Disables Serial API in blink.

Per security team request.

renderer/brave_content_renderer_client.cc

@@ -25,6 +25,7 @@ SetRuntimeFeaturesDefaultsBeforeBlinkInitialization() {
   blink::WebRuntimeFeatures::EnableFeatureFromString("FileSystemAccess", false);
   blink::WebRuntimeFeatures::EnableFeatureFromString(
       "FileSystemAccessAPIExperimental", false);
+  blink::WebRuntimeFeatures::EnableFeatureFromString("Serial", false);
 }
 
 BraveContentRendererClient::~BraveContentRendererClient() = default;

renderer/test/BUILD.gn

@@ -11,6 +11,7 @@ source_set("browser_tests") {
   sources = [
     "digital_goods_api_browsertest.cc",
     "file_system_access_browsertest.cc",
+    "serial_api_browsertest.cc",
     "subresource_web_bundles_browsertest.cc",
   ]
 

renderer/test/serial_api_browsertest.cc

@@ -0,0 +1,68 @@
+/* Copyright (c) 2021 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "base/path_service.h"
+#include "brave/common/brave_paths.h"
+#include "build/build_config.h"
+#include "chrome/browser/ui/browser.h"
+#include "chrome/browser/ui/tabs/tab_strip_model.h"
+#include "chrome/test/base/in_process_browser_test.h"
+#include "chrome/test/base/ui_test_utils.h"
+#include "content/public/browser/render_frame_host.h"
+#include "content/public/browser/web_contents.h"
+#include "content/public/common/content_switches.h"
+#include "content/public/test/browser_test.h"
+#include "content/public/test/browser_test_utils.h"
+#include "net/dns/mock_host_resolver.h"
+#include "net/test/embedded_test_server/embedded_test_server.h"
+#include "url/gurl.h"
+
+class SerialAPIBrowserTest : public InProcessBrowserTest {
+ public:
+  SerialAPIBrowserTest()
+      : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {
+    brave::RegisterPathProvider();
+    base::FilePath test_data_dir;
+    base::PathService::Get(brave::DIR_TEST_DATA, &test_data_dir);
+    https_server_.SetSSLConfig(net::EmbeddedTestServer::CERT_OK);
+    https_server_.ServeFilesFromDirectory(test_data_dir);
+  }
+
+  ~SerialAPIBrowserTest() override = default;
+
+  void SetUpOnMainThread() override {
+    InProcessBrowserTest::SetUpOnMainThread();
+
+    EXPECT_TRUE(https_server_.Start());
+    // Map all hosts to localhost.
+    host_resolver()->AddRule("*", "127.0.0.1");
+  }
+
+  content::WebContents* web_contents() {
+    return browser()->tab_strip_model()->GetActiveWebContents();
+  }
+
+  content::RenderFrameHost* main_frame() {
+    return web_contents()->GetMainFrame();
+  }
+
+ protected:
+  net::EmbeddedTestServer https_server_;
+};
+
+IN_PROC_BROWSER_TEST_F(SerialAPIBrowserTest, SerialAPIDisabled) {
+  const GURL url = https_server_.GetURL("/simple.html");
+  ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url));
+
+  auto result = content::EvalJs(main_frame(), R"((async () => {
+        let ports = await navigator.serial.getPorts();
+        return ports.length;
+      })())");
+
+  EXPECT_TRUE(
+      result.error.find("Cannot read property 'getPorts' of undefined") !=
+      std::string::npos)
+      << result.error;
+}