Bug 1533925 - Allow about: pages to be forced into the extension process. r=kmag

Some extensions want to implement about: pages and we want those pages to be loaded in the extension process, not in the web content process, so that: 1) a compromised web process won't get access to the about: page content 2) the extension page can use all the APIs that extension pages normally get, instead of only content script APIs. Post-Fission we will need to know which extension process to choose. Differential Revision: https://phabricator.services.mozilla.com/D24989 --HG-- extra : moz-landing-system : lando
2024-11-24 13:21:05 +00:00 · 2019-03-27 04:07:15 +00:00 · 2019-03-27 04:07:15 +00:00 · edd6809d0c
commit edd6809d0c
parent 3b56cb4de4
3 changed files with 35 additions and 6 deletions
--- a/browser/base/content/test/general/browser_e10s_about_process.js
+++ b/browser/base/content/test/general/browser_e10s_about_process.js
@ -1,6 +1,7 @@
 const CHROME_PROCESS = E10SUtils.NOT_REMOTE;
 const WEB_CONTENT_PROCESS = E10SUtils.WEB_REMOTE_TYPE;
 const PRIVILEGED_CONTENT_PROCESS = E10SUtils.PRIVILEGED_REMOTE_TYPE;
+const EXTENSION_PROCESS = E10SUtils.EXTENSION_REMOTE_TYPE;

 const CHROME = {
  id: "cb34538a-d9da-40f3-b61a-069f0b2cb9fb",
@ -23,12 +24,19 @@ const CANPRIVILEGEDREMOTE = {
  flags: Ci.nsIAboutModule.URI_MUST_LOAD_IN_CHILD |
         Ci.nsIAboutModule.URI_CAN_LOAD_IN_PRIVILEGED_CHILD,
 };
+const MUSTEXTENSION = {
+  id: "f7a1798f-965b-49e9-be83-ec6ee4d7d675",
+  path: "test-mustextension",
+  flags: Ci.nsIAboutModule.URI_MUST_LOAD_IN_EXTENSION_PROCESS,
+};
+

 const TEST_MODULES = [
  CHROME,
  CANREMOTE,
  MUSTREMOTE,
  CANPRIVILEGEDREMOTE,
+  MUSTEXTENSION,
 ];

 function AboutModule() {
@ -87,13 +95,15 @@ registerCleanupFunction(() => {
  }
 });

-function test_url(url, chromeResult, webContentResult, privilegedContentResult) {
+function test_url(url, chromeResult, webContentResult, privilegedContentResult, extensionProcessResult) {
  is(E10SUtils.canLoadURIInRemoteType(url, CHROME_PROCESS),
     chromeResult, "Check URL in chrome process.");
  is(E10SUtils.canLoadURIInRemoteType(url, WEB_CONTENT_PROCESS),
     webContentResult, "Check URL in web content process.");
  is(E10SUtils.canLoadURIInRemoteType(url, PRIVILEGED_CONTENT_PROCESS),
     privilegedContentResult, "Check URL in privileged content process.");
+  is(E10SUtils.canLoadURIInRemoteType(url, EXTENSION_PROCESS),
+     extensionProcessResult, "Check URL in extension process.");

  is(E10SUtils.canLoadURIInRemoteType(url + "#foo", CHROME_PROCESS),
     chromeResult, "Check URL with ref in chrome process.");
@ -101,6 +111,8 @@ function test_url(url, chromeResult, webContentResult, privilegedContentResult)
     webContentResult, "Check URL with ref in web content process.");
  is(E10SUtils.canLoadURIInRemoteType(url + "#foo", PRIVILEGED_CONTENT_PROCESS),
     privilegedContentResult, "Check URL with ref in privileged content process.");
+  is(E10SUtils.canLoadURIInRemoteType(url + "#foo", EXTENSION_PROCESS),
+     extensionProcessResult, "Check URL with ref in extension process.");

  is(E10SUtils.canLoadURIInRemoteType(url + "?foo", CHROME_PROCESS),
     chromeResult, "Check URL with query in chrome process.");
@ -108,6 +120,8 @@ function test_url(url, chromeResult, webContentResult, privilegedContentResult)
     webContentResult, "Check URL with query in web content process.");
  is(E10SUtils.canLoadURIInRemoteType(url + "?foo", PRIVILEGED_CONTENT_PROCESS),
     privilegedContentResult, "Check URL with query in privileged content process.");
+  is(E10SUtils.canLoadURIInRemoteType(url + "?foo", EXTENSION_PROCESS),
+     extensionProcessResult, "Check URL with query in extension process.");

  is(E10SUtils.canLoadURIInRemoteType(url + "?foo#bar", CHROME_PROCESS),
     chromeResult, "Check URL with query and ref in chrome process.");
@ -115,18 +129,20 @@ function test_url(url, chromeResult, webContentResult, privilegedContentResult)
     webContentResult, "Check URL with query and ref in web content process.");
  is(E10SUtils.canLoadURIInRemoteType(url + "?foo#bar", PRIVILEGED_CONTENT_PROCESS),
     privilegedContentResult, "Check URL with query and ref in privileged content process.");
+  is(E10SUtils.canLoadURIInRemoteType(url + "?foo#bar", EXTENSION_PROCESS),
+     extensionProcessResult, "Check URL with query and ref in extension process.");
 }

 add_task(async function test_chrome() {
-  test_url("about:" + CHROME.path, true, false, false);
+  test_url("about:" + CHROME.path, true, false, false, false);
 });

 add_task(async function test_any() {
-  test_url("about:" + CANREMOTE.path, true, true, false);
+  test_url("about:" + CANREMOTE.path, true, true, false, false);
 });

 add_task(async function test_remote() {
-  test_url("about:" + MUSTREMOTE.path, false, true, false);
+  test_url("about:" + MUSTREMOTE.path, false, true, false, false);
 });

 add_task(async function test_privileged_remote_true() {
@ -139,7 +155,7 @@ add_task(async function test_privileged_remote_true() {
  // This shouldn't be taken literally. We will always use the privileged
  // content type if the URI_CAN_LOAD_IN_PRIVILEGED_CHILD flag is enabled and
  // the pref is turned on.
-  test_url("about:" + CANPRIVILEGEDREMOTE.path, false, false, true);
+  test_url("about:" + CANPRIVILEGEDREMOTE.path, false, false, true, false);
 });

 add_task(async function test_privileged_remote_false() {
@ -152,5 +168,9 @@ add_task(async function test_privileged_remote_false() {
  // This shouldn't be taken literally. We will always use the privileged
  // content type if the URI_CAN_LOAD_IN_PRIVILEGED_CHILD flag is enabled and
  // the pref is turned on.
-  test_url("about:" + CANPRIVILEGEDREMOTE.path, false, true, false);
+  test_url("about:" + CANPRIVILEGEDREMOTE.path, false, true, false, false);
+});
+
+add_task(async function test_extension() {
+  test_url("about:" + MUSTEXTENSION.path, false, false, false, true);
 });
--- a/netwerk/protocol/about/nsIAboutModule.idl
+++ b/netwerk/protocol/about/nsIAboutModule.idl
@ -78,6 +78,11 @@ interface nsIAboutModule : nsISupports
     */
    const unsigned long URI_CAN_LOAD_IN_PRIVILEGED_CHILD = (1 << 8);

+    /**
+     * A flag that indicates that this URI must be loaded in an extension process (if available).
+     */
+    const unsigned long URI_MUST_LOAD_IN_EXTENSION_PROCESS = (1 << 9);
+
    /**
     * A method to get the flags that apply to a given about: URI.  The URI
     * passed in is guaranteed to be one of the URIs that this module
--- a/toolkit/modules/E10SUtils.jsm
+++ b/toolkit/modules/E10SUtils.jsm
@ -222,6 +222,10 @@ var E10SUtils = {
        }

        let flags = module.getURIFlags(aURI);
+        if (flags & Ci.nsIAboutModule.URI_MUST_LOAD_IN_EXTENSION_PROCESS) {
+          return WebExtensionPolicy.useRemoteWebExtensions ? EXTENSION_REMOTE_TYPE : NOT_REMOTE;
+        }
+
        if (flags & Ci.nsIAboutModule.URI_MUST_LOAD_IN_CHILD) {
          if ((flags & Ci.nsIAboutModule.URI_CAN_LOAD_IN_PRIVILEGED_CHILD) &&
              useSeparatePrivilegedContentProcess) {