[shared storage] During addModule(), switch to allow navigator but throw on navigator.locks

Currently, `navigator.locks` is the only available attribute on
`navigator` (i.e., a SharedStorageWorkletNavigator), and we want to
prevent Web Locks functionality during addModule(), because lock acquisition results (success, timing) could reveal data from other
same-origin worklets, which could enable cross-site information
leak via addModule() timing.

This change avoids unintentionally breaking existing code that might
legitimately read the navigator object (and expect no Exceptions thrown)
during module loading for purposes unrelated to Web Locks.

PR: WICG/shared-storage#227

Bug: 396148598
Change-Id: I67b217238912710ca89de319c6b7e1d9d2d1cbcf
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6256882
Reviewed-by: Tsuyoshi Horo <[email protected]>
Commit-Queue: Yao Xiao <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1419694}

Author: yaoxiachromium

third_party/blink/renderer/modules/locks/lock_manager.cc

@@ -236,7 +236,21 @@ class LockManager::LockRequestImpl final
 const char LockManager::kSupplementName[] = "LockManager";
 
 // static
-LockManager* LockManager::locks(NavigatorBase& navigator) {
+LockManager* LockManager::locks(NavigatorBase& navigator,
+                                ExceptionState& exception_state) {
+  ExecutionContext* context = navigator.GetExecutionContext();
+
+  auto* shared_storage_worklet_global_scope =
+      DynamicTo<SharedStorageWorkletGlobalScope>(context);
+
+  if (shared_storage_worklet_global_scope &&
+      !shared_storage_worklet_global_scope->add_module_finished()) {
+    exception_state.ThrowDOMException(
+        DOMExceptionCode::kNotAllowedError,
+        "navigator.locks cannot be accessed during addModule().");
+    return nullptr;
+  }
+
   auto* supplement = Supplement<NavigatorBase>::From<LockManager>(navigator);
   if (!supplement) {
     supplement = MakeGarbageCollected<LockManager>(navigator);

third_party/blink/renderer/modules/locks/lock_manager.h

@@ -36,7 +36,7 @@ class LockManager final : public ScriptWrappable,
   static const char kSupplementName[];
 
   // Web-exposed as navigator.locks
-  static LockManager* locks(NavigatorBase&);
+  static LockManager* locks(NavigatorBase&, ExceptionState&);
 
   explicit LockManager(NavigatorBase&);
 

third_party/blink/renderer/modules/locks/navigator_locks.idl

@@ -8,5 +8,6 @@
     Exposed=Window,
     ImplementedAs=LockManager
 ] partial interface Navigator {
+    [RaisesException]
     readonly attribute LockManager locks;
 };

third_party/blink/renderer/modules/locks/shared_storage_worklet_navigator_locks.idl

@@ -10,5 +10,6 @@
     Exposed=SharedStorageWorklet,
     ImplementedAs=LockManager
 ] partial interface SharedStorageWorkletNavigator {
+    [RaisesException]
     readonly attribute LockManager locks;
 };

third_party/blink/renderer/modules/locks/worker_navigator_locks.idl

@@ -8,5 +8,6 @@
     Exposed=Worker,
     ImplementedAs=LockManager
 ] partial interface WorkerNavigator {
+    [RaisesException]
     readonly attribute LockManager locks;
 };

third_party/blink/renderer/modules/shared_storage/shared_storage_worklet_global_scope.cc

@@ -1054,16 +1054,6 @@ SharedStorageWorkletGlobalScope::interestGroups(
 SharedStorageWorkletNavigator* SharedStorageWorkletGlobalScope::Navigator(
     ScriptState* script_state,
     ExceptionState& exception_state) {
-  if (!add_module_finished_) {
-    CHECK(!navigator_);
-
-    exception_state.ThrowDOMException(
-        DOMExceptionCode::kNotAllowedError,
-        "navigator cannot be accessed during addModule().");
-
-    return nullptr;
-  }
-
   if (!navigator_) {
     navigator_ = MakeGarbageCollected<SharedStorageWorkletNavigator>(
         GetExecutionContext());

third_party/blink/renderer/modules/shared_storage/shared_storage_worklet_global_scope.h

@@ -147,6 +147,8 @@ class MODULES_EXPORT SharedStorageWorkletGlobalScope final
     return permissions_policy_state_;
   }
 
+  bool add_module_finished() const { return add_module_finished_; }
+
  private:
   void OnModuleScriptDownloaded(
       const KURL& script_source_url,

third_party/blink/renderer/modules/shared_storage/shared_storage_worklet_unittest.cc

@@ -830,7 +830,8 @@ TEST_F(SharedStorageWorkletTest,
   AddModuleResult add_module_result = AddModule(/*script_content=*/R"(
     var expectedObjects = [
       "console",
-      "crypto"
+      "crypto",
+      "navigator"
     ];
 
     var expectedFunctions = [
@@ -880,9 +881,10 @@ TEST_F(SharedStorageWorkletTest,
       console.log("Expected error:", e.message);
     }
 
-    // Verify that trying to access `navigator` would throw a custom error.
+    // Verify that trying to access `navigator.locks` would throw a custom
+    // error.
     try {
-      navigator;
+      navigator.locks;
     } catch (e) {
       console.log("Expected error:", e.message);
     }
@@ -904,9 +906,9 @@ TEST_F(SharedStorageWorkletTest,
             "'SharedStorageWorkletGlobalScope': sharedStorage cannot be "
             "accessed during addModule().");
   EXPECT_EQ(test_client_->observed_console_log_messages_[1],
-            "Expected error: Failed to read the 'navigator' property from "
-            "'SharedStorageWorkletGlobalScope': navigator cannot be accessed "
-            "during addModule().");
+            "Expected error: Failed to read the 'locks' property from "
+            "'SharedStorageWorkletNavigator': navigator.locks cannot be "
+            "accessed during addModule().");
   EXPECT_EQ(test_client_->observed_console_log_messages_[2],
             "Expected async error: Failed to execute 'interestGroups' on "
             "'SharedStorageWorkletGlobalScope': interestGroups() cannot be "