Removing kSiteIsolationEnforcementForFileSystemApi feature and UMA.

The UMA was only needed to evaluate the safety/risk of shipping the feature. The feature has been enabled since r798414 / Aug 2020. Bug: 917457 Change-Id: Ieb73cb32d9dce587ef40a0d3b85de5956333bf72 Fixed: 1160833 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2600396Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Steven Holte <holte@chromium.org> Auto-Submit: Łukasz Anforowicz <lukasza@chromium.org> Commit-Queue: Steven Holte <holte@chromium.org> Cr-Commit-Position: refs/heads/master@{#839646}

Removing kSiteIsolationEnforcementForFileSystemApi feature and UMA.
The UMA was only needed to evaluate the safety/risk of shipping the feature. The feature has been enabled since r798414 / Aug 2020. Bug: 917457 Change-Id: Ieb73cb32d9dce587ef40a0d3b85de5956333bf72 Fixed: 1160833 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2600396Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Steven Holte <holte@chromium.org> Auto-Submit: Łukasz Anforowicz <lukasza@chromium.org> Commit-Queue: Steven Holte <holte@chromium.org> Cr-Commit-Position: refs/heads/master@{#839646}
d208eca4 · Lukasz Anforowicz · Chromium LUCI CQ · a4f1a716 · d208eca4 · d208eca4
Commit d208eca4 authored Dec 29, 2020 by Lukasz Anforowicz Committed by Chromium LUCI CQ Dec 29, 2020
4 changed files
--- a/content/browser/file_system/file_system_manager_impl.cc
+++ b/content/browser/file_system/file_system_manager_impl.cc
@@ -8,10 +8,8 @@
 #include "base/bind.h"
 #include "base/check_op.h"
-#include "base/feature_list.h"
 #include "base/files/file_path.h"
 #include "base/macros.h"
-#include "base/metrics/histogram_macros.h"
 #include "base/metrics/user_metrics.h"
 #include "base/notreached.h"
 #include "base/sequenced_task_runner.h"
@@ -26,7 +24,6 @@
 #include "content/browser/file_system/browser_file_system_helper.h"
 #include "content/public/browser/browser_task_traits.h"
 #include "content/public/browser/browser_thread.h"
-#include "content/public/common/content_features.h"
 #include "ipc/ipc_platform_file.h"
 #include "net/base/mime_util.h"
 #include "storage/browser/blob/blob_data_builder.h"
@@ -39,7 +36,6 @@
 #include "storage/common/file_system/file_system_info.h"
 #include "storage/common/file_system/file_system_types.h"
 #include "storage/common/file_system/file_system_util.h"
-#include "third_party/blink/public/common/features.h"
 #include "url/gurl.h"
 #include "url/origin.h"
@@ -217,20 +213,9 @@ void FileSystemManagerImpl::Open(const url::Origin& origin,
  DCHECK_CURRENTLY_ON(BrowserThread::IO);
  if (!security_policy_->CanAccessDataForOrigin(process_id_, origin)) {
-    const std::string& scheme =
+    NOTREACHED();
-        origin.GetTupleOrPrecursorTupleIfOpaque().scheme();
+    receivers_.ReportBadMessage("FSMI_OPEN_INVALID_ORIGIN");
-    bool is_http_based_scheme =
+    return;
-        (scheme == url::kHttpsScheme) || (scheme == url::kHttpsScheme);
-    UMA_HISTOGRAM_BOOLEAN(
-        "SiteIsolation.FileSystemApi.CanAccessDataForOriginFailure."
-        "IsHttpBasedScheme",
-        is_http_based_scheme);
-    if (base::FeatureList::IsEnabled(
-            features::kSiteIsolationEnforcementForFileSystemApi)) {
-      receivers_.ReportBadMessage("FSMI_OPEN_INVALID_ORIGIN");
-      return;
-    }
  }
  if (file_system_type == blink::mojom::FileSystemType::kTemporary) {

--- a/content/public/common/content_features.cc
+++ b/content/public/common/content_features.cc
@@ -657,13 +657,6 @@ const base::Feature kWebOTP{"WebOTP", base::FEATURE_ENABLED_BY_DEFAULT};
 const base::Feature kWebOTPAssertionFeaturePolicy{
    "WebOTPAssertionFeaturePolicy", base::FEATURE_DISABLED_BY_DEFAULT};
-// Controls whether Site Isolation protects against spoofing of origin in
-// mojom::FileSystemManager::Open IPC from compromised renderer processes.  See
-// also https://crbug.com/917457.
-const base::Feature kSiteIsolationEnforcementForFileSystemApi{
-    "SiteIsolationEnforcementForFileSystemApi",
-    base::FEATURE_ENABLED_BY_DEFAULT};
 // Controls whether SpareRenderProcessHostManager tries to always have a warm
 // spare renderer process around for the most recently requested BrowserContext.
 // This feature is only consulted in site-per-process mode.

--- a/content/public/common/content_features.h
+++ b/content/public/common/content_features.h
@@ -154,8 +154,6 @@ CONTENT_EXPORT extern const base::Feature
 CONTENT_EXPORT extern const base::Feature kSignedExchangeSubresourcePrefetch;
 CONTENT_EXPORT extern const base::Feature kSignedHTTPExchange;
 CONTENT_EXPORT extern const base::Feature kSignedHTTPExchangePingValidity;
-CONTENT_EXPORT extern const base::Feature
-    kSiteIsolationEnforcementForFileSystemApi;
 CONTENT_EXPORT extern const base::Feature
    kSkipEarlyCommitPendingForCrashedFrame;
 CONTENT_EXPORT extern const base::Feature kWebOTP;

--- a/tools/metrics/histograms/histograms_xml/others/histograms.xml
+++ b/tools/metrics/histograms/histograms_xml/others/histograms.xml
@@ -14398,7 +14398,10 @@ should be kept until we remove incident reporting. -->
 <histogram
    name="SiteIsolation.FileSystemApi.CanAccessDataForOriginFailure.IsHttpBasedScheme"
-    enum="BooleanHttpBasedOrOtherScheme" expires_after="2021-01-31">
+    enum="BooleanHttpBasedOrOtherScheme" expires_after="2020-12-21">
+  <obsolete>
+    Removed in Dec 2020 / M89.
+  </obsolete>
  <owner>lukasza@chromium.org</owner>
  <owner>nasko@chromium.org</owner>
  <summary>