Add support for 'ch-ua-high-entropy-values' permission policy

This (currently disabled) policy allows a top-level site to restrict which documents are able to collect high-entropy client hints via the
navigator.userAgentData.getHighEntropyValues() JS API.

Restricting collection of high-entropy hints over HTTP is already possible via permissions-policy.

Spec: https://wicg.github.io/ua-client-hints/#ch-ua-high-entropy-values

Bug: 385161047
Change-Id: I13e648f52811ee30af6727520b733d260b9d579a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6107648
Reviewed-by: Nate Chapin <[email protected]>
Commit-Queue: Mike Taylor <[email protected]>
Reviewed-by: Ken Buchanan <[email protected]>
Reviewed-by: Ari Chivukula <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1404420}

client-hints/permissions-policy/ch-ua-high-entropy-values-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub.html

@@ -0,0 +1,56 @@
+<!DOCTYPE html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/permissions-policy/resources/permissions-policy.js></script>
+  <script src=/common/get-host-info.sub.js></script>
+  <script>
+  var relative_path = '/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html';
+  var base_src = '/permissions-policy/resources/redirect-on-load.html#';
+  var same_origin_src = base_src + relative_path;
+  var cross_origin_src = base_src + get_host_info().REMOTE_ORIGIN +
+    relative_path;
+  var header_self = 'permissions policy allow="ch-ua-high-entropy-values"';
+  var header_none = `permissions policy allow="ch-ua-high-entropy-values='none'`;
+
+  async_test((test) => {
+    test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_available_default,
+        feature_name: "ch-ua-high-entropy-values",
+    })
+  }, `${header_self} allows same-origin navigation in an iframe.`);
+
+  async_test((test) => {
+    test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_unavailable_default,
+        feature_name: "ch-ua-high-entropy-values",
+    })
+  }, `${header_self} disallows cross-origin navigation in an iframe.`);
+
+  async_test((test) => {
+    test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_available_default,
+        feature_name: "ch-ua-high-entropy-values='none'",
+    })
+  }, `${header_none} disallows same-origin navigation in an iframe.`);
+
+  async_test((test) => {
+    test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_available_default,
+        feature_name: "ch-ua-high-entropy-values='none'",
+    })
+  }, `${header_none} disallows cross-origin navigation in an iframe.`);
+  </script>
+</body>

client-hints/permissions-policy/ch-ua-high-entropy-values-default-permissions-policy.https.sub.html

@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<body>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="../../permissions-policy/resources/permissions-policy.js"></script>
+  <script>
+    const same_origin_src =
+      "/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html";
+    const cross_origin_src =
+      "https://{{hosts[alt][]}}:{{ports[https][0]}}" + same_origin_src;
+      const header = 'Permissions policy header "ch-ua-high-entropy-values=*"';
+
+    promise_test(async () => {
+      return navigator.userAgentData.getHighEntropyValues(["bitness"]).then(
+        hints => {
+          assert_own_property(hints, "brands");
+          assert_own_property(hints, "mobile");
+          assert_own_property(hints, "platform");
+          assert_own_property(hints, "bitness");
+        }
+      );
+    }, `high-entropy values via getHighEntropyValues() allowed by default in top-level document.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_available_default,
+      });
+    }, `high-entropy values via getHighEntropyValues() allowed by default in same-origin iframes.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_available_default,
+      });
+    }, `high-entropy values via getHighEntropyValues() allowed by default in cross-origin iframes.`);
+  </script>
+</body>

client-hints/permissions-policy/ch-ua-high-entropy-values-disabled-by-permissions-policy.https.sub.html

@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<body>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="../../permissions-policy/resources/permissions-policy.js"></script>
+  <script>
+    const same_origin_src =
+      "/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html";
+    const cross_origin_src =
+      "https://{{hosts[alt][]}}:{{ports[https][0]}}" + same_origin_src;
+      const header = 'Permissions policy header "ch-ua-high-entropy-values=()"';
+
+    promise_test(async () => {
+      // bitness is a high-entropy hint: we expect it to not be returned due to
+      // Permissions-Policy, but instead just the low-entropy hints
+      return navigator.userAgentData.getHighEntropyValues(["bitness"]).then(
+        hints => {
+          assert_own_property(hints, "brands");
+          assert_own_property(hints, "mobile");
+          assert_own_property(hints, "platform");
+          assert_not_own_property(hints, "bitness");
+        }
+      );
+    }, `${header} disallows high-entropy values via getHighEntropyValues() in top-level document.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_unavailable_default,
+      });
+    }, `${header} disallows high-entropy values via getHighEntropyValues() in same-origin iframes.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_unavailable_default,
+      });
+    }, `${header} disallows high-entropy values via getHighEntropyValues() in cross-origin iframes.`);
+  </script>
+</body>

client-hints/permissions-policy/ch-ua-high-entropy-values-disabled-by-permissions-policy.https.sub.html.headers

@@ -0,0 +1 @@
+Permissions-Policy: ch-ua-high-entropy-values=()

client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-by-permissions-policy.https.sub.html

@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<body>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="../../permissions-policy/resources/permissions-policy.js"></script>
+  <script>
+    const same_origin_src =
+      "/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html";
+    const cross_origin_src =
+      "https://{{hosts[alt][]}}:{{ports[https][0]}}" + same_origin_src;
+      const header = 'Permissions policy header "ch-ua-high-entropy-values=*"';
+
+    promise_test(async () => {
+      return navigator.userAgentData.getHighEntropyValues(["bitness"]).then(
+        hints => {
+          assert_own_property(hints, "brands");
+          assert_own_property(hints, "mobile");
+          assert_own_property(hints, "platform");
+          assert_own_property(hints, "bitness");
+        }
+      );
+    }, `${header} allows high-entropy values via getHighEntropyValues() in top-level document.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_available_default,
+      });
+    }, `${header} allows high-entropy values via getHighEntropyValues() in same-origin iframes.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_available_default,
+      });
+    }, `${header} allows high-entropy values via getHighEntropyValues() in cross-origin iframes.`);
+  </script>
+</body>

client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-by-permissions-policy.https.sub.html.headers

@@ -0,0 +1 @@
+Permissions-Policy: ch-ua-high-entropy-values=*

client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-on-self-origin-by-permissions-policy.https.sub.html

@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<body>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="../../permissions-policy/resources/permissions-policy.js"></script>
+  <script>
+    const same_origin_src =
+      "/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html";
+    const cross_origin_src =
+      "https://{{hosts[alt][]}}:{{ports[https][0]}}" + same_origin_src;
+      const header = 'Permissions policy header "ch-ua-high-entropy-values=self"';
+
+    promise_test(async () => {
+      return navigator.userAgentData.getHighEntropyValues(["bitness"]).then(
+        hints => {
+          assert_own_property(hints, "brands");
+          assert_own_property(hints, "mobile");
+          assert_own_property(hints, "platform");
+          assert_own_property(hints, "bitness");
+        }
+      );
+    }, `${header} allows high-entropy values via getHighEntropyValues() in top-level document.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_available_default,
+      });
+    }, `${header} allows high-entropy values via getHighEntropyValues() in same-origin iframes.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_unavailable_default,
+      });
+    }, `${header} disallows high-entropy values via getHighEntropyValues() in cross-origin iframes.`);
+  </script>
+</body>

client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-on-self-origin-by-permissions-policy.https.sub.html.headers

@@ -0,0 +1 @@
+Permissions-Policy: ch-ua-high-entropy-values=self

client-hints/permissions-policy/ch-ua-high-entropy-values-permissions-policy-attribute.https.sub.html

@@ -0,0 +1,64 @@
+<!DOCTYPE html>
+<body>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="../../permissions-policy/resources/permissions-policy.js"></script>
+  <script>
+    const same_origin_src =
+      "/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html";
+    const cross_origin_src =
+      "https://{{hosts[alt][]}}:{{ports[https][0]}}" + same_origin_src;
+      const feature_name = 'permissions policy "ch-ua-high-entropy-values"';
+      const header_none = 'allow="ch-ua-high-entropy-values \'none\'" attribute';
+      const header_self = 'allow="ch-ua-high-entropy-values" attribute';
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_available_default,
+      });
+    }, `${feature_name} is enabled by default`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_unavailable_default,
+        feature_name: "ch-ua-high-entropy-values 'none'"
+      });
+    }, `${feature_name} disabled in same-origin iframe using ${header_none}`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_unavailable_default,
+        feature_name: "ch-ua-high-entropy-values 'none'"
+      });
+    }, `${feature_name} disabled in cross-origin iframe using ${header_none}`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_available_default,
+        feature_name: "ch-ua-high-entropy-values"
+      });
+    }, `${feature_name} can be enabled in same-origin iframe using ${header_self}`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_available_default,
+        feature_name: "ch-ua-high-entropy-values"
+      });
+    }, `${header_self} allows high-entropy values via getHighEntropyValues() in cross-origin iframes.`);
+  </script>
+</body>

permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script>
+window.onload = async function() {
+  const hints = await navigator.userAgentData.getHighEntropyValues(["bitness"]);
+  const enabled = hints.hasOwnProperty("bitness");
+  window.parent.postMessage({ type: 'availability-result', enabled }, "*");
+};
+</script>