0ct0pu5/bromite
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Publish patches for next release

Browse source
This commit is contained in:
csagan5 2018-04-01 11:29:50 +02:00
parent 11cebfadc5
commit 2dca759091
4 changed files with 326 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
patches/BRM042_Canvas-fingerprinting-mitigations-via-IDL.patch
View file

@ -1,67 +0,0 @@
From: csagan5 <32685696+csagan5@users.noreply.github.com>
Date: Sat, 24 Mar 2018 05:18:03 +0100
Subject: Canvas: fingerprinting mitigations via IDL
Disable toDataURL, toBlob, getImageData and webGL renderering info
---
third_party/WebKit/Source/core/html/canvas/HTMLCanvasElement.idl | 4 ++--
.../Source/modules/canvas/canvas2d/CanvasRenderingContext2D.idl | 4 ++--
third_party/WebKit/Source/modules/webgl/WebGLDebugRendererInfo.cpp | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/third_party/WebKit/Source/core/html/canvas/HTMLCanvasElement.idl b/third_party/WebKit/Source/core/html/canvas/HTMLCanvasElement.idl
--- a/third_party/WebKit/Source/core/html/canvas/HTMLCanvasElement.idl
+++ b/third_party/WebKit/Source/core/html/canvas/HTMLCanvasElement.idl
@@ -36,9 +36,9 @@ interface HTMLCanvasElement : HTMLElement
// Note: The arguments argument is variadic in the spec, but not here as
// only one extra argument is actually used.
// FIXME: type should not have a default value.
- [MeasureAs=CanvasToDataURL, RaisesException] DOMString toDataURL(optional DOMString type = null, optional any arguments);
+ //[MeasureAs=CanvasToDataURL, RaisesException] DOMString toDataURL(optional DOMString type = null, optional any arguments);
- [MeasureAs=CanvasToBlob, RaisesException] void toBlob(BlobCallback _callback, optional DOMString type = null, optional any arguments);
+ //[MeasureAs=CanvasToBlob, RaisesException] void toBlob(BlobCallback _callback, optional DOMString type = null, optional any arguments);
};
// https://html.spec.whatwg.org/multipage/canvas.html#blobcallback
diff --git a/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.idl b/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.idl
--- a/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.idl
+++ b/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.idl
@@ -110,7 +110,7 @@ interface CanvasRenderingContext2D {
// text (see also the CanvasDrawingStyles interface)
void fillText(DOMString text, unrestricted double x, unrestricted double y, optional unrestricted double maxWidth);
void strokeText(DOMString text, unrestricted double x, unrestricted double y, optional unrestricted double maxWidth);
- TextMetrics measureText(DOMString text);
+ //TextMetrics measureText(DOMString text);
// drawing images
[CallWith=ScriptState, RaisesException] void drawImage(CanvasImageSource image, unrestricted double x, unrestricted double y);
@@ -125,7 +125,7 @@ interface CanvasRenderingContext2D {
// pixel manipulation
[RaisesException] ImageData createImageData(ImageData imagedata);
[RaisesException] ImageData createImageData(long sw, long sh);
- [RaisesException] ImageData getImageData(long sx, long sy, long sw, long sh);
+ //[RaisesException] ImageData getImageData(long sx, long sy, long sw, long sh);
[RaisesException] void putImageData(ImageData imagedata, long dx, long dy);
[RaisesException] void putImageData(ImageData imagedata, long dx, long dy, long dirtyX, long dirtyY, long dirtyWidth, long dirtyHeight);
diff --git a/third_party/WebKit/Source/modules/webgl/WebGLDebugRendererInfo.cpp b/third_party/WebKit/Source/modules/webgl/WebGLDebugRendererInfo.cpp
--- a/third_party/WebKit/Source/modules/webgl/WebGLDebugRendererInfo.cpp
+++ b/third_party/WebKit/Source/modules/webgl/WebGLDebugRendererInfo.cpp
@@ -37,11 +37,11 @@ WebGLExtensionName WebGLDebugRendererInfo::GetName() const {
WebGLDebugRendererInfo* WebGLDebugRendererInfo::Create(
WebGLRenderingContextBase* context) {
- return new WebGLDebugRendererInfo(context);
+ return nullptr;
}
bool WebGLDebugRendererInfo::Supported(WebGLRenderingContextBase*) {
- return true;
+ return false;
}
const char* WebGLDebugRendererInfo::ExtensionName() {
--
2.7.4

16
patches/BRM044_AudioBuffer-AnalyserNode-fingerprinting-mitigations-via-IDL.patch
View file

@ -2,10 +2,12 @@ From: csagan5 <32685696+csagan5@users.noreply.github.com>
Date: Sun, 25 Mar 2018 21:49:37 +0200
Subject: AudioBuffer, AnalyserNode: fingerprinting mitigations via IDL
Return fixed base latency
---
third_party/WebKit/Source/modules/webaudio/AnalyserNode.idl | 8 ++++----
third_party/WebKit/Source/modules/webaudio/AudioBuffer.idl | 4 ++--
2 files changed, 6 insertions(+), 6 deletions(-)
third_party/WebKit/Source/modules/webaudio/AudioContext.cpp | 2 +-
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/third_party/WebKit/Source/modules/webaudio/AnalyserNode.idl b/third_party/WebKit/Source/modules/webaudio/AnalyserNode.idl
--- a/third_party/WebKit/Source/modules/webaudio/AnalyserNode.idl
@ -38,6 +40,18 @@ diff --git a/third_party/WebKit/Source/modules/webaudio/AudioBuffer.idl b/third_
+ //[RaisesException] void copyFromChannel(Float32Array destination, long channelNumber, optional unsigned long startInChannel = 0);
[RaisesException] void copyToChannel(Float32Array source, long channelNumber, optional unsigned long startInChannel = 0);
};
diff --git a/third_party/WebKit/Source/modules/webaudio/AudioContext.cpp b/third_party/WebKit/Source/modules/webaudio/AudioContext.cpp
--- a/third_party/WebKit/Source/modules/webaudio/AudioContext.cpp
+++ b/third_party/WebKit/Source/modules/webaudio/AudioContext.cpp
@@ -268,7 +268,7 @@ void AudioContext::StopRendering() {
}
double AudioContext::baseLatency() const {
- return FramesPerBuffer() / static_cast<double>(sampleRate());
+ return 0.04;
}
// TODO(crbug.com/764396): Remove these when fixed.
--
2.7.4

130
patches/BRM045_Add-fingerprinting-mitigation-for-getClientRects-getBoundingClientRect.patch Normal file
View file

@ -0,0 +1,130 @@
From: csagan5 <32685696+csagan5@users.noreply.github.com>
Date: Fri, 30 Mar 2018 10:09:03 +0200
Subject: Add fingerprinting mitigation for getClientRects,
getBoundingClientRect
Scale the result of Range::getClientRects and Element::getBoundingClientRect
by a random +/-5% of the original value for each float in the Rect/Quad.
The random value is generated once for each Document and re-used for all the
attached elements.
The rationale is that such value, albeit constant within the rendered Document,
is within the same order of magniture of the floating point precision being
used for fingerprinting and sufficient to poison the well.
See also: http://www.gsd.inesc-id.pt/~mpc/pubs/fingerprinting-trustcom2016.pdf
---
third_party/WebKit/Source/core/dom/Document.cpp | 14 ++++++++++++++
third_party/WebKit/Source/core/dom/Document.h | 5 +++++
third_party/WebKit/Source/core/dom/Element.cpp | 7 +++++++
third_party/WebKit/Source/core/dom/Range.cpp | 8 +++++++-
4 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp
--- a/third_party/WebKit/Source/core/dom/Document.cpp
+++ b/third_party/WebKit/Source/core/dom/Document.cpp
@@ -271,6 +271,8 @@
#include "services/service_manager/public/cpp/interface_provider.h"
#include "third_party/WebKit/common/page/page_visibility_state.mojom-blink.h"
+#include "base/rand_util.h"
+
#ifndef NDEBUG
using WeakDocumentSet =
blink::PersistentHeapHashSet<blink::WeakMember<blink::Document>>;
@@ -730,6 +732,10 @@ Document::Document(const DocumentInit& initializer,
#ifndef NDEBUG
liveDocumentSet().insert(this);
#endif
+
+ // add ±5% noise against fingerprinting
+ shuffleFactorX_ = 1 + (base::RandDouble() - 0.5) * 0.05;
+ shuffleFactorY_ = 1 + (base::RandDouble() - 0.5) * 0.05;
}
Document::~Document() {
@@ -756,6 +762,14 @@ Range* Document::CreateRangeAdjustedToTreeScope(const TreeScope& tree_scope,
Position::BeforeNode(*shadow_host));
}
+double Document::GetShuffleFactorX() {
+ return shuffleFactorX_;
+}
+
+double Document::GetShuffleFactorY() {
+ return shuffleFactorY_;
+}
+
SelectorQueryCache& Document::GetSelectorQueryCache() {
if (!selector_query_cache_)
selector_query_cache_ = std::make_unique<SelectorQueryCache>();
diff --git a/third_party/WebKit/Source/core/dom/Document.h b/third_party/WebKit/Source/core/dom/Document.h
--- a/third_party/WebKit/Source/core/dom/Document.h
+++ b/third_party/WebKit/Source/core/dom/Document.h
@@ -407,6 +407,9 @@ class CORE_EXPORT Document : public ContainerNode,
String origin() const;
String suborigin() const;
+ double GetShuffleFactorX();
+ double GetShuffleFactorY();
+
String visibilityState() const;
mojom::PageVisibilityState GetPageVisibilityState() const;
bool hidden() const;
@@ -1671,6 +1674,8 @@ class CORE_EXPORT Document : public ContainerNode,
double start_time_;
+ double shuffleFactorX_, shuffleFactorY_;
+
TraceWrapperMember<ScriptRunner> script_runner_;
HeapVector<Member<ScriptElementBase>> current_script_stack_;
diff --git a/third_party/WebKit/Source/core/dom/Element.cpp b/third_party/WebKit/Source/core/dom/Element.cpp
--- a/third_party/WebKit/Source/core/dom/Element.cpp
+++ b/third_party/WebKit/Source/core/dom/Element.cpp
@@ -1227,6 +1227,11 @@ DOMRectList* Element::getClientRects() {
DCHECK(element_layout_object);
GetDocument().AdjustFloatQuadsForScrollAndAbsoluteZoom(
quads, *element_layout_object);
+
+ for (FloatQuad& quad : quads) {
+ quad.Scale(GetDocument().GetShuffleFactorX(), GetDocument().GetShuffleFactorY());
+ }
+
return DOMRectList::Create(quads);
}
@@ -1244,6 +1249,8 @@ DOMRect* Element::getBoundingClientRect() {
DCHECK(element_layout_object);
GetDocument().AdjustFloatRectForScrollAndAbsoluteZoom(result,
*element_layout_object);
+ result.Scale(GetDocument().GetShuffleFactorX(), GetDocument().GetShuffleFactorY());
+
return DOMRect::FromFloatRect(result);
}
diff --git a/third_party/WebKit/Source/core/dom/Range.cpp b/third_party/WebKit/Source/core/dom/Range.cpp
--- a/third_party/WebKit/Source/core/dom/Range.cpp
+++ b/third_party/WebKit/Source/core/dom/Range.cpp
@@ -1589,11 +1589,17 @@ DOMRectList* Range::getClientRects() const {
Vector<FloatQuad> quads;
GetBorderAndTextQuads(quads);
+ for (FloatQuad& quad : quads) {
+ quad.Scale(owner_document_->GetShuffleFactorX(), owner_document_->GetShuffleFactorY());
+ }
+
return DOMRectList::Create(quads);
}
DOMRect* Range::getBoundingClientRect() const {
- return DOMRect::FromFloatRect(BoundingRect());
+ auto rect = BoundingRect();
+ rect.Scale(owner_document_->GetShuffleFactorX(), owner_document_->GetShuffleFactorY());
+ return DOMRect::FromFloatRect(rect);
}
// TODO(editing-dev): We should make
--
2.7.4

181
patches/BRM046_Add-menu-option-to-toggle-global-Javascript-preference.patch Normal file
View file

@ -0,0 +1,181 @@
From: csagan5 <32685696+csagan5@users.noreply.github.com>
Date: Wed, 18 Oct 2017 21:26:53 +0200
Subject: Add menu option to toggle global Javascript preference
---
chrome/android/java/res/menu/custom_tabs_menu.xml | 13 ++++++++
chrome/android/java/res/menu/main_menu.xml | 13 ++++++++
.../chromium/chrome/browser/ChromeActivity.java | 8 +++++
.../chrome/browser/ChromeTabbedActivity.java | 8 +++++
.../browser/appmenu/AppMenuPropertiesDelegate.java | 35 ++++++++++++++++++++++
.../CustomTabAppMenuPropertiesDelegate.java | 1 +
.../java/strings/android_chrome_strings.grd | 11 +++++++
7 files changed, 89 insertions(+)
diff --git a/chrome/android/java/res/menu/custom_tabs_menu.xml b/chrome/android/java/res/menu/custom_tabs_menu.xml
--- a/chrome/android/java/res/menu/custom_tabs_menu.xml
+++ b/chrome/android/java/res/menu/custom_tabs_menu.xml
@@ -49,6 +49,19 @@
<item android:id="@+id/open_webapk_id"
android:title="@string/menu_open_webapk"
android:orderInCategory="2" />
+
+ <item android:id="@+id/enable_javascript_row_menu_id"
+ android:title="@null"
+ android:orderInCategory="2">
+ <menu>
+ <item android:id="@+id/enable_javascript_id"
+ android:title="@string/menu_enable_javascript" />
+ <item android:id="@+id/enable_javascript_check_id"
+ android:title="@null"
+ android:checkable="true" />
+ </menu>
+ </item>
+
<item android:id="@+id/request_desktop_site_row_menu_id"
android:title="@null"
android:orderInCategory="2">
diff --git a/chrome/android/java/res/menu/main_menu.xml b/chrome/android/java/res/menu/main_menu.xml
--- a/chrome/android/java/res/menu/main_menu.xml
+++ b/chrome/android/java/res/menu/main_menu.xml
@@ -59,6 +59,19 @@
android:title="@string/menu_add_to_homescreen" />
<item android:id="@+id/open_webapk_id"
android:title="@string/menu_open_webapk" />
+
+ <item android:id="@+id/enable_javascript_row_menu_id"
+ android:title="@null"
+ android:orderInCategory="2">
+ <menu>
+ <item android:id="@+id/enable_javascript_id"
+ android:title="@string/menu_enable_javascript" />
+ <item android:id="@+id/enable_javascript_check_id"
+ android:title="@null"
+ android:checkable="true" />
+ </menu>
+ </item>
+
<item android:id="@+id/request_desktop_site_row_menu_id"
android:title="@null">
<menu>
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/ChromeActivity.java b/chrome/android/java/src/org/chromium/chrome/browser/ChromeActivity.java
--- a/chrome/android/java/src/org/chromium/chrome/browser/ChromeActivity.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/ChromeActivity.java
@@ -1969,6 +1969,14 @@ public abstract class ChromeActivity extends AsyncInitializationActivity
final boolean usingDesktopUserAgent = currentTab.getUseDesktopUserAgent();
currentTab.setUseDesktopUserAgent(!usingDesktopUserAgent, reloadOnChange);
RecordUserAction.record("MobileMenuRequestDesktopSite");
+ } else if (id == R.id.enable_javascript_id || id == R.id.enable_javascript_check_id) {
+ final boolean reloadOnChange = !currentTab.isNativePage();
+ final boolean jsEnabled = PrefServiceBridge.getInstance().javaScriptEnabled();
+ PrefServiceBridge.getInstance().setJavaScriptEnabled(!jsEnabled);
+ if (reloadOnChange) {
+ currentTab.reload();
+ }
+ RecordUserAction.record("MobileMenuRequestEnableJavascript");
} else if (id == R.id.reader_mode_prefs_id) {
if (currentTab.getWebContents() != null) {
RecordUserAction.record("DomDistiller_DistilledPagePrefsOpened");
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/ChromeTabbedActivity.java b/chrome/android/java/src/org/chromium/chrome/browser/ChromeTabbedActivity.java
--- a/chrome/android/java/src/org/chromium/chrome/browser/ChromeTabbedActivity.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/ChromeTabbedActivity.java
@@ -1895,6 +1895,14 @@ public class ChromeTabbedActivity
NewTabPageUma.recordAction(NewTabPageUma.ACTION_OPENED_DOWNLOADS_MANAGER);
}
RecordUserAction.record("MobileMenuDownloadManager");
+ } else if (id == R.id.enable_javascript_id || id == R.id.enable_javascript_check_id) {
+ final boolean reloadOnChange = !currentTab.isNativePage();
+ final boolean jsEnabled = PrefServiceBridge.getInstance().javaScriptEnabled();
+ PrefServiceBridge.getInstance().setJavaScriptEnabled(!jsEnabled);
+ if (reloadOnChange) {
+ currentTab.reload();
+ }
+ RecordUserAction.record("MobileMenuRequestEnableJavascript");
} else if (id == R.id.open_recently_closed_tab) {
TabModel currentModel = mTabModelSelectorImpl.getCurrentModel();
if (!currentModel.isIncognito()) currentModel.openMostRecentlyClosedTab();
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/appmenu/AppMenuPropertiesDelegate.java b/chrome/android/java/src/org/chromium/chrome/browser/appmenu/AppMenuPropertiesDelegate.java
--- a/chrome/android/java/src/org/chromium/chrome/browser/appmenu/AppMenuPropertiesDelegate.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/appmenu/AppMenuPropertiesDelegate.java
@@ -225,6 +225,8 @@ public class AppMenuPropertiesDelegate {
updateRequestDesktopSiteMenuItem(menu, currentTab, true /* can show */);
+ updateEnableJavascriptMenuItem(menu, currentTab);
+
// Only display reader mode settings menu option if the current page is in reader mode.
menu.findItem(R.id.reader_mode_prefs_id)
.setVisible(DomDistillerUrlUtils.isDistilledPage(currentTab.getUrl()));
@@ -504,4 +506,37 @@ public class AppMenuPropertiesDelegate {
return chromeHomeMenuItemFlagEnabled && !sHideChromeHomeMenuItems;
}
+
+ /**
+ * Updates the enable JavaScript item's state.
+ *
+ * @param menu {@link Menu} for enable javascript
+ * @param currentTab Current tab being displayed.
+ */
+ protected void updateEnableJavascriptMenuItem(
+ Menu menu, Tab currentTab) {
+ MenuItem enableMenuRow = menu.findItem(R.id.enable_javascript_row_menu_id);
+ MenuItem enableMenuLabel = menu.findItem(R.id.enable_javascript_id);
+ MenuItem enableMenuCheck = menu.findItem(R.id.enable_javascript_check_id);
+
+ // Hide enable javascript on all chrome:// pages and the NTP.
+ String url = currentTab.getUrl();
+ boolean isChromeScheme = url.startsWith(UrlConstants.CHROME_URL_PREFIX)
+ || url.startsWith(UrlConstants.CHROME_NATIVE_URL_PREFIX);
+
+ boolean itemVisible = !isChromeScheme && !currentTab.isNativePage();
+ enableMenuRow.setVisible(itemVisible);
+ if (!itemVisible) return;
+
+ boolean jsEnabled = PrefServiceBridge.getInstance().javaScriptEnabled();
+
+ // Mark the checkbox if Javascript is activated on this tab.
+ enableMenuCheck.setChecked(jsEnabled);
+
+ // This title doesn't seem to be displayed by Android, but it is used to set up
+ // accessibility text in {@link AppMenuAdapter#setupMenuButton}.
+ enableMenuLabel.setTitleCondensed(jsEnabled
+ ? mActivity.getString(R.string.menu_enable_javascript_on)
+ : mActivity.getString(R.string.menu_enable_javascript_off));
+ }
}
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/customtabs/CustomTabAppMenuPropertiesDelegate.java b/chrome/android/java/src/org/chromium/chrome/browser/customtabs/CustomTabAppMenuPropertiesDelegate.java
--- a/chrome/android/java/src/org/chromium/chrome/browser/customtabs/CustomTabAppMenuPropertiesDelegate.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/customtabs/CustomTabAppMenuPropertiesDelegate.java
@@ -164,6 +164,7 @@ public class CustomTabAppMenuPropertiesDelegate extends AppMenuPropertiesDelegat
}
updateRequestDesktopSiteMenuItem(menu, currentTab, requestDesktopSiteVisible);
+ updateEnableJavascriptMenuItem(menu, currentTab);
prepareAddToHomescreenMenuItem(menu, currentTab, addToHomeScreenVisible);
}
}
diff --git a/chrome/android/java/strings/android_chrome_strings.grd b/chrome/android/java/strings/android_chrome_strings.grd
--- a/chrome/android/java/strings/android_chrome_strings.grd
+++ b/chrome/android/java/strings/android_chrome_strings.grd
@@ -2506,6 +2506,17 @@ To obtain new licenses, connect to the internet and play your downloaded content
<message name="IDS_MENU_FIND_IN_PAGE" desc="Menu item allowing users to find text within the current page. [CHAR-LIMIT=27]">
Find in page
</message>
+
+ <message name="IDS_MENU_ENABLE_JAVASCRIPT" desc="Menu item in Chrome's overflow/options menu. If this menu item is unselected, Bromite will disable JavaScript support for the page. [CHAR-LIMIT=27]">
+ Enable JavaScript
+ </message>
+ <message name="IDS_MENU_ENABLE_JAVASCRIPT_ON" desc="Accessibility description for when Enable JavaScript is selected.">
+ Turn off JavaScript
+ </message>
+ <message name="IDS_MENU_ENABLE_JAVASCRIPT_OFF" desc="Accessibility description for when Enable JavaScript is unselected.">
+ Turn on JavaScript
+ </message>
+
<message name="IDS_MENU_REQUEST_DESKTOP_SITE" desc="Menu item in Chrome's overflow/options menu. By default, when a user navigates to a web page, Chrome shows the mobile site, that is, the version of the site designed for mobile phones. If this menu item is selected, however, Chrome will try to load the 'desktop' site instead, i.e. the site designed for desktop computers or laptop computers, which have larger screens. [CHAR-LIMIT=24]">
Desktop site
</message>
--
2.7.4