Adding upstream version 124.0.1.upstream/124.0.1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 467 insertions, 0 deletions

diff --git a/toolkit/components/resistfingerprinting/nsRFPService.h b/toolkit/components/resistfingerprinting/nsRFPService.h
new file mode 100644
index 0000000000..9e0ae9b6af
--- /dev/null
+++ b/toolkit/components/resistfingerprinting/nsRFPService.h
@@ -0,0 +1,467 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __nsRFPService_h__
+#define __nsRFPService_h__
+
+#include <cstdint>
+#include <tuple>
+#include "ErrorList.h"
+#include "PLDHashTable.h"
+#include "mozilla/BasicEvents.h"
+#include "mozilla/ContentBlockingLog.h"
+#include "mozilla/gfx/Types.h"
+#include "mozilla/TypedEnumBits.h"
+#include "js/RealmOptions.h"
+#include "nsHashtablesFwd.h"
+#include "nsICookieJarSettings.h"
+#include "nsIFingerprintingWebCompatService.h"
+#include "nsIObserver.h"
+#include "nsISupports.h"
+#include "nsIRFPService.h"
+#include "nsStringFwd.h"
+
+// Defines regarding spoofed values of Navigator object. These spoofed values
+// are returned when 'privacy.resistFingerprinting' is true.
+// We decided to give different spoofed values according to the platform. The
+// reason is that it is easy to detect the real platform. So there is no benefit
+// for hiding the platform: it only brings breakages, like keyboard shortcuts
+// won't work in macOS if we spoof it as a Windows platform.
+#ifdef XP_WIN
+#  define SPOOFED_UA_OS "Windows NT 10.0; Win64; x64"
+#  define SPOOFED_APPVERSION "5.0 (Windows)"
+#  define SPOOFED_OSCPU "Windows NT 10.0; Win64; x64"
+#  define SPOOFED_PLATFORM "Win32"
+#elif defined(XP_MACOSX)
+#  define SPOOFED_UA_OS "Macintosh; Intel Mac OS X 10.15"
+#  define SPOOFED_APPVERSION "5.0 (Macintosh)"
+#  define SPOOFED_OSCPU "Intel Mac OS X 10.15"
+#  define SPOOFED_PLATFORM "MacIntel"
+#elif defined(MOZ_WIDGET_ANDROID)
+#  define SPOOFED_UA_OS "Android 10; Mobile"
+#  define SPOOFED_APPVERSION "5.0 (Android 10)"
+#  define SPOOFED_OSCPU "Linux armv81"
+#  define SPOOFED_PLATFORM "Linux armv81"
+#else
+// For Linux and other platforms, like BSDs, SunOS and etc, we will use Linux
+// platform.
+#  define SPOOFED_UA_OS "X11; Linux x86_64"
+#  define SPOOFED_APPVERSION "5.0 (X11)"
+#  define SPOOFED_OSCPU "Linux x86_64"
+#  define SPOOFED_PLATFORM "Linux x86_64"
+#endif
+
+#define LEGACY_BUILD_ID "20181001000000"
+#define LEGACY_UA_GECKO_TRAIL "20100101"
+
+#define SPOOFED_POINTER_INTERFACE MouseEvent_Binding::MOZ_SOURCE_MOUSE
+
+// For the HTTP User-Agent header, we use a simpler set of spoofed values
+// that do not reveal the specific desktop platform.
+#if defined(MOZ_WIDGET_ANDROID)
+#  define SPOOFED_HTTP_UA_OS "Android 10; Mobile"
+#else
+#  define SPOOFED_HTTP_UA_OS "Windows NT 10.0"
+#endif
+
+struct JSContext;
+
+class nsIChannel;
+
+namespace mozilla {
+class WidgetKeyboardEvent;
+class OriginAttributes;
+class OriginAttributesPattern;
+namespace dom {
+class Document;
+enum class CanvasContextType : uint8_t;
+}  // namespace dom
+
+enum KeyboardLang { EN = 0x01 };
+
+#define RFP_KEYBOARD_LANG_STRING_EN "en"
+
+typedef uint8_t KeyboardLangs;
+
+enum KeyboardRegion { US = 0x01 };
+
+#define RFP_KEYBOARD_REGION_STRING_US "US"
+
+typedef uint8_t KeyboardRegions;
+
+// This struct has the information about how to spoof the keyboardEvent.code,
+// keyboardEvent.keycode and modifier states.
+struct SpoofingKeyboardCode {
+  CodeNameIndex mCode;
+  uint8_t mKeyCode;
+  Modifiers mModifierStates;
+};
+
+struct SpoofingKeyboardInfo {
+  nsString mKey;
+  KeyNameIndex mKeyIdx;
+  SpoofingKeyboardCode mSpoofingCode;
+};
+
+class KeyboardHashKey : public PLDHashEntryHdr {
+ public:
+  typedef const KeyboardHashKey& KeyType;
+  typedef const KeyboardHashKey* KeyTypePointer;
+
+  KeyboardHashKey(const KeyboardLangs aLang, const KeyboardRegions aRegion,
+                  const KeyNameIndexType aKeyIdx, const nsAString& aKey);
+
+  explicit KeyboardHashKey(KeyTypePointer aOther);
+
+  KeyboardHashKey(KeyboardHashKey&& aOther) noexcept;
+
+  ~KeyboardHashKey();
+
+  bool KeyEquals(KeyTypePointer aOther) const;
+
+  static KeyTypePointer KeyToPointer(KeyType aKey);
+
+  static PLDHashNumber HashKey(KeyTypePointer aKey);
+
+  enum { ALLOW_MEMMOVE = true };
+
+  KeyboardLangs mLang;
+  KeyboardRegions mRegion;
+  KeyNameIndexType mKeyIdx;
+  nsString mKey;
+};
+
+// ============================================================================
+
+// Reduce Timer Precision (RTP) Caller Type
+enum class RTPCallerType : uint8_t {
+  Normal = 0,
+  SystemPrincipal = (1 << 0),
+  ResistFingerprinting = (1 << 1),
+  CrossOriginIsolated = (1 << 2)
+};
+
+inline JS::RTPCallerTypeToken RTPCallerTypeToToken(RTPCallerType aType) {
+  return JS::RTPCallerTypeToken{uint8_t(aType)};
+}
+
+inline RTPCallerType RTPCallerTypeFromToken(JS::RTPCallerTypeToken aToken) {
+  MOZ_RELEASE_ASSERT(
+      aToken.value == uint8_t(RTPCallerType::Normal) ||
+      aToken.value == uint8_t(RTPCallerType::SystemPrincipal) ||
+      aToken.value == uint8_t(RTPCallerType::ResistFingerprinting) ||
+      aToken.value == uint8_t(RTPCallerType::CrossOriginIsolated));
+  return static_cast<RTPCallerType>(aToken.value);
+}
+
+enum TimerPrecisionType {
+  DangerouslyNone = 1,
+  UnconditionalAKAHighRes = 2,
+  Normal = 3,
+  RFP = 4,
+};
+
+// ============================================================================
+
+enum class CanvasFeatureUsage : uint8_t {
+  None = 0,
+  KnownFingerprintText = 1 << 0,
+  SetFont = 1 << 1,
+  FillRect = 1 << 2,
+  LineTo = 1 << 3,
+  Stroke = 1 << 4
+};
+MOZ_MAKE_ENUM_CLASS_BITWISE_OPERATORS(CanvasFeatureUsage);
+
+class CanvasUsage {
+ public:
+  nsIntSize mSize;
+  dom::CanvasContextType mType;
+  CanvasFeatureUsage mFeatureUsage;
+
+  CanvasUsage(nsIntSize aSize, dom::CanvasContextType aType,
+              CanvasFeatureUsage aFeatureUsage)
+      : mSize(aSize), mType(aType), mFeatureUsage(aFeatureUsage) {}
+};
+
+// ============================================================================
+
+// NOLINTNEXTLINE(bugprone-macro-parentheses)
+#define ITEM_VALUE(name, val) name = val,
+
+// The definition for fingerprinting protections. Each enum represents one
+// fingerprinting protection that targets one specific WebAPI our fingerprinting
+// surface. The enums can be found in RFPTargets.inc.
+enum class RFPTarget : uint64_t {
+#include "RFPTargets.inc"
+};
+
+#undef ITEM_VALUE
+
+MOZ_MAKE_ENUM_CLASS_BITWISE_OPERATORS(RFPTarget);
+
+// ============================================================================
+
+class nsRFPService final : public nsIObserver, public nsIRFPService {
+ public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+  NS_DECL_NSIRFPSERVICE
+
+  static already_AddRefed<nsRFPService> GetOrCreate();
+
+  // _Rarely_ you will need to know if RFP is enabled, or if FPP is enabled.
+  // 98% of the time you should use nsContentUtils::ShouldResistFingerprinting
+  // as the difference will not matter to you.
+  static bool IsRFPPrefEnabled(bool aIsPrivateMode);
+
+  static bool IsRFPEnabledFor(
+      bool aIsPrivateMode, RFPTarget aTarget,
+      const Maybe<RFPTarget>& aOverriddenFingerprintingSettings);
+
+  // --------------------------------------------------------------------------
+  static double TimerResolution(RTPCallerType aRTPCallerType);
+
+  enum TimeScale { Seconds = 1, MilliSeconds = 1000, MicroSeconds = 1000000 };
+
+  // The following Reduce methods can be called off main thread.
+  static double ReduceTimePrecisionAsUSecs(double aTime, int64_t aContextMixin,
+                                           RTPCallerType aRTPCallerType);
+  static double ReduceTimePrecisionAsMSecs(double aTime, int64_t aContextMixin,
+                                           RTPCallerType aRTPCallerType);
+  static double ReduceTimePrecisionAsMSecsRFPOnly(double aTime,
+                                                  int64_t aContextMixin,
+                                                  RTPCallerType aRTPCallerType);
+  static double ReduceTimePrecisionAsSecs(double aTime, int64_t aContextMixin,
+                                          RTPCallerType aRTPCallerType);
+  static double ReduceTimePrecisionAsSecsRFPOnly(double aTime,
+                                                 int64_t aContextMixin,
+                                                 RTPCallerType aRTPCallerType);
+  // Public only for testing purposes
+  static double ReduceTimePrecisionImpl(double aTime, TimeScale aTimeScale,
+                                        double aResolutionUSec,
+                                        int64_t aContextMixin,
+                                        TimerPrecisionType aType);
+  static nsresult RandomMidpoint(long long aClampedTimeUSec,
+                                 long long aResolutionUSec,
+                                 int64_t aContextMixin, long long* aMidpointOut,
+                                 uint8_t* aSecretSeed = nullptr);
+
+  // --------------------------------------------------------------------------
+
+  // This method calculates the video resolution (i.e. height x width) based
+  // on the video quality (480p, 720p, etc).
+  static uint32_t CalculateTargetVideoResolution(uint32_t aVideoQuality);
+
+  // Methods for getting spoofed media statistics and the return value will
+  // depend on the video resolution.
+  static uint32_t GetSpoofedTotalFrames(double aTime);
+  static uint32_t GetSpoofedDroppedFrames(double aTime, uint32_t aWidth,
+                                          uint32_t aHeight);
+  static uint32_t GetSpoofedPresentedFrames(double aTime, uint32_t aWidth,
+                                            uint32_t aHeight);
+
+  // --------------------------------------------------------------------------
+
+  // This method generates the spoofed value of User Agent.
+  static void GetSpoofedUserAgent(nsACString& userAgent, bool isForHTTPHeader);
+
+  // --------------------------------------------------------------------------
+
+  // This method generates the locale string (e.g. "en-US") that should be
+  // spoofed by the JavaScript engine.
+  static nsCString GetSpoofedJSLocale();
+
+  // --------------------------------------------------------------------------
+
+  /**
+   * This method for getting spoofed modifier states for the given keyboard
+   * event.
+   *
+   * @param aDoc           [in]  the owner's document for getting content
+   *                             language.
+   * @param aKeyboardEvent [in]  the keyboard event that needs to be spoofed.
+   * @param aModifier      [in]  the modifier that needs to be spoofed.
+   * @param aOut           [out] the spoofed state for the given modifier.
+   * @return               true if there is a spoofed state for the modifier.
+   */
+  static bool GetSpoofedModifierStates(
+      const mozilla::dom::Document* aDoc,
+      const WidgetKeyboardEvent* aKeyboardEvent, const Modifiers aModifier,
+      bool& aOut);
+
+  /**
+   * This method for getting spoofed code for the given keyboard event.
+   *
+   * @param aDoc           [in]  the owner's document for getting content
+   *                             language.
+   * @param aKeyboardEvent [in]  the keyboard event that needs to be spoofed.
+   * @param aOut           [out] the spoofed code.
+   * @return               true if there is a spoofed code in the fake keyboard
+   *                       layout.
+   */
+  static bool GetSpoofedCode(const dom::Document* aDoc,
+                             const WidgetKeyboardEvent* aKeyboardEvent,
+                             nsAString& aOut);
+
+  /**
+   * This method for getting spoofed keyCode for the given keyboard event.
+   *
+   * @param aDoc           [in]  the owner's document for getting content
+   *                             language.
+   * @param aKeyboardEvent [in]  the keyboard event that needs to be spoofed.
+   * @param aOut           [out] the spoofed keyCode.
+   * @return               true if there is a spoofed keyCode in the fake
+   *                       keyboard layout.
+   */
+  static bool GetSpoofedKeyCode(const mozilla::dom::Document* aDoc,
+                                const WidgetKeyboardEvent* aKeyboardEvent,
+                                uint32_t& aOut);
+
+  // --------------------------------------------------------------------------
+
+  // The method to generate the key for randomization. It can return nothing if
+  // the session key is not available due to the randomization is disabled.
+  static Maybe<nsTArray<uint8_t>> GenerateKey(nsIChannel* aChannel);
+
+  // The method to add random noises to the image data based on the random key
+  // of the given cookieJarSettings.
+  static nsresult RandomizePixels(nsICookieJarSettings* aCookieJarSettings,
+                                  uint8_t* aData, uint32_t aWidth,
+                                  uint32_t aHeight, uint32_t aSize,
+                                  mozilla::gfx::SurfaceFormat aSurfaceFormat);
+
+  // --------------------------------------------------------------------------
+
+  // The method for getting the granular fingerprinting protection override of
+  // the given channel. Due to WebCompat reason, there can be a granular
+  // overrides to replace default enabled RFPTargets for the context of the
+  // channel. The method will return Nothing() to indicate using the default
+  // RFPTargets
+  static Maybe<RFPTarget> GetOverriddenFingerprintingSettingsForChannel(
+      nsIChannel* aChannel);
+
+  // The method for getting the granular fingerprinting protection override of
+  // the given first-party and third-party URIs. It will return the granular
+  // overrides if there is one defined for the context of the first-party URI
+  // and third-party URI. Otherwise, it will return Nothing() to indicate using
+  // the default RFPTargets.
+  static Maybe<RFPTarget> GetOverriddenFingerprintingSettingsForURI(
+      nsIURI* aFirstPartyURI, nsIURI* aThirdPartyURI);
+
+  // --------------------------------------------------------------------------
+
+  static void MaybeReportCanvasFingerprinter(nsTArray<CanvasUsage>& aUses,
+                                             nsIChannel* aChannel,
+                                             nsACString& aOriginNoSuffix);
+
+  static void MaybeReportFontFingerprinter(nsIChannel* aChannel,
+                                           nsACString& aOriginNoSuffix);
+
+  // --------------------------------------------------------------------------
+
+  // A helper function to check if there is a suspicious fingerprinting
+  // activity from given content blocking origin logs. It returns true if we
+  // detect suspicious fingerprinting activities.
+  static bool CheckSuspiciousFingerprintingActivity(
+      nsTArray<ContentBlockingLog::LogEntry>& aLogs);
+
+ private:
+  nsresult Init();
+
+  nsRFPService() = default;
+
+  ~nsRFPService() = default;
+
+  void UpdateFPPOverrideList();
+  void StartShutdown();
+
+  void PrefChanged(const char* aPref);
+  static void PrefChanged(const char* aPref, void* aSelf);
+
+  static Maybe<RFPTarget> TextToRFPTarget(const nsAString& aText);
+
+  // --------------------------------------------------------------------------
+
+  static void MaybeCreateSpoofingKeyCodes(const KeyboardLangs aLang,
+                                          const KeyboardRegions aRegion);
+  static void MaybeCreateSpoofingKeyCodesForEnUS();
+
+  static void GetKeyboardLangAndRegion(const nsAString& aLanguage,
+                                       KeyboardLangs& aLocale,
+                                       KeyboardRegions& aRegion);
+  static bool GetSpoofedKeyCodeInfo(const mozilla::dom::Document* aDoc,
+                                    const WidgetKeyboardEvent* aKeyboardEvent,
+                                    SpoofingKeyboardCode& aOut);
+
+  static nsTHashMap<KeyboardHashKey, const SpoofingKeyboardCode*>*
+      sSpoofingKeyboardCodes;
+
+  // --------------------------------------------------------------------------
+
+  // Used by the JS Engine
+  static double ReduceTimePrecisionAsUSecsWrapper(
+      double aTime, JS::RTPCallerTypeToken aCallerType, JSContext* aCx);
+
+  static TimerPrecisionType GetTimerPrecisionType(RTPCallerType aRTPCallerType);
+
+  static TimerPrecisionType GetTimerPrecisionTypeRFPOnly(
+      RTPCallerType aRTPCallerType);
+
+  static void TypeToText(TimerPrecisionType aType, nsACString& aText);
+
+  // --------------------------------------------------------------------------
+
+  // A helper function to generate canvas key from the given image data and
+  // randomization key.
+  static nsresult GenerateCanvasKeyFromImageData(
+      nsICookieJarSettings* aCookieJarSettings, uint8_t* aImageData,
+      uint32_t aSize, nsTArray<uint8_t>& aCanvasKey);
+
+  // Generate the session key if it hasn't been generated.
+  nsresult GetBrowsingSessionKey(const OriginAttributes& aOriginAttributes,
+                                 nsID& aBrowsingSessionKey);
+  void ClearBrowsingSessionKey(const OriginAttributesPattern& aPattern);
+  void ClearBrowsingSessionKey(const OriginAttributes& aOriginAttributes);
+
+  // The keys that represent the browsing session. The lifetime of the key ties
+  // to the browsing session. For normal windows, the key is generated when
+  // loading the first http channel after the browser startup and persists until
+  // the browser shuts down. For private windows, the key is generated when
+  // opening a http channel on a private window and reset after all private
+  // windows close, i.e. private browsing session ends.
+  //
+  // The key will be used to generate the randomization noise used to fiddle the
+  // browser fingerprints. Note that this key lives and can only be accessed in
+  // the parent process.
+  nsTHashMap<nsCStringHashKey, nsID> mBrowsingSessionKeys;
+
+  nsCOMPtr<nsIFingerprintingWebCompatService> mWebCompatService;
+  nsTHashMap<nsCStringHashKey, RFPTarget> mFingerprintingOverrides;
+
+  // A helper function to create the domain key for the fingerprinting
+  // overrides. The key can be in the following five formats.
+  // 1. {first-party domain}: The override only apply to the first-party domain.
+  // 2. {first-party domain, *}: The overrides apply to every contexts under the
+  //    top-level domain, including itself.
+  // 3. {*, third-party domain}: The overrides apply to the third-party domain
+  //    under any top-level domain.
+  // 4. {first-party domain, third-party domain}: the overrides apply to the
+  //    specific third-party domain under the given first-party domain.
+  // 5. {*}: A global overrides that will apply to every context.
+  static nsresult CreateOverrideDomainKey(nsIFingerprintingOverride* aOverride,
+                                          nsACString& aDomainKey);
+
+  // A helper function to create the RFPTarget bitfield based on the given
+  // overrides text and the based overrides bitfield. The function will parse
+  // the text and update the based overrides bitfield accordingly. Then, it will
+  // return the updated bitfield.
+  static RFPTarget CreateOverridesFromText(
+      const nsString& aOverridesText, RFPTarget aBaseOverrides = RFPTarget(0));
+};
+
+}  // namespace mozilla
+
+#endif /* __nsRFPService_h__ */