Opened 8 months ago

Closed 8 weeks ago

#28513 closed defect (not a bug)

Change SessionStore so it doesn't violate disk avoidence goal

Reported by: sysrqb Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile, tbb-disk-leak
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

As another data point, following on #28507, we're also violating the disk avoidance goal because Fennec saves information about open tabs (and recently closed tabs) on disk in case the app is killed (see the SessionStore). This allows for restoring the browser state when the app is next opened.

I hesitate saying we should rip this out because if we want a usable browser on Android, then we'll need something like this. If the app doesn't save state, then when the user switches to another app Android may kill the browser (because it is now running in the background) and the user will lose their entire browser session.

Given the available options, I think we should keep the SessionStore enabled and rely on the #28507 preferences for clearing saved state when the user explicitly closes the app.

I think we can be a little clever with encrypting the session file on disk, but it'll require some experimentation.

Child Tickets

Change History (6)

comment:1 Changed 8 months ago by sysrqb

To be clear, this leaks a lot. As an example:

root@generic:/ # cat /data/data/org.torproject.torbrowser_alpha/files/mozilla/>
{"windows":[{"tabs":[{"entries":[{"url":"https://people.torproject.org/~sysrqb/","title":"Index of /~sysrqb","ID":0,"docshellUUID":"{6f1762cf-09d1-4298-b244-dc6641a9b9e0}","originalURI":"https://people.torproject.org/~sysrqb/","resultPrincipalURI":null,"presState":[{"stateKey":"0>html>1","scroll":"0,27830","res":0.42244893312454224,"scaleToRes":true}],"principalToInherit_base64":"vQZuXxRvRHKDMXv9BbHtkAAAAAAAAAAAwAAAAAAAAEYAAAA4bW96LW51bGxwcmluY2lwYWw6ezQ2ZGRlMjFmLWUyY2ItNDk3ZS04MDY1LTg0ZTExMDg3ZTM1Nn0AAAA+XmZpcnN0UGFydHlEb21haW49NDZkZGUyMWYtZTJjYi00OTdlLTgwNjUtODRlMTEwODdlMzU2Lm1vemlsbGE=","triggeringPrincipal_base64":"SmIS26zLEdO3ZQBgsLbOywAAAAAAAAAAwAAAAAAAAEY=","docIdentifier":0,"persist":true},{"url":"https://signal.org/download/","title":"Signal >> Download Signal","ID":4,"docshellUUID":"{6f1762cf-09d1-4298-b244-dc6641a9b9e0}","originalURI":"https://signal.org/download","resultPrincipalURI":"https://signal.org/download/","loadReplace":true,"loadReplace2":true,"principalToInherit_base64":"vQZuXxRvRHKDMXv9BbHtkAAAAAAAAAAAwAAAAAAAAEYAAAA4bW96LW51bGxwcmluY2lwYWw6e2JhMmYzNjg3LTQ5N2YtNGFjZS1iMTYyLTFiNmYxNDk2ODFhOX0AAAAA","triggeringPrincipal_base64":"SmIS26zLEdO3ZQBgsLbOywAAAAAAAAAAwAAAAAAAAEY=","docIdentifier":4,"persist":true},{"url":"https://signal.org/android/apk/","title":"Signal >> Signal Android APK","ID":5,"docshellUUID":"{6f1762cf-09d1-4298-b244-dc6641a9b9e0}","originalURI":"https://signal.org/android/apk/","resultPrincipalURI":null,"principalToInherit_base64":"vQZuXxRvRHKDMXv9BbHtkAAAAAAAAAAAwAAAAAAAAEYAAAA4bW96LW51bGxwcmluY2lwYWw6e2Q5YzU0OTk0LTllMTAtNDEyZC05Mzk5LTFjMjNlMTU4MjgyNn0AAAA+XmZpcnN0UGFydHlEb21haW49ZDljNTQ5OTQtOWUxMC00MTJkLTkzOTktMWMyM2UxNTgyODI2Lm1vemlsbGE=","triggeringPrincipal_base64":"SmIS26zLEdO3ZQBgsLbOywAAAAAAAAAAwAAAAAAAAEY=","docIdentifier":5,"persist":true}],"index":3,"attributes":{"image":null},"desktopMode":false,"isPrivate":false,"tabId":0,"parentId":-1,"scrolldata":{"scroll":"0,810","zoom":{"resolution":1,"displaySize":{"width":1080,"height":1584}}}},{"entries":[{"url":"about:downloads","title":"Downloads","ID":6,"docshellUUID":"{358696b0-1fb0-4fb6-8fed-cfd19865a528}","resultPrincipalURI":null,"triggeringPrincipal_base64":"SmIS26zLEdO3ZQBgsLbOywAAAAAAAAAAwAAAAAAAAEY=","docIdentifier":6,"persist":true},{"url":"https://people.torproject.org/~sysrqb/","title":"Index of /~sysrqb","ID":7,"docshellUUID":"{358696b0-1fb0-4fb6-8fed-cfd19865a528}","originalURI":"https://people.torproject.org/~sysrqb/","resultPrincipalURI":null,"principalToInherit_base64":"vQZuXxRvRHKDMXv9BbHtkAAAAAAAAAAAwAAAAAAAAEYAAAA4bW96LW51bGxwcmluY2lwYWw6e2Q3NDBhNmNjLTA4ZjUtNGRiNS1iNThlLThmN2UzMDM1OTg4OX0AAAA+XmZpcnN0UGFydHlEb21haW49ZDc0MGE2Y2MtMDhmNS00ZGI1LWI1OGUtOGY3ZTMwMzU5ODg5Lm1vemlsbGE=","triggeringPrincipal_base64":"SmIS26zLEdO3ZQBgsLbOywAAAAAAAAAAwAAAAAAAAEY=","docIdentifier":7,"persist":true}],"index":2,"attributes":{"image":null},"desktopMode":false,"isPrivate":false,"tabId":1,"parentId":0,"scrolldata":{"scroll":"0,782","zoom":{"resolution":0.42244893312454224,"displaySize":{"width":1080,"height":1584}}}},{"entries":[{"url":"about:firefox","title":"About Tor Browser","ID":8,"docshellUUID":"{e143d6f0-044b-4e50-a1d3-15d48decd1cc}","resultPrincipalURI":null,"triggeringPrincipal_base64":"SmIS26zLEdO3ZQBgsLbOywAAAAAAAAAAwAAAAAAAAEY=","docIdentifier":8,"persist":true}],"index":1,"attributes":{"image":null},"desktopMode":false,"isPrivate":false,"tabId":2,"parentId":1,"scrolldata":{"zoom":{"resolution":0.666700005531311,"displaySize":{"width":1080,"height":1584}}}}],"closedTabs":[],"selected":2}]}

Or, so it's readable:

{
  "windows":[
    {
      "tabs":[
        {
          "entries":[
            {
              "url":"https://people.torproject.org/~sysrqb/",
              "title":"Index of /~sysrqb",
              "ID":0,
              "docshellUUID":"{6f1762cf-09d1-4298-b244-dc6641a9b9e0}",
              "originalURI":"https://people.torproject.org/~sysrqb/",
              "resultPrincipalURI":null,
              "presState":[
                {
                  "stateKey":"0>html>1",
                  "scroll":"0,27830",
                  "res":0.42244893312454224,
                  "scaleToRes":true
                }
              ],
              "principalToInherit_base64":"vQZuXxRvRHKDMXv9BbHtkAAAAAAAAAAAwAAAAAAAAEYAAAA4bW96LW51bGxwcmluY2lwYWw6ezQ2ZGRlMjFmLWUyY2ItNDk3ZS04MDY1LTg0ZTExMDg3ZTM1Nn0AAAA+XmZpcnN0UGFydHlEb21haW49NDZkZGUyMWYtZTJjYi00OTdlLTgwNjUtODRlMTEwODdlMzU2Lm1vemlsbGE=",
              "triggeringPrincipal_base64":"SmIS26zLEdO3ZQBgsLbOywAAAAAAAAAAwAAAAAAAAEY=",
              "docIdentifier":0,
              "persist":true
            },
              [...]
          ],
          "index":1,
          "attributes":{
              "image":null
          },
          "desktopMode":false,
          "isPrivate":false,
          "tabId":2,
          "parentId":1,
          "scrolldata":{
            "zoom":{
              "resolution":0.666700005531311,
              "displaySize":{
                "width":1080,
                "height":1584
              }
            }
          }
        }
      ],
      "closedTabs":[],
      "selected":2
    }
  ]
}

comment:2 Changed 8 months ago by sysrqb

I'll just note, the issue with Android arbitrarily killing us because we're a background app may become less of a problem when Orbot is integrated - but we'll need to test this.

comment:3 Changed 8 months ago by gk

Keywords: tbb-mobile tbb-disk-leak added

comment:4 Changed 2 months ago by sysrqb

I think we can modify SessionStore so it doesn't write the state on disk, and then we can try reverting the patch for #28507 where we sanitize the tabs during startup. This should solve part of the problem with #30573.

comment:5 Changed 2 months ago by sysrqb

Okay, the SessionStore does not write private tab data on disk, it only saves normal tabs. We used #28507 as a mitigation for normal tabs being restored when the app is restarted. This brings us back to #24920 because Fennec doesn't have an easy browser.privatebrowsing.autostart pref like we have on desktop.

comment:6 Changed 8 weeks ago by sysrqb

Resolution: not a bug
Status: newclosed

Closing this because #24920 is a better solution. SessionStore does not save information about private tabs on disk. It does rely on Android for saving some state, and there is an assumption Android only retains this information in memory as long as it's needed. I don't know if this assumption is correct (that it is only kept in memory, and not written to a cache on disk).

Note: See TracTickets for help on using tickets.