[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] Bug 1436226: Ignore user prefs and hardware support for media capabilities...



Title: GitLab

morgan pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser

Commits:

  • 8f7307ac
    by Fatih at 2024-10-17T20:54:18+00:00
    Bug 1436226: Ignore user prefs and hardware support for media capabilities when RFPTarget::MediaCapabilities is enabled. r=tjr,media-playback-reviewers,padenot
    
    This patch mostly targeted Android, as media.mediasource.vp9.enabled is disabled on only Android and HW support takes precedence over pref, hence leaking HW support for VP9. However, we ended up modifying the patch to ignore prefs or HW support, fixing both possible user pref leak and HW support leak.
    
    Differential Revision: https://phabricator.services.mozilla.com/D221338
    

5 changed files:

Changes:

  • dom/media/eme/MediaKeySystemAccess.cpp
    ... ... @@ -319,8 +319,8 @@ static bool CanDecryptAndDecode(
    319 319
         CodecType aCodecType,
    
    320 320
         const KeySystemConfig::ContainerSupport& aContainerSupport,
    
    321 321
         const nsTArray<KeySystemConfig::EMECodecString>& aCodecs,
    
    322
    -    const Maybe<CryptoScheme>& aScheme,
    
    323
    -    DecoderDoctorDiagnostics* aDiagnostics) {
    
    322
    +    const Maybe<CryptoScheme>& aScheme, DecoderDoctorDiagnostics* aDiagnostics,
    
    323
    +    Maybe<bool> aShouldResistFingerprinting) {
    
    324 324
       MOZ_ASSERT(aCodecType != Invalid);
    
    325 325
       for (const KeySystemConfig::EMECodecString& codec : aCodecs) {
    
    326 326
         MOZ_ASSERT(!codec.IsEmpty());
    
    ... ... @@ -332,7 +332,8 @@ static bool CanDecryptAndDecode(
    332 332
     
    
    333 333
         if (aContainerSupport.Decrypts(codec, aScheme)) {
    
    334 334
           IgnoredErrorResult rv;
    
    335
    -      MediaSource::IsTypeSupported(aContentType, aDiagnostics, rv);
    
    335
    +      MediaSource::IsTypeSupported(aContentType, aDiagnostics, rv,
    
    336
    +                                   aShouldResistFingerprinting);
    
    336 337
           if (!rv.Failed()) {
    
    337 338
             // GMP can decrypt and is allowed to return compressed samples to
    
    338 339
             // Gecko to decode, and Gecko has a decoder.
    
    ... ... @@ -709,9 +710,13 @@ static Sequence<MediaKeySystemMediaCapability> GetSupportedCapabilities(
    709 710
         // restrictions...
    
    710 711
         const auto& containerSupport =
    
    711 712
             supportedInMP4 ? aKeySystem.mMP4 : aKeySystem.mWebM;
    
    713
    +    Maybe<bool> shouldResistFingerprinting =
    
    714
    +        aDocument ? Some(aDocument->ShouldResistFingerprinting(
    
    715
    +                        RFPTarget::MediaCapabilities))
    
    716
    +                  : Nothing();
    
    712 717
         if (!CanDecryptAndDecode(aKeySystem.mKeySystem, contentTypeString,
    
    713 718
                                  majorType, containerSupport, codecs, scheme,
    
    714
    -                             aDiagnostics)) {
    
    719
    +                             aDiagnostics, shouldResistFingerprinting)) {
    
    715 720
           EME_LOG(
    
    716 721
               "MediaKeySystemConfiguration (label='%s') "
    
    717 722
               "MediaKeySystemMediaCapability('%s','%s','%s') unsupported; "
    

  • dom/media/mediacapabilities/MediaCapabilities.cpp
    ... ... @@ -577,8 +577,9 @@ Maybe<MediaContainerType> MediaCapabilities::CheckAudioConfiguration(
    577 577
     
    
    578 578
     bool MediaCapabilities::CheckTypeForMediaSource(const nsAString& aType) {
    
    579 579
       IgnoredErrorResult rv;
    
    580
    -  MediaSource::IsTypeSupported(aType, nullptr /* DecoderDoctorDiagnostics */,
    
    581
    -                               rv);
    
    580
    +  MediaSource::IsTypeSupported(
    
    581
    +      aType, nullptr /* DecoderDoctorDiagnostics */, rv,
    
    582
    +      Some(mParent->ShouldResistFingerprinting(RFPTarget::MediaCapabilities)));
    
    582 583
     
    
    583 584
       return !rv.Failed();
    
    584 585
     }
    

  • dom/media/mediasource/MediaSource.cpp
    ... ... @@ -23,6 +23,7 @@
    23 23
     #include "mozilla/Sprintf.h"
    
    24 24
     #include "mozilla/StaticPrefs_media.h"
    
    25 25
     #include "mozilla/dom/BindingDeclarations.h"
    
    26
    +#include "mozilla/dom/Document.h"
    
    26 27
     #include "mozilla/dom/HTMLMediaElement.h"
    
    27 28
     #include "mozilla/gfx/gfxVars.h"
    
    28 29
     #include "mozilla/mozalloc.h"
    
    ... ... @@ -133,7 +134,8 @@ static void RecordTypeForTelemetry(const nsAString& aType,
    133 134
     /* static */
    
    134 135
     void MediaSource::IsTypeSupported(const nsAString& aType,
    
    135 136
                                       DecoderDoctorDiagnostics* aDiagnostics,
    
    136
    -                                  ErrorResult& aRv) {
    
    137
    +                                  ErrorResult& aRv,
    
    138
    +                                  Maybe<bool> aShouldResistFingerprinting) {
    
    137 139
       if (aType.IsEmpty()) {
    
    138 140
         return aRv.ThrowTypeError("Empty type");
    
    139 141
       }
    
    ... ... @@ -159,16 +161,25 @@ void MediaSource::IsTypeSupported(const nsAString& aType,
    159 161
     
    
    160 162
       // Now we know that this media type could be played.
    
    161 163
       // MediaSource imposes extra restrictions, and some prefs.
    
    164
    +  // Avoid leaking information about the fact that it's pref-disabled,
    
    165
    +  // or that HW acceleration is available (only applicable to VP9 on Android).
    
    166
    +  bool shouldResistFingerprinting =
    
    167
    +      aShouldResistFingerprinting.isSome()
    
    168
    +          ? aShouldResistFingerprinting.value()
    
    169
    +          : nsContentUtils::ShouldResistFingerprinting(
    
    170
    +                "Couldn't drill down ShouldResistFingerprinting",
    
    171
    +                RFPTarget::MediaCapabilities);
    
    162 172
       const MediaMIMEType& mimeType = containerType->Type();
    
    163 173
       if (mimeType == MEDIAMIMETYPE("video/mp4") ||
    
    164 174
           mimeType == MEDIAMIMETYPE("audio/mp4")) {
    
    165
    -    if (!StaticPrefs::media_mediasource_mp4_enabled()) {
    
    175
    +    if (!StaticPrefs::media_mediasource_mp4_enabled() &&
    
    176
    +        !shouldResistFingerprinting) {
    
    166 177
           // Don't leak information about the fact that it's pref-disabled; just act
    
    167 178
           // like we can't play it.  Or should this throw "Unknown type"?
    
    168 179
           return aRv.ThrowNotSupportedError("Can't play type");
    
    169 180
         }
    
    170 181
         if (!StaticPrefs::media_mediasource_vp9_enabled() && hasVP9 &&
    
    171
    -        !IsVP9Forced(aDiagnostics)) {
    
    182
    +        !IsVP9Forced(aDiagnostics) && !shouldResistFingerprinting) {
    
    172 183
           // Don't leak information about the fact that it's pref-disabled; just act
    
    173 184
           // like we can't play it.  Or should this throw "Unknown type"?
    
    174 185
           return aRv.ThrowNotSupportedError("Can't play type");
    
    ... ... @@ -177,13 +188,14 @@ void MediaSource::IsTypeSupported(const nsAString& aType,
    177 188
         return;
    
    178 189
       }
    
    179 190
       if (mimeType == MEDIAMIMETYPE("video/webm")) {
    
    180
    -    if (!StaticPrefs::media_mediasource_webm_enabled()) {
    
    191
    +    if (!StaticPrefs::media_mediasource_webm_enabled() &&
    
    192
    +        !shouldResistFingerprinting) {
    
    181 193
           // Don't leak information about the fact that it's pref-disabled; just act
    
    182 194
           // like we can't play it.  Or should this throw "Unknown type"?
    
    183 195
           return aRv.ThrowNotSupportedError("Can't play type");
    
    184 196
         }
    
    185 197
         if (!StaticPrefs::media_mediasource_vp9_enabled() && hasVP9 &&
    
    186
    -        !IsVP9Forced(aDiagnostics)) {
    
    198
    +        !IsVP9Forced(aDiagnostics) && !shouldResistFingerprinting) {
    
    187 199
           // Don't leak information about the fact that it's pref-disabled; just act
    
    188 200
           // like we can't play it.  Or should this throw "Unknown type"?
    
    189 201
           return aRv.ThrowNotSupportedError("Can't play type");
    
    ... ... @@ -191,7 +203,8 @@ void MediaSource::IsTypeSupported(const nsAString& aType,
    191 203
         return;
    
    192 204
       }
    
    193 205
       if (mimeType == MEDIAMIMETYPE("audio/webm")) {
    
    194
    -    if (!StaticPrefs::media_mediasource_webm_enabled()) {
    
    206
    +    if (!StaticPrefs::media_mediasource_webm_enabled() &&
    
    207
    +        !shouldResistFingerprinting) {
    
    195 208
           // Don't leak information about the fact that it's pref-disabled; just act
    
    196 209
           // like we can't play it.  Or should this throw "Unknown type"?
    
    197 210
           return aRv.ThrowNotSupportedError("Can't play type");
    
    ... ... @@ -280,13 +293,16 @@ void MediaSource::SetDuration(const media::TimeUnit& aDuration) {
    280 293
     already_AddRefed<SourceBuffer> MediaSource::AddSourceBuffer(
    
    281 294
         const nsAString& aType, ErrorResult& aRv) {
    
    282 295
       MOZ_ASSERT(NS_IsMainThread());
    
    296
    +  nsCOMPtr<nsPIDOMWindowInner> window = GetOwner();
    
    297
    +  Document* doc = window ? window->GetExtantDoc() : nullptr;
    
    283 298
       DecoderDoctorDiagnostics diagnostics;
    
    284
    -  IsTypeSupported(aType, &diagnostics, aRv);
    
    285
    -  RecordTypeForTelemetry(aType, GetOwner());
    
    299
    +  IsTypeSupported(
    
    300
    +      aType, &diagnostics, aRv,
    
    301
    +      doc ? Some(doc->ShouldResistFingerprinting(RFPTarget::MediaCapabilities))
    
    302
    +          : Nothing());
    
    303
    +  RecordTypeForTelemetry(aType, window);
    
    286 304
       bool supported = !aRv.Failed();
    
    287
    -  diagnostics.StoreFormatDiagnostics(
    
    288
    -      GetOwner() ? GetOwner()->GetExtantDoc() : nullptr, aType, supported,
    
    289
    -      __func__);
    
    305
    +  diagnostics.StoreFormatDiagnostics(doc, aType, supported, __func__);
    
    290 306
       MSE_API("AddSourceBuffer(aType=%s)%s", NS_ConvertUTF16toUTF8(aType).get(),
    
    291 307
               supported ? "" : " [not supported]");
    
    292 308
       if (!supported) {
    
    ... ... @@ -433,13 +449,16 @@ bool MediaSource::IsTypeSupported(const GlobalObject& aOwner,
    433 449
       MOZ_ASSERT(NS_IsMainThread());
    
    434 450
       DecoderDoctorDiagnostics diagnostics;
    
    435 451
       IgnoredErrorResult rv;
    
    436
    -  IsTypeSupported(aType, &diagnostics, rv);
    
    437
    -  bool supported = !rv.Failed();
    
    438 452
       nsCOMPtr<nsPIDOMWindowInner> window =
    
    439 453
           do_QueryInterface(aOwner.GetAsSupports());
    
    454
    +  Document* doc = window ? window->GetExtantDoc() : nullptr;
    
    455
    +  IsTypeSupported(
    
    456
    +      aType, &diagnostics, rv,
    
    457
    +      doc ? Some(doc->ShouldResistFingerprinting(RFPTarget::MediaCapabilities))
    
    458
    +          : Nothing());
    
    459
    +  bool supported = !rv.Failed();
    
    440 460
       RecordTypeForTelemetry(aType, window);
    
    441
    -  diagnostics.StoreFormatDiagnostics(window ? window->GetExtantDoc() : nullptr,
    
    442
    -                                     aType, supported, __func__);
    
    461
    +  diagnostics.StoreFormatDiagnostics(doc, aType, supported, __func__);
    
    443 462
       MOZ_LOG(GetMediaSourceAPILog(), mozilla::LogLevel::Debug,
    
    444 463
               ("MediaSource::%s: IsTypeSupported(aType=%s) %s", __func__,
    
    445 464
                NS_ConvertUTF16toUTF8(aType).get(),
    

  • dom/media/mediasource/MediaSource.h
    ... ... @@ -83,7 +83,8 @@ class MediaSource final : public DOMEventTargetHelper,
    83 83
       // Throws on aRv if not supported.
    
    84 84
       static void IsTypeSupported(const nsAString& aType,
    
    85 85
                                   DecoderDoctorDiagnostics* aDiagnostics,
    
    86
    -                              ErrorResult& aRv);
    
    86
    +                              ErrorResult& aRv,
    
    87
    +                              Maybe<bool> aShouldResistFingerprinting);
    
    87 88
     
    
    88 89
       IMPL_EVENT_HANDLER(sourceopen);
    
    89 90
       IMPL_EVENT_HANDLER(sourceended);
    

  • dom/media/mediasource/SourceBuffer.cpp
    ... ... @@ -13,6 +13,7 @@
    13 13
     #include "mozilla/ErrorResult.h"
    
    14 14
     #include "mozilla/FloatingPoint.h"
    
    15 15
     #include "mozilla/Preferences.h"
    
    16
    +#include "mozilla/dom/Document.h"
    
    16 17
     #include "mozilla/dom/MediaSourceBinding.h"
    
    17 18
     #include "mozilla/dom/TimeRanges.h"
    
    18 19
     #include "mozilla/dom/TypedArray.h"
    
    ... ... @@ -385,13 +386,16 @@ void SourceBuffer::ChangeType(const nsAString& aType, ErrorResult& aRv) {
    385 386
       //    previously) of SourceBuffer objects in the sourceBuffers attribute of
    
    386 387
       //    the parent media source , then throw a NotSupportedError exception and
    
    387 388
       //    abort these steps.
    
    389
    +  Document* doc = mMediaSource->GetOwner()
    
    390
    +                      ? mMediaSource->GetOwner()->GetExtantDoc()
    
    391
    +                      : nullptr;
    
    388 392
       DecoderDoctorDiagnostics diagnostics;
    
    389
    -  MediaSource::IsTypeSupported(aType, &diagnostics, aRv);
    
    393
    +  MediaSource::IsTypeSupported(
    
    394
    +      aType, &diagnostics, aRv,
    
    395
    +      doc ? Some(doc->ShouldResistFingerprinting(RFPTarget::MediaCapabilities))
    
    396
    +          : Nothing());
    
    390 397
       bool supported = !aRv.Failed();
    
    391
    -  diagnostics.StoreFormatDiagnostics(
    
    392
    -      mMediaSource->GetOwner() ? mMediaSource->GetOwner()->GetExtantDoc()
    
    393
    -                               : nullptr,
    
    394
    -      aType, supported, __func__);
    
    398
    +  diagnostics.StoreFormatDiagnostics(doc, aType, supported, __func__);
    
    395 399
       MSE_API("ChangeType(aType=%s)%s", NS_ConvertUTF16toUTF8(aType).get(),
    
    396 400
               supported ? "" : " [not supported]");
    
    397 401
       if (!supported) {
    

  • _______________________________________________
    tor-commits mailing list
    tor-commits@xxxxxxxxxxxxxxxxxxxx
    https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits