Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-24 13:21:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1302047 - Ignore userContextId and firstPartyDomain when matching permissions. r=baku

Browse Source 
--HG--
extra : rebase_source : da81c21da92810d808ebe865a456cc9d04058ce3
This commit is contained in:
Jonathan Hao 2016-09-20 16:35:21 +08:00
parent 61bd32ab34
commit 8a70bfa5fc
5 changed files with 120 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
caps/BasePrincipal.cpp
View File

@ -65,6 +65,13 @@ PrincipalOriginAttributes::InheritFromNecko(const NeckoOriginAttributes& aAttrs)
mFirstPartyDomain = aAttrs.mFirstPartyDomain;
}
void
PrincipalOriginAttributes::StripUserContextIdAndFirstPartyDomain()
{
mUserContextId = nsIScriptSecurityManager::DEFAULT_USER_CONTEXT_ID;
mFirstPartyDomain.Truncate();
}
void
DocShellOriginAttributes::InheritFromDocToChildDocShell(const PrincipalOriginAttributes& aAttrs)
{
@ -717,6 +724,23 @@ BasePrincipal::CreateCodebasePrincipal(const nsACString& aOrigin)
return BasePrincipal::CreateCodebasePrincipal(uri, attrs);
}
already_AddRefed<BasePrincipal>
BasePrincipal::CloneStrippingUserContextIdAndFirstPartyDomain()
{
PrincipalOriginAttributes attrs = OriginAttributesRef();
attrs.StripUserContextIdAndFirstPartyDomain();
nsAutoCString originNoSuffix;
nsresult rv = GetOriginNoSuffix(originNoSuffix);
NS_ENSURE_SUCCESS(rv, nullptr);
nsCOMPtr<nsIURI> uri;
rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
NS_ENSURE_SUCCESS(rv, nullptr);
return BasePrincipal::CreateCodebasePrincipal(uri, attrs);
}
bool
BasePrincipal::AddonAllowsLoad(nsIURI* aURI)
{

4
caps/BasePrincipal.h
View File

@ -104,6 +104,8 @@ public:
// Inherit OriginAttributes from Necko.
void InheritFromNecko(const NeckoOriginAttributes& aAttrs);
void StripUserContextIdAndFirstPartyDomain();
};
// For OriginAttributes stored on docshells / loadcontexts / browsing contexts.
@ -314,6 +316,8 @@ public:
virtual PrincipalKind Kind() = 0;
already_AddRefed<BasePrincipal> CloneStrippingUserContextIdAndFirstPartyDomain();
protected:
virtual ~BasePrincipal();

32
extensions/cookie/nsPermission.cpp
View File

@ -27,6 +27,24 @@ nsPermission::nsPermission(nsIPrincipal* aPrincipal,
{
}
already_AddRefed<nsPermission>
nsPermission::Create(nsIPrincipal* aPrincipal,
const nsACString &aType,
uint32_t aCapability,
uint32_t aExpireType,
int64_t aExpireTime)
{
NS_ENSURE_TRUE(aPrincipal, nullptr);
nsCOMPtr<nsIPrincipal> principal =
mozilla::BasePrincipal::Cast(aPrincipal)->CloneStrippingUserContextIdAndFirstPartyDomain();
NS_ENSURE_TRUE(principal, nullptr);
RefPtr<nsPermission> permission =
new nsPermission(principal, aType, aCapability, aExpireType, aExpireTime);
return permission.forget();
}
NS_IMETHODIMP
nsPermission::GetPrincipal(nsIPrincipal** aPrincipal)
{
@ -71,8 +89,16 @@ nsPermission::Matches(nsIPrincipal* aPrincipal, bool aExactHost, bool* aMatches)
*aMatches = false;
nsCOMPtr<nsIPrincipal> principal =
mozilla::BasePrincipal::Cast(aPrincipal)->CloneStrippingUserContextIdAndFirstPartyDomain();
if (!principal) {
*aMatches = false;
return NS_OK;
}
// If the principals are equal, then they match.
if (mPrincipal->Equals(aPrincipal)) {
if (mPrincipal->Equals(principal)) {
*aMatches = true;
return NS_OK;
}
@ -84,7 +110,7 @@ nsPermission::Matches(nsIPrincipal* aPrincipal, bool aExactHost, bool* aMatches)
}
// Compare their OriginAttributes
const mozilla::PrincipalOriginAttributes& theirAttrs = mozilla::BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
const mozilla::PrincipalOriginAttributes& theirAttrs = mozilla::BasePrincipal::Cast(principal)->OriginAttributesRef();
const mozilla::PrincipalOriginAttributes& ourAttrs = mozilla::BasePrincipal::Cast(mPrincipal)->OriginAttributesRef();
if (theirAttrs != ourAttrs) {
@ -92,7 +118,7 @@ nsPermission::Matches(nsIPrincipal* aPrincipal, bool aExactHost, bool* aMatches)
}
nsCOMPtr<nsIURI> theirURI;
nsresult rv = aPrincipal->GetURI(getter_AddRefs(theirURI));
nsresult rv = principal->GetURI(getter_AddRefs(theirURI));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIURI> ourURI;

8
extensions/cookie/nsPermission.h
View File

@ -18,13 +18,19 @@ public:
NS_DECL_ISUPPORTS
NS_DECL_NSIPERMISSION
static already_AddRefed<nsPermission> Create(nsIPrincipal* aPrincipal,
const nsACString &aType,
uint32_t aCapability,
uint32_t aExpireType,
int64_t aExpireTime);
protected:
nsPermission(nsIPrincipal* aPrincipal,
const nsACString &aType,
uint32_t aCapability,
uint32_t aExpireType,
int64_t aExpireTime);
protected:
virtual ~nsPermission() {};
nsCOMPtr<nsIPrincipal> mPrincipal;

108
extensions/cookie/nsPermissionManager.cpp
View File

@ -122,13 +122,8 @@ GetOriginFromPrincipal(nsIPrincipal* aPrincipal, nsACString& aOrigin)
// any knowledge of private browsing. Allowing it to be true changes the suffix being hashed.
attrs.mPrivateBrowsingId = 0;
// TODO: Bug 1302047 - Ignore userContextId and firstPartyDomain when matching permissions.
// set to default to disable user context isolation for permissions
attrs.mUserContextId = nsIScriptSecurityManager::DEFAULT_USER_CONTEXT_ID;
// set to default to disable firstParty isolation for permissions.
attrs.mFirstPartyDomain.Truncate();
// Disable userContext and firstParty isolation for permissions.
attrs.StripUserContextIdAndFirstPartyDomain();
attrs.CreateSuffix(suffix);
aOrigin.Append(suffix);
@ -144,13 +139,8 @@ GetPrincipalFromOrigin(const nsACString& aOrigin, nsIPrincipal** aPrincipal)
return NS_ERROR_FAILURE;
}
// TODO: Bug 1302047 - Ignore userContextId and firstPartyDomain when matching permissions.
// set to default to disable user context isolation for permissions
attrs.mUserContextId = nsIScriptSecurityManager::DEFAULT_USER_CONTEXT_ID;
// set to default to disable firstParty isolation for permissions.
attrs.mFirstPartyDomain.Truncate();
// Disable userContext and firstParty isolation for permissions.
attrs.StripUserContextIdAndFirstPartyDomain();
nsCOMPtr<nsIURI> uri;
nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
@ -2065,11 +2055,14 @@ nsPermissionManager::GetPermissionObject(nsIPrincipal* aPrincipal,
NS_ENSURE_SUCCESS(rv, rv);
PermissionEntry& perm = entry->GetPermissions()[idx];
nsCOMPtr<nsIPermission> r = new nsPermission(principal,
mTypeArray.ElementAt(perm.mType),
perm.mPermission,
perm.mExpireType,
perm.mExpireTime);
nsCOMPtr<nsIPermission> r = nsPermission::Create(principal,
mTypeArray.ElementAt(perm.mType),
perm.mPermission,
perm.mExpireType,
perm.mExpireTime);
if (NS_WARN_IF(!r)) {
return NS_ERROR_FAILURE;
}
r.forget(aResult);
return NS_OK;
}
@ -2208,13 +2201,8 @@ nsPermissionManager::GetPermissionHashKey(nsIPrincipal* aPrincipal,
mozilla::PrincipalOriginAttributes attrs =
mozilla::BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
// TODO: Bug 1302047 - Ignore userContextId and firstPartyDomain when matching permissions.
// ensure that the user context isolation is disabled
attrs.mUserContextId = nsIScriptSecurityManager::DEFAULT_USER_CONTEXT_ID;
// ensure firstPartyIsolation is disabled.
attrs.mFirstPartyDomain.Truncate();
// Disable userContext and firstParty isolation for permissions.
attrs.StripUserContextIdAndFirstPartyDomain();
nsCOMPtr<nsIPrincipal> principal =
mozilla::BasePrincipal::CreateCodebasePrincipal(newURI, attrs);
@ -2248,12 +2236,16 @@ NS_IMETHODIMP nsPermissionManager::GetEnumerator(nsISimpleEnumerator **aEnum)
continue;
}
array.AppendObject(
new nsPermission(principal,
mTypeArray.ElementAt(permEntry.mType),
permEntry.mPermission,
permEntry.mExpireType,
permEntry.mExpireTime));
nsCOMPtr<nsIPermission> permission =
nsPermission::Create(principal,
mTypeArray.ElementAt(permEntry.mType),
permEntry.mPermission,
permEntry.mExpireType,
permEntry.mExpireTime);
if (NS_WARN_IF(!permission)) {
continue;
}
array.AppendObject(permission);
}
}
@ -2278,12 +2270,16 @@ NS_IMETHODIMP nsPermissionManager::GetAllForURI(nsIURI* aURI, nsISimpleEnumerato
continue;
}
array.AppendObject(
new nsPermission(principal,
mTypeArray.ElementAt(permEntry.mType),
permEntry.mPermission,
permEntry.mExpireType,
permEntry.mExpireTime));
nsCOMPtr<nsIPermission> permission =
nsPermission::Create(principal,
mTypeArray.ElementAt(permEntry.mType),
permEntry.mPermission,
permEntry.mExpireType,
permEntry.mExpireTime);
if (NS_WARN_IF(!permission)) {
continue;
}
array.AppendObject(permission);
}
}
@ -2328,12 +2324,16 @@ nsPermissionManager::RemoveAllModifiedSince(int64_t aModificationTime)
continue;
}
array.AppendObject(
new nsPermission(principal,
mTypeArray.ElementAt(permEntry.mType),
permEntry.mPermission,
permEntry.mExpireType,
permEntry.mExpireTime));
nsCOMPtr<nsIPermission> permission =
nsPermission::Create(principal,
mTypeArray.ElementAt(permEntry.mType),
permEntry.mPermission,
permEntry.mExpireType,
permEntry.mExpireTime);
if (NS_WARN_IF(!permission)) {
continue;
}
array.AppendObject(permission);
}
}
@ -2400,12 +2400,16 @@ nsPermissionManager::RemovePermissionsWithAttributes(mozilla::OriginAttributesPa
}
for (const auto& permEntry : entry->GetPermissions()) {
permissions.AppendObject(
new nsPermission(principal,
mTypeArray.ElementAt(permEntry.mType),
permEntry.mPermission,
permEntry.mExpireType,
permEntry.mExpireTime));
nsCOMPtr<nsIPermission> permission =
nsPermission::Create(principal,
mTypeArray.ElementAt(permEntry.mType),
permEntry.mPermission,
permEntry.mExpireType,
permEntry.mExpireTime);
if (NS_WARN_IF(!permission)) {
continue;
}
permissions.AppendObject(permission);
}
}
@ -2536,8 +2540,8 @@ nsPermissionManager::NotifyObserversWithPermission(nsIPrincipal* aPrincipal,
const char16_t *aData)
{
nsCOMPtr<nsIPermission> permission =
new nsPermission(aPrincipal, aType, aPermission,
aExpireType, aExpireTime);
nsPermission::Create(aPrincipal, aType, aPermission,
aExpireType, aExpireTime);
if (permission)
NotifyObservers(permission, aData);
}