Bug 1345474 - Check incognito access for windows api r=rpl

Depends on D4111 Differential Revision: https://phabricator.services.mozilla.com/D4112 --HG-- extra : moz-landing-system : lando
2018-12-10 21:30:05 +00:00 · 2018-12-10 21:30:05 +00:00 · 71f6118fe9
--- a/browser/components/extensions/parent/ext-windows.js
+++ b/browser/components/extensions/parent/ext-windows.js
@ -30,7 +30,11 @@ var {
 */
 function WindowEventManager(context, name, event, listener) {
  let register = fire => {
-    let listener2 = listener.bind(null, fire);
+    let listener2 = (window, ...args) => {
+      if (context.canAccessWindow(window)) {
+        listener(fire, window, ...args);
+      }
+    };

    windowTracker.addListener(event, listener2);
    return () => {
@ -69,6 +73,9 @@ this.windows = class extends ExtensionAPI {
              // event when switching focus between two Firefox windows.
              Promise.resolve().then(() => {
                let window = Services.focus.activeWindow;
+                if (!context.canAccessWindow(window)) {
+                  return;
+                }
                let windowId = window ? windowTracker.getId(window) : Window.WINDOW_ID_NONE;
                if (windowId !== lastOnFocusChangedWindowId) {
                  fire.async(windowId);
@ -87,7 +94,7 @@ this.windows = class extends ExtensionAPI {

        get: function(windowId, getInfo) {
          let window = windowTracker.getWindow(windowId, context);
-          if (!window) {
+          if (!window || !context.canAccessWindow(window)) {
            return Promise.reject({message: `Invalid window ID: ${windowId}`});
          }
          return Promise.resolve(windowManager.convert(window, getInfo));
@ -95,17 +102,24 @@ this.windows = class extends ExtensionAPI {

        getCurrent: function(getInfo) {
          let window = context.currentWindow || windowTracker.topWindow;
+          if (!context.canAccessWindow(window)) {
+            return Promise.reject({message: `Invalid window`});
+          }
          return Promise.resolve(windowManager.convert(window, getInfo));
        },

        getLastFocused: function(getInfo) {
          let window = windowTracker.topWindow;
+          if (!context.canAccessWindow(window)) {
+            return Promise.reject({message: `Invalid window`});
+          }
          return Promise.resolve(windowManager.convert(window, getInfo));
        },

        getAll: function(getInfo) {
          let doNotCheckTypes = getInfo === null || getInfo.windowTypes === null;
          let windows = [];
+          // incognito access is checked in getAll
          for (let win of windowManager.getAll()) {
            if (doNotCheckTypes || getInfo.windowTypes.includes(win.type)) {
              windows.push(win.convert(getInfo));
@ -117,6 +131,9 @@ this.windows = class extends ExtensionAPI {
        create: function(createData) {
          let needResize = (createData.left !== null || createData.top !== null ||
                            createData.width !== null || createData.height !== null);
+          if (createData.incognito && !context.privateBrowsingAllowed) {
+            return Promise.reject({message: "Extension does not have permission for incognito mode"});
+          }

          if (needResize) {
            if (createData.state !== null && createData.state != "normal") {
@ -144,7 +161,9 @@ this.windows = class extends ExtensionAPI {
            }

            let tab = tabTracker.getTab(createData.tabId);
-
+            if (!context.canAccessWindow(tab.ownerGlobal)) {
+              return Promise.reject({message: `Invalid tab ID: ${createData.tabId}`});
+            }
            // Private browsing tabs can only be moved to private browsing
            // windows.
            let incognito = PrivateBrowsingUtils.isBrowserPrivate(tab.linkedBrowser);
@ -260,6 +279,9 @@ this.windows = class extends ExtensionAPI {
          }

          let win = windowManager.get(windowId, context);
+          if (!win) {
+            return Promise.reject({message: `Invalid window ID: ${windowId}`});
+          }
          if (updateInfo.focused) {
            Services.focus.activeWindow = win.window;
          }
@ -287,6 +309,9 @@ this.windows = class extends ExtensionAPI {

        remove: function(windowId) {
          let window = windowTracker.getWindow(windowId, context);
+          if (!context.canAccessWindow(window)) {
+            return Promise.reject({message: `Invalid window ID: ${windowId}`});
+          }
          window.close();

          return new Promise(resolve => {
--- a/browser/components/extensions/test/browser/browser-common.ini
+++ b/browser/components/extensions/test/browser/browser-common.ini
@ -251,6 +251,7 @@ tags = fullscreen
 [browser_ext_windows_create_tabId.js]
 [browser_ext_windows_create_url.js]
 [browser_ext_windows_events.js]
+[browser_ext_windows_incognito.js]
 [browser_ext_windows_remove.js]
 [browser_ext_windows_size.js]
 skip-if = os == 'mac' # Fails when windows are randomly opened in fullscreen mode
--- a/browser/components/extensions/test/browser/browser_ext_windows_events.js
+++ b/browser/components/extensions/test/browser/browser_ext_windows_events.js
@ -4,7 +4,9 @@

 SimpleTest.requestCompleteLog();

-add_task(async function testWindowsEvents() {
+add_task(async function test_windows_events_not_allowed() {
+  let monitor = await startIncognitoMonitorExtension();
+
  function background() {
    browser.windows.onCreated.addListener(window => {
      browser.test.log(`onCreated: windowId=${window.id}`);
@ -26,7 +28,6 @@ add_task(async function testWindowsEvents() {

      browser.test.assertTrue(Number.isInteger(eventWindowId),
                              "windowId is an integer");
-
      let window = await browser.windows.getLastFocused();
      browser.test.sendMessage("window-focus-changed", {winId: eventWindowId, lastFocusedWindowId: window.id});
    });
@ -44,6 +45,7 @@ add_task(async function testWindowsEvents() {
  }

  let extension = ExtensionTestUtils.loadExtension({
+    manifest: {},
    background,
  });

@ -80,7 +82,7 @@ add_task(async function testWindowsEvents() {
  is(winId, win1Id, "Got focus change event for the correct window ID.");

  info("Create browser window 2");
-  let win2 = await BrowserTestUtils.openNewBrowserWindow();
+  let win2 = await BrowserTestUtils.openNewBrowserWindow({private: true});
  let win2Id = await extension.awaitMessage("window-created");
  info(`Window 2 ID: ${win2Id}`);

@ -114,4 +116,5 @@ add_task(async function testWindowsEvents() {

  await extension.awaitFinish("windows.events");
  await extension.unload();
+  await monitor.unload();
 });
--- a/browser/components/extensions/test/browser/browser_ext_windows_incognito.js
+++ b/browser/components/extensions/test/browser/browser_ext_windows_incognito.js
@ -0,0 +1,49 @@
+/* -*- Mode: indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim: set sts=2 sw=2 et tw=80: */
+"use strict";
+
+add_task(async function test_window_incognito() {
+  const url = "http://mochi.test:8888/browser/browser/components/extensions/test/browser/file_iframe_document.html";
+
+  let extension = ExtensionTestUtils.loadExtension({
+    manifest: {
+      "permissions": ["http://mochi.test/"],
+    },
+    incognitoOverride: "not_allowed",
+    background() {
+      browser.test.onMessage.addListener(async pbw => {
+        await browser.test.assertRejects(browser.windows.get(pbw.windowId),
+                                         /Invalid window ID/,
+                                         "should not be able to get incognito window");
+        await browser.test.assertRejects(browser.windows.remove(pbw.windowId),
+                                         /Invalid window ID/,
+                                         "should not be able to remove incognito window");
+        await browser.test.assertRejects(browser.windows.getCurrent(),
+                                         /Invalid window/,
+                                         "should not be able to get incognito top window");
+        await browser.test.assertRejects(browser.windows.getLastFocused(),
+                                         /Invalid window/,
+                                         "should not be able to get incognito focused window");
+        await browser.test.assertRejects(browser.windows.create({incognito: true}),
+                                         /Extension does not have permission for incognito mode/,
+                                         "should not be able to create incognito window");
+        await browser.test.assertRejects(browser.windows.update(pbw.windowId, {focused: true}),
+                                         /Invalid window ID/,
+                                         "should not be able to update incognito window");
+
+        let windows = await browser.windows.getAll();
+        browser.test.assertEq(1, windows.length, "unable to get incognito window");
+
+        browser.test.notifyPass("pass");
+      });
+    },
+  });
+
+  let winData = await getIncognitoWindow(url);
+
+  await extension.startup();
+  extension.sendMessage(winData.details);
+  await extension.awaitFinish("pass");
+  await BrowserTestUtils.closeWindow(winData.win);
+  await extension.unload();
+});
--- a/browser/components/extensions/test/browser/head.js
+++ b/browser/components/extensions/test/browser/head.js
@ -595,6 +595,23 @@ async function startIncognitoMonitorExtension(failOnIncognitoEvent = true) {
      await testTabInfo(addedTabId, "onReplaced");
      await testTabInfo(removedTabId, "onReplaced");
    });
+    browser.windows.onCreated.addListener(window => {
+      browser.test.assertEq(window.incognito, expectIncognito, `monitor extension got expected incognito value`);
+    });
+    browser.windows.onRemoved.addListener(async (windowId) => {
+      try {
+        let window = await browser.windows.get(windowId);
+        browser.test.assertEq(window.incognito, expectIncognito, `monitor extension got expected incognito value`);
+      } catch (e) {
+        // Window removal at end of tests can get here after window is gone.
+        browser.test.log(`onRemoved received late ${e}`);
+      }
+    });
+    browser.windows.onFocusChanged.addListener(async (windowId) => {
+      // onFocusChanged will also fire for blur so check actual window.incognito value.
+      let window = await browser.windows.get(windowId);
+      browser.test.assertEq(window.incognito, expectIncognito, `monitor extesion got unexpected window onFocusChanged event`);
+    });
  }

  let extension = ExtensionTestUtils.loadExtension({