Bug 1536488 - Tracking-annotation should use strict list always, r=dimi
authorAndrea Marchesini <amarchesini@mozilla.com>
Wed, 27 Mar 2019 13:51:27 +0000
changeset 466347 597f8780f0739773985dead402389283cda61fb8
parent 466340 16f19322ec762261a5abe9e70c935e6e6bf90582
child 466348 ece439cc2d6dd49fb167390fc7715cde50776c04
push id35768
push useropoprus@mozilla.com
push dateThu, 28 Mar 2019 09:55:54 +0000
treeherdermozilla-central@c045dd97faf2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdimi
bugs1536488
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1536488 - Tracking-annotation should use strict list always, r=dimi Differential Revision: https://phabricator.services.mozilla.com/D24053
modules/libpref/init/StaticPrefList.h
modules/libpref/init/all.js
netwerk/protocol/http/nsIHttpChannel.idl
netwerk/url-classifier/UrlClassifierCommon.cpp
netwerk/url-classifier/UrlClassifierFeatureTrackingAnnotation.cpp
--- a/modules/libpref/init/StaticPrefList.h
+++ b/modules/libpref/init/StaticPrefList.h
@@ -2034,16 +2034,30 @@ VARCACHE_PREF(
 // How many recent block/unblock actions per origins we remember in the
 // Content Blocking log for each top-level window.
 VARCACHE_PREF(
   "browser.contentblocking.originlog.length",
    browser_contentblocking_originlog_length,
   uint32_t, 32
 )
 
+// Annotate trackers using the strict list. If set to false, the basic list will
+// be used instead.
+#ifdef EARLY_BETA_OR_EARLIER
+#define PREF_VALUE true
+#else
+#define PREF_VALUE false
+#endif
+VARCACHE_PREF(
+  "privacy.annotate_channels.strict_list.enabled",
+   privacy_annotate_channels_strict_list_enabled,
+  bool, PREF_VALUE
+)
+#undef PREF_VALUE
+
 // Annotate channels based on the tracking protection list in all modes
 VARCACHE_PREF(
   "privacy.trackingprotection.annotate_channels",
    privacy_trackingprotection_annotate_channels,
   bool, true
 )
 
 // Block 3rd party fingerprinting resources.
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -5645,22 +5645,17 @@ pref("urlclassifier.phishTable", "googpu
 // Tables for application reputation
 pref("urlclassifier.downloadAllowTable", "goog-downloadwhite-proto");
 pref("urlclassifier.downloadBlockTable", "goog-badbinurl-proto");
 
 // Tables for login reputation
 pref("urlclassifier.passwordAllowTable", "goog-passwordwhite-proto");
 
 // Tables for anti-tracking features
-#ifdef EARLY_BETA_OR_EARLIER
-// Use the strict list for the default cookie restrictions in Nightly and early betas
 pref("urlclassifier.trackingAnnotationTable", "test-track-simple,base-track-digest256,content-track-digest256");
-#else
-pref("urlclassifier.trackingAnnotationTable", "test-track-simple,base-track-digest256");
-#endif
 pref("urlclassifier.trackingAnnotationWhitelistTable", "test-trackwhite-simple,mozstd-trackwhite-digest256");
 pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256");
 pref("urlclassifier.trackingWhitelistTable", "test-trackwhite-simple,mozstd-trackwhite-digest256");
 
 pref("urlclassifier.features.fingerprinting.blacklistTables", "base-fingerprinting-track-digest256");
 pref("urlclassifier.features.fingerprinting.whitelistTables", "mozstd-trackwhite-digest256");
 pref("urlclassifier.features.cryptomining.blacklistTables", "base-cryptomining-track-digest256");
 pref("urlclassifier.features.cryptomining.whitelistTables", "mozstd-trackwhite-digest256");
--- a/netwerk/protocol/http/nsIHttpChannel.idl
+++ b/netwerk/protocol/http/nsIHttpChannel.idl
@@ -539,29 +539,37 @@ interface nsIHttpChannel : nsIChannel
        */
       CLASSIFIED_TRACKING = 0x04,
       CLASSIFIED_TRACKING_AD = 0x08,
       CLASSIFIED_TRACKING_ANALYTICS = 0x10,
       CLASSIFIED_TRACKING_SOCIAL = 0x20,
       CLASSIFIED_TRACKING_CONTENT = 0x40,
 
       /**
-       * This is exposed to help to identify tracking classification
+       * This is exposed to help to identify tracking classification using the
+       * basic lists.
        */
-      CLASSIFIED_ANY_TRACKING = CLASSIFIED_TRACKING |
+      CLASSIFIED_ANY_BASIC_TRACKING = CLASSIFIED_TRACKING |
         CLASSIFIED_TRACKING_AD | CLASSIFIED_TRACKING_ANALYTICS |
-        CLASSIFIED_TRACKING_SOCIAL | CLASSIFIED_TRACKING_CONTENT |
-        CLASSIFIED_FINGERPRINTING,
+        CLASSIFIED_TRACKING_SOCIAL | CLASSIFIED_FINGERPRINTING,
+
+      /**
+       * This is exposed to help to identify tracking classification using the
+       * strict lists.
+       */
+      CLASSIFIED_ANY_STRICT_TRACKING = CLASSIFIED_ANY_BASIC_TRACKING |
+        CLASSIFIED_TRACKING_CONTENT,
     };
 
     /**
      * Returns true if the channel has loaded a resource that is classified as
      * tracker.
      * This is a helper attribute which returns the same value of
-     * (classificationFlags & CLASSIFIED_ANY_TRACKING)
+     * (classificationFlags & CLASSIFIED_ANY_BASIC_TRACKING) or
+     * (classificationFlags & CLASSIFIED_ANY_STRICT_TRACKING)
      *
      * Note that top-level channels could be marked as tracking
      * resource. In order to identify third-party tracking resources
      * specifically, use isThirdPartyTrackingResource().
      */
     boolean isTrackingResource();
 
 %{ C++
@@ -576,17 +584,18 @@ interface nsIHttpChannel : nsIChannel
 %}
 
     /**
      * Returns the classification flags if the channel has been processed by
      * URL-Classifier features and is considered third-party with the top
      * window URI.
      *
      * This is a helper attribute which returns the same value of
-     * (thirdPartyClassificationFlags & CLASSIFIED_ANY_TRACKING)
+     * (thirdPartyClassificationFlags & CLASSIFIED_ANY_BASIC_TRACKING) or
+     * (thirdPartyClassificationFlags & CLASSIFIED_ANY_STRICT_TRACKING)
      */
     boolean isThirdPartyTrackingResource();
 
 %{ C++
   inline bool IsThirdPartyTrackingResource()
   {
     bool value = false;
     if (NS_SUCCEEDED(IsThirdPartyTrackingResource(&value)) && value) {
--- a/netwerk/url-classifier/UrlClassifierCommon.cpp
+++ b/netwerk/url-classifier/UrlClassifierCommon.cpp
@@ -378,17 +378,25 @@ void UrlClassifierCommon::AnnotateChanne
       nsContentUtils::IsThirdPartyWindowOrChannel(nullptr, aChannel, chanURI);
 
   UC_LOG(("UrlClassifierCommon::AnnotateChannel, annotating channel[%p]",
           aChannel));
 
   SetClassificationFlagsHelper(aChannel, aClassificationFlags,
                                isThirdPartyWithTopLevelWinURI);
 
-  if (isThirdPartyWithTopLevelWinURI || IsAllowListed(aChannel, aPurpose)) {
+  // We consider valid tracking flags (based on the current strict vs basic list
+  // prefs) and cryptomining (which is not considered as tracking).
+  bool validClassificationFlags =
+      IsTrackingClassificationFlag(aClassificationFlags) ||
+      (aClassificationFlags &
+       nsIHttpChannel::ClassificationFlags::CLASSIFIED_CRYPTOMINING);
+
+  if (validClassificationFlags &&
+      (isThirdPartyWithTopLevelWinURI || IsAllowListed(aChannel, aPurpose))) {
     UrlClassifierCommon::NotifyChannelClassifierProtectionDisabled(
         aChannel, aLoadingState);
   }
 
   if (isThirdPartyWithTopLevelWinURI &&
       StaticPrefs::privacy_trackingprotection_lower_network_priority()) {
     LowerPriorityHelper(aChannel);
   }
@@ -452,13 +460,19 @@ bool UrlClassifierCommon::IsAllowListed(
     }
   }
 
   return isAllowListed;
 }
 
 // static
 bool UrlClassifierCommon::IsTrackingClassificationFlag(uint32_t aFlag) {
-  return (aFlag & nsIHttpChannel::ClassificationFlags::CLASSIFIED_ANY_TRACKING);
+  if (StaticPrefs::privacy_annotate_channels_strict_list_enabled()) {
+    return (
+        aFlag &
+        nsIHttpChannel::ClassificationFlags::CLASSIFIED_ANY_STRICT_TRACKING);
+  }
+  return (aFlag &
+          nsIHttpChannel::ClassificationFlags::CLASSIFIED_ANY_BASIC_TRACKING);
 }
 
 }  // namespace net
 }  // namespace mozilla
--- a/netwerk/url-classifier/UrlClassifierFeatureTrackingAnnotation.cpp
+++ b/netwerk/url-classifier/UrlClassifierFeatureTrackingAnnotation.cpp
@@ -122,16 +122,18 @@ UrlClassifierFeatureTrackingAnnotation::
   NS_ENSURE_ARG_POINTER(aShouldContinue);
 
   // This is not a blocking feature.
   *aShouldContinue = true;
 
   nsTArray<nsCString> list;
   Classifier::SplitTables(aList, list);
 
+  uint32_t loadingState = nsIWebProgressListener::STATE_LOADED_TRACKING_CONTENT;
+
   uint32_t flags = 0;
   for (nsCString& table : list) {
     if (StringBeginsWith(table, NS_LITERAL_CSTRING("ads-track-"))) {
       flags |= nsIHttpChannel::ClassificationFlags::CLASSIFIED_TRACKING_AD;
       continue;
     }
 
     if (StringBeginsWith(table, NS_LITERAL_CSTRING("analytics-track-"))) {
@@ -151,18 +153,17 @@ UrlClassifierFeatureTrackingAnnotation::
     }
   }
 
   if (flags == 0) {
     flags |= nsIHttpChannel::ClassificationFlags::CLASSIFIED_TRACKING;
   }
 
   UrlClassifierCommon::AnnotateChannel(
-      aChannel, AntiTrackingCommon::eTrackingAnnotations, flags,
-      nsIWebProgressListener::STATE_LOADED_TRACKING_CONTENT);
+      aChannel, AntiTrackingCommon::eTrackingAnnotations, flags, loadingState);
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 UrlClassifierFeatureTrackingAnnotation::GetURIByListType(
     nsIChannel* aChannel, nsIUrlClassifierFeature::listType aListType,
     nsIURI** aURI) {