Bug 1314361 - Part 4: Stop setting addonId origin attribute. r=billm

2016-11-04 18:22:45 -07:00 · 2016-11-04 18:22:45 -07:00 · 45dbac3bdd
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@ -345,20 +345,6 @@ nsScriptSecurityManager::GetChannelResultPrincipal(nsIChannel* aChannel,
    return GetChannelURIPrincipal(aChannel, aPrincipal);
 }
 nsresult
 nsScriptSecurityManager::MaybeSetAddonIdFromURI(OriginAttributes& aAttrs, nsIURI* aURI)
 {
  nsAutoCString scheme;
  nsresult rv = aURI->GetScheme(scheme);
  NS_ENSURE_SUCCESS(rv, rv);
  if (scheme.EqualsLiteral("moz-extension") && GetAddonPolicyService()) {
    rv = GetAddonPolicyService()->ExtensionURIToAddonId(aURI, aAttrs.mAddonId);
    NS_ENSURE_SUCCESS(rv, rv);
  }
  return NS_OK;
 }
 /* The principal of the URI that this channel is loading. This is never
 * affected by things like sandboxed loads, or loads where we forcefully
 * inherit the principal.  Think of this as the principal of the server
@ -396,8 +382,6 @@ nsScriptSecurityManager::GetChannelURIPrincipal(nsIChannel* aChannel,
    if (loadInfo) {
      attrs.Inherit(loadInfo->GetOriginAttributes());
    }
    rv = MaybeSetAddonIdFromURI(attrs, uri);
    NS_ENSURE_SUCCESS(rv, rv);
    nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
    prin.forget(aPrincipal);
    return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
@ -1166,8 +1150,6 @@ nsScriptSecurityManager::
  OriginAttributes attrs;
  attrs.Inherit(docShellAttrs);
  nsresult rv = MaybeSetAddonIdFromURI(attrs, aURI);
  NS_ENSURE_SUCCESS(rv, rv);
  nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
  prin.forget(aPrincipal);
  return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
@ -1181,8 +1163,6 @@ nsScriptSecurityManager::GetDocShellCodebasePrincipal(nsIURI* aURI,
  OriginAttributes attrs;
  attrs.Inherit(nsDocShell::Cast(aDocShell)->GetOriginAttributes());
  nsresult rv = MaybeSetAddonIdFromURI(attrs, aURI);
  NS_ENSURE_SUCCESS(rv, rv);
  nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
  prin.forget(aPrincipal);
  return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
--- a/caps/nsScriptSecurityManager.h
+++ b/caps/nsScriptSecurityManager.h
@ -111,9 +111,6 @@ private:
    inline void
    AddSitesToFileURIWhitelist(const nsCString& aSiteList);
    // If aURI is a moz-extension:// URI, set mAddonId to the associated addon.
    nsresult MaybeSetAddonIdFromURI(mozilla::OriginAttributes& aAttrs, nsIURI* aURI);
    nsresult GetChannelResultPrincipal(nsIChannel* aChannel,
                                       nsIPrincipal** aPrincipal,
                                       bool aIgnoreSandboxing);
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@ -14,7 +14,6 @@
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/Casting.h"
 #include "mozilla/dom/ContentChild.h"
 #include "mozilla/dom/ChromeUtils.h"
 #include "mozilla/dom/Element.h"
 #include "mozilla/dom/PendingGlobalHistoryEntry.h"
 #include "mozilla/dom/TabChild.h"
@ -8028,9 +8027,7 @@ nsDocShell::CreateAboutBlankContentViewer(nsIPrincipal* aPrincipal,
  if (aPrincipal && !nsContentUtils::IsSystemPrincipal(aPrincipal) &&
      mItemType != typeChrome) {
-    MOZ_ASSERT(ChromeUtils::IsOriginAttributesEqualIgnoringAddonId(
+    MOZ_ASSERT(aPrincipal->OriginAttributesRef() == mOriginAttributes);
      aPrincipal->OriginAttributesRef(),
      mOriginAttributes));
  }
  // Make sure timing is created.  But first record whether we had it
--- a/dom/base/PostMessageEvent.cpp
+++ b/dom/base/PostMessageEvent.cpp
@ -105,7 +105,7 @@ PostMessageEvent::Run()
    //       don't do that in other places it seems better to hold the line for
    //       now.  Long-term, we want HTML5 to address this so that we can
    //       be compliant while being safer.
-    if (!BasePrincipal::Cast(targetPrin)->EqualsIgnoringAddonId(mProvidedPrincipal)) {
+    if (!targetPrin->Equals(mProvidedPrincipal)) {
      nsAutoString providedOrigin, targetOrigin;
      nsresult rv = nsContentUtils::GetUTFOrigin(targetPrin, targetOrigin);
      NS_ENSURE_SUCCESS(rv, rv);
--- a/toolkit/components/extensions/Extension.jsm
+++ b/toolkit/components/extensions/Extension.jsm
@ -194,13 +194,11 @@ var UninstallObserver = {
      // Clear any IndexedDB storage created by the extension
      let baseURI = NetUtil.newURI(`moz-extension://${uuid}/`);
      let principal = Services.scriptSecurityManager.createCodebasePrincipal(
-        baseURI, {addonId: addon.id}
+        baseURI, {});
      );
      Services.qms.clearStoragesForPrincipal(principal);
      // Clear localStorage created by the extension
-      let attrs = JSON.stringify({addonId: addon.id});
+      Services.domStorageManager.getStorage(null, principal).clear();
      Services.obs.notifyObservers(null, "clear-origin-attributes-data", attrs);
    }
    if (!this.leaveUuid) {
@ -712,8 +710,7 @@ this.Extension = class extends ExtensionData {
  }
  createPrincipal(uri = this.baseURI) {
-    return Services.scriptSecurityManager.createCodebasePrincipal(
+    return Services.scriptSecurityManager.createCodebasePrincipal(uri, {});
      uri, {addonId: this.id});
  }
  // Checks that the given URL is a child of our baseURI.
--- a/toolkit/components/extensions/ExtensionContent.jsm
+++ b/toolkit/components/extensions/ExtensionContent.jsm
@ -331,10 +331,9 @@ class ContentScriptContextChild extends BaseContext {
    let contentPrincipal = contentWindow.document.nodePrincipal;
    let ssm = Services.scriptSecurityManager;
-    // copy origin attributes from the content window origin attributes to
+    // Copy origin attributes from the content window origin attributes to
-    // preserve the user context id. overwrite the addonId.
+    // preserve the user context id.
    let attrs = contentPrincipal.originAttributes;
    attrs.addonId = this.extension.id;
    let extensionPrincipal = ssm.createCodebasePrincipal(this.extension.baseURI, attrs);
    let principal;