Bug 1752332: Improve the blocklisting behavior r=KrisWright

For all subprocesses, if a preference is in the blocklist, sanitize it. (This preserves the IPC optimization behavior, kind of. We now generate IPC traffic when we didn't before, but we omit the value. Values were previously capped at 4 KiB now they're 0 bytes.) For Web Content processes, we sanitize a preference if it is in the blocklist, or if does not have a Default value (i.e. it is dynamically named). There is an exception list for dynamically named preferences we know we need though. In subprocesses, we know if a preference was sanitized by checking its Sanitized bit. Depends on D141416 Differential Revision: https://phabricator.services.mozilla.com/D141417
2022-04-21 13:22:50 +00:00 · 2022-04-21 13:22:50 +00:00 · 0d296a2db4
--- a/modules/libpref/Preferences.cpp
+++ b/modules/libpref/Preferences.cpp
@ -5706,15 +5706,43 @@ bool ShouldSanitizePreference(const char* aPref,
      // PREF_LIST_ENTRY("privacy.sanitize."),
  };

+  static const PrefListEntry sDynamicPrefOverrideList[]{
+      PREF_LIST_ENTRY("print.printer_")};
+
 #undef PREF_LIST_ENTRY

-  for (const auto& entry : sParentOnlyPrefBranchList) {
-    if (strncmp(entry.mPrefBranch, aPref, entry.mLen) == 0) {
+  // In the parent process, we use a heuristic to decide if a pref
+  // value should be sanitized before sending to subprocesses.
+  if (XRE_IsParentProcess()) {
+    // First check against the denylist, the denylist is used for
+    // all subprocesses to reduce IPC traffic.
+    for (const auto& entry : sParentOnlyPrefBranchList) {
+      if (strncmp(entry.mPrefBranch, aPref, entry.mLen) == 0) {
+        return true;
+      }
+    }
+
+    if (!aIsDestWebContentProcess) {
+      return false;
+    }
+
+    // If it's a Web Content Process, also check if it's a dynamically
+    // named string preference
+    if (Preferences::GetType(aPref) == nsIPrefBranch::PREF_STRING &&
+        !Preferences::HasDefaultValue(aPref)) {
+      for (const auto& entry : sDynamicPrefOverrideList) {
+        if (strncmp(entry.mPrefBranch, aPref, entry.mLen) == 0) {
+          return false;
+        }
+      }
      return true;
    }
+
+    return false;
  }

-  return false;
+  // In subprocesses we only check the sanitized bit
+  return Preferences::IsSanitized(aPref);
 }

 }  // namespace mozilla