Bug 1636629 - Permission check on stream filter parent creation. r=mixedpuppy

Differential Revision: https://phabricator.services.mozilla.com/D128737

modules/libpref/init/StaticPrefList.yaml

@@ -4218,6 +4218,12 @@
   value: false
   mirror: always
 
+# Legacy behavior on filterResponse calls on intercepted sw script requests.
+- name: extensions.filterResponseServiceWorkerScript.disabled
+  type: bool
+  value: false
+  mirror: always
+
 # This pref governs whether we run webextensions in a separate process (true)
 # or the parent/main process (false)
 - name: extensions.webextensions.remote

toolkit/components/extensions/schemas/web_request.json

@@ -12,7 +12,8 @@
           "type": "string",
           "enum": [
             "webRequest",
-            "webRequestBlocking"
+            "webRequestBlocking",
+            "webRequestFilterResponse.serviceWorkerScript"
           ]
         }]
       }

toolkit/components/extensions/test/xpcshell/test_ext_permissions.js

@@ -577,6 +577,7 @@ const GRANTED_WITHOUT_USER_PROMPT = [
   "urlbar",
   "webRequest",
   "webRequestBlocking",
+  "webRequestFilterResponse.serviceWorkerScript",
 ];
 
 add_task(function test_permissions_have_localization_strings() {

toolkit/components/extensions/test/xpcshell/test_ext_permissions_api.js

@@ -64,6 +64,7 @@ add_task(async function setup() {
     "tabHide",
     "tabs",
     "webRequestBlocking",
+    "webRequestFilterResponse.serviceWorkerScript",
   ];
   OptionalPermissions = Schemas.getPermissionNames([
     "OptionalPermission",

toolkit/components/extensions/webrequest/StreamFilterParent.cpp

@@ -6,9 +6,11 @@
 
 #include "StreamFilterParent.h"
 
+#include "mozilla/ExtensionPolicyService.h"
 #include "mozilla/Unused.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/net/ChannelEventQueue.h"
+#include "mozilla/StaticPrefs_extensions.h"
 #include "nsHttpChannel.h"
 #include "nsIChannel.h"
 #include "nsIInputStream.h"
@@ -124,6 +126,19 @@ auto StreamFilterParent::Create(dom::ContentParent* aContentParent,
     return ChildEndpointPromise::CreateAndReject(false, __func__);
   }
 
+  nsCOMPtr<nsIChannel> genChan(do_QueryInterface(channel));
+  if (!StaticPrefs::extensions_filterResponseServiceWorkerScript_disabled() &&
+      ChannelWrapper::IsServiceWorkerScript(genChan)) {
+    RefPtr<extensions::WebExtensionPolicy> addonPolicy =
+        ExtensionPolicyService::GetSingleton().GetByID(aAddonId);
+
+    if (!addonPolicy ||
+        !addonPolicy->HasPermission(
+            nsGkAtoms::webRequestFilterResponse_serviceWorkerScript)) {
+      return ChildEndpointPromise::CreateAndReject(false, __func__);
+    }
+  }
+
   // Disable alt-data for extension stream listeners.
   nsCOMPtr<nsIHttpChannelInternal> internal(do_QueryObject(channel));
   internal->DisableAltDataCache();

xpcom/ds/StaticAtoms.py

@@ -1959,6 +1959,7 @@ STATIC_ATOMS = [
     Atom("mozillaAddons", "mozillaAddons"),
     Atom("tabs", "tabs"),
     Atom("webRequestBlocking", "webRequestBlocking"),
+    Atom("webRequestFilterResponse_serviceWorkerScript", "webRequestFilterResponse.serviceWorkerScript"),
     Atom("http", "http"),
     Atom("https", "https"),
     Atom("proxy", "proxy"),