[sms] Restrict SMS Receiver API to Top Level Frames

This change restrictes the SMS Receiver API to only be used from top level
frames to prevent malicious sites from accessing the one time passcodes
for signup. Restriction in the browser process will be added in a
following CL.

Bug: 955765
Change-Id: Ie11e3b1fc6c9bf4597bde880d5083fec7255b79a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1594211Reviewed-by: Reilly Grant <reillyg@chromium.org>
Commit-Queue: Ayu Ishii <ayui@chromium.org>
Cr-Commit-Position: refs/heads/master@{#658694}

third_party/blink/renderer/modules/sms/sms_receiver.cc

@@ -8,7 +8,9 @@
 
 #include "services/service_manager/public/cpp/interface_provider.h"
 #include "third_party/blink/public/mojom/sms/sms_manager.mojom-blink.h"
+#include "third_party/blink/renderer/bindings/core/v8/script_promise.h"
 #include "third_party/blink/renderer/core/dom/dom_exception.h"
+#include "third_party/blink/renderer/core/frame/local_frame.h"
 #include "third_party/blink/renderer/modules/sms/sms.h"
 #include "third_party/blink/renderer/modules/sms/sms_receiver_options.h"
 #include "third_party/blink/renderer/platform/bindings/name_client.h"
@@ -70,6 +72,14 @@ ScriptPromise SMSReceiver::start(ScriptState* script_state) {
   ExecutionContext* context = ExecutionContext::From(script_state);
   DCHECK(context->IsContextThread());
 
+  LocalFrame* frame = GetFrame();
+  if (!frame->IsMainFrame()) {
+    return ScriptPromise::RejectWithDOMException(
+        script_state,
+        DOMException::Create(DOMExceptionCode::kNotAllowedError,
+                             "Must be in top-level browsing context."));
+  }
+
   StartMonitoring();
 
   return ScriptPromise::CastUndefined(script_state);

third_party/blink/web_tests/external/wpt/sms/constructor.tentative.https.any.js

@@ -56,5 +56,5 @@ promise_test(async t => {
 }, 'constructor uses a default value for the timeout when none is passed');
 
 promise_test(async t => {
-  new IdleDetector({timeout: undefined});
+  new SMSReceiver({timeout: undefined});
 }, 'constructor uses a default value for the timeout');

third_party/blink/web_tests/external/wpt/sms/resources/iframe.html

+<script>
+'use strict';
+
+new SMSReceiver().start().catch(error => {
+  window.parent.postMessage({errorType: error.name}, '*');
+});
+
+</script>

third_party/blink/web_tests/external/wpt/sms/sms-top-level-frame-only.https.html

+<!DOCTYPE html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<body>
+
+<script>
+'use strict';
+
+promise_test(async t => {
+  const messageWatcher = new EventWatcher(t, window, "message");
+  var iframe = document.createElement("iframe");
+  iframe.src = "resources/iframe.html"
+  document.body.appendChild(iframe);
+
+  const message = await messageWatcher.wait_for("message");
+  assert_equals(message.data.errorType, "NotAllowedError");
+
+}, "Test SMSReceiver API disabled in iframes");
+
+</script>
+</body>

third_party/blink/web_tests/external/wpt/sms/sms_receiver.idl

 [
   SecureContext,
-  Exposed=(Window,DedicatedWorker),
-  RuntimeEnabled=SmsRetrieval]
+  Exposed=(Window,DedicatedWorker)]
 interface SMS {
   readonly attribute DOMString content;
 };
@@ -18,4 +17,4 @@ dictionary SMSReceiverOptions {
   readonly attribute SMS sms;
   attribute EventHandler onchange;
   Promise<void> start();
-};
+};
\ No newline at end of file