allow
  7. confirm brave://settings/content/location shows Allow for Location
  8. click Allow when prompted to install Widevine
  9. play a video
  10. open hulu.com in another tab
  11. play a video
  12. close either of the two open tabs
  13. confirm brave://settings/content/location shows Allow for Location
  14. close the remaining tab
  15. confirm brave://settings/content/location now shows Ask before accessing (recommended) and has nothing under Block and Allow
example example example example example example
Screen Shot 2021-04-26 at 3 12 58 PM Screen Shot 2021-04-26 at 3 13 08 PM Screen Shot 2021-04-26 at 3 13 14 PM Screen Shot 2021-04-26 at 3 15 43 PM Screen Shot 2021-04-26 at 3 16 03 PM Screen Shot 2021-04-26 at 3 16 15 PM

Origin-based behavior, leave tab open, restart (MIDI):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on MIDI
  5. Give permission until I close this page
  6. click Allow
  7. confirm brave://settings/content shows permission.site with Allowed MIDI devices
  8. leave tab open
  9. restart Brave
  10. confirm brave://settings/content/midiDevices shows Ask when a site wants to use system exclusive messages to access MIDI MIDI devices
  11. confirm there's no sites under Block or Allow
  12. load https://permission.site/
  13. click on MIDI
  14. confirm you now get prompted for permission
example example example example example
Screen Shot 2021-04-26 at 3 22 52 PM Screen Shot 2021-04-26 at 3 23 01 PM Screen Shot 2021-04-26 at 3 23 08 PM Screen Shot 2021-04-26 at 3 23 17 PM Screen Shot 2021-04-26 at 3 23 55 PM

Origin-based behavior, close tab, open new tab (MIDI):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on MIDI
  5. Give permission until I close this page
  6. click Allow
  7. confirm brave://settings/content shows permission.site with Allowed MIDI devices
  8. close permission.site tab
  9. open brave://settings/content/midiDevices in a new tab
  10. confirm there are no permissions or sites listed under Block or Allow
  11. open https://permission.site/ in a new tab
  12. click on MIDI
  13. confirm you get prompted for permission
example example example
Screen Shot 2021-04-26 at 3 30 54 PM Screen Shot 2021-04-26 at 3 31 06 PM Screen Shot 2021-04-26 at 3 33 04 PM

24-hour / 1-week cases

24-hours, negative test (25 hours) (microphone):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on Microphone
  5. give permission for 24 hours
  6. confirm brave://settings/content shows Allow for Microphone
  7. shut down Brave
  8. set system clock forward by 25 hours
  9. confirm brave://settings/content shows Ask (default) for Microphone
  10. load https://permission.site/
  11. confirm you get re-prompted for microphone permissions when clicking on Microphone
example example example example
Screen Shot 2021-04-26 at 3 40 02 PM Screen Shot 2021-04-26 at 3 37 33 PM Screen Shot 2021-04-26 at 3 37 52 PM Screen Shot 2021-04-26 at 3 43 22 PM

24-hours positive test (23 hours) (microphone):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on Microphone
  5. give permission for 24 hours
  6. confirm brave://settings/content shows Allow for Microphone
  7. shut down Brave
  8. set system clock forward by 23 hours
  9. confirm brave://settings/content shows Allow for Microphone
  10. load https://permission.site/
  11. confirm you do NOT get re-prompted for microphone permissions when clicking on Microphone
example example example example
Screen Shot 2021-04-27 at 2 44 21 PM Screen Shot 2021-04-27 at 2 44 29 PM Screen Shot 2021-04-27 at 2 44 43 PM Screen Shot 2021-04-27 at 2 45 17 PM

1-week, negative test (8 days) (camera):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on Camera
  5. give permission for 1 week
  6. confirm brave://settings/content shows Allow for Camera
  7. shut down Brave
  8. set system clock forward by 8 days
  9. confirm brave://settings/content shows "Ask (default) for Camera
  10. load https://permission.site/
  11. confirm you get re-prompted for microphone permissions when clicking on Camera
example example example example
Screen Shot 2021-04-26 at 4 04 49 PM Screen Shot 2021-04-26 at 4 07 43 PM Screen Shot 2021-05-04 at 4 07 48 PM Screen Shot 2021-05-04 at 4 07 58 PM

1-week, positive test (location):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on Location
  5. give permission for 1 week
  6. confirm brave://settings/content shows Allow for Location
  7. shut down Brave
  8. set system clock forward by 6 days
  9. confirm brave://settings/content shows permission.sitewithAllowed locationunderRecent activity`
  10. load https://permission.site/
  11. confirm you do NOT get re-prompted for location permissions when clicking on Location
example example example example example
Screen Shot 2021-04-26 at 3 55 30 PM Screen Shot 2021-04-26 at 3 55 42 PM Screen Shot 2021-04-26 at 3 56 21 PM Screen Shot 2021-05-02 at 3 56 38 PM Screen Shot 2021-05-02 at 3 57 29 PM

Allow/Block forever cases

Allow forever (location):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on Location
  5. give permission forever
  6. confirm brave://settings/content shows Allow for Location
  7. shut down Brave
  8. set system clock forward by 2 months
  9. confirm brave://settings/content shows Allow for Location
  10. load https://permission.site/
  11. confirm you get do NOT get reprompted for Location
example example example example example
Screen Shot 2021-04-26 at 4 20 21 PM Screen Shot 2021-04-26 at 4 20 43 PM Screen Shot 2021-04-26 at 4 21 15 PM Screen Shot 2021-06-26 at 4 22 43 PM Screen Shot 2021-06-26 at 4 22 50 PM

Block forever (notifications):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on Notifications
  5. click on Block forever
  6. confirm brave://settings/content shows Block for Notifications
  7. shut down Brave
  8. set system clock forward by 3 months
  9. confirm brave://settings/content shows Block for Notifications
  10. load https://permission.site/
  11. confirm you get do NOT get reprompted for Notifications
example example example example
Screen Shot 2021-04-26 at 4 34 13 PM Screen Shot 2021-06-26 at 4 37 58 PM Screen Shot 2021-04-26 at 4 34 53 PM Screen Shot 2021-06-26 at 4 35 29 PM

Consecutive-revocation cases

Consecutive-revocation permissions (location):

  1. launch Brave using --enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
  2. load brave://flags and enable the Permissions Lifetime flag
  3. restart Brave via command-line
  4. load https://permission.site
  5. click on Location
  6. give permission for 20 seconds
  7. click on the lock icon next to permission.site in the URL bar
  8. confirm Location is set to Allow
  9. wait 10 seconds
  10. open https://browserleaks.com/geo
  11. give permission for 20 seconds
  12. return to permissions.site
  13. click on the lock icon; confirm you no longer see Location with any value
  14. return to browserleaks.com/geo
  15. click on the lock icon; confirm you no longer see Location with any value
example example example example example
Screen Shot 2021-04-26 at 2 56 02 PM Screen Shot 2021-04-26 at 2 56 07 PM Screen Shot 2021-04-26 at 2 56 27 PM Screen Shot 2021-04-26 at 2 56 41 PM Screen Shot 2021-04-26 at 2 56 52 PM

Negative/current-parity cases

Block (Auto Download):

  1. launch Brave using --enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
  2. load brave://flags and enable the Permissions Lifetime flag. restart Brave via command-line
  3. load https://permission.site
  4. click on Auto Download
  5. verify a file picker is invoked, as well as a permissions request to Download multiple files with Block and Allow buttons
  6. click on Block in the dialog
  7. click Cancel in the file picker
  8. click on the Download icon in the URL bar
  9. confirm you see Continue blocking automatic downloads of multiple files chosen
  10. load brave://settings/content/automaticDownloads and confirm https://permission.site:443 is under the Block section
  11. load brave://settings/content/ and confirm permission.site - http reads Blocked automatic downloads
  12. on permission.site click again on Auto Download, and confirm nothing happens (no file picker or permissions dialog pop up)
example example example
Screen Shot 2021-04-26 at 2 53 02 PM Screen Shot 2021-04-26 at 2 53 11 PM Screen Shot 2021-04-26 at 2 53 15 PM

Allow (Auto Download):

  1. launch Brave using --enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
  2. load brave://flags and enable the Permissions Lifetime flag. restart Brave via command-line
  3. load https://permission.site
  4. click on Auto Download
  5. verify a file picker is invoked, as well as a permissions request to Download multiple files with Block and Allow buttons
  6. click on Allow in the dialog
  7. click either Cancel or Save in the file picker
  8. confirm you get prompted another time, and choose either Cancel or Save again
  9. click on the Download icon in the URL bar
  10. confirm you see Continue allowing automatic downloads of multiple files chosen
  11. load brave://settings/content/automaticDownloads and confirm https://permission.site:443 is under the Allow section
  12. load brave://settings/content/ and confirm permission.site - http reads Allowed automatic downloads
  13. on permission.site click again on Auto Download, and confirm you again get two consecutive file-picker dialogs
example example example example
Screen Shot 2021-04-26 at 2 49 59 PM Screen Shot 2021-04-26 at 2 50 10 PM Screen Shot 2021-04-26 at 2 50 14 PM Screen Shot 2021-04-26 at 2 50 21 PM

Allow (Widevine):

  1. new profile
  2. launch Brave using --enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
  3. load brave://flags and enable the Permissions Lifetime flag. restart Brave via command-line
  4. load netflix.com (or any Widevine-using site)
  5. log in
  6. choose any value for Notifications, when prompted (or just dismiss the dialog)
  7. confirm you see an Install and run Widevine prompt, with a [ ] Don't ask again checkbox and Block and Allow buttons
  8. click Allow
  9. confirm you can play a media title
  10. relaunch Brave
  11. play any title and confirm you are not re-prompted for Widevine
example example example
Screen Shot 2021-04-26 at 10 12 58 PM Screen Shot 2021-04-26 at 10 13 35 PM Screen Shot 2021-04-26 at 10 14 37 PM

Migration (stored prefs)

Block (Notifications):

  1. using release build 1.23.73, load permission.site in a new profile
  2. click on Notifications
  3. click Block
  4. shut down
  5. copy your profile over and launch 1.24.x with it
  6. load brave://flags and flip Permission Lifetime to Enabled
  7. restart Brave 1.24.x
  8. load permission.site
  9. confirm that clicking on Notifications doesn't prompt or show notifications
  10. load brave://settings/content/notifications and confirm that https://permission.site:443 is listed under Block
example example
Screen Shot 2021-04-26 at 2 44 20 PM Screen Shot 2021-04-26 at 2 40 20 PM

Allow (Location):

  1. using Brave release build 1.23.73, load permission.site in a new profile
  2. click on Location
  3. click Allow
  4. shut down
  5. copy your profile over and launch 1.24.x with it
  6. load brave://flags and flip Permission Lifetime to Enabled
  7. restart Brave 1.24.x
  8. load permission.site
  9. confirm that clicking on Location doesn't prompt or show notifications
  10. load brave://settings/content/location and confirm that https://permission.site:443 is listed under Allow
  11. click on the dropped-pin icon in the URL bar and confirm it says Continue allowing this site to access your location
example example
Screen Shot 2021-04-26 at 2 36 59 PM Screen Shot 2021-04-26 at 2 37 13 PM

Verification passed on

Brave 1.24.81 Chromium: 90.0.4430.93 (Official Build) (64-bit)
Revision 4df112c29cfe9a2c69b14195c0275faed4e997a7-refs/branch-heads/4430@{#1348}
OS Ubuntu 18.04 LTS

Verified selected test case from above test plan

20-seconds, Allow permission (camera + microphone )

Verified permission prompt was triggered
image

Verified permissions were granted
image

Verified permissions were revoked after 20s
image

Origin-based behavior, multiple tabs (location)

Verified visiting browserleaks.com/geo triggers permission prompt
image
Verified the permission is granted
image
image
Verified That after closing 1 tab, the permission is still granted
image
Verified closing all the related tabs, clears the permission
image
Verified visiting browserleaks.com/geo again triggers permission prompt
image

Allow forever (location)

Verified visiting the page triggers permission prompt
image
Verified brave://settings/content for Location shows Allow
image
Verified after 2 months, permission is still granted
image
image

24-hours positive test (23 hours) (microphone)

Verified permission prompt was shown and was able to set 24h
image
Verified permission was allowed in brave://settings/content
image
image
Verified microphone permissions are Allowed for the site after 23h :
image
Verified no prompt was shown for Microphone after 23h
image

Consecutive-revocation permissions (location)

Verified visiting permission.site triggers permission prompt
image
Verified Location is allowed for 20 seconds
image
Verified visiting https://browserleaks.com/geo triggers permission prompt
image
Verified Location is allowed for 20 seconds
image
Verified after 20s the allow permission was revoked
image
image

Upgrade test from 1.23.x

Verified that in 1.23.x, Location was set to Block, Notifications to Allow
image
Verified that after upgrade the permissions remained the same
image
image

Verification passed on

Brave | 1.24.82 Chromium: 90.0.4430.93 (Official Build) (64-bit)
-- | --
Revision | 4df112c29cfe9a2c69b14195c0275faed4e997a7-refs/branch-heads/4430@{#1348}
OS | Windows 10 OS Version 2004 (Build 19041.928)

Verified selected test case from above test plan

20-seconds, Allow permission_Normal Tab (camera + microphone )

Verified permission prompt was triggered
image

Verified permissions were granted
image

Verified permissions were revoked after 20s
image

20-seconds, Allow permission_PrivateTab (camera + microphone )

Verified permission prompt was triggered
image

Verified permissions were granted
image

Verified permissions were revoked after 20s
image

20-seconds, Allow permission_TorTab (camera + microphone )

Verified permission prompt was triggered
image

Verified permissions were granted
image

Verified permissions were revoked after 20s
image

Origin-based behavior, multiple tabs (location)
  • Verified visiting browserleaks.com/geo triggers permission prompt
  • Verified the permission is granted
  • Verified That after closing 1 tab, the permission is still granted
  • Verified closing all the related tabs, clears the permission
  • Verified visiting browserleaks.com/geo again triggers permission prompt
Example Example Example Example Example
image image image image image
Allow forever (location)
  • Verified visiting the page triggers permission prompt
  • Verified brave://settings/content for Location shows Allow
  • Verified after 2 months, permission is still granted
Example Example Example Example
image image image image
24-hours positive test (23 hours) (microphone)

Verified permission prompt was shown and was able to set 24h
image
image

Verified permission was allowed in brave://settings/content
image
image

Verified microphone permissions are Allowed for the site after 23h :
image

Verified no prompt was shown for Microphone after 23h
image

Consecutive-revocation permissions (location)

Verified visiting permission.site triggers permission prompt
Verified Location is allowed for 20 seconds
Verified visiting https://browserleaks.com/geo triggers permission prompt
Verified Location is allowed for 20 seconds
Verified after 20s the allow permission was revoked

Example Example Example Example Example Example
image image image image image image
Upgrade test
  • Installed 1.23.x and Blocked notifications for permission.site and upgraded profile to 1.24.x
  • Ensured that permission.site is in blocked list in brave://settings/content/notifications
  • Ensured that notifications remained blocked in 1.24.x
1.23.x 1.23.x 1.24.x 1.24.x
image image image image

@stephendonner stephendonner added QA Pass-macOS and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Apr 27, 2021
@srirambv srirambv added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Apr 30, 2021
@srirambv
Copy link
Contributor

Verification passed on OnePlus 6T with Android 10 running 1.24.81 x64 build

Time Based checks

20 Sec timer - Allow (Camera + Microphone)
  • Verified passing argument to set permission timer to 20 sec shows up as an option
  • Verified selecting 20 sec option and allow enables the Camera + Microphone on the site and system notification shows up
  • Verified site is added under allow list for both Camera + Microphone
  • Verified after 20 sec the site permissions are removed automatically
  • Verified reloading the page and selecting Camera on the page triggers the permission prompt again
20 Sec option Select 20 sec timer Site requesting permission Site added to allow list
image image image image
20 Sec timer - Block Forever (Camera + Microphone)
  • Verified setting permission to Block Forever adds an entry under blocked list for the site

Origin-based cases

Origin-based behaviour, multiple tabs (Location)
  • Verified visiting browserleaks.com/geo triggers permission prompt
  • Verified selecting Until I close this page and select allow sets the permission for the page and detects location
  • Verified visiting permission.site on a second tab and selecting location triggers prompt
  • Verified selecting Block Forever adds the site to blocked list
  • Verified site settings shows both sites under allowed/blocked respectively
  • Verified closing browserleaks.com/geo tab resets the site permission from site settings
  • Verified revisiting the page on a new tab triggers the prompt again

24-hour / 1-week cases

23 hrs test
  • Verified allowing permission on a site for 24hrs works fine
  • Verified restarting the browser and loading the page doesn't trigger permission prompt
  • Verified moving device date ahead to 23hrs and reloading the page/opening in a new tab doesn't trigger the permission prompt
25 hrs test
  • Verified allowing permission on a site for 24hrs works fine
  • Verified restarting the browser and loading the page doesn't trigger permission prompt
  • Verified moving device date ahead to 25hrs and reloading the page/opening in a new tab trigger the permission prompt
6 Days 12hrs test
  • Verified allowing permission on a site for 1 week works fine
  • Verified restarting the browser and loading the page doesn't trigger permission prompt
  • Verified moving device date ahead to 6 days & 12 hrs ahead and reloading the page/opening in a new tab doesn't trigger the permission prompt
8 days Test
  • Verified allowing permission on a site for 1 week works fine
  • Verified restarting the browser and loading the page doesn't trigger permission prompt
  • Verified moving device date ahead to 8days and reloading the page/opening in a new tab trigger the permission prompt

Allow/Block forever cases

Allow forever (Location)
  • Verified selecting location on https://permission.site triggers permission prompt
  • Verified able to set the permission to forever
  • Verified reloading the page doesn't trigger the prompt
  • Verified site settings adds the site to allow list
  • Verified moving device date ahead by a month and revisiting the page in a new tab doesn't trigger the notification
Block Forever (Notifications)
  • Verified selecting location on https://permission.site triggers permission prompt
  • Verified able to set the permission to Block Forever
  • Verified site settings adds the site to block list
  • Verified moving device date ahead by a month and revisiting the page in a new tab doesn't trigger the notification

Consecutive-revocation cases

10 sec repeat permission
  • Verified launching with command line --permission-lifetime-test-seconds=10 shows 10 sec option in permission prompt
  • Verified setting the prompt for 10 sec on https://permission.site works
  • Opening a new tab and visiting https://browserleaks.com/geo triggers the prompt and set it to 10 sec option
  • Wait for 10sec and navigate back to permission site via bottom toolbar swipe prompts again to set permission
  • Swipe back to browserleaks tab prompts on that page as well

Private tab test

Permission on private tabs
  • Verified permission prompt shows up on private tab as well
  • Verified setting persmisson forever works on private tab
  • Verified closing the private tab and opening a new one and visiting the same page triggers the permission prompt
  • Verified during an active session, setting permisson on private tab is only valid for the session
  • Verified during an active session, setting permission forever and opening the same page on normal tab still prompts for permission setting
  • Verified clearing site setting via clear data resets all permissions set on any page
Verification passed on Samsung Tab A with Android 10 running 1.24.81 x64 build

Time Based checks

20 Sec timer - Allow (Camera + Microphone)
  • Verified passing argument to set permission timer to 20 sec shows up as an option
  • Verified selecting 20 sec option and allow enables the Camera + Microphone on the site and system notification shows up
  • Verified site is added under allow list for both Camera + Microphone
  • Verified after 20 sec the site permissions are removed automatically
  • Verified reloading the page and selecting Camera on the page triggers the permission prompt again
20 Sec option Select 20 sec timer Site requesting permission Site added to allow list
20 Sec timer - Block Forever (Camera + Microphone)
  • Verified setting permission to Block Forever adds an entry under blocked list for the site
    <img width=300 src=>

Origin-based cases

Origin-based behaviour, multiple tabs (Location)
  • Verified visiting browserleaks.com/geo triggers permission prompt
  • Verified selecting Until I close this page and select allow sets the permission for the page and detects location
  • Verified visiting permission.site on a second tab and selecting location triggers prompt
  • Verified selecting Block Forever adds the site to blocked list
  • Verified site settings shows both sites under allowed/blocked respectively
  • Verified closing browserleaks.com/geo tab resets the site permission from site settings
  • Verified revisiting the page on a new tab triggers the prompt again

24-hour / 1-week cases

23 hrs test
  • Verified allowing permission on a site for 24hrs works fine
  • Verified restarting the browser and loading the page doesn't trigger permission prompt
  • Verified moving device date ahead to 23hrs and reloading the page/opening in a new tab doesn't trigger the permission prompt
25 hrs test
  • Verified allowing permission on a site for 24hrs works fine
  • Verified restarting the browser and loading the page doesn't trigger permission prompt
  • Verified moving device date ahead to 25hrs and reloading the page/opening in a new tab trigger the permission prompt
6 Days 12hrs test
  • Verified allowing permission on a site for 1 week works fine
  • Verified restarting the browser and loading the page doesn't trigger permission prompt
  • Verified moving device date ahead to 6 days & 12 hrs ahead and reloading the page/opening in a new tab doesn't trigger the permission prompt
8 days Test
  • Verified allowing permission on a site for 1 week works fine
  • Verified restarting the browser and loading the page doesn't trigger permission prompt
  • Verified moving device date ahead to 8days and reloading the page/opening in a new tab trigger the permission prompt

Allow/Block forever cases

Allow forever (Location)
  • Verified selecting location on https://permission.site triggers permission prompt
  • Verified able to set the permission to forever
  • Verified reloading the page doesn't trigger the prompt
  • Verified site settings adds the site to allow list
  • Verified moving device date ahead by a month and revisiting the page in a new tab doesn't trigger the notification
Block Forever (Notifications)
  • Verified selecting location on https://permission.site triggers permission prompt
  • Verified able to set the permission to Block Forever
  • Verified site settings adds the site to block list
  • Verified moving device date ahead by a month and revisiting the page in a new tab doesn't trigger the notification

Consecutive-revocation cases

10 sec repeat permission
  • Verified launching with command line --permission-lifetime-test-seconds=10 shows 10 sec option in permission prompt
  • Verified setting the prompt for 10 sec on https://permission.site works
  • Opening a new tab and visiting https://browserleaks.com/geo triggers the prompt and set it to 10 sec option
  • Wait for 10sec and navigate back to permission site via bottom toolbar swipe prompts again to set permission
  • Swipe back to browserleaks tab prompts on that page as well

Private tab test

Permission on private tabs
  • Verified permission prompt shows up on private tab as well
  • Verified setting persmisson forever works on private tab
  • Verified closing the private tab and opening a new one and visiting the same page triggers the permission prompt
  • Verified during an active session, setting permisson on private tab is only valid for the session
  • Verified during an active session, setting permission forever and opening the same page on normal tab still prompts for permission setting
  • Verified clearing site setting via clear data resets all permissions set on any page

@srirambv srirambv added QA Pass - Android ARM QA Pass - Android Tab and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Apr 30, 2021
@pes10k pes10k mentioned this issue May 4, 2021
Closed
@LaurenWags LaurenWags mentioned this issue May 4, 2021
Closed
@LaurenWags LaurenWags mentioned this issue May 4, 2021
Closed
This was referenced May 10, 2021
Closed
Closed
@stephendonner stephendonner mentioned this issue Jul 8, 2021
Closed
@pes10k pes10k mentioned this issue Aug 23, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@goodov goodov

Labels
OS/Android Fixes related to Android browser functionality OS/Desktop privacy/feature User-facing privacy- & security-focused feature work. privacy/permissions privacy features related to limiting, lifetime or other permissions privacy privacy-pod Feature work for the Privacy & Web Compatibility pod QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Yes release-notes/include
Projects
None yet
Milestone
1.24.x - Release
Development

Successfully merging a pull request may close this issue.

Add origin-based permission lifetime support brave/brave-core
10 participants
@pes10k @stephendonner @kjozwiak @iefremov @goodov @simonhong @srirambv @LaurenWags @btlechowski @GeetaSarvadnya