Intent to Prototype: Re-Enable SharedArrayBuffer (SAB) on Android gated behind COOP/COEP

118 views
Skip to first unread message

Lutz Vahl

unread,
Aug 6, 2020, 7:48:05 AM8/6/20
to blin...@chromium.org

Contact emails

va...@chromium.com, bi...@chromium.org, bbu...@chromium.org 


Summary

SABs are currently disabled in Chrome on Android. As COOP/COEP have been released we can use ‘self.crossOriginIsolated’ to re-enable SABs on Android in case the site is isolated. This I2P is only targeting Android; other platforms are not affected by the change. The broader plan is outlined in: https://groups.google.com/a/chromium.org/g/blink-dev/c/_0MEXs6TJhg


If a document is cross-origin isolated:

* globalThis.crossOriginIsolated will return true.

* globalThis.SharedArrayBuffer will no longer return undefined.

* postMessage() can be used to message SharedArrayBuffer objects: https://github.com/whatwg/html/issues/4732, https://github.com/whatwg/html/pull/4734

* Agent clusters within a cross-origin isolated browsing context group are keyed on origin rather than site: this means that 

 1) shared memory is bound to a single origin (postMessage()’ing elsewhere results in a message error) 

 2) document.domain is ineffective


Motivation

As part of our response to side-channel attacks like Spectre, Chromium disabled SharedArrayBuffer globally, and then re-enabled it on platforms where we could comfortably deploy Site Isolation. Since then, we've been working through new isolation primitives in collaboration with other browser vendors that we believe will enable us to safely re-enable SharedArrayBuffers on all platforms. COOP and COEP have been shipped along with M83, and together allow developers to opt-into a "cross-origin isolated" state which substantially mitigates the risk that cross-origin data can accidentally flow into a process an attacker can poke at. Our plan is to enable SharedArrayBuffer on all platforms, only for pages that opt-into such protections.


Risks

Interoperability and Compatibility

For this intent no compatibility or interoperability risks as SABs are currently not available on Android at all.


Edge: No public signals

Firefox: Re-enable SABs on all platforms gated behind COOP/COEP in 79. https://groups.google.com/g/mozilla.dev.platform/c/-hYWoob95LI/m/k160l4k7AwAJ 

Safari: No public signals

Web / Framework developers: No public signals



Debuggability

Feature detection for SABs will work and is handling the ‘self.crossOriginIsolated’ state correctly. 


Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No, the I2P is targeting Android only. SABs are already available on platforms where we could comfortably deploy Site Isolation. The plan is to migrate the usage of SABs on these platforms as well to make the feature accessible across all platforms (see: https://groups.google.com/a/chromium.org/g/blink-dev/c/_0MEXs6TJhg


Is this feature fully tested by web-platform-tests?

Tests are in place, e.g

web-platform-tests/wpt#17719

web-platform-tests/wpt#17760

web-platform-tests/wpt#17761

web-platform-tests/wpt#17802

web-platform-tests/wpt#17909

web-platform-tests/wpt#18543

web-platform-tests/wpt#20116

web-platform-tests/wpt#22358



Link to entry on the feature dashboard

https://www.chromestatus.com/feature/4570991992766464 - SABs in generall

https://www.chromestatus.com/guide/edit/5171863141482496 - Re-Enable SABs on Android



Requesting approval to ship?

No



Lutz Vahl

Technical Program Manager



Google Germany GmbH

Erika-Mann-Strasse 36

80636 München


Geschäftsführer: Paul Manicle, Halimah DeLaine Prado

Registergericht und -nummer: Hamburg, HRB 86891

Sitz der Gesellschaft: Hamburg


Diese E-Mail ist vertraulich. Falls Sie diese fälschlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen, dass die E-Mail an die falsche Person gesendet wurde. 

     

This e-mail is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person.


Daniel Bratell

unread,
Aug 6, 2020, 2:18:05 PM8/6/20
to Lutz Vahl, blin...@chromium.org
The "broader plan" document doesn't seem to be publicly available.

I am sure there will be much rejoicing when SAB is back everywhere so I wanted to see the plan.

/Daniel

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAH0ixBPoUL-ueLj6pKD-PcL%2Bn-4ZFddOmfp%3D9SZEEqLMAMNEyA%40mail.gmail.com.

Lutz Vahl

unread,
Aug 10, 2020, 4:24:35 AM8/10/20
to Daniel Bratell, blin...@chromium.org
Thanks for the feedback, Daniel.
The broader plan is another blink-dev@ thread: Try this link: https://groups.google.com/a/chromium.org/g/blink-dev/c/_0MEXs6TJhg or search for 'Planning isolation requirements (COOP/COEP) for SharedArrayBuffer' within all threads.

Please let me know if you have any questions!

Cheers,
 Lutz

Reply all
Reply to author
Forward
0 new messages