Bug 1805797 [wpt PR 37515] - [shared storage] add permissions policy for individual output gate: selectURL() and privateAggregation, a=testonly

Automatic update from web-platform-tests
[shared storage] add permissions policy for individual output gate: selectURL() and privateAggregation

This allows more fine-grained control of the output gates

PR: https://github.com/WICG/shared-storage/pull/52

This CL only implement the PAA check for shared storage part. For FLEDGE, it will be done in a separate CL.

Also add the new features in
kFencedFrameOpaqueAdsDefaultAllowedFeatures: they are supposed to
be used from within the FF.

The private aggregation permissions policy is tested in a browser test / is not easily testable via web_test: right now, only selectURL()’s result rendered in FF can expose state in the worklet; but if the permissions policy is disallowed in the embedder, the FF navigation will fail (as the permissions is in kFencedFrameOpaqueAdsDefaultAllowedFeatures).

Bug: 1400840
Change-Id: I74a285827126f5cf8a43cb780e37693f4c0c7ddf
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4105180
Reviewed-by: Liam Brady <lbrady@google.com>
Reviewed-by: Qingxin Wu <qingxinwu@google.com>
Commit-Queue: Yao Xiao <yaoxia@chromium.org>
Reviewed-by: Cammie Smith Barnes <cammie@chromium.org>
Reviewed-by: Alex Turner <alexmt@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1088572}

--

wpt-commits: 672e9117cea01a92608718952f0174b8d490966a
wpt-pr: 37515

testing/web-platform/tests/shared-storage/resources/select-url-permissions-policy-helper.html

@@ -0,0 +1,18 @@
+<!doctype html>
+<body>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/shared-storage/resources/util.js"></script>
+  <script>
+  'use strict';
+
+  window.onload = async function() {
+    if (await IsSharedStorageSelectUrlAllowedByPermissionsPolicy()) {
+      parent.postMessage({ type: 'availability-result', enabled: true }, '*');
+      return;
+    }
+
+    parent.postMessage({ type: 'availability-result', enabled: false }, '*');
+  }
+  </script>
+</body>

testing/web-platform/tests/shared-storage/resources/util.js

@@ -1,5 +1,23 @@
 'use strict';
 
+async function IsSharedStorageSelectUrlAllowedByPermissionsPolicy() {
+  const errorMessage = 'The \"shared-storage-select-url\" Permissions Policy denied the usage of window.sharedStorage.selectURL().';
+  let allowedByPermissionsPolicy = true;
+  try {
+    // Run selectURL() with without addModule() and this should always fail.
+    // Check the error message to distinguish between the permissions policy
+    // error and the missing addModule() error.
+    await sharedStorage.selectURL("operation", [{url: "1.html"}]);
+    assert_unreached("did not fail");
+  } catch (e) {
+    if (e.message === errorMessage) {
+      allowedByPermissionsPolicy = false;
+    }
+  }
+
+  return allowedByPermissionsPolicy;
+}
+
 // Execute all shared storage methods and capture their errors. Return true if
 // the permissions policy allows all of them; return false if the permissions
 // policy disallows all of them. Precondition: only these two outcomes are

testing/web-platform/tests/shared-storage/select-url-permissions-policy-default.tentative.https.sub.html

@@ -0,0 +1,29 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/permissions-policy/resources/permissions-policy.js></script>
+  <script src="/shared-storage/resources/util.js"></script>
+  <script>
+    'use strict';
+    const same_origin_src = '/shared-storage/resources/select-url-permissions-policy-helper.html';
+    const cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
+      same_origin_src;
+    const header = 'Default permissions policy';
+
+    promise_test(async t => {
+      const allowed = await IsSharedStorageSelectUrlAllowedByPermissionsPolicy();
+      assert_true(allowed);
+    }, header + ' allows sharedStorage.selectURL() in the current page.');
+
+    async_test(t => {
+      test_feature_availability('shared-storage-select-url', t, same_origin_src,
+          expect_feature_available_default);
+    }, header + ' allows sharedStorage.selectURL() in same-origin iframes.');
+
+    async_test(t => {
+      test_feature_availability('shared-storage-select-url', t, cross_origin_src,
+          expect_feature_available_default);
+    }, header + ' allows sharedStorage.selectURL() in cross-origin iframes.');
+  </script>
+</body>

testing/web-platform/tests/shared-storage/select-url-permissions-policy-none.tentative.https.sub.html

@@ -0,0 +1,29 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/permissions-policy/resources/permissions-policy.js></script>
+  <script src="/shared-storage/resources/util.js"></script>
+  <script>
+    'use strict';
+    const same_origin_src = '/shared-storage/resources/select-url-permissions-policy-helper.html';
+    const cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
+      same_origin_src;
+    const header = 'permissions policy header shared-storage-select-url=()';
+
+    promise_test(async t => {
+      const allowed = await IsSharedStorageSelectUrlAllowedByPermissionsPolicy();
+      assert_false(allowed);
+    }, header + ' disallows sharedStorage.selectURL() in the current page.');
+
+    async_test(t => {
+      test_feature_availability('shared-storage-select-url', t, same_origin_src,
+          expect_feature_unavailable_default);
+    }, header + ' disallows sharedStorage.selectURL() in same-origin iframes.');
+
+    async_test(t => {
+      test_feature_availability('shared-storage-select-url', t, cross_origin_src,
+          expect_feature_unavailable_default);
+    }, header + ' disallows sharedStorage.selectURL() in cross-origin iframes.');
+  </script>
+</body>

testing/web-platform/tests/shared-storage/select-url-permissions-policy-none.tentative.https.sub.html.headers

@@ -0,0 +1 @@
+Permissions-Policy: shared-storage-select-url=()

testing/web-platform/tests/shared-storage/select-url-permissions-policy-self.tentative.https.sub.html

@@ -0,0 +1,29 @@
+<!doctype html>
+<body>
+  <script src=/resources/testharness.js></script>
+  <script src=/resources/testharnessreport.js></script>
+  <script src=/permissions-policy/resources/permissions-policy.js></script>
+  <script src="/shared-storage/resources/util.js"></script>
+  <script>
+    'use strict';
+    const same_origin_src = '/shared-storage/resources/select-url-permissions-policy-helper.html';
+    const cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
+      same_origin_src;
+    const header = 'permissions policy header shared-storage-select-url=(self)';
+
+    promise_test(async t => {
+      const allowed = await IsSharedStorageSelectUrlAllowedByPermissionsPolicy();
+      assert_true(allowed);
+    }, header + ' allows sharedStorage.selectURL() in the current page.');
+
+    async_test(t => {
+      test_feature_availability('shared-storage-select-url', t, same_origin_src,
+          expect_feature_available_default);
+    }, header + ' allows sharedStorage.selectURL() in same-origin iframes.');
+
+    async_test(t => {
+      test_feature_availability('shared-storage-select-url', t, cross_origin_src,
+          expect_feature_unavailable_default);
+    }, header + ' disallows sharedStorage.selectURL() in cross-origin iframes.');
+  </script>
+</body>

testing/web-platform/tests/shared-storage/select-url-permissions-policy-self.tentative.https.sub.html.headers

@@ -0,0 +1 @@
+Permissions-Policy: shared-storage-select-url=(self)

testing/web-platform/tests/shared-storage/shared-storage-permissions-policy-default.tentative.https.sub.html

@@ -6,7 +6,7 @@
   <script src="/shared-storage/resources/util.js"></script>
   <script>
     'use strict';
-    const same_origin_src = '/shared-storage/resources/permissions-policy-helper.html';
+    const same_origin_src = '/shared-storage/resources/shared-storage-permissions-policy-helper.html';
     const cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
       same_origin_src;
     const header = 'Default permissions policy';

testing/web-platform/tests/shared-storage/shared-storage-permissions-policy-none.tentative.https.sub.html

@@ -6,7 +6,7 @@
   <script src="/shared-storage/resources/util.js"></script>
   <script>
     'use strict';
-    const same_origin_src = '/shared-storage/resources/permissions-policy-helper.html';
+    const same_origin_src = '/shared-storage/resources/shared-storage-permissions-policy-helper.html';
     const cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
       same_origin_src;
     const header = 'permissions policy header shared-storage=()';

testing/web-platform/tests/shared-storage/shared-storage-permissions-policy-self.tentative.https.sub.html

@@ -6,7 +6,7 @@
   <script src="/shared-storage/resources/util.js"></script>
   <script>
     'use strict';
-    const same_origin_src = '/shared-storage/resources/permissions-policy-helper.html';
+    const same_origin_src = '/shared-storage/resources/shared-storage-permissions-policy-helper.html';
     const cross_origin_src = 'https://{{domains[www]}}:{{ports[https][0]}}' +
       same_origin_src;
     const header = 'permissions policy header shared-storage=(self)';