Bug 1848783, part 3 - Add the site (sans port) to the permission keys of a content process - r=anti-tracking-reviewers,timhuang

without this, permissions set in the main process that are site-scoped on origins with non-null ports are not pushed out to the content process.

Differential Revision: https://phabricator.services.mozilla.com/D186984

dom/ipc/ContentParent.cpp

@@ -6461,6 +6461,16 @@ nsresult ContentParent::TransmitPermissionsForPrincipal(
     EnsurePermissionsByKey(pair.first, pair.second);
   }
 
+  // We need to add the Site to the secondary keys of interest here.
+  // This allows site-scoped permission updates to propogate when the
+  // port is non-standard.
+  nsAutoCString siteKey;
+  nsresult rv =
+      PermissionManager::GetKeyForPrincipal(aPrincipal, false, true, siteKey);
+  if (NS_SUCCEEDED(rv) && !siteKey.IsEmpty()) {
+    mActiveSecondaryPermissionKeys.EnsureInserted(siteKey);
+  }
+
   return NS_OK;
 }
 
@@ -6555,6 +6565,11 @@ bool ContentParent::NeedsPermissionsUpdate(
   return mActivePermissionKeys.Contains(aPermissionKey);
 }
 
+bool ContentParent::NeedsSecondaryKeyPermissionsUpdate(
+    const nsACString& aPermissionKey) const {
+  return mActiveSecondaryPermissionKeys.Contains(aPermissionKey);
+}
+
 mozilla::ipc::IPCResult ContentParent::RecvAccumulateChildHistograms(
     nsTArray<HistogramAccumulation>&& aAccumulations) {
   TelemetryIPC::AccumulateChildHistograms(GetTelemetryProcessID(mRemoteType),

dom/ipc/ContentParent.h

@@ -404,6 +404,12 @@ class ContentParent final : public PContentParent,
 
   bool NeedsPermissionsUpdate(const nsACString& aPermissionKey) const;
 
+  // Getter for which permission keys should signal that a content
+  // process needs to know about the change of a permission with this as the
+  // secondary key, like for 3rdPartyFrameStorage^https://secondary.com
+  bool NeedsSecondaryKeyPermissionsUpdate(
+      const nsACString& aPermissionKey) const;
+
   // Manage pending load states which have been sent to this process, and are
   // expected to be used to start a load imminently.
   already_AddRefed<nsDocShellLoadState> TakePendingLoadStateForId(
@@ -1592,6 +1598,7 @@ class ContentParent final : public PContentParent,
   nsRefPtrHashtable<nsIDHashKey, GetFilesHelper> mGetFilesPendingRequests;
 
   nsTHashSet<nsCString> mActivePermissionKeys;
+  nsTHashSet<nsCString> mActiveSecondaryPermissionKeys;
 
   nsTArray<nsCString> mBlobURLs;
 

extensions/permissions/PermissionManager.cpp

@@ -631,7 +631,7 @@ nsresult NotifySecondaryKeyPermissionUpdateInContentProcess(
           if (!cp) {
             continue;
           }
-          if (cp->NeedsPermissionsUpdate(aSecondaryKey)) {
+          if (cp->NeedsSecondaryKeyPermissionsUpdate(aSecondaryKey)) {
             WindowGlobalParent* wgp = cbc->GetCurrentWindowGlobal();
             if (!wgp) {
               continue;
@@ -3439,6 +3439,7 @@ PermissionManager::GetAllKeysForPrincipal(nsIPrincipal* aPrincipal) {
 
   nsTArray<std::pair<nsCString, nsCString>> pairs;
   nsCOMPtr<nsIPrincipal> prin = aPrincipal;
+
   while (prin) {
     // Add the pair to the list
     std::pair<nsCString, nsCString>* pair =