Bug 1612376 - P6. Permission update in the parent process should only happen when the heurisitc is triggered by a first-party window r=timhuang,baku

Differential Revision: https://phabricator.services.mozilla.com/D72657
2020-04-29 14:48:47 +00:00 · 2020-04-29 14:48:47 +00:00 · 56bfd52246
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@ -5737,11 +5737,18 @@ mozilla::ipc::IPCResult ContentParent::RecvAutomaticStorageAccessCanBeGranted(

 mozilla::ipc::IPCResult
 ContentParent::RecvFirstPartyStorageAccessGrantedForOrigin(
-    uint64_t aParentWindowId, const Principal& aTrackingPrincipal,
-    const nsCString& aTrackingOrigin, const int& aAllowMode,
+    uint64_t aTopLevelWindowId,
+    const MaybeDiscarded<BrowsingContext>& aParentContext,
+    const Principal& aTrackingPrincipal, const nsCString& aTrackingOrigin,
+    const int& aAllowMode,
    FirstPartyStorageAccessGrantedForOriginResolver&& aResolver) {
+  if (aParentContext.IsNullOrDiscarded()) {
+    return IPC_OK();
+  }
+
  ContentBlocking::SaveAccessForOriginOnParentProcess(
-      aParentWindowId, aTrackingPrincipal, aTrackingOrigin, aAllowMode)
+      aTopLevelWindowId, aParentContext.get_canonical(), aTrackingPrincipal,
+      aTrackingOrigin, aAllowMode)
      ->Then(
          GetCurrentThreadSerialEventTarget(), __func__,
          [aResolver = std::move(aResolver)](
--- a/dom/ipc/ContentParent.h
+++ b/dom/ipc/ContentParent.h
@ -1229,8 +1229,10 @@ class ContentParent final
      AutomaticStorageAccessCanBeGrantedResolver&& aResolver);

  mozilla::ipc::IPCResult RecvFirstPartyStorageAccessGrantedForOrigin(
-      uint64_t aParentWindowId, const Principal& aTrackingPrincipal,
-      const nsCString& aTrackingOrigin, const int& aAllowMode,
+      uint64_t aTopLevelWindowId,
+      const MaybeDiscarded<BrowsingContext>& aParentContext,
+      const Principal& aTrackingPrincipal, const nsCString& aTrackingOrigin,
+      const int& aAllowMode,
      FirstPartyStorageAccessGrantedForOriginResolver&& aResolver);

  mozilla::ipc::IPCResult RecvCompleteAllowAccessFor(
--- a/dom/ipc/PContent.ipdl
+++ b/dom/ipc/PContent.ipdl
@ -1485,7 +1485,8 @@ parent:
     * A 3rd party tracking origin (aTrackingOrigin) has received the permission
     * granted to have access to aGrantedOrigin when loaded by aParentWindowId.
     */
-    async FirstPartyStorageAccessGrantedForOrigin(uint64_t aParentWindowId,
+    async FirstPartyStorageAccessGrantedForOrigin(uint64_t aTopLevelWindowId,
+                                                  MaybeDiscardedBrowsingContext aParentContext,
                                                  Principal aTrackingPrincipal,
                                                  nsCString aTrackingOrigin,
                                                  int aAllowMode)
--- a/toolkit/components/antitracking/ContentBlocking.cpp
+++ b/toolkit/components/antitracking/ContentBlocking.cpp
@ -493,9 +493,9 @@ ContentBlocking::CompleteAllowAccessFor(

    if (XRE_IsParentProcess()) {
      LOG(("Saving the permission: trackingOrigin=%s", trackingOrigin.get()));
-      return SaveAccessForOriginOnParentProcess(aTopLevelWindowId,
-                                                trackingPrincipal,
-                                                trackingOrigin, aAllowMode)
+      return SaveAccessForOriginOnParentProcess(
+                 aTopLevelWindowId, aParentContext, trackingPrincipal,
+                 trackingOrigin, aAllowMode)
          ->Then(GetCurrentThreadSerialEventTarget(), __func__,
                 [](ParentAccessGrantPromise::ResolveOrRejectValue&& aValue) {
                   if (aValue.IsResolve()) {
@ -519,8 +519,8 @@ ContentBlocking::CompleteAllowAccessFor(
    // sending the request of storing a permission.
    return cc
        ->SendFirstPartyStorageAccessGrantedForOrigin(
-            aTopLevelWindowId, IPC::Principal(trackingPrincipal),
-            trackingOrigin, aAllowMode)
+            aTopLevelWindowId, aParentContext,
+            IPC::Principal(trackingPrincipal), trackingOrigin, aAllowMode)
        ->Then(GetCurrentThreadSerialEventTarget(), __func__,
               [](const ContentChild::
                      FirstPartyStorageAccessGrantedForOriginPromise::
@ -581,23 +581,24 @@ ContentBlocking::CompleteAllowAccessFor(
 /* static */
 RefPtr<mozilla::ContentBlocking::ParentAccessGrantPromise>
 ContentBlocking::SaveAccessForOriginOnParentProcess(
-    uint64_t aParentWindowId, nsIPrincipal* aTrackingPrincipal,
-    const nsCString& aTrackingOrigin, int aAllowMode,
-    uint64_t aExpirationTime) {
-  MOZ_ASSERT(aParentWindowId != 0);
+    uint64_t aTopLevelWindowId, BrowsingContext* aParentContext,
+    nsIPrincipal* aTrackingPrincipal, const nsCString& aTrackingOrigin,
+    int aAllowMode, uint64_t aExpirationTime) {
+  MOZ_ASSERT(aTopLevelWindowId != 0);

  RefPtr<WindowGlobalParent> wgp =
-      WindowGlobalParent::GetByInnerWindowId(aParentWindowId);
+      WindowGlobalParent::GetByInnerWindowId(aTopLevelWindowId);
  if (!wgp) {
    LOG(("Can't get window global parent"));
    return ParentAccessGrantPromise::CreateAndReject(false, __func__);
  }

-  // While granting permission on a first-party window, also have to update
-  // the result to all tracker's frames, if any.
-  BrowsingContext* bc = wgp->BrowsingContext();
-  if (bc->IsTop()) {
-    ContentBlocking::UpdateAllowAccessOnParentProcess(bc, aTrackingOrigin);
+  // If the permission is granted on a first-party window, also have to update
+  // the permission to all the other windows with the same tracking origin (in
+  // the same tab), if any.
+  if (aParentContext->IsTop()) {
+    ContentBlocking::UpdateAllowAccessOnParentProcess(aParentContext,
+                                                      aTrackingOrigin);
  }

  return ContentBlocking::SaveAccessForOriginOnParentProcess(
--- a/toolkit/components/antitracking/ContentBlocking.h
+++ b/toolkit/components/antitracking/ContentBlocking.h
@ -111,8 +111,9 @@ class ContentBlocking final {
          StaticPrefs::privacy_restrict3rdpartystorage_expiration());

  static RefPtr<ParentAccessGrantPromise> SaveAccessForOriginOnParentProcess(
-      uint64_t aParentWindowId, nsIPrincipal* aTrackingPrinciapl,
-      const nsCString& aTrackingOrigin, int aAllowMode,
+      uint64_t aTopLevelWindowId, dom::BrowsingContext* aParentContext,
+      nsIPrincipal* aTrackingPrinciapl, const nsCString& aTrackingOrigin,
+      int aAllowMode,
      uint64_t aExpirationTime =
          StaticPrefs::privacy_restrict3rdpartystorage_expiration());