Bug 1547889 - Part 3: Require the caller of the AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(nsIPrincipal*) API pass in a cookie setting object; r=baku

Differential Revision: https://phabricator.services.mozilla.com/D29321 --HG-- extra : moz-landing-system : lando
2019-04-30 14:27:43 +00:00 · 2019-04-30 14:27:43 +00:00 · 408ff64e4d
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@ -80,6 +80,7 @@
 #include "mozilla/dom/ShadowRoot.h"
 #include "mozilla/dom/XULCommandEvent.h"
 #include "mozilla/dom/WorkerCommon.h"
+#include "mozilla/net/CookieSettings.h"
 #include "mozilla/EventDispatcher.h"
 #include "mozilla/EventListenerManager.h"
 #include "mozilla/EventStateManager.h"
@ -8214,6 +8215,7 @@ nsContentUtils::StorageAccess nsContentUtils::StorageAllowedForWindow(
    // will only fail to notify the UI in case storage gets blocked.
    nsIChannel* channel = document->GetChannel();
    return InternalStorageAllowedCheck(principal, aWindow, nullptr, channel,
+                                       document->CookieSettings(),
                                       *aRejectedReason);
  }

@ -8234,8 +8236,9 @@ nsContentUtils::StorageAccess nsContentUtils::StorageAllowedForDocument(
    nsIChannel* channel = aDoc->GetChannel();

    uint32_t rejectedReason = 0;
-    return InternalStorageAllowedCheck(principal, inner, nullptr, channel,
-                                       rejectedReason);
+    return InternalStorageAllowedCheck(
+        principal, inner, nullptr, channel,
+        const_cast<Document*>(aDoc)->CookieSettings(), rejectedReason);
  }

  return StorageAccess::eDeny;
@ -8249,7 +8252,13 @@ nsContentUtils::StorageAccess nsContentUtils::StorageAllowedForNewWindow(
  // parent may be nullptr

  uint32_t rejectedReason = 0;
-  return InternalStorageAllowedCheck(aPrincipal, aParent, aURI, nullptr,
+  nsCOMPtr<nsICookieSettings> cs;
+  if (aParent && aParent->GetExtantDoc()) {
+    cs = aParent->GetExtantDoc()->CookieSettings();
+  } else {
+    cs = net::CookieSettings::Create();
+  }
+  return InternalStorageAllowedCheck(aPrincipal, aParent, aURI, nullptr, cs,
                                     rejectedReason);
 }

@ -8264,19 +8273,24 @@ nsContentUtils::StorageAccess nsContentUtils::StorageAllowedForChannel(
      aChannel, getter_AddRefs(principal));
  NS_ENSURE_TRUE(principal, nsContentUtils::StorageAccess::eDeny);

+  nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
+  nsCOMPtr<nsICookieSettings> cookieSettings;
+  nsresult rv = loadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
+  NS_ENSURE_SUCCESS(rv, nsContentUtils::StorageAccess::eDeny);
+
  uint32_t rejectedReason = 0;
  nsContentUtils::StorageAccess result = InternalStorageAllowedCheck(
-      principal, nullptr, nullptr, aChannel, rejectedReason);
+      principal, nullptr, nullptr, aChannel, cookieSettings, rejectedReason);

  return result;
 }

 // static, public
 nsContentUtils::StorageAccess nsContentUtils::StorageAllowedForServiceWorker(
-    nsIPrincipal* aPrincipal) {
+    nsIPrincipal* aPrincipal, nsICookieSettings* aCookieSettings) {
  uint32_t rejectedReason = 0;
  return InternalStorageAllowedCheck(aPrincipal, nullptr, nullptr, nullptr,
-                                     rejectedReason);
+                                     aCookieSettings, rejectedReason);
 }

 // static, private
@ -8405,11 +8419,10 @@ bool nsContentUtils::IsThirdPartyTrackingResourceWindow(
  return httpChannel->IsThirdPartyTrackingResource();
 }

-static bool StorageDisabledByAntiTrackingInternal(nsPIDOMWindowInner* aWindow,
-                                                  nsIChannel* aChannel,
-                                                  nsIPrincipal* aPrincipal,
-                                                  nsIURI* aURI,
-                                                  uint32_t& aRejectedReason) {
+static bool StorageDisabledByAntiTrackingInternal(
+    nsPIDOMWindowInner* aWindow, nsIChannel* aChannel, nsIPrincipal* aPrincipal,
+    nsIURI* aURI, nsICookieSettings* aCookieSettings,
+    uint32_t& aRejectedReason) {
  MOZ_ASSERT(aWindow || aChannel || aPrincipal);

  if (aWindow) {
@ -8436,7 +8449,8 @@ static bool StorageDisabledByAntiTrackingInternal(nsPIDOMWindowInner* aWindow,
  }

  MOZ_ASSERT(aPrincipal);
-  return !AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(aPrincipal);
+  return !AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
+      aPrincipal, aCookieSettings);
 }

 // static public
@ -8445,8 +8459,20 @@ bool nsContentUtils::StorageDisabledByAntiTracking(nsPIDOMWindowInner* aWindow,
                                                   nsIPrincipal* aPrincipal,
                                                   nsIURI* aURI,
                                                   uint32_t& aRejectedReason) {
+  nsCOMPtr<nsICookieSettings> cookieSettings;
+  if (aWindow) {
+    if (aWindow->GetExtantDoc()) {
+      cookieSettings = aWindow->GetExtantDoc()->CookieSettings();
+    }
+  } else if (aChannel) {
+    nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
+    Unused << loadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
+  }
+  if (!cookieSettings) {
+    cookieSettings = net::CookieSettings::Create();
+  }
  bool disabled = StorageDisabledByAntiTrackingInternal(
-      aWindow, aChannel, aPrincipal, aURI, aRejectedReason);
+      aWindow, aChannel, aPrincipal, aURI, cookieSettings, aRejectedReason);
  if (sAntiTrackingControlCenterUIEnabled) {
    if (aWindow) {
      AntiTrackingCommon::NotifyBlockingDecision(
@ -8468,13 +8494,13 @@ bool nsContentUtils::StorageDisabledByAntiTracking(nsPIDOMWindowInner* aWindow,
 // static, private
 nsContentUtils::StorageAccess nsContentUtils::InternalStorageAllowedCheck(
    nsIPrincipal* aPrincipal, nsPIDOMWindowInner* aWindow, nsIURI* aURI,
-    nsIChannel* aChannel, uint32_t& aRejectedReason) {
+    nsIChannel* aChannel, nsICookieSettings* aCookieSettings,
+    uint32_t& aRejectedReason) {
  MOZ_ASSERT(aPrincipal);

  aRejectedReason = 0;

  StorageAccess access = StorageAccess::eAllow;
-  nsCOMPtr<nsICookieSettings> cookieSettings;

  // We don't allow storage on the null principal, in general. Even if the
  // calling context is chrome.
@ -8493,15 +8519,6 @@ nsContentUtils::StorageAccess nsContentUtils::InternalStorageAllowedCheck(
    if (IsInPrivateBrowsing(document)) {
      access = StorageAccess::ePrivateBrowsing;
    }
-
-    if (document) {
-      cookieSettings = document->CookieSettings();
-    }
-  }
-
-  if (aChannel) {
-    nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
-    loadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
  }

  uint32_t lifetimePolicy;
@ -8513,7 +8530,7 @@ nsContentUtils::StorageAccess nsContentUtils::InternalStorageAllowedCheck(
  if (policy) {
    lifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
  } else {
-    GetCookieLifetimePolicyFromCookieSettings(cookieSettings, aPrincipal,
+    GetCookieLifetimePolicyFromCookieSettings(aCookieSettings, aPrincipal,
                                              &lifetimePolicy);
  }

--- a/dom/base/nsContentUtils.h
+++ b/dom/base/nsContentUtils.h
@ -3017,7 +3017,8 @@ class nsContentUtils {
   * Checks if storage for the given principal is permitted by the user's
   * preferences. This method should be used only by ServiceWorker loading.
   */
-  static StorageAccess StorageAllowedForServiceWorker(nsIPrincipal* aPrincipal);
+  static StorageAccess StorageAllowedForServiceWorker(
+      nsIPrincipal* aPrincipal, nsICookieSettings* aCookieSettings);

  /*
   * Returns true if this document should disable storages because of the
@ -3449,11 +3450,10 @@ class nsContentUtils {
   * Used in the implementation of StorageAllowedForWindow,
   * StorageAllowedForChannel and StorageAllowedForServiceWorker.
   */
-  static StorageAccess InternalStorageAllowedCheck(nsIPrincipal* aPrincipal,
-                                                   nsPIDOMWindowInner* aWindow,
-                                                   nsIURI* aURI,
-                                                   nsIChannel* aChannel,
-                                                   uint32_t& aRejectedReason);
+  static StorageAccess InternalStorageAllowedCheck(
+      nsIPrincipal* aPrincipal, nsPIDOMWindowInner* aWindow, nsIURI* aURI,
+      nsIChannel* aChannel, nsICookieSettings* aCookieSettings,
+      uint32_t& aRejectedReason);

  static nsINode* GetCommonAncestorHelper(nsINode* aNode1, nsINode* aNode2);
  static nsIContent* GetCommonFlattenedTreeAncestorHelper(
--- a/dom/serviceworkers/ServiceWorkerPrivate.cpp
+++ b/dom/serviceworkers/ServiceWorkerPrivate.cpp
@ -1730,12 +1730,12 @@ nsresult ServiceWorkerPrivate::SpawnWorkerIfNeeded(WakeUpReason aWhy,
  // moment, ServiceWorkers are not exposed in partitioned contexts.
  info.mStoragePrincipal = info.mPrincipal;

-  info.mStorageAccess =
-      nsContentUtils::StorageAllowedForServiceWorker(info.mPrincipal);
-
  info.mCookieSettings = mozilla::net::CookieSettings::Create();
  MOZ_ASSERT(info.mCookieSettings);

+  info.mStorageAccess = nsContentUtils::StorageAllowedForServiceWorker(
+      info.mPrincipal, info.mCookieSettings);
+
  info.mOriginAttributes = mInfo->GetOriginAttributes();

  // Verify that we don't have any CSP on pristine principal.
--- a/toolkit/components/antitracking/AntiTrackingCommon.cpp
+++ b/toolkit/components/antitracking/AntiTrackingCommon.cpp
@ -235,8 +235,10 @@ int32_t CookiesBehavior(nsILoadInfo* aLoadInfo,
  return cookieSettings->GetCookieBehavior();
 }

-int32_t CookiesBehavior(nsIPrincipal* aPrincipal) {
+int32_t CookiesBehavior(nsIPrincipal* aPrincipal,
+                        nsICookieSettings* aCookieSettings) {
  MOZ_ASSERT(aPrincipal);
+  MOZ_ASSERT(aCookieSettings);

  // WebExtensions principals always get BEHAVIOR_ACCEPT as cookieBehavior
  // (See Bug 1406675 for rationale).
@ -244,7 +246,7 @@ int32_t CookiesBehavior(nsIPrincipal* aPrincipal) {
    return nsICookieService::BEHAVIOR_ACCEPT;
  }

-  return StaticPrefs::network_cookie_cookieBehavior();
+  return aCookieSettings->GetCookieBehavior();
 }

 struct ContentBlockingAllowListKey {
@ -1530,8 +1532,9 @@ bool AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
 }

 bool AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
-    nsIPrincipal* aPrincipal) {
+    nsIPrincipal* aPrincipal, nsICookieSettings* aCookieSettings) {
  MOZ_ASSERT(aPrincipal);
+  MOZ_ASSERT(aCookieSettings);

  uint32_t access = nsICookiePermission::ACCESS_DEFAULT;
  if (aPrincipal->GetIsCodebasePrincipal()) {
@ -1546,7 +1549,7 @@ bool AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
    return access != nsICookiePermission::ACCESS_DENY;
  }

-  int32_t behavior = CookiesBehavior(aPrincipal);
+  int32_t behavior = CookiesBehavior(aPrincipal, aCookieSettings);
  return behavior != nsICookieService::BEHAVIOR_REJECT;
 }

--- a/toolkit/components/antitracking/AntiTrackingCommon.h
+++ b/toolkit/components/antitracking/AntiTrackingCommon.h
@ -14,6 +14,7 @@
 #define USER_INTERACTION_PERM NS_LITERAL_CSTRING("storageAccessAPI")

 class nsIChannel;
+class nsICookieSettings;
 class nsIHttpChannel;
 class nsIPermission;
 class nsIPrincipal;
@ -65,7 +66,8 @@ class AntiTrackingCommon final {

  // This method checks if the principal has the permission to access to the
  // first party storage.
-  static bool IsFirstPartyStorageAccessGrantedFor(nsIPrincipal* aPrincipal);
+  static bool IsFirstPartyStorageAccessGrantedFor(
+      nsIPrincipal* aPrincipal, nsICookieSettings* aCookieSettings);

  enum StorageAccessGrantedReason {
    eStorageAccessAPI,