Bug 168975

Summary:

[WebRTC] Activate ICE candidate privacy policy

Product:

WebKit

Reporter:

youenn fablet <youennf>

Component:

WebCore Misc.

Assignee:

youenn fablet <youennf>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, commit-queue, eric.carlson, jer.noble

Priority:

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none

youenn fablet

Reported 2017-02-28 10:35:51 PST

We should activate ICE candidate privacy policy by default and find a way to disable it when needed.

Attachments
Patch (5.23 KB, patch) 2017-02-28 11:35 PST, youenn fablet	no flags	Details Formatted Diff Diff
Patch (23.21 KB, patch) 2017-03-01 09:54 PST, youenn fablet	no flags	Details Formatted Diff Diff
Patch (22.84 KB, patch) 2017-03-01 17:05 PST, youenn fablet	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

youenn fablet

Comment 1 2017-02-28 11:35:31 PST

Created attachment 302956 [details] Patch

youenn fablet

Comment 2 2017-02-28 11:37:02 PST

This patch is a second step towards implementing privacy policy. We should add tests and probably reactivate filtering in some cases. For instance when access is being revoked from the address bar.

Eric Carlson

Comment 3 2017-02-28 15:17:09 PST

Comment on attachment 302956 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=302956&action=review > Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp:209 > +#if ENABLE(WEB_RTC) && USE(LIBWEBRTC) > + m_page.process().send(Messages::WebPage::DisableICECandidateFiltering(), m_page.pageID()); > +#endif I don't think this should be done here, because it will disable filtering if the user accepts one stream and denies another. Instead, I think it should be in UserMediaProcessManager::willCreateMediaStream and UserMediaProcessManager::endedCaptureSession.

youenn fablet

Comment 4 2017-03-01 09:54:02 PST

Created attachment 303074 [details] Patch

youenn fablet

Comment 5 2017-03-01 09:56:18 PST

(In reply to comment #3) > Comment on attachment 302956 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=302956&action=review > > > Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp:209 > > +#if ENABLE(WEB_RTC) && USE(LIBWEBRTC) > > + m_page.process().send(Messages::WebPage::DisableICECandidateFiltering(), m_page.pageID()); > > +#endif > > I don't think this should be done here, because it will disable filtering if > the user accepts one stream and denies another. Instead, I think it should > be in UserMediaProcessManager::willCreateMediaStream and > UserMediaProcessManager::endedCaptureSession. Thanks for the feedback. I updated patch accordingly. I also added a layout test for it.

Eric Carlson

Comment 6 2017-03-01 11:25:56 PST

Comment on attachment 303074 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=303074&action=review > Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp:205 > +#if ENABLE(WEB_RTC) && USE(LIBWEBRTC) > + m_page.process().send(Messages::WebPage::DisableICECandidateFiltering(), m_page.pageID()); > +#endif Don't you want to remove this? > Source/WebKit2/UIProcess/UserMediaProcessManager.cpp:159 > +#if ENABLE(WEB_RTC) && USE(LIBWEBRTC) > + if (currentExtensions == ProcessState::SandboxExtensionsGranted::None) > + proxy.page().process().send(Messages::WebPage::DisableICECandidateFiltering(), proxy.page().pageID()); > +#endif Shouldn't this be in UserMediaProcessManager::endedCaptureSession?

youenn fablet

Comment 7 2017-03-01 17:05:17 PST

Created attachment 303143 [details] Patch

youenn fablet

Comment 8 2017-03-01 17:06:23 PST

(In reply to comment #6) > Comment on attachment 303074 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=303074&action=review > > > Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp:205 > > +#if ENABLE(WEB_RTC) && USE(LIBWEBRTC) > > + m_page.process().send(Messages::WebPage::DisableICECandidateFiltering(), m_page.pageID()); > > +#endif > > Don't you want to remove this? Right > > Source/WebKit2/UIProcess/UserMediaProcessManager.cpp:159 > > +#if ENABLE(WEB_RTC) && USE(LIBWEBRTC) > > + if (currentExtensions == ProcessState::SandboxExtensionsGranted::None) > > + proxy.page().process().send(Messages::WebPage::DisableICECandidateFiltering(), proxy.page().pageID()); > > +#endif > > Shouldn't this be in UserMediaProcessManager::endedCaptureSession? We want to disable filtering when capture is authorised, so I think this is ok like this. I reworked a bit the way this is handled to ensure we got good coverage here.

youenn fablet

Comment 9 2017-03-01 17:08:41 PST

Eric, could you check that the granting/revocation goes well with the disable/enable filtering? Alex, one thing to consider is that we probably do not want these preferences to stay persistent WebKit launch after WebKit launch. Maybe more a Safari issue though but this may be the two-only preferences that act like this currently.

WebKit Commit Bot

Comment 10 2017-03-02 08:23:27 PST

Comment on attachment 303143 [details] Patch Clearing flags on attachment: 303143 Committed r213283: <http://trac.webkit.org/changeset/213283>

WebKit Commit Bot

Comment 11 2017-03-02 08:23:31 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.