Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Android safebrowsing safetynet #16080

Merged
merged 4 commits into from
Nov 29, 2022
Merged

Android safebrowsing safetynet #16080

merged 4 commits into from
Nov 29, 2022

Conversation

SergeyZhukovsky
Copy link
Member

@SergeyZhukovsky SergeyZhukovsky commented Nov 24, 2022
edited by fmarier
Loading

Resolves brave/brave-browser#8705

Security review: https://github.com/brave/security/issues/1118

Submitter Checklist:

  • I confirm that no security/privacy review is needed, or that I have requested one
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

  1. Make sure that brave://flags/#brave-safe-browsing is Enabled
  2. Make sure that Safe Browsing is enabled in Settings->Brave Shields & privacy
  3. Visit https://testsafebrowsing.appspot.com/ and open diff links comparing results with Chrome on Android (only the Webpage warnings and IOS/OSX Warnings sections).
  4. Make sure Brave has a parity with Chrome.
    Screenshot_1669305405

Screenshot_1669305435

@github-actions github-actions bot added the potential-layer-violation-fixes This PR touches a BUILD.gn file with check_includes=false label Nov 24, 2022
fmarier
fmarier requested changes Nov 25, 2022
View reviewed changes
Copy link
Member

@fmarier fmarier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. I'd only suggest a small change to the flag description to make it clear where the list is coming from.

android/BUILD.gn Show resolved Hide resolved
browser/about_flags.cc Outdated Show resolved Hide resolved
@SergeyZhukovsky SergeyZhukovsky added CI/skip-linux CI/skip-macos-x64 Do not run CI builds for macOS x64 CI/skip-ios Do not run CI builds for iOS labels Nov 25, 2022
@SergeyZhukovsky SergeyZhukovsky force-pushed the android_safebrowsing_safetynet branch 2 times, most recently from 8a213a7 to ef8ff4a Compare November 28, 2022 16:52
samartnik
samartnik approved these changes Nov 28, 2022
View reviewed changes
Copy link
Contributor

@samartnik samartnik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

java++

@github-actions
Copy link
Contributor

⚠️ PR head is an unsigned commit
commit: ef8ff4a717a2ce4f2e37e59bedd5418916828c08
reason: unsigned
Please follow the handbook to configure commit signing
cc: @SergeyZhukovsky

@bsclifton
Copy link
Member

bsclifton commented Nov 28, 2022
edited
Loading

Should we default the setting to ENABLED by default? (ex: the step 2 in your test plan; Make sure that Safe Browsing is enabled in Settings->Brave Shields & privacy). The feature is fine behind a flag - but with the flag flipped, it was defaulting to OFF for me

@bsclifton
Copy link
Member

Concern above discussed offline. Downloaded and sideloaded, works great! 😄 Great job @SergeyZhukovsky!

@SergeyZhukovsky SergeyZhukovsky removed CI/skip-linux CI/skip-macos-x64 Do not run CI builds for macOS x64 CI/skip-ios Do not run CI builds for iOS labels Nov 28, 2022
fmarier
fmarier approved these changes Nov 28, 2022
View reviewed changes
android/java/org/chromium/chrome/browser/privacy/settings/BravePrivacySettings.java
Preference preference = getPreferenceScreen().findPreference(PREF_SAFE_BROWSING);
if (preference != null) {
preference.setOnPreferenceClickListener((pref) -> {
if (!ChromiumPlayServicesAvailability.isGooglePlayServicesAvailable(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check is not the recommended way to do this, but we'll start with that and then revise it once we add the P3A question. The alternative is to do a dummy lookup for something like safebrowsing.google.com and then check for failure.

AlexeyBarabash
AlexeyBarabash approved these changes Nov 28, 2022
View reviewed changes
Copy link
Contributor

@AlexeyBarabash AlexeyBarabash left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

++
there are two minor questions

@SergeyZhukovsky
Copy link
Member Author

++ there are two minor questions

that's been addressed, thanks!

bridiver
bridiver approved these changes Nov 29, 2022
View reviewed changes
Copy link
Collaborator

@bridiver bridiver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

chromium_src changes look ok

@SergeyZhukovsky SergeyZhukovsky merged commit 66ec8fc into master Nov 29, 2022
@SergeyZhukovsky SergeyZhukovsky deleted the android_safebrowsing_safetynet branch November 29, 2022 18:34
@github-actions github-actions bot added this to the 1.48.x - Nightly milestone Nov 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bridiver bridiver bridiver approved these changes

@fmarier fmarier fmarier approved these changes

@Pavneet-Sing Pavneet-Sing Pavneet-Sing approved these changes

@AlexeyBarabash AlexeyBarabash AlexeyBarabash approved these changes

@samartnik samartnik samartnik approved these changes

@deeppandya deeppandya Awaiting requested review from deeppandya

Assignees

@SergeyZhukovsky SergeyZhukovsky

Labels
potential-layer-violation-fixes This PR touches a BUILD.gn file with check_includes=false
Projects
None yet
Milestone
1.48.x - Release
Development

Successfully merging this pull request may close these issues.

[Security] [Android] Safe Browsing doesn't work in android-core (Follow up to #8381)
7 participants
@SergeyZhukovsky @bsclifton @bridiver @fmarier @Pavneet-Sing @AlexeyBarabash @samartnik