Instrument NavigatorDeviceMemory to see if it leaks entropy about users' cross-origin identity.

We use IdentifiabilityMetricBuilder to report hashes of the different values this method can return to UKM to determine how much entropy this function leaks. Bug: 973801 Change-Id: I4aa45f5662d62a83f1971a62c61891f3ebdfa81b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2186997 Commit-Queue: Dylan Cutler <dylancutler@google.com> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Asanka Herath <asanka@chromium.org> Cr-Commit-Position: refs/heads/master@{#769839}

Instrument NavigatorDeviceMemory to see if it leaks entropy about users' cross-origin identity.
We use IdentifiabilityMetricBuilder to report hashes of the different values this method can return to UKM to determine how much entropy this function leaks. Bug: 973801 Change-Id: I4aa45f5662d62a83f1971a62c61891f3ebdfa81b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2186997 Commit-Queue: Dylan Cutler <dylancutler@google.com> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Asanka Herath <asanka@chromium.org> Cr-Commit-Position: refs/heads/master@{#769839}
4c87ba08 · Dylan Cutler · Commit Bot · 2f1b352f · 4c87ba08 · 4c87ba08
Commit 4c87ba08 authored May 18, 2020 by Dylan Cutler Committed by Commit Bot May 18, 2020
5 changed files
--- a/third_party/blink/renderer/core/frame/navigator.cc
+++ b/third_party/blink/renderer/core/frame/navigator.cc
@@ -39,8 +39,9 @@
 namespace blink {
 Navigator::Navigator(LocalFrame* frame)
-    : NavigatorLanguage(frame ? frame->DomWindow() : nullptr),
+    : ExecutionContextClient(frame),
-      ExecutionContextClient(frame) {}
+      NavigatorDeviceMemory(frame ? frame->GetDocument() : nullptr),
+      NavigatorLanguage(frame ? frame->DomWindow() : nullptr) {}
 String Navigator::productSub() const {
  return "20030107";
@@ -119,6 +120,7 @@ void Navigator::Trace(Visitor* visitor) const {
  NavigatorLanguage::Trace(visitor);
  ExecutionContextClient::Trace(visitor);
  Supplementable<Navigator>::Trace(visitor);
+  NavigatorDeviceMemory::Trace(visitor);
 }
 ExecutionContext* Navigator::GetUAExecutionContext() const {

--- a/third_party/blink/renderer/core/frame/navigator.h
+++ b/third_party/blink/renderer/core/frame/navigator.h
@@ -39,13 +39,13 @@ namespace blink {
 class LocalFrame;
 class CORE_EXPORT Navigator final : public ScriptWrappable,
+                                    public ExecutionContextClient,
                                    public NavigatorConcurrentHardware,
                                    public NavigatorDeviceMemory,
                                    public NavigatorID,
                                    public NavigatorLanguage,
                                    public NavigatorOnLine,
                                    public NavigatorUA,
-                                    public ExecutionContextClient,
                                    public Supplementable<Navigator> {
  DEFINE_WRAPPERTYPEINFO();
  USING_GARBAGE_COLLECTED_MIXIN(Navigator);

--- a/third_party/blink/renderer/core/frame/navigator_device_memory.cc
+++ b/third_party/blink/renderer/core/frame/navigator_device_memory.cc
@@ -5,11 +5,33 @@
 #include "third_party/blink/renderer/core/frame/navigator_device_memory.h"
 #include "third_party/blink/public/common/device_memory/approximated_device_memory.h"
+#include "third_party/blink/public/common/privacy_budget/identifiability_metrics.h"
+#include "third_party/blink/public/common/privacy_budget/identifiability_metric_builder.h"
+#include "third_party/blink/public/mojom/web_feature/web_feature.mojom-shared.h"
+#include "third_party/blink/renderer/core/dom/document.h"
+#include "third_party/blink/renderer/core/frame/local_dom_window.h"
 namespace blink {
+NavigatorDeviceMemory::NavigatorDeviceMemory(Document* document)
+    : document_(document) {}
 float NavigatorDeviceMemory::deviceMemory() const {
-  return ApproximatedDeviceMemory::GetApproximatedDeviceMemory();
+  float result = ApproximatedDeviceMemory::GetApproximatedDeviceMemory();
+  if (document_) {
+    IdentifiabilityMetricBuilder(
+        base::UkmSourceId::FromInt64(document_->UkmSourceID()))
+        .Set(IdentifiableSurface::FromTypeAndInput(
+                IdentifiableSurface::Type::kWebFeature,
+                static_cast<uint64_t>(WebFeature::kNavigatorDeviceMemory)),
+            IdentifiabilityDigestHelper(result))
+        .Record(document_->UkmRecorder());
+  }
+  return result;
+}
+void NavigatorDeviceMemory::Trace(Visitor* visitor) const {
+  visitor->Trace(document_);
 }
 }  // namespace blink
--- a/third_party/blink/renderer/core/frame/navigator_device_memory.h
+++ b/third_party/blink/renderer/core/frame/navigator_device_memory.h
@@ -6,12 +6,19 @@
 #define THIRD_PARTY_BLINK_RENDERER_CORE_FRAME_NAVIGATOR_DEVICE_MEMORY_H_
 #include "third_party/blink/renderer/core/core_export.h"
+#include "third_party/blink/renderer/core/dom/document.h"
 namespace blink {
-class CORE_EXPORT NavigatorDeviceMemory {
+class CORE_EXPORT NavigatorDeviceMemory : public GarbageCollectedMixin {
 public:
+  explicit NavigatorDeviceMemory();
+  explicit NavigatorDeviceMemory(Document* document);
  float deviceMemory() const;
+  void Trace(Visitor*) const override;
+ private:
+  WeakMember<Document> document_;
 };
 }  // namespace blink

--- a/third_party/blink/renderer/core/workers/worker_navigator.cc
+++ b/third_party/blink/renderer/core/workers/worker_navigator.cc
@@ -40,6 +40,7 @@ WorkerNavigator::WorkerNavigator(const String& user_agent,
                                 const UserAgentMetadata& ua_metadata,
                                 ExecutionContext* execution_context)
    : ExecutionContextClient(execution_context),
+      NavigatorDeviceMemory(nullptr),
      NavigatorLanguage(execution_context),
      user_agent_(user_agent),
      ua_metadata_(ua_metadata) {}
@@ -73,6 +74,7 @@ void WorkerNavigator::Trace(Visitor* visitor) const {
  ExecutionContextClient::Trace(visitor);
  NavigatorLanguage::Trace(visitor);
  Supplementable<WorkerNavigator>::Trace(visitor);
+  NavigatorDeviceMemory::Trace(visitor);
 }
 }  // namespace blink