Revert "[DAL][WebView] Add Digital Asset Link validation for WebView"

This reverts commit da24b14. Reason for revert: This CL is a suspect for compilation failure in crbug.com/1402284 Original change's description: > [DAL][WebView] Add Digital Asset Link validation for WebView > > Experimental feature to validate main frame origins using Digital Asset > Links. > Feature is disabled by default via a feature flag. > > Low-Coverage-Reason: The actual origin verification logic is tested and the initialization is tested manually. > Bug: crbug.com/1376958 > Change-Id: I6d4f4876622a02e6efc0d3f58fd2d5d4035a9cf0 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3966337 > Reviewed-by: Peter Conn <peconn@chromium.org> > Reviewed-by: Richard Coles <torne@chromium.org> > Reviewed-by: Rayan Kanso <rayankans@chromium.org> > Commit-Queue: Susanne Westphal <swestphal@chromium.org> > Cr-Commit-Position: refs/heads/main@{#1084906} Bug: crbug.com/1376958, 1402284 Change-Id: I381a4645b6b92a2dfa2258e9e6ba05c526edf602 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4114033 Auto-Submit: Hazem Ashmawy <hazems@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: Hazem Ashmawy <hazems@chromium.org> Cr-Commit-Position: refs/heads/main@{#1084998}
chromium · Dec 19, 2022 · 2644285 · 2644285
1 parent b128227
commit 2644285
Show file tree

Hide file tree

Showing 23 changed files with 13 additions and 513 deletions.
diff --git a/android_webview/BUILD.gn b/android_webview/BUILD.gn
@@ -568,8 +568,6 @@ android_library("browser_java") {
     "java/src/org/chromium/android_webview/AwHttpAuthHandler.java",
     "java/src/org/chromium/android_webview/AwLayoutSizer.java",
     "java/src/org/chromium/android_webview/AwNetworkChangeNotifierRegistrationPolicy.java",
-    "java/src/org/chromium/android_webview/AwOriginVerificationScheduler.java",
-    "java/src/org/chromium/android_webview/AwOriginVerifier.java",
     "java/src/org/chromium/android_webview/AwPacProcessor.java",
     "java/src/org/chromium/android_webview/AwPdfExporter.java",
     "java/src/org/chromium/android_webview/AwPrintDocumentAdapter.java",
@@ -585,7 +583,6 @@ android_library("browser_java") {
     "java/src/org/chromium/android_webview/AwSupportLibIsomorphic.java",
     "java/src/org/chromium/android_webview/AwThreadUtils.java",
     "java/src/org/chromium/android_webview/AwTracingController.java",
-    "java/src/org/chromium/android_webview/AwVerificationResultStore.java",
     "java/src/org/chromium/android_webview/AwViewAndroidDelegate.java",
     "java/src/org/chromium/android_webview/AwViewMethods.java",
     "java/src/org/chromium/android_webview/AwWebContentsDelegate.java",
@@ -665,7 +662,6 @@ android_library("browser_java") {
     "//components/content_capture/android:java",
     "//components/crash/android:handler_java",
     "//components/crash/android:java",
-    "//components/digital_asset_links/android:java",
     "//components/embedder_support/android:util_java",
     "//components/embedder_support/android:web_contents_delegate_java",
     "//components/embedder_support/android/metrics:java",

diff --git a/android_webview/browser/aw_contents_io_thread_client.cc b/android_webview/browser/aw_contents_io_thread_client.cc
@@ -388,24 +388,6 @@ std::unique_ptr<AwWebResourceInterceptResponse> RunShouldInterceptRequest(
   return web_resource_intercept_response;
 }
 
-bool RunShouldBlockRequest(AwWebResourceRequest request,
-                           JavaObjectWeakGlobalRef ref) {
-  if (!request.is_outermost_main_frame) {
-    return false;
-  }
-
-  JNIEnv* env = AttachCurrentThread();
-  base::android::ScopedJavaLocalRef<jobject> obj = ref.get(env);
-  if (!obj) {
-    return true;
-  }
-  AwWebResourceRequest::AwJavaWebResourceRequest java_web_resource_request;
-  AwWebResourceRequest::ConvertToJava(env, request, &java_web_resource_request);
-
-  return Java_AwContentsBackgroundThreadClient_shouldBlockRequestFromNative(
-      env, obj, java_web_resource_request.jurl);
-}
-
 }  // namespace
 
 void AwContentsIoThreadClient::ShouldInterceptRequestAsync(
@@ -429,23 +411,6 @@ void AwContentsIoThreadClient::ShouldInterceptRequestAsync(
       FROM_HERE, std::move(get_response), std::move(callback));
 }
 
-bool AwContentsIoThreadClient::ShouldBlockRequest(
-    AwWebResourceRequest request) {
-  DCHECK_CURRENTLY_ON(BrowserThread::IO);
-  JNIEnv* env = AttachCurrentThread();
-  if (!bg_thread_client_object_) {
-    bg_thread_client_object_.Reset(
-        Java_AwContentsIoThreadClient_getBackgroundThreadClient(env,
-                                                                java_object_));
-  }
-  if (bg_thread_client_object_) {
-    return RunShouldBlockRequest(
-        request, JavaObjectWeakGlobalRef(env, bg_thread_client_object_.obj()));
-  }
-  // Block request if validation did not run.
-  return true;
-}
-
 bool AwContentsIoThreadClient::ShouldBlockContentUrls() const {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);
 

diff --git a/android_webview/browser/aw_contents_io_thread_client.h b/android_webview/browser/aw_contents_io_thread_client.h
@@ -108,9 +108,6 @@ class AwContentsIoThreadClient {
       AwWebResourceRequest request,
       ShouldInterceptRequestResponseCallback callback);
 
-  // Check if the request should be blocked based on web content ownership.
-  bool ShouldBlockRequest(AwWebResourceRequest request);
-
   // Retrieve the AllowContentAccess setting value of this AwContents.
   // This method is called on the IO thread only.
   bool ShouldBlockContentUrls() const;

diff --git a/android_webview/browser/aw_feature_list.cc b/android_webview/browser/aw_feature_list.cc
@@ -32,7 +32,6 @@ const base::Feature* const kFeaturesExposedToJava[] = {
     &features::kWebViewUseMetricsUploadService,
     &features::kWebViewXRequestedWithHeaderControl,
     &features::kWebViewXRequestedWithHeaderManifestAllowList,
-    &features::kWebViewRestrictThirdPartyContent,
 };
 
 const base::Feature* FindFeatureExposedToJava(const std::string& feature_name) {

diff --git a/android_webview/browser/network_service/aw_proxying_url_loader_factory.cc b/android_webview/browser/network_service/aw_proxying_url_loader_factory.cc
@@ -405,13 +405,6 @@ void InterceptedRequest::Restart() {
                                  request_.referrer.spec());
     }
 
-    if (io_thread_client->ShouldBlockRequest(AwWebResourceRequest(request_))) {
-      // TODO(swestphal): Show alternative UI to inform the user about blocked
-      // third party web content.
-      SendErrorAndCompleteImmediately(net::ERR_ACCESS_DENIED);
-      return;
-    }
-
     base::RepeatingClosure arg_ready_closure;
     // Pointer lifetime is tied to |arg_ready_closure|.
     InterceptResponseReceivedArgs* intercept_response_received_args;

diff --git a/android_webview/common/aw_features.cc b/android_webview/common/aw_features.cc
@@ -103,12 +103,6 @@ BASE_FEATURE(kWebViewRecordAppDataDirectorySize,
              "WebViewRecordAppDataDirectorySize",
              base::FEATURE_DISABLED_BY_DEFAULT);
 
-// Flag to restrict main frame Web Content to verified web content. Verification
-// happens via Digital Asset Links.
-BASE_FEATURE(kWebViewRestrictThirdPartyContent,
-             "WebViewRestrictThirdPartyContent",
-             base::FEATURE_DISABLED_BY_DEFAULT);
-
 // Disallows window.{alert, prompt, confirm} if triggered inside a subframe that
 // is not same origin with the main frame.
 BASE_FEATURE(kWebViewSuppressDifferentOriginSubframeJSDialogs,

diff --git a/android_webview/common/aw_features.h b/android_webview/common/aw_features.h
@@ -32,7 +32,6 @@ BASE_DECLARE_FEATURE(kWebViewMeasureScreenCoverage);
 BASE_DECLARE_FEATURE(kWebViewMixedContentAutoupgrades);
 BASE_DECLARE_FEATURE(kWebViewOriginTrials);
 BASE_DECLARE_FEATURE(kWebViewRecordAppDataDirectorySize);
-BASE_DECLARE_FEATURE(kWebViewRestrictThirdPartyContent);
 BASE_DECLARE_FEATURE(kWebViewSuppressDifferentOriginSubframeJSDialogs);
 BASE_DECLARE_FEATURE(kWebViewTestFeature);
 BASE_DECLARE_FEATURE(kWebViewUseMetricsUploadService);

diff --git a/android_webview/glue/java/src/com/android/webview/chromium/WebViewChromiumAwInit.java b/android_webview/glue/java/src/com/android/webview/chromium/WebViewChromiumAwInit.java
@@ -26,10 +26,8 @@
 import org.chromium.android_webview.AwContentsStatics;
 import org.chromium.android_webview.AwCookieManager;
 import org.chromium.android_webview.AwDarkMode;
-import org.chromium.android_webview.AwFeatureList;
 import org.chromium.android_webview.AwLocaleConfig;
 import org.chromium.android_webview.AwNetworkChangeNotifierRegistrationPolicy;
-import org.chromium.android_webview.AwOriginVerificationScheduler;
 import org.chromium.android_webview.AwProxyController;
 import org.chromium.android_webview.AwServiceWorkerController;
 import org.chromium.android_webview.AwThreadUtils;
@@ -38,7 +36,6 @@
 import org.chromium.android_webview.ProductConfig;
 import org.chromium.android_webview.R;
 import org.chromium.android_webview.WebViewChromiumRunQueue;
-import org.chromium.android_webview.common.AwFeatures;
 import org.chromium.android_webview.common.AwResource;
 import org.chromium.android_webview.common.AwSwitches;
 import org.chromium.android_webview.gfx.AwDrawFnImpl;
@@ -232,10 +229,6 @@ protected void startChromiumLocked() {
                         mFactory, awBrowserContext.getGeolocationPermissions());
                 mWebStorage =
                         new WebStorageAdapter(mFactory, mBrowserContext.getQuotaManagerBridge());
-                if (AwFeatureList.isEnabled(AwFeatures.WEBVIEW_RESTRICT_THIRD_PARTY_CONTENT)) {
-                    AwOriginVerificationScheduler.initAndScheduleAll(
-                            context.getPackageName(), context, awBrowserContext, null);
-                }
                 mAwTracingController = getTracingController();
                 mServiceWorkerController = awBrowserContext.getServiceWorkerController();
                 mAwProxyController = new AwProxyController();

diff --git a/android_webview/java/DEPS b/android_webview/java/DEPS
@@ -1,6 +1,5 @@
 include_rules = [
   "+components/autofill/android/java",
-  "+components/digital_asset_links/android/java",
   "+components/embedder_support/android/java",
   "+components/embedder_support/android/metrics/java",
   "+components/navigation_interception/android/java",

diff --git a/android_webview/java/src/org/chromium/android_webview/AwContents.java b/android_webview/java/src/org/chromium/android_webview/AwContents.java
@@ -137,9 +137,6 @@
 import java.util.Map;
 import java.util.WeakHashMap;
 import java.util.concurrent.Callable;
-import java.util.concurrent.CountDownLatch;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -682,39 +679,6 @@ public WebResourceResponseInfo shouldInterceptRequest(
             }
             return webResourceResponseInfo;
         }
-
-        @Override
-        public boolean shouldBlockRequest(String url) {
-            if (!AwFeatureList.isEnabled(AwFeatures.WEBVIEW_RESTRICT_THIRD_PARTY_CONTENT)) {
-                return false;
-            }
-            // TODO(1376958): Implement a URLLoaderThrottle to not block the IO thread before
-            // enabling the feature.
-
-            CountDownLatch countDownLatch = new CountDownLatch(1);
-            AtomicBoolean verified = new AtomicBoolean(false);
-
-            // Verifications are scheduled when WebView is initialized, so when this is called, the
-            // verification is likely finished here.
-            if (AwOriginVerificationScheduler.getInstance().getOriginVerifier().checkForSavedResult(
-                        url)) {
-                return false;
-            }
-
-            AwThreadUtils.postToUiThreadLooper(() -> {
-                AwOriginVerificationScheduler.getInstance().verify(
-                        url, mBrowserContext, (result) -> {
-                            verified.set(result);
-                            countDownLatch.countDown();
-                        });
-            });
-            try {
-                countDownLatch.await(10, TimeUnit.SECONDS);
-            } catch (InterruptedException e) {
-                // Returning the default value as no successful verification was performed.
-            }
-            return !verified.get();
-        }
     }
 
     //--------------------------------------------------------------------------------------------

diff --git a/android_webview/java/src/org/chromium/android_webview/AwContentsBackgroundThreadClient.java b/android_webview/java/src/org/chromium/android_webview/AwContentsBackgroundThreadClient.java
@@ -22,8 +22,6 @@ public abstract class AwContentsBackgroundThreadClient {
     public abstract WebResourceResponseInfo shouldInterceptRequest(
             AwContentsClient.AwWebResourceRequest request);
 
-    public abstract boolean shouldBlockRequest(String url);
-
     // Protected methods ---------------------------------------------------------------------------
 
     @NonNull
@@ -49,9 +47,4 @@ private AwWebResourceInterceptResponse shouldInterceptRequestFromNative(String u
             return new AwWebResourceInterceptResponse(null, /*raisedException=*/true);
         }
     }
-
-    @CalledByNative
-    private boolean shouldBlockRequestFromNative(String url) {
-        return shouldBlockRequest(url);
-    }
 }
diff --git a/android_webview/java/src/org/chromium/android_webview/AwOriginVerificationScheduler.java b/android_webview/java/src/org/chromium/android_webview/AwOriginVerificationScheduler.java
diff --git a/android_webview/java/src/org/chromium/android_webview/AwOriginVerifier.java b/android_webview/java/src/org/chromium/android_webview/AwOriginVerifier.java