From 49f2f21930fab946029512e6d1f36caf25d7c734 Mon Sep 17 00:00:00 2001 From: Cosmin Sabou Date: Mon, 18 Oct 2021 22:18:08 +0300 Subject: [PATCH] Backed out 10 changesets (bug 1731982) for causing OS X performance test failures and crashes (Bug 1736436). a=backout DONTBUILD Backed out changeset 48e6f591f699 (bug 1731982) Backed out changeset 77907884b2fa (bug 1731982) Backed out changeset a299a2d43ebe (bug 1731982) Backed out changeset 005801e7cf91 (bug 1731982) Backed out changeset ef71b02c40cc (bug 1731982) Backed out changeset a52dd02f2b3f (bug 1731982) Backed out changeset 50b14ef1eb4a (bug 1731982) Backed out changeset 80641bdceb6a (bug 1731982) Backed out changeset ada9e2008ca4 (bug 1731982) Backed out changeset a208016e9953 (bug 1731982) --- docshell/base/nsDocShell.cpp | 17 +- dom/base/nsGlobalWindowInner.cpp | 14 +- dom/clients/manager/ClientChannelHelper.cpp | 51 ++--- dom/localstorage/ActorsParent.cpp | 70 ++----- dom/localstorage/LSObject.cpp | 7 +- dom/localstorage/LSObject.h | 8 +- .../PBackgroundLSSharedTypes.ipdlh | 17 -- dom/serviceworkers/ServiceWorkerManager.cpp | 10 +- netwerk/base/nsNetUtil.cpp | 18 +- .../antitracking/AntiTrackingUtils.cpp | 55 +---- .../antitracking/AntiTrackingUtils.h | 4 - .../antitracking/StoragePrincipalHelper.cpp | 190 ++++++------------ .../antitracking/StoragePrincipalHelper.h | 18 +- .../browser_partitionedServiceWorkers.js | 8 +- 14 files changed, 134 insertions(+), 353 deletions(-) diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index 26f83b758266..b2ac186042f5 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -2445,14 +2445,8 @@ void nsDocShell::MaybeCreateInitialClientSource(nsIPrincipal* aPrincipal) { return; } - // We cannot get inherited foreign partitioned principal here. Instead, we - // directly check which principal we want to inherit for the service worker. nsIPrincipal* principal = - aPrincipal - ? aPrincipal - : GetInheritedPrincipal( - false, StoragePrincipalHelper:: - ShouldUsePartitionPrincipalForServiceWorker(this)); + aPrincipal ? aPrincipal : GetInheritedPrincipal(false); // Sometimes there is no principal available when we are called from // CreateAboutBlankContentViewer. For example, sometimes the principal @@ -6624,14 +6618,7 @@ nsresult nsDocShell::CreateAboutBlankContentViewer( partitionedPrincipal = aPartitionedPrincipal; } - // We cannot get the foreign partitioned prinicpal for the initial - // about:blank page. So, we change to check if we need to use the - // partitioned principal for the service worker here. - MaybeCreateInitialClientSource( - StoragePrincipalHelper::ShouldUsePartitionPrincipalForServiceWorker( - this) - ? partitionedPrincipal - : principal); + MaybeCreateInitialClientSource(principal); // generate (about:blank) document to load blankDoc = nsContentDLF::CreateBlankDocument(mLoadGroup, principal, diff --git a/dom/base/nsGlobalWindowInner.cpp b/dom/base/nsGlobalWindowInner.cpp index d0b76119a970..bc405857782f 100644 --- a/dom/base/nsGlobalWindowInner.cpp +++ b/dom/base/nsGlobalWindowInner.cpp @@ -82,7 +82,6 @@ #include "mozilla/StaticPrefs_browser.h" #include "mozilla/StaticPrefs_dom.h" #include "mozilla/StorageAccess.h" -#include "mozilla/StoragePrincipalHelper.h" #include "mozilla/TaskCategory.h" #include "mozilla/Telemetry.h" #include "mozilla/TelemetryHistogramEnums.h" @@ -1851,12 +1850,6 @@ nsresult nsGlobalWindowInner::EnsureClientSource() { } } - nsCOMPtr foreignPartitionedPrincipal; - nsresult rv = StoragePrincipalHelper::GetPrincipal( - this, StoragePrincipalHelper::eForeignPartitionedPrincipal, - getter_AddRefs(foreignPartitionedPrincipal)); - NS_ENSURE_SUCCESS(rv, rv); - // Verify the final ClientSource principal matches the final document // principal. The ClientChannelHelper handles things like network // redirects, but there are other ways the document principal can change. @@ -1873,8 +1866,7 @@ nsresult nsGlobalWindowInner::EnsureClientSource() { auto principalOrErr = mClientSource->Info().GetPrincipal(); nsCOMPtr clientPrincipal = principalOrErr.isOk() ? principalOrErr.unwrap() : nullptr; - if (!clientPrincipal || - !clientPrincipal->Equals(foreignPartitionedPrincipal)) { + if (!clientPrincipal || !clientPrincipal->Equals(mDoc->NodePrincipal())) { mClientSource.reset(); } } @@ -1898,7 +1890,7 @@ nsresult nsGlobalWindowInner::EnsureClientSource() { if (!mClientSource) { mClientSource = ClientManager::CreateSource( ClientType::Window, EventTargetFor(TaskCategory::Other), - foreignPartitionedPrincipal); + mDoc->NodePrincipal()); MOZ_DIAGNOSTIC_ASSERT(mClientSource); newClientSource = true; @@ -1937,7 +1929,7 @@ nsresult nsGlobalWindowInner::EnsureClientSource() { mClientSource.reset(); mClientSource = ClientManager::CreateSource( ClientType::Window, EventTargetFor(TaskCategory::Other), - foreignPartitionedPrincipal); + mDoc->NodePrincipal()); MOZ_DIAGNOSTIC_ASSERT(mClientSource); newClientSource = true; } diff --git a/dom/clients/manager/ClientChannelHelper.cpp b/dom/clients/manager/ClientChannelHelper.cpp index 2d047914ac6a..f6b7c6fc0fe4 100644 --- a/dom/clients/manager/ClientChannelHelper.cpp +++ b/dom/clients/manager/ClientChannelHelper.cpp @@ -12,7 +12,6 @@ #include "mozilla/dom/ClientsBinding.h" #include "mozilla/dom/ServiceWorkerDescriptor.h" #include "mozilla/ipc/BackgroundUtils.h" -#include "mozilla/StoragePrincipalHelper.h" #include "nsContentUtils.h" #include "nsIAsyncVerifyRedirectCallback.h" #include "nsIChannel.h" @@ -108,14 +107,15 @@ class ClientChannelHelper : public nsIInterfaceRequestor, // nsGlobalWindowInner will be controlled as unexpected. if (oldLoadInfo->GetController().isSome() && newLoadInfo->GetController().isNothing()) { - nsCOMPtr foreignPartitionedPrincipal; - rv = StoragePrincipalHelper::GetPrincipal( - aNewChannel, - StoragePrincipalHelper::eForeignPartitionedPrincipal, - getter_AddRefs(foreignPartitionedPrincipal)); + nsIScriptSecurityManager* ssm = + nsContentUtils::GetSecurityManager(); + MOZ_DIAGNOSTIC_ASSERT(ssm); + nsCOMPtr principal; + rv = ssm->GetChannelResultPrincipal(aNewChannel, + getter_AddRefs(principal)); NS_ENSURE_SUCCESS(rv, rv); reservedClient.reset(); - CreateClient(newLoadInfo, foreignPartitionedPrincipal); + CreateClient(newLoadInfo, principal); } else { newLoadInfo->SetReservedClientInfo(reservedClientInfo.ref()); } @@ -130,14 +130,17 @@ class ClientChannelHelper : public nsIInterfaceRequestor, // If it's a cross-origin redirect then we discard the old reserved client // and create a new one. else { - nsCOMPtr foreignPartitionedPrincipal; - rv = StoragePrincipalHelper::GetPrincipal( - aNewChannel, StoragePrincipalHelper::eForeignPartitionedPrincipal, - getter_AddRefs(foreignPartitionedPrincipal)); + // If CheckSameOrigin() worked, then the security manager must exist. + nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager(); + MOZ_DIAGNOSTIC_ASSERT(ssm); + + nsCOMPtr principal; + rv = ssm->GetChannelResultPrincipal(aNewChannel, + getter_AddRefs(principal)); NS_ENSURE_SUCCESS(rv, rv); reservedClient.reset(); - CreateClient(newLoadInfo, foreignPartitionedPrincipal); + CreateClient(newLoadInfo, principal); } uint32_t redirectMode = nsIHttpChannelInternal::REDIRECT_MODE_MANUAL; @@ -296,10 +299,12 @@ nsresult AddClientChannelHelperInternal(nsIChannel* aChannel, nsCOMPtr loadInfo = aChannel->LoadInfo(); - nsCOMPtr channelForeignPartitionedPrincipal; - nsresult rv = StoragePrincipalHelper::GetPrincipal( - aChannel, StoragePrincipalHelper::eForeignPartitionedPrincipal, - getter_AddRefs(channelForeignPartitionedPrincipal)); + nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager(); + NS_ENSURE_TRUE(ssm, NS_ERROR_FAILURE); + + nsCOMPtr channelPrincipal; + nsresult rv = ssm->GetChannelResultPrincipal( + aChannel, getter_AddRefs(channelPrincipal)); NS_ENSURE_SUCCESS(rv, rv); // Only allow the initial ClientInfo to be set if the current channel @@ -309,10 +314,9 @@ nsresult AddClientChannelHelperInternal(nsIChannel* aChannel, PrincipalInfoToPrincipal(initialClientInfo.ref().PrincipalInfo()); bool equals = false; - rv = initialPrincipalOrErr.isErr() - ? initialPrincipalOrErr.unwrapErr() - : initialPrincipalOrErr.unwrap()->Equals( - channelForeignPartitionedPrincipal, &equals); + rv = initialPrincipalOrErr.isErr() ? initialPrincipalOrErr.unwrapErr() + : initialPrincipalOrErr.unwrap()->Equals( + channelPrincipal, &equals); if (NS_FAILED(rv) || !equals) { initialClientInfo.reset(); } @@ -327,8 +331,8 @@ nsresult AddClientChannelHelperInternal(nsIChannel* aChannel, bool equals = false; rv = reservedPrincipalOrErr.isErr() ? reservedPrincipalOrErr.unwrapErr() - : reservedPrincipalOrErr.unwrap()->Equals( - channelForeignPartitionedPrincipal, &equals); + : reservedPrincipalOrErr.unwrap()->Equals(channelPrincipal, + &equals); if (NS_FAILED(rv) || !equals) { reservedClientInfo.reset(); } @@ -341,8 +345,7 @@ nsresult AddClientChannelHelperInternal(nsIChannel* aChannel, RefPtr helper = new T(outerCallbacks, aEventTarget); if (initialClientInfo.isNothing() && reservedClientInfo.isNothing()) { - helper->CreateClientForPrincipal( - loadInfo, channelForeignPartitionedPrincipal, aEventTarget); + helper->CreateClientForPrincipal(loadInfo, channelPrincipal, aEventTarget); } // Only set the callbacks helper if we are able to reserve the client diff --git a/dom/localstorage/ActorsParent.cpp b/dom/localstorage/ActorsParent.cpp index fbf28f86e692..2c7f1dabe8cd 100644 --- a/dom/localstorage/ActorsParent.cpp +++ b/dom/localstorage/ActorsParent.cpp @@ -3056,31 +3056,16 @@ void ForceKillAllDatabases() { } bool VerifyPrincipalInfo(const PrincipalInfo& aPrincipalInfo, - const PrincipalInfo& aStoragePrincipalInfo, - bool aCheckClientPrincipal) { + const PrincipalInfo& aStoragePrincipalInfo) { AssertIsOnBackgroundThread(); if (NS_WARN_IF(!QuotaManager::IsPrincipalInfoValid(aPrincipalInfo))) { return false; } - // Note that the client prinicpal could have a different spec than the node - // principal but they should have the same origin. It's because the client - // could be initialized when opening the initial about:blank document and pass - // to the newly opened window and reuse over there if the new window has the - // same origin as the initial about:blank document. But, the FilePath could be - // different. Therefore, we have to ignore comparing the Spec of the - // principals if we are verifying clinet principal here. Also, when - // document.domain is set, client principal won't get it. So, we don't compare - // domain for client princpal too. - bool result = aCheckClientPrincipal - ? StoragePrincipalHelper:: - VerifyValidClientPrincipalInfoForPrincipalInfo( - aStoragePrincipalInfo, aPrincipalInfo) - : StoragePrincipalHelper:: - VerifyValidStoragePrincipalInfoForPrincipalInfo( - aStoragePrincipalInfo, aPrincipalInfo); - if (NS_WARN_IF(!result)) { + if (NS_WARN_IF(!StoragePrincipalHelper:: + VerifyValidStoragePrincipalInfoForPrincipalInfo( + aStoragePrincipalInfo, aPrincipalInfo))) { return false; } @@ -3088,7 +3073,7 @@ bool VerifyPrincipalInfo(const PrincipalInfo& aPrincipalInfo, } bool VerifyClientId(const Maybe& aContentParentId, - const Maybe& aPrincipalInfo, + const PrincipalInfo& aPrincipalInfo, const Maybe& aClientId) { AssertIsOnBackgroundThread(); @@ -3097,13 +3082,9 @@ bool VerifyClientId(const Maybe& aContentParentId, return false; } - if (NS_WARN_IF(aPrincipalInfo.isNothing())) { - return false; - } - RefPtr svc = ClientManagerService::GetInstance(); - if (svc && NS_WARN_IF(!svc->HasWindow( - aContentParentId, aPrincipalInfo.ref(), aClientId.ref()))) { + if (svc && NS_WARN_IF(!svc->HasWindow(aContentParentId, aPrincipalInfo, + aClientId.ref()))) { return false; } } @@ -6133,8 +6114,8 @@ bool LSRequestBase::VerifyRequestParams() { const LSRequestCommonParams& params = mParams.get_LSRequestPreloadDatastoreParams().commonParams(); - if (NS_WARN_IF(!VerifyPrincipalInfo( - params.principalInfo(), params.storagePrincipalInfo(), false))) { + if (NS_WARN_IF(!VerifyPrincipalInfo(params.principalInfo(), + params.storagePrincipalInfo()))) { return false; } @@ -6152,21 +6133,14 @@ bool LSRequestBase::VerifyRequestParams() { const LSRequestCommonParams& commonParams = params.commonParams(); - if (NS_WARN_IF(!VerifyPrincipalInfo(commonParams.principalInfo(), - commonParams.storagePrincipalInfo(), - false))) { - return false; - } - - if (params.clientPrincipalInfo() && - NS_WARN_IF(!VerifyPrincipalInfo(commonParams.principalInfo(), - params.clientPrincipalInfo().ref(), - true))) { + if (NS_WARN_IF( + !VerifyPrincipalInfo(commonParams.principalInfo(), + commonParams.storagePrincipalInfo()))) { return false; } if (NS_WARN_IF(!VerifyClientId(mContentParentId, - params.clientPrincipalInfo(), + commonParams.principalInfo(), params.clientId()))) { return false; } @@ -6183,20 +6157,12 @@ bool LSRequestBase::VerifyRequestParams() { const LSRequestPrepareObserverParams& params = mParams.get_LSRequestPrepareObserverParams(); - if (NS_WARN_IF(!VerifyPrincipalInfo( - params.principalInfo(), params.storagePrincipalInfo(), false))) { + if (NS_WARN_IF(!VerifyPrincipalInfo(params.principalInfo(), + params.storagePrincipalInfo()))) { return false; } - if (params.clientPrincipalInfo() && - NS_WARN_IF(!VerifyPrincipalInfo(params.principalInfo(), - params.clientPrincipalInfo().ref(), - true))) { - return false; - } - - if (NS_WARN_IF(!VerifyClientId(mContentParentId, - params.clientPrincipalInfo(), + if (NS_WARN_IF(!VerifyClientId(mContentParentId, params.principalInfo(), params.clientId()))) { return false; } @@ -7816,8 +7782,8 @@ bool LSSimpleRequestBase::VerifyRequestParams() { const LSSimpleRequestPreloadedParams& params = mParams.get_LSSimpleRequestPreloadedParams(); - if (NS_WARN_IF(!VerifyPrincipalInfo( - params.principalInfo(), params.storagePrincipalInfo(), false))) { + if (NS_WARN_IF(!VerifyPrincipalInfo(params.principalInfo(), + params.storagePrincipalInfo()))) { return false; } diff --git a/dom/localstorage/LSObject.cpp b/dom/localstorage/LSObject.cpp index 9d0a9895d4e9..6c89bc177aae 100644 --- a/dom/localstorage/LSObject.cpp +++ b/dom/localstorage/LSObject.cpp @@ -35,6 +35,7 @@ #include "mozilla/ipc/BackgroundChild.h" #include "mozilla/ipc/BackgroundUtils.h" #include "mozilla/ipc/PBackgroundChild.h" +#include "mozilla/ipc/PBackgroundSharedTypes.h" #include "nsCOMPtr.h" #include "nsContentUtils.h" #include "nsDebug.h" @@ -362,9 +363,6 @@ nsresult LSObject::CreateForWindow(nsPIDOMWindowInner* aWindow, Maybe clientId = Some(clientInfo.ref().Id()); - Maybe clientPrincipalInfo = - Some(clientInfo.ref().PrincipalInfo()); - nsString documentURI; if (nsCOMPtr doc = aWindow->GetExtantDoc()) { rv = doc->GetDocumentURI(documentURI); @@ -378,7 +376,6 @@ nsresult LSObject::CreateForWindow(nsPIDOMWindowInner* aWindow, object->mStoragePrincipalInfo = std::move(storagePrincipalInfo); object->mPrivateBrowsingId = privateBrowsingId; object->mClientId = clientId; - object->mClientPrincipalInfo = clientPrincipalInfo; object->mOrigin = origin; object->mOriginKey = originKey; object->mDocumentURI = documentURI; @@ -935,7 +932,6 @@ nsresult LSObject::EnsureDatabase() { LSRequestPrepareDatastoreParams params; params.commonParams() = commonParams; params.clientId() = mClientId; - params.clientPrincipalInfo() = mClientPrincipalInfo; LSRequestResponse response; @@ -996,7 +992,6 @@ nsresult LSObject::EnsureObserver() { params.principalInfo() = *mPrincipalInfo; params.storagePrincipalInfo() = *mStoragePrincipalInfo; params.clientId() = mClientId; - params.clientPrincipalInfo() = mClientPrincipalInfo; LSRequestResponse response; diff --git a/dom/localstorage/LSObject.h b/dom/localstorage/LSObject.h index ebebc7f80383..451e83d43bd8 100644 --- a/dom/localstorage/LSObject.h +++ b/dom/localstorage/LSObject.h @@ -15,7 +15,6 @@ #include "mozilla/RefPtr.h" #include "mozilla/UniquePtr.h" #include "mozilla/dom/Storage.h" -#include "mozilla/ipc/PBackgroundSharedTypes.h" #include "nsCycleCollectionParticipant.h" #include "nsID.h" #include "nsISupports.h" @@ -32,6 +31,12 @@ namespace mozilla { class ErrorResult; +namespace ipc { + +class PrincipalInfo; + +} // namespace ipc + namespace dom { class LSDatabase; @@ -77,7 +82,6 @@ class LSObject final : public Storage { uint32_t mPrivateBrowsingId; Maybe mClientId; - Maybe mClientPrincipalInfo; nsCString mOrigin; nsCString mOriginKey; nsString mDocumentURI; diff --git a/dom/localstorage/PBackgroundLSSharedTypes.ipdlh b/dom/localstorage/PBackgroundLSSharedTypes.ipdlh index 5802cc821a9c..e460ebaae033 100644 --- a/dom/localstorage/PBackgroundLSSharedTypes.ipdlh +++ b/dom/localstorage/PBackgroundLSSharedTypes.ipdlh @@ -29,30 +29,13 @@ struct LSRequestPrepareDatastoreParams { LSRequestCommonParams commonParams; nsID? clientId; - PrincipalInfo? clientPrincipalInfo; }; -/** - * In order to validate the principal with the client, we need to provide an - * additional principalInfo for the client. The client is using the foreign - * principal, see StoragePrincipalHelper.h for details, which is different from - * the principalInfo. So, we need to pass the principalInfo from the client So - * that we can verify it with the given client Id. - * - * Note that the storagePrincipalInfo is used to access the right cookie jar - * according to the Storage Access. This is passed in order to access the - * correct local storage. Essentially, the storage principal and the client - * principal are using the PartitionKey in their OriginAttributes. But, the - * existence of the PartitionKey between them is depending on different - * conditions. Namely, the storage principal depends on the Storage Access but - * the client principal depends on whether it's in a third party. - */ struct LSRequestPrepareObserverParams { PrincipalInfo principalInfo; PrincipalInfo storagePrincipalInfo; nsID? clientId; - PrincipalInfo? clientPrincipalInfo; }; union LSRequestParams diff --git a/dom/serviceworkers/ServiceWorkerManager.cpp b/dom/serviceworkers/ServiceWorkerManager.cpp index b0cacb281ac5..c422ca890cef 100644 --- a/dom/serviceworkers/ServiceWorkerManager.cpp +++ b/dom/serviceworkers/ServiceWorkerManager.cpp @@ -61,7 +61,6 @@ #include "mozilla/PermissionManager.h" #include "mozilla/ScopeExit.h" #include "mozilla/StaticPrefs_extensions.h" -#include "mozilla/StoragePrincipalHelper.h" #include "mozilla/Unused.h" #include "mozilla/EnumSet.h" @@ -2043,13 +2042,8 @@ void ServiceWorkerManager::DispatchFetchEvent(nsIInterceptedChannel* aChannel, } // non-subresource request means the URI contains the principal - OriginAttributes attrs = loadInfo->GetOriginAttributes(); - StoragePrincipalHelper::GetOriginAttributes( - internalChannel, attrs, - StoragePrincipalHelper::eForeignPartitionedPrincipal); - - nsCOMPtr principal = - BasePrincipal::CreateContentPrincipal(uri, attrs); + nsCOMPtr principal = BasePrincipal::CreateContentPrincipal( + uri, loadInfo->GetOriginAttributes()); RefPtr registration = GetServiceWorkerRegistrationInfo(principal, uri); diff --git a/netwerk/base/nsNetUtil.cpp b/netwerk/base/nsNetUtil.cpp index 8c55559352dd..b1c8a9063c3e 100644 --- a/netwerk/base/nsNetUtil.cpp +++ b/netwerk/base/nsNetUtil.cpp @@ -340,21 +340,13 @@ void AssertLoadingPrincipalAndClientInfoMatch( return; } // Fall back to a slower origin equality test to support null principals. - nsAutoCString loadingOriginNoSuffix; - MOZ_ALWAYS_SUCCEEDS( - aLoadingPrincipal->GetOriginNoSuffix(loadingOriginNoSuffix)); + nsAutoCString loadingOrigin; + MOZ_ALWAYS_SUCCEEDS(aLoadingPrincipal->GetOrigin(loadingOrigin)); - nsAutoCString clientOriginNoSuffix; - MOZ_ALWAYS_SUCCEEDS( - clientPrincipal->GetOriginNoSuffix(clientOriginNoSuffix)); + nsAutoCString clientOrigin; + MOZ_ALWAYS_SUCCEEDS(clientPrincipal->GetOrigin(clientOrigin)); - // The client principal will have the partitionKey set if it's in a third - // party context, but the loading principal won't. So, we ignore he - // partitionKey when doing the verification here. - MOZ_DIAGNOSTIC_ASSERT(loadingOriginNoSuffix == clientOriginNoSuffix); - MOZ_DIAGNOSTIC_ASSERT( - aLoadingPrincipal->OriginAttributesRef().EqualsIgnoringPartitionKey( - clientPrincipal->OriginAttributesRef())); + MOZ_DIAGNOSTIC_ASSERT(loadingOrigin == clientOrigin); } #endif } diff --git a/toolkit/components/antitracking/AntiTrackingUtils.cpp b/toolkit/components/antitracking/AntiTrackingUtils.cpp index a0741c048e44..f18c74d0f582 100644 --- a/toolkit/components/antitracking/AntiTrackingUtils.cpp +++ b/toolkit/components/antitracking/AntiTrackingUtils.cpp @@ -651,9 +651,9 @@ bool AntiTrackingUtils::IsThirdPartyWindow(nsPIDOMWindowInner* aWindow, } RefPtr doc = aWindow->GetDoc(); - if (!doc) { - // If we can't get the document from the window, ex, about:blank, fallback - // to use IsThirdPartyWindow check that examine the whole hierarchy. + if (!doc || !doc->GetChannel()) { + // If we can't get channel from the window, ex, about:blank, fallback to use + // IsThirdPartyWindow check that examine the whole hierarchy. nsCOMPtr thirdPartyUtil = components::ThirdPartyUtil::Service(); Unused << thirdPartyUtil->IsThirdPartyWindow(aWindow->GetOuterWindow(), @@ -661,61 +661,12 @@ bool AntiTrackingUtils::IsThirdPartyWindow(nsPIDOMWindowInner* aWindow, return thirdParty; } - if (!doc->GetChannel()) { - // If we can't get the channel from the document, i.e. initial about:blank - // page, we use the browsingContext of the document to check if it's in the - // third-party context. - return IsThirdPartyContext(doc->GetBrowsingContext()); - } - // We only care whether the channel is 3rd-party with respect to // the top-level. nsCOMPtr loadInfo = doc->GetChannel()->LoadInfo(); return loadInfo->GetIsThirdPartyContextToTopWindow(); } -/* static */ -bool AntiTrackingUtils::IsThirdPartyContext(BrowsingContext* aBrowsingContext) { - MOZ_ASSERT(aBrowsingContext); - MOZ_ASSERT(aBrowsingContext->IsInProcess()); - - if (aBrowsingContext->IsTopContent()) { - return false; - } - - // If the top browsing context is not in the same process, it's cross-origin. - if (!aBrowsingContext->Top()->IsInProcess()) { - return true; - } - - nsIDocShell* docShell = aBrowsingContext->GetDocShell(); - if (!docShell) { - return true; - } - Document* doc = docShell->GetExtantDocument(); - if (!doc) { - return true; - } - nsIPrincipal* principal = doc->NodePrincipal(); - - nsIDocShell* topDocShell = aBrowsingContext->Top()->GetDocShell(); - if (!topDocShell) { - return true; - } - Document* topDoc = topDocShell->GetDocument(); - if (!topDoc) { - return true; - } - nsIPrincipal* topPrincipal = topDoc->NodePrincipal(); - - auto* topBasePrin = BasePrincipal::Cast(topPrincipal); - bool isThirdParty = true; - - topBasePrin->IsThirdPartyPrincipal(principal, &isThirdParty); - - return isThirdParty; -} - /* static */ nsCString AntiTrackingUtils::GrantedReasonToString( ContentBlockingNotifier::StorageAccessPermissionGrantedReason aReason) { diff --git a/toolkit/components/antitracking/AntiTrackingUtils.h b/toolkit/components/antitracking/AntiTrackingUtils.h index d47c1453c104..5600fd678057 100644 --- a/toolkit/components/antitracking/AntiTrackingUtils.h +++ b/toolkit/components/antitracking/AntiTrackingUtils.h @@ -121,10 +121,6 @@ class AntiTrackingUtils final { // Otherwise, it will continue to check if the window is third-party. static bool IsThirdPartyWindow(nsPIDOMWindowInner* aWindow, nsIURI* aURI); - // Given a browsing context, this function determines if this browsing context - // is considered as a third party in respect to the top-level context. - static bool IsThirdPartyContext(dom::BrowsingContext* aBrowsingContext); - static nsCString GrantedReasonToString( ContentBlockingNotifier::StorageAccessPermissionGrantedReason aReason); diff --git a/toolkit/components/antitracking/StoragePrincipalHelper.cpp b/toolkit/components/antitracking/StoragePrincipalHelper.cpp index febe1e6fc1df..6067f42b1a85 100644 --- a/toolkit/components/antitracking/StoragePrincipalHelper.cpp +++ b/toolkit/components/antitracking/StoragePrincipalHelper.cpp @@ -11,7 +11,6 @@ #include "mozilla/ScopeExit.h" #include "mozilla/StorageAccess.h" #include "nsContentUtils.h" -#include "nsIDocShell.h" #include "nsIEffectiveTLDService.h" namespace mozilla { @@ -84,78 +83,6 @@ bool ChooseOriginAttributes(nsIChannel* aChannel, OriginAttributes& aAttrs, return true; } -bool VerifyValidPartitionedPrincipalInfoForPrincipalInfoInternal( - const ipc::PrincipalInfo& aPartitionedPrincipalInfo, - const ipc::PrincipalInfo& aPrincipalInfo, - bool aIgnoreSpecForContentPrincipal, - bool aIgnoreDomainForContentPrincipal) { - if (aPartitionedPrincipalInfo.type() != aPrincipalInfo.type()) { - return false; - } - - if (aPartitionedPrincipalInfo.type() == - mozilla::ipc::PrincipalInfo::TContentPrincipalInfo) { - const mozilla::ipc::ContentPrincipalInfo& spInfo = - aPartitionedPrincipalInfo.get_ContentPrincipalInfo(); - const mozilla::ipc::ContentPrincipalInfo& pInfo = - aPrincipalInfo.get_ContentPrincipalInfo(); - - return spInfo.attrs().EqualsIgnoringPartitionKey(pInfo.attrs()) && - spInfo.originNoSuffix() == pInfo.originNoSuffix() && - (aIgnoreSpecForContentPrincipal || spInfo.spec() == pInfo.spec()) && - (aIgnoreDomainForContentPrincipal || - spInfo.domain() == pInfo.domain()) && - spInfo.baseDomain() == pInfo.baseDomain(); - } - - if (aPartitionedPrincipalInfo.type() == - mozilla::ipc::PrincipalInfo::TSystemPrincipalInfo) { - // Nothing to check here. - return true; - } - - if (aPartitionedPrincipalInfo.type() == - mozilla::ipc::PrincipalInfo::TNullPrincipalInfo) { - const mozilla::ipc::NullPrincipalInfo& spInfo = - aPartitionedPrincipalInfo.get_NullPrincipalInfo(); - const mozilla::ipc::NullPrincipalInfo& pInfo = - aPrincipalInfo.get_NullPrincipalInfo(); - - return spInfo.spec() == pInfo.spec() && - spInfo.attrs().EqualsIgnoringPartitionKey(pInfo.attrs()); - } - - if (aPartitionedPrincipalInfo.type() == - mozilla::ipc::PrincipalInfo::TExpandedPrincipalInfo) { - const mozilla::ipc::ExpandedPrincipalInfo& spInfo = - aPartitionedPrincipalInfo.get_ExpandedPrincipalInfo(); - const mozilla::ipc::ExpandedPrincipalInfo& pInfo = - aPrincipalInfo.get_ExpandedPrincipalInfo(); - - if (!spInfo.attrs().EqualsIgnoringPartitionKey(pInfo.attrs())) { - return false; - } - - if (spInfo.allowlist().Length() != pInfo.allowlist().Length()) { - return false; - } - - for (uint32_t i = 0; i < spInfo.allowlist().Length(); ++i) { - if (!VerifyValidPartitionedPrincipalInfoForPrincipalInfoInternal( - spInfo.allowlist()[i], pInfo.allowlist()[i], - aIgnoreSpecForContentPrincipal, - aIgnoreDomainForContentPrincipal)) { - return false; - } - } - - return true; - } - - MOZ_CRASH("Invalid principalInfo type"); - return false; -} - } // namespace // static @@ -229,18 +156,73 @@ StoragePrincipalHelper::PrepareEffectiveStoragePrincipalOriginAttributes( // static bool StoragePrincipalHelper::VerifyValidStoragePrincipalInfoForPrincipalInfo( - const mozilla::ipc::PrincipalInfo& aPartitionedPrincipalInfo, + const mozilla::ipc::PrincipalInfo& aStoragePrincipalInfo, const mozilla::ipc::PrincipalInfo& aPrincipalInfo) { - return VerifyValidPartitionedPrincipalInfoForPrincipalInfoInternal( - aPartitionedPrincipalInfo, aPrincipalInfo, false, false); -} + if (aStoragePrincipalInfo.type() != aPrincipalInfo.type()) { + return false; + } -// static -bool StoragePrincipalHelper::VerifyValidClientPrincipalInfoForPrincipalInfo( - const mozilla::ipc::PrincipalInfo& aClientPrincipalInfo, - const mozilla::ipc::PrincipalInfo& aPrincipalInfo) { - return VerifyValidPartitionedPrincipalInfoForPrincipalInfoInternal( - aClientPrincipalInfo, aPrincipalInfo, true, true); + if (aStoragePrincipalInfo.type() == + mozilla::ipc::PrincipalInfo::TContentPrincipalInfo) { + const mozilla::ipc::ContentPrincipalInfo& spInfo = + aStoragePrincipalInfo.get_ContentPrincipalInfo(); + const mozilla::ipc::ContentPrincipalInfo& pInfo = + aPrincipalInfo.get_ContentPrincipalInfo(); + + if (!spInfo.attrs().EqualsIgnoringFPD(pInfo.attrs()) || + spInfo.originNoSuffix() != pInfo.originNoSuffix() || + spInfo.spec() != pInfo.spec() || spInfo.domain() != pInfo.domain() || + spInfo.baseDomain() != pInfo.baseDomain()) { + return false; + } + + return true; + } + + if (aStoragePrincipalInfo.type() == + mozilla::ipc::PrincipalInfo::TSystemPrincipalInfo) { + // Nothing to check here. + return true; + } + + if (aStoragePrincipalInfo.type() == + mozilla::ipc::PrincipalInfo::TNullPrincipalInfo) { + const mozilla::ipc::NullPrincipalInfo& spInfo = + aStoragePrincipalInfo.get_NullPrincipalInfo(); + const mozilla::ipc::NullPrincipalInfo& pInfo = + aPrincipalInfo.get_NullPrincipalInfo(); + + return spInfo.spec() == pInfo.spec() && + spInfo.attrs().EqualsIgnoringFPD(pInfo.attrs()); + } + + if (aStoragePrincipalInfo.type() == + mozilla::ipc::PrincipalInfo::TExpandedPrincipalInfo) { + const mozilla::ipc::ExpandedPrincipalInfo& spInfo = + aStoragePrincipalInfo.get_ExpandedPrincipalInfo(); + const mozilla::ipc::ExpandedPrincipalInfo& pInfo = + aPrincipalInfo.get_ExpandedPrincipalInfo(); + + if (!spInfo.attrs().EqualsIgnoringFPD(pInfo.attrs())) { + return false; + } + + if (spInfo.allowlist().Length() != pInfo.allowlist().Length()) { + return false; + } + + for (uint32_t i = 0; i < spInfo.allowlist().Length(); ++i) { + if (!VerifyValidStoragePrincipalInfoForPrincipalInfo( + spInfo.allowlist()[i], pInfo.allowlist()[i])) { + return false; + } + } + + return true; + } + + MOZ_CRASH("Invalid principalInfo type"); + return false; } // static @@ -338,48 +320,6 @@ nsresult StoragePrincipalHelper::GetPrincipal(nsPIDOMWindowInner* aWindow, return NS_OK; } -// static -bool StoragePrincipalHelper::ShouldUsePartitionPrincipalForServiceWorker( - nsIDocShell* aDocShell) { - MOZ_ASSERT(aDocShell); - - RefPtr document = aDocShell->GetExtantDocument(); - - // If we cannot get the document from the docShell, we turn to get its - // parent's document. - if (!document) { - nsCOMPtr parentItem; - aDocShell->GetInProcessSameTypeParent(getter_AddRefs(parentItem)); - - if (parentItem) { - document = parentItem->GetDocument(); - } - } - - nsCOMPtr cookieJarSettings; - - if (document) { - cookieJarSettings = document->CookieJarSettings(); - } else { - // If there was no document, we create one cookieJarSettings here in order - // to get the cookieBehavior. - cookieJarSettings = CookieJarSettings::Create(CookieJarSettings::eRegular); - } - - // We only support partitioned service workers when dFPI is enabled. - if (cookieJarSettings->GetCookieBehavior() != - nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN) { - return false; - } - - // Only the third-party context will need to use the partitioned principal. A - // first-party context is still using the regular principal for the service - // worker. - return AntiTrackingUtils::IsThirdPartyContext( - document ? document->GetBrowsingContext() - : aDocShell->GetBrowsingContext()); -} - // static bool StoragePrincipalHelper::GetOriginAttributes( nsIChannel* aChannel, mozilla::OriginAttributes& aAttributes, diff --git a/toolkit/components/antitracking/StoragePrincipalHelper.h b/toolkit/components/antitracking/StoragePrincipalHelper.h index e2b2ae768793..f2e6815698b5 100644 --- a/toolkit/components/antitracking/StoragePrincipalHelper.h +++ b/toolkit/components/antitracking/StoragePrincipalHelper.h @@ -212,7 +212,6 @@ class nsIChannel; class nsICookieJarSettings; -class nsIDocShell; class nsILoadGroup; class nsIPrincipal; class nsIURI; @@ -243,19 +242,10 @@ class StoragePrincipalHelper final { static nsresult PrepareEffectiveStoragePrincipalOriginAttributes( nsIChannel* aChannel, OriginAttributes& aOriginAttributes); - // A helper function to verify storage principal info with the principal info. static bool VerifyValidStoragePrincipalInfoForPrincipalInfo( const mozilla::ipc::PrincipalInfo& aStoragePrincipalInfo, const mozilla::ipc::PrincipalInfo& aPrincipalInfo); - // A helper function to verify client principal info with the principal info. - // - // Note that the client principal refers the principal of the client, which is - // supposed to be the foreign partitioned principal. - static bool VerifyValidClientPrincipalInfoForPrincipalInfo( - const mozilla::ipc::PrincipalInfo& aClientPrincipalInfo, - const mozilla::ipc::PrincipalInfo& aPrincipalInfo); - enum PrincipalType { // This is the first-party principal. eRegularPrincipal, @@ -295,12 +285,6 @@ class StoragePrincipalHelper final { PrincipalType aPrincipalType, nsIPrincipal** aPrincipal); - // Check if we need to use the partitioned principal for the service worker of - // the given docShell. Please do not use this API unless you cannot get the - // foreign partitioned principal, e.g. creating the inital about:blank page. - static bool ShouldUsePartitionPrincipalForServiceWorker( - nsIDocShell* aDocShell); - /** * Extract the right OriginAttributes from the channel's triggering * principal. @@ -317,7 +301,7 @@ class StoragePrincipalHelper final { // These methods return the correct originAttributes to be used for network // state components (HSTS, network cache, image-cache, and so on). - static bool GetOriginAttributesForNetworkState(nsIChannel* aChannel, + static bool GetOriginAttributesForNetworkState(nsIChannel* aChanel, OriginAttributes& aAttributes); static void GetOriginAttributesForNetworkState(dom::Document* aDocument, OriginAttributes& aAttributes); diff --git a/toolkit/components/antitracking/test/browser/browser_partitionedServiceWorkers.js b/toolkit/components/antitracking/test/browser/browser_partitionedServiceWorkers.js index cbd91cce522f..48b2e0f96153 100644 --- a/toolkit/components/antitracking/test/browser/browser_partitionedServiceWorkers.js +++ b/toolkit/components/antitracking/test/browser/browser_partitionedServiceWorkers.js @@ -69,13 +69,7 @@ PartitionedStorageHelper.runTest( win1stParty.sw.postMessage(win3rdParty.location.href); let msg = await msgPromise; - // The service worker will always be partitioned. So, the first party window - // won't have control on the third-party window. - is( - false, - msg, - "We won't have the 3rd party window controlled regardless of StorageAccess." - ); + is(allowed, msg, "We want to have the 3rd party window controlled."); }, async _ => {