Bug 1715167 - Part 5: Add a precursorPrincipal attribute to nsIPrincipal, r=ckerschb,ngogge

This provides a getter which can be used to interact with the precursor
attribute of the null principal.

Depends on D119691

Differential Revision: https://phabricator.services.mozilla.com/D119692

caps/BasePrincipal.cpp

@@ -1383,6 +1383,12 @@ BasePrincipal::CreateReferrerInfo(mozilla::dom::ReferrerPolicy aReferrerPolicy,
   return NS_OK;
 }
 
+NS_IMETHODIMP
+BasePrincipal::GetPrecursorPrincipal(nsIPrincipal** aPrecursor) {
+  *aPrecursor = nullptr;
+  return NS_OK;
+}
+
 NS_IMPL_ADDREF(BasePrincipal::Deserializer)
 NS_IMPL_RELEASE(BasePrincipal::Deserializer)
 

caps/BasePrincipal.h

@@ -180,6 +180,9 @@ class BasePrincipal : public nsJSPrincipals {
 
   NS_IMETHOD GetNextSubDomainPrincipal(
       nsIPrincipal** aNextSubDomainPrincipal) override;
+
+  NS_IMETHOD GetPrecursorPrincipal(nsIPrincipal** aPrecursor) override;
+
   nsresult ToJSON(nsACString& aJSON);
   static already_AddRefed<BasePrincipal> FromJSON(const nsACString& aJSON);
   // Method populates a passed Json::Value with serializable fields

caps/NullPrincipal.cpp

@@ -294,3 +294,46 @@ already_AddRefed<BasePrincipal> NullPrincipal::FromProperties(
 
   return NullPrincipal::Create(attrs, uri);
 }
+
+NS_IMETHODIMP
+NullPrincipal::GetPrecursorPrincipal(nsIPrincipal** aPrincipal) {
+  *aPrincipal = nullptr;
+
+  nsAutoCString query;
+  if (NS_FAILED(mURI->GetQuery(query)) || query.IsEmpty()) {
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsIURI> precursorURI;
+  if (NS_FAILED(NS_NewURI(getter_AddRefs(precursorURI), query))) {
+    MOZ_ASSERT_UNREACHABLE(
+        "Failed to parse precursor from nullprincipal query");
+    return NS_OK;
+  }
+
+  // If our precursor is another null principal, re-construct it. This can
+  // happen if a null principal without a precursor causes another principal to
+  // be created.
+  if (precursorURI->SchemeIs(NS_NULLPRINCIPAL_SCHEME)) {
+#ifdef DEBUG
+    nsAutoCString precursorQuery;
+    precursorURI->GetQuery(precursorQuery);
+    MOZ_ASSERT(precursorQuery.IsEmpty(),
+               "Null principal with nested precursors?");
+#endif
+    *aPrincipal =
+        NullPrincipal::Create(OriginAttributesRef(), precursorURI).take();
+    return NS_OK;
+  }
+
+  RefPtr<BasePrincipal> contentPrincipal =
+      BasePrincipal::CreateContentPrincipal(precursorURI,
+                                            OriginAttributesRef());
+  // If `CreateContentPrincipal` failed, it will create a new NullPrincipal and
+  // return that instead. We only want to return real content principals here.
+  if (!contentPrincipal || !contentPrincipal->Is<ContentPrincipal>()) {
+    return NS_OK;
+  }
+  contentPrincipal.forget(aPrincipal);
+  return NS_OK;
+}

caps/NullPrincipal.h

@@ -48,6 +48,7 @@ class NullPrincipal final : public BasePrincipal {
   NS_IMETHOD SetDomain(nsIURI* aDomain) override;
   NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
   NS_IMETHOD GetAddonId(nsAString& aAddonId) override;
+  NS_IMETHOD GetPrecursorPrincipal(nsIPrincipal** aPrecursor) override;
 
   static already_AddRefed<NullPrincipal> CreateWithInheritedAttributes(
       nsIPrincipal* aInheritFrom);

caps/nsIPrincipal.idl

@@ -538,6 +538,20 @@ interface nsIPrincipal : nsISupports
      */
     [infallible] readonly attribute boolean isLocalIpAddress;
 
+    /**
+     * If this principal is a null principal, reconstruct the precursor
+     * principal which this null principal was derived from. This may be null,
+     * in which case this is not a null principal, there is no known precursor
+     * to this null principal, it was created by a privileged context, or there
+     * was a bugged origin in the precursor string.
+     *
+     * WARNING: Be careful when using this principal, as it is not part of the
+     * security properties of the null principal, and should NOT be used to
+     * grant a resource with a null principal access to resources from its
+     * precursor origin. This is only to be used for places where tracking how
+     * null principals were created is necessary.
+     */
+    [infallible] readonly attribute nsIPrincipal precursorPrincipal;
 };
 
 /**