reduce cookie tracking (4/4): onResume deletion of cookiesHEADkitkat

Optionally delete unwanted cookies (and localstorage) at every Browser
resume. The default for this feature is off - ie. maintain the current
Browser "keep every cookie" behaviour.

Optionally localstorage files (site databases) are also removed whenever
cookies have been deleted. This helps to reduce evercookie/supercookie
persistence.

A whitelist of sites that are permitted to keep cookies is stored in the
standard Browser shared_prefs. The site's cookie preference is set via a
menu checkbox when viewing the page. This allows opt-in whitelisting
behaviour on a per-site basis, suitable for saving eg. login cookies.

The cookie deletion itself is done by using existing API's to delete all
cookies and then selectively restore just those from the whitelisted sites.
Cookie counting is the only new API needed by this patch, and is used to
eliminate unnecessary cookie and localstorage deletes.

Although simplistic, onResume cookie filtering seems to work well and in
testing hasn't broken any web browsing. The underlying CookieMonster
functions operate on cached copies in ram and are asynchronous to disk so
there should be little or no measurable performance impact on browsing from
cookies. localstorage deletion is not cached by any layer so, if enabled,
might have some minor performance impact.

Change-Id: I55c69292a5ddc460e0e50b340dc4330c28becc5e

1 files changed, 22 insertions, 0 deletions

diff --git a/src/com/android/browser/Controller.java b/src/com/android/browser/Controller.java
index 2d716a8d..f01f58e8 100644
--- a/src/com/android/browser/Controller.java
+++ b/src/com/android/browser/Controller.java
@@ -688,6 +688,11 @@ public class Controller
             return;
         }
         mSettings.setLastRunPaused(false);
+
+        // delete cookies (and localstorage) early in the resume to
+        // avoid potential races with regular cookie reads and writes.
+        mSettings.clearCookiesExceptWhitelist();
+
         mActivityPaused = false;
         Tab current = mTabControl.getCurrentTab();
         if (current != null) {
@@ -1483,12 +1488,14 @@ public class Controller
         boolean canGoForward = false;
         boolean isHome = false;
         boolean isDesktopUa = false;
+        boolean hasCookiesWhitelisted = false;
         boolean isLive = false;
         if (tab != null) {
             canGoBack = tab.canGoBack();
             canGoForward = tab.canGoForward();
             isHome = mSettings.getHomePage().equals(tab.getUrl());
             isDesktopUa = mSettings.hasDesktopUseragent(tab.getWebView());
+            hasCookiesWhitelisted = mSettings.hasCookiesWhitelisted(tab.getWebView());
             isLive = !tab.isSnapshot();
         }
         final MenuItem back = menu.findItem(R.id.back_menu_id);
@@ -1529,6 +1536,11 @@ public class Controller
         menu.setGroupVisible(R.id.SNAPSHOT_MENU, !isLive);
         menu.setGroupVisible(R.id.COMBO_MENU, false);
 
+        // individual Visible needs to be after the group setting
+        final MenuItem cwSwitcher = menu.findItem(R.id.cookies_whitelisted_menu_id);
+        cwSwitcher.setChecked(hasCookiesWhitelisted);
+        cwSwitcher.setVisible(isLive && mSettings.enableDeleteCookies());
+
         mUi.updateMenuState(tab, menu);
     }
 
@@ -1656,6 +1668,10 @@ public class Controller
                 toggleUserAgent();
                 break;
 
+            case R.id.cookies_whitelisted_menu_id:
+                toggleCookiesWhitelisted();
+                break;
+
             case R.id.window_one_menu_id:
             case R.id.window_two_menu_id:
             case R.id.window_three_menu_id:
@@ -1693,6 +1709,12 @@ public class Controller
     }
 
     @Override
+    public void toggleCookiesWhitelisted() {
+        WebView web = getCurrentWebView();
+        mSettings.toggleCookiesWhitelisted(web);
+    }
+
+    @Override
     public void findOnPage() {
         getCurrentTopWebView().showFindDialog(null, true);
     }