diff --git a/caps/BasePrincipal.cpp b/caps/BasePrincipal.cpp index b92ae65cc7b2..e493294136e1 100644 --- a/caps/BasePrincipal.cpp +++ b/caps/BasePrincipal.cpp @@ -347,109 +347,6 @@ BasePrincipal::Equals(nsIPrincipal* aOther, bool* aResult) { return NS_OK; } -NS_IMETHODIMP -BasePrincipal::EqualsForPermission(nsIPrincipal* aOther, bool aExactHost, - bool* aResult) { - *aResult = false; - NS_ENSURE_ARG_POINTER(aOther); - NS_ENSURE_ARG_POINTER(aResult); - - // If the principals are equal, then they match. - if (FastEquals(aOther)) { - *aResult = true; - return NS_OK; - } - - // If we are matching with an exact host, we're done now - the permissions - // don't match otherwise, we need to start comparing subdomains! - if (aExactHost) { - return NS_OK; - } - - // Compare their OriginAttributes - const mozilla::OriginAttributes& theirAttrs = aOther->OriginAttributesRef(); - const mozilla::OriginAttributes& ourAttrs = OriginAttributesRef(); - - if (theirAttrs != ourAttrs) { - return NS_OK; - } - - nsCOMPtr ourURI; - nsresult rv = GetURI(getter_AddRefs(ourURI)); - NS_ENSURE_SUCCESS(rv, rv); - auto* basePrin = BasePrincipal::Cast(aOther); - return basePrin->EqualsURIForPermission(ourURI, aResult); -} - -NS_IMETHODIMP -BasePrincipal::EqualsURIForPermission(nsIURI* aOther, bool* aResult) { - *aResult = false; - nsCOMPtr ourURI; - nsresult rv = GetURI(getter_AddRefs(ourURI)); - NS_ENSURE_SUCCESS(rv, rv); - - // Compare schemes - nsAutoCString otherScheme; - rv = aOther->GetScheme(otherScheme); - NS_ENSURE_SUCCESS(rv, rv); - - nsAutoCString ourScheme; - rv = ourURI->GetScheme(ourScheme); - NS_ENSURE_SUCCESS(rv, rv); - - if (otherScheme != ourScheme) { - return NS_OK; - } - - // Compare ports - int32_t theirPort; - rv = aOther->GetPort(&theirPort); - NS_ENSURE_SUCCESS(rv, rv); - - int32_t ourPort; - rv = ourURI->GetPort(&ourPort); - NS_ENSURE_SUCCESS(rv, rv); - - if (theirPort != ourPort) { - return NS_OK; - } - - // Check if the host or any subdomain of their host matches. - nsAutoCString theirHost; - rv = aOther->GetHost(theirHost); - if (NS_FAILED(rv) || theirHost.IsEmpty()) { - return NS_OK; - } - - nsAutoCString ourHost; - rv = ourURI->GetHost(ourHost); - if (NS_FAILED(rv) || ourHost.IsEmpty()) { - return NS_OK; - } - - nsCOMPtr tldService = - do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID); - if (!tldService) { - NS_ERROR("Should have a tld service!"); - return NS_ERROR_FAILURE; - } - - // This loop will not loop forever, as GetNextSubDomain will eventually fail - // with NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS. - while (theirHost != ourHost) { - rv = tldService->GetNextSubDomain(theirHost, theirHost); - if (NS_FAILED(rv)) { - if (rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) { - return NS_OK; - } - return rv; - } - } - - *aResult = true; - return NS_OK; -} - NS_IMETHODIMP BasePrincipal::EqualsConsideringDomain(nsIPrincipal* aOther, bool* aResult) { NS_ENSURE_ARG_POINTER(aOther); diff --git a/caps/BasePrincipal.h b/caps/BasePrincipal.h index 941751bd0350..4ee0adf60e25 100644 --- a/caps/BasePrincipal.h +++ b/caps/BasePrincipal.h @@ -106,9 +106,6 @@ class BasePrincipal : public nsJSPrincipals { NS_IMETHOD Equals(nsIPrincipal* other, bool* _retval) final; NS_IMETHOD EqualsConsideringDomain(nsIPrincipal* other, bool* _retval) final; NS_IMETHOD EqualsURI(nsIURI* aOtherURI, bool* _retval) override; - NS_IMETHOD EqualsForPermission(nsIPrincipal* other, bool aExactHost, - bool* _retval) final; - NS_IMETHOD EqualsURIForPermission(nsIURI* other, bool* _retval) final; NS_IMETHOD Subsumes(nsIPrincipal* other, bool* _retval) final; NS_IMETHOD SubsumesConsideringDomain(nsIPrincipal* other, bool* _retval) final; diff --git a/caps/nsIPrincipal.idl b/caps/nsIPrincipal.idl index 674aa253680b..2fb373dc532d 100644 --- a/caps/nsIPrincipal.idl +++ b/caps/nsIPrincipal.idl @@ -58,14 +58,6 @@ interface nsIPrincipal : nsISerializable */ boolean equals(in nsIPrincipal other); - /** - * Returns whether the other principal is equivalent to this principal - * for permission purposes - * Matches {originAttributes ,equalsURIForPermission} - */ - - boolean equalsForPermission(in nsIPrincipal other, in bool aExactHost); - /** * Like equals, but takes document.domain changes into account. */ diff --git a/extensions/permissions/Permission.cpp b/extensions/permissions/Permission.cpp index 19b4ba26f841..47e95b0bac6d 100644 --- a/extensions/permissions/Permission.cpp +++ b/extensions/permissions/Permission.cpp @@ -119,8 +119,101 @@ Permission::Matches(nsIPrincipal* aPrincipal, bool aExactHost, bool* aMatches) { NS_IMETHODIMP Permission::MatchesPrincipalForPermission(nsIPrincipal* aPrincipal, - bool aExactHost, bool* aMatches) { - return mPrincipal->EqualsForPermission(aPrincipal, aExactHost, aMatches); + bool aExactHost, bool* aMatches) { + NS_ENSURE_ARG_POINTER(aPrincipal); + NS_ENSURE_ARG_POINTER(aMatches); + + *aMatches = false; + + // If the principals are equal, then they match. + if (mPrincipal->Equals(aPrincipal)) { + *aMatches = true; + return NS_OK; + } + + // If we are matching with an exact host, we're done now - the permissions + // don't match otherwise, we need to start comparing subdomains! + if (aExactHost) { + return NS_OK; + } + + // Compare their OriginAttributes + const mozilla::OriginAttributes& theirAttrs = + aPrincipal->OriginAttributesRef(); + const mozilla::OriginAttributes& ourAttrs = mPrincipal->OriginAttributesRef(); + + if (theirAttrs != ourAttrs) { + return NS_OK; + } + + nsCOMPtr theirURI; + nsresult rv = aPrincipal->GetURI(getter_AddRefs(theirURI)); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr ourURI; + rv = mPrincipal->GetURI(getter_AddRefs(ourURI)); + NS_ENSURE_SUCCESS(rv, rv); + + // Compare schemes + nsAutoCString theirScheme; + rv = theirURI->GetScheme(theirScheme); + NS_ENSURE_SUCCESS(rv, rv); + + nsAutoCString ourScheme; + rv = ourURI->GetScheme(ourScheme); + NS_ENSURE_SUCCESS(rv, rv); + + if (theirScheme != ourScheme) { + return NS_OK; + } + + // Compare ports + int32_t theirPort; + rv = theirURI->GetPort(&theirPort); + NS_ENSURE_SUCCESS(rv, rv); + + int32_t ourPort; + rv = ourURI->GetPort(&ourPort); + NS_ENSURE_SUCCESS(rv, rv); + + if (theirPort != ourPort) { + return NS_OK; + } + + // Check if the host or any subdomain of their host matches. + nsAutoCString theirHost; + rv = theirURI->GetHost(theirHost); + if (NS_FAILED(rv) || theirHost.IsEmpty()) { + return NS_OK; + } + + nsAutoCString ourHost; + rv = ourURI->GetHost(ourHost); + if (NS_FAILED(rv) || ourHost.IsEmpty()) { + return NS_OK; + } + + nsCOMPtr tldService = + do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID); + if (!tldService) { + NS_ERROR("Should have a tld service!"); + return NS_ERROR_FAILURE; + } + + // This loop will not loop forever, as GetNextSubDomain will eventually fail + // with NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS. + while (theirHost != ourHost) { + rv = tldService->GetNextSubDomain(theirHost, theirHost); + if (NS_FAILED(rv)) { + if (rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) { + return NS_OK; + } + return rv; + } + } + + *aMatches = true; + return NS_OK; } NS_IMETHODIMP