Google Git
Sign in
chromium / chromium / src / HEAD / . / chrome / browser / net / system_network_context_manager.cc
blob: a5989da1363f4678da0c69f1f0c0e1fc6113da14 [file] [log] [blame]
// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/net/system_network_context_manager.h"
#include <algorithm>
#include <unordered_map>
#include <utility>
#include "base/auto_reset.h"
#include "base/build_time.h"
#include "base/command_line.h"
#include "base/feature_list.h"
#include "base/functional/bind.h"
#include "base/logging.h"
#include "base/memory/raw_ptr.h"
#include "base/metrics/histogram_functions.h"
#include "base/process/process_handle.h"
#include "base/sequence_checker.h"
#include "base/strings/string_split.h"
#include "base/values.h"
#include "build/build_config.h"
#include "build/chromeos_buildflags.h"
#include "chrome/browser/browser_features.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/component_updater/crl_set_component_installer.h"
#include "chrome/browser/component_updater/first_party_sets_component_installer.h"
#include "chrome/browser/component_updater/pki_metadata_component_installer.h"
#include "chrome/browser/net/chrome_mojo_proxy_resolver_factory.h"
#include "chrome/browser/net/convert_explicitly_allowed_network_ports_pref.h"
#include "chrome/browser/safe_browsing/safe_browsing_service.h"
#include "chrome/browser/ssl/sct_reporting_service.h"
#include "chrome/browser/ssl/ssl_config_service_manager.h"
#include "chrome/common/channel_info.h"
#include "chrome/common/chrome_features.h"
#include "chrome/common/chrome_switches.h"
#include "chrome/common/google_url_loader_throttle.h"
#include "chrome/common/pref_names.h"
#include "components/certificate_transparency/ct_known_logs.h"
#include "components/embedder_support/user_agent_utils.h"
#include "components/net_log/net_export_file_writer.h"
#include "components/net_log/net_log_proxy_source.h"
#include "components/network_session_configurator/common/network_features.h"
#include "components/os_crypt/sync/os_crypt.h"
#include "components/policy/core/common/policy_namespace.h"
#include "components/policy/core/common/policy_service.h"
#include "components/policy/policy_constants.h"
#include "components/prefs/pref_registry_simple.h"
#include "components/prefs/pref_service.h"
#include "components/variations/net/variations_http_headers.h"
#include "components/variations/variations_associated_data.h"
#include "components/version_info/version_info.h"
#include "content/public/browser/browser_child_process_observer.h"
#include "content/public/browser/browser_task_traits.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/child_process_data.h"
#include "content/public/browser/child_process_termination_info.h"
#include "content/public/browser/network_context_client_base.h"
#include "content/public/browser/network_service_instance.h"
#include "content/public/browser/network_service_util.h"
#include "content/public/common/content_switches.h"
#include "content/public/common/user_agent.h"
#include "crypto/sha2.h"
#include "mojo/public/cpp/bindings/pending_remote.h"
#include "mojo/public/cpp/bindings/receiver_set.h"
#include "mojo/public/cpp/bindings/self_owned_receiver.h"
#include "net/base/features.h"
#include "net/cert/internal/trust_store_features.h"
#include "net/cookies/cookie_util.h"
#include "net/net_buildflags.h"
#include "net/third_party/uri_template/uri_template.h"
#include "sandbox/policy/features.h"
#include "sandbox/policy/sandbox_type.h"
#include "services/cert_verifier/public/mojom/cert_verifier_service_factory.mojom.h"
#include "services/network/network_service.h"
#include "services/network/public/cpp/cross_thread_pending_shared_url_loader_factory.h"
#include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/network_switches.h"
#include "services/network/public/cpp/shared_url_loader_factory.h"
#include "services/network/public/mojom/cert_verifier_service.mojom.h"
#include "services/network/public/mojom/network_annotation_monitor.mojom.h"
#include "services/network/public/mojom/network_context.mojom.h"
#include "services/proxy_resolver/public/mojom/proxy_resolver.mojom.h"
#include "third_party/blink/public/common/features.h"
#include "url/gurl.h"
#if BUILDFLAG(IS_CHROMEOS)
#include "chrome/browser/net/network_annotation_monitor.h"
#endif // BUILDFLAG(IS_CHROMEOS)
#if BUILDFLAG(IS_CHROMEOS_ASH)
#include "chrome/browser/ash/net/dhcp_wpad_url_client.h"
#include "chrome/browser/ash/policy/core/browser_policy_connector_ash.h"
#include "chrome/browser/browser_process_platform_part.h"
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
// TODO(crbug.com/1052397): Revisit the macro expression once build flag switch
// of lacros-chrome is complete.
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_LACROS)
#include "chrome/common/chrome_paths_internal.h"
#include "chrome/grit/branded_strings.h"
#include "ui/base/l10n/l10n_util.h"
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_LACROS)
#if BUILDFLAG(ENABLE_EXTENSIONS)
#include "extensions/common/constants.h"
#endif // BUILDFLAG(ENABLE_EXTENSIONS)
#if BUILDFLAG(IS_WIN)
#include "chrome/browser/browser_features.h"
#include "chrome/browser/net/chrome_mojo_proxy_resolver_win.h"
#endif // BUILDFLAG(IS_WIN)
namespace {
// Enumeration of possible sandbox states. These values are persisted to logs,
// so entries should not be renumbered and numeric values should never be
// reused.
enum class NetworkSandboxState {
// Disabled by platform configuration. Either the platform does not support
// it, or the feature is disabled.
kDisabledByPlatform = 0,
// Enabled by platform configuration. Either the platform has it enabled by
// default, or it's enabled by feature.
kEnabledByPlatform = 1,
// Enabled by policy. Only valid on Windows where the policy is respected.
kDisabledByPolicy = 2,
// Disabled by policy. Only valid on Windows where the policy is respected.
kEnabledByPolicy = 3,
// Disabled because of a previous failed launch attempt.
kDisabledBecauseOfFailedLaunch = 4,
// Disabled because the user (might) want kerberos, which is incompatible with
// the Linux/Cros sandbox.
kDisabledBecauseOfKerberos = 5,
kMaxValue = kDisabledBecauseOfKerberos
};
// The global instance of the SystemNetworkContextManager.
SystemNetworkContextManager* g_system_network_context_manager = nullptr;
// Whether or not any instance of the system network context manager has
// received a failed launch for a sandboxed network service.
bool g_previously_failed_to_launch_sandboxed_service = false;
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
// Whether kerberos library loading will work in the network service due to the
// sandbox.
bool g_network_service_will_allow_gssapi_library_load = false;
const char* kGssapiDesiredPref =
#if BUILDFLAG(IS_CHROMEOS)
prefs::kKerberosEnabled;
#elif BUILDFLAG(IS_LINUX)
prefs::kReceivedHttpAuthNegotiateHeader;
#endif
#endif // BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
// Constructs HttpAuthStaticParams based on |local_state|.
network::mojom::HttpAuthStaticParamsPtr CreateHttpAuthStaticParams(
PrefService* local_state) {
network::mojom::HttpAuthStaticParamsPtr auth_static_params =
network::mojom::HttpAuthStaticParams::New();
#if BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_CHROMEOS)
auth_static_params->gssapi_library_name =
local_state->GetString(prefs::kGSSAPILibraryName);
#endif // BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_ANDROID) &&
// !BUILDFLAG(IS_CHROMEOS)
return auth_static_params;
}
// Constructs HttpAuthDynamicParams based on |local_state|.
network::mojom::HttpAuthDynamicParamsPtr CreateHttpAuthDynamicParams(
PrefService* local_state) {
network::mojom::HttpAuthDynamicParamsPtr auth_dynamic_params =
network::mojom::HttpAuthDynamicParams::New();
auth_dynamic_params->allowed_schemes =
base::SplitString(local_state->GetString(prefs::kAuthSchemes), ",",
base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
for (const base::Value& item :
local_state->GetList(prefs::kAllHttpAuthSchemesAllowedForOrigins)) {
auth_dynamic_params->patterns_allowed_to_use_all_schemes.push_back(
item.GetString());
}
auth_dynamic_params->server_allowlist =
local_state->GetString(prefs::kAuthServerAllowlist);
auth_dynamic_params->delegate_allowlist =
local_state->GetString(prefs::kAuthNegotiateDelegateAllowlist);
auth_dynamic_params->negotiate_disable_cname_lookup =
local_state->GetBoolean(prefs::kDisableAuthNegotiateCnameLookup);
auth_dynamic_params->enable_negotiate_port =
local_state->GetBoolean(prefs::kEnableAuthNegotiatePort);
auth_dynamic_params->basic_over_http_enabled =
local_state->GetBoolean(prefs::kBasicAuthOverHttpEnabled);
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_CHROMEOS)
auth_dynamic_params->delegate_by_kdc_policy =
local_state->GetBoolean(prefs::kAuthNegotiateDelegateByKdcPolicy);
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_CHROMEOS)
#if BUILDFLAG(IS_POSIX)
auth_dynamic_params->ntlm_v2_enabled =
local_state->GetBoolean(prefs::kNtlmV2Enabled);
#endif // BUILDFLAG(IS_POSIX)
#if BUILDFLAG(IS_ANDROID)
auth_dynamic_params->android_negotiate_account_type =
local_state->GetString(prefs::kAuthAndroidNegotiateAccountType);
#endif // BUILDFLAG(IS_ANDROID)
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
auth_dynamic_params->allow_gssapi_library_load =
local_state->GetBoolean(kGssapiDesiredPref);
#endif // BUILDFLAG(IS_CHROMEOS)
return auth_dynamic_params;
}
void OnNewHttpAuthDynamicParams(
network::mojom::HttpAuthDynamicParamsPtr& params) {
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
// The kerberos library is incompatible with the network service sandbox, so
// if library loading is now enabled, the network service needs to be
// restarted. It will be restarted unsandboxed because is
// `g_network_service_will_allow_gssapi_library_load` will be set.
if (params->allow_gssapi_library_load &&
!g_network_service_will_allow_gssapi_library_load) {
g_network_service_will_allow_gssapi_library_load = true;
// The network service, if sandboxed, will still not allow gssapi library
// loading until it is shut down. On restart the network service will get
// the correct value.
// NOTE: technically another call to OnNewHttpAuthDynamicParams() before the
// RestartNetworkService() call will leave this as true. This could happen
// if the admin sends out another edit to the HTTP auth dynamic params right
// after enabling kerberos. Then if the user attempts a load of a page that
// requires "negotiate" HTTP auth, the network service will load a GSSAPI
// library despite the sandbox. This is incredibly unlikely, probably
// wouldn't have any consequences anyway, and would be quickly self-healing
// once RestartNetworkService() runs, so there's no reason to handle this
// case.
params->allow_gssapi_library_load = false;
// Post a shutdown task because the current task probably holds a raw
// pointer to the remote.
base::SequencedTaskRunner::GetCurrentDefault()->PostTask(
FROM_HERE, base::BindOnce(&content::RestartNetworkService));
}
#endif // BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
}
void OnAuthPrefsChanged(PrefService* local_state,
const std::string& pref_name) {
auto params = CreateHttpAuthDynamicParams(local_state);
OnNewHttpAuthDynamicParams(params);
content::GetNetworkService()->ConfigureHttpAuthPrefs(std::move(params));
}
NetworkSandboxState IsNetworkSandboxEnabledInternal() {
// If previously an attempt to launch the sandboxed process failed, then
// launch unsandboxed.
if (g_previously_failed_to_launch_sandboxed_service) {
return NetworkSandboxState::kDisabledBecauseOfFailedLaunch;
}
#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
auto* local_state = g_browser_process->local_state();
#endif
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
// The network service sandbox and the kerberos library are incompatible.
// If kerberos is enabled by policy, disable the network service sandbox.
if (g_network_service_will_allow_gssapi_library_load ||
(local_state && local_state->HasPrefPath(kGssapiDesiredPref) &&
local_state->GetBoolean(kGssapiDesiredPref))) {
return NetworkSandboxState::kDisabledBecauseOfKerberos;
}
#endif // BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
#if BUILDFLAG(IS_WIN)
if (!sandbox::policy::features::IsNetworkSandboxSupported()) {
return NetworkSandboxState::kDisabledByPlatform;
}
#endif // BUILDFLAG(IS_WIN)
#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_LINUX)
if (local_state &&
local_state->HasPrefPath(prefs::kNetworkServiceSandboxEnabled)) {
return local_state->GetBoolean(prefs::kNetworkServiceSandboxEnabled)
? NetworkSandboxState::kEnabledByPolicy
: NetworkSandboxState::kDisabledByPolicy;
}
#endif // BUILDFLAG(IS_WIN) || BUILDFLAG(IS_LINUX)
// If no policy is specified, then delegate to global sandbox configuration.
return sandbox::policy::features::IsNetworkSandboxEnabled()
? NetworkSandboxState::kEnabledByPlatform
: NetworkSandboxState::kDisabledByPlatform;
}
std::vector<network::mojom::CTLogInfoPtr> GetStaticCtLogListMojo() {
std::vector<std::pair<std::string, base::Time>> disqualified_logs =
certificate_transparency::GetDisqualifiedLogs();
std::vector<network::mojom::CTLogInfoPtr> log_list_mojo;
for (const auto& ct_log : certificate_transparency::GetKnownLogs()) {
network::mojom::CTLogInfoPtr log_info = network::mojom::CTLogInfo::New();
log_info->public_key = std::string(ct_log.log_key, ct_log.log_key_length);
log_info->id = crypto::SHA256HashString(log_info->public_key);
log_info->name = ct_log.log_name;
log_info->current_operator = ct_log.current_operator;
auto it = std::lower_bound(
std::begin(disqualified_logs), std::end(disqualified_logs),
log_info->id,
[](const auto& disqualified_log, const std::string& log_id) {
return disqualified_log.first < log_id;
});
if (it != std::end(disqualified_logs) && it->first == log_info->id) {
log_info->disqualified_at = it->second;
}
for (size_t i = 0; i < ct_log.previous_operators_length; i++) {
const auto& op = ct_log.previous_operators[i];
network::mojom::PreviousOperatorEntryPtr previous_operator =
network::mojom::PreviousOperatorEntry::New();
previous_operator->name = op.name;
previous_operator->end_time = op.end_time;
log_info->previous_operators.push_back(std::move(previous_operator));
}
log_list_mojo.push_back(std::move(log_info));
}
return log_list_mojo;
}
} // namespace
class SystemNetworkContextManager::NetworkProcessLaunchWatcher
: public content::BrowserChildProcessObserver {
public:
NetworkProcessLaunchWatcher() { BrowserChildProcessObserver::Add(this); }
NetworkProcessLaunchWatcher(const NetworkProcessLaunchWatcher&) = delete;
NetworkProcessLaunchWatcher& operator=(const NetworkProcessLaunchWatcher&) =
delete;
~NetworkProcessLaunchWatcher() override {
BrowserChildProcessObserver::Remove(this);
}
private:
void BrowserChildProcessLaunchFailed(
const content::ChildProcessData& data,
const content::ChildProcessTerminationInfo& info) override {
if (data.sandbox_type == sandbox::mojom::Sandbox::kNetwork) {
// This histogram duplicates data recorded in
// ChildProcess.LaunchFailed.UtilityProcessErrorCode but is specific to
// the network service to make analysis easier.
base::UmaHistogramSparse(
"Chrome.SystemNetworkContextManager.NetworkSandboxLaunchFailed."
"ErrorCode",
info.exit_code);
#if BUILDFLAG(IS_WIN)
// This histogram duplicates data recorded in
// ChildProcess.LaunchFailed.WinLastError but is specific to the network
// service to make analysis easier.
base::UmaHistogramSparse(
"Chrome.SystemNetworkContextManager.NetworkSandboxLaunchFailed."
"WinLastError",
info.last_error);
#endif // BUILDFLAG(IS_WIN)
g_previously_failed_to_launch_sandboxed_service = true;
}
}
};
// SharedURLLoaderFactory backed by a SystemNetworkContextManager and its
// network context. Transparently handles crashes.
class SystemNetworkContextManager::URLLoaderFactoryForSystem
: public network::SharedURLLoaderFactory {
public:
explicit URLLoaderFactoryForSystem(SystemNetworkContextManager* manager)
: manager_(manager) {
DETACH_FROM_SEQUENCE(sequence_checker_);
}
URLLoaderFactoryForSystem(const URLLoaderFactoryForSystem&) = delete;
URLLoaderFactoryForSystem& operator=(const URLLoaderFactoryForSystem&) =
delete;
// mojom::URLLoaderFactory implementation:
void CreateLoaderAndStart(
mojo::PendingReceiver<network::mojom::URLLoader> receiver,
int32_t request_id,
uint32_t options,
const network::ResourceRequest& url_request,
mojo::PendingRemote<network::mojom::URLLoaderClient> client,
const net::MutableNetworkTrafficAnnotationTag& traffic_annotation)
override {
DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
if (!manager_)
return;
manager_->GetURLLoaderFactory()->CreateLoaderAndStart(
std::move(receiver), request_id, options, url_request,
std::move(client), traffic_annotation);
}
void Clone(mojo::PendingReceiver<network::mojom::URLLoaderFactory> receiver)
override {
if (!manager_)
return;
manager_->GetURLLoaderFactory()->Clone(std::move(receiver));
}
// SharedURLLoaderFactory implementation:
std::unique_ptr<network::PendingSharedURLLoaderFactory> Clone() override {
DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
return std::make_unique<network::CrossThreadPendingSharedURLLoaderFactory>(
this);
}
void Shutdown() { manager_ = nullptr; }
private:
friend class base::RefCounted<URLLoaderFactoryForSystem>;
~URLLoaderFactoryForSystem() override = default;
SEQUENCE_CHECKER(sequence_checker_);
raw_ptr<SystemNetworkContextManager> manager_;
};
network::mojom::NetworkContext* SystemNetworkContextManager::GetContext() {
if (!network_service_network_context_ ||
!network_service_network_context_.is_connected()) {
// This should call into OnNetworkServiceCreated(), which will re-create
// the network service, if needed. There's a chance that it won't be
// invoked, if the NetworkContext has encountered an error but the
// NetworkService has not yet noticed its pipe was closed. In that case,
// trying to create a new NetworkContext would fail, anyways, and hopefully
// a new NetworkContext will be created on the next GetContext() call.
content::GetNetworkService();
DCHECK(network_service_network_context_);
}
return network_service_network_context_.get();
}
network::mojom::URLLoaderFactory*
SystemNetworkContextManager::GetURLLoaderFactory() {
// Create the URLLoaderFactory as needed.
if (url_loader_factory_ && url_loader_factory_.is_connected()) {
return url_loader_factory_.get();
}
network::mojom::URLLoaderFactoryParamsPtr params =
network::mojom::URLLoaderFactoryParams::New();
params->process_id = network::mojom::kBrowserProcessId;
params->is_orb_enabled = false;
params->is_trusted = true;
url_loader_factory_.reset();
GetContext()->CreateURLLoaderFactory(
url_loader_factory_.BindNewPipeAndPassReceiver(), std::move(params));
return url_loader_factory_.get();
}
scoped_refptr<network::SharedURLLoaderFactory>
SystemNetworkContextManager::GetSharedURLLoaderFactory() {
return shared_url_loader_factory_;
}
// static
SystemNetworkContextManager* SystemNetworkContextManager::CreateInstance(
PrefService* pref_service) {
#if DCHECK_IS_ON()
// Check that this function is not reentrant.
static bool inside_this_function = false;
DCHECK(!inside_this_function);
base::AutoReset now_inside_this_function(&inside_this_function, true);
#endif // DCHECK_IS_ON()
DCHECK(!g_system_network_context_manager);
g_system_network_context_manager =
new SystemNetworkContextManager(pref_service);
return g_system_network_context_manager;
}
// static
bool SystemNetworkContextManager::HasInstance() {
return !!g_system_network_context_manager;
}
// static
SystemNetworkContextManager* SystemNetworkContextManager::GetInstance() {
if (!g_system_network_context_manager) {
// Initialize the network service, which will trigger
// ChromeContentBrowserClient::OnNetworkServiceCreated(), which calls
// CreateInstance() to initialize |g_system_network_context_manager|.
content::GetNetworkService();
// TODO(crbug.com/40634772): There should be a DCHECK() here to make sure
// |g_system_network_context_manager| has been created, but that is not
// true in many unit tests.
}
return g_system_network_context_manager;
}
// static
void SystemNetworkContextManager::DeleteInstance() {
DCHECK(g_system_network_context_manager);
delete g_system_network_context_manager;
g_system_network_context_manager = nullptr;
}
#if BUILDFLAG(IS_LINUX)
SystemNetworkContextManager::GssapiLibraryLoadObserver::
GssapiLibraryLoadObserver(SystemNetworkContextManager* owner)
: owner_(owner) {}
SystemNetworkContextManager::GssapiLibraryLoadObserver::
~GssapiLibraryLoadObserver() = default;
void SystemNetworkContextManager::GssapiLibraryLoadObserver::Install(
network::mojom::NetworkService* network_service) {
gssapi_library_loader_observer_receiver_.reset();
network_service->SetGssapiLibraryLoadObserver(
gssapi_library_loader_observer_receiver_.BindNewPipeAndPassRemote());
}
void SystemNetworkContextManager::GssapiLibraryLoadObserver::
OnBeforeGssapiLibraryLoad() {
owner_->local_state_->SetBoolean(prefs::kReceivedHttpAuthNegotiateHeader,
true);
}
#endif // BUILDFLAG(IS_LINUX)
SystemNetworkContextManager::SystemNetworkContextManager(
PrefService* local_state)
: local_state_(local_state),
ssl_config_service_manager_(local_state_),
proxy_config_monitor_(local_state_),
stub_resolver_config_reader_(local_state_) {
#if !BUILDFLAG(IS_ANDROID)
// QuicAllowed was not part of Android policy.
const base::Value* value =
g_browser_process->policy_service()
->GetPolicies(policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME,
std::string()))
.GetValue(policy::key::kQuicAllowed, base::Value::Type::BOOLEAN);
if (value)
is_quic_allowed_ = value->GetBool();
#endif // !BUILDFLAG(IS_ANDROID)
shared_url_loader_factory_ = new URLLoaderFactoryForSystem(this);
pref_change_registrar_.Init(local_state_);
PrefChangeRegistrar::NamedChangeCallback auth_pref_callback =
base::BindRepeating(&OnAuthPrefsChanged, base::Unretained(local_state_));
pref_change_registrar_.Add(prefs::kAuthSchemes, auth_pref_callback);
pref_change_registrar_.Add(prefs::kAuthServerAllowlist, auth_pref_callback);
pref_change_registrar_.Add(prefs::kAuthNegotiateDelegateAllowlist,
auth_pref_callback);
pref_change_registrar_.Add(prefs::kDisableAuthNegotiateCnameLookup,
auth_pref_callback);
pref_change_registrar_.Add(prefs::kEnableAuthNegotiatePort,
auth_pref_callback);
pref_change_registrar_.Add(prefs::kBasicAuthOverHttpEnabled,
auth_pref_callback);
pref_change_registrar_.Add(prefs::kAllHttpAuthSchemesAllowedForOrigins,
auth_pref_callback);
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_CHROMEOS)
pref_change_registrar_.Add(prefs::kAuthNegotiateDelegateByKdcPolicy,
auth_pref_callback);
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_CHROMEOS)
#if BUILDFLAG(IS_POSIX)
pref_change_registrar_.Add(prefs::kNtlmV2Enabled, auth_pref_callback);
#endif // BUILDFLAG(IS_POSIX)
#if BUILDFLAG(IS_ANDROID)
pref_change_registrar_.Add(prefs::kAuthAndroidNegotiateAccountType,
auth_pref_callback);
#endif // BUILDFLAG(IS_ANDROID)
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
pref_change_registrar_.Add(kGssapiDesiredPref, auth_pref_callback);
#endif // BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
local_state_->SetDefaultPrefValue(
prefs::kEnableReferrers,
base::Value(!base::FeatureList::IsEnabled(features::kNoReferrers)));
enable_referrers_.Init(
prefs::kEnableReferrers, local_state_,
base::BindRepeating(&SystemNetworkContextManager::UpdateReferrersEnabled,
base::Unretained(this)));
pref_change_registrar_.Add(
prefs::kExplicitlyAllowedNetworkPorts,
base::BindRepeating(
&SystemNetworkContextManager::UpdateExplicitlyAllowedNetworkPorts,
base::Unretained(this)));
#if BUILDFLAG(CHROME_ROOT_STORE_OPTIONAL)
// TODO(crbug.com/40941700): If this call is removed, clank crashes on
// startup. Not sure why.
content::GetCertVerifierServiceFactory()->SetUseChromeRootStore(
true, base::DoNothing());
#endif
#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_LINUX) || \
BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_ANDROID)
pref_change_registrar_.Add(
prefs::kEnforceLocalAnchorConstraintsEnabled,
base::BindRepeating(&SystemNetworkContextManager::
UpdateEnforceLocalAnchorConstraintsEnabled,
base::Unretained(this)));
// Call the update function immediately to set the initial value, if any.
UpdateEnforceLocalAnchorConstraintsEnabled();
#endif
if (content::IsOutOfProcessNetworkService() &&
base::FeatureList::IsEnabled(
features::kRestartNetworkServiceUnsandboxedForFailedLaunch)) {
network_process_launch_watcher_ =
std::make_unique<NetworkProcessLaunchWatcher>();
}
pref_change_registrar_.Add(
prefs::kIPv6ReachabilityOverrideEnabled,
base::BindRepeating(
&SystemNetworkContextManager::UpdateIPv6ReachabilityOverrideEnabled,
base::Unretained(this)));
}
SystemNetworkContextManager::~SystemNetworkContextManager() {
shared_url_loader_factory_->Shutdown();
}
// static
void SystemNetworkContextManager::RegisterPrefs(PrefRegistrySimple* registry) {
StubResolverConfigReader::RegisterPrefs(registry);
// Static auth params
registry->RegisterStringPref(prefs::kAuthSchemes,
"basic,digest,ntlm,negotiate");
#if BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_CHROMEOS)
registry->RegisterStringPref(prefs::kGSSAPILibraryName, std::string());
#endif // BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_ANDROID) &&
// !BUILDFLAG(IS_CHROMEOS)
// Dynamic auth params.
registry->RegisterListPref(prefs::kAllHttpAuthSchemesAllowedForOrigins);
registry->RegisterBooleanPref(prefs::kDisableAuthNegotiateCnameLookup, false);
registry->RegisterBooleanPref(prefs::kEnableAuthNegotiatePort, false);
registry->RegisterBooleanPref(prefs::kBasicAuthOverHttpEnabled, true);
registry->RegisterStringPref(prefs::kAuthServerAllowlist, std::string());
registry->RegisterStringPref(prefs::kAuthNegotiateDelegateAllowlist,
std::string());
// On ChromeOS Ash, the pref below is registered by the
// `KerberosCredentialsManager`.
#if BUILDFLAG(IS_CHROMEOS_LACROS)
registry->RegisterBooleanPref(prefs::kKerberosEnabled, false);
#endif // BUILDFLAG(IS_CHROMEOS_LACROS)
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_CHROMEOS)
registry->RegisterBooleanPref(prefs::kAuthNegotiateDelegateByKdcPolicy,
false);
#endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_CHROMEOS)
#if BUILDFLAG(IS_POSIX)
registry->RegisterBooleanPref(prefs::kNtlmV2Enabled, true);
#endif // BUILDFLAG(IS_POSIX)
#if BUILDFLAG(IS_ANDROID)
registry->RegisterStringPref(prefs::kAuthAndroidNegotiateAccountType,
std::string());
#endif // BUILDFLAG(IS_ANDROID)
// Per-NetworkContext pref. The pref value from |local_state_| is used for
// the system NetworkContext, and the per-profile pref values are used for
// the profile NetworkContexts.
registry->RegisterBooleanPref(prefs::kEnableReferrers, true);
registry->RegisterBooleanPref(prefs::kQuickCheckEnabled, true);
registry->RegisterIntegerPref(prefs::kMaxConnectionsPerProxy, -1);
#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_LINUX) || \
BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_ANDROID)
// Note that the default value is not relevant because the pref is only
// evaluated when it is managed.
registry->RegisterBooleanPref(prefs::kEnforceLocalAnchorConstraintsEnabled,
true);
#endif
registry->RegisterListPref(prefs::kExplicitlyAllowedNetworkPorts);
#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_LINUX)
registry->RegisterBooleanPref(prefs::kNetworkServiceSandboxEnabled, true);
#endif // BUILDFLAG(IS_WIN) || BUILDFLAG(IS_LINUX)
#if BUILDFLAG(IS_LINUX)
registry->RegisterBooleanPref(prefs::kReceivedHttpAuthNegotiateHeader, false);
#endif // BUILDFLAG(IS_LINUX)
registry->RegisterBooleanPref(prefs::kZstdContentEncodingEnabled, true);
registry->RegisterBooleanPref(prefs::kIPv6ReachabilityOverrideEnabled, false);
}
// static
StubResolverConfigReader*
SystemNetworkContextManager::GetStubResolverConfigReader() {
if (stub_resolver_config_reader_for_testing_)
return stub_resolver_config_reader_for_testing_;
return &GetInstance()->stub_resolver_config_reader_;
}
void SystemNetworkContextManager::OnNetworkServiceCreated(
network::mojom::NetworkService* network_service) {
// On network service restart, it's possible for |url_loader_factory_| to not
// be disconnected yet (so any consumers of GetURLLoaderFactory() in network
// service restart handling code could end up getting the old factory, which
// will then get disconnected later). Resetting the Remote is a no-op for the
// initial creation of the network service, but for restarts this guarantees
// that GetURLLoaderFactory() works as expected.
// (See crbug.com/1131803 for a motivating example and investigation.)
url_loader_factory_.reset();
// Disable QUIC globally, if needed.
if (!is_quic_allowed_)
network_service->DisableQuic();
if (content::IsOutOfProcessNetworkService()) {
mojo::PendingRemote<network::mojom::NetLogProxySource> proxy_source_remote;
mojo::PendingReceiver<network::mojom::NetLogProxySource>
proxy_source_receiver =
proxy_source_remote.InitWithNewPipeAndPassReceiver();
mojo::Remote<network::mojom::NetLogProxySink> proxy_sink_remote;
network_service->AttachNetLogProxy(
std::move(proxy_source_remote),
proxy_sink_remote.BindNewPipeAndPassReceiver());
if (net_log_proxy_source_)
net_log_proxy_source_->ShutDown();
net_log_proxy_source_ = std::make_unique<net_log::NetLogProxySource>(
std::move(proxy_source_receiver), std::move(proxy_sink_remote));
}
network_service->SetUpHttpAuth(CreateHttpAuthStaticParams(local_state_));
auto http_auth_dynamic_params = CreateHttpAuthDynamicParams(local_state_);
OnNewHttpAuthDynamicParams(http_auth_dynamic_params);
network_service->ConfigureHttpAuthPrefs(std::move(http_auth_dynamic_params));
#if BUILDFLAG(IS_LINUX)
gssapi_library_loader_observer_.Install(network_service);
#endif // BUILDFLAG(IS_LINUX)
// Configure the static Certificate Transparency logs. This must be done
// before the PKIMetadataComponentInstallerService
// ReconfigureAfterNetworkRestart call below.
if (IsCertificateTransparencyEnabled()) {
content::GetCertVerifierServiceFactory()->UpdateCtLogList(
GetStaticCtLogListMojo(),
certificate_transparency::GetLogListTimestamp(), base::DoNothing());
network_service->UpdateCtLogList(GetStaticCtLogListMojo(),
base::DoNothing());
}
int max_connections_per_proxy =
local_state_->GetInteger(prefs::kMaxConnectionsPerProxy);
if (max_connections_per_proxy != -1) {
network_service->SetMaxConnectionsPerProxyChain(max_connections_per_proxy);
}
network_service_network_context_.reset();
content::CreateNetworkContextInNetworkService(
network_service_network_context_.BindNewPipeAndPassReceiver(),
CreateNetworkContextParams());
mojo::PendingRemote<network::mojom::NetworkContextClient> client_remote;
mojo::MakeSelfOwnedReceiver(
std::make_unique<content::NetworkContextClientBase>(),
client_remote.InitWithNewPipeAndPassReceiver());
network_service_network_context_->SetClient(std::move(client_remote));
// Configure the stub resolver. This must be done after the system
// NetworkContext is created, but before anything has the chance to use it.
stub_resolver_config_reader_.UpdateNetworkService(true /* record_metrics */);
// The OSCrypt keys are process bound, so if network service is out of
// process, send it the required key.
if (content::IsOutOfProcessNetworkService()) {
#if BUILDFLAG(IS_WIN)
// On Windows, if OSCrypt async is enabled, and DPAPI key provider is also
// enabled, then OSCrypt manages the encryption key, and there is no need to
// send the key separately to OSCrypt sync.
if (!base::FeatureList::IsEnabled(
features::kUseOsCryptAsyncForCookieEncryption) ||
!base::FeatureList::IsEnabled(
features::kEnableDPAPIEncryptionProvider)) {
network_service->SetEncryptionKey(OSCrypt::GetRawEncryptionKey());
}
#else
network_service->SetEncryptionKey(OSCrypt::GetRawEncryptionKey());
#endif // BUILDFLAG(IS_WIN)
}
// Configure SCT Auditing in the NetworkService.
SCTReportingService::ReconfigureAfterNetworkRestart();
component_updater::PKIMetadataComponentInstallerService::GetInstance()
->ReconfigureAfterNetworkRestart();
UpdateExplicitlyAllowedNetworkPorts();
UpdateIPv6ReachabilityOverrideEnabled();
#if BUILDFLAG(IS_CHROMEOS)
if (base::FeatureList::IsEnabled(features::kNetworkAnnotationMonitoring)) {
// Create NetworkAnnotationMonitor.
if (!network_annotation_monitor_) {
network_annotation_monitor_ =
std::make_unique<NetworkAnnotationMonitor>();
}
// Pass NetworkAnnotationMonitor remote to NetworkService so that network
// calls can be reported.
network_service->SetNetworkAnnotationMonitor(
network_annotation_monitor_->GetClient());
}
#endif // BUILDFLAG(IS_CHROMEOS)
}
void SystemNetworkContextManager::DisableQuic() {
is_quic_allowed_ = false;
// Disabling QUIC for a profile disables QUIC globally. As a side effect, new
// Profiles will also have QUIC disabled because the network service will
// disable QUIC.
content::GetNetworkService()->DisableQuic();
}
#if BUILDFLAG(IS_WIN)
void SystemNetworkContextManager::
AddCookieEncryptionManagerToNetworkContextParams(
network::mojom::NetworkContextParams* network_context_params) {
network_context_params->cookie_encryption_provider =
cookie_encryption_provider_.BindNewRemote();
}
#endif // BUILDFLAG(IS_WIN)
void SystemNetworkContextManager::AddSSLConfigToNetworkContextParams(
network::mojom::NetworkContextParams* network_context_params) {
ssl_config_service_manager_.AddToNetworkContextParams(network_context_params);
}
void SystemNetworkContextManager::ConfigureDefaultNetworkContextParams(
network::mojom::NetworkContextParams* network_context_params) {
variations::UpdateCorsExemptHeaderForVariations(network_context_params);
GoogleURLLoaderThrottle::UpdateCorsExemptHeader(network_context_params);
network_context_params->enable_brotli = true;
network_context_params->enable_zstd =
base::FeatureList::IsEnabled(net::features::kZstdContentEncoding) &&
local_state_->GetBoolean(prefs::kZstdContentEncodingEnabled);
network_context_params->user_agent = embedder_support::GetUserAgent();
// Disable referrers by default. Any consumer that enables referrers should
// respect prefs::kEnableReferrers from the appropriate pref store.
network_context_params->enable_referrers = false;
const base::CommandLine& command_line =
*base::CommandLine::ForCurrentProcess();
// TODO(eroman): Figure out why this doesn't work in single-process mode,
// or if it does work, now.
// Should be possible now that a private isolate is used.
// http://crbug.com/474654
if (!command_line.HasSwitch(switches::kWinHttpProxyResolver)) {
if (command_line.HasSwitch(switches::kSingleProcess)) {
LOG(ERROR) << "Cannot use V8 Proxy resolver in single process mode.";
} else {
network_context_params->proxy_resolver_factory =
ChromeMojoProxyResolverFactory::CreateWithSelfOwnedReceiver();
#if BUILDFLAG(IS_CHROMEOS_ASH)
network_context_params->dhcp_wpad_url_client =
ash::DhcpWpadUrlClient::CreateWithSelfOwnedReceiver();
#endif // BUILDFLAG(IS_CHROMEOS_ASH)
}
}
#if BUILDFLAG(IS_WIN)
if (command_line.HasSwitch(switches::kUseSystemProxyResolver)) {
network_context_params->windows_system_proxy_resolver =
ChromeMojoProxyResolverWin::CreateWithSelfOwnedReceiver();
}
#endif // BUILDFLAG(IS_WIN)
network_context_params->pac_quick_check_enabled =
local_state_->GetBoolean(prefs::kQuickCheckEnabled);
// Use the SystemNetworkContextManager to populate and update SSL
// configuration. The SystemNetworkContextManager is owned by the
// BrowserProcess itself, so will only be destroyed on shutdown, at which
// point, all NetworkContexts will be destroyed as well.
AddSSLConfigToNetworkContextParams(network_context_params);
if (IsCertificateTransparencyEnabled()) {
network_context_params->enforce_chrome_ct_policy = true;
}
}
network::mojom::NetworkContextParamsPtr
SystemNetworkContextManager::CreateDefaultNetworkContextParams() {
network::mojom::NetworkContextParamsPtr network_context_params =
network::mojom::NetworkContextParams::New();
cert_verifier::mojom::CertVerifierCreationParamsPtr
cert_verifier_creation_params =
cert_verifier::mojom::CertVerifierCreationParams::New();
ConfigureDefaultNetworkContextParams(network_context_params.get());
// The system network context doesn't update the CertVerifyProc
// InstanceParams while running, so it does not attach a
// CertVerifierServiceUpdater.
network_context_params->cert_verifier_params =
content::GetCertVerifierParams(std::move(cert_verifier_creation_params));
network_context_params->acam_preflight_spec_conformant =
base::FeatureList::IsEnabled(
network::features::
kAccessControlAllowMethodsInCORSPreflightSpecConformant);
return network_context_params;
}
net_log::NetExportFileWriter*
SystemNetworkContextManager::GetNetExportFileWriter() {
if (!net_export_file_writer_) {
net_export_file_writer_ = std::make_unique<net_log::NetExportFileWriter>();
}
return net_export_file_writer_.get();
}
// static
bool SystemNetworkContextManager::IsNetworkSandboxEnabled() {
NetworkSandboxState state = IsNetworkSandboxEnabledInternal();
base::UmaHistogramEnumeration(
"Chrome.SystemNetworkContextManager.NetworkSandboxState", state);
bool enabled = true;
switch (state) {
case NetworkSandboxState::kDisabledBecauseOfKerberos:
enabled = false;
break;
case NetworkSandboxState::kDisabledByPlatform:
enabled = false;
break;
case NetworkSandboxState::kEnabledByPlatform:
enabled = true;
break;
case NetworkSandboxState::kDisabledByPolicy:
enabled = false;
break;
case NetworkSandboxState::kEnabledByPolicy:
enabled = true;
break;
case NetworkSandboxState::kDisabledBecauseOfFailedLaunch:
enabled = false;
break;
}
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
if (!enabled) {
g_network_service_will_allow_gssapi_library_load = true;
}
#endif // BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
return enabled;
}
void SystemNetworkContextManager::FlushSSLConfigManagerForTesting() {
ssl_config_service_manager_.FlushForTesting();
}
void SystemNetworkContextManager::FlushProxyConfigMonitorForTesting() {
proxy_config_monitor_.FlushForTesting();
}
void SystemNetworkContextManager::FlushNetworkInterfaceForTesting() {
DCHECK(network_service_network_context_);
network_service_network_context_.FlushForTesting();
if (url_loader_factory_)
url_loader_factory_.FlushForTesting();
}
#if BUILDFLAG(IS_CHROMEOS)
void SystemNetworkContextManager::FlushNetworkAnnotationMonitorForTesting() {
if (network_annotation_monitor_) {
network_annotation_monitor_->FlushForTesting(); // IN-TEST
}
}
#endif // BUILDFLAG(IS_CHROMEOS)
network::mojom::HttpAuthStaticParamsPtr
SystemNetworkContextManager::GetHttpAuthStaticParamsForTesting() {
return CreateHttpAuthStaticParams(g_browser_process->local_state());
}
network::mojom::HttpAuthDynamicParamsPtr
SystemNetworkContextManager::GetHttpAuthDynamicParamsForTesting() {
return CreateHttpAuthDynamicParams(g_browser_process->local_state());
}
void SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting(
std::optional<bool> enabled) {
certificate_transparency_enabled_for_testing_ = enabled;
}
void SystemNetworkContextManager::SetCTLogListTimelyForTesting() {
content::GetCertVerifierServiceFactory()->UpdateCtLogList(
GetStaticCtLogListMojo(), base::Time::Now(), base::DoNothing());
}
bool SystemNetworkContextManager::IsCertificateTransparencyEnabled() {
if (certificate_transparency_enabled_for_testing_.has_value())
return certificate_transparency_enabled_for_testing_.value();
// Certificate Transparency is enabled:
// - by default for Chrome-branded builds
// - on an opt-in basis for other builds and embedders, controlled with the
// kCertificateTransparencyAskBeforeEnabling flag
return base::FeatureList::IsEnabled(
features::kCertificateTransparencyAskBeforeEnabling);
}
network::mojom::NetworkContextParamsPtr
SystemNetworkContextManager::CreateNetworkContextParams() {
// TODO(mmenke): Set up parameters here (in memory cookie store, etc).
network::mojom::NetworkContextParamsPtr network_context_params =
CreateDefaultNetworkContextParams();
network_context_params->enable_referrers = enable_referrers_.GetValue();
network_context_params->http_cache_enabled = false;
proxy_config_monitor_.AddToNetworkContextParams(network_context_params.get());
return network_context_params;
}
void SystemNetworkContextManager::UpdateExplicitlyAllowedNetworkPorts() {
// Currently there are no uses of net::IsPortAllowedForScheme() in the browser
// process. If someone adds one then we'll have to also call
// net::SetExplicitlyAllowedPorts() directly here, on the appropriate thread.
content::GetNetworkService()->SetExplicitlyAllowedPorts(
ConvertExplicitlyAllowedNetworkPortsPref(local_state_));
}
#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_LINUX) || \
BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_ANDROID)
void SystemNetworkContextManager::UpdateEnforceLocalAnchorConstraintsEnabled() {
const PrefService::Preference* enforce_local_anchor_constraints_enabled_pref =
local_state_->FindPreference(
prefs::kEnforceLocalAnchorConstraintsEnabled);
if (enforce_local_anchor_constraints_enabled_pref->IsManaged()) {
// This depends on the CertVerifierService running in the browser process.
// If that changes, this would need to become a mojo message.
net::SetLocalAnchorConstraintsEnforcementEnabled(
enforce_local_anchor_constraints_enabled_pref->GetValue()->GetBool());
} else {
net::SetLocalAnchorConstraintsEnforcementEnabled(
base::FeatureList::IsEnabled(
net::features::kEnforceLocalAnchorConstraints));
}
}
#endif
void SystemNetworkContextManager::UpdateReferrersEnabled() {
GetContext()->SetEnableReferrers(enable_referrers_.GetValue());
}
void SystemNetworkContextManager::UpdateIPv6ReachabilityOverrideEnabled() {
bool is_managed = local_state_->IsManagedPreference(
prefs::kIPv6ReachabilityOverrideEnabled);
bool pref_value =
local_state_->GetBoolean(prefs::kIPv6ReachabilityOverrideEnabled);
bool is_launched = base::FeatureList::IsEnabled(
net::features::kEnableIPv6ReachabilityOverride);
bool value = is_managed ? pref_value : is_launched;
content::GetNetworkService()->SetIPv6ReachabilityOverride(value);
}
// static
StubResolverConfigReader*
SystemNetworkContextManager::stub_resolver_config_reader_for_testing_ =
nullptr;
std::optional<bool>
SystemNetworkContextManager::certificate_transparency_enabled_for_testing_ =
std::nullopt;