Reporting: Support permissions check in network service |
||||||||||||||||
Issue descriptionThe Reporting stack checks the BACKGROUND_SYNC permission before uploading reports about a domain. This check is implemented in the ReportingPermissionsChecker class, which handles the cross-thread communication between the Reporting stack (which lives in the IO thread) and the PermissionsManager (which lives in the UI thread). In the NetworkService world, the Reporting stack is in a completely different process, and so the cross-thread permissions check won't work. (The current behavior is to deny ALL report uploads when using the network service.) We need to update the permissions checker to know how to work in the separate-process world of the NetworkService.
,
May 23 2018
Nope, don't think it should block. Canary users who turn on NetworkService won't upload anything through Reporting, but that's not activated widely on stable yet, so that's not a deal-breaker for anything.
,
May 29 2018
,
Jun 19 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9c8741fa115cf0a443b9d664330fa821973a834a commit 9c8741fa115cf0a443b9d664330fa821973a834a Author: Douglas Creager <dcreager@chromium.org> Date: Tue Jun 19 16:39:32 2018 Reporting: Verify NetworkService ignores headers The NetworkService currently ignores all Reporting headers, since we haven't implemented the BACKGROUND_SYNC permissions check in a way that works across service/process boundaries. This adds a browser test that verifies this (and while we're at it, verifies that we _don't_ ignore Reporting headers when we're using the legacy non-service network stack). Bug: 845559 Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;luci.chromium.try:linux_mojo;master.tryserver.chromium.mac:ios-simulator-cronet Change-Id: I3e7c1ab446e067e7f8af6fd80d3abc9b2d5187ad Reviewed-on: https://chromium-review.googlesource.com/1067465 Commit-Queue: Douglas Creager <dcreager@chromium.org> Reviewed-by: John Abd-El-Malek <jam@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Cr-Commit-Position: refs/heads/master@{#568488} [add] https://crrev.com/9c8741fa115cf0a443b9d664330fa821973a834a/chrome/browser/net/reporting_browsertest.cc [modify] https://crrev.com/9c8741fa115cf0a443b9d664330fa821973a834a/chrome/test/BUILD.gn [modify] https://crrev.com/9c8741fa115cf0a443b9d664330fa821973a834a/components/cronet/url_request_context_config.cc [modify] https://crrev.com/9c8741fa115cf0a443b9d664330fa821973a834a/content/shell/browser/shell_url_request_context_getter.cc [modify] https://crrev.com/9c8741fa115cf0a443b9d664330fa821973a834a/net/network_error_logging/network_error_logging_end_to_end_test.cc [modify] https://crrev.com/9c8741fa115cf0a443b9d664330fa821973a834a/net/reporting/reporting_policy.cc [modify] https://crrev.com/9c8741fa115cf0a443b9d664330fa821973a834a/net/reporting/reporting_policy.h [modify] https://crrev.com/9c8741fa115cf0a443b9d664330fa821973a834a/services/network/network_context.cc [modify] https://crrev.com/9c8741fa115cf0a443b9d664330fa821973a834a/testing/buildbot/filters/mojo.fyi.network_browser_tests.filter
,
Aug 6
[dcreager]: ReportingBrowserTest.TestReportingHeadersProcessed looks to be passing with the network service enabled, despite the test being disabled in that case. Am I missing something?
,
Aug 10
Good catch! We haven't hooked up the permissions checks, so it should not be passing. I think the problem is in NetworkDelegateImpl: https://cs.chromium.org/chromium/src/net/base/network_delegate_impl.cc?l=111-130&rcl=87fa0656b765934b0cfbe762fca2e326d4fe4ca4 It defaults to allowing uploads; ChromeNetworkDelegate overrides this to check the BACKGROUND_SYNC permission. We should have the default be to disallow. (That's already true in ReportingDelegate if there is no NetworkDelegate to pass the permissions check request on to.)
,
Aug 10
(Or possibly update NetworkServiceNetworkDelegate to explicitly reject the permissions check instead of making it the default in NetworkDelegateImpl. If we put it in NetworkDelegateImpl then we'll have to update Cronet's delegate subclass to always *allow* the permissions check.)
,
Aug 10
I'm fine with either of those approaches, if you want to land a CL that does one of the other, I'm happy to sign off (Though I'm no longer a Cronet owner, so need another signoff if we touch that)
,
Aug 13
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4fd605616630808e267fc789ea619a52a8cff257 commit 4fd605616630808e267fc789ea619a52a8cff257 Author: Douglas Creager <dcreager@chromium.org> Date: Mon Aug 13 18:50:48 2018 Network Service: Disallow Reporting/NEL uploads Reporting specifies that the user agent should allow users to prohibit uploads on a per-origin basis. The Network Service's NetworkDelegate needs to actively disallow Reporting uploads until we're able to hook up the permissions manager across the service boundary. Bug: 845559 Cq-Include-Trybots: luci.chromium.try:linux_mojo;master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet Change-Id: Ib63890e3b045c0067969a70628191530a96d482f Reviewed-on: https://chromium-review.googlesource.com/1171571 Reviewed-by: Matt Menke <mmenke@chromium.org> Commit-Queue: Douglas Creager <dcreager@chromium.org> Cr-Commit-Position: refs/heads/master@{#582654} [modify] https://crrev.com/4fd605616630808e267fc789ea619a52a8cff257/services/network/network_service_network_delegate.cc [modify] https://crrev.com/4fd605616630808e267fc789ea619a52a8cff257/services/network/network_service_network_delegate.h
,
Sep 4
,
Sep 4
,
Sep 4
,
Sep 6
,
Sep 7
I can take a look at this.
,
Sep 7
This issue is marked as a release blocker with no milestone associated. Please add an appropriate milestone. All release blocking issues should have milestones associated to it, so that the issue can tracked and the fixes can be pushed promptly. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 7
,
Sep 10
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c44992ab4d9fcaf8382f1182f747db686b2273bf commit c44992ab4d9fcaf8382f1182f747db686b2273bf Author: John Abd-El-Malek <jam@chromium.org> Date: Mon Sep 10 17:08:53 2018 Fix Reporting API permission checks with network service. Bug: 845559 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: Ibcaa434f5ffb1c43363190d4030ddb70f9449bf9 Reviewed-on: https://chromium-review.googlesource.com/1213275 Commit-Queue: John Abd-El-Malek <jam@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Cr-Commit-Position: refs/heads/master@{#589953} [modify] https://crrev.com/c44992ab4d9fcaf8382f1182f747db686b2273bf/content/browser/storage_partition_impl.cc [modify] https://crrev.com/c44992ab4d9fcaf8382f1182f747db686b2273bf/content/browser/storage_partition_impl.h [modify] https://crrev.com/c44992ab4d9fcaf8382f1182f747db686b2273bf/services/network/network_context.cc [modify] https://crrev.com/c44992ab4d9fcaf8382f1182f747db686b2273bf/services/network/network_context.h [modify] https://crrev.com/c44992ab4d9fcaf8382f1182f747db686b2273bf/services/network/network_service_network_delegate.cc [modify] https://crrev.com/c44992ab4d9fcaf8382f1182f747db686b2273bf/services/network/network_service_network_delegate.h [modify] https://crrev.com/c44992ab4d9fcaf8382f1182f747db686b2273bf/services/network/public/mojom/network_context.mojom [modify] https://crrev.com/c44992ab4d9fcaf8382f1182f747db686b2273bf/services/network/test/test_network_context.h [modify] https://crrev.com/c44992ab4d9fcaf8382f1182f747db686b2273bf/testing/buildbot/filters/mojo.fyi.network_browser_tests.filter
,
Sep 14
,
Sep 14
The bug is marked as P3 or Feature. It should not be merged as M70 is in beta. Please contact the approriate milestone owner if you have questions. Owners: benmason@(Android), kariahda@(iOS), geohsu@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 14
,
Sep 14
This bug requires manual review: M70 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: benmason@(Android), kariahda@(iOS), geohsu@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 14
Approving merge to M70. Branch:3538
,
Sep 18
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b3499d08e4943fa161217fc9e5418ae01e6dc929 commit b3499d08e4943fa161217fc9e5418ae01e6dc929 Author: John Abd-El-Malek <jam@chromium.org> Date: Tue Sep 18 15:41:55 2018 Fix Reporting API permission checks with network service. TBR=jam@chromium.org (cherry picked from commit c44992ab4d9fcaf8382f1182f747db686b2273bf) Bug: 845559 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: Ibcaa434f5ffb1c43363190d4030ddb70f9449bf9 Reviewed-on: https://chromium-review.googlesource.com/1213275 Commit-Queue: John Abd-El-Malek <jam@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#589953} Reviewed-on: https://chromium-review.googlesource.com/1230703 Reviewed-by: John Abd-El-Malek <jam@chromium.org> Cr-Commit-Position: refs/branch-heads/3538@{#493} Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811} [modify] https://crrev.com/b3499d08e4943fa161217fc9e5418ae01e6dc929/content/browser/storage_partition_impl.cc [modify] https://crrev.com/b3499d08e4943fa161217fc9e5418ae01e6dc929/content/browser/storage_partition_impl.h [modify] https://crrev.com/b3499d08e4943fa161217fc9e5418ae01e6dc929/services/network/network_context.cc [modify] https://crrev.com/b3499d08e4943fa161217fc9e5418ae01e6dc929/services/network/network_context.h [modify] https://crrev.com/b3499d08e4943fa161217fc9e5418ae01e6dc929/services/network/network_service_network_delegate.cc [modify] https://crrev.com/b3499d08e4943fa161217fc9e5418ae01e6dc929/services/network/network_service_network_delegate.h [modify] https://crrev.com/b3499d08e4943fa161217fc9e5418ae01e6dc929/services/network/public/mojom/network_context.mojom [modify] https://crrev.com/b3499d08e4943fa161217fc9e5418ae01e6dc929/services/network/test/test_network_context.h [modify] https://crrev.com/b3499d08e4943fa161217fc9e5418ae01e6dc929/testing/buildbot/filters/mojo.fyi.network_browser_tests.filter
,
Sep 18
|
||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||
Comment 1 by jam@chromium.org
, May 22 2018Labels: -Pri-3 Proj-Servicification-Canary Proj-Servicification OS-Android OS-Chrome OS-Linux OS-Mac OS-Windows Pri-1