CookieStore: Origin Check

This adds an origin check in the browser that matches the check in the renderer. Change-Id: I84b5f3628aecbf20bb44c1af60c69385d2fa0d7c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2616482 Commit-Queue: Ayu Ishii <ayui@chromium.org> Reviewed-by: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#842735}

CookieStore: Origin Check
This adds an origin check in the browser that matches the check in the renderer. Change-Id: I84b5f3628aecbf20bb44c1af60c69385d2fa0d7c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2616482 Commit-Queue: Ayu Ishii <ayui@chromium.org> Reviewed-by: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#842735}
7bc4243f · Ayu Ishii · Chromium LUCI CQ · 84b4baf7 · 7bc4243f · 7bc4243f
Commit 7bc4243f authored Jan 12, 2021 by Ayu Ishii Committed by Chromium LUCI CQ Jan 12, 2021
2 changed files
--- a/content/browser/cookie_store/cookie_store_manager.cc
+++ b/content/browser/cookie_store/cookie_store_manager.cc
@@ -18,6 +18,7 @@
 #include "content/browser/service_worker/service_worker_version.h"
 #include "content/public/browser/browser_context.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
+#include "services/network/public/cpp/is_potentially_trustworthy.h"
 #include "third_party/blink/public/common/service_worker/service_worker_scope_match.h"
 #include "third_party/blink/public/common/service_worker/service_worker_status_code.h"
 #include "third_party/blink/public/mojom/service_worker/service_worker_event_status.mojom.h"
@@ -49,6 +50,11 @@ void CookieStoreManager::CreateService(
    const url::Origin& origin) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+  if (!network::IsOriginPotentiallyTrustworthy(origin)) {
+    mojo::ReportBadMessage("Cookie Store access from an insecure origin");
+    return;
+  }
  receivers_.Add(std::make_unique<CookieStoreHost>(this, origin),
                 std::move(receiver));
 }

--- a/content/browser/cookie_store/cookie_store_manager_unittest.cc
+++ b/content/browser/cookie_store/cookie_store_manager_unittest.cc
@@ -19,6 +19,7 @@
 #include "content/browser/storage_partition_impl.h"
 #include "content/public/test/browser_task_environment.h"
 #include "content/public/test/test_browser_context.h"
+#include "content/test/fake_mojo_message_dispatch_context.h"
 #include "mojo/public/cpp/test_support/test_utils.h"
 #include "net/base/features.h"
 #include "net/cookies/cookie_access_result.h"
@@ -1757,6 +1758,23 @@ TEST_P(CookieStoreManagerTest, GetSubscriptionsFromWrongOrigin) {
  EXPECT_EQ("Invalid service worker", bad_mesage_observer.WaitForBadMessage());
 }
+TEST_F(CookieStoreManagerTest, UnTrustworthyOrigin) {
+  mojo::Remote<blink::mojom::CookieStore> untrustworthy_service_remote;
+  // Create a fake dispatch context to trigger a bad message in.
+  FakeMojoMessageDispatchContext fake_dispatch_context;
+  mojo::test::BadMessageObserver bad_mesage_observer;
+  cookie_store_context_->CreateServiceForTesting(
+      url::Origin::Create(GURL("http://insecure.com")),
+      untrustworthy_service_remote.BindNewPipeAndPassReceiver());
+  untrustworthy_service_remote.FlushForTesting();
+  EXPECT_FALSE(untrustworthy_service_remote.is_connected());
+  EXPECT_EQ("Cookie Store access from an insecure origin",
+            bad_mesage_observer.WaitForBadMessage());
+}
 INSTANTIATE_TEST_SUITE_P(All,
                         CookieStoreManagerTest,
                         testing::Bool() /* reset_context_during_test */);