[sensors] Round off Ambient Light Sensor readouts to the nearest 50 Lux.

There have been some concerns regarding the precision of readouts from the Ambient Light Sensor. To decrease the entropy, we are rounding off the illuminance value to the nearest 50 Lux to mitigate the known attack vectors as summarized in [1]. [1] w3c/ambient-light#13 (comment) This CL is based on https://chromium-review.googlesource.com/c/chromium/src/+/1695412 by Rijubrata Bhaumik and myself. Bug: 642731, 606766 Change-Id: I85449bdb835e8486b080fc269938b6c96f000c2a
web-platform-tests · Oct 11, 2019 · 363536d · 363536d
1 parent e7ac156
commit 363536d
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/generic-sensor/generic-sensor-tests.js b/generic-sensor/generic-sensor-tests.js
@@ -246,12 +246,15 @@ function runGenericSensorTests(sensorName,
     assert_true(verificationFunction(expected, sensor2, /*isNull=*/true));
   }, `${sensorName}: sensor reading is correct.`);
 
-  sensor_test(async t => {
+  sensor_test(async (t, sensorProvider) => {
     assert_true(sensorName in self);
     const sensor = new sensorType();
     const sensorWatcher = new EventWatcher(t, sensor, ["reading", "error"]);
     sensor.start();
 
+    const mockSensor = await sensorProvider.getCreatedSensor(sensorName);
+    await mockSensor.setSensorReading(readings);
+
     await sensorWatcher.wait_for("reading");
     const cachedTimeStamp1 = sensor.timestamp;
 
@@ -392,6 +395,7 @@ function runGenericSensorTests(sensorName,
     fastSensor.start();
 
     const mockSensor = await sensorProvider.getCreatedSensor(sensorName);
+    await mockSensor.setSensorReading(readings);
 
     const fastCounter = await new Promise((resolve, reject) => {
       let fastSensorNotifiedCounter = 0;

diff --git a/resources/chromium/generic_sensor_mocks.js b/resources/chromium/generic_sensor_mocks.js
@@ -199,6 +199,19 @@ var GenericSensorTest = (() => {
         this.maxFrequency_ = Math.min(10, this.maxFrequency_);
       }
 
+      // Chromium applies some rounding and other privacy-related measures that
+      // can cause ALS not to report a reading when it has not changed beyond a
+      // certain threshold compared to the previous illuminance value. Make
+      // each reading return a different value that is significantly different
+      // from the previous one when setSensorReading() is not called by client
+      // code (e.g. run_generic_sensor_iframe_tests()).
+      if (type == device.mojom.SensorType.AMBIENT_LIGHT) {
+        this.activeSensors_.get(type).setSensorReading([
+          [window.performance.now() * 100],
+          [(window.performance.now() + 50) * 100]
+        ]);
+      }
+
       const initParams = new device.mojom.SensorInitParams({
         sensor: sensorPtr,
         clientReceiver: mojo.makeRequest(this.activeSensors_.get(type).client_),