New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 804414 link

Starred by 1 user
Status: Fixed
Owner:
timvolod...@chromium.org
Closed: Apr 2018
Cc:
tobiasjs@chromium.org
cmasso@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 1
Type: Bug

Blocking:
issue 781249



Sign in to add a comment

Ensure WebView strips strings to address potential privacy concerns.

Project Member Reported by timvolod...@chromium.org, Jan 22 2018 
strip any potential PII data from tracing data: strip all arg strings unless specifically whitelisted.

Comment 1 by timvolod...@chromium.org, Jan 22 2018

Blocking: 781249

Comment 2 by timvolod...@chromium.org, Jan 22 2018 

buganizer bug for reference: b/63750258
Project Member

Comment 3 by bugdroid1@chromium.org, Jan 24 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4595b036c1f527b31ec3279759b6e2bcdfca2084

commit 4595b036c1f527b31ec3279759b6e2bcdfca2084
Author: Tim Volodine <timvolodine@google.com>
Date: Wed Jan 24 18:19:01 2018

[Android WebView] Tracing API: add trace argument filtering by default.

Add filtering of trace arguments data by default to the WebView Tracing
API. Only specifically whitelisted strings are allowed in trace args
to avoid exposing any potential PII and address privacy concerns.

Currently only a few metadata category events are whitelisted, e.g.
the "process_name", "thread_name" arguments which are useful for
viewing in "chrome://tracing".

BUG= 804414 

Change-Id: I1477cd363d36cd9a3b5cf3c6bd4de0e8a3a63e63
Reviewed-on: https://chromium-review.googlesource.com/879144
Commit-Queue: Tim Volodine <timvolodine@chromium.org>
Reviewed-by: Richard Coles <torne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#531609}
[modify] https://crrev.com/4595b036c1f527b31ec3279759b6e2bcdfca2084/android_webview/BUILD.gn
[add] https://crrev.com/4595b036c1f527b31ec3279759b6e2bcdfca2084/android_webview/browser/tracing/aw_trace_event_args_whitelist.cc
[add] https://crrev.com/4595b036c1f527b31ec3279759b6e2bcdfca2084/android_webview/browser/tracing/aw_trace_event_args_whitelist.h
[modify] https://crrev.com/4595b036c1f527b31ec3279759b6e2bcdfca2084/android_webview/browser/tracing/aw_tracing_controller.cc
[modify] https://crrev.com/4595b036c1f527b31ec3279759b6e2bcdfca2084/android_webview/lib/aw_main_delegate.cc

Comment 4 by tobiasjs@chromium.org, Feb 12 2018

Labels: Merge-Request-65
If the developer preview is going out with m65, then the PII sanitization should be cherrypicked to m65, and a new build dropped.
Project Member

Comment 5 by sheriffbot@chromium.org, Feb 12 2018

Labels: -Merge-Request-65 Merge-Review-65 Hotlist-Merge-Review
This bug requires manual review: M65 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by cmasso@google.com, Feb 12 2018 

Re #4: We are dropping M66 this week and not M65. No need to cherry pick this into M65

Comment 7 by cmasso@google.com, Feb 14 2018

Labels: -Hotlist-Merge-Review -Merge-Review-65 Merge-Approved-65
Approving the merge in case we still need this in P DP
Project Member

Comment 8 by sheriffbot@chromium.org, Feb 19 2018

Cc: cmasso@google.com
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 9 by bugdroid1@chromium.org, Feb 21 2018

Labels: -merge-approved-65 merge-merged-3325
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/569df1608595385f7ec6fe331553996912d0caa7

commit 569df1608595385f7ec6fe331553996912d0caa7
Author: Tim Volodine <timvolodine@google.com>
Date: Wed Feb 21 16:11:31 2018

[Android WebView] Tracing API: add trace argument filtering by default.

MERGE to M65

Add filtering of trace arguments data by default to the WebView Tracing
API. Only specifically whitelisted strings are allowed in trace args
to avoid exposing any potential PII and address privacy concerns.

Currently only a few metadata category events are whitelisted, e.g.
the "process_name", "thread_name" arguments which are useful for
viewing in "chrome://tracing".

BUG= 804414 

Change-Id: I1477cd363d36cd9a3b5cf3c6bd4de0e8a3a63e63
Reviewed-on: https://chromium-review.googlesource.com/879144
Commit-Queue: Tim Volodine <timvolodine@chromium.org>
Reviewed-by: Richard Coles <torne@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#531609}(cherry picked from commit 4595b036c1f527b31ec3279759b6e2bcdfca2084)
Reviewed-on: https://chromium-review.googlesource.com/929021
Reviewed-by: Tim Volodine <timvolodine@chromium.org>
Cr-Commit-Position: refs/branch-heads/3325@{#532}
Cr-Branched-From: bc084a8b5afa3744a74927344e304c02ae54189f-refs/heads/master@{#530369}
[modify] https://crrev.com/569df1608595385f7ec6fe331553996912d0caa7/android_webview/BUILD.gn
[add] https://crrev.com/569df1608595385f7ec6fe331553996912d0caa7/android_webview/browser/tracing/aw_trace_event_args_whitelist.cc
[add] https://crrev.com/569df1608595385f7ec6fe331553996912d0caa7/android_webview/browser/tracing/aw_trace_event_args_whitelist.h
[modify] https://crrev.com/569df1608595385f7ec6fe331553996912d0caa7/android_webview/browser/tracing/aw_tracing_controller.cc
[modify] https://crrev.com/569df1608595385f7ec6fe331553996912d0caa7/android_webview/lib/aw_main_delegate.cc

Comment 10 by timvolod...@chromium.org, Apr 20 2018

Status: Fixed (was: Assigned)

Sign in to add a comment