Add metrics for usage of permission features from cross-origin iframes in blink

This CL adds metrics to measure the usage of features that require permissions in Chrome when they are used in cross-origin iframes only. In particular we only want to count an iframe if it doesn't have scripting access into the top level document. A new UseCounter::countCrossOriginIframe function has been added which will only count this type of usage. Note that this intends to count cases when a site tries to use an API whether or not the permission is granted by the user. BUG=444744 Review URL: https://codereview.chromium.org/1578263006 Cr-Commit-Position: refs/heads/master@{#371756}

Add metrics for usage of permission features from cross-origin iframes in blink
This CL adds metrics to measure the usage of features that require permissions in Chrome when they are used in cross-origin iframes only. In particular we only want to count an iframe if it doesn't have scripting access into the top level document. A new UseCounter::countCrossOriginIframe function has been added which will only count this type of usage. Note that this intends to count cases when a site tries to use an API whether or not the permission is granted by the user. BUG=444744 Review URL: https://codereview.chromium.org/1578263006 Cr-Commit-Position: refs/heads/master@{#371756}
fe356a2d · raymes · Commit bot · 08898ba3 · fe356a2d · fe356a2d
Commit fe356a2d authored Jan 27, 2016 by raymes Committed by Commit bot Jan 27, 2016
7 changed files
--- a/third_party/WebKit/Source/core/frame/UseCounter.cpp
+++ b/third_party/WebKit/Source/core/frame/UseCounter.cpp
@@ -730,6 +730,18 @@ void UseCounter::countDeprecationIfNotPrivateScript(v8::Isolate* isolate, Execut
    UseCounter::countDeprecation(context, feature);
 }
+void UseCounter::countCrossOriginIframe(const Document& document, Feature feature)
+{
+    Frame* frame = document.frame();
+    if (!frame)
+        return;
+    // Check to see if the frame can script into the top level document.
+    SecurityOrigin* securityOrigin = frame->securityContext()->securityOrigin();
+    Frame* top = frame->tree().top();
+    if (top && !securityOrigin->canAccess(top->securityContext()->securityOrigin()))
+        count(frame, feature);
+}
 static const char* milestoneString(int milestone)
 {
    switch (milestone) {

--- a/third_party/WebKit/Source/core/frame/UseCounter.h
+++ b/third_party/WebKit/Source/core/frame/UseCounter.h
@@ -994,6 +994,14 @@ public:
        V8PromiseAccept = 1138,
        V8PromiseDefer = 1139,
        EventScoped = 1140,
+        GeolocationInsecureOriginIframe = 1141,
+        GeolocationSecureOriginIframe = 1142,
+        RequestMIDIAccessIframe = 1143,
+        GetUserMediaInsecureOriginIframe = 1144,
+        GetUserMediaSecureOriginIframe = 1145,
+        ElementRequestPointerLockIframe = 1146,
+        NotificationAPIInsecureOriginIframe = 1147,
+        NotificationAPISecureOriginIframe = 1148,
        // Add new features immediately above this line. Don't change assigned
        // numbers of any item, and don't reuse removed slots.
@@ -1036,6 +1044,10 @@ public:
    static void countDeprecationIfNotPrivateScript(v8::Isolate*, ExecutionContext*, Feature);
    static String deprecationMessage(Feature);
+    // Count only features if they're being used in an iframe which does not
+    // have script access into the top level document.
+    static void countCrossOriginIframe(const Document&, Feature);
    // Return whether the Feature was previously counted for this document.
    // NOTE: only for use in testing.
    static bool isCounted(Document&, Feature);

--- a/third_party/WebKit/Source/core/page/PointerLockController.cpp
+++ b/third_party/WebKit/Source/core/page/PointerLockController.cpp
@@ -52,6 +52,8 @@ void PointerLockController::requestPointerLock(Element* target)
        return;
    }
+    UseCounter::countCrossOriginIframe(target->document(), UseCounter::ElementRequestPointerLockIframe);
    if (target->document().isSandboxed(SandboxPointerLock)) {
        // FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists.
        target->document().addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Blocked pointer lock on an element because the element's frame is sandboxed and the 'allow-pointer-lock' permission is not set."));

--- a/third_party/WebKit/Source/modules/geolocation/Geolocation.cpp
+++ b/third_party/WebKit/Source/modules/geolocation/Geolocation.cpp
@@ -157,8 +157,10 @@ void Geolocation::recordOriginTypeAccess() const
    String insecureOriginMsg;
    if (document->isSecureContext(insecureOriginMsg)) {
        UseCounter::count(document, UseCounter::GeolocationSecureOrigin);
+        UseCounter::countCrossOriginIframe(*document, UseCounter::GeolocationSecureOriginIframe);
    } else {
        UseCounter::countDeprecation(document, UseCounter::GeolocationInsecureOrigin);
+        UseCounter::countCrossOriginIframe(*document, UseCounter::GeolocationInsecureOriginIframe);
        OriginsUsingFeatures::countAnyWorld(*document, OriginsUsingFeatures::Feature::GeolocationInsecureOrigin);
    }
 }

--- a/third_party/WebKit/Source/modules/mediastream/UserMediaRequest.cpp
+++ b/third_party/WebKit/Source/modules/mediastream/UserMediaRequest.cpp
@@ -125,6 +125,7 @@ bool UserMediaRequest::isSecureContextUse(String& errorMessage)
    if (document->isSecureContext(errorMessage)) {
        UseCounter::count(document->frame(), UseCounter::GetUserMediaSecureOrigin);
+        UseCounter::countCrossOriginIframe(*document, UseCounter::GetUserMediaSecureOriginIframe);
        OriginsUsingFeatures::countAnyWorld(*document, OriginsUsingFeatures::Feature::GetUserMediaSecureOrigin);
        return true;
    }
@@ -132,6 +133,7 @@ bool UserMediaRequest::isSecureContextUse(String& errorMessage)
    // While getUserMedia is blocked on insecure origins, we still want to
    // count attempts to use it.
    UseCounter::countDeprecation(document->frame(), UseCounter::GetUserMediaInsecureOrigin);
+    UseCounter::countCrossOriginIframe(*document, UseCounter::GetUserMediaInsecureOriginIframe);
    OriginsUsingFeatures::countAnyWorld(*document, OriginsUsingFeatures::Feature::GetUserMediaInsecureOrigin);
    return false;
 }

--- a/third_party/WebKit/Source/modules/notifications/Notification.cpp
+++ b/third_party/WebKit/Source/modules/notifications/Notification.cpp
@@ -84,11 +84,15 @@ Notification* Notification::create(ExecutionContext* context, const String& titl
    }
    String insecureOriginMessage;
-    UseCounter::Feature feature = context->isSecureContext(insecureOriginMessage)
+    if (context->isSecureContext(insecureOriginMessage)) {
-        ? UseCounter::NotificationSecureOrigin
+        UseCounter::count(context, UseCounter::NotificationSecureOrigin);
-        : UseCounter::NotificationInsecureOrigin;
+        if (context->isDocument())
+            UseCounter::countCrossOriginIframe(*toDocument(context),  UseCounter::NotificationAPISecureOriginIframe);
-    UseCounter::count(context, feature);
+    } else {
+        UseCounter::count(context, UseCounter::NotificationInsecureOrigin);
+        if (context->isDocument())
+            UseCounter::countCrossOriginIframe(*toDocument(context),  UseCounter::NotificationAPIInsecureOriginIframe);
+    }
    WebNotificationData data = createWebNotificationData(context, title, options, exceptionState);
    if (exceptionState.hadException())

--- a/third_party/WebKit/Source/modules/webmidi/NavigatorWebMIDI.cpp
+++ b/third_party/WebKit/Source/modules/webmidi/NavigatorWebMIDI.cpp
@@ -36,6 +36,7 @@
 #include "core/dom/Document.h"
 #include "core/frame/LocalFrame.h"
 #include "core/frame/Navigator.h"
+#include "core/frame/UseCounter.h"
 #include "modules/webmidi/MIDIAccessInitializer.h"
 #include "modules/webmidi/MIDIOptions.h"
@@ -82,6 +83,7 @@ ScriptPromise NavigatorWebMIDI::requestMIDIAccess(ScriptState* scriptState, cons
        return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(AbortError, "The frame is not working."));
    }
+    UseCounter::countCrossOriginIframe(*frame()->document(), UseCounter::RequestMIDIAccessIframe);
    return MIDIAccessInitializer::start(scriptState, options);
 }