search

secureblue / hardened-chromium

A hardened chromium for desktop Linux inspired by Vanadium.
GNU General Public License v2.0
22 stars 5 forks source link

Disabling Reporting Features #10

Closed RKNF404 closed 1 month ago

RKNF404 commented 1 month ago

Reporting and CrashReporting

RKNF404 commented 1 month ago

DocumentReporting?

qoijjj commented 1 month ago

I think these are all covered by https://github.com/secureblue/hardened-chromium/blob/master/patches/disable-metrics-reporting.patch

but I'm not sure

RKNF404 commented 1 month ago

Reporting and CrashReporting I think are different. They are referenced in things like networking logs, while metrics reporting isn't. DocumentReporting I have no idea, I'm not sure if it is enabled at all since idk if the enable_reporting gn flag is enabled by default.

qoijjj commented 1 month ago

we can set enable_reporting=false in args in the spec patch, which will cover DocumentReporting and a number of other features

qoijjj commented 1 month ago

enable_reporting is set to false now https://github.com/secureblue/hardened-chromium/blob/master/hardening.patch#L271

@RKNF404 do you know if there's a reason why Vanadium doesn't change Reporting/CrashReporting?

RKNF404 commented 1 month ago

They might be implicitly disabled? (like DocumentReporting) I can do some code searching. If anything, we can ask?

qoijjj commented 1 month ago

Can't hurt to ask. They might be able to point us to the right code faster than we can find it, or we might be highlighting a gap. Either way it's a plus :smile:

RKNF404 commented 1 month ago

Ok, did some code searching for both Reporting and CrashReporting. Here are some of my findings. Reporting is used in 2 primary contexts. This has it enabled by the enable_reporting flag so it isn't a concern. This second context appears to enable it for signed exchanges, the linked function returns true if Reporting is enabled. CrashReporting is present here. But, these appear to call the functions here and here respectively, these function's abilities are guarded by enable_reporting as well so it appears they are implicitly disabled by that build flag. So, there isn't a need to worry about it seems.

qoijjj commented 1 month ago

@RKNF404 thanks for looking into this

qoijjj commented 1 month ago

@RKNF404 this line can be reverted I think

https://github.com/secureblue/hardened-chromium/blob/master/patches/enable-audio-service-sandbox.patch#L19

reopening this to remind myself to do that

RKNF404 commented 1 month ago

@qoijjj you fixed it in the 127 port, if I'm not mistaken. Safe to reclose?