From 2d0f23b5fa22d4a12d670801e3bbd1c76391b23e Mon Sep 17 00:00:00 2001
From: Mike Taylor <miketaylr@chromium.org>
Date: Thu, 9 Jan 2025 14:09:15 -0800
Subject: [PATCH] Add support for 'ch-ua-high-entropy-values' permission policy

This (currently disabled) policy allows a top-level site to restrict which documents are able to collect high-entropy client hints via the
navigator.userAgentData.getHighEntropyValues() JS API.

Restricting collection of high-entropy hints over HTTP is already possible via permissions-policy.

Spec: https://wicg.github.io/ua-client-hints/#ch-ua-high-entropy-values

Bug: 385161047
Change-Id: I13e648f52811ee30af6727520b733d260b9d579a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6107648
Reviewed-by: Nate Chapin <japhet@chromium.org>
Commit-Queue: Mike Taylor <miketaylr@chromium.org>
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Ari Chivukula <arichiv@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1404420}
---
 ...-attribute-redirect-on-load.https.sub.html | 56 ++++++++++++++++
 ...-default-permissions-policy.https.sub.html | 42 ++++++++++++
 ...abled-by-permissions-policy.https.sub.html | 44 +++++++++++++
 ...-permissions-policy.https.sub.html.headers |  1 +
 ...abled-by-permissions-policy.https.sub.html | 42 ++++++++++++
 ...-permissions-policy.https.sub.html.headers |  1 +
 ...rigin-by-permissions-policy.https.sub.html | 42 ++++++++++++
 ...-permissions-policy.https.sub.html.headers |  1 +
 ...ermissions-policy-attribute.https.sub.html | 64 +++++++++++++++++++
 ...ions-policy-ch-ua-high-entropy-values.html | 10 +++
 10 files changed, 303 insertions(+)
 create mode 100644 client-hints/permissions-policy/ch-ua-high-entropy-values-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub.html
 create mode 100644 client-hints/permissions-policy/ch-ua-high-entropy-values-default-permissions-policy.https.sub.html
 create mode 100644 client-hints/permissions-policy/ch-ua-high-entropy-values-disabled-by-permissions-policy.https.sub.html
 create mode 100644 client-hints/permissions-policy/ch-ua-high-entropy-values-disabled-by-permissions-policy.https.sub.html.headers
 create mode 100644 client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-by-permissions-policy.https.sub.html
 create mode 100644 client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-by-permissions-policy.https.sub.html.headers
 create mode 100644 client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-on-self-origin-by-permissions-policy.https.sub.html
 create mode 100644 client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-on-self-origin-by-permissions-policy.https.sub.html.headers
 create mode 100644 client-hints/permissions-policy/ch-ua-high-entropy-values-permissions-policy-attribute.https.sub.html
 create mode 100644 permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html

diff --git a/client-hints/permissions-policy/ch-ua-high-entropy-values-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub.html b/client-hints/permissions-policy/ch-ua-high-entropy-values-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub.html
new file mode 100644
index 00000000000000..da66bd0feb9ea8
--- /dev/null
+++ b/client-hints/permissions-policy/ch-ua-high-entropy-values-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub.html
@@ -0,0 +1,56 @@
+<!DOCTYPE html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/permissions-policy/resources/permissions-policy.js></script>
+  <script src=/common/get-host-info.sub.js></script>
+  <script>
+  var relative_path = '/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html';
+  var base_src = '/permissions-policy/resources/redirect-on-load.html#';
+  var same_origin_src = base_src + relative_path;
+  var cross_origin_src = base_src + get_host_info().REMOTE_ORIGIN +
+    relative_path;
+  var header_self = 'permissions policy allow="ch-ua-high-entropy-values"';
+  var header_none = `permissions policy allow="ch-ua-high-entropy-values='none'`;
+
+  async_test((test) => {
+    test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_available_default,
+        feature_name: "ch-ua-high-entropy-values",
+    })
+  }, `${header_self} allows same-origin navigation in an iframe.`);
+
+  async_test((test) => {
+    test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_unavailable_default,
+        feature_name: "ch-ua-high-entropy-values",
+    })
+  }, `${header_self} disallows cross-origin navigation in an iframe.`);
+
+  async_test((test) => {
+    test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_available_default,
+        feature_name: "ch-ua-high-entropy-values='none'",
+    })
+  }, `${header_none} disallows same-origin navigation in an iframe.`);
+
+  async_test((test) => {
+    test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_available_default,
+        feature_name: "ch-ua-high-entropy-values='none'",
+    })
+  }, `${header_none} disallows cross-origin navigation in an iframe.`);
+  </script>
+</body>
\ No newline at end of file
diff --git a/client-hints/permissions-policy/ch-ua-high-entropy-values-default-permissions-policy.https.sub.html b/client-hints/permissions-policy/ch-ua-high-entropy-values-default-permissions-policy.https.sub.html
new file mode 100644
index 00000000000000..d73d61d5ac31e2
--- /dev/null
+++ b/client-hints/permissions-policy/ch-ua-high-entropy-values-default-permissions-policy.https.sub.html
@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<body>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="../../permissions-policy/resources/permissions-policy.js"></script>
+  <script>
+    const same_origin_src =
+      "/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html";
+    const cross_origin_src =
+      "https://{{hosts[alt][]}}:{{ports[https][0]}}" + same_origin_src;
+      const header = 'Permissions policy header "ch-ua-high-entropy-values=*"';
+
+    promise_test(async () => {
+      return navigator.userAgentData.getHighEntropyValues(["bitness"]).then(
+        hints => {
+          assert_own_property(hints, "brands");
+          assert_own_property(hints, "mobile");
+          assert_own_property(hints, "platform");
+          assert_own_property(hints, "bitness");
+        }
+      );
+    }, `high-entropy values via getHighEntropyValues() allowed by default in top-level document.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_available_default,
+      });
+    }, `high-entropy values via getHighEntropyValues() allowed by default in same-origin iframes.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_available_default,
+      });
+    }, `high-entropy values via getHighEntropyValues() allowed by default in cross-origin iframes.`);
+  </script>
+</body>
\ No newline at end of file
diff --git a/client-hints/permissions-policy/ch-ua-high-entropy-values-disabled-by-permissions-policy.https.sub.html b/client-hints/permissions-policy/ch-ua-high-entropy-values-disabled-by-permissions-policy.https.sub.html
new file mode 100644
index 00000000000000..c86d3829d5c9fb
--- /dev/null
+++ b/client-hints/permissions-policy/ch-ua-high-entropy-values-disabled-by-permissions-policy.https.sub.html
@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<body>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="../../permissions-policy/resources/permissions-policy.js"></script>
+  <script>
+    const same_origin_src =
+      "/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html";
+    const cross_origin_src =
+      "https://{{hosts[alt][]}}:{{ports[https][0]}}" + same_origin_src;
+      const header = 'Permissions policy header "ch-ua-high-entropy-values=()"';
+
+    promise_test(async () => {
+      // bitness is a high-entropy hint: we expect it to not be returned due to
+      // Permissions-Policy, but instead just the low-entropy hints
+      return navigator.userAgentData.getHighEntropyValues(["bitness"]).then(
+        hints => {
+          assert_own_property(hints, "brands");
+          assert_own_property(hints, "mobile");
+          assert_own_property(hints, "platform");
+          assert_not_own_property(hints, "bitness");
+        }
+      );
+    }, `${header} disallows high-entropy values via getHighEntropyValues() in top-level document.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_unavailable_default,
+      });
+    }, `${header} disallows high-entropy values via getHighEntropyValues() in same-origin iframes.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_unavailable_default,
+      });
+    }, `${header} disallows high-entropy values via getHighEntropyValues() in cross-origin iframes.`);
+  </script>
+</body>
\ No newline at end of file
diff --git a/client-hints/permissions-policy/ch-ua-high-entropy-values-disabled-by-permissions-policy.https.sub.html.headers b/client-hints/permissions-policy/ch-ua-high-entropy-values-disabled-by-permissions-policy.https.sub.html.headers
new file mode 100644
index 00000000000000..fcf474880843e2
--- /dev/null
+++ b/client-hints/permissions-policy/ch-ua-high-entropy-values-disabled-by-permissions-policy.https.sub.html.headers
@@ -0,0 +1 @@
+Permissions-Policy: ch-ua-high-entropy-values=()
\ No newline at end of file
diff --git a/client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-by-permissions-policy.https.sub.html b/client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-by-permissions-policy.https.sub.html
new file mode 100644
index 00000000000000..7e05749816173a
--- /dev/null
+++ b/client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-by-permissions-policy.https.sub.html
@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<body>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="../../permissions-policy/resources/permissions-policy.js"></script>
+  <script>
+    const same_origin_src =
+      "/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html";
+    const cross_origin_src =
+      "https://{{hosts[alt][]}}:{{ports[https][0]}}" + same_origin_src;
+      const header = 'Permissions policy header "ch-ua-high-entropy-values=*"';
+
+    promise_test(async () => {
+      return navigator.userAgentData.getHighEntropyValues(["bitness"]).then(
+        hints => {
+          assert_own_property(hints, "brands");
+          assert_own_property(hints, "mobile");
+          assert_own_property(hints, "platform");
+          assert_own_property(hints, "bitness");
+        }
+      );
+    }, `${header} allows high-entropy values via getHighEntropyValues() in top-level document.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_available_default,
+      });
+    }, `${header} allows high-entropy values via getHighEntropyValues() in same-origin iframes.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_available_default,
+      });
+    }, `${header} allows high-entropy values via getHighEntropyValues() in cross-origin iframes.`);
+  </script>
+</body>
\ No newline at end of file
diff --git a/client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-by-permissions-policy.https.sub.html.headers b/client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-by-permissions-policy.https.sub.html.headers
new file mode 100644
index 00000000000000..ac74cfd647f07a
--- /dev/null
+++ b/client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-by-permissions-policy.https.sub.html.headers
@@ -0,0 +1 @@
+Permissions-Policy: ch-ua-high-entropy-values=*
\ No newline at end of file
diff --git a/client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-on-self-origin-by-permissions-policy.https.sub.html b/client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-on-self-origin-by-permissions-policy.https.sub.html
new file mode 100644
index 00000000000000..24161b3cc02540
--- /dev/null
+++ b/client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-on-self-origin-by-permissions-policy.https.sub.html
@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<body>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="../../permissions-policy/resources/permissions-policy.js"></script>
+  <script>
+    const same_origin_src =
+      "/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html";
+    const cross_origin_src =
+      "https://{{hosts[alt][]}}:{{ports[https][0]}}" + same_origin_src;
+      const header = 'Permissions policy header "ch-ua-high-entropy-values=self"';
+
+    promise_test(async () => {
+      return navigator.userAgentData.getHighEntropyValues(["bitness"]).then(
+        hints => {
+          assert_own_property(hints, "brands");
+          assert_own_property(hints, "mobile");
+          assert_own_property(hints, "platform");
+          assert_own_property(hints, "bitness");
+        }
+      );
+    }, `${header} allows high-entropy values via getHighEntropyValues() in top-level document.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_available_default,
+      });
+    }, `${header} allows high-entropy values via getHighEntropyValues() in same-origin iframes.`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_unavailable_default,
+      });
+    }, `${header} disallows high-entropy values via getHighEntropyValues() in cross-origin iframes.`);
+  </script>
+</body>
\ No newline at end of file
diff --git a/client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-on-self-origin-by-permissions-policy.https.sub.html.headers b/client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-on-self-origin-by-permissions-policy.https.sub.html.headers
new file mode 100644
index 00000000000000..9c876c03f3cf59
--- /dev/null
+++ b/client-hints/permissions-policy/ch-ua-high-entropy-values-enabled-on-self-origin-by-permissions-policy.https.sub.html.headers
@@ -0,0 +1 @@
+Permissions-Policy: ch-ua-high-entropy-values=self
\ No newline at end of file
diff --git a/client-hints/permissions-policy/ch-ua-high-entropy-values-permissions-policy-attribute.https.sub.html b/client-hints/permissions-policy/ch-ua-high-entropy-values-permissions-policy-attribute.https.sub.html
new file mode 100644
index 00000000000000..a6f9bbf73ee6e0
--- /dev/null
+++ b/client-hints/permissions-policy/ch-ua-high-entropy-values-permissions-policy-attribute.https.sub.html
@@ -0,0 +1,64 @@
+<!DOCTYPE html>
+<body>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="../../permissions-policy/resources/permissions-policy.js"></script>
+  <script>
+    const same_origin_src =
+      "/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html";
+    const cross_origin_src =
+      "https://{{hosts[alt][]}}:{{ports[https][0]}}" + same_origin_src;
+      const feature_name = 'permissions policy "ch-ua-high-entropy-values"';
+      const header_none = 'allow="ch-ua-high-entropy-values \'none\'" attribute';
+      const header_self = 'allow="ch-ua-high-entropy-values" attribute';
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_available_default,
+      });
+    }, `${feature_name} is enabled by default`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_unavailable_default,
+        feature_name: "ch-ua-high-entropy-values 'none'"
+      });
+    }, `${feature_name} disabled in same-origin iframe using ${header_none}`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_unavailable_default,
+        feature_name: "ch-ua-high-entropy-values 'none'"
+      });
+    }, `${feature_name} disabled in cross-origin iframe using ${header_none}`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: same_origin_src,
+        expect_feature_available: expect_feature_available_default,
+        feature_name: "ch-ua-high-entropy-values"
+      });
+    }, `${feature_name} can be enabled in same-origin iframe using ${header_self}`);
+
+    async_test((test) => {
+      return test_feature_availability({
+        feature_description: "navigator.userAgentData.getHighEntropyValues()",
+        test,
+        src: cross_origin_src,
+        expect_feature_available: expect_feature_available_default,
+        feature_name: "ch-ua-high-entropy-values"
+      });
+    }, `${header_self} allows high-entropy values via getHighEntropyValues() in cross-origin iframes.`);
+  </script>
+</body>
\ No newline at end of file
diff --git a/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html b/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html
new file mode 100644
index 00000000000000..842cf590293dad
--- /dev/null
+++ b/permissions-policy/resources/permissions-policy-ch-ua-high-entropy-values.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script>
+window.onload = async function() {
+  const hints = await navigator.userAgentData.getHighEntropyValues(["bitness"]);
+  const enabled = hints.hasOwnProperty("bitness");
+  window.parent.postMessage({ type: 'availability-result', enabled }, "*");
+};
+</script>