mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out 4 changesets (bug 1320404) for test_permmanager_load_invalid_entries.js failures 

Backed out changeset 7c2f4e64d38e (bug 1320404)
Backed out changeset a7e7c0251179 (bug 1320404)
Backed out changeset dd741b25a244 (bug 1320404)
Backed out changeset de9073c57d20 (bug 1320404)
This commit is contained in:
Bogdan Tara 2019-05-03 06:12:25 +03:00
Родитель fb8bc549b9
Коммит 386d23bfe7
102 изменённых файлов: 942 добавлений и 545 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
browser/base/content/test/caps/browser_principalSerialization_version1.js
Просмотреть файл

@ -113,6 +113,7 @@ add_task(async function test_realHistoryCheck() {
"output": {
"URI": false,
"originAttributes": {
"appId": 0,
"firstPartyDomain": "",
"inIsolatedMozBrowser": false,
"privateBrowsingId": 0,
@ -127,6 +128,7 @@ add_task(async function test_realHistoryCheck() {
"cspJSON": "{\"csp-policies\":[{\"child-src\":[\"https://www.googletagmanager.com\",\"https://www.google-analytics.com\",\"https://www.youtube-nocookie.com\",\"https://trackertest.org\",\"https://www.surveygizmo.com\",\"https://accounts.firefox.com\",\"https://accounts.firefox.com.cn\",\"https://www.youtube.com\"],\"connect-src\":[\"'self'\",\"https://*.mozilla.net\",\"https://*.mozilla.org\",\"https://*.mozilla.com\",\"https://www.googletagmanager.com\",\"https://www.google-analytics.com\",\"https://accounts.firefox.com/\",\"https://accounts.firefox.com.cn/\"],\"default-src\":[\"'self'\",\"https://*.mozilla.net\",\"https://*.mozilla.org\",\"https://*.mozilla.com\"],\"frame-src\":[\"https://www.googletagmanager.com\",\"https://www.google-analytics.com\",\"https://www.youtube-nocookie.com\",\"https://trackertest.org\",\"https://www.surveygizmo.com\",\"https://accounts.firefox.com\",\"https://accounts.firefox.com.cn\",\"https://www.youtube.com\"],\"img-src\":[\"'self'\",\"https://*.mozilla.net\",\"https://*.mozilla.org\",\"https://*.mozilla.com\",\"data:\",\"https://mozilla.org\",\"https://www.googletagmanager.com\",\"https://www.google-analytics.com\",\"https://adservice.google.com\",\"https://adservice.google.de\",\"https://adservice.google.dk\",\"https://creativecommons.org\",\"https://ad.doubleclick.net\"],\"report-only\":false,\"script-src\":[\"'self'\",\"https://*.mozilla.net\",\"https://*.mozilla.org\",\"https://*.mozilla.com\",\"'unsafe-inline'\",\"'unsafe-eval'\",\"https://www.googletagmanager.com\",\"https://www.google-analytics.com\",\"https://tagmanager.google.com\",\"https://www.youtube.com\",\"https://s.ytimg.com\"],\"style-src\":[\"'self'\",\"https://*.mozilla.net\",\"https://*.mozilla.org\",\"https://*.mozilla.com\",\"'unsafe-inline'\"]}]}",
"URISpec": "https://www.mozilla.org/en-US/",
"originAttributes": {
"appId": 0,
"firstPartyDomain": "",
"inIsolatedMozBrowser": false,
"privateBrowsingId": 0,
@ -139,6 +141,7 @@ add_task(async function test_realHistoryCheck() {
"output": {
"URISpec": "https://www.mozilla.org/en-US/firefox/accounts/",
"originAttributes": {
"appId": 0,
"firstPartyDomain": "",
"inIsolatedMozBrowser": false,
"privateBrowsingId": 0,
@ -152,6 +155,7 @@ add_task(async function test_realHistoryCheck() {
"output": {
"URISpec": "https://developer.mozilla.org/en-US/?utm_source=www.mozilla.org&utm_medium=referral&utm_campaign=nav&utm_content=developers",
"originAttributes": {
"appId": 0,
"firstPartyDomain": "",
"inIsolatedMozBrowser": false,
"privateBrowsingId": 0,
@ -165,6 +169,7 @@ add_task(async function test_realHistoryCheck() {
"output": {
"URI": false,
"originAttributes": {
"appId": 0,
"firstPartyDomain": "",
"inIsolatedMozBrowser": false,
"privateBrowsingId": 0,
@ -178,6 +183,7 @@ add_task(async function test_realHistoryCheck() {
"output": {
"URISpec": "moz-nullprincipal:{045ca18d-436c-4744-bbb6-b1a15366df79}",
"originAttributes": {
"appId": 0,
"firstPartyDomain": "",
"inIsolatedMozBrowser": false,
"privateBrowsingId": 0,

1
browser/components/sessionstore/test/browser_restore_cookies_noOriginAttributes.js
Просмотреть файл

@ -107,6 +107,7 @@ const SESSION_DATA_OA = JSON.stringify(
name: "test1",
originAttributes: {
addonId: "",
appId: 0,
inIsolatedMozBrowser: false,
userContextId: 0,
},

12
caps/BasePrincipal.cpp
Просмотреть файл

@ -293,6 +293,18 @@ BasePrincipal::GetOriginSuffix(nsACString& aOriginAttributes) {
return NS_OK;
}
NS_IMETHODIMP
BasePrincipal::GetAppId(uint32_t* aAppId) {
if (AppId() == nsIScriptSecurityManager::UNKNOWN_APP_ID) {
MOZ_ASSERT(false);
*aAppId = nsIScriptSecurityManager::NO_APP_ID;
return NS_OK;
}
*aAppId = AppId();
return NS_OK;
}
NS_IMETHODIMP
BasePrincipal::GetUserContextId(uint32_t* aUserContextId) {
*aUserContextId = UserContextId();

2
caps/BasePrincipal.h
Просмотреть файл

@ -122,6 +122,7 @@ class BasePrincipal : public nsJSPrincipals {
NS_IMETHOD GetOriginAttributes(JSContext* aCx,
JS::MutableHandle<JS::Value> aVal) final;
NS_IMETHOD GetOriginSuffix(nsACString& aOriginSuffix) final;
NS_IMETHOD GetAppId(uint32_t* aAppId) final;
NS_IMETHOD GetIsInIsolatedMozBrowserElement(
bool* aIsInIsolatedMozBrowserElement) final;
NS_IMETHOD GetUserContextId(uint32_t* aUserContextId) final;
@ -153,6 +154,7 @@ class BasePrincipal : public nsJSPrincipals {
const OriginAttributes& OriginAttributesRef() final {
return mOriginAttributes;
}
uint32_t AppId() const { return mOriginAttributes.mAppId; }
extensions::WebExtensionPolicy* AddonPolicy();
uint32_t UserContextId() const { return mOriginAttributes.mUserContextId; }
uint32_t PrivateBrowsingId() const {

17
caps/OriginAttributes.cpp
Просмотреть файл

@ -133,6 +133,11 @@ void OriginAttributes::CreateSuffix(nsACString& aStr) const {
// naming.
//
if (mAppId != nsIScriptSecurityManager::NO_APP_ID) {
value.AppendInt(mAppId);
params.Set(NS_LITERAL_STRING("appId"), value);
}
if (mInIsolatedMozBrowser) {
params.Set(NS_LITERAL_STRING("inBrowser"), NS_LITERAL_STRING("1"));
}
@ -202,6 +207,16 @@ class MOZ_STACK_CLASS PopulateFromSuffixIterator final
bool URLParamsIterator(const nsAString& aName,
const nsAString& aValue) override {
if (aName.EqualsLiteral("appId")) {
nsresult rv;
int64_t val = aValue.ToInteger64(&rv);
NS_ENSURE_SUCCESS(rv, false);
NS_ENSURE_TRUE(val <= UINT32_MAX, false);
mOriginAttributes->mAppId = static_cast<uint32_t>(val);
return true;
}
if (aName.EqualsLiteral("inBrowser")) {
if (!aValue.EqualsLiteral("1")) {
return false;
@ -211,7 +226,7 @@ class MOZ_STACK_CLASS PopulateFromSuffixIterator final
return true;
}
if (aName.EqualsLiteral("addonId") || aName.EqualsLiteral("appId")) {
if (aName.EqualsLiteral("addonId")) {
// No longer supported. Silently ignore so that legacy origin strings
// don't cause failures.
return true;

18
caps/OriginAttributes.h
Просмотреть файл

@ -17,7 +17,8 @@ class OriginAttributes : public dom::OriginAttributesDictionary {
public:
OriginAttributes() {}
explicit OriginAttributes(bool aInIsolatedMozBrowser) {
OriginAttributes(uint32_t aAppId, bool aInIsolatedMozBrowser) {
mAppId = aAppId;
mInIsolatedMozBrowser = aInIsolatedMozBrowser;
}
@ -45,7 +46,8 @@ class OriginAttributes : public dom::OriginAttributesDictionary {
}
bool operator==(const OriginAttributes& aOther) const {
return mInIsolatedMozBrowser == aOther.mInIsolatedMozBrowser &&
return mAppId == aOther.mAppId &&
mInIsolatedMozBrowser == aOther.mInIsolatedMozBrowser &&
mUserContextId == aOther.mUserContextId &&
mPrivateBrowsingId == aOther.mPrivateBrowsingId &&
mFirstPartyDomain == aOther.mFirstPartyDomain;
@ -56,7 +58,8 @@ class OriginAttributes : public dom::OriginAttributesDictionary {
}
MOZ_MUST_USE bool EqualsIgnoringFPD(const OriginAttributes& aOther) const {
return mInIsolatedMozBrowser == aOther.mInIsolatedMozBrowser &&
return mAppId == aOther.mAppId &&
mInIsolatedMozBrowser == aOther.mInIsolatedMozBrowser &&
mUserContextId == aOther.mUserContextId &&
mPrivateBrowsingId == aOther.mPrivateBrowsingId;
}
@ -126,6 +129,10 @@ class OriginAttributesPattern : public dom::OriginAttributesPatternDictionary {
// Performs a match of |aAttrs| against this pattern.
bool Matches(const OriginAttributes& aAttrs) const {
if (mAppId.WasPassed() && mAppId.Value() != aAttrs.mAppId) {
return false;
}
if (mInIsolatedMozBrowser.WasPassed() &&
mInIsolatedMozBrowser.Value() != aAttrs.mInIsolatedMozBrowser) {
return false;
@ -150,6 +157,11 @@ class OriginAttributesPattern : public dom::OriginAttributesPatternDictionary {
}
bool Overlaps(const OriginAttributesPattern& aOther) const {
if (mAppId.WasPassed() && aOther.mAppId.WasPassed() &&
mAppId.Value() != aOther.mAppId.Value()) {
return false;
}
if (mInIsolatedMozBrowser.WasPassed() &&
aOther.mInIsolatedMozBrowser.WasPassed() &&
mInIsolatedMozBrowser.Value() != aOther.mInIsolatedMozBrowser.Value()) {

18
caps/nsIPrincipal.idl
Просмотреть файл

@ -267,6 +267,24 @@ interface nsIPrincipal : nsISerializable
*/
readonly attribute ACString baseDomain;
/**
* Gets the id of the app this principal is inside. If this principal is
* not inside an app, returns nsIScriptSecurityManager::NO_APP_ID.
*
* Note that this principal does not necessarily have the permissions of
* the app identified by appId. For example, this principal might
* correspond to an iframe whose origin differs from that of the app frame
* containing it. In this case, the iframe will have the appId of its
* containing app frame, but the iframe must not run with the app's
* permissions.
*
* Similarly, this principal might correspond to an <iframe mozbrowser>
* inside an app frame; in this case, the content inside the iframe should
* not have any of the app's permissions, even if the iframe is at the same
* origin as the app.
*/
[infallible] readonly attribute unsigned long appId;
/**
* Gets the ID of the add-on this principal belongs to.
*/

3
caps/nsIScriptSecurityManager.idl
Просмотреть файл

@ -246,6 +246,9 @@ interface nsIScriptSecurityManager : nsISupports
*/
nsIPrincipal getChannelURIPrincipal(in nsIChannel aChannel);
const unsigned long NO_APP_ID = 0;
const unsigned long UNKNOWN_APP_ID = 4294967295; // UINT32_MAX
const unsigned long DEFAULT_USER_CONTEXT_ID = 0;
/**

10
caps/tests/gtest/TestOriginAttributes.cpp
Просмотреть файл

@ -34,9 +34,15 @@ TEST(OriginAttributes, Suffix_default)
TestSuffix(attrs);
}
TEST(OriginAttributes, Suffix_inIsolatedMozBrowser)
TEST(OriginAttributes, Suffix_appId_inIsolatedMozBrowser)
{
OriginAttributes attrs(true);
OriginAttributes attrs(1, true);
TestSuffix(attrs);
}
TEST(OriginAttributes, Suffix_maxAppId_inIsolatedMozBrowser)
{
OriginAttributes attrs(4294967295, true);
TestSuffix(attrs);
}

89
caps/tests/unit/test_origin.js
Просмотреть файл

@ -19,6 +19,7 @@ function checkCrossOrigin(a, b) {
function checkOriginAttributes(prin, attrs, suffix) {
attrs = attrs || {};
Assert.equal(prin.originAttributes.appId, attrs.appId || 0);
Assert.equal(prin.originAttributes.inIsolatedMozBrowser, attrs.inIsolatedMozBrowser || false);
Assert.equal(prin.originSuffix, suffix || "");
Assert.equal(ChromeUtils.originAttributesToSuffix(attrs), suffix || "");
@ -40,6 +41,7 @@ function checkSandboxOriginAttributes(arr, attrs, options) {
// utility function useful for debugging
function printAttrs(name, attrs) {
info(name + " {\n" +
"\tappId: " + attrs.appId + ",\n" +
"\tuserContextId: " + attrs.userContextId + ",\n" +
"\tinIsolatedMozBrowser: " + attrs.inIsolatedMozBrowser + ",\n" +
"\tprivateBrowsingId: '" + attrs.privateBrowsingId + "',\n" +
@ -51,6 +53,7 @@ function checkValues(attrs, values) {
values = values || {};
// printAttrs("attrs", attrs);
// printAttrs("values", values);
Assert.equal(attrs.appId, values.appId || 0);
Assert.equal(attrs.userContextId, values.userContextId || 0);
Assert.equal(attrs.inIsolatedMozBrowser, values.inIsolatedMozBrowser || false);
Assert.equal(attrs.privateBrowsingId, values.privateBrowsingId || "");
@ -91,6 +94,13 @@ function run_test() {
// Test origin attributes.
//
// Just app.
var exampleOrg_app = ssm.createCodebasePrincipal(makeURI("http://example.org"), {appId: 42});
var nullPrin_app = ssm.createNullPrincipal({appId: 42});
checkOriginAttributes(exampleOrg_app, {appId: 42}, "^appId=42");
checkOriginAttributes(nullPrin_app, {appId: 42}, "^appId=42");
Assert.equal(exampleOrg_app.origin, "http://example.org^appId=42");
// Just browser.
var exampleOrg_browser = ssm.createCodebasePrincipal(makeURI("http://example.org"), {inIsolatedMozBrowser: true});
var nullPrin_browser = ssm.createNullPrincipal({inIsolatedMozBrowser: true});
@ -98,26 +108,68 @@ function run_test() {
checkOriginAttributes(nullPrin_browser, {inIsolatedMozBrowser: true}, "^inBrowser=1");
Assert.equal(exampleOrg_browser.origin, "http://example.org^inBrowser=1");
// App and browser.
var exampleOrg_appBrowser = ssm.createCodebasePrincipal(makeURI("http://example.org"), {inIsolatedMozBrowser: true, appId: 42});
var nullPrin_appBrowser = ssm.createNullPrincipal({inIsolatedMozBrowser: true, appId: 42});
checkOriginAttributes(exampleOrg_appBrowser, {appId: 42, inIsolatedMozBrowser: true}, "^appId=42&inBrowser=1");
checkOriginAttributes(nullPrin_appBrowser, {appId: 42, inIsolatedMozBrowser: true}, "^appId=42&inBrowser=1");
Assert.equal(exampleOrg_appBrowser.origin, "http://example.org^appId=42&inBrowser=1");
// App and browser, different domain.
var exampleCom_appBrowser = ssm.createCodebasePrincipal(makeURI("https://www.example.com:123"), {appId: 42, inIsolatedMozBrowser: true});
checkOriginAttributes(exampleCom_appBrowser, {appId: 42, inIsolatedMozBrowser: true}, "^appId=42&inBrowser=1");
Assert.equal(exampleCom_appBrowser.origin, "https://www.example.com:123^appId=42&inBrowser=1");
// First party Uri
var exampleOrg_firstPartyDomain = ssm.createCodebasePrincipal(makeURI("http://example.org"), {firstPartyDomain: "example.org"});
checkOriginAttributes(exampleOrg_firstPartyDomain, { firstPartyDomain: "example.org" }, "^firstPartyDomain=example.org");
Assert.equal(exampleOrg_firstPartyDomain.origin, "http://example.org^firstPartyDomain=example.org");
// Make sure we don't crash when serializing principals with UNKNOWN_APP_ID.
try {
let binaryStream = Cc["@mozilla.org/binaryoutputstream;1"].
createInstance(Ci.nsIObjectOutputStream);
let pipe = Cc["@mozilla.org/pipe;1"].createInstance(Ci.nsIPipe);
pipe.init(false, false, 0, 0xffffffff, null);
binaryStream.setOutputStream(pipe.outputStream);
binaryStream.writeCompoundObject(simplePrin, Ci.nsISupports, true); // eslint-disable-line no-undef
binaryStream.close();
} catch (e) {
Assert.ok(true);
}
// Just userContext.
var exampleOrg_userContext = ssm.createCodebasePrincipal(makeURI("http://example.org"), {userContextId: 42});
checkOriginAttributes(exampleOrg_userContext, { userContextId: 42 }, "^userContextId=42");
Assert.equal(exampleOrg_userContext.origin, "http://example.org^userContextId=42");
// UserContext and App.
var exampleOrg_userContextApp = ssm.createCodebasePrincipal(makeURI("http://example.org"), {appId: 24, userContextId: 42});
var nullPrin_userContextApp = ssm.createNullPrincipal({appId: 24, userContextId: 42});
checkOriginAttributes(exampleOrg_userContextApp, {appId: 24, userContextId: 42}, "^appId=24&userContextId=42");
checkOriginAttributes(nullPrin_userContextApp, {appId: 24, userContextId: 42}, "^appId=24&userContextId=42");
Assert.equal(exampleOrg_userContextApp.origin, "http://example.org^appId=24&userContextId=42");
checkSandboxOriginAttributes(null, {});
checkSandboxOriginAttributes("http://example.org", {});
checkSandboxOriginAttributes("http://example.org", {}, {originAttributes: {}});
checkSandboxOriginAttributes("http://example.org", {appId: 42}, {originAttributes: {appId: 42}});
checkSandboxOriginAttributes(["http://example.org"], {});
checkSandboxOriginAttributes(["http://example.org"], {}, {originAttributes: {}});
checkSandboxOriginAttributes(["http://example.org"], {appId: 42}, {originAttributes: {appId: 42}});
// Check that all of the above are cross-origin.
checkCrossOrigin(exampleOrg_app, exampleOrg);
checkCrossOrigin(exampleOrg_app, nullPrin_app);
checkCrossOrigin(exampleOrg_browser, exampleOrg_app);
checkCrossOrigin(exampleOrg_browser, nullPrin_browser);
checkCrossOrigin(exampleOrg_appBrowser, exampleOrg_app);
checkCrossOrigin(exampleOrg_appBrowser, nullPrin_appBrowser);
checkCrossOrigin(exampleOrg_appBrowser, exampleCom_appBrowser);
checkCrossOrigin(exampleOrg_firstPartyDomain, exampleOrg);
checkCrossOrigin(exampleOrg_userContext, exampleOrg);
checkCrossOrigin(exampleOrg_userContext, exampleOrg_userContextApp);
// Check Principal kinds.
function checkKind(prin, kind) {
@ -143,9 +195,12 @@ function run_test() {
var uri = "http://example.org";
var tests = [
[ "", {} ],
[ "^appId=5", {appId: 5} ],
[ "^userContextId=3", {userContextId: 3} ],
[ "^inBrowser=1", {inIsolatedMozBrowser: true} ],
[ "^firstPartyDomain=example.org", {firstPartyDomain: "example.org"} ] ];
[ "^firstPartyDomain=example.org", {firstPartyDomain: "example.org"} ],
[ "^appId=3&inBrowser=1&userContextId=6",
{appId: 3, userContextId: 6, inIsolatedMozBrowser: true} ] ];
// check that we can create an origin attributes from an origin properly
tests.forEach(t => {
@ -161,6 +216,30 @@ function run_test() {
Assert.equal(ChromeUtils.originAttributesToSuffix(attrs), t[0]);
});
// each row in the set_tests array has these values:
// [0] - the suffix used to create an origin attribute from
// [1] - the expected result of creating an origin attribute from [0]
// [2] - the pattern to set on the origin attributes
// [3] - the expected result of setting [2] values on [1]
// [4] - the expected result of creating a suffix from [3]
var set_tests = [
[ "", {}, {appId: 5}, {appId: 5}, "^appId=5" ],
[ "^appId=5", {appId: 5}, {appId: 3}, {appId: 3}, "^appId=3" ],
[ "^appId=5", {appId: 5}, {userContextId: 3}, {appId: 5, userContextId: 3}, "^appId=5&userContextId=3" ],
[ "^appId=5", {appId: 5}, {appId: 3, userContextId: 7}, {appId: 3, userContextId: 7}, "^appId=3&userContextId=7" ] ];
// check that we can set origin attributes values properly
set_tests.forEach(t => {
let orig = ChromeUtils.createOriginAttributesFromOrigin(uri + t[0]);
checkValues(orig, t[1]);
let mod = orig;
for (var key in t[2]) {
mod[key] = t[2][key];
}
checkValues(mod, t[3]);
Assert.equal(ChromeUtils.originAttributesToSuffix(mod), t[4]);
});
// each row in the dflt_tests array has these values:
// [0] - the suffix used to create an origin attribute from
// [1] - the expected result of creating an origin attributes from [0]
@ -168,7 +247,9 @@ function run_test() {
// [3] - the expected result of creating a suffix from [2]
var dflt_tests = [
[ "", {}, {}, "" ],
[ "^userContextId=3", {userContextId: 3}, {}, "" ] ];
[ "^userContextId=3", {userContextId: 3}, {}, "" ],
[ "^appId=5", {appId: 5}, {appId: 5}, "^appId=5" ],
[ "^appId=5&userContextId=3", {appId: 5, userContextId: 3}, {appId: 5}, "^appId=5" ] ];
// check that we can set the userContextId to default properly
dflt_tests.forEach(t => {
@ -187,7 +268,9 @@ function run_test() {
// [3] - the expected result of creating a suffix from [2]
var dflt2_tests = [
[ "", {}, {}, "" ],
[ "^firstPartyDomain=foo.com", {firstPartyDomain: "foo.com"}, {}, "" ] ];
[ "^firstPartyDomain=foo.com", {firstPartyDomain: "foo.com"}, {}, "" ],
[ "^appId=5", {appId: 5}, {appId: 5}, "^appId=5" ],
[ "^appId=5&firstPartyDomain=foo.com", {appId: 5, firstPartyDomain: "foo.com"}, {appId: 5}, "^appId=5" ] ];
// check that we can set the userContextId to default properly
dflt2_tests.forEach(t => {

7
docshell/base/LoadContext.h
Просмотреть файл

@ -33,7 +33,7 @@ class LoadContext final : public nsILoadContext, public nsIInterfaceRequestor {
NS_DECL_NSILOADCONTEXT
NS_DECL_NSIINTERFACEREQUESTOR
// inIsolatedMozBrowser argumentsoverrides that in
// appId/inIsolatedMozBrowser arguments override those in
// SerializedLoadContext provided by child process.
LoadContext(const IPC::SerializedLoadContext& aToCopy,
dom::Element* aTopFrameElement, OriginAttributes& aAttrs)
@ -49,7 +49,7 @@ class LoadContext final : public nsILoadContext, public nsIInterfaceRequestor {
mOriginAttributes(aAttrs) {
}
// inIsolatedMozBrowser argument overrides that in
// appId/inIsolatedMozBrowser arguments override those in
// SerializedLoadContext provided by child process.
LoadContext(const IPC::SerializedLoadContext& aToCopy,
uint64_t aNestedFrameId, OriginAttributes& aAttrs)
@ -97,7 +97,8 @@ class LoadContext final : public nsILoadContext, public nsIInterfaceRequestor {
mOriginAttributes(aAttrs) {
}
// Constructor for creating a LoadContext with a given browser flag.
// Constructor for creating a LoadContext with a given principal's appId and
// browser flag.
explicit LoadContext(nsIPrincipal* aPrincipal,
nsILoadContext* aOptionalBase = nullptr);

2
docshell/base/nsDocShell.h
Просмотреть файл

@ -232,7 +232,7 @@ class nsDocShell final : public nsDocLoader,
NS_IMETHOD OnLeaveLink() override;
// Don't use NS_DECL_NSILOADCONTEXT because some of nsILoadContext's methods
// are shared with nsIDocShell and can't be declared twice.
// are shared with nsIDocShell (appID, etc.) and can't be declared twice.
NS_IMETHOD GetAssociatedWindow(mozIDOMWindowProxy**) override;
NS_IMETHOD GetTopWindow(mozIDOMWindowProxy**) override;
NS_IMETHOD GetTopFrameElement(mozilla::dom::Element**) override;

3
dom/base/ChromeUtils.h
Просмотреть файл

@ -100,7 +100,8 @@ class ChromeUtils {
static bool IsOriginAttributesEqualIgnoringFPD(
const dom::OriginAttributesDictionary& aA,
const dom::OriginAttributesDictionary& aB) {
return aA.mInIsolatedMozBrowser == aB.mInIsolatedMozBrowser &&
return aA.mAppId == aB.mAppId &&
aA.mInIsolatedMozBrowser == aB.mInIsolatedMozBrowser &&
aA.mUserContextId == aB.mUserContextId &&
aA.mPrivateBrowsingId == aB.mPrivateBrowsingId;
}

4
dom/base/Document.cpp
Просмотреть файл

@ -2590,6 +2590,10 @@ nsresult Document::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
uri ? uri->GetSpecOrDefault().get() : ""));
}
MOZ_ASSERT(
NodePrincipal()->GetAppId() != nsIScriptSecurityManager::UNKNOWN_APP_ID,
"Document should never have UNKNOWN_APP_ID");
MOZ_ASSERT(GetReadyStateEnum() == Document::READYSTATE_UNINITIALIZED,
"Bad readyState");
SetReadyStateInternal(READYSTATE_LOADING);

3
dom/base/PostMessageEvent.cpp
Просмотреть файл

@ -98,6 +98,9 @@ PostMessageEvent::Run() {
OriginAttributes sourceAttrs = mProvidedPrincipal->OriginAttributesRef();
OriginAttributes targetAttrs = targetPrin->OriginAttributesRef();
MOZ_DIAGNOSTIC_ASSERT(
sourceAttrs.mAppId == targetAttrs.mAppId,
"Target and source should have the same mAppId attribute.");
MOZ_DIAGNOSTIC_ASSERT(
sourceAttrs.mUserContextId == targetAttrs.mUserContextId,
"Target and source should have the same userContextId attribute.");

5
dom/base/nsFrameLoader.cpp
Просмотреть файл

@ -2218,6 +2218,8 @@ nsresult nsFrameLoader::MaybeCreateDocShell() {
// So far we want to make sure Inherit doesn't override any other origin
// attribute than firstPartyDomain.
MOZ_ASSERT(attrs.mAppId == oa.mAppId,
"docshell and document should have the same appId attribute.");
MOZ_ASSERT(
attrs.mUserContextId == oa.mUserContextId,
"docshell and document should have the same userContextId attribute.");
@ -2232,6 +2234,7 @@ nsresult nsFrameLoader::MaybeCreateDocShell() {
}
if (OwnerIsMozBrowserFrame()) {
attrs.mAppId = nsIScriptSecurityManager::NO_APP_ID;
attrs.mInIsolatedMozBrowser = OwnerIsIsolatedMozBrowserFrame();
docShell->SetFrameType(nsIDocShell::FRAME_TYPE_BROWSER);
} else {
@ -3376,6 +3379,8 @@ nsresult nsFrameLoader::GetNewTabContext(MutableTabContext* aTabContext,
attrs.mInIsolatedMozBrowser = OwnerIsIsolatedMozBrowserFrame();
nsresult rv;
attrs.mAppId = nsIScriptSecurityManager::NO_APP_ID;
// set the userContextId on the attrs before we pass them into
// the tab context
rv = PopulateUserContextIdFromAttribute(attrs);

3
dom/base/test/test_messagemanager_principal.html
Просмотреть файл

@ -24,6 +24,9 @@
addMessageListener("test:ipcMessage", function(message) {
sendAsyncMessage(message.name, "principal: " + (message.principal ? "OK" : "KO"));
sendAsyncMessage(message.name, "principal.appId: " +
("appId" in message.principal ? "OK" : "KO"));
sendAsyncMessage(message.name, "principal.origin: " +
("origin" in message.principal ? "OK" : "KO"));

3
dom/base/test/test_messagemanager_send_principal.html
Просмотреть файл

@ -26,6 +26,9 @@
sendAsyncMessage("test:result", "is nsIPrincipal: " +
(message.data instanceof Ci.nsIPrincipal ? "OK" : "KO"));
sendAsyncMessage("test:result", "principal.appId: " +
("appId" in message.data ? "OK" : "KO"));
sendAsyncMessage("test:result", "principal.origin: " +
("origin" in message.data ? "OK" : "KO"));

5
dom/base/test/test_messagemanager_targetchain.html
Просмотреть файл

@ -102,9 +102,12 @@
var principal = SpecialPowers.wrap(document).nodePrincipal;
SpecialPowers.pushPermissions([
{ type: "browser", allow: 1, context: { url: principal.URI.spec,
originAttributes: {}}},
originAttributes: {
appId: principal.appId
}}},
{ type: "browser", allow: 1, context: { url: principal.URI.spec,
originAttributes: {
appId: principal.appId,
inIsolatedMozBrowser: true }}}
], () => {
SpecialPowers.pushPrefEnv({

4
dom/browser-element/mochitest/browserElement_Auth.js
Просмотреть файл

@ -159,12 +159,12 @@ function testAuthJarNoInterfere(e) {
// Set a bunch of auth data that should not conflict with the correct auth data already
// stored in the cache.
var attrs = {userContextId: 1};
var attrs = {appId: 1};
var principal = secMan.createCodebasePrincipal(uri, attrs);
authMgr.setAuthIdentity("http", "test", -1, "basic", "http_realm",
"tests/dom/browser-element/mochitest/file_http_401_response.sjs",
"", "httpuser", "wrongpass", false, principal);
attrs = {userContextId: 1, inIsolatedMozBrowser: true};
attrs = {appId: 1, inIsolatedMozBrowser: true};
principal = secMan.createCodebasePrincipal(uri, attrs);
authMgr.setAuthIdentity("http", "test", -1, "basic", "http_realm",
"tests/dom/browser-element/mochitest/file_http_401_response.sjs",

1
dom/browser-element/mochitest/browserElement_CopyPaste.js
Просмотреть файл

@ -328,6 +328,7 @@ function testCut2(e) {
var principal = SpecialPowers.wrap(document).nodePrincipal;
var context = { url: SpecialPowers.wrap(principal.URI).spec,
originAttributes: {
appId: principal.appId,
inIsolatedMozBrowser: true }};
addEventListener("testready", function() {

2
dom/chrome-webidl/ChromeUtils.webidl
Просмотреть файл

@ -520,12 +520,14 @@ dictionary IOActivityDataDictionary {
* (3) Update the methods on mozilla::OriginAttributesPattern, including matching.
*/
dictionary OriginAttributesDictionary {
unsigned long appId = 0;
unsigned long userContextId = 0;
boolean inIsolatedMozBrowser = false;
unsigned long privateBrowsingId = 0;
DOMString firstPartyDomain = "";
};
dictionary OriginAttributesPatternDictionary {
unsigned long appId;
unsigned long userContextId;
boolean inIsolatedMozBrowser;
unsigned long privateBrowsingId;

1
dom/ipc/BrowserBridgeParent.cpp
Просмотреть файл

@ -31,6 +31,7 @@ nsresult BrowserBridgeParent::Init(const nsString& aPresentationURL,
// from our Manager().
OriginAttributes attrs;
attrs.mInIsolatedMozBrowser = false;
attrs.mAppId = nsIScriptSecurityManager::NO_APP_ID;
attrs.SyncAttributesWithPrivateBrowsing(false);
MutableTabContext tabContext;
tabContext.SetTabContext(false, 0, UIStateChangeType_Set,

6
dom/ipc/PTabContext.ipdlh
Просмотреть файл

@ -20,7 +20,11 @@ namespace dom {
//
// If isMozBrowserElement is false, this PopupIPCTabContext is either a
// <xul:browser> or an app frame. The frame's app-id and app-frame-owner-app-id
// will be equal to the opener's values.
// will be equal to the opener's values. For a <xul:browser>, those app IDs
// will be NO_APP_ID.
//
// If isMozBrowserElement is true, the frame's browserFrameOwnerAppId will be
// equal to the opener's app-id.
//
// It's an error to set isMozBrowserElement == false if opener is a mozbrowser
// element. Such a PopupIPCTabContext should be rejected by code which receives

5
dom/ipc/TabContext.cpp
Просмотреть файл

@ -12,6 +12,8 @@
#include "nsIScriptSecurityManager.h"
#include "nsServiceManagerUtils.h"
#define NO_APP_ID (nsIScriptSecurityManager::NO_APP_ID)
using namespace mozilla::dom::ipc;
using namespace mozilla::layout;
@ -93,6 +95,9 @@ bool TabContext::SetTabContext(bool aIsMozBrowserElement,
const nsAString& aPresentationURL) {
NS_ENSURE_FALSE(mInitialized, false);
// Veryify that app id matches mAppId passed in originAttributes
MOZ_RELEASE_ASSERT(aOriginAttributes.mAppId == NO_APP_ID);
mInitialized = true;
mIsMozBrowserElement = aIsMozBrowserElement;
mChromeOuterWindowID = aChromeOuterWindowID;

1
dom/presentation/tests/mochitest/test_presentation_mixed_security_contexts.html
Просмотреть файл

@ -23,6 +23,7 @@ function setup() {
SpecialPowers.addPermission("presentation",
true, { url: "https://example.com/tests/dom/presentation/tests/mochitest/file_presentation_mixed_security_contexts.html",
originAttributes: {
appId: SpecialPowers.Ci.nsIScriptSecurityManager.NO_APP_ID,
inIsolatedMozBrowser: false }});
return new Promise(function(aResolve, aReject) {

44
dom/push/test/xpcshell/test_clear_origin_data.js
Просмотреть файл

@ -50,12 +50,32 @@ add_task(async function test_webapps_cleardata() {
let testRecords = [{
scope: "https://example.org/1",
originAttributes: {},
clearIf: { inIsolatedMozBrowser: false },
originAttributes: { appId: 1 },
clearIf: { appId: 1, inIsolatedMozBrowser: false },
}, {
scope: "https://example.org/1",
originAttributes: { inIsolatedMozBrowser: true },
clearIf: {},
originAttributes: { appId: 1, inIsolatedMozBrowser: true },
clearIf: { appId: 1 },
}, {
scope: "https://example.org/1",
originAttributes: { appId: 2, inIsolatedMozBrowser: true },
clearIf: { appId: 2, inIsolatedMozBrowser: true },
}, {
scope: "https://example.org/2",
originAttributes: { appId: 1 },
clearIf: { appId: 1, inIsolatedMozBrowser: false },
}, {
scope: "https://example.org/2",
originAttributes: { appId: 2, inIsolatedMozBrowser: true },
clearIf: { appId: 2, inIsolatedMozBrowser: true },
}, {
scope: "https://example.org/3",
originAttributes: { appId: 3, inIsolatedMozBrowser: true },
clearIf: { inIsolatedMozBrowser: true },
}, {
scope: "https://example.org/3",
originAttributes: { appId: 4, inIsolatedMozBrowser: true },
clearIf: { inIsolatedMozBrowser: true },
}];
let unregisterDone;
@ -102,11 +122,19 @@ add_task(async function test_webapps_cleardata() {
})
));
// Removes all the records, Excluding where `inIsolatedMozBrowser` is true.
await clearForPattern(testRecords, { inIsolatedMozBrowser: false });
// Removes records for all scopes with the same app ID. Excludes records
// where `inIsolatedMozBrowser` is true.
await clearForPattern(testRecords, { appId: 1, inIsolatedMozBrowser: false });
// Removes the all the remaining records where `inIsolatedMozBrowser` is true.
await clearForPattern(testRecords, {});
// Removes the remaining record for app ID 1, where `inIsolatedMozBrowser` is true.
await clearForPattern(testRecords, { appId: 1 });
// Removes all records for all scopes with the same app ID, where
// `inIsolatedMozBrowser` is true.
await clearForPattern(testRecords, { appId: 2, inIsolatedMozBrowser: true });
// Removes all records where `inIsolatedMozBrowser` is true.
await clearForPattern(testRecords, { inIsolatedMozBrowser: true });
equal(testRecords.length, 0, "Should remove all test records");
await unregisterPromise;

8
dom/push/test/xpcshell/test_notification_http2.js
Просмотреть файл

@ -60,7 +60,7 @@ add_task(async function test_pushNotifications() {
y: "26jk0IFbqcK6-JxhHAm-rsHEwy0CyVJjtnfOcqc1tgA",
},
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
quota: Infinity,
systemRecord: true,
}, {
@ -79,7 +79,7 @@ add_task(async function test_pushNotifications() {
y: "5TZ1rK8Ldih6ljyxVwnBA-nygQHGRpEmu1jV5K8437E",
},
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
quota: Infinity,
systemRecord: true,
}, {
@ -98,7 +98,7 @@ add_task(async function test_pushNotifications() {
y: "Ja6n3YH8TOcH8narDF6t8mKVvg2ioLW-8MH5O4dzGcI",
},
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
quota: Infinity,
systemRecord: true,
}, {
@ -122,7 +122,7 @@ add_task(async function test_pushNotifications() {
padding: "reject",
}),
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
quota: Infinity,
systemRecord: true,
}];

4
dom/push/test/xpcshell/test_reconnect_retry.js
Просмотреть файл

@ -57,7 +57,7 @@ add_task(async function test_reconnect_retry() {
let registration = await PushService.register({
scope: "https://example.com/page/1",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
});
let retryEndpoint = "https://example.org/push/" + channelID;
equal(registration.endpoint, retryEndpoint, "Wrong endpoint for retried request");
@ -65,7 +65,7 @@ add_task(async function test_reconnect_retry() {
registration = await PushService.register({
scope: "https://example.com/page/2",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
});
notEqual(registration.endpoint, retryEndpoint, "Wrong endpoint for new request");

1
dom/push/test/xpcshell/test_register_5xxCode_http2.js
Просмотреть файл

@ -78,6 +78,7 @@ add_task(async function test1() {
});
let originAttributes = ChromeUtils.originAttributesToSuffix({
appId: Ci.nsIScriptSecurityManager.NO_APP_ID,
inIsolatedMozBrowser: false,
});
let newRecord = await PushService.register({

2
dom/push/test/xpcshell/test_register_case.js
Просмотреть файл

@ -45,7 +45,7 @@ add_task(async function test_register_case() {
let newRecord = await PushService.register({
scope: "https://example.net/case",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
});
equal(newRecord.endpoint, "https://example.com/update/case",
"Wrong push endpoint in registration record");

12
dom/push/test/xpcshell/test_register_error_http2.js
Просмотреть файл

@ -35,7 +35,7 @@ add_task(async function test_pushSubscriptionNoConnection() {
PushService.register({
scope: "https://example.net/page/invalid-response",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Registration error/,
"Expected error for not being able to establish connecion."
@ -71,7 +71,7 @@ add_task(async function test_pushSubscriptionMissingLocation() {
PushService.register({
scope: "https://example.net/page/invalid-response",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Registration error/,
"Expected error for the missing location header."
@ -97,7 +97,7 @@ add_task(async function test_pushSubscriptionMissingLink() {
PushService.register({
scope: "https://example.net/page/invalid-response",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Registration error/,
"Expected error for the missing link header."
@ -123,7 +123,7 @@ add_task(async function test_pushSubscriptionMissingLink1() {
PushService.register({
scope: "https://example.net/page/invalid-response",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Registration error/,
"Expected error for the missing push endpoint."
@ -149,7 +149,7 @@ add_task(async function test_pushSubscriptionLocationBogus() {
PushService.register({
scope: "https://example.net/page/invalid-response",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Registration error/,
"Expected error for the bogus location"
@ -175,7 +175,7 @@ add_task(async function test_pushSubscriptionNot2xxCode() {
PushService.register({
scope: "https://example.net/page/invalid-response",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Registration error/,
"Expected error for not 201 responce code."

2
dom/push/test/xpcshell/test_register_invalid_channel.js
Просмотреть файл

@ -47,7 +47,7 @@ add_task(async function test_register_invalid_channel() {
PushService.register({
scope: "https://example.com/invalid-channel",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Registration error/,
"Expected error for invalid channel ID"

2
dom/push/test/xpcshell/test_register_invalid_endpoint.js
Просмотреть файл

@ -48,7 +48,7 @@ add_task(async function test_register_invalid_endpoint() {
PushService.register({
scope: "https://example.net/page/invalid-endpoint",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Registration error/,
"Expected error for invalid endpoint"

2
dom/push/test/xpcshell/test_register_invalid_json.js
Просмотреть файл

@ -48,7 +48,7 @@ add_task(async function test_register_invalid_json() {
PushService.register({
scope: "https://example.net/page/invalid-json",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Registration error/,
"Expected error for invalid JSON response"

2
dom/push/test/xpcshell/test_register_no_id.js
Просмотреть файл

@ -52,7 +52,7 @@ add_task(async function test_register_no_id() {
PushService.register({
scope: "https://example.com/incomplete",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Registration error/,
"Expected error for incomplete register response"

4
dom/push/test/xpcshell/test_register_request_queue.js
Просмотреть файл

@ -44,12 +44,12 @@ add_task(async function test_register_request_queue() {
let firstRegister = PushService.register({
scope: "https://example.com/page/1",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
});
let secondRegister = PushService.register({
scope: "https://example.com/page/1",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
});
await Promise.all([

2
dom/push/test/xpcshell/test_register_rollback.js
Просмотреть файл

@ -75,7 +75,7 @@ add_task(async function test_register_rollback() {
PushService.register({
scope: "https://example.com/storage-error",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/universe has imploded/,
"Expected error for unregister database failure"

2
dom/push/test/xpcshell/test_register_success.js
Просмотреть файл

@ -58,7 +58,7 @@ add_task(async function test_register_success() {
let newRecord = await PushService.register({
scope: "https://example.org/1",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
});
equal(newRecord.endpoint, "https://example.com/update/1",
"Wrong push endpoint in registration record");

4
dom/push/test/xpcshell/test_register_success_http2.js
Просмотреть файл

@ -49,7 +49,7 @@ add_task(async function test_pushSubscriptionSuccess() {
let newRecord = await PushService.register({
scope: "https://example.org/1",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
});
var subscriptionUri = serverURL + "/pushSubscriptionSuccesss";
@ -83,7 +83,7 @@ add_task(async function test_pushSubscriptionMissingLink2() {
let newRecord = await PushService.register({
scope: "https://example.org/no_receiptEndpoint",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
});
var subscriptionUri = serverURL + "/subscriptionMissingLink2";

2
dom/push/test/xpcshell/test_register_timeout.js
Просмотреть файл

@ -75,7 +75,7 @@ add_task(async function test_register_timeout() {
PushService.register({
scope: "https://example.net/page/timeout",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Registration error/,
"Expected error for request timeout"

2
dom/push/test/xpcshell/test_register_wrong_id.js
Просмотреть файл

@ -58,7 +58,7 @@ add_task(async function test_register_wrong_id() {
PushService.register({
scope: "https://example.com/mismatched",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Registration error/,
"Expected error for mismatched register reply"

2
dom/push/test/xpcshell/test_register_wrong_type.js
Просмотреть файл

@ -52,7 +52,7 @@ add_task(async function test_register_wrong_type() {
PushService.register({
scope: "https://example.com/mistyped",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Registration error/,
"Expected error for non-string channel ID"

2
dom/push/test/xpcshell/test_registration_error.js
Просмотреть файл

@ -33,7 +33,7 @@ add_task(async function test_registrations_error() {
PushService.registration({
scope: "https://example.net/1",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
function(error) {
return error == "Database error";

2
dom/push/test/xpcshell/test_registration_error_http2.js
Просмотреть файл

@ -27,7 +27,7 @@ add_task(async function test_registrations_error() {
PushService.registration({
scope: "https://example.net/1",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
function(error) {
return error == "Database error";

2
dom/push/test/xpcshell/test_registration_none.js
Просмотреть файл

@ -25,7 +25,7 @@ add_task(async function test_registration_none() {
let registration = await PushService.registration({
scope: "https://example.net/1",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
});
ok(!registration, "Should not open a connection without registration");
});

16
dom/push/test/xpcshell/test_registration_success.js
Просмотреть файл

@ -23,6 +23,22 @@ add_task(async function test_registration_success() {
originAttributes: "",
version: 5,
quota: Infinity,
}, {
channelID: "f6edfbcd-79d6-49b8-9766-48b9dcfeff0f",
pushEndpoint: "https://example.com/update/same-manifest/2",
scope: "https://example.net/b",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ appId: 42 }),
version: 10,
quota: Infinity,
}, {
channelID: "b1cf38c9-6836-4d29-8a30-a3e98d59b728",
pushEndpoint: "https://example.org/update/different-manifest",
scope: "https://example.org/c",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ appId: 42, inIsolatedMozBrowser: true }),
version: 15,
quota: Infinity,
}];
for (let record of records) {
await db.put(record);

8
dom/push/test/xpcshell/test_registration_success_http2.js
Просмотреть файл

@ -29,7 +29,7 @@ add_task(async function test_pushNotifications() {
pushReceiptEndpoint: serverURL + "/pushReceiptEndpointA",
scope: "https://example.net/a",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
quota: Infinity,
}, {
subscriptionUri: serverURL + "/subscriptionB",
@ -37,7 +37,7 @@ add_task(async function test_pushNotifications() {
pushReceiptEndpoint: serverURL + "/pushReceiptEndpointB",
scope: "https://example.net/b",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
quota: Infinity,
}, {
subscriptionUri: serverURL + "/subscriptionC",
@ -45,7 +45,7 @@ add_task(async function test_pushNotifications() {
pushReceiptEndpoint: serverURL + "/pushReceiptEndpointC",
scope: "https://example.net/c",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
quota: Infinity,
}];
@ -61,7 +61,7 @@ add_task(async function test_pushNotifications() {
let registration = await PushService.registration({
scope: "https://example.net/a",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
});
equal(
registration.endpoint,

2
dom/push/test/xpcshell/test_unregister_empty_scope.js
Просмотреть файл

@ -31,7 +31,7 @@ add_task(async function test_unregister_empty_scope() {
PushService.unregister({
scope: "",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Invalid page record/,
"Expected error for empty endpoint"

2
dom/push/test/xpcshell/test_unregister_invalid_json.js
Просмотреть файл

@ -79,7 +79,7 @@ add_task(async function test_unregister_invalid_json() {
PushService.unregister({
scope: "https://example.net/page/1",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
}),
/Request timed out/,
"Expected error for second invalid JSON response"

2
dom/push/test/xpcshell/test_unregister_not_found.js
Просмотреть файл

@ -30,7 +30,7 @@ add_task(async function test_unregister_not_found() {
let result = await PushService.unregister({
scope: "https://example.net/nonexistent",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
});
ok(result === false, "unregister should resolve with false for nonexistent scope");
});

4
dom/push/test/xpcshell/test_unregister_success_http2.js
Просмотреть файл

@ -44,7 +44,7 @@ add_task(async function test_pushUnsubscriptionSuccess() {
pushReceiptEndpoint: serverURL + "/receiptPushEndpointUnsubscriptionSuccess",
scope: "https://example.com/page/unregister-success",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
quota: Infinity,
});
@ -56,7 +56,7 @@ add_task(async function test_pushUnsubscriptionSuccess() {
await PushService.unregister({
scope: "https://example.com/page/unregister-success",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
});
let record = await db.getByKeyID(serverURL + "/subscriptionUnsubscriptionSuccess");
ok(!record, "Unregister did not remove record");

2
dom/push/test/xpcshell/test_updateRecordNoEncryptionKeys_ws.js
Просмотреть файл

@ -70,7 +70,7 @@ add_task(async function test_with_data_enabled() {
let newRecord = await PushService.register({
scope: "https://example.com/page/3",
originAttributes: ChromeUtils.originAttributesToSuffix(
{ inIsolatedMozBrowser: false }),
{ appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
});
ok(newRecord.p256dhKey, "Should generate public keys for new records");

54
dom/quota/ActorsParent.cpp
Просмотреть файл

@ -204,6 +204,11 @@ const char kResourceOriginPrefix[] = "resource://";
#define TEMPORARY_DIRECTORY_NAME "temporary"
#define DEFAULT_DIRECTORY_NAME "default"
enum AppId {
kNoAppId = nsIScriptSecurityManager::NO_APP_ID,
kUnknownAppId = nsIScriptSecurityManager::UNKNOWN_APP_ID
};
#define STORAGE_FILE_NAME "storage.sqlite"
// The name of the file that we use to load/save the last access time of an
@ -1651,6 +1656,7 @@ class MOZ_STACK_CLASS OriginParser final {
const OriginAttributes mOriginAttributes;
Tokenizer mTokenizer;
uint32_t mAppId;
nsCString mScheme;
nsCString mHost;
Nullable<uint32_t> mPort;
@ -1674,6 +1680,7 @@ class MOZ_STACK_CLASS OriginParser final {
: mOrigin(aOrigin),
mOriginAttributes(aOriginAttributes),
mTokenizer(aOrigin, '+'),
mAppId(kNoAppId),
mPort(),
mSchemeType(eNone),
mState(eExpectingAppIdOrScheme),
@ -2023,18 +2030,23 @@ nsresult GetBinaryOutputStream(nsIFile* aFile, FileFlag aFileFlag,
return NS_OK;
}
void GetJarPrefix(bool aInIsolatedMozBrowser, nsACString& aJarPrefix) {
void GetJarPrefix(uint32_t aAppId, bool aInIsolatedMozBrowser,
nsACString& aJarPrefix) {
MOZ_ASSERT(aAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID);
if (aAppId == nsIScriptSecurityManager::UNKNOWN_APP_ID) {
aAppId = nsIScriptSecurityManager::NO_APP_ID;
}
aJarPrefix.Truncate();
// Fallback.
if (!aInIsolatedMozBrowser) {
if (aAppId == nsIScriptSecurityManager::NO_APP_ID && !aInIsolatedMozBrowser) {
return;
}
// AppId is an unused b2g identifier. Let's set it to 0 all the time (see bug
// 1320404).
// aJarPrefix = appId + "+" + { 't', 'f' } + "+";
aJarPrefix.AppendInt(0); // TODO: this is the appId, to be removed.
aJarPrefix.AppendInt(aAppId);
aJarPrefix.Append('+');
aJarPrefix.Append(aInIsolatedMozBrowser ? 't' : 'f');
aJarPrefix.Append('+');
@ -2055,7 +2067,8 @@ nsresult CreateDirectoryMetadata(nsIFile* aDirectory, int64_t aTimestamp,
}
nsCString groupPrefix;
GetJarPrefix(groupAttributes.mInIsolatedMozBrowser, groupPrefix);
GetJarPrefix(groupAttributes.mAppId, groupAttributes.mInIsolatedMozBrowser,
groupPrefix);
nsCString group = groupPrefix + groupNoSuffix;
@ -2068,7 +2081,8 @@ nsresult CreateDirectoryMetadata(nsIFile* aDirectory, int64_t aTimestamp,
}
nsCString originPrefix;
GetJarPrefix(originAttributes.mInIsolatedMozBrowser, originPrefix);
GetJarPrefix(originAttributes.mAppId, originAttributes.mInIsolatedMozBrowser,
originPrefix);
nsCString origin = originPrefix + originNoSuffix;
@ -9015,7 +9029,14 @@ auto OriginParser::Parse(nsACString& aSpec, OriginAttributes* aAttrs)
// For IPv6 URL, it should at least have three groups.
MOZ_ASSERT_IF(mIPGroup > 0, mIPGroup >= 3);
*aAttrs = mOriginAttributes;
if (mAppId == kNoAppId) {
*aAttrs = mOriginAttributes;
} else {
MOZ_ASSERT(mOriginAttributes.mAppId == kNoAppId);
*aAttrs = OriginAttributes(mAppId, mInIsolatedMozBrowser);
}
nsAutoCString spec(mScheme);
if (mSchemeType == eFile) {
@ -9131,8 +9152,9 @@ void OriginParser::HandleToken(const nsDependentCSubstring& aToken) {
nsCString token(aToken);
nsresult rv;
Unused << token.ToInteger(&rv);
uint32_t appId = token.ToInteger(&rv);
if (NS_SUCCEEDED(rv)) {
mAppId = appId;
mState = eExpectingInMozBrowser;
return;
}
@ -9907,6 +9929,20 @@ nsresult UpgradeStorageFrom1_0To2_0Helper::MaybeRemoveMorgueDirectory(
nsresult UpgradeStorageFrom1_0To2_0Helper::MaybeRemoveAppsData(
const OriginProps& aOriginProps, bool* aRemoved) {
AssertIsOnIOThread();
// XXX This will need to be reworked as part of bug 1320404 (appId is
// going to be removed from origin attributes).
if (aOriginProps.mAttrs.mAppId != kNoAppId &&
aOriginProps.mAttrs.mAppId != kUnknownAppId) {
nsresult rv = RemoveObsoleteOrigin(aOriginProps);
if (NS_WARN_IF(NS_FAILED(rv))) {
return rv;
}
*aRemoved = true;
return NS_OK;
}
*aRemoved = false;
return NS_OK;
}

4
dom/quota/SerializationHelpers.h
Просмотреть файл

@ -33,6 +33,7 @@ struct ParamTraits<mozilla::OriginAttributesPattern> {
typedef mozilla::OriginAttributesPattern paramType;
static void Write(Message* aMsg, const paramType& aParam) {
WriteParam(aMsg, aParam.mAppId);
WriteParam(aMsg, aParam.mFirstPartyDomain);
WriteParam(aMsg, aParam.mInIsolatedMozBrowser);
WriteParam(aMsg, aParam.mPrivateBrowsingId);
@ -41,7 +42,8 @@ struct ParamTraits<mozilla::OriginAttributesPattern> {
static bool Read(const Message* aMsg, PickleIterator* aIter,
paramType* aResult) {
return ReadParam(aMsg, aIter, &aResult->mFirstPartyDomain) &&
return ReadParam(aMsg, aIter, &aResult->mAppId) &&
ReadParam(aMsg, aIter, &aResult->mFirstPartyDomain) &&
ReadParam(aMsg, aIter, &aResult->mInIsolatedMozBrowser) &&
ReadParam(aMsg, aIter, &aResult->mPrivateBrowsingId) &&
ReadParam(aMsg, aIter, &aResult->mUserContextId);

14
dom/quota/nsIQuotaManagerService.idl
Просмотреть файл

@ -109,14 +109,12 @@ interface nsIQuotaManagerService : nsISupports
/**
* Removes all storages stored for the given pattern. The files may not be
* deleted immediately depending on prohibitive concurrent operations. In
* terms of locks, it will get an exclusive multi directory lock for given
* pattern. For example, given pattern {"userContextId":1007} and set of 3
* origins ["http://www.mozilla.org^userContextId=1007",
* "http://www.example.org^userContextId=1007",
* "http://www.example.org^userContextId=1008"], the method will only lock 2
* origins ["http://www.mozilla.org^userContextId=1007",
* "http://www.example.org^userContextId=1007"].
* deleted immediately depending on prohibitive concurrent operations.
* In terms of locks, it will get an exclusive multi directory lock for given
* pattern. For example, given pattern {"appId":1007} and set of 3 origins
* ["http://www.mozilla.org^appId=1007", "http://www.example.org^appId=1007",
* "http://www.example.org^appId=1008"], the method will only lock 2 origins
* ["http://www.mozilla.org^appId=1007", "http://www.example.org^appId=1007"].
*
* @param aPattern
* A pattern for the origins whose storages are to be cleared.

24
dom/quota/test/gtest/TestQuotaManager.cpp
Просмотреть файл

@ -48,6 +48,13 @@ TEST(QuotaManager, OriginScope)
EXPECT_TRUE(originScope.GetOriginNoSuffix().Equals(prefix));
}
{
NS_NAMED_LITERAL_STRING(pattern, "{\"appId\":1007}");
originScope.SetFromJSONPattern(pattern);
EXPECT_TRUE(originScope.IsPattern());
EXPECT_TRUE(originScope.GetJSONPattern().Equals(pattern));
}
{
originScope.SetFromNull();
EXPECT_TRUE(originScope.IsNull());
@ -82,6 +89,20 @@ TEST(QuotaManager, OriginScope)
}
}
{
originScope.SetFromJSONPattern(NS_LITERAL_STRING("{\"appId\":1007}"));
static const OriginTest tests[] = {
{"http+++www.mozilla.org^appId=1007", true},
{"http+++www.example.org^appId=1007", true},
{"http+++www.example.org^appId=1008", false},
};
for (const auto& test : tests) {
CheckOriginScopeMatchesOrigin(originScope, test.mOrigin, test.mMatch);
}
}
{
originScope.SetFromNull();
@ -89,6 +110,9 @@ TEST(QuotaManager, OriginScope)
{"http://www.mozilla.org", true},
{"http://www.mozilla.org^userContextId=1", true},
{"http://www.example.org^userContextId=1", true},
{"http+++www.mozilla.org^appId=1007", true},
{"http+++www.example.org^appId=1007", true},
{"http+++www.example.org^appId=1008", true},
};
for (const auto& test : tests) {

Двоичные данные
dom/quota/test/unit/removeAppsUpgrade_profile.zip Normal file
Просмотреть файл

Двоичный файл не отображается.

66
dom/quota/test/unit/test_removeAppsUpgrade.js Normal file
Просмотреть файл

@ -0,0 +1,66 @@
/**
* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/
*/
var testGenerator = testSteps();
function* testSteps()
{
const origins = [
{
path: "storage/default/http+++www.mozilla.org",
obsolete: false
},
{
path: "storage/default/app+++system.gaiamobile.org^appId=1007",
obsolete: true
},
{
path: "storage/default/https+++developer.cdn.mozilla.net^appId=1007&inBrowser=1",
obsolete: true
}
];
info("Clearing");
clear(continueToNextStepSync);
yield undefined;
info("Installing package");
installPackage("removeAppsUpgrade_profile");
info("Checking origin directories");
for (let origin of origins) {
let originDir = getRelativeFile(origin.path);
let exists = originDir.exists();
ok(exists, "Origin directory does exist");
}
info("Initializing");
let request = init(continueToNextStepSync);
yield undefined;
ok(request.resultCode == NS_OK, "Initialization succeeded");
info("Checking origin directories");
for (let origin of origins) {
let originDir = getRelativeFile(origin.path);
let exists = originDir.exists();
if (origin.obsolete) {
ok(!exists, "Origin directory doesn't exist");
} else {
ok(exists, "Origin directory does exist");
}
}
finishTest();
}

2
dom/quota/test/unit/xpcshell.ini
Просмотреть файл

@ -18,6 +18,7 @@ support-files =
morgueCleanup_profile.zip
obsoleteOriginAttributes_profile.zip
originAttributesUpgrade_profile.zip
removeAppsUpgrade_profile.zip
removeLocalStorage1_profile.zip
removeLocalStorage2_profile.zip
storagePersistentUpgrade_profile.zip
@ -45,6 +46,7 @@ support-files =
[test_persist_eviction.js]
[test_persist_globalLimit.js]
[test_persist_groupLimit.js]
[test_removeAppsUpgrade.js]
[test_removeLocalStorage.js]
[test_simpledb.js]
[test_specialOrigins.js]

6
dom/serviceworkers/ServiceWorkerManager.cpp
Просмотреть файл

@ -1504,6 +1504,12 @@ ServiceWorkerManager::GetServiceWorkerRegistrationInfo(nsIPrincipal* aPrincipal,
MOZ_ASSERT(aPrincipal);
MOZ_ASSERT(aURI);
// XXXnsm Temporary fix until Bug 1171432 is fixed.
if (NS_WARN_IF(BasePrincipal::Cast(aPrincipal)->AppId() ==
nsIScriptSecurityManager::UNKNOWN_APP_ID)) {
return nullptr;
}
nsAutoCString scopeKey;
nsresult rv = PrincipalToScopeKey(aPrincipal, scopeKey);
if (NS_FAILED(rv)) {

5
dom/serviceworkers/ServiceWorkerManager.h
Просмотреть файл

@ -328,8 +328,9 @@ class ServiceWorkerManager final : public nsIServiceWorkerManager,
GetServiceWorkerRegistrationInfo(const nsACString& aScopeKey,
nsIURI* aURI) const;
// This method generates a key using isInElementBrowser from the principal. We
// don't use the origin because it can change during the loading.
// This method generates a key using appId and isInElementBrowser from the
// principal. We don't use the origin because it can change during the
// loading.
static nsresult PrincipalToScopeKey(nsIPrincipal* aPrincipal,
nsACString& aKey);

46
dom/serviceworkers/test/gtest/TestReadWrite.cpp
Просмотреть файл

@ -159,7 +159,7 @@ TEST(ServiceWorkerRegistrar, TestReadData)
{
nsAutoCString buffer(SERVICEWORKERREGISTRAR_VERSION "\n");
buffer.AppendLiteral("^inBrowser=1\n");
buffer.AppendLiteral("^appId=123&inBrowser=1\n");
buffer.AppendLiteral("https://scope_0.org\ncurrentWorkerURL 0\n");
buffer.Append(SERVICEWORKERREGISTRAR_TRUE "\n");
buffer.AppendLiteral("cacheName 0\n");
@ -208,7 +208,7 @@ TEST(ServiceWorkerRegistrar, TestReadData)
nsAutoCString suffix0;
cInfo0.attrs().CreateSuffix(suffix0);
ASSERT_STREQ("^inBrowser=1", suffix0.get());
ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@ -265,7 +265,7 @@ TEST(ServiceWorkerRegistrar, TestWriteData)
{
RefPtr<ServiceWorkerRegistrarTest> swr = new ServiceWorkerRegistrarTest;
for (int i = 0; i < 2; ++i) {
for (int i = 0; i < 10; ++i) {
ServiceWorkerRegistrationData reg;
reg.scope() = nsPrintfCString("https://scope_write_%d.org", i);
@ -285,7 +285,7 @@ TEST(ServiceWorkerRegistrar, TestWriteData)
nsTArray<mozilla::ipc::ContentSecurityPolicy> policies;
reg.principal() = mozilla::ipc::ContentPrincipalInfo(
mozilla::OriginAttributes(i % 2), spec, spec, mozilla::Nothing(),
mozilla::OriginAttributes(i, i % 2), spec, spec, mozilla::Nothing(),
std::move(policies), spec);
swr->TestRegisterServiceWorker(reg);
@ -301,16 +301,16 @@ TEST(ServiceWorkerRegistrar, TestWriteData)
ASSERT_EQ(NS_OK, rv) << "ReadData() should not fail";
const nsTArray<ServiceWorkerRegistrationData>& data = swr->TestGetData();
ASSERT_EQ((uint32_t)2, data.Length()) << "2 entries should be found";
ASSERT_EQ((uint32_t)10, data.Length()) << "10 entries should be found";
for (int i = 0; i < 2; ++i) {
for (int i = 0; i < 10; ++i) {
nsAutoCString test;
ASSERT_EQ(data[i].principal().type(),
mozilla::ipc::PrincipalInfo::TContentPrincipalInfo);
const mozilla::ipc::ContentPrincipalInfo& cInfo = data[i].principal();
mozilla::OriginAttributes attrs(i % 2);
mozilla::OriginAttributes attrs(i, i % 2);
nsAutoCString suffix, expectSuffix;
attrs.CreateSuffix(expectSuffix);
cInfo.attrs().CreateSuffix(suffix);
@ -380,7 +380,7 @@ TEST(ServiceWorkerRegistrar, TestVersion2Migration)
nsAutoCString suffix0;
cInfo0.attrs().CreateSuffix(suffix0);
ASSERT_STREQ("^inBrowser=1", suffix0.get());
ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@ -450,7 +450,7 @@ TEST(ServiceWorkerRegistrar, TestVersion3Migration)
nsAutoCString suffix0;
cInfo0.attrs().CreateSuffix(suffix0);
ASSERT_STREQ("^inBrowser=1", suffix0.get());
ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@ -518,7 +518,7 @@ TEST(ServiceWorkerRegistrar, TestVersion4Migration)
nsAutoCString suffix0;
cInfo0.attrs().CreateSuffix(suffix0);
ASSERT_STREQ("^inBrowser=1", suffix0.get());
ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@ -590,7 +590,7 @@ TEST(ServiceWorkerRegistrar, TestVersion5Migration)
nsAutoCString suffix0;
cInfo0.attrs().CreateSuffix(suffix0);
ASSERT_STREQ("^inBrowser=1", suffix0.get());
ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@ -664,7 +664,7 @@ TEST(ServiceWorkerRegistrar, TestVersion6Migration)
nsAutoCString suffix0;
cInfo0.attrs().CreateSuffix(suffix0);
ASSERT_STREQ("^inBrowser=1", suffix0.get());
ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@ -751,7 +751,7 @@ TEST(ServiceWorkerRegistrar, TestVersion7Migration)
nsAutoCString suffix0;
cInfo0.attrs().CreateSuffix(suffix0);
ASSERT_STREQ("^inBrowser=1", suffix0.get());
ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@ -791,7 +791,7 @@ TEST(ServiceWorkerRegistrar, TestDedupeRead)
"\n");
// unique entries
buffer.AppendLiteral("^inBrowser=1\n");
buffer.AppendLiteral("^appId=123&inBrowser=1\n");
buffer.AppendLiteral(
"spec 0\nhttps://scope_0.org\ncurrentWorkerURL 0\ncacheName 0\n");
buffer.AppendLiteral(SERVICEWORKERREGISTRAR_TERMINATOR "\n");
@ -802,12 +802,12 @@ TEST(ServiceWorkerRegistrar, TestDedupeRead)
buffer.AppendLiteral(SERVICEWORKERREGISTRAR_TERMINATOR "\n");
// dupe entries
buffer.AppendLiteral("^inBrowser=1\n");
buffer.AppendLiteral("^appId=123&inBrowser=1\n");
buffer.AppendLiteral(
"spec 1\nhttps://scope_0.org\ncurrentWorkerURL 0\ncacheName 0\n");
buffer.AppendLiteral(SERVICEWORKERREGISTRAR_TERMINATOR "\n");
buffer.AppendLiteral("^inBrowser=1\n");
buffer.AppendLiteral("^appId=123&inBrowser=1\n");
buffer.AppendLiteral(
"spec 2\nhttps://scope_0.org\ncurrentWorkerURL 0\ncacheName 0\n");
buffer.AppendLiteral(SERVICEWORKERREGISTRAR_TERMINATOR "\n");
@ -836,7 +836,7 @@ TEST(ServiceWorkerRegistrar, TestDedupeRead)
nsAutoCString suffix0;
cInfo0.attrs().CreateSuffix(suffix0);
ASSERT_STREQ("^inBrowser=1", suffix0.get());
ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@ -874,7 +874,7 @@ TEST(ServiceWorkerRegistrar, TestDedupeWrite)
{
RefPtr<ServiceWorkerRegistrarTest> swr = new ServiceWorkerRegistrarTest;
for (int i = 0; i < 2; ++i) {
for (int i = 0; i < 10; ++i) {
ServiceWorkerRegistrationData reg;
reg.scope() = NS_LITERAL_CSTRING("https://scope_write.dedupe");
@ -890,7 +890,7 @@ TEST(ServiceWorkerRegistrar, TestDedupeWrite)
nsTArray<mozilla::ipc::ContentSecurityPolicy> policies;
reg.principal() = mozilla::ipc::ContentPrincipalInfo(
mozilla::OriginAttributes(false), spec, spec, mozilla::Nothing(),
mozilla::OriginAttributes(0, false), spec, spec, mozilla::Nothing(),
std::move(policies), spec);
swr->TestRegisterServiceWorker(reg);
@ -913,19 +913,19 @@ TEST(ServiceWorkerRegistrar, TestDedupeWrite)
mozilla::ipc::PrincipalInfo::TContentPrincipalInfo);
const mozilla::ipc::ContentPrincipalInfo& cInfo = data[0].principal();
mozilla::OriginAttributes attrs(false);
mozilla::OriginAttributes attrs(0, false);
nsAutoCString suffix, expectSuffix;
attrs.CreateSuffix(expectSuffix);
cInfo.attrs().CreateSuffix(suffix);
// Last entry passed to RegisterServiceWorkerInternal() should overwrite
// previous values. So expect "1" in values here.
// previous values. So expect "9" in values here.
ASSERT_STREQ(expectSuffix.get(), suffix.get());
ASSERT_STREQ("https://scope_write.dedupe", cInfo.spec().get());
ASSERT_STREQ("https://scope_write.dedupe", data[0].scope().get());
ASSERT_STREQ("currentWorkerURL write 1", data[0].currentWorkerURL().get());
ASSERT_STREQ("currentWorkerURL write 9", data[0].currentWorkerURL().get());
ASSERT_EQ(true, data[0].currentWorkerHandlesFetch());
ASSERT_STREQ("cacheName write 1",
ASSERT_STREQ("cacheName write 9",
NS_ConvertUTF16toUTF8(data[0].cacheName()).get());
ASSERT_EQ(nsIServiceWorkerRegistrationInfo::UPDATE_VIA_CACHE_IMPORTS,
data[0].updateViaCache());

3
dom/storage/StorageDBUpdater.cpp
Просмотреть файл

@ -70,7 +70,6 @@ class ExtractOriginData : protected mozilla::Tokenizer {
origin.Assign(scope);
// Bail out if it isn't appId.
// AppId doesn't exist any more but we could have old storage data...
uint32_t appId;
if (!ReadInteger(&appId)) {
return;
@ -131,7 +130,7 @@ class ExtractOriginData : protected mozilla::Tokenizer {
}
}
} else {
OriginAttributes attrs(inIsolatedMozBrowser);
OriginAttributes attrs(appId, inIsolatedMozBrowser);
attrs.CreateSuffix(suffix);
}

6
dom/storage/StorageUtils.cpp
Просмотреть файл

@ -118,8 +118,9 @@ nsCString Scheme0Scope(const nsACString& aOriginSuffix,
MOZ_ASSERT(success);
}
if (oa.mInIsolatedMozBrowser) {
result.AppendInt(0); // This is the appId to be removed.
if (oa.mAppId != nsIScriptSecurityManager::NO_APP_ID ||
oa.mInIsolatedMozBrowser) {
result.AppendInt(oa.mAppId);
result.Append(':');
result.Append(oa.mInIsolatedMozBrowser ? 't' : 'f');
result.Append(':');
@ -131,6 +132,7 @@ nsCString Scheme0Scope(const nsACString& aOriginSuffix,
// with originAttributes and originKey columns) so that switch between
// schema 1 and 0 always works in both ways.
nsAutoCString remaining;
oa.mAppId = 0;
oa.mInIsolatedMozBrowser = false;
oa.CreateSuffix(remaining);
if (!remaining.IsEmpty()) {

2
dom/workers/WorkerLoadInfo.cpp
Просмотреть файл

@ -213,7 +213,7 @@ nsresult WorkerLoadInfo::GetPrincipalsAndLoadGroupFromChannel(
}
// The principal can change, but it should still match the original
// load group's browser element flag.
// load group's appId and browser element flag.
MOZ_ASSERT(NS_LoadGroupMatchesPrincipal(channelLoadGroup, channelPrincipal));
channelPrincipal.forget(aPrincipalOut);

112
extensions/permissions/nsPermissionManager.cpp
Просмотреть файл

@ -199,9 +199,10 @@ nsresult GetPrincipalFromOrigin(const nsACString& aOrigin,
return NS_OK;
}
nsresult GetPrincipal(nsIURI* aURI, bool aIsInIsolatedMozBrowserElement,
nsresult GetPrincipal(nsIURI* aURI, uint32_t aAppId,
bool aIsInIsolatedMozBrowserElement,
nsIPrincipal** aPrincipal) {
mozilla::OriginAttributes attrs(aIsInIsolatedMozBrowserElement);
mozilla::OriginAttributes attrs(aAppId, aIsInIsolatedMozBrowserElement);
nsCOMPtr<nsIPrincipal> principal =
mozilla::BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
@ -464,7 +465,8 @@ class MOZ_STACK_CLASS UpgradeIPHostToOriginDB final
nsresult UpgradeHostToOriginAndInsert(
const nsACString& aHost, const nsCString& aType, uint32_t aPermission,
uint32_t aExpireType, int64_t aExpireTime, int64_t aModificationTime,
bool aIsInIsolatedMozBrowserElement, UpgradeHostToOriginHelper* aHelper) {
uint32_t aAppId, bool aIsInIsolatedMozBrowserElement,
UpgradeHostToOriginHelper* aHelper) {
if (aHost.EqualsLiteral("<file>")) {
// We no longer support the magic host <file>
NS_WARNING(
@ -489,7 +491,7 @@ nsresult UpgradeHostToOriginAndInsert(
}
nsCOMPtr<nsIPrincipal> principal;
rv = GetPrincipal(uri, aIsInIsolatedMozBrowserElement,
rv = GetPrincipal(uri, aAppId, aIsInIsolatedMozBrowserElement,
getter_AddRefs(principal));
NS_ENSURE_SUCCESS(rv, rv);
@ -604,7 +606,7 @@ nsresult UpgradeHostToOriginAndInsert(
// We now have a URI which we can make a nsIPrincipal out of
nsCOMPtr<nsIPrincipal> principal;
rv = GetPrincipal(uri, aIsInIsolatedMozBrowserElement,
rv = GetPrincipal(uri, aAppId, aIsInIsolatedMozBrowserElement,
getter_AddRefs(principal));
if (NS_WARN_IF(NS_FAILED(rv))) continue;
@ -652,7 +654,7 @@ nsresult UpgradeHostToOriginAndInsert(
NS_LITERAL_CSTRING("http://") + hostSegment);
NS_ENSURE_SUCCESS(rv, rv);
rv = GetPrincipal(uri, aIsInIsolatedMozBrowserElement,
rv = GetPrincipal(uri, aAppId, aIsInIsolatedMozBrowserElement,
getter_AddRefs(principal));
NS_ENSURE_SUCCESS(rv, rv);
@ -667,7 +669,7 @@ nsresult UpgradeHostToOriginAndInsert(
NS_LITERAL_CSTRING("https://") + hostSegment);
NS_ENSURE_SUCCESS(rv, rv);
rv = GetPrincipal(uri, aIsInIsolatedMozBrowserElement,
rv = GetPrincipal(uri, aAppId, aIsInIsolatedMozBrowserElement,
getter_AddRefs(principal));
NS_ENSURE_SUCCESS(rv, rv);
@ -887,7 +889,7 @@ void nsPermissionManager::Startup() {
// nsPermissionManager Implementation
#define PERMISSIONS_FILE_NAME "permissions.sqlite"
#define HOSTS_SCHEMA_VERSION 10
#define HOSTS_SCHEMA_VERSION 9
#define HOSTPERM_FILE_NAME "hostperm.1"
@ -1303,7 +1305,7 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
rv = mDBConn->CreateStatement(
NS_LITERAL_CSTRING(
"SELECT host, type, permission, expireType, expireTime, "
"modificationTime, isInBrowserElement FROM moz_hosts"),
"modificationTime, appId, isInBrowserElement FROM moz_hosts"),
getter_AddRefs(stmt));
NS_ENSURE_SUCCESS(rv, rv);
@ -1313,6 +1315,7 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
uint32_t expireType;
int64_t expireTime;
int64_t modificationTime;
uint32_t appId;
bool isInBrowserElement;
bool hasResult;
@ -1332,14 +1335,19 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
expireType = stmt->AsInt32(3);
expireTime = stmt->AsInt64(4);
modificationTime = stmt->AsInt64(5);
isInBrowserElement = static_cast<bool>(stmt->AsInt32(6));
if (NS_WARN_IF(stmt->AsInt64(6) < 0)) {
migrationError = true;
continue;
}
appId = static_cast<uint32_t>(stmt->AsInt64(6));
isInBrowserElement = static_cast<bool>(stmt->AsInt32(7));
// Perform the meat of the migration by deferring to the
// UpgradeHostToOriginAndInsert function.
UpgradeHostToOriginDBMigration upHelper(mDBConn, &id);
rv = UpgradeHostToOriginAndInsert(
host, type, permission, expireType, expireTime,
modificationTime, isInBrowserElement, &upHelper);
modificationTime, appId, isInBrowserElement, &upHelper);
if (NS_FAILED(rv)) {
NS_WARNING(
"Unexpected failure when upgrading migrating permission "
@ -1476,7 +1484,7 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
rv = mDBConn->CreateStatement(
NS_LITERAL_CSTRING(
"SELECT host, type, permission, expireType, expireTime, "
"modificationTime, isInBrowserElement FROM moz_hosts"),
"modificationTime, appId, isInBrowserElement FROM moz_hosts"),
getter_AddRefs(stmt));
NS_ENSURE_SUCCESS(rv, rv);
@ -1496,6 +1504,7 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
uint32_t expireType;
int64_t expireTime;
int64_t modificationTime;
uint32_t appId;
bool isInBrowserElement;
while (NS_SUCCEEDED(stmt->ExecuteStep(&hasResult)) && hasResult) {
@ -1521,14 +1530,18 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
expireType = stmt->AsInt32(3);
expireTime = stmt->AsInt64(4);
modificationTime = stmt->AsInt64(5);
isInBrowserElement = static_cast<bool>(stmt->AsInt32(6));
if (NS_WARN_IF(stmt->AsInt64(6) < 0)) {
continue;
}
appId = static_cast<uint32_t>(stmt->AsInt64(6));
isInBrowserElement = static_cast<bool>(stmt->AsInt32(7));
// Perform the meat of the migration by deferring to the
// UpgradeHostToOriginAndInsert function.
UpgradeIPHostToOriginDB upHelper(mDBConn, &id);
rv = UpgradeHostToOriginAndInsert(
host, type, permission, expireType, expireTime,
modificationTime, isInBrowserElement, &upHelper);
modificationTime, appId, isInBrowserElement, &upHelper);
if (NS_FAILED(rv)) {
NS_WARNING(
"Unexpected failure when upgrading migrating permission "
@ -1575,64 +1588,6 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
// fall through to the next upgrade
MOZ_FALLTHROUGH;
// Version 10 removes appId from moz_hosts. SQLite doesn't support the
// dropping of columns from existing tables. We need to create a temporary
// table, copy the data, drop the old table, rename the new one.
case 9: {
rv = mDBConn->BeginTransaction();
NS_ENSURE_SUCCESS(rv, rv);
bool tableExists = false;
mDBConn->TableExists(NS_LITERAL_CSTRING("moz_hosts_v9"), &tableExists);
if (tableExists) {
NS_WARNING(
"The temporary database moz_hosts_v9 already exists, dropping "
"it.");
rv = mDBConn->ExecuteSimpleSQL(
NS_LITERAL_CSTRING("DROP TABLE moz_hosts_v9"));
NS_ENSURE_SUCCESS(rv, rv);
}
rv = mDBConn->ExecuteSimpleSQL(
NS_LITERAL_CSTRING("CREATE TABLE moz_hosts_v9 ("
" id INTEGER PRIMARY KEY"
",host TEXT"
",type TEXT"
",permission INTEGER"
",expireType INTEGER"
",expireTime INTEGER"
",modificationTime INTEGER"
",isInBrowserElement INTEGER"
")"));
NS_ENSURE_SUCCESS(rv, rv);
rv = mDBConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
"INSERT INTO moz_hosts_v9 "
"(id, host, type, permission, expireType, "
"expireTime, modificationTime, isInBrowserElement) "
"SELECT id, host, type, permission, expireType, expireTime, "
"modificationTime, isInBrowserElement FROM moz_hosts WHERE appId = "
"0"));
NS_ENSURE_SUCCESS(rv, rv);
rv = mDBConn->ExecuteSimpleSQL(
NS_LITERAL_CSTRING("DROP TABLE moz_hosts"));
NS_ENSURE_SUCCESS(rv, rv);
rv = mDBConn->ExecuteSimpleSQL(
NS_LITERAL_CSTRING("ALTER TABLE moz_hosts_v9 RENAME TO moz_hosts"));
NS_ENSURE_SUCCESS(rv, rv);
rv = mDBConn->SetSchemaVersion(10);
NS_ENSURE_SUCCESS(rv, rv);
rv = mDBConn->CommitTransaction();
NS_ENSURE_SUCCESS(rv, rv);
}
// fall through to the next upgrade
MOZ_FALLTHROUGH;
// current version.
case HOSTS_SCHEMA_VERSION:
break;
@ -1725,6 +1680,7 @@ nsresult nsPermissionManager::CreateTable() {
",expireType INTEGER"
",expireTime INTEGER"
",modificationTime INTEGER"
",appId INTEGER"
",isInBrowserElement INTEGER"
")"));
}
@ -2460,7 +2416,7 @@ nsresult nsPermissionManager::CommonTestPermissionInternal(
return NS_OK;
}
// Returns PermissionHashKey for a given { host, isInBrowserElement }
// Returns PermissionHashKey for a given { host, appId, isInBrowserElement }
// tuple. This is not simply using PermissionKey because we will walk-up domains
// in case of |host| contains sub-domains. Returns null if nothing found. Also
// accepts host on the format "<foo>". This will perform an exact match lookup
@ -2513,7 +2469,7 @@ nsPermissionManager::GetPermissionHashKey(nsIPrincipal* aPrincipal,
return nullptr;
}
// Returns PermissionHashKey for a given { host, isInBrowserElement }
// Returns PermissionHashKey for a given { host, appId, isInBrowserElement }
// tuple. This is not simply using PermissionKey because we will walk-up domains
// in case of |host| contains sub-domains. Returns null if nothing found. Also
// accepts host on the format "<foo>". This will perform an exact match lookup
@ -3048,10 +3004,10 @@ nsresult nsPermissionManager::_DoImport(nsIInputStream* inputStream,
int64_t modificationTime = 0;
UpgradeHostToOriginHostfileImport upHelper(this, operation, id);
error =
UpgradeHostToOriginAndInsert(lineArray[3], lineArray[1], permission,
nsIPermissionManager::EXPIRE_NEVER, 0,
modificationTime, false, &upHelper);
error = UpgradeHostToOriginAndInsert(
lineArray[3], lineArray[1], permission,
nsIPermissionManager::EXPIRE_NEVER, 0, modificationTime,
nsIScriptSecurityManager::NO_APP_ID, false, &upHelper);
if (NS_FAILED(error)) {
NS_WARNING("There was a problem importing a host permission");
}

12
extensions/permissions/test/unit/test_permmanager_cleardata.js
Просмотреть файл

@ -53,14 +53,16 @@ function run_test()
.getService(Ci.nsIPermissionManager);
let entries = [
{ origin: 'http://example.com', originAttributes: { appId: 1 } },
{ origin: 'http://example.com', originAttributes: { appId: 1, inIsolatedMozBrowser: true } },
{ origin: 'http://example.com', originAttributes: {} },
{ origin: 'http://example.com', originAttributes: { inIsolatedMozBrowser: true } },
{ origin: 'http://example.com', originAttributes: { appId: 2 } },
];
// In that case, all permissions should be removed.
test(entries, getData({}), [ pm.UNKNOWN_ACTION, pm.UNKNOWN_ACTION, pm.ALLOW_ACTION, pm.ALLOW_ACTION ]);
// In that case, all permissions from app 1 should be removed but not the other ones.
test(entries, getData({appId: 1}), [ pm.UNKNOWN_ACTION, pm.UNKNOWN_ACTION, pm.ALLOW_ACTION, pm.ALLOW_ACTION ]);
// In that case, only the permissions related to a browserElement should be removed.
// In that case, only the permissions of app 1 related to a browserElement should be removed.
// All the other permissions should stay.
test(entries, getData({ inIsolatedMozBrowser: true}), [ pm.ALLOW_ACTION, pm.UNKNOWN_ACTION, pm.ALLOW_ACTION, pm.ALLOW_ACTION ]);
test(entries, getData({appId: 1, inIsolatedMozBrowser: true}), [ pm.ALLOW_ACTION, pm.UNKNOWN_ACTION, pm.ALLOW_ACTION, pm.ALLOW_ACTION ]);
}

4
extensions/permissions/test/unit/test_permmanager_defaults.js
Просмотреть файл

@ -39,7 +39,7 @@ add_task(async function do_test() {
conv.writeString("host\t" + TEST_PERMISSION + "\t1\t" + TEST_ORIGIN.host + "\n");
conv.writeString("host\t" + TEST_PERMISSION + "\t1\t" + TEST_ORIGIN_2.host + "\n");
conv.writeString("origin\t" + TEST_PERMISSION + "\t1\t" + TEST_ORIGIN_3.spec + "\n");
conv.writeString("origin\t" + TEST_PERMISSION + "\t1\t" + TEST_ORIGIN.spec + "^inBrowser=1\n");
conv.writeString("origin\t" + TEST_PERMISSION + "\t1\t" + TEST_ORIGIN.spec + "^appId=1000&inBrowser=1\n");
ostream.close();
// Set the preference used by the permission manager so the file is read.
@ -57,7 +57,7 @@ add_task(async function do_test() {
let principal2 = Services.scriptSecurityManager.createCodebasePrincipal(TEST_ORIGIN_2, {});
let principal3 = Services.scriptSecurityManager.createCodebasePrincipal(TEST_ORIGIN_3, {});
let attrs = {inIsolatedMozBrowser: true};
let attrs = {appId: 1000, inIsolatedMozBrowser: true};
let principal4 = Services.scriptSecurityManager.createCodebasePrincipal(TEST_ORIGIN, attrs);
let principal5 = Services.scriptSecurityManager.createCodebasePrincipal(TEST_ORIGIN_3, attrs);

43
extensions/permissions/test/unit/test_permmanager_load_invalid_entries.js
Просмотреть файл

@ -37,63 +37,67 @@ function run_test() {
var garbadge = [
// Regular entry.
{ host: '42', type: '0', permission: 1, expireType: 0, expireTime: 0,
isInBrowserElement: 0 },
appId: 0, isInBrowserElement: 0 },
// Special values in host (some being invalid).
{ host: 'scheme:file', type: '1', permission: 0, expireType: 0,
expireTime: 0, isInBrowserElement: 0 },
expireTime: 0, appId: 0, isInBrowserElement: 0 },
{ host: '192.168.0.1', type: '2', permission: 0, expireType: 0,
expireTime: 0, isInBrowserElement: 0 },
expireTime: 0, appId: 0, isInBrowserElement: 0 },
{ host: '2001:0db8:0000:0000:0000:ff00:0042:8329', type: '3', permission: 0,
expireType: 0, expireTime: 0, isInBrowserElement: 0 },
expireType: 0, expireTime: 0, appId: 0, isInBrowserElement: 0 },
{ host: '::1', type: '4', permission: 0, expireType: 0, expireTime: 0,
isInBrowserElement: 0 },
appId: 0, isInBrowserElement: 0 },
// Permission is UNKNOWN_ACTION.
{ host: '42', type: '5', permission: Ci.nsIPermissionManager.UNKNOWN_ACTION,
expireType: 0, expireTime: 0, isInBrowserElement: 0 },
expireType: 0, expireTime: 0, appId: 0, isInBrowserElement: 0 },
// Permission is out of range.
{ host: '42', type: '6', permission: 100, expireType: 0, expireTime: 0,
isInBrowserElement: 0 },
appId: 0, isInBrowserElement: 0 },
{ host: '42', type: '7', permission: -100, expireType: 0, expireTime: 0,
isInBrowserElement: 0 },
appId: 0, isInBrowserElement: 0 },
// ExpireType is out of range.
{ host: '42', type: '8', permission: 1, expireType: -100, expireTime: 0,
isInBrowserElement: 0 },
appId: 0, isInBrowserElement: 0 },
{ host: '42', type: '9', permission: 1, expireType: 100, expireTime: 0,
isInBrowserElement: 0 },
appId: 0, isInBrowserElement: 0 },
// ExpireTime is at 0 with ExpireType = Time.
{ host: '42', type: '10', permission: 1,
expireType: Ci.nsIPermissionManager.EXPIRE_TIME, expireTime: 0,
expireType: Ci.nsIPermissionManager.EXPIRE_TIME, expireTime: 0, appId: 0,
isInBrowserElement: 0 },
// ExpireTime has a value with ExpireType != Time
{ host: '42', type: '11', permission: 1,
expireType: Ci.nsIPermissionManager.EXPIRE_SESSION, expireTime: 1000,
isInBrowserElement: 0 },
appId: 0, isInBrowserElement: 0 },
{ host: '42', type: '12', permission: 1,
expireType: Ci.nsIPermissionManager.EXPIRE_NEVER, expireTime: 1000,
isInBrowserElement: 0 },
appId: 0, isInBrowserElement: 0 },
// ExpireTime is negative.
{ host: '42', type: '13', permission: 1,
expireType: Ci.nsIPermissionManager.EXPIRE_TIME, expireTime: -1,
isInBrowserElement: 0 },
appId: 0, isInBrowserElement: 0 },
// AppId is negative.
{ host: '42', type: '14', permission: 1, expireType: 0, expireTime: 0,
appId: -1, isInBrowserElement: 0 },
// IsInBrowserElement is negative or higher than 1.
{ host: '42', type: '15', permission: 1, expireType: 0, expireTime: 0,
isInBrowserElement: -1 },
appId: 0, isInBrowserElement: -1 },
{ host: '42', type: '16', permission: 1, expireType: 0, expireTime: 0,
isInBrowserElement: 10 },
appId: 0, isInBrowserElement: 10 },
// This insertion should be the last one. It is used to make sure we always
// load it regardless of the previous entries validities.
{ host: 'example.org', type: 'test-load-invalid-entries',
permission: Ci.nsIPermissionManager.ALLOW_ACTION, expireType: 0,
expireTime: 0, isInBrowserElement: 0 },
expireTime: 0, appId: 0, isInBrowserElement: 0 },
];
for (var i=0; i<garbadge.length; ++i) {
@ -103,10 +107,11 @@ function run_test() {
var data = garbadge[i];
connection.executeSimpleSQL(
"INSERT INTO moz_hosts " +
" (id, host, type, permission, expireType, expireTime, isInBrowserElement, appId) " +
" (id, host, type, permission, expireType, expireTime, appId, isInBrowserElement) " +
"VALUES (" + i + ", '" + data.host + "', '" + data.type + "', "
+ data.permission + ", " + data.expireType + ", "
+ data.expireTime + ", " + data.isInBrowserElement + ", 0)"
+ data.expireTime + ", " + data.appId + ", "
+ data.isInBrowserElement + ")"
);
}

142
extensions/permissions/test/unit/test_permmanager_matches.js
Просмотреть файл

@ -38,20 +38,44 @@ function run_test() {
let uri4 = NetUtil.newURI("https://hangouts.google.com/#!/hangout");
let uri5 = NetUtil.newURI("http://google.com:8096/");
let uri0_n = secMan.createCodebasePrincipal(uri0, {});
let uri1_n = secMan.createCodebasePrincipal(uri1, {});
let uri2_n = secMan.createCodebasePrincipal(uri2, {});
let uri3_n = secMan.createCodebasePrincipal(uri3, {});
let uri4_n = secMan.createCodebasePrincipal(uri4, {});
let uri5_n = secMan.createCodebasePrincipal(uri5, {});
let uri0_n_n = secMan.createCodebasePrincipal(uri0, {});
let uri1_n_n = secMan.createCodebasePrincipal(uri1, {});
let uri2_n_n = secMan.createCodebasePrincipal(uri2, {});
let uri3_n_n = secMan.createCodebasePrincipal(uri3, {});
let uri4_n_n = secMan.createCodebasePrincipal(uri4, {});
let uri5_n_n = secMan.createCodebasePrincipal(uri5, {});
attrs = {inIsolatedMozBrowser: true};
let uri0_y_ = secMan.createCodebasePrincipal(uri0, attrs);
let uri1_y_ = secMan.createCodebasePrincipal(uri1, attrs);
let uri2_y_ = secMan.createCodebasePrincipal(uri2, attrs);
let uri3_y_ = secMan.createCodebasePrincipal(uri3, attrs);
let uri4_y_ = secMan.createCodebasePrincipal(uri4, attrs);
let uri5_y_ = secMan.createCodebasePrincipal(uri5, attrs);
let attrs = {appId: 1000};
let uri0_1000_n = secMan.createCodebasePrincipal(uri0, attrs);
let uri1_1000_n = secMan.createCodebasePrincipal(uri1, attrs);
let uri2_1000_n = secMan.createCodebasePrincipal(uri2, attrs);
let uri3_1000_n = secMan.createCodebasePrincipal(uri3, attrs);
let uri4_1000_n = secMan.createCodebasePrincipal(uri4, attrs);
let uri5_1000_n = secMan.createCodebasePrincipal(uri5, attrs);
attrs = {appId: 1000, inIsolatedMozBrowser: true};
let uri0_1000_y = secMan.createCodebasePrincipal(uri0, attrs);
let uri1_1000_y = secMan.createCodebasePrincipal(uri1, attrs);
let uri2_1000_y = secMan.createCodebasePrincipal(uri2, attrs);
let uri3_1000_y = secMan.createCodebasePrincipal(uri3, attrs);
let uri4_1000_y = secMan.createCodebasePrincipal(uri4, attrs);
let uri5_1000_y = secMan.createCodebasePrincipal(uri5, attrs);
attrs = {appId: 2000};
let uri0_2000_n = secMan.createCodebasePrincipal(uri0, attrs);
let uri1_2000_n = secMan.createCodebasePrincipal(uri1, attrs);
let uri2_2000_n = secMan.createCodebasePrincipal(uri2, attrs);
let uri3_2000_n = secMan.createCodebasePrincipal(uri3, attrs);
let uri4_2000_n = secMan.createCodebasePrincipal(uri4, attrs);
let uri5_2000_n = secMan.createCodebasePrincipal(uri5, attrs);
attrs = {appId: 2000, inIsolatedMozBrowser: true};
let uri0_2000_y = secMan.createCodebasePrincipal(uri0, attrs);
let uri1_2000_y = secMan.createCodebasePrincipal(uri1, attrs);
let uri2_2000_y = secMan.createCodebasePrincipal(uri2, attrs);
let uri3_2000_y = secMan.createCodebasePrincipal(uri3, attrs);
let uri4_2000_y = secMan.createCodebasePrincipal(uri4, attrs);
let uri5_2000_y = secMan.createCodebasePrincipal(uri5, attrs);
attrs = {userContextId: 1};
let uri0_1 = secMan.createCodebasePrincipal(uri0, attrs);
@ -69,40 +93,88 @@ function run_test() {
let uri4_cnn = secMan.createCodebasePrincipal(uri4, attrs);
let uri5_cnn = secMan.createCodebasePrincipal(uri5, attrs);
pm.addFromPrincipal(uri0_n, "test/matches", pm.ALLOW_ACTION);
let perm_n = pm.getPermissionObject(uri0_n, "test/matches", true);
pm.addFromPrincipal(uri0_y_, "test/matches", pm.ALLOW_ACTION);
let perm_y_ = pm.getPermissionObject(uri0_y_, "test/matches", true);
pm.addFromPrincipal(uri0_n_n, "test/matches", pm.ALLOW_ACTION);
let perm_n_n = pm.getPermissionObject(uri0_n_n, "test/matches", true);
pm.addFromPrincipal(uri0_1000_n, "test/matches", pm.ALLOW_ACTION);
let perm_1000_n = pm.getPermissionObject(uri0_1000_n, "test/matches", true);
pm.addFromPrincipal(uri0_1000_y, "test/matches", pm.ALLOW_ACTION);
let perm_1000_y = pm.getPermissionObject(uri0_1000_y, "test/matches", true);
pm.addFromPrincipal(uri0_2000_n, "test/matches", pm.ALLOW_ACTION);
let perm_2000_n = pm.getPermissionObject(uri0_2000_n, "test/matches", true);
pm.addFromPrincipal(uri0_2000_y, "test/matches", pm.ALLOW_ACTION);
let perm_2000_y = pm.getPermissionObject(uri0_2000_y, "test/matches", true);
pm.addFromPrincipal(uri0_1, "test/matches", pm.ALLOW_ACTION);
let perm_1 = pm.getPermissionObject(uri0_n, "test/matches", true);
let perm_1 = pm.getPermissionObject(uri0_n_n, "test/matches", true);
pm.addFromPrincipal(uri0_cnn, "test/matches", pm.ALLOW_ACTION);
let perm_cnn = pm.getPermissionObject(uri0_n, "test/matches", true);
let perm_cnn = pm.getPermissionObject(uri0_n_n, "test/matches", true);
matches_always(perm_n, [uri0_n, uri0_1, uri0_cnn]);
matches_weak(perm_n, [uri1_n, uri1_1, uri1_cnn]);
matches_never(perm_n, [uri2_n, uri3_n, uri4_n, uri5_n,
uri0_y_, uri1_y_, uri2_y_, uri3_y_, uri4_y_, uri5_y_,
matches_always(perm_n_n, [uri0_n_n, uri0_1, uri0_cnn]);
matches_weak(perm_n_n, [uri1_n_n, uri1_1, uri1_cnn]);
matches_never(perm_n_n, [uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
uri2_1, uri3_1, uri4_1, uri5_1,
uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
matches_always(perm_y_, [uri0_y_]);
matches_weak(perm_y_, [uri1_y_]);
matches_never(perm_y_, [uri2_y_, uri3_y_, uri4_y_, uri5_y_,
uri0_n, uri1_n, uri2_n, uri3_n, uri4_n, uri5_n,
matches_always(perm_1000_n, [uri0_1000_n]);
matches_weak(perm_1000_n, [uri1_1000_n]);
matches_never(perm_1000_n, [uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
uri0_n_n, uri1_n_n, uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
uri0_1, uri1_1, uri2_1, uri3_1, uri4_1, uri5_1,
uri0_cnn, uri1_cnn, uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
matches_always(perm_1, [uri0_n, uri0_1, uri0_cnn]);
matches_weak(perm_1, [uri1_n, uri1_1, uri1_cnn]);
matches_never(perm_1, [uri2_n, uri3_n, uri4_n, uri5_n,
uri0_y_, uri1_y_, uri2_y_, uri3_y_, uri4_y_, uri5_y_,
matches_always(perm_1000_y, [uri0_1000_y]);
matches_weak(perm_1000_y, [uri1_1000_y]);
matches_never(perm_1000_y, [uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
uri0_n_n, uri1_n_n, uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
uri0_1, uri1_1, uri2_1, uri3_1, uri4_1, uri5_1,
uri0_cnn, uri1_cnn, uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
matches_always(perm_2000_n, [uri0_2000_n]);
matches_weak(perm_2000_n, [uri1_2000_n]);
matches_never(perm_2000_n, [uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
uri0_n_n, uri1_n_n, uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
uri0_1, uri1_1, uri2_1, uri3_1, uri4_1, uri5_1,
uri0_cnn, uri1_cnn, uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
matches_always(perm_2000_y, [uri0_2000_y]);
matches_weak(perm_2000_y, [uri1_2000_y]);
matches_never(perm_2000_y, [uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
uri0_n_n, uri1_n_n, uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
uri0_1, uri1_1, uri2_1, uri3_1, uri4_1, uri5_1,
uri0_cnn, uri1_cnn, uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
matches_always(perm_1, [uri0_n_n, uri0_1, uri0_cnn]);
matches_weak(perm_1, [uri1_n_n, uri1_1, uri1_cnn]);
matches_never(perm_1, [uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
uri2_1, uri3_1, uri4_1, uri5_1,
uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
matches_always(perm_cnn, [uri0_n, uri0_1, uri0_cnn]);
matches_weak(perm_cnn, [uri1_n, uri1_1, uri1_cnn]);
matches_never(perm_cnn, [uri2_n, uri3_n, uri4_n, uri5_n,
uri0_y_, uri1_y_, uri2_y_, uri3_y_, uri4_y_, uri5_y_,
matches_always(perm_cnn, [uri0_n_n, uri0_1, uri0_cnn]);
matches_weak(perm_cnn, [uri1_n_n, uri1_1, uri1_cnn]);
matches_never(perm_cnn, [uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
uri2_1, uri3_1, uri4_1, uri5_1,
uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);

6
extensions/permissions/test/unit/test_permmanager_matchesuri.js
Просмотреть файл

@ -22,7 +22,7 @@ function matches_never(perm, uris) {
});
}
function mk_permission(uri) {
function mk_permission(uri, isAppPermission = false) {
let pm = Cc["@mozilla.org/permissionmanager;1"].
getService(Ci.nsIPermissionManager);
@ -30,7 +30,9 @@ function mk_permission(uri) {
.getService(Ci.nsIScriptSecurityManager);
// Get the permission from the principal!
let principal = secMan.createCodebasePrincipal(uri, {});
let attrs = {appId: 1000};
let principal =
secMan.createCodebasePrincipal(uri, isAppPermission ? attrs : {});
pm.addFromPrincipal(principal, "test/matchesuri", pm.ALLOW_ACTION);
let permission = pm.getPermissionObject(principal, "test/matchesuri", true);

15
extensions/permissions/test/unit/test_permmanager_migrate_4-7.js
Просмотреть файл

@ -109,7 +109,8 @@ add_task(async function test() {
// The http:// entries under foo.com won't be inserted, as there are history entries for foo.com,
// and http://foo.com or a subdomain are never visited.
// ["http://foo.com", "A", 1, 0, 0],
// ["http://foo.com^inBrowser=1", "A", 1, 0, 0],
// ["http://foo.com^appId=1000", "A", 1, 0, 0],
// ["http://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
//
// Because we search for port/scheme combinations under eTLD+1, we should not have http:// entries
// for subdomains of foo.com either
@ -118,15 +119,18 @@ add_task(async function test() {
["https://foo.com", "A", 1, 0, 0],
["https://foo.com", "C", 1, 0, 0],
["https://foo.com^inBrowser=1", "A", 1, 0, 0],
["https://foo.com^appId=1000", "A", 1, 0, 0],
["https://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
["https://sub.foo.com", "B", 1, 0, 0],
["https://subber.sub.foo.com", "B", 1, 0, 0],
// bar.ca will have both http:// and https:// for all entries, because there are no associated history entries
["http://bar.ca", "B", 1, 0, 0],
["https://bar.ca", "B", 1, 0, 0],
["http://bar.ca^inBrowser=1", "A", 1, 0, 0],
["https://bar.ca^inBrowser=1", "A", 1, 0, 0],
["http://bar.ca^appId=1000", "B", 1, 0, 0],
["https://bar.ca^appId=1000", "B", 1, 0, 0],
["http://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
["https://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
["file:///some/path/to/file.html", "A", 1, 0, 0],
["file:///another/file.html", "A", 1, 0, 0],
@ -134,7 +138,8 @@ add_task(async function test() {
// also have these entries
["ftp://foo.com:8000", "A", 1, 0, 0],
["ftp://foo.com:8000", "C", 1, 0, 0],
["ftp://foo.com:8000^inBrowser=1", "A", 1, 0, 0],
["ftp://foo.com:8000^appId=1000", "A", 1, 0, 0],
["ftp://foo.com:8000^appId=2000&inBrowser=1", "A", 1, 0, 0],
// In addition, because we search for port/scheme combinations under eTLD+1, we should have the
// following entries

12
extensions/permissions/test/unit/test_permmanager_migrate_4-7_no_history.js
Просмотреть файл

@ -144,21 +144,25 @@ add_task(function test() {
let expected = [
["http://foo.com", "A", 1, 0, 0],
["http://foo.com", "C", 1, 0, 0],
["http://foo.com^inBrowser=1", "A", 1, 0, 0],
["http://foo.com^appId=1000", "A", 1, 0, 0],
["http://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
["http://sub.foo.com", "B", 1, 0, 0],
["http://subber.sub.foo.com", "B", 1, 0, 0],
["https://foo.com", "A", 1, 0, 0],
["https://foo.com", "C", 1, 0, 0],
["https://foo.com^inBrowser=1", "A", 1, 0, 0],
["https://foo.com^appId=1000", "A", 1, 0, 0],
["https://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
["https://sub.foo.com", "B", 1, 0, 0],
["https://subber.sub.foo.com", "B", 1, 0, 0],
// bar.ca will have both http:// and https:// for all entries, because there are no associated history entries
["http://bar.ca", "B", 1, 0, 0],
["https://bar.ca", "B", 1, 0, 0],
["http://bar.ca^inBrowser=1", "A", 1, 0, 0],
["https://bar.ca^inBrowser=1", "A", 1, 0, 0],
["http://bar.ca^appId=1000", "B", 1, 0, 0],
["https://bar.ca^appId=1000", "B", 1, 0, 0],
["http://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
["https://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
["file:///some/path/to/file.html", "A", 1, 0, 0],
["file:///another/file.html", "A", 1, 0, 0],

17
extensions/permissions/test/unit/test_permmanager_migrate_5-7a.js
Просмотреть файл

@ -132,7 +132,7 @@ add_task(async function test() {
let created5 = [
insertOrigin("https://foo.com", "A", 2, 0, 0, 0),
insertOrigin("http://foo.com", "A", 2, 0, 0, 0),
insertOrigin("http://foo.com^inBrowser=1", "A", 2, 0, 0, 0),
insertOrigin("http://foo.com^appId=1000&inBrowser=1", "A", 2, 0, 0, 0),
];
// Add some rows to the database
@ -168,7 +168,8 @@ add_task(async function test() {
// The http:// entries under foo.com won't be inserted, as there are history entries for foo.com,
// and http://foo.com or a subdomain are never visited.
// ["http://foo.com", "A", 1, 0, 0],
// ["http://foo.com^inBrowser=1", "A", 1, 0, 0],
// ["http://foo.com^appId=1000", "A", 1, 0, 0],
// ["http://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
//
// Because we search for port/scheme combinations under eTLD+1, we should not have http:// entries
// for subdomains of foo.com either
@ -177,15 +178,18 @@ add_task(async function test() {
["https://foo.com", "A", 1, 0, 0],
["https://foo.com", "C", 1, 0, 0],
["https://foo.com^inBrowser=1", "A", 1, 0, 0],
["https://foo.com^appId=1000", "A", 1, 0, 0],
["https://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
["https://sub.foo.com", "B", 1, 0, 0],
["https://subber.sub.foo.com", "B", 1, 0, 0],
// bar.ca will have both http:// and https:// for all entries, because there are no associated history entries
["http://bar.ca", "B", 1, 0, 0],
["https://bar.ca", "B", 1, 0, 0],
["http://bar.ca^inBrowser=1", "A", 1, 0, 0],
["https://bar.ca^inBrowser=1", "A", 1, 0, 0],
["http://bar.ca^appId=1000", "B", 1, 0, 0],
["https://bar.ca^appId=1000", "B", 1, 0, 0],
["http://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
["https://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
["file:///some/path/to/file.html", "A", 1, 0, 0],
["file:///another/file.html", "A", 1, 0, 0],
@ -193,7 +197,8 @@ add_task(async function test() {
// also have these entries
["ftp://foo.com:8000", "A", 1, 0, 0],
["ftp://foo.com:8000", "C", 1, 0, 0],
["ftp://foo.com:8000^inBrowser=1", "A", 1, 0, 0],
["ftp://foo.com:8000^appId=1000", "A", 1, 0, 0],
["ftp://foo.com:8000^appId=2000&inBrowser=1", "A", 1, 0, 0],
// In addition, because we search for port/scheme combinations under eTLD+1, we should have the
// following entries

7
extensions/permissions/test/unit/test_permmanager_migrate_5-7b.js
Просмотреть файл

@ -94,7 +94,7 @@ add_task(function test() {
let expected = [
["https://foo.com", "A", 2, 0, 0, 0],
["http://foo.com", "A", 2, 0, 0, 0],
["http://foo.com^inBrowser=1", "A", 2, 0, 0, 0],
["http://foo.com^appId=1000&inBrowser=1", "A", 2, 0, 0, 0],
["http://127.0.0.1", "B", 2, 0, 0, 0],
["http://localhost", "B", 2, 0, 0, 0],
@ -144,7 +144,7 @@ add_task(function test() {
let mozHostsStmt = db.createStatement("SELECT " +
"host, type, permission, expireType, expireTime, " +
"modificationTime, isInBrowserElement " +
"modificationTime, appId, isInBrowserElement " +
"FROM moz_hosts WHERE id = :id");
try {
// Check that the moz_hosts table still contains the correct values.
@ -158,7 +158,8 @@ add_task(function test() {
Assert.equal(mozHostsStmt.getInt64(3), it.expireType);
Assert.equal(mozHostsStmt.getInt64(4), it.expireTime);
Assert.equal(mozHostsStmt.getInt64(5), it.modificationTime);
Assert.equal(mozHostsStmt.getInt64(6), it.isInBrowserElement);
Assert.equal(mozHostsStmt.getInt64(6), it.appId);
Assert.equal(mozHostsStmt.getInt64(7), it.isInBrowserElement);
});
} finally {
mozHostsStmt.finalize();

17
extensions/permissions/test/unit/test_permmanager_migrate_6-7a.js
Просмотреть файл

@ -132,7 +132,7 @@ add_task(async function test() {
let created6 = [
insertOrigin("https://foo.com", "A", 2, 0, 0, 0),
insertOrigin("http://foo.com", "A", 2, 0, 0, 0),
insertOrigin("http://foo.com^inBrowser=1", "A", 2, 0, 0, 0),
insertOrigin("http://foo.com^appId=1000&inBrowser=1", "A", 2, 0, 0, 0),
];
// Add some rows to the database
@ -168,7 +168,8 @@ add_task(async function test() {
// The http:// entries under foo.com won't be inserted, as there are history entries for foo.com,
// and http://foo.com or a subdomain are never visited.
// ["http://foo.com", "A", 1, 0, 0],
// ["http://foo.com^inBrowser=1", "A", 1, 0, 0],
// ["http://foo.com^appId=1000", "A", 1, 0, 0],
// ["http://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
//
// Because we search for port/scheme combinations under eTLD+1, we should not have http:// entries
// for subdomains of foo.com either
@ -177,15 +178,18 @@ add_task(async function test() {
["https://foo.com", "A", 1, 0, 0],
["https://foo.com", "C", 1, 0, 0],
["https://foo.com^inBrowser=1", "A", 1, 0, 0],
["https://foo.com^appId=1000", "A", 1, 0, 0],
["https://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
["https://sub.foo.com", "B", 1, 0, 0],
["https://subber.sub.foo.com", "B", 1, 0, 0],
// bar.ca will have both http:// and https:// for all entries, because there are no associated history entries
["http://bar.ca", "B", 1, 0, 0],
["https://bar.ca", "B", 1, 0, 0],
["http://bar.ca^inBrowser=1", "A", 1, 0, 0],
["https://bar.ca^inBrowser=1", "A", 1, 0, 0],
["http://bar.ca^appId=1000", "B", 1, 0, 0],
["https://bar.ca^appId=1000", "B", 1, 0, 0],
["http://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
["https://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
["file:///some/path/to/file.html", "A", 1, 0, 0],
["file:///another/file.html", "A", 1, 0, 0],
@ -193,7 +197,8 @@ add_task(async function test() {
// also have these entries
["ftp://foo.com:8000", "A", 1, 0, 0],
["ftp://foo.com:8000", "C", 1, 0, 0],
["ftp://foo.com:8000^inBrowser=1", "A", 1, 0, 0],
["ftp://foo.com:8000^appId=1000", "A", 1, 0, 0],
["ftp://foo.com:8000^appId=2000&inBrowser=1", "A", 1, 0, 0],
// In addition, because we search for port/scheme combinations under eTLD+1, we should have the
// following entries

7
extensions/permissions/test/unit/test_permmanager_migrate_6-7b.js
Просмотреть файл

@ -91,7 +91,7 @@ add_task(function test() {
let expected = [
["https://foo.com", "A", 2, 0, 0, 0],
["http://foo.com", "A", 2, 0, 0, 0],
["http://foo.com^inBrowser=1", "A", 2, 0, 0, 0]
["http://foo.com^appId=1000&inBrowser=1", "A", 2, 0, 0, 0]
];
let found = expected.map((it) => 0);
@ -138,7 +138,7 @@ add_task(function test() {
let mozHostsStmt = db.createStatement("SELECT " +
"host, type, permission, expireType, expireTime, " +
"modificationTime, isInBrowserElement " +
"modificationTime, appId, isInBrowserElement " +
"FROM moz_hosts WHERE id = :id");
try {
// Check that the moz_hosts table still contains the correct values.
@ -152,7 +152,8 @@ add_task(function test() {
Assert.equal(mozHostsStmt.getInt64(3), it.expireType);
Assert.equal(mozHostsStmt.getInt64(4), it.expireTime);
Assert.equal(mozHostsStmt.getInt64(5), it.modificationTime);
Assert.equal(mozHostsStmt.getInt64(6), it.isInBrowserElement);
Assert.equal(mozHostsStmt.getInt64(6), it.appId);
Assert.equal(mozHostsStmt.getInt64(7), it.isInBrowserElement);
});
} finally {
mozHostsStmt.finalize();

4
extensions/permissions/test/unit/test_permmanager_migrate_7-8.js
Просмотреть файл

@ -137,7 +137,7 @@ add_task(async function test() {
let created7 = [
insertOrigin("https://foo.com", "A", 2, 0, 0, 0),
insertOrigin("http://foo.com", "A", 2, 0, 0, 0),
insertOrigin("http://foo.com^inBrowser=1", "A", 2, 0, 0, 0),
insertOrigin("http://foo.com^appId=1000&inBrowser=1", "A", 2, 0, 0, 0),
insertOrigin("https://192.0.2.235", "A", 2, 0, 0),
];
@ -178,7 +178,7 @@ add_task(async function test() {
// We should have kept the previously migrated entries
["https://foo.com", "A", 2, 0, 0, 0],
["http://foo.com", "A", 2, 0, 0, 0],
["http://foo.com^inBrowser=1", "A", 2, 0, 0, 0],
["http://foo.com^appId=1000&inBrowser=1", "A", 2, 0, 0, 0],
// Make sure that we also support localhost, and IP addresses
["https://localhost:8080", "A", 1, 0, 0],

217
extensions/permissions/test/unit/test_permmanager_migrate_9-10.js
Просмотреть файл

@ -1,217 +0,0 @@
/* Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ */
ChromeUtils.defineModuleGetter(this, "PlacesTestUtils",
"resource://testing-common/PlacesTestUtils.jsm");
var PERMISSIONS_FILE_NAME = "permissions.sqlite";
function GetPermissionsFile(profile)
{
let file = profile.clone();
file.append(PERMISSIONS_FILE_NAME);
return file;
}
add_task(async function test() {
/* Create and set up the permissions database */
let profile = do_get_profile();
Services.prefs.setCharPref("permissions.manager.defaultsUrl", "");
let db = Services.storage.openDatabase(GetPermissionsFile(profile));
db.schemaVersion = 9;
db.executeSimpleSQL("DROP TABLE moz_perms");
db.executeSimpleSQL("DROP TABLE moz_hosts");
db.executeSimpleSQL(
"CREATE TABLE moz_perms (" +
" id INTEGER PRIMARY KEY" +
",origin TEXT" +
",type TEXT" +
",permission INTEGER" +
",expireType INTEGER" +
",expireTime INTEGER" +
",modificationTime INTEGER" +
")");
let stmt6Insert = db.createStatement(
"INSERT INTO moz_perms (" +
"id, origin, type, permission, expireType, expireTime, modificationTime" +
") VALUES (" +
":id, :origin, :type, :permission, :expireType, :expireTime, :modificationTime" +
")");
db.executeSimpleSQL(
"CREATE TABLE moz_hosts (" +
" id INTEGER PRIMARY KEY" +
",host TEXT" +
",type TEXT" +
",permission INTEGER" +
",expireType INTEGER" +
",expireTime INTEGER" +
",modificationTime INTEGER" +
",appId INTEGER" +
",isInBrowserElement INTEGER" +
")");
let stmtInsert = db.createStatement(
"INSERT INTO moz_hosts (" +
"id, host, type, permission, expireType, expireTime, modificationTime, appId, isInBrowserElement" +
") VALUES (" +
":id, :host, :type, :permission, :expireType, :expireTime, :modificationTime, :appId, :isInBrowserElement" +
")");
let id = 0;
function insertOrigin(origin, type, permission, expireType, expireTime, modificationTime) {
let thisId = id++;
stmt6Insert.bindByName("id", thisId);
stmt6Insert.bindByName("origin", origin);
stmt6Insert.bindByName("type", type);
stmt6Insert.bindByName("permission", permission);
stmt6Insert.bindByName("expireType", expireType);
stmt6Insert.bindByName("expireTime", expireTime);
stmt6Insert.bindByName("modificationTime", modificationTime);
try {
stmt6Insert.execute();
} finally {
stmt6Insert.reset();
}
return {
id: thisId,
origin: origin,
type: type,
permission: permission,
expireType: expireType,
expireTime: expireTime,
modificationTime: modificationTime
};
}
function insertHost(host, type, permission, expireType, expireTime, modificationTime, appId, isInBrowserElement) {
let thisId = id++;
stmtInsert.bindByName("id", thisId);
stmtInsert.bindByName("host", host);
stmtInsert.bindByName("type", type);
stmtInsert.bindByName("permission", permission);
stmtInsert.bindByName("expireType", expireType);
stmtInsert.bindByName("expireTime", expireTime);
stmtInsert.bindByName("modificationTime", modificationTime);
stmtInsert.bindByName("appId", appId);
stmtInsert.bindByName("isInBrowserElement", isInBrowserElement);
try {
stmtInsert.execute();
} finally {
stmtInsert.reset();
}
return {
id: thisId,
host: host,
type: type,
permission: permission,
expireType: expireType,
expireTime: expireTime,
modificationTime: modificationTime,
appId: appId,
isInBrowserElement: isInBrowserElement
};
}
let created7 = [
insertOrigin("https://foo.com", "A", 2, 0, 0, 0),
insertOrigin("http://foo.com", "A", 2, 0, 0, 0),
insertOrigin("http://foo.com^inBrowser=1", "A", 2, 0, 0, 0),
];
// Add some rows to the database
let created = [
insertHost("foo.com", "A", 1, 0, 0, 0, 0, false),
insertHost("foo.com", "B", 1, 0, 0, 0, 1000, false),
insertHost("foo.com", "C", 1, 0, 0, 0, 2000, true),
];
// CLose the db connection
stmt6Insert.finalize();
stmtInsert.finalize();
db.close();
stmtInsert = null;
db = null;
let expected = [
["https://foo.com", "A", 2, 0, 0, 0],
["http://foo.com", "A", 2, 0, 0, 0],
["http://foo.com^inBrowser=1", "A", 2, 0, 0, 0],
];
let found = expected.map((it) => 0);
// Add some places to the places database
await PlacesTestUtils.addVisits(Services.io.newURI("https://foo.com/some/other/subdirectory"));
await PlacesTestUtils.addVisits(Services.io.newURI("ftp://some.subdomain.of.foo.com:8000/some/subdirectory"));
await PlacesTestUtils.addVisits(Services.io.newURI("ftp://127.0.0.1:8080"));
await PlacesTestUtils.addVisits(Services.io.newURI("https://localhost:8080"));
// This will force the permission-manager to reload the data.
Services.obs.notifyObservers(null, "testonly-reload-permissions-from-disk", "");
// Force initialization of the nsPermissionManager
for (let permission of Services.perms.enumerator) {
let isExpected = false;
expected.forEach((it, i) => {
if (permission.principal.origin == it[0] &&
permission.type == it[1] &&
permission.capability == it[2] &&
permission.expireType == it[3] &&
permission.expireTime == it[4]) {
isExpected = true;
found[i]++;
}
});
Assert.ok(isExpected,
"Permission " + (isExpected ? "should" : "shouldn't") +
" be in permission database: " +
permission.principal.origin + ", " +
permission.type + ", " +
permission.capability + ", " +
permission.expireType + ", " +
permission.expireTime);
}
found.forEach((count, i) => {
Assert.ok(count == 1, "Expected count = 1, got count = " + count + " for permission " + expected[i]);
});
// Check to make sure that all of the tables which we care about are present
{
let db = Services.storage.openDatabase(GetPermissionsFile(profile));
Assert.ok(db.tableExists("moz_perms"));
Assert.ok(db.tableExists("moz_hosts"));
Assert.ok(!db.tableExists("moz_perms_v6"));
let mozHostsCount = db.createStatement("SELECT count(*) FROM moz_hosts");
try {
mozHostsCount.executeStep();
Assert.equal(mozHostsCount.getInt64(0), 1);
} finally {
mozHostsCount.finalize();
}
let mozPermsCount = db.createStatement("SELECT count(*) FROM moz_perms");
try {
mozPermsCount.executeStep();
Assert.equal(mozPermsCount.getInt64(0), expected.length);
} finally {
mozPermsCount.finalize();
}
db.close();
}
});

99
extensions/permissions/test/unit/test_permmanager_removeforapp.js Normal file
Просмотреть файл

@ -0,0 +1,99 @@
/* Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ */
function run_test() {
// initialize the permission manager service
let ssm = Services.scriptSecurityManager;
let pm = Services.perms;
function mkPrin(uri, appId, inIsolatedMozBrowser) {
return ssm.createCodebasePrincipal(Services.io.newURI(uri),
{appId: appId, inIsolatedMozBrowser: inIsolatedMozBrowser});
}
function checkPerms(perms) {
perms.forEach((perm) => {
// Look up the expected permission
Assert.equal(pm.getPermissionObject(mkPrin(perm[0], perm[1], perm[2]),
perm[3], true).capability,
perm[4], "Permission is expected in the permission database");
});
// Count the entries
let count = 0;
let enumerator = Services.perms.enumerator;
while (enumerator.hasMoreElements()) { enumerator.getNext(); count++; }
Assert.equal(count, perms.length, "There should be the right number of permissions in the DB");
}
checkPerms([]);
let permissions = [
['http://google.com', 1001, false, 'a', 1],
['http://google.com', 1001, false, 'b', 1],
['http://mozilla.com', 1001, false, 'b', 1],
['http://mozilla.com', 1001, false, 'a', 1],
['http://google.com', 1001, true, 'a', 1],
['http://google.com', 1001, true, 'b', 1],
['http://mozilla.com', 1001, true, 'b', 1],
['http://mozilla.com', 1001, true, 'a', 1],
['http://google.com', 1011, false, 'a', 1],
['http://google.com', 1011, false, 'b', 1],
['http://mozilla.com', 1011, false, 'b', 1],
['http://mozilla.com', 1011, false, 'a', 1],
];
permissions.forEach((perm) => {
pm.addFromPrincipal(mkPrin(perm[0], perm[1], perm[2]), perm[3], perm[4]);
});
checkPerms(permissions);
let remove_false_perms = [
['http://google.com', 1011, false, 'a', 1],
['http://google.com', 1011, false, 'b', 1],
['http://mozilla.com', 1011, false, 'b', 1],
['http://mozilla.com', 1011, false, 'a', 1],
];
let attrs = { appId: 1001 };
pm.removePermissionsWithAttributes(JSON.stringify(attrs));
checkPerms(remove_false_perms);
let restore = [
['http://google.com', 1001, false, 'a', 1],
['http://google.com', 1001, false, 'b', 1],
['http://mozilla.com', 1001, false, 'b', 1],
['http://mozilla.com', 1001, false, 'a', 1],
['http://google.com', 1001, true, 'a', 1],
['http://google.com', 1001, true, 'b', 1],
['http://mozilla.com', 1001, true, 'b', 1],
['http://mozilla.com', 1001, true, 'a', 1],
];
restore.forEach((perm) => {
pm.addFromPrincipal(mkPrin(perm[0], perm[1], perm[2]), perm[3], perm[4]);
});
checkPerms(permissions);
let remove_true_perms = [
['http://google.com', 1001, false, 'a', 1],
['http://google.com', 1001, false, 'b', 1],
['http://mozilla.com', 1001, false, 'b', 1],
['http://mozilla.com', 1001, false, 'a', 1],
['http://google.com', 1011, false, 'a', 1],
['http://google.com', 1011, false, 'b', 1],
['http://mozilla.com', 1011, false, 'b', 1],
['http://mozilla.com', 1011, false, 'a', 1],
];
attrs = { appId: 1001,
inIsolatedMozBrowser: true };
pm.removePermissionsWithAttributes(JSON.stringify(attrs));
checkPerms(remove_true_perms);
}

2
extensions/permissions/test/unit/xpcshell.ini
Просмотреть файл

@ -13,6 +13,7 @@ skip-if = toolkit == 'android'
[test_permmanager_removebytype.js]
[test_permmanager_removebytypesince.js]
[test_permmanager_removesince.js]
[test_permmanager_removeforapp.js]
[test_permmanager_load_invalid_entries.js]
skip-if = debug == true
[test_permmanager_idn.js]
@ -29,4 +30,3 @@ skip-if = debug == true
[test_permmanager_migrate_6-7b.js]
[test_permmanager_migrate_4-7_no_history.js]
[test_permmanager_migrate_7-8.js]
[test_permmanager_migrate_9-10.js]

6
ipc/glue/BackgroundUtils.cpp
Просмотреть файл

@ -85,7 +85,11 @@ already_AddRefed<nsIPrincipal> PrincipalInfoToPrincipal(
return nullptr;
}
principal = BasePrincipal::CreateCodebasePrincipal(uri, info.attrs());
OriginAttributes attrs;
if (info.attrs().mAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID) {
attrs = info.attrs();
}
principal = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
if (NS_WARN_IF(!principal)) {
return nullptr;
}

3
ipc/glue/ProtocolUtils.h
Просмотреть файл

@ -969,6 +969,9 @@ Protocol* LoneManagedOrNullAsserts(
return aManagees.ConstIter().Get()->GetKey();
}
// appId's are for B2G only currently, where managees.Count() == 1. This is
// not guaranteed currently in Desktop, so for paths used for desktop,
// don't assert there's one managee.
template <typename Protocol>
Protocol* SingleManagedOrNull(const ManagedContainer<Protocol>& aManagees) {
if (aManagees.Count() != 1) {

14
mobile/android/components/ContentPermissionPrompt.js
Просмотреть файл

@ -24,7 +24,7 @@ ContentPermissionPrompt.prototype = {
QueryInterface: ChromeUtils.generateQI([Ci.nsIContentPermissionPrompt]),
handleExistingPermission: function handleExistingPermission(request, type, callback) {
handleExistingPermission: function handleExistingPermission(request, type, isApp, callback) {
let result = Services.perms.testExactPermissionFromPrincipal(request.principal, type);
if (result == Ci.nsIPermissionManager.ALLOW_ACTION) {
callback(/* allow */ true);
@ -36,6 +36,11 @@ ContentPermissionPrompt.prototype = {
return true;
}
if (isApp && result == Ci.nsIPermissionManager.UNKNOWN_ACTION) {
callback(/* allow */ false);
return true;
}
return false;
},
@ -54,6 +59,8 @@ ContentPermissionPrompt.prototype = {
},
prompt: function(request) {
let isApp = request.principal.appId !== Ci.nsIScriptSecurityManager.NO_APP_ID && request.principal.appId !== Ci.nsIScriptSecurityManager.UNKNOWN_APP_ID;
// Only allow exactly one permission rquest here.
let types = request.types.QueryInterface(Ci.nsIArray);
if (types.length != 1) {
@ -79,7 +86,7 @@ ContentPermissionPrompt.prototype = {
};
// Returns true if the request was handled
if (this.handleExistingPermission(request, perm.type, callback)) {
if (this.handleExistingPermission(request, perm.type, isApp, callback)) {
return;
}
@ -109,6 +116,9 @@ ContentPermissionPrompt.prototype = {
// If the user checked "Don't ask again" or this is a desktopNotification, make a permanent exception
if (aChecked || entityName == "desktopNotification2") {
Services.perms.addFromPrincipal(request.principal, perm.type, Ci.nsIPermissionManager.ALLOW_ACTION);
} else if (isApp) {
// Otherwise allow the permission for the current session if the request comes from an app
Services.perms.addFromPrincipal(request.principal, perm.type, Ci.nsIPermissionManager.ALLOW_ACTION, Ci.nsIPermissionManager.EXPIRE_SESSION);
}
callback(/* allow */ true);

3
netwerk/base/nsILoadContextInfo.idl
Просмотреть файл

@ -23,6 +23,9 @@ interface nsIDOMWindow;
[scriptable, builtinclass, uuid(555e2f8a-a1f6-41dd-88ca-ed4ed6b98a22)]
interface nsILoadContextInfo : nsISupports
{
const unsigned long NO_APP_ID = 0;
const unsigned long UNKNOWN_APP_ID = 4294967295; // UINT32_MAX
/**
* Whether the context is in a Private Browsing mode
*/

13
netwerk/base/nsNetUtil.h
Просмотреть файл

@ -351,7 +351,7 @@ nsresult NS_NewLoadGroup(nsILoadGroup** aResult, nsIPrincipal* aPrincipal);
// Determine if the given loadGroup/principal pair will produce a principal
// with similar permissions when passed to NS_NewChannel(). This checks for
// things like making sure the browser element flag matches. Without
// things like making sure the appId and browser element flags match. Without
// an appropriate load group these values can be lost when getting the result
// principal back out of the channel. Null principals are also always allowed
// as they do not have permissions to actually use the load group.
@ -631,6 +631,11 @@ bool NS_IsSafeTopLevelNav(nsIChannel* aChannel);
*/
bool NS_IsSameSiteForeign(nsIChannel* aChannel, nsIURI* aHostURI);
// Constants duplicated from nsIScriptSecurityManager so we avoid having necko
// know about script security manager.
#define NECKO_NO_APP_ID 0
#define NECKO_UNKNOWN_APP_ID UINT32_MAX
// Unique first-party domain for separating the safebrowsing cookie.
// Note if this value is changed, code in test_cookiejars_safebrowsing.js and
// nsUrlClassifierHashCompleter.js should also be changed.
@ -924,9 +929,9 @@ bool NS_ShouldClassifyChannel(nsIChannel* aChannel);
/**
* Helper to set the blocking reason on loadinfo of the channel.
*/
nsresult NS_SetRequestBlockingReason(nsIChannel* channel, uint32_t reason);
nsresult NS_SetRequestBlockingReason(nsILoadInfo* loadInfo, uint32_t reason);
nsresult NS_SetRequestBlockingReasonIfNull(nsILoadInfo* loadInfo,
nsresult NS_SetRequestBlockingReason(nsIChannel *channel, uint32_t reason);
nsresult NS_SetRequestBlockingReason(nsILoadInfo *loadInfo, uint32_t reason);
nsresult NS_SetRequestBlockingReasonIfNull(nsILoadInfo *loadInfo,
uint32_t reason);
namespace mozilla {

3
netwerk/cache2/CacheFileUtils.cpp
Просмотреть файл

@ -100,8 +100,7 @@ class KeyParser : protected Tokenizer {
break;
case 'i': {
// Leaving to be able to read and understand oldformatted entries
uint32_t deprecatedAppId = 0;
if (!ReadInteger(&deprecatedAppId)) {
if (!ReadInteger(&originAttribs.mAppId)) {
return false; // not a valid 32-bit integer
}
break;

2
netwerk/cache2/CacheStorageService.cpp
Просмотреть файл

@ -57,7 +57,7 @@ typedef nsClassHashtable<nsCStringHashKey, CacheEntryTable> GlobalEntryTables;
/**
* Keeps tables of entries. There is one entries table for each distinct load
* context type. The distinction is based on following load context info
* states: <isPrivate|isAnon|inIsolatedMozBrowser> which builds a mapping
* states: <isPrivate|isAnon|appId|inIsolatedMozBrowser> which builds a mapping
* key.
*
* Thread-safe to access, protected by the service mutex.

5
netwerk/cookie/nsCookieService.cpp
Просмотреть файл

@ -741,7 +741,8 @@ ConvertAppIdToOriginAttrsSQLFunction::OnFunctionCall(
// Create an originAttributes object by inIsolatedMozBrowser.
// Then create the originSuffix string from this object.
OriginAttributes attrs(inIsolatedMozBrowser ? true : false);
OriginAttributes attrs(nsIScriptSecurityManager::NO_APP_ID,
(inIsolatedMozBrowser ? true : false));
nsAutoCString suffix;
attrs.CreateSuffix(suffix);
@ -776,7 +777,7 @@ SetAppIdFromOriginAttributesSQLFunction::OnFunctionCall(
NS_ENSURE_TRUE(success, NS_ERROR_FAILURE);
RefPtr<nsVariant> outVar(new nsVariant());
rv = outVar->SetAsInt32(0); // deprecated appId!
rv = outVar->SetAsInt32(attrs.mAppId);
NS_ENSURE_SUCCESS(rv, rv);
outVar.forget(aResult);

2
netwerk/ipc/NeckoParent.cpp
Просмотреть файл

@ -157,7 +157,7 @@ const char* NeckoParent::GetValidatedOriginAttributes(
if (!aSerialized.IsNotNull()) {
// If serialized is null, we cannot validate anything. We have to assume
// that this requests comes from a SystemPrincipal.
aAttrs = OriginAttributes(false);
aAttrs = OriginAttributes(NECKO_NO_APP_ID, false);
} else {
aAttrs = aSerialized.mOriginAttributes;
}

8
netwerk/protocol/about/nsAboutCache.cpp
Просмотреть файл

@ -100,10 +100,12 @@ nsresult nsAboutCache::Channel::Init(nsIURI* aURI, nsILoadInfo* aLoadInfo) {
"<label><input id='priv' type='checkbox'/> Private</label>\n"
"<label><input id='anon' type='checkbox'/> Anonymous</label>\n");
// Visit scoping by browseris not implemented for the old cache, simply don't
// add these controls. The inbrowser entries are already mixed in the
// default view anyway.
// Visit scoping by browser and appid is not implemented for
// the old cache, simply don't add these controls.
// The appid/inbrowser entries are already mixed in the default
// view anyway.
mBuffer.AppendLiteral(
"<label><input id='appid' type='text' size='6'/> AppID</label>\n"
"<label><input id='inbrowser' type='checkbox'/> In Browser "
"Element</label>\n");

4
netwerk/protocol/http/nsHttpChannel.h
Просмотреть файл

@ -548,7 +548,7 @@ class nsHttpChannel final : public HttpBaseChannel,
bool IsIsolated();
const nsCString& GetTopWindowOrigin();
const nsCString &GetTopWindowOrigin();
already_AddRefed<nsChannelClassifier> GetOrCreateChannelClassifier();
@ -697,7 +697,7 @@ class nsHttpChannel final : public HttpBaseChannel,
// true iff there is AutoRedirectVetoNotifier on the stack
uint32_t mHasAutoRedirectVetoNotifier : 1;
// consumers set this to true to use cache pinning, this has effect
// only when the channel is in an app context
// only when the channel is in an app context (load context has an appid)
uint32_t mPinCacheContent : 1;
// True if CORS preflight has been performed
uint32_t mIsCorsPreflightDone : 1;

4
netwerk/test/unit/head_channels.js
Просмотреть файл

@ -227,11 +227,13 @@ ChannelEventSink.prototype = {
/**
* A helper class to construct origin attributes.
*/
function OriginAttributes(inIsolatedMozBrowser, privateId) {
function OriginAttributes(appId, inIsolatedMozBrowser, privateId) {
this.appId = appId;
this.inIsolatedMozBrowser = inIsolatedMozBrowser;
this.privateBrowsingId = privateId;
}
OriginAttributes.prototype = {
appId: 0,
inIsolatedMozBrowser: false,
privateBrowsingId: 0
};

22
netwerk/test/unit/test_auth_jar.js
Просмотреть файл

@ -10,19 +10,21 @@ function run_test() {
var secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(Ci.nsIScriptSecurityManager);
const kURI1 = "http://example.com";
var app = secMan.createCodebasePrincipal(createURI(kURI1), {});
var appbrowser = secMan.createCodebasePrincipal(createURI(kURI1), {inIsolatedMozBrowser: true});
var app1 = secMan.createCodebasePrincipal(createURI(kURI1), {appId: 1});
var app10 = secMan.createCodebasePrincipal(createURI(kURI1),{appId: 10});
var app1browser = secMan.createCodebasePrincipal(createURI(kURI1), {appId: 1, inIsolatedMozBrowser: true});
var am = Cc["@mozilla.org/network/http-auth-manager;1"].
getService(Ci.nsIHttpAuthManager);
am.setAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", "example.com", "user", "pass", false, app);
am.setAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", "example.com", "user3", "pass3", false, appbrowser);
am.setAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", "example.com", "user", "pass", false, app1);
am.setAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", "example.com", "user3", "pass3", false, app1browser);
am.setAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", "example.com", "user2", "pass2", false, app10);
Services.clearData.deleteDataFromOriginAttributesPattern({ inIsolatedMozBrowser:true });
Services.clearData.deleteDataFromOriginAttributesPattern({ appId:1, inIsolatedMozBrowser:true });
var domain = {value: ""}, user = {value: ""}, pass = {value: ""};
try {
am.getAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", domain, user, pass, false, appbrowser);
am.getAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", domain, user, pass, false, app1browser);
Assert.equal(false, true); // no identity should be present
} catch (x) {
Assert.equal(domain.value, "");
@ -30,8 +32,14 @@ function run_test() {
Assert.equal(pass.value, "");
}
am.getAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", domain, user, pass, false, app);
am.getAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", domain, user, pass, false, app1);
Assert.equal(domain.value, "example.com");
Assert.equal(user.value, "user");
Assert.equal(pass.value, "pass");
am.getAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", domain, user, pass, false, app10);
Assert.equal(domain.value, "example.com");
Assert.equal(user.value, "user2");
Assert.equal(pass.value, "pass2");
}

47
netwerk/test/unit/test_cache_jar.js
Просмотреть файл

@ -16,21 +16,32 @@ function cached_handler(metadata, response) {
handlers_called++;
}
function makeChan(url, inIsolatedMozBrowser, userContextId) {
function makeChan(url, appId, inIsolatedMozBrowser, userContextId) {
var chan = NetUtil.newChannel({uri: url, loadUsingSystemPrincipal: true})
.QueryInterface(Ci.nsIHttpChannel);
chan.loadInfo.originAttributes = { inIsolatedMozBrowser: inIsolatedMozBrowser,
chan.loadInfo.originAttributes = { appId: appId,
inIsolatedMozBrowser: inIsolatedMozBrowser,
userContextId: userContextId,
};
return chan;
}
// [inIsolatedMozBrowser, userContextId, expected_handlers_called]
// [appId, inIsolatedMozBrowser, userContextId, expected_handlers_called]
var firstTests = [
[false, 0, 1], [true, 0, 1], [false, 1, 1], [true, 1, 1],
[0, false, 0, 1], [0, true, 0, 1], [1, false, 0, 1], [1, true, 0, 1],
[0, false, 1, 1], [0, true, 1, 1], [1, false, 1, 1], [1, true, 1, 1]
];
var secondTests = [
[false, 0, 0], [true, 0, 0], [false, 1, 1], [true, 1, 0],
[0, false, 0, 0], [0, true, 0, 0], [1, false, 0, 0], [1, true, 0, 1],
[0, false, 1, 0], [0, true, 1, 0], [1, false, 1, 0], [1, true, 1, 0]
];
var thirdTests = [
[0, false, 0, 0], [0, true, 0, 0], [1, false, 0, 1], [1, true, 0, 1],
[0, false, 1, 0], [0, true, 1, 0], [1, false, 1, 0], [1, true, 1, 0]
];
var fourthTests = [
[0, false, 0, 0], [0, true, 0, 0], [1, false, 0, 0], [1, true, 0, 0],
[0, false, 1, 1], [0, true, 1, 0], [1, false, 1, 0], [1, true, 1, 0]
];
async function run_all_tests() {
@ -45,12 +56,30 @@ async function run_all_tests() {
if (procType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT)
return;
Services.clearData.deleteDataFromOriginAttributesPattern({ userContextId: 1 });
let attrs_inBrowser = { appId:1, inIsolatedMozBrowser:true };
let attrs_notInBrowser = { appId:1 };
Services.clearData.deleteDataFromOriginAttributesPattern(attrs_inBrowser);
for (let test of secondTests) {
handlers_called = 0;
await test_channel(...test);
}
Services.clearData.deleteDataFromOriginAttributesPattern(attrs_notInBrowser);
Services.clearData.deleteDataFromOriginAttributesPattern(attrs_inBrowser);
for (let test of thirdTests) {
handlers_called = 0;
await test_channel(...test);
}
Services.clearData.deleteDataFromOriginAttributesPattern({ userContextId: 1 });
for (let test of fourthTests) {
handlers_called = 0;
await test_channel(...test);
}
}
function run_test() {
@ -68,9 +97,9 @@ function run_test() {
});
}
function test_channel(inIsolatedMozBrowser, userContextId, expected) {
function test_channel(appId, inIsolatedMozBrowser, userContextId, expected) {
return new Promise(resolve => {
var chan = makeChan(URL, inIsolatedMozBrowser, userContextId);
var chan = makeChan(URL, appId, inIsolatedMozBrowser, userContextId);
chan.asyncOpen(new ChannelListener(doneFirstLoad.bind(null, resolve), expected));
});
}
@ -78,7 +107,7 @@ function test_channel(inIsolatedMozBrowser, userContextId, expected) {
function doneFirstLoad(resolve, req, buffer, expected) {
// Load it again, make sure it hits the cache
var oa = req.loadInfo.originAttributes;
var chan = makeChan(URL, oa.isInIsolatedMozBrowserElement, oa.userContextId);
var chan = makeChan(URL, oa.appId, oa.isInIsolatedMozBrowserElement, oa.userContextId);
chan.asyncOpen(new ChannelListener(doneSecondLoad.bind(null, resolve), expected));
}

4
testing/specialpowers/content/SpecialPowersObserver.jsm
Просмотреть файл

@ -219,13 +219,13 @@ SpecialPowersObserver.prototype._registerObservers = {
var permission = aSubject.QueryInterface(Ci.nsIPermission);
// specialPowersAPI will consume this value, and it is used as a
// fake permission, but only type will be used.
// fake permission, but only type and principal.appId will be used.
//
// We need to ensure that it looks the same as a real permission,
// so we fake these properties.
msg.permission = {
principal: {
originAttributes: {},
originAttributes: {appId: permission.principal.appId},
},
type: permission.type,
};

1
testing/specialpowers/content/specialpowersAPI.js
Просмотреть файл

@ -979,6 +979,7 @@ SpecialPowersAPI.prototype = {
for (var j = 0; j < undos.length; j++) {
var undo = undos[j];
if (undo.op == this._obsDataMap[aData] &&
undo.principal.originAttributes.appId == permission.principal.originAttributes.appId &&
undo.type == permission.type) {
// Remove this undo item if it has been done by others(not
// specialpowers itself.)

6
testing/talos/talos/xtalos/xperf_whitelist.json
Просмотреть файл

@ -464,12 +464,6 @@
"minbytes": 4424,
"maxbytes": 4424
},
"{profile}\\permissions.sqlite-journal": {
"mincount": 0,
"maxcount": 18,
"minbytes": 0,
"maxbytes": 7208
},
"{profile}\\pkcs11.txt": {
"mincount": 0,
"maxcount": 4,

8
toolkit/components/aboutcache/content/aboutCache.js
Просмотреть файл

@ -11,7 +11,10 @@ var cacheContext = searchParams.get("context");
// The context is in a format as used by the HTTP cache v2 back end
if (cacheContext)
var [context, isAnon, isInBrowser, isPrivate] = cacheContext.match(/(a,)?(b,)?(p,)?/);
var [context, isAnon, isInBrowser, appId, isPrivate] = cacheContext.match(/(a,)?(b,)?(i\d+,)?(p,)?/);
if (appId)
appId = appId.match(/i(\d+),/)[1];
function $(id) { return document.getElementById(id) || {}; }
@ -19,6 +22,7 @@ function $(id) { return document.getElementById(id) || {}; }
addEventListener("DOMContentLoaded", function() {
$("anon").checked = !!isAnon;
$("inbrowser").checked = !!isInBrowser;
$("appid").value = appId || "";
$("priv").checked = !!isPrivate;
}, false);
@ -30,6 +34,8 @@ function navigate() {
context += "a,";
if ($("inbrowser").checked)
context += "b,";
if ($("appid").value)
context += "i" + $("appid").value + ",";
if ($("priv").checked)
context += "p,";

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше