Bug 173861

Summary:

We should do ICE candidate filtering at the Document level

Product:

WebKit

Reporter:

youenn fablet <youennf>

Component:

Media

Assignee:

youenn fablet <youennf>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, buildbot, commit-queue, eric.carlson, jlewis3, jonlee, mcatanzaro, rniwa, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=174112

Attachments:

Description	Flags
Patch	none
Archive of layout-test-results from ews100 for mac-elcapitan	none
Archive of layout-test-results from ews112 for mac-elcapitan	none
Patch	none
Patch	none
Fixing non WebRTC build	none
Fixing non WebRTC build	none
Keeping controller at page	none
Archive of layout-test-results from ews115 for mac-elcapitan	none
Patch	none
Patch	none

youenn fablet

Reported 2017-06-26 21:48:02 PDT

Currently, we are doing it at the page level, meaning that if the main frame has access to the camera, third party frames can get access to ICE candidates.

Attachments
Patch (24.26 KB, patch) 2017-07-10 08:14 PDT, youenn fablet	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews100 for mac-elcapitan (1.01 MB, application/zip) 2017-07-10 09:25 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews112 for mac-elcapitan (1.90 MB, application/zip) 2017-07-10 09:31 PDT, Build Bot	no flags	Details
Patch (27.53 KB, patch) 2017-07-10 12:25 PDT, youenn fablet	no flags	Details Formatted Diff Diff
Patch (27.52 KB, patch) 2017-07-10 12:27 PDT, youenn fablet	no flags	Details Formatted Diff Diff
Fixing non WebRTC build (27.55 KB, patch) 2017-07-10 12:47 PDT, youenn fablet	no flags	Details Formatted Diff Diff
Fixing non WebRTC build (27.58 KB, patch) 2017-07-10 13:34 PDT, youenn fablet	no flags	Details Formatted Diff Diff
Keeping controller at page (25.32 KB, patch) 2017-07-10 22:02 PDT, youenn fablet	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews115 for mac-elcapitan (1.72 MB, application/zip) 2017-07-10 23:41 PDT, Build Bot	no flags	Details
Patch (25.35 KB, patch) 2017-07-11 07:53 PDT, youenn fablet	no flags	Details Formatted Diff Diff
Patch (1.30 KB, patch) 2017-07-11 13:28 PDT, youenn fablet	no flags	Details Formatted Diff Diff
Show Obsolete (9) View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2017-07-04 04:31:30 PDT

<rdar://problem/33122058>

youenn fablet

Comment 2 2017-07-10 08:14:38 PDT

Created attachment 314980 [details] Patch

youenn fablet

Comment 3 2017-07-10 08:15:44 PDT

This patch moves

Build Bot

Comment 4 2017-07-10 09:25:48 PDT

Comment on attachment 314980 [details] Patch Attachment 314980 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/4091910 New failing tests: http/tests/webrtc/filtering-ice-candidate-same-origin-frame.html http/tests/webrtc/filtering-ice-candidate-cross-origin-frame.html

Build Bot

Comment 5 2017-07-10 09:25:49 PDT

Created attachment 314991 [details] Archive of layout-test-results from ews100 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews100 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 6 2017-07-10 09:31:34 PDT

Comment on attachment 314980 [details] Patch Attachment 314980 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/4091841 New failing tests: http/tests/webrtc/filtering-ice-candidate-same-origin-frame.html http/tests/webrtc/filtering-ice-candidate-cross-origin-frame.html

Build Bot

Comment 7 2017-07-10 09:31:36 PDT

Created attachment 314992 [details] Archive of layout-test-results from ews112 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews112 Port: mac-elcapitan Platform: Mac OS X 10.11.6

youenn fablet

Comment 8 2017-07-10 12:25:49 PDT

Created attachment 315006 [details] Patch

youenn fablet

Comment 9 2017-07-10 12:27:16 PDT

Created attachment 315007 [details] Patch

youenn fablet

Comment 10 2017-07-10 12:47:05 PDT

Created attachment 315012 [details] Fixing non WebRTC build

youenn fablet

Comment 11 2017-07-10 13:34:14 PDT

Created attachment 315018 [details] Fixing non WebRTC build

youenn fablet

Comment 12 2017-07-10 22:02:06 PDT

Created attachment 315082 [details] Keeping controller at page

Build Bot

Comment 13 2017-07-10 23:40:59 PDT

Comment on attachment 315082 [details] Keeping controller at page Attachment 315082 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/4098759 New failing tests: storage/indexeddb/modern/new-database-after-user-delete.html

Build Bot

Comment 14 2017-07-10 23:41:01 PDT

Created attachment 315085 [details] Archive of layout-test-results from ews115 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Eric Carlson

Comment 15 2017-07-11 07:12:46 PDT

Comment on attachment 315082 [details] Keeping controller at page View in context: https://bugs.webkit.org/attachment.cgi?id=315082&action=review > Source/WebCore/ChangeLog:25 > + Making UserMediaRequest disable the ICE candidate filtering for the page RTCController. > + All RTCPeerConnection of the page that are created on a document that are same-origin as the top document are now registered to the RTCController. > + This allows disabling filtering to only these RTCPeerConnection. > + > + The page keeps the default ICE candidate filtering policy. > + This policy allows disabling ICE candidate filtering for all RTCPeerConnection. > + > + When the top document is changing, the RTCController filtering policy is reset and its list of RTCPeerConnection is emptied. > + > + Internals no longer disables ICE candidate filtering by default. > + This allows finer grained testing. > + ICE candidate filtering is disabled for tests including testharnessreport.js to enable web-platform-tests to run without modifications. Nit: please wrap these lines to make them easier to read. > Source/WebCore/Modules/mediastream/RTCPeerConnection.cpp:72 > + // ICE candidate filtering can only be disabled for connections from documents that have the same origin as the top document, or if the page was set to disable it. Ditto. > Source/WebKit2/WebProcess/WebPage/WebPage.cpp:585 > #if ENABLE(WEB_RTC) > void WebPage::disableICECandidateFiltering() > { > - m_page->rtcController().disableICECandidateFiltering(); > + m_page->disableICECandidateFiltering(); > } > > void WebPage::enableICECandidateFiltering() > { > - m_page->rtcController().disableICECandidateFiltering(); > + m_page->enableICECandidateFiltering(); > } Are these needed now that UserMediaProcessManager is no longer involved in managing filtering?

youenn fablet

Comment 16 2017-07-11 07:49:27 PDT

Thanks for the review. (In reply to Eric Carlson from comment #15) > Comment on attachment 315082 [details] > Keeping controller at page > > View in context: > https://bugs.webkit.org/attachment.cgi?id=315082&action=review > > > Source/WebCore/ChangeLog:25 > > + Making UserMediaRequest disable the ICE candidate filtering for the page RTCController. > > + All RTCPeerConnection of the page that are created on a document that are same-origin as the top document are now registered to the RTCController. > > + This allows disabling filtering to only these RTCPeerConnection. > > + > > + The page keeps the default ICE candidate filtering policy. > > + This policy allows disabling ICE candidate filtering for all RTCPeerConnection. > > + > > + When the top document is changing, the RTCController filtering policy is reset and its list of RTCPeerConnection is emptied. > > + > > + Internals no longer disables ICE candidate filtering by default. > > + This allows finer grained testing. > > + ICE candidate filtering is disabled for tests including testharnessreport.js to enable web-platform-tests to run without modifications. > > Nit: please wrap these lines to make them easier to read. OK > > Source/WebCore/Modules/mediastream/RTCPeerConnection.cpp:72 > > + // ICE candidate filtering can only be disabled for connections from documents that have the same origin as the top document, or if the page was set to disable it. > > Ditto. OK > > Source/WebKit2/WebProcess/WebPage/WebPage.cpp:585 > > #if ENABLE(WEB_RTC) > > void WebPage::disableICECandidateFiltering() > > { > > - m_page->rtcController().disableICECandidateFiltering(); > > + m_page->disableICECandidateFiltering(); > > } > > > > void WebPage::enableICECandidateFiltering() > > { > > - m_page->rtcController().disableICECandidateFiltering(); > > + m_page->enableICECandidateFiltering(); > > } > > Are these needed now that UserMediaProcessManager is no longer involved in > managing filtering? Yes, the UIProcess should use these to modify existing web process behaviors when the UIProcess ICE candidate filtering policy option is modified. Currently, this only takes effect for new tabs.

youenn fablet

Comment 17 2017-07-11 07:53:56 PDT

Created attachment 315111 [details] Patch

WebKit Commit Bot

Comment 18 2017-07-11 08:32:42 PDT

Comment on attachment 315111 [details] Patch Clearing flags on attachment: 315111 Committed r219331: <http://trac.webkit.org/changeset/219331>

WebKit Commit Bot

Comment 19 2017-07-11 08:32:44 PDT

All reviewed patches have been landed. Closing bug.

Michael Catanzaro

Comment 20 2017-07-11 08:59:58 PDT

Looks like it broke WPE (not sure about GTK as that bot has not caught up yet): /home/buildbot/wpe/wpe-linux-64-release/build/Source/WebKit2/UIProcess/WebPageProxy.cpp: In member function ‘void WebKit::WebPageProxy::activateMediaStreamCaptureInPage()’: /home/buildbot/wpe/wpe-linux-64-release/build/Source/WebKit2/UIProcess/WebPageProxy.cpp:1672:5: error: ‘UserMediaProcessManager’ has not been declared UserMediaProcessManager::singleton().muteCaptureMediaStreamsExceptIn(*this); ^~~~~~~~~~~~~~~~~~~~~~~ At global scope: I'm confused how it happened. I don't see what portion of the change caused this failure. WebPageProxy.cpp was not even modified, and it still includes UserMediaProcessManager.h.

Michael Catanzaro

Comment 21 2017-07-11 09:00:48 PDT

(In reply to Michael Catanzaro from comment #20) > (not sure about GTK as that bot has not caught up yet) Our secondary bots are caught up, and they are hitting the same failure.

Michael Catanzaro

Comment 22 2017-07-11 09:05:26 PDT

Ah, mystery solved. The build breakage was from r219330, not this change. Whoops. :)

youenn fablet

Comment 23 2017-07-11 09:07:22 PDT

(In reply to Michael Catanzaro from comment #22) > Ah, mystery solved. The build breakage was from r219330, not this change. > Whoops. :) I will fix r219330 issue asap.

youenn fablet

Comment 24 2017-07-11 13:28:35 PDT

Reopening to attach new patch.

youenn fablet

Comment 25 2017-07-11 13:28:35 PDT

Created attachment 315153 [details] Patch

youenn fablet

Comment 26 2017-07-11 13:29:18 PDT

(In reply to youenn fablet from comment #25) > Created attachment 315153 [details] > Patch Fixing the case of bots without WebRTC support.

WebKit Commit Bot

Comment 27 2017-07-11 14:07:53 PDT

Comment on attachment 315153 [details] Patch Clearing flags on attachment: 315153 Committed r219362: <http://trac.webkit.org/changeset/219362>

WebKit Commit Bot

Comment 28 2017-07-11 14:07:55 PDT

All reviewed patches have been landed. Closing bug.

youenn fablet

Comment 29 2017-07-11 16:27:43 PDT

*** Bug 174112 has been marked as a duplicate of this bug. ***

Matt Lewis

Comment 30 2017-07-13 17:25:21 PDT

Marked tests as skip: https://trac.webkit.org/changeset/219478

Matt Lewis

Comment 31 2017-07-21 15:23:27 PDT

These tests started to become flaky on macOS WK2 as well. https://trac.webkit.org/changeset/219748/webkit

Note You need to log in before you can comment on or make changes to this bug.