mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 05:11:16 +00:00
1eb3c1d7cd
Previously, the WebExtension protocol used dynamic protocol flags which were based on the WebExtension policy in order to enforce things such as availability in private browsing and the accessibility of certain resources. Since the shift to MV3, these checks have required more complex checks than what was possible to specify with protocol flags, which required the addition of WEBEXT_URI_WEB_ACCESSIBLE - a security flag which would trigger further checks with the EPS to determine if the URI can be loaded. This was somewhat inefficient, as fetching the URI flags would require looking up the policy each time dynamic flags were looked up, as well as when policy specifics were being checked after loading flags. In addition, it lead to a number of flags which were very specific to extension protocols. This patch changes extensions to no longer have dynamic flags, instead specifying the static `URI_IS_WEBEXTENSION_RESOURCE` security flag. When this flag is specified, security checks are made by querying the ExtensionPolicyService to ask if the load should be permitted, combining the specific security checks for Extension resources into a simpler code-path, and avoids redundant checks. Differential Revision: https://phabricator.services.mozilla.com/D216076
105 lines
3.6 KiB
Plaintext
105 lines
3.6 KiB
Plaintext
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "nsISupports.idl"
|
|
#include "nsIURI.idl"
|
|
|
|
/**
|
|
* This interface allows the security manager to query custom per-addon security
|
|
* policy.
|
|
*/
|
|
[scriptable, uuid(8a034ef9-9d14-4c5d-8319-06c1ab574baa)]
|
|
interface nsIAddonPolicyService : nsISupports
|
|
{
|
|
/**
|
|
* Returns the default content security policy which applies to extension
|
|
* documents which do not specify any custom policies.
|
|
*/
|
|
readonly attribute AString defaultCSP;
|
|
|
|
/**
|
|
* Same as above, but used for extensions using manifest v3.
|
|
*/
|
|
readonly attribute AString defaultCSPV3;
|
|
|
|
/**
|
|
* Returns the base content security policy which applies to all extension resources.
|
|
*/
|
|
AString getBaseCSP(in AString aAddonId);
|
|
|
|
/**
|
|
* Returns the content security policy which applies to documents belonging
|
|
* to the extension with the given ID. This may be either a custom policy,
|
|
* if one was supplied, or the default policy if one was not.
|
|
*/
|
|
AString getExtensionPageCSP(in AString aAddonId);
|
|
|
|
/**
|
|
* Returns the generated background page as a data-URI, if any. If the addon
|
|
* does not have an auto-generated background page, an empty string is
|
|
* returned.
|
|
*/
|
|
ACString getGeneratedBackgroundPageUrl(in ACString aAddonId);
|
|
|
|
/**
|
|
* Returns true if the addon was granted the |aPerm| API permission.
|
|
*/
|
|
boolean addonHasPermission(in AString aAddonId, in AString aPerm);
|
|
|
|
/**
|
|
* Returns true if unprivileged code associated with the given addon may load
|
|
* data from |aURI|. If |aExplicit| is true, the <all_urls> permission and
|
|
* permissive host globs are ignored when checking for a match.
|
|
*/
|
|
boolean addonMayLoadURI(in AString aAddonId, in nsIURI aURI, [optional] in boolean aExplicit);
|
|
|
|
/**
|
|
* Returns the name of the WebExtension with the given ID, or the ID string
|
|
* if no matching add-on can be found.
|
|
*/
|
|
AString getExtensionName(in AString aAddonId);
|
|
|
|
/**
|
|
* Returns true if a given moz-extension:// URI is web-accessible and loadable by the source.
|
|
* This should be called if the protocol flags for the extension URI has
|
|
* URI_IS_WEBEXTENSION_RESOURCE.
|
|
*/
|
|
boolean sourceMayLoadExtensionURI(in nsIURI aSourceURI, in nsIURI aExtensionURI,
|
|
[optional] in boolean aFromPrivateWindow);
|
|
|
|
/**
|
|
* Maps an extension URI to the ID of the addon it belongs to.
|
|
*/
|
|
AString extensionURIToAddonId(in nsIURI aURI);
|
|
};
|
|
|
|
/**
|
|
* This interface exposes functionality related to add-on content policy
|
|
* enforcement.
|
|
*/
|
|
[scriptable, uuid(7a4fe60b-9131-45f5-83f3-dc63b5d71a5d)]
|
|
interface nsIAddonContentPolicy : nsISupports
|
|
{
|
|
/* options to pass to validateAddonCSP
|
|
*
|
|
* Manifest V2 uses CSP_ALLOW_ANY.
|
|
* In Manifest V3, extension_pages would use CSP_ALLOW_WASM
|
|
* and sandbox would use CSP_ALLOW_EVAL.
|
|
*/
|
|
const unsigned long CSP_ALLOW_ANY = 0xFFFF;
|
|
const unsigned long CSP_ALLOW_LOCALHOST = (1<<0);
|
|
const unsigned long CSP_ALLOW_EVAL = (1<<1);
|
|
const unsigned long CSP_ALLOW_REMOTE = (1<<2);
|
|
const unsigned long CSP_ALLOW_WASM = (1<<3);
|
|
|
|
/**
|
|
* Checks a custom content security policy string, to ensure that it meets
|
|
* minimum security requirements. Returns null for valid policies, or a
|
|
* string describing the error for invalid policies.
|
|
*/
|
|
AString validateAddonCSP(in AString aPolicyString, in unsigned long aPermittedPolicy);
|
|
};
|