diff options
Diffstat (limited to '')
-rw-r--r-- | netwerk/url-classifier/UrlClassifierFeatureFingerprintingProtection.cpp | 216 |
1 files changed, 216 insertions, 0 deletions
diff --git a/netwerk/url-classifier/UrlClassifierFeatureFingerprintingProtection.cpp b/netwerk/url-classifier/UrlClassifierFeatureFingerprintingProtection.cpp new file mode 100644 index 0000000000..16a352e484 --- /dev/null +++ b/netwerk/url-classifier/UrlClassifierFeatureFingerprintingProtection.cpp @@ -0,0 +1,216 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "UrlClassifierFeatureFingerprintingProtection.h" + +#include "mozilla/AntiTrackingUtils.h" +#include "mozilla/net/UrlClassifierCommon.h" +#include "ChannelClassifierService.h" +#include "mozilla/StaticPrefs_privacy.h" +#include "nsNetUtil.h" +#include "mozilla/StaticPtr.h" +#include "nsIWebProgressListener.h" +#include "nsIHttpChannelInternal.h" +#include "nsIChannel.h" + +namespace mozilla { +namespace net { + +namespace { + +#define FINGERPRINTING_FEATURE_NAME "fingerprinting-protection" + +#define URLCLASSIFIER_FINGERPRINTING_BLOCKLIST \ + "urlclassifier.features.fingerprinting.blacklistTables" +#define URLCLASSIFIER_FINGERPRINTING_BLOCKLIST_TEST_ENTRIES \ + "urlclassifier.features.fingerprinting.blacklistHosts" +#define URLCLASSIFIER_FINGERPRINTING_ENTITYLIST \ + "urlclassifier.features.fingerprinting.whitelistTables" +#define URLCLASSIFIER_FINGERPRINTING_ENTITYLIST_TEST_ENTRIES \ + "urlclassifier.features.fingerprinting.whitelistHosts" +#define URLCLASSIFIER_FINGERPRINTING_EXCEPTION_URLS \ + "urlclassifier.features.fingerprinting.skipURLs" +#define TABLE_FINGERPRINTING_BLOCKLIST_PREF "fingerprinting-blacklist-pref" +#define TABLE_FINGERPRINTING_ENTITYLIST_PREF "fingerprinting-whitelist-pref" + +StaticRefPtr<UrlClassifierFeatureFingerprintingProtection> + gFeatureFingerprintingProtection; + +} // namespace + +UrlClassifierFeatureFingerprintingProtection:: + UrlClassifierFeatureFingerprintingProtection() + : UrlClassifierFeatureAntiTrackingBase( + nsLiteralCString(FINGERPRINTING_FEATURE_NAME), + nsLiteralCString(URLCLASSIFIER_FINGERPRINTING_BLOCKLIST), + nsLiteralCString(URLCLASSIFIER_FINGERPRINTING_ENTITYLIST), + nsLiteralCString(URLCLASSIFIER_FINGERPRINTING_BLOCKLIST_TEST_ENTRIES), + nsLiteralCString( + URLCLASSIFIER_FINGERPRINTING_ENTITYLIST_TEST_ENTRIES), + nsLiteralCString(TABLE_FINGERPRINTING_BLOCKLIST_PREF), + nsLiteralCString(TABLE_FINGERPRINTING_ENTITYLIST_PREF), + nsLiteralCString(URLCLASSIFIER_FINGERPRINTING_EXCEPTION_URLS)) {} + +/* static */ const char* UrlClassifierFeatureFingerprintingProtection::Name() { + return FINGERPRINTING_FEATURE_NAME; +} + +/* static */ +void UrlClassifierFeatureFingerprintingProtection::MaybeInitialize() { + UC_LOG_LEAK( + ("UrlClassifierFeatureFingerprintingProtection::MaybeInitialize")); + + if (!gFeatureFingerprintingProtection) { + gFeatureFingerprintingProtection = + new UrlClassifierFeatureFingerprintingProtection(); + gFeatureFingerprintingProtection->InitializePreferences(); + } +} + +/* static */ +void UrlClassifierFeatureFingerprintingProtection::MaybeShutdown() { + UC_LOG_LEAK(("UrlClassifierFeatureFingerprintingProtection::MaybeShutdown")); + + if (gFeatureFingerprintingProtection) { + gFeatureFingerprintingProtection->ShutdownPreferences(); + gFeatureFingerprintingProtection = nullptr; + } +} + +/* static */ +already_AddRefed<UrlClassifierFeatureFingerprintingProtection> +UrlClassifierFeatureFingerprintingProtection::MaybeCreate( + nsIChannel* aChannel) { + MOZ_ASSERT(aChannel); + + UC_LOG_LEAK( + ("UrlClassifierFeatureFingerprintingProtection::MaybeCreate - channel %p", + aChannel)); + + if (!StaticPrefs::privacy_trackingprotection_fingerprinting_enabled()) { + return nullptr; + } + + bool isThirdParty = AntiTrackingUtils::IsThirdPartyChannel(aChannel); + if (!isThirdParty) { + UC_LOG( + ("UrlClassifierFeatureFingerprintingProtection::MaybeCreate - " + "skipping first party or top-level load for channel %p", + aChannel)); + return nullptr; + } + + if (UrlClassifierCommon::IsPassiveContent(aChannel)) { + return nullptr; + } + + if (!UrlClassifierCommon::ShouldEnableProtectionForChannel(aChannel)) { + return nullptr; + } + + MaybeInitialize(); + MOZ_ASSERT(gFeatureFingerprintingProtection); + + RefPtr<UrlClassifierFeatureFingerprintingProtection> self = + gFeatureFingerprintingProtection; + return self.forget(); +} + +/* static */ +already_AddRefed<nsIUrlClassifierFeature> +UrlClassifierFeatureFingerprintingProtection::GetIfNameMatches( + const nsACString& aName) { + if (!aName.EqualsLiteral(FINGERPRINTING_FEATURE_NAME)) { + return nullptr; + } + + MaybeInitialize(); + MOZ_ASSERT(gFeatureFingerprintingProtection); + + RefPtr<UrlClassifierFeatureFingerprintingProtection> self = + gFeatureFingerprintingProtection; + return self.forget(); +} + +NS_IMETHODIMP +UrlClassifierFeatureFingerprintingProtection::ProcessChannel( + nsIChannel* aChannel, const nsTArray<nsCString>& aList, + const nsTArray<nsCString>& aHashes, bool* aShouldContinue) { + NS_ENSURE_ARG_POINTER(aChannel); + NS_ENSURE_ARG_POINTER(aShouldContinue); + + bool isAllowListed = UrlClassifierCommon::IsAllowListed(aChannel); + + // This is a blocking feature. + *aShouldContinue = isAllowListed; + + if (isAllowListed) { + return NS_OK; + } + + nsAutoCString list; + UrlClassifierCommon::TablesToString(aList, list); + + ChannelBlockDecision decision = + ChannelClassifierService::OnBeforeBlockChannel(aChannel, mName, list); + if (decision != ChannelBlockDecision::Blocked) { + uint32_t event = + decision == ChannelBlockDecision::Replaced + ? nsIWebProgressListener::STATE_REPLACED_FINGERPRINTING_CONTENT + : nsIWebProgressListener::STATE_ALLOWED_FINGERPRINTING_CONTENT; + + // Need to set aBlocked to True if we replace the Fingerprinter with a shim, + // since the shim is treated as a blocked event + if (event == + nsIWebProgressListener::STATE_REPLACED_FINGERPRINTING_CONTENT) { + ContentBlockingNotifier::OnEvent(aChannel, event, true); + } else { + ContentBlockingNotifier::OnEvent(aChannel, event, false); + } + + *aShouldContinue = true; + return NS_OK; + } + + UrlClassifierCommon::SetBlockedContent(aChannel, NS_ERROR_FINGERPRINTING_URI, + list, ""_ns, ""_ns); + + UC_LOG( + ("UrlClassifierFeatureFingerprintingProtection::ProcessChannel - " + "cancelling channel %p", + aChannel)); + + nsCOMPtr<nsIHttpChannelInternal> httpChannel = do_QueryInterface(aChannel); + if (httpChannel) { + Unused << httpChannel->CancelByURLClassifier(NS_ERROR_FINGERPRINTING_URI); + } else { + Unused << aChannel->Cancel(NS_ERROR_FINGERPRINTING_URI); + } + + return NS_OK; +} + +NS_IMETHODIMP +UrlClassifierFeatureFingerprintingProtection::GetURIByListType( + nsIChannel* aChannel, nsIUrlClassifierFeature::listType aListType, + nsIUrlClassifierFeature::URIType* aURIType, nsIURI** aURI) { + NS_ENSURE_ARG_POINTER(aChannel); + NS_ENSURE_ARG_POINTER(aURIType); + NS_ENSURE_ARG_POINTER(aURI); + + if (aListType == nsIUrlClassifierFeature::blocklist) { + *aURIType = nsIUrlClassifierFeature::blocklistURI; + return aChannel->GetURI(aURI); + } + + MOZ_ASSERT(aListType == nsIUrlClassifierFeature::entitylist); + + *aURIType = nsIUrlClassifierFeature::pairwiseEntitylistURI; + return UrlClassifierCommon::CreatePairwiseEntityListURI(aChannel, aURI); +} + +} // namespace net +} // namespace mozilla |