Bug 1761018 - System Principaled SharedWorkers in Private Browsing windows should not assert. r=dom-worker-reviewers,smaug

Currently we allow the System Principal to create SharedWorkers (and we want to continue supporting this). In private browsing windows, however, StorageAllowedForWindow returns ePrivateBrowsing and a MOZ_DIAGNOSTIC_ASSERT origin-attribute check gets upset, effectively breaking the use of SharedWorkers. We address this by following our existing idiom for other storage-keyed APIs where we special-case the system principal in our API logic and only call StorageAllowedForWindow if we're not dealing with the system principal. Because the SharedWorker::Constructor uses the StorageAccess value to impact additional behavioral checks related to use of the partitioned principal, we assign StorageAccess::eAllow in the system principal case. Differential Revision: https://phabricator.services.mozilla.com/D144778
2024-11-23 21:01:08 +00:00 · 2022-04-27 15:47:45 +00:00 · 2022-04-27 15:47:45 +00:00 · 43a26e1234
commit 43a26e1234
parent 7792217d05
2 changed files with 29 additions and 4 deletions
--- a/dom/workers/sharedworkers/SharedWorker.cpp
+++ b/dom/workers/sharedworkers/SharedWorker.cpp
@ -66,7 +66,22 @@ already_AddRefed<SharedWorker> SharedWorker::Constructor(
      do_QueryInterface(aGlobal.GetAsSupports());
  MOZ_ASSERT(window);

-  auto storageAllowed = StorageAllowedForWindow(window);
+  // Our current idiom is that storage-related APIs specialize for the system
+  // principal themselves, which is consistent with StorageAllowedForwindow not
+  // specializing for the system principal.  Without this specialization we
+  // would end up with ePrivateBrowsing for system principaled private browsing
+  // windows which is explicitly not what we want.  System Principal code always
+  // should have access to storage.  It may make sense to enhance
+  // StorageAllowedForWindow in the future to handle this after comprehensive
+  // auditing.
+  nsCOMPtr<nsIPrincipal> principal = aGlobal.GetSubjectPrincipal();
+  StorageAccess storageAllowed;
+  if (principal && principal->IsSystemPrincipal()) {
+    storageAllowed = StorageAccess::eAllow;
+  } else {
+    storageAllowed = StorageAllowedForWindow(window);
+  }
+
  if (storageAllowed == StorageAccess::eDeny) {
    aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
    return nullptr;
@ -83,8 +98,6 @@ already_AddRefed<SharedWorker> SharedWorker::Constructor(
  // StorageAccess value.
 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
  if (storageAllowed == StorageAccess::ePrivateBrowsing) {
-    nsCOMPtr<Document> doc = window->GetExtantDoc();
-    nsCOMPtr<nsIPrincipal> principal = doc ? doc->NodePrincipal() : nullptr;
    uint32_t privateBrowsingId = 0;
    if (principal) {
      MOZ_ALWAYS_SUCCEEDS(principal->GetPrivateBrowsingId(&privateBrowsingId));
--- a/dom/workers/test/test_sharedWorker_privateBrowsing.html
+++ b/dom/workers/test/test_sharedWorker_privateBrowsing.html
@ -61,9 +61,21 @@ function doTests() {
  });
 }

+function doSystemSharedWorkerTest() {
+  try {
+    let chromeShared =
+      new wP.SharedWorker("chrome://mochitests/content/dom/workers/test/sharedWorker_privateBrowsing.js");
+    ok(true, "system SharedWorker created without throwing or crashing!");
+  } catch (_ex) {
+    ok(false, "system SharedWorker should not throw or crash");
+  }
+  runTest();
+}
+
 var steps = [
  setupWindow,
-  doTests
+  doTests,
+  doSystemSharedWorkerTest,
 ];

 function runTest() {