From d23bfc6425539d2f35b5bfd885b9016a92e86dd4 Mon Sep 17 00:00:00 2001 From: Jocelyn Liu Date: Wed, 21 Feb 2018 08:53:55 -0800 Subject: [PATCH] implement fingerprinting protection --- common/render_messages.h | 3 + .../brave_shields_web_contents_observer.cc | 14 ++ .../brave_shields_web_contents_observer.h | 3 + ...ser-chrome_content_browser_client.cc.patch | 15 ++ ...enderer-content_settings_observer.cc.patch | 27 +++ ...renderer-content_settings_observer.h.patch | 25 ++ ...re-browser-content_settings_utils.cc.patch | 15 ++ ...tings-core-common-content_settings.h.patch | 12 + ...s-core-common-content_settings.mojom.patch | 10 + ...on-content_settings_struct_traits.cc.patch | 14 ++ ...mon-content_settings_struct_traits.h.patch | 16 ++ ...core-frame-ContentSettingsClient.cpp.patch | 17 ++ ...e-core-frame-ContentSettingsClient.h.patch | 14 ++ ...re-html-canvas-HTMLCanvasElement.cpp.patch | 32 +++ ...t-Source-core-svg-SVGPathElement.cpp.patch | 22 ++ ...e-core-svg-SVGTextContentElement.cpp.patch | 22 ++ ...anvas2d-CanvasRenderingContext2D.cpp.patch | 75 ++++++ ...-canvas2d-CanvasRenderingContext2D.h.patch | 24 ++ ...modules-mediastream-MediaDevices.cpp.patch | 23 ++ ...peerconnection-RTCPeerConnection.cpp.patch | 93 ++++++++ ...ce-modules-webaudio-AnalyserNode.cpp.patch | 44 ++++ ...webgl-WebGL2RenderingContextBase.cpp.patch | 39 +++ ...-webgl-WebGLRenderingContextBase.cpp.patch | 224 ++++++++++++++++++ ...-platform-WebContentSettingsClient.h.patch | 16 ++ renderer/brave_content_settings_observer.cc | 29 +++ renderer/brave_content_settings_observer.h | 5 + .../brave_content_settings_observer_helper.h | 16 ++ 27 files changed, 849 insertions(+) create mode 100644 patches/chrome-browser-chrome_content_browser_client.cc.patch create mode 100644 patches/chrome-renderer-content_settings_observer.cc.patch create mode 100644 patches/chrome-renderer-content_settings_observer.h.patch create mode 100644 patches/components-content_settings-core-browser-content_settings_utils.cc.patch create mode 100644 patches/components-content_settings-core-common-content_settings.h.patch create mode 100644 patches/components-content_settings-core-common-content_settings.mojom.patch create mode 100644 patches/components-content_settings-core-common-content_settings_struct_traits.cc.patch create mode 100644 patches/components-content_settings-core-common-content_settings_struct_traits.h.patch create mode 100644 patches/third_party-WebKit-Source-core-frame-ContentSettingsClient.cpp.patch create mode 100644 patches/third_party-WebKit-Source-core-frame-ContentSettingsClient.h.patch create mode 100644 patches/third_party-WebKit-Source-core-html-canvas-HTMLCanvasElement.cpp.patch create mode 100644 patches/third_party-WebKit-Source-core-svg-SVGPathElement.cpp.patch create mode 100644 patches/third_party-WebKit-Source-core-svg-SVGTextContentElement.cpp.patch create mode 100644 patches/third_party-WebKit-Source-modules-canvas-canvas2d-CanvasRenderingContext2D.cpp.patch create mode 100644 patches/third_party-WebKit-Source-modules-canvas-canvas2d-CanvasRenderingContext2D.h.patch create mode 100644 patches/third_party-WebKit-Source-modules-mediastream-MediaDevices.cpp.patch create mode 100644 patches/third_party-WebKit-Source-modules-peerconnection-RTCPeerConnection.cpp.patch create mode 100644 patches/third_party-WebKit-Source-modules-webaudio-AnalyserNode.cpp.patch create mode 100644 patches/third_party-WebKit-Source-modules-webgl-WebGL2RenderingContextBase.cpp.patch create mode 100644 patches/third_party-WebKit-Source-modules-webgl-WebGLRenderingContextBase.cpp.patch create mode 100644 patches/third_party-WebKit-public-platform-WebContentSettingsClient.h.patch create mode 100644 renderer/brave_content_settings_observer_helper.h diff --git a/common/render_messages.h b/common/render_messages.h index 7228c4a4c042..01a185c617fa 100644 --- a/common/render_messages.h +++ b/common/render_messages.h @@ -16,3 +16,6 @@ // user's content settings. IPC_MESSAGE_ROUTED1(BraveViewHostMsg_JavaScriptBlocked, base::string16 /* details on blocked content */) + +IPC_MESSAGE_ROUTED1(BraveViewHostMsg_FingerprintingBlocked, + base::string16 /* details on blocked content */) diff --git a/components/brave_shields/browser/brave_shields_web_contents_observer.cc b/components/brave_shields/browser/brave_shields_web_contents_observer.cc index 835be9a5bcec..ddf90c4f7f38 100644 --- a/components/brave_shields/browser/brave_shields_web_contents_observer.cc +++ b/components/brave_shields/browser/brave_shields_web_contents_observer.cc @@ -132,6 +132,8 @@ bool BraveShieldsWebContentsObserver::OnMessageReceived( message, render_frame_host) IPC_MESSAGE_HANDLER(BraveViewHostMsg_JavaScriptBlocked, OnJavaScriptBlockedWithDetail) + IPC_MESSAGE_HANDLER(BraveViewHostMsg_FingerprintingBlocked, + OnFingerprintingBlockedWithDetail) IPC_MESSAGE_UNHANDLED(handled = false) IPC_END_MESSAGE_MAP() return handled; @@ -149,6 +151,18 @@ void BraveShieldsWebContentsObserver::OnJavaScriptBlockedWithDetail( base::UTF16ToUTF8(details), web_contents); } +void BraveShieldsWebContentsObserver::OnFingerprintingBlockedWithDetail( + RenderFrameHost* render_frame_host, + const base::string16& details) { + content::WebContents* web_contents = + content::WebContents::FromRenderFrameHost(render_frame_host); + if (!web_contents) { + return; + } + DispatchBlockedEventForWebContents(brave_shields::kFingerprinting, + base::UTF16ToUTF8(details), web_contents); +} + // static void BraveShieldsWebContentsObserver::RegisterProfilePrefs(PrefRegistrySimple* registry) { registry->RegisterUint64Pref(kAdsBlocked, 0); diff --git a/components/brave_shields/browser/brave_shields_web_contents_observer.h b/components/brave_shields/browser/brave_shields_web_contents_observer.h index 889d515037cd..0d3ea5ceecdb 100644 --- a/components/brave_shields/browser/brave_shields_web_contents_observer.h +++ b/components/brave_shields/browser/brave_shields_web_contents_observer.h @@ -45,6 +45,9 @@ class BraveShieldsWebContentsObserver : public content::WebContentsObserver, void OnJavaScriptBlockedWithDetail( content::RenderFrameHost* render_frame_host, const base::string16& details); + void OnFingerprintingBlockedWithDetail( + content::RenderFrameHost* render_frame_host, + const base::string16& details); DISALLOW_COPY_AND_ASSIGN(BraveShieldsWebContentsObserver); }; diff --git a/patches/chrome-browser-chrome_content_browser_client.cc.patch b/patches/chrome-browser-chrome_content_browser_client.cc.patch new file mode 100644 index 000000000000..f19e5a47ecc3 --- /dev/null +++ b/patches/chrome-browser-chrome_content_browser_client.cc.patch @@ -0,0 +1,15 @@ +diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc +index 8d132058b6ee5ec856a183933ffd389816885619..35ff2e225d6196364ba79d086fef0abe527c259f 100644 +--- a/chrome/browser/chrome_content_browser_client.cc ++++ b/chrome/browser/chrome_content_browser_client.cc +@@ -713,6 +713,10 @@ void GetGuestViewDefaultContentSettingRules( + ContentSettingsPattern::Wildcard(), ContentSettingsPattern::Wildcard(), + content_settings::ContentSettingToValue(CONTENT_SETTING_BLOCK), + std::string(), incognito)); ++ rules->fingerprinting_rules.push_back(ContentSettingPatternSource( ++ ContentSettingsPattern::Wildcard(), ContentSettingsPattern::Wildcard(), ++ content_settings::ContentSettingToValue(CONTENT_SETTING_ALLOW), ++ std::string(), incognito)); + } + + AppLoadedInTabSource ClassifyAppLoadedInTabSource( diff --git a/patches/chrome-renderer-content_settings_observer.cc.patch b/patches/chrome-renderer-content_settings_observer.cc.patch new file mode 100644 index 000000000000..571a919361f0 --- /dev/null +++ b/patches/chrome-renderer-content_settings_observer.cc.patch @@ -0,0 +1,27 @@ +diff --git a/chrome/renderer/content_settings_observer.cc b/chrome/renderer/content_settings_observer.cc +index f3947e48b3a67f534772366ce3ff45bdcc13eb39..c4b62d9087eb65a31085c61306de13eb70ecdce2 100644 +--- a/chrome/renderer/content_settings_observer.cc ++++ b/chrome/renderer/content_settings_observer.cc +@@ -71,10 +71,12 @@ GURL GetOriginOrURL(const WebFrame* frame) { + return top_origin.GetURL(); + } + ++} // namespace ++ + // Allow passing both WebURL and GURL here, so that we can early return without + // allocating a new backing string if only the default rule matches. + template +-ContentSetting GetContentSettingFromRules( ++ContentSetting ContentSettingsObserver::GetContentSettingFromRules( + const ContentSettingsForOneType& rules, + const WebFrame* frame, + const URL& secondary_url) { +@@ -97,6 +99,8 @@ ContentSetting GetContentSettingFromRules( + return CONTENT_SETTING_DEFAULT; + } + ++namespace { ++ + bool IsScriptDisabledForPreview(const content::RenderFrame* render_frame) { + return render_frame->GetPreviewsState() & content::NOSCRIPT_ON; + } diff --git a/patches/chrome-renderer-content_settings_observer.h.patch b/patches/chrome-renderer-content_settings_observer.h.patch new file mode 100644 index 000000000000..5704174b00ad --- /dev/null +++ b/patches/chrome-renderer-content_settings_observer.h.patch @@ -0,0 +1,25 @@ +diff --git a/chrome/renderer/content_settings_observer.h b/chrome/renderer/content_settings_observer.h +index 8030dcd98b1fc0e227fe07258c4f7f4ecf7fc46f..6532c1de6fc3fbd0f88d6fdcd4ed3bfcd7528b6d 100644 +--- a/chrome/renderer/content_settings_observer.h ++++ b/chrome/renderer/content_settings_observer.h +@@ -103,6 +103,7 @@ class ContentSettingsObserver + } + + private: ++ friend class BraveContentSettingsObserver; + FRIEND_TEST_ALL_PREFIXES(ContentSettingsObserverTest, WhitelistedSchemes); + FRIEND_TEST_ALL_PREFIXES(ContentSettingsObserverBrowserTest, + ContentSettingsInterstitialPages); +@@ -149,6 +150,12 @@ class ContentSettingsObserver + const blink::WebSecurityOrigin& origin, + const blink::WebURL& document_url); + ++ template ++ ContentSetting GetContentSettingFromRules( ++ const ContentSettingsForOneType& rules, ++ const blink::WebFrame* frame, ++ const URL& secondary_url); ++ + #if BUILDFLAG(ENABLE_EXTENSIONS) + // Owned by ChromeContentRendererClient and outlive us. + extensions::Dispatcher* const extension_dispatcher_; diff --git a/patches/components-content_settings-core-browser-content_settings_utils.cc.patch b/patches/components-content_settings-core-browser-content_settings_utils.cc.patch new file mode 100644 index 000000000000..23bed215b554 --- /dev/null +++ b/patches/components-content_settings-core-browser-content_settings_utils.cc.patch @@ -0,0 +1,15 @@ +diff --git a/components/content_settings/core/browser/content_settings_utils.cc b/components/content_settings/core/browser/content_settings_utils.cc +index 991543e4c6f23831957909b5e60a143c1dd8f091..e40942011faa75a41c8cfaebad2439a172b48a24 100644 +--- a/components/content_settings/core/browser/content_settings_utils.cc ++++ b/components/content_settings/core/browser/content_settings_utils.cc +@@ -143,6 +143,10 @@ void GetRendererContentSettingRules(const HostContentSettingsMap* map, + map->GetSettingsForOneType(CONTENT_SETTINGS_TYPE_CLIENT_HINTS, + ResourceIdentifier(), + &(rules->client_hints_rules)); ++ map->GetSettingsForOneType( ++ CONTENT_SETTINGS_TYPE_PLUGINS, ++ "fingerprinting", ++ &(rules->fingerprinting_rules)); + } + + bool IsMorePermissive(ContentSetting a, ContentSetting b) { diff --git a/patches/components-content_settings-core-common-content_settings.h.patch b/patches/components-content_settings-core-common-content_settings.h.patch new file mode 100644 index 000000000000..50c59414867e --- /dev/null +++ b/patches/components-content_settings-core-common-content_settings.h.patch @@ -0,0 +1,12 @@ +diff --git a/components/content_settings/core/common/content_settings.h b/components/content_settings/core/common/content_settings.h +index 8fa4e4bef9be06e1cb742a732fb9774f2159c06c..210fad8853b3d17e44270f4151dd62b8cab101bc 100644 +--- a/components/content_settings/core/common/content_settings.h ++++ b/components/content_settings/core/common/content_settings.h +@@ -72,6 +72,7 @@ struct RendererContentSettingRules { + ContentSettingsForOneType script_rules; + ContentSettingsForOneType autoplay_rules; + ContentSettingsForOneType client_hints_rules; ++ ContentSettingsForOneType fingerprinting_rules; + }; + + namespace content_settings { diff --git a/patches/components-content_settings-core-common-content_settings.mojom.patch b/patches/components-content_settings-core-common-content_settings.mojom.patch new file mode 100644 index 000000000000..f69b50f4439b --- /dev/null +++ b/patches/components-content_settings-core-common-content_settings.mojom.patch @@ -0,0 +1,10 @@ +diff --git a/components/content_settings/core/common/content_settings.mojom b/components/content_settings/core/common/content_settings.mojom +index 6766c161ab2345d2cac339d2633ee27ec86d4abe..e2be9fb1bd60a0b2a8633d9220d91b366e94eef0 100644 +--- a/components/content_settings/core/common/content_settings.mojom ++++ b/components/content_settings/core/common/content_settings.mojom +@@ -72,4 +72,5 @@ struct RendererContentSettingRules { + array script_rules; + array autoplay_rules; + array client_hints_rules; ++ array fingerprinting_rules; + }; diff --git a/patches/components-content_settings-core-common-content_settings_struct_traits.cc.patch b/patches/components-content_settings-core-common-content_settings_struct_traits.cc.patch new file mode 100644 index 000000000000..5e0fe1d78d1e --- /dev/null +++ b/patches/components-content_settings-core-common-content_settings_struct_traits.cc.patch @@ -0,0 +1,14 @@ +diff --git a/components/content_settings/core/common/content_settings_struct_traits.cc b/components/content_settings/core/common/content_settings_struct_traits.cc +index f3426ddeea0df91b395a039fc87d7db04b51e8ba..5eadd90ee62281032ba0f54be04a67b2a5ff7f9f 100644 +--- a/components/content_settings/core/common/content_settings_struct_traits.cc ++++ b/components/content_settings/core/common/content_settings_struct_traits.cc +@@ -100,7 +100,8 @@ bool StructTraitsimage_rules) && + data.ReadScriptRules(&out->script_rules) && + data.ReadAutoplayRules(&out->autoplay_rules) && +- data.ReadClientHintsRules(&out->client_hints_rules); ++ data.ReadClientHintsRules(&out->client_hints_rules) && ++ data.ReadFingerprintingRules(&out->fingerprinting_rules); + } + + } // namespace mojo diff --git a/patches/components-content_settings-core-common-content_settings_struct_traits.h.patch b/patches/components-content_settings-core-common-content_settings_struct_traits.h.patch new file mode 100644 index 000000000000..7d9c6e2c63fc --- /dev/null +++ b/patches/components-content_settings-core-common-content_settings_struct_traits.h.patch @@ -0,0 +1,16 @@ +diff --git a/components/content_settings/core/common/content_settings_struct_traits.h b/components/content_settings/core/common/content_settings_struct_traits.h +index f36bdde91be3f6d44f53fd042b707ec2b83b908e..ec7725fcdd2207323d7fc4a8c05b27d3bb961b16 100644 +--- a/components/content_settings/core/common/content_settings_struct_traits.h ++++ b/components/content_settings/core/common/content_settings_struct_traits.h +@@ -141,6 +141,11 @@ struct StructTraits< + return r.client_hints_rules; + } + ++ static const std::vector& fingerprinting_rules( ++ const RendererContentSettingRules& r) { ++ return r.fingerprinting_rules; ++ } ++ + static bool Read( + content_settings::mojom::RendererContentSettingRulesDataView data, + RendererContentSettingRules* out); diff --git a/patches/third_party-WebKit-Source-core-frame-ContentSettingsClient.cpp.patch b/patches/third_party-WebKit-Source-core-frame-ContentSettingsClient.cpp.patch new file mode 100644 index 000000000000..d71b1a663106 --- /dev/null +++ b/patches/third_party-WebKit-Source-core-frame-ContentSettingsClient.cpp.patch @@ -0,0 +1,17 @@ +diff --git a/third_party/WebKit/Source/core/frame/ContentSettingsClient.cpp b/third_party/WebKit/Source/core/frame/ContentSettingsClient.cpp +index fde957a1ab1e63c9b5fc66f69015641e42fb10e9..6356ba58c5f77b9c8486023f41c7faf460516bd3 100644 +--- a/third_party/WebKit/Source/core/frame/ContentSettingsClient.cpp ++++ b/third_party/WebKit/Source/core/frame/ContentSettingsClient.cpp +@@ -59,6 +59,12 @@ bool ContentSettingsClient::AllowScriptFromSource(bool enabled_per_settings, + return enabled_per_settings; + } + ++bool ContentSettingsClient::AllowFingerprinting(bool enabled_per_settings) { ++ if (client_) ++ return client_->AllowFingerprinting(enabled_per_settings); ++ return enabled_per_settings; ++} ++ + void ContentSettingsClient::GetAllowedClientHintsFromSource( + const KURL& url, + WebEnabledClientHints* client_hints) { diff --git a/patches/third_party-WebKit-Source-core-frame-ContentSettingsClient.h.patch b/patches/third_party-WebKit-Source-core-frame-ContentSettingsClient.h.patch new file mode 100644 index 000000000000..9512ef0430c8 --- /dev/null +++ b/patches/third_party-WebKit-Source-core-frame-ContentSettingsClient.h.patch @@ -0,0 +1,14 @@ +diff --git a/third_party/WebKit/Source/core/frame/ContentSettingsClient.h b/third_party/WebKit/Source/core/frame/ContentSettingsClient.h +index 54a5a3dd5f92e263b42c265befca66087eaadef7..d78521d2ace8a54b1692dfdfe20df436754f5b10 100644 +--- a/third_party/WebKit/Source/core/frame/ContentSettingsClient.h ++++ b/third_party/WebKit/Source/core/frame/ContentSettingsClient.h +@@ -51,6 +51,9 @@ class CORE_EXPORT ContentSettingsClient { + // Controls whether scripts loaded from the given URL are allowed to execute. + bool AllowScriptFromSource(bool enabled_per_settings, const KURL&); + ++ // Controls whether fingerprinting is allowed for this frame. ++ bool AllowFingerprinting(bool enabled_per_settings); ++ + // Retrieves the client hints that should be attached to the request for the + // given URL. + void GetAllowedClientHintsFromSource(const KURL&, WebEnabledClientHints*); diff --git a/patches/third_party-WebKit-Source-core-html-canvas-HTMLCanvasElement.cpp.patch b/patches/third_party-WebKit-Source-core-html-canvas-HTMLCanvasElement.cpp.patch new file mode 100644 index 000000000000..3eaa75c7f875 --- /dev/null +++ b/patches/third_party-WebKit-Source-core-html-canvas-HTMLCanvasElement.cpp.patch @@ -0,0 +1,32 @@ +diff --git a/third_party/WebKit/Source/core/html/canvas/HTMLCanvasElement.cpp b/third_party/WebKit/Source/core/html/canvas/HTMLCanvasElement.cpp +index 8f5c621ca932513988e143ad5b0863f5b2af381f..24449d804c4da8e8a7a0e0a90a4f3c05935a6256 100644 +--- a/third_party/WebKit/Source/core/html/canvas/HTMLCanvasElement.cpp ++++ b/third_party/WebKit/Source/core/html/canvas/HTMLCanvasElement.cpp +@@ -35,6 +35,7 @@ + #include "bindings/core/v8/ExceptionMessages.h" + #include "bindings/core/v8/ExceptionState.h" + #include "bindings/core/v8/ScriptController.h" ++#include "brave/renderer/brave_content_settings_observer_helper.h" + #include "build/build_config.h" + #include "core/css/CSSFontSelector.h" + #include "core/css/StyleEngine.h" +@@ -820,6 +821,9 @@ String HTMLCanvasElement::ToDataURLInternal( + String HTMLCanvasElement::toDataURL(const String& mime_type, + const ScriptValue& quality_argument, + ExceptionState& exception_state) const { ++ if (!AllowFingerprinting(GetDocument().GetFrame())) ++ return String(); ++ + if (!OriginClean()) { + exception_state.ThrowSecurityError("Tainted canvases may not be exported."); + return String(); +@@ -839,6 +843,9 @@ void HTMLCanvasElement::toBlob(V8BlobCallback* callback, + const String& mime_type, + const ScriptValue& quality_argument, + ExceptionState& exception_state) { ++ if (!AllowFingerprinting(GetDocument().GetFrame())) ++ return; ++ + if (!OriginClean()) { + exception_state.ThrowSecurityError("Tainted canvases may not be exported."); + return; diff --git a/patches/third_party-WebKit-Source-core-svg-SVGPathElement.cpp.patch b/patches/third_party-WebKit-Source-core-svg-SVGPathElement.cpp.patch new file mode 100644 index 000000000000..10d048e59b75 --- /dev/null +++ b/patches/third_party-WebKit-Source-core-svg-SVGPathElement.cpp.patch @@ -0,0 +1,22 @@ +diff --git a/third_party/WebKit/Source/core/svg/SVGPathElement.cpp b/third_party/WebKit/Source/core/svg/SVGPathElement.cpp +index 0cd5644ddaf02669ed5bb452ee89d558ea6a6399..c0b86e4cbf9a7283ef3ff0b87ab9bd438f23dbc3 100644 +--- a/third_party/WebKit/Source/core/svg/SVGPathElement.cpp ++++ b/third_party/WebKit/Source/core/svg/SVGPathElement.cpp +@@ -20,6 +20,7 @@ + + #include "core/svg/SVGPathElement.h" + ++#include "brave/renderer/brave_content_settings_observer_helper.h" + #include "core/css/StyleChangeReason.h" + #include "core/layout/svg/LayoutSVGPath.h" + #include "core/svg/SVGMPathElement.h" +@@ -65,6 +66,9 @@ Path SVGPathElement::AsPath() const { + } + + float SVGPathElement::getTotalLength() { ++ if (!AllowFingerprinting(GetDocument().GetFrame())) { ++ return 0.0f; ++ } + GetDocument().UpdateStyleAndLayoutIgnorePendingStylesheets(); + return SVGPathQuery(PathByteStream()).GetTotalLength(); + } diff --git a/patches/third_party-WebKit-Source-core-svg-SVGTextContentElement.cpp.patch b/patches/third_party-WebKit-Source-core-svg-SVGTextContentElement.cpp.patch new file mode 100644 index 000000000000..b2e9228d979b --- /dev/null +++ b/patches/third_party-WebKit-Source-core-svg-SVGTextContentElement.cpp.patch @@ -0,0 +1,22 @@ +diff --git a/third_party/WebKit/Source/core/svg/SVGTextContentElement.cpp b/third_party/WebKit/Source/core/svg/SVGTextContentElement.cpp +index d8b1e5b163a7d1663ef692a2e5a3393711784b0d..d5762fb3b08e8acb51196bcae94849ec3d73874d 100644 +--- a/third_party/WebKit/Source/core/svg/SVGTextContentElement.cpp ++++ b/third_party/WebKit/Source/core/svg/SVGTextContentElement.cpp +@@ -22,6 +22,7 @@ + + #include "bindings/core/v8/ExceptionMessages.h" + #include "bindings/core/v8/ExceptionState.h" ++#include "brave/renderer/brave_content_settings_observer_helper.h" + #include "core/CSSPropertyNames.h" + #include "core/CSSValueKeywords.h" + #include "core/editing/FrameSelection.h" +@@ -103,6 +104,9 @@ unsigned SVGTextContentElement::getNumberOfChars() { + } + + float SVGTextContentElement::getComputedTextLength() { ++ if (!AllowFingerprinting(GetDocument().GetFrame())) { ++ return 0.0f; ++ } + GetDocument().UpdateStyleAndLayoutIgnorePendingStylesheets(); + return SVGTextQuery(GetLayoutObject()).TextLength(); + } diff --git a/patches/third_party-WebKit-Source-modules-canvas-canvas2d-CanvasRenderingContext2D.cpp.patch b/patches/third_party-WebKit-Source-modules-canvas-canvas2d-CanvasRenderingContext2D.cpp.patch new file mode 100644 index 000000000000..86a8423c4916 --- /dev/null +++ b/patches/third_party-WebKit-Source-modules-canvas-canvas2d-CanvasRenderingContext2D.cpp.patch @@ -0,0 +1,75 @@ +diff --git a/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.cpp b/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.cpp +index 94de909f954d2f4638a89aa37575e39626989ae8..76a8211b23d69ef4efe070baa2d7153af82bc355 100644 +--- a/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.cpp ++++ b/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.cpp +@@ -36,6 +36,7 @@ + #include "bindings/core/v8/ExceptionMessages.h" + #include "bindings/core/v8/ExceptionState.h" + #include "bindings/modules/v8/rendering_context.h" ++#include "brave/renderer/brave_content_settings_observer_helper.h" + #include "core/CSSPropertyNames.h" + #include "core/css/CSSFontSelector.h" + #include "core/css/CSSPropertyValueSet.h" +@@ -763,6 +764,9 @@ TextMetrics* CanvasRenderingContext2D::measureText(const String& text) { + if (!canvas()->GetDocument().GetFrame()) + return TextMetrics::Create(); + ++ if (!AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return TextMetrics::Create(); ++ + canvas()->GetDocument().UpdateStyleAndLayoutTreeForNode(canvas()); + + const Font& font = AccessFont(); +@@ -778,6 +782,52 @@ TextMetrics* CanvasRenderingContext2D::measureText(const String& text) { + GetState().GetTextAlign(), text); + } + ++bool CanvasRenderingContext2D::isPointInPath(const double x, ++ const double y, ++ const String& winding_rule_string) { ++ if (!AllowFingerprinting(canvas()->GetDocument().GetFrame())) return false; ++ return BaseRenderingContext2D::isPointInPath(x, y, winding_rule_string); ++} ++ ++bool CanvasRenderingContext2D::isPointInPath(Path2D* dom_path, ++ const double x, ++ const double y, ++ const String& winding_rule_string) { ++ if (!AllowFingerprinting(canvas()->GetDocument().GetFrame())) return false; ++ return BaseRenderingContext2D::isPointInPath(dom_path, x, y, ++ winding_rule_string); ++} ++ ++bool CanvasRenderingContext2D::isPointInStroke(const double x, const double y) { ++ if (!AllowFingerprinting(canvas()->GetDocument().GetFrame())) return false; ++ return BaseRenderingContext2D::isPointInStroke(x, y); ++} ++ ++bool CanvasRenderingContext2D::isPointInStroke(Path2D* dom_path, ++ const double x, ++ const double y) { ++ if (!AllowFingerprinting(canvas()->GetDocument().GetFrame())) return false; ++ return BaseRenderingContext2D::isPointInStroke(dom_path, x, y); ++} ++ ++ImageData* CanvasRenderingContext2D::getImageData( ++ int sx, ++ int sy, ++ int sw, ++ int sh, ++ ExceptionState& exception_state) { ++ if (!AllowFingerprinting(canvas()->GetDocument().GetFrame())) return nullptr; ++ return BaseRenderingContext2D::getImageData(sx, sy, sw, sh, exception_state); ++} ++ ++const Vector& CanvasRenderingContext2D::getLineDash() const { ++ static const Vector emptyVector; ++ if (!AllowFingerprinting(canvas()->GetDocument().GetFrame())) { ++ return emptyVector; ++ } ++ return BaseRenderingContext2D::getLineDash(); ++} ++ + void CanvasRenderingContext2D::DrawTextInternal( + const String& text, + double x, diff --git a/patches/third_party-WebKit-Source-modules-canvas-canvas2d-CanvasRenderingContext2D.h.patch b/patches/third_party-WebKit-Source-modules-canvas-canvas2d-CanvasRenderingContext2D.h.patch new file mode 100644 index 000000000000..c663f6b84160 --- /dev/null +++ b/patches/third_party-WebKit-Source-modules-canvas-canvas2d-CanvasRenderingContext2D.h.patch @@ -0,0 +1,24 @@ +diff --git a/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.h b/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.h +index 1fface0bbb6ee9bd97ab49a0e0577a84a5228b5d..04e72634a50f13d97bc89319e7b319fb612e8da2 100644 +--- a/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.h ++++ b/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.h +@@ -124,6 +124,19 @@ class MODULES_EXPORT CanvasRenderingContext2D final + void strokeText(const String& text, double x, double y, double max_width); + TextMetrics* measureText(const String& text); + ++ bool isPointInPath(const double x, ++ const double y, ++ const String& winding = "nonzero"); ++ bool isPointInPath(Path2D*, ++ const double x, ++ const double y, ++ const String& winding = "nonzero"); ++ bool isPointInStroke(const double x, const double y); ++ bool isPointInStroke(Path2D*, const double x, const double y); ++ ImageData* getImageData(int sx, int sy, int sw, int sh, ExceptionState&); ++ const Vector& getLineDash() const; ++ ++ + void getContextAttributes(CanvasRenderingContext2DSettings&) const; + + void drawFocusIfNeeded(Element*); diff --git a/patches/third_party-WebKit-Source-modules-mediastream-MediaDevices.cpp.patch b/patches/third_party-WebKit-Source-modules-mediastream-MediaDevices.cpp.patch new file mode 100644 index 000000000000..b797d821eac0 --- /dev/null +++ b/patches/third_party-WebKit-Source-modules-mediastream-MediaDevices.cpp.patch @@ -0,0 +1,23 @@ +diff --git a/third_party/WebKit/Source/modules/mediastream/MediaDevices.cpp b/third_party/WebKit/Source/modules/mediastream/MediaDevices.cpp +index 29675b0789e65a2e8520fc2185719065636a7bb3..edfb60c3f7636caee9888ceaea1d5e029a204854 100644 +--- a/third_party/WebKit/Source/modules/mediastream/MediaDevices.cpp ++++ b/third_party/WebKit/Source/modules/mediastream/MediaDevices.cpp +@@ -6,6 +6,7 @@ + + #include "bindings/core/v8/ScriptPromise.h" + #include "bindings/core/v8/ScriptPromiseResolver.h" ++#include "brave/renderer/brave_content_settings_observer_helper.h" + #include "core/dom/DOMException.h" + #include "core/dom/Document.h" + #include "core/dom/ExceptionCode.h" +@@ -88,6 +89,10 @@ ScriptPromise MediaDevices::enumerateDevices(ScriptState* script_state) { + DOMException::Create(kNotSupportedError, "Current frame is detached.")); + } + ++ if (!AllowFingerprinting(frame)) { ++ return ScriptPromise::CastUndefined(script_state); ++ } ++ + ScriptPromiseResolver* resolver = ScriptPromiseResolver::Create(script_state); + ScriptPromise promise = resolver->Promise(); + requests_.insert(resolver); diff --git a/patches/third_party-WebKit-Source-modules-peerconnection-RTCPeerConnection.cpp.patch b/patches/third_party-WebKit-Source-modules-peerconnection-RTCPeerConnection.cpp.patch new file mode 100644 index 000000000000..2edd9bb22d87 --- /dev/null +++ b/patches/third_party-WebKit-Source-modules-peerconnection-RTCPeerConnection.cpp.patch @@ -0,0 +1,93 @@ +diff --git a/third_party/WebKit/Source/modules/peerconnection/RTCPeerConnection.cpp b/third_party/WebKit/Source/modules/peerconnection/RTCPeerConnection.cpp +index a629c37f6806fadc7becaf71c3050c4aaa510ce8..3313a0ccce16c3e678e434dc5bb46d19ce4d2f80 100644 +--- a/third_party/WebKit/Source/modules/peerconnection/RTCPeerConnection.cpp ++++ b/third_party/WebKit/Source/modules/peerconnection/RTCPeerConnection.cpp +@@ -48,6 +48,7 @@ + #include "bindings/modules/v8/v8_rtc_peer_connection_error_callback.h" + #include "bindings/modules/v8/v8_rtc_session_description_callback.h" + #include "bindings/modules/v8/v8_rtc_stats_callback.h" ++#include "brave/renderer/brave_content_settings_observer_helper.h" + #include "core/dom/DOMException.h" + #include "core/dom/DOMTimeStamp.h" + #include "core/dom/Document.h" +@@ -596,6 +597,9 @@ void RTCPeerConnection::Dispose() { + + ScriptPromise RTCPeerConnection::createOffer(ScriptState* script_state, + const RTCOfferOptions& options) { ++ if (!AllowFingerprinting(ToDocument(GetExecutionContext())->GetFrame())) ++ return ScriptPromise::CastUndefined(script_state); ++ + if (signaling_state_ == kSignalingStateClosed) + return ScriptPromise::RejectWithDOMException( + script_state, +@@ -626,6 +630,10 @@ ScriptPromise RTCPeerConnection::createOffer( + ExecutionContext* context = ExecutionContext::From(script_state); + UseCounter::Count( + context, WebFeature::kRTCPeerConnectionCreateOfferLegacyFailureCallback); ++ ++ if (!AllowFingerprinting(ToDocument(GetExecutionContext())->GetFrame())) ++ return ScriptPromise::CastUndefined(script_state); ++ + if (CallErrorCallbackIfSignalingStateClosed(signaling_state_, error_callback)) + return ScriptPromise::CastUndefined(script_state); + +@@ -678,6 +686,9 @@ ScriptPromise RTCPeerConnection::createOffer( + + ScriptPromise RTCPeerConnection::createAnswer(ScriptState* script_state, + const RTCAnswerOptions& options) { ++ if (!AllowFingerprinting(ToDocument(GetExecutionContext())->GetFrame())) ++ return ScriptPromise::CastUndefined(script_state); ++ + if (signaling_state_ == kSignalingStateClosed) + return ScriptPromise::RejectWithDOMException( + script_state, +@@ -709,6 +720,9 @@ ScriptPromise RTCPeerConnection::createAnswer( + context, WebFeature::kRTCPeerConnectionCreateAnswerLegacyCompliant); + } + ++ if (!AllowFingerprinting(ToDocument(GetExecutionContext())->GetFrame())) ++ return ScriptPromise::CastUndefined(script_state); ++ + if (CallErrorCallbackIfSignalingStateClosed(signaling_state_, error_callback)) + return ScriptPromise::CastUndefined(script_state); + +@@ -735,6 +749,9 @@ ScriptPromise RTCPeerConnection::createAnswer( + ScriptPromise RTCPeerConnection::setLocalDescription( + ScriptState* script_state, + const RTCSessionDescriptionInit& session_description_init) { ++ if (!AllowFingerprinting(ToDocument(GetExecutionContext())->GetFrame())) ++ return ScriptPromise::CastUndefined(script_state); ++ + if (signaling_state_ == kSignalingStateClosed) + return ScriptPromise::RejectWithDOMException( + script_state, +@@ -772,6 +789,9 @@ ScriptPromise RTCPeerConnection::setLocalDescription( + kRTCPeerConnectionSetLocalDescriptionLegacyNoFailureCallback); + } + ++ if (!AllowFingerprinting(ToDocument(GetExecutionContext())->GetFrame())) ++ return ScriptPromise::CastUndefined(script_state); ++ + if (CallErrorCallbackIfSignalingStateClosed(signaling_state_, error_callback)) + return ScriptPromise::CastUndefined(script_state); + +@@ -795,6 +815,9 @@ RTCSessionDescription* RTCPeerConnection::localDescription() { + ScriptPromise RTCPeerConnection::setRemoteDescription( + ScriptState* script_state, + const RTCSessionDescriptionInit& session_description_init) { ++ if (!AllowFingerprinting(ToDocument(GetExecutionContext())->GetFrame())) ++ return ScriptPromise::CastUndefined(script_state); ++ + if (signaling_state_ == kSignalingStateClosed) + return ScriptPromise::RejectWithDOMException( + script_state, +@@ -832,6 +855,9 @@ ScriptPromise RTCPeerConnection::setRemoteDescription( + kRTCPeerConnectionSetRemoteDescriptionLegacyNoFailureCallback); + } + ++ if (!AllowFingerprinting(ToDocument(GetExecutionContext())->GetFrame())) ++ return ScriptPromise::CastUndefined(script_state); ++ + if (CallErrorCallbackIfSignalingStateClosed(signaling_state_, error_callback)) + return ScriptPromise::CastUndefined(script_state); + diff --git a/patches/third_party-WebKit-Source-modules-webaudio-AnalyserNode.cpp.patch b/patches/third_party-WebKit-Source-modules-webaudio-AnalyserNode.cpp.patch new file mode 100644 index 000000000000..b4c6e90e7695 --- /dev/null +++ b/patches/third_party-WebKit-Source-modules-webaudio-AnalyserNode.cpp.patch @@ -0,0 +1,44 @@ +diff --git a/third_party/WebKit/Source/modules/webaudio/AnalyserNode.cpp b/third_party/WebKit/Source/modules/webaudio/AnalyserNode.cpp +index afa72785c06dcea6fad29bfedfc71940d60aa7d5..e24795a6361ec0b1f13ece480f7d312347a8e4da 100644 +--- a/third_party/WebKit/Source/modules/webaudio/AnalyserNode.cpp ++++ b/third_party/WebKit/Source/modules/webaudio/AnalyserNode.cpp +@@ -26,7 +26,10 @@ + #include "modules/webaudio/AnalyserNode.h" + #include "bindings/core/v8/ExceptionMessages.h" + #include "bindings/core/v8/ExceptionState.h" ++#include "brave/renderer/brave_content_settings_observer_helper.h" ++#include "core/dom/Document.h" + #include "core/dom/ExceptionCode.h" ++#include "core/dom/ExecutionContext.h" + #include "modules/webaudio/AnalyserOptions.h" + #include "modules/webaudio/AudioNodeInput.h" + #include "modules/webaudio/AudioNodeOutput.h" +@@ -264,20 +267,28 @@ double AnalyserNode::smoothingTimeConstant() const { + } + + void AnalyserNode::getFloatFrequencyData(NotShared array) { ++ if (!AllowFingerprinting(ToDocument(GetExecutionContext())->GetFrame())) ++ return; + GetAnalyserHandler().GetFloatFrequencyData(array.View(), + context()->currentTime()); + } + + void AnalyserNode::getByteFrequencyData(NotShared array) { ++ if (!AllowFingerprinting(ToDocument(GetExecutionContext())->GetFrame())) ++ return; + GetAnalyserHandler().GetByteFrequencyData(array.View(), + context()->currentTime()); + } + + void AnalyserNode::getFloatTimeDomainData(NotShared array) { ++ if (!AllowFingerprinting(ToDocument(GetExecutionContext())->GetFrame())) ++ return; + GetAnalyserHandler().GetFloatTimeDomainData(array.View()); + } + + void AnalyserNode::getByteTimeDomainData(NotShared array) { ++ if (!AllowFingerprinting(ToDocument(GetExecutionContext())->GetFrame())) ++ return; + GetAnalyserHandler().GetByteTimeDomainData(array.View()); + } + diff --git a/patches/third_party-WebKit-Source-modules-webgl-WebGL2RenderingContextBase.cpp.patch b/patches/third_party-WebKit-Source-modules-webgl-WebGL2RenderingContextBase.cpp.patch new file mode 100644 index 000000000000..8da8fd0330fb --- /dev/null +++ b/patches/third_party-WebKit-Source-modules-webgl-WebGL2RenderingContextBase.cpp.patch @@ -0,0 +1,39 @@ +diff --git a/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp b/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp +index 67c61dc7c4b557712b68ba79cccf3fef014e4923..4f7f6fa7768cccc34c7cd3192878a924d9919a61 100644 +--- a/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp ++++ b/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp +@@ -6,6 +6,7 @@ + + #include + #include "bindings/modules/v8/WebGLAny.h" ++#include "brave/renderer/brave_content_settings_observer_helper.h" + #include "core/html/HTMLImageElement.h" + #include "core/html/canvas/HTMLCanvasElement.h" + #include "core/html/canvas/ImageData.h" +@@ -4857,6 +4858,8 @@ ScriptValue WebGL2RenderingContextBase::getParameter(ScriptState* script_state, + GLenum pname) { + if (isContextLost()) + return ScriptValue::CreateNull(script_state); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return ScriptValue::CreateNull(script_state); + switch (pname) { + case GL_SHADING_LANGUAGE_VERSION: { + return WebGLAny( +@@ -5434,6 +5437,8 @@ ScriptValue WebGL2RenderingContextBase::getFramebufferAttachmentParameter( + if (isContextLost() || !ValidateGetFramebufferAttachmentParameterFunc( + kFunctionName, target, attachment)) + return ScriptValue::CreateNull(script_state); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return ScriptValue::CreateNull(script_state); + + WebGLFramebuffer* framebuffer_binding = GetFramebufferBinding(target); + DCHECK(!framebuffer_binding || framebuffer_binding->Object()); +@@ -5641,6 +5646,8 @@ ScriptValue WebGL2RenderingContextBase::getTexParameter( + GLenum pname) { + if (isContextLost() || !ValidateTextureBinding("getTexParameter", target)) + return ScriptValue::CreateNull(script_state); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return ScriptValue::CreateNull(script_state); + + switch (pname) { + case GL_TEXTURE_WRAP_R: diff --git a/patches/third_party-WebKit-Source-modules-webgl-WebGLRenderingContextBase.cpp.patch b/patches/third_party-WebKit-Source-modules-webgl-WebGLRenderingContextBase.cpp.patch new file mode 100644 index 000000000000..e5920f4f125d --- /dev/null +++ b/patches/third_party-WebKit-Source-modules-webgl-WebGLRenderingContextBase.cpp.patch @@ -0,0 +1,224 @@ +diff --git a/third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.cpp b/third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.cpp +index 0e138b3804c0d9240a7e00f15d4a97d5f3a65c47..54408f2738710427196fafe654a338644adad8df 100644 +--- a/third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.cpp ++++ b/third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.cpp +@@ -31,6 +31,7 @@ + #include "bindings/core/v8/ExceptionState.h" + #include "bindings/modules/v8/WebGLAny.h" + #include "bindings/modules/v8/html_canvas_element_or_offscreen_canvas.h" ++#include "brave/renderer/brave_content_settings_observer_helper.h" + #include "build/build_config.h" + #include "core/dom/ExecutionContext.h" + #include "core/frame/LocalFrame.h" +@@ -2629,6 +2630,8 @@ WebGLActiveInfo* WebGLRenderingContextBase::getActiveAttrib( + GLuint index) { + if (isContextLost() || !ValidateWebGLObject("getActiveAttrib", program)) + return nullptr; ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return nullptr; + GLuint program_id = ObjectNonZero(program); + GLint max_name_length = -1; + ContextGL()->GetProgramiv(program_id, GL_ACTIVE_ATTRIBUTE_MAX_LENGTH, +@@ -2659,6 +2662,8 @@ WebGLActiveInfo* WebGLRenderingContextBase::getActiveUniform( + GLuint index) { + if (isContextLost() || !ValidateWebGLObject("getActiveUniform", program)) + return nullptr; ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return nullptr; + GLuint program_id = ObjectNonZero(program); + GLint max_name_length = -1; + ContextGL()->GetProgramiv(program_id, GL_ACTIVE_UNIFORM_MAX_LENGTH, +@@ -2688,6 +2693,8 @@ Nullable>> + WebGLRenderingContextBase::getAttachedShaders(WebGLProgram* program) { + if (isContextLost() || !ValidateWebGLObject("getAttachedShaders", program)) + return nullptr; ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return nullptr; + + HeapVector> shader_objects; + const GLenum kShaderType[] = {GL_VERTEX_SHADER, GL_FRAGMENT_SHADER}; +@@ -2703,6 +2710,8 @@ GLint WebGLRenderingContextBase::getAttribLocation(WebGLProgram* program, + const String& name) { + if (isContextLost() || !ValidateWebGLObject("getAttribLocation", program)) + return -1; ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return -1; + if (!ValidateLocationLength("getAttribLocation", name)) + return -1; + if (!ValidateString("getAttribLocation", name)) +@@ -2736,6 +2745,8 @@ ScriptValue WebGLRenderingContextBase::getBufferParameter( + GLenum pname) { + if (isContextLost() || !ValidateBufferTarget("getBufferParameter", target)) + return ScriptValue::CreateNull(script_state); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return ScriptValue::CreateNull(script_state); + + switch (pname) { + case GL_BUFFER_USAGE: { +@@ -2761,6 +2772,8 @@ void WebGLRenderingContextBase::getContextAttributes( + Nullable& result) { + if (isContextLost()) + return; ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return; + result.Set(ToWebGLContextAttributes(CreationAttributes())); + // Some requested attributes may not be honored, so we need to query the + // underlying context/drawing buffer and adjust accordingly. +@@ -2826,6 +2839,14 @@ ScriptValue WebGLRenderingContextBase::getExtension(ScriptState* script_state, + const String& name) { + WebGLExtension* extension = nullptr; + ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) { ++ v8::Local wrapped_extension = ++ ToV8(extension, script_state->GetContext()->Global(), ++ script_state->GetIsolate()); ++ ++ return ScriptValue(script_state, wrapped_extension); ++ } ++ + if (!isContextLost()) { + for (size_t i = 0; i < extensions_.size(); ++i) { + ExtensionTracker* tracker = extensions_[i]; +@@ -2859,6 +2880,8 @@ ScriptValue WebGLRenderingContextBase::getFramebufferAttachmentParameter( + !ValidateFramebufferFuncParameters("getFramebufferAttachmentParameter", + target, attachment)) + return ScriptValue::CreateNull(script_state); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return ScriptValue::CreateNull(script_state); + + if (!framebuffer_binding_ || !framebuffer_binding_->Object()) { + SynthesizeGLError(GL_INVALID_OPERATION, "getFramebufferAttachmentParameter", +@@ -2941,6 +2964,8 @@ ScriptValue WebGLRenderingContextBase::getParameter(ScriptState* script_state, + GLenum pname) { + if (isContextLost()) + return ScriptValue::CreateNull(script_state); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return ScriptValue::CreateNull(script_state); + const int kIntZero = 0; + switch (pname) { + case GL_ACTIVE_TEXTURE: +@@ -3237,6 +3262,8 @@ ScriptValue WebGLRenderingContextBase::getProgramParameter( + GLenum pname) { + if (isContextLost() || !ValidateWebGLObject("getProgramParameter", program)) + return ScriptValue::CreateNull(script_state); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return ScriptValue::CreateNull(script_state); + + GLint value = 0; + switch (pname) { +@@ -3274,6 +3301,8 @@ ScriptValue WebGLRenderingContextBase::getProgramParameter( + String WebGLRenderingContextBase::getProgramInfoLog(WebGLProgram* program) { + if (isContextLost() || !ValidateWebGLObject("getProgramInfoLog", program)) + return String(); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return String(); + GLStringQuery query(ContextGL()); + return query.Run(ObjectNonZero(program)); + } +@@ -3284,6 +3313,8 @@ ScriptValue WebGLRenderingContextBase::getRenderbufferParameter( + GLenum pname) { + if (isContextLost()) + return ScriptValue::CreateNull(script_state); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return ScriptValue::CreateNull(script_state); + if (target != GL_RENDERBUFFER) { + SynthesizeGLError(GL_INVALID_ENUM, "getRenderbufferParameter", + "invalid target"); +@@ -3330,6 +3361,8 @@ ScriptValue WebGLRenderingContextBase::getShaderParameter( + GLenum pname) { + if (isContextLost() || !ValidateWebGLObject("getShaderParameter", shader)) + return ScriptValue::CreateNull(script_state); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return ScriptValue::CreateNull(script_state); + GLint value = 0; + switch (pname) { + case GL_DELETE_STATUS: +@@ -3350,6 +3383,8 @@ ScriptValue WebGLRenderingContextBase::getShaderParameter( + String WebGLRenderingContextBase::getShaderInfoLog(WebGLShader* shader) { + if (isContextLost() || !ValidateWebGLObject("getShaderInfoLog", shader)) + return String(); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return String(); + GLStringQuery query(ContextGL()); + return query.Run(ObjectNonZero(shader)); + } +@@ -3359,6 +3394,8 @@ WebGLShaderPrecisionFormat* WebGLRenderingContextBase::getShaderPrecisionFormat( + GLenum precision_type) { + if (isContextLost()) + return nullptr; ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return nullptr; + switch (shader_type) { + case GL_VERTEX_SHADER: + case GL_FRAGMENT_SHADER: +@@ -3392,12 +3429,16 @@ WebGLShaderPrecisionFormat* WebGLRenderingContextBase::getShaderPrecisionFormat( + String WebGLRenderingContextBase::getShaderSource(WebGLShader* shader) { + if (isContextLost() || !ValidateWebGLObject("getShaderSource", shader)) + return String(); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return String(); + return EnsureNotNull(shader->Source()); + } + + Nullable> WebGLRenderingContextBase::getSupportedExtensions() { + if (isContextLost()) + return nullptr; ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return nullptr; + + Vector result; + +@@ -3421,6 +3462,8 @@ ScriptValue WebGLRenderingContextBase::getTexParameter( + GLenum pname) { + if (isContextLost()) + return ScriptValue::CreateNull(script_state); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return ScriptValue::CreateNull(script_state); + if (!ValidateTextureBinding("getTexParameter", target)) + return ScriptValue::CreateNull(script_state); + switch (pname) { +@@ -3455,6 +3498,8 @@ ScriptValue WebGLRenderingContextBase::getUniform( + const WebGLUniformLocation* uniform_location) { + if (isContextLost() || !ValidateWebGLObject("getUniform", program)) + return ScriptValue::CreateNull(script_state); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return ScriptValue::CreateNull(script_state); + DCHECK(uniform_location); + if (uniform_location->Program() != program) { + SynthesizeGLError(GL_INVALID_OPERATION, "getUniform", +@@ -3704,6 +3749,8 @@ WebGLUniformLocation* WebGLRenderingContextBase::getUniformLocation( + const String& name) { + if (isContextLost() || !ValidateWebGLObject("getUniformLocation", program)) + return nullptr; ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return nullptr; + if (!ValidateLocationLength("getUniformLocation", name)) + return nullptr; + if (!ValidateString("getUniformLocation", name)) +@@ -3728,6 +3775,8 @@ ScriptValue WebGLRenderingContextBase::getVertexAttrib( + GLenum pname) { + if (isContextLost()) + return ScriptValue::CreateNull(script_state); ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return ScriptValue::CreateNull(script_state); + if (index >= max_vertex_attribs_) { + SynthesizeGLError(GL_INVALID_VALUE, "getVertexAttrib", + "index out of range"); +@@ -3805,6 +3854,8 @@ long long WebGLRenderingContextBase::getVertexAttribOffset(GLuint index, + GLenum pname) { + if (isContextLost()) + return 0; ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return 0; + GLvoid* result = nullptr; + // NOTE: If pname is ever a value that returns more than 1 element + // this will corrupt memory. +@@ -4127,6 +4178,8 @@ void WebGLRenderingContextBase::ReadPixelsHelper(GLint x, + GLuint offset) { + if (isContextLost()) + return; ++ if (canvas() && !AllowFingerprinting(canvas()->GetDocument().GetFrame())) ++ return; + // Due to WebGL's same-origin restrictions, it is not possible to + // taint the origin using the WebGL API. + DCHECK(Host()->OriginClean()); diff --git a/patches/third_party-WebKit-public-platform-WebContentSettingsClient.h.patch b/patches/third_party-WebKit-public-platform-WebContentSettingsClient.h.patch new file mode 100644 index 000000000000..9074fa8d3234 --- /dev/null +++ b/patches/third_party-WebKit-public-platform-WebContentSettingsClient.h.patch @@ -0,0 +1,16 @@ +diff --git a/third_party/WebKit/public/platform/WebContentSettingsClient.h b/third_party/WebKit/public/platform/WebContentSettingsClient.h +index 6bcf94a2b9afcc796260e178ef68706aa2595208..8acb47edce339a6d8d1493cf4be5ecec1597cc3b 100644 +--- a/third_party/WebKit/public/platform/WebContentSettingsClient.h ++++ b/third_party/WebKit/public/platform/WebContentSettingsClient.h +@@ -58,6 +58,11 @@ class WebContentSettingsClient { + return enabled_per_settings; + } + ++ // Controls whether fingerprinting is allowed for this frame. ++ virtual bool AllowFingerprinting(bool enabled_per_settings) { ++ return enabled_per_settings; ++ } ++ + // Retrieves the client hints that should be attached to the request for the + // given URL. + virtual void GetAllowedClientHintsFromSource(const blink::WebURL& url, diff --git a/renderer/brave_content_settings_observer.cc b/renderer/brave_content_settings_observer.cc index 5c5dd3380c69..461d09a1c12a 100644 --- a/renderer/brave_content_settings_observer.cc +++ b/renderer/brave_content_settings_observer.cc @@ -9,6 +9,8 @@ #include "content/public/renderer/render_frame.h" #include "services/service_manager/public/cpp/interface_provider.h" #include "third_party/WebKit/public/platform/WebURL.h" +#include "third_party/WebKit/public/web/WebDocument.h" +#include "third_party/WebKit/public/web/WebLocalFrame.h" BraveContentSettingsObserver::BraveContentSettingsObserver( content::RenderFrame* render_frame, @@ -39,3 +41,30 @@ bool BraveContentSettingsObserver::AllowScriptFromSource( return allow; } +void BraveContentSettingsObserver::BraveSpecificDidBlockFingerprinting( + const base::string16& details) { + Send(new BraveViewHostMsg_FingerprintingBlocked(routing_id(), details)); +} + +bool BraveContentSettingsObserver::AllowFingerprinting( + bool enabled_per_settings) { + if (!enabled_per_settings) + return false; + blink::WebLocalFrame* frame = render_frame()->GetWebFrame(); + bool allow = true; + const GURL secondary_url( + url::Origin(frame->GetDocument().GetSecurityOrigin()).GetURL()); + if (content_setting_rules_) { + ContentSetting setting = GetContentSettingFromRules( + content_setting_rules_->fingerprinting_rules, frame, secondary_url); + allow = setting != CONTENT_SETTING_BLOCK; + } + allow = allow || IsWhitelistedForContentSettings(); + + if (!allow) { + BraveSpecificDidBlockFingerprinting( + base::UTF8ToUTF16(secondary_url.spec())); + } + + return allow; +} diff --git a/renderer/brave_content_settings_observer.h b/renderer/brave_content_settings_observer.h index 6b0162fd0c98..45a9883c3016 100644 --- a/renderer/brave_content_settings_observer.h +++ b/renderer/brave_content_settings_observer.h @@ -23,9 +23,14 @@ class BraveContentSettingsObserver bool AllowScriptFromSource(bool enabled_per_settings, const blink::WebURL& script_url) override; + bool AllowFingerprinting(bool enabled_per_settings) override; + void BraveSpecificDidBlockJavaScript( const base::string16& details); + void BraveSpecificDidBlockFingerprinting( + const base::string16& details); + DISALLOW_COPY_AND_ASSIGN(BraveContentSettingsObserver); }; diff --git a/renderer/brave_content_settings_observer_helper.h b/renderer/brave_content_settings_observer_helper.h new file mode 100644 index 000000000000..47f251c62c9c --- /dev/null +++ b/renderer/brave_content_settings_observer_helper.h @@ -0,0 +1,16 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef BRAVE_RENDERER_BRAVE_CONTENT_SETTINGS_OBSERVER_HELPER_H_ +#define BRAVE_RENDERER_BRAVE_CONTENT_SETTINGS_OBSERVER_HELPER_H_ + +#include "core/frame/ContentSettingsClient.h" +#include "core/frame/LocalFrame.h" + +static bool AllowFingerprinting(blink::LocalFrame* frame) { + if (!frame) return true; + return frame->GetContentSettingsClient()->AllowFingerprinting(true); +} + +#endif