Disable WebRTC RTCPeerConnection in fenced frames.

WebRTC is one form of network communication that should be disabled when window.fence.disableUntrustedNetwork is called in a fenced frame. However, 1. We don't have any identified use cases for WebRTC in fenced frames 2. The revocation process would be more involved than other forms of network access, which would provide very little benefit per #1. This CL disables RTCPeerConnection construction entirely in fenced frames, regardless of whether window.fence.disableUntrustedNetwork was called or not. The change is behind an existing flag so that it does not ship until other forms of network revocation do. Disabling RTCPeerConnection *can* be handled entirely by the renderer, but a compromised renderer could potentially circumvent this to construct a peer connection anyway. A follow-up CL will add a browser-side control to ensure that this does not occur. Change-Id: Iaa2caaddeee70852179332dd89c5dbbac3ffcfbf
web-platform-tests · May 8, 2024 · 1e2969e · 1e2969e
1 parent 6813062
commit 1e2969e
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/fenced-frame/webrtc-peer-connection.https.html b/fenced-frame/webrtc-peer-connection.https.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/common/dispatcher/dispatcher.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/utils.js"></script>
+<title>Test that RTCPeerConnection construction fails in a fenced frame.</title>
+
+<body>
+  <script>
+    promise_test(async (t) => {
+      let fencedframe = attachFencedFrameContext();
+      return fencedframe.execute(() => {
+        try {
+          // Copied from https://webrtc.org/getting-started/peer-connections.
+          // The contents of the configuration object doesn't matter here,
+          // because construction should fail before the information becomes
+          // relevant.
+          const configuration = {'iceServers': [{'urls': 'stun:stun.example.com:19302'}]}
+          const peerConnection = new RTCPeerConnection(configuration);
+
+          assert_unreached("RTCPeerConnection construction should fail in a fenced frame");
+        } catch (err) {
+          assert_equals(err.name, "NotAllowedError");
+          assert_equals(err.message, "Failed to construct 'RTCPeerConnection': RTCPeerConnection is not allowed in fenced frames.");
+        }
+      });
+    }, "Test that RTCPeerConnection construction fails in a fenced frame.");
+
+  </script>
+</body>