Bug 1492766 - Part 2: Makes the set/releasePointerCapture working properly when fingerprinting resistance is enabled r=masayuki,arthuredelstein,smaug

When fingerprinting resistance is enabled, content should only view the
pointer capture events from the spoofed interface. In order to do so,
first, we need to restrict content to only set or release pointer capture
for only the spoofed pointer id. Second, we have to map other interfaces
into the spoofed one for pointer capture events.

Depends on D9531

Differential Revision: https://phabricator.services.mozilla.com/D9532

--HG--
extra : moz-landing-system : lando

dom/base/Element.cpp

@@ -98,7 +98,6 @@
 #include "nsSVGUtils.h"
 #include "nsLayoutUtils.h"
 #include "nsGkAtoms.h"
-#include "nsContentUtils.h"
 #include "ChildIterator.h"
 
 #include "nsIDOMEventListener.h"

dom/base/Element.h

@@ -43,6 +43,7 @@
 #include "mozilla/UniquePtr.h"
 #include "Units.h"
 #include "DOMIntersectionObserver.h"
+#include "nsContentUtils.h"
 
 class mozAutoDocUpdate;
 class nsIFrame;
@@ -1185,6 +1186,11 @@ public:
   void SetPointerCapture(int32_t aPointerId, ErrorResult& aError)
   {
     bool activeState = false;
+    if (nsContentUtils::ShouldResistFingerprinting(GetComposedDoc()) &&
+        aPointerId != PointerEventHandler::GetSpoofedPointerIdForRFP()) {
+      aError.Throw(NS_ERROR_DOM_INVALID_POINTER_ERR);
+      return;
+    }
     if (!PointerEventHandler::GetPointerInfo(aPointerId, activeState)) {
       aError.Throw(NS_ERROR_DOM_INVALID_POINTER_ERR);
       return;
@@ -1207,6 +1213,11 @@ public:
   void ReleasePointerCapture(int32_t aPointerId, ErrorResult& aError)
   {
     bool activeState = false;
+    if (nsContentUtils::ShouldResistFingerprinting(GetComposedDoc()) &&
+        aPointerId != PointerEventHandler::GetSpoofedPointerIdForRFP()) {
+      aError.Throw(NS_ERROR_DOM_INVALID_POINTER_ERR);
+      return;
+    }
     if (!PointerEventHandler::GetPointerInfo(aPointerId, activeState)) {
       aError.Throw(NS_ERROR_DOM_INVALID_POINTER_ERR);
       return;

dom/events/PointerEventHandler.cpp

@@ -266,6 +266,30 @@ PointerEventHandler::CheckPointerCaptureState(WidgetPointerEvent* aEvent)
 
   PointerCaptureInfo* captureInfo = GetPointerCaptureInfo(aEvent->pointerId);
 
+  // When fingerprinting resistance is enabled, we need to map other pointer
+  // ids into the spoofed one. We don't have to do the mapping if the capture
+  // info exists for the non-spoofed pointer id because of we won't allow
+  // content to set pointer capture other than the spoofed one. Thus, it must be
+  // from chrome if the capture info exists in this case. And we don't have to
+  // do anything if the pointer id is the same as the spoofed one.
+  if (nsContentUtils::ShouldResistFingerprinting() &&
+      aEvent->pointerId != (uint32_t)GetSpoofedPointerIdForRFP() &&
+      !captureInfo) {
+    PointerCaptureInfo* spoofedCaptureInfo =
+      GetPointerCaptureInfo(GetSpoofedPointerIdForRFP());
+
+    // We need to check the target element is content or chrome. If it is chrome
+    // we don't need to send a capture event since the capture info of the
+    // original pointer id doesn't exist in the case.
+    if (!spoofedCaptureInfo ||
+        (spoofedCaptureInfo->mPendingContent &&
+        spoofedCaptureInfo->mPendingContent->IsInChromeDocument())) {
+      return;
+    }
+
+    captureInfo = spoofedCaptureInfo;
+  }
+
   if (!captureInfo ||
       captureInfo->mPendingContent == captureInfo->mOverrideContent) {
     return;