Bug 1165263 - Part 5: Update PermissionsUtils.importPrefBranch to use origins instead of hosts, r=ehsan

mobile/android/app/mobile.js

@@ -177,8 +177,8 @@ pref("dom.forms.number", true);
 /* extension manager and xpinstall */
 pref("xpinstall.whitelist.directRequest", false);
 pref("xpinstall.whitelist.fileRequest", false);
-pref("xpinstall.whitelist.add", "addons.mozilla.org");
-pref("xpinstall.whitelist.add.180", "marketplace.firefox.com");
+pref("xpinstall.whitelist.add", "https://addons.mozilla.org");
+pref("xpinstall.whitelist.add.180", "https://marketplace.firefox.com");
 
 pref("xpinstall.signatures.required", false);
 

toolkit/modules/PermissionsUtils.jsm

@@ -7,6 +7,7 @@ this.EXPORTED_SYMBOLS = ["PermissionsUtils"];
 const {classes: Cc, interfaces: Ci, utils: Cu, results: Cr} = Components;
 
 Cu.import("resource://gre/modules/Services.jsm");
+Cu.import("resource://gre/modules/BrowserUtils.jsm")
 
 
 let gImportedPrefBranches = new Set();
@@ -15,30 +16,41 @@ function importPrefBranch(aPrefBranch, aPermission, aAction) {
   let list = Services.prefs.getChildList(aPrefBranch, {});
 
   for (let pref of list) {
-    let hosts = "";
+    let origins = "";
     try {
-      hosts = Services.prefs.getCharPref(pref);
+      origins = Services.prefs.getCharPref(pref);
     } catch (e) {}
 
-    if (!hosts)
+    if (!origins)
       continue;
 
-    hosts = hosts.split(",");
+    origins = origins.split(",");
 
-    for (let host of hosts) {
-      let uri = null;
+    for (let origin of origins) {
+      let principals = [];
       try {
-        uri = Services.io.newURI("http://" + host, null, null);
+        principals = [ BrowserUtils.principalFromOrigin(origin) ];
       } catch (e) {
+        // This preference used to contain a list of hosts. For back-compat
+        // reasons, we convert these hosts into http:// and https:// permissions
+        // on default ports.
         try {
-          uri = Services.io.newURI(host, null, null);
+          let httpURI = Services.io.newURI("http://" + origin, null, null);
+          let httpsURI = Services.io.newURI("https://" + origin, null, null);
+
+          principals = [
+            Services.scriptSecurityManager.getNoAppCodebasePrincipal(httpURI),
+            Services.scriptSecurityManager.getNoAppCodebasePrincipal(httpsURI)
+          ];
         } catch (e2) {}
       }
 
+      for (let principal of principals) {
         try {
-        Services.perms.add(uri, aPermission, aAction);
+          Services.perms.addFromPrincipal(principal, aPermission, aAction);
         } catch (e) {}
       }
+    }
 
     Services.prefs.setCharPref(pref, "");
   }

toolkit/modules/tests/xpcshell/test_PermissionsUtils.js

@@ -23,22 +23,36 @@ function test_importfromPrefs() {
   // Create own preferences to test
   Services.prefs.setCharPref(PREF_ROOT + "whitelist.add.EMPTY", "");
   Services.prefs.setCharPref(PREF_ROOT + "whitelist.add.EMPTY2", ",");
-  Services.prefs.setCharPref(PREF_ROOT + "whitelist.add.TEST", "whitelist.example.com");
-  Services.prefs.setCharPref(PREF_ROOT + "whitelist.add.TEST2", "whitelist2-1.example.com,whitelist2-2.example.com,about:home");
+  Services.prefs.setCharPref(PREF_ROOT + "whitelist.add.TEST", "http://whitelist.example.com");
+  Services.prefs.setCharPref(PREF_ROOT + "whitelist.add.TEST2", "https://whitelist2-1.example.com,http://whitelist2-2.example.com:8080,about:home");
+  Services.prefs.setCharPref(PREF_ROOT + "whitelist.add.TEST3", "whitelist3-1.example.com,about:config"); // legacy style - host only
   Services.prefs.setCharPref(PREF_ROOT + "blacklist.add.EMPTY", "");
-  Services.prefs.setCharPref(PREF_ROOT + "blacklist.add.TEST", "blacklist.example.com,");
-  Services.prefs.setCharPref(PREF_ROOT + "blacklist.add.TEST2", ",blacklist2-1.example.com,blacklist2-2.example.com,about:mozilla");
+  Services.prefs.setCharPref(PREF_ROOT + "blacklist.add.TEST", "http://blacklist.example.com,");
+  Services.prefs.setCharPref(PREF_ROOT + "blacklist.add.TEST2", ",https://blacklist2-1.example.com,http://blacklist2-2.example.com:8080,about:mozilla");
+  Services.prefs.setCharPref(PREF_ROOT + "blacklist.add.TEST3", "blacklist3-1.example.com,about:preferences"); // legacy style - host only
 
   // Check they are unknown in the permission manager prior to importing.
   let whitelisted = ["http://whitelist.example.com",
-                     "http://whitelist2-1.example.com",
-                     "http://whitelist2-2.example.com",
+                     "https://whitelist2-1.example.com",
+                     "http://whitelist2-2.example.com:8080",
+                     "http://whitelist3-1.example.com",
+                     "https://whitelist3-1.example.com",
+                     "about:config",
                      "about:home"];
   let blacklisted = ["http://blacklist.example.com",
-                     "http://blacklist2-1.example.com",
-                     "http://blacklist2-2.example.com",
+                     "https://blacklist2-1.example.com",
+                     "http://blacklist2-2.example.com:8080",
+                     "http://blacklist3-1.example.com",
+                     "https://blacklist3-1.example.com",
+                     "about:preferences",
                      "about:mozilla"];
-  let unknown = whitelisted.concat(blacklisted);
+  let untouched = ["https://whitelist.example.com",
+                   "https://blacklist.example.com",
+                   "http://whitelist2-1.example.com",
+                   "http://blacklist2-1.example.com",
+                   "https://whitelist2-2.example.com:8080",
+                   "https://blacklist2-2.example.com:8080"];
+  let unknown = whitelisted.concat(blacklisted).concat(untouched);
   for (let url of unknown) {
     let uri = Services.io.newURI(url, null, null);
     do_check_eq(Services.perms.testPermission(uri, TEST_PERM), Services.perms.UNKNOWN_ACTION);
@@ -64,4 +78,8 @@ function test_importfromPrefs() {
     let uri = Services.io.newURI(url, null, null);
     do_check_eq(Services.perms.testPermission(uri, TEST_PERM), Services.perms.DENY_ACTION);
   }
+  for (let url of untouched) {
+    let uri = Services.io.newURI(url, null, null);
+    do_check_eq(Services.perms.testPermission(uri, TEST_PERM), Services.perms.UNKNOWN_ACTION);
+  }
 }

toolkit/mozapps/extensions/test/xpcshell/test_permissions.js

@@ -12,9 +12,9 @@ const XPI_MIMETYPE = "application/x-xpinstall";
 function run_test() {
   createAppInfo("xpcshell@tests.mozilla.org", "XPCShell", "2", "2");
 
-  Services.prefs.setCharPref("xpinstall.whitelist.add", "test1.com,test2.com");
-  Services.prefs.setCharPref("xpinstall.whitelist.add.36", "test3.com,www.test4.com");
-  Services.prefs.setCharPref("xpinstall.whitelist.add.test5", "test5.com");
+  Services.prefs.setCharPref("xpinstall.whitelist.add", "https://test1.com,https://test2.com");
+  Services.prefs.setCharPref("xpinstall.whitelist.add.36", "https://test3.com,https://www.test4.com");
+  Services.prefs.setCharPref("xpinstall.whitelist.add.test5", "https://test5.com");
 
   Services.perms.add(NetUtil.newURI("https://www.test9.com"), "install",
                      AM_Ci.nsIPermissionManager.ALLOW_ACTION);

toolkit/mozapps/extensions/test/xpcshell/test_permissions_prefs.js

@@ -30,9 +30,9 @@ function run_test() {
 
   // Create own preferences to test
   Services.prefs.setCharPref("xpinstall.whitelist.add.EMPTY", "");
-  Services.prefs.setCharPref("xpinstall.whitelist.add.TEST", "whitelist.example.com");
+  Services.prefs.setCharPref("xpinstall.whitelist.add.TEST", "http://whitelist.example.com");
   Services.prefs.setCharPref("xpinstall.blacklist.add.EMPTY", "");
-  Services.prefs.setCharPref("xpinstall.blacklist.add.TEST", "blacklist.example.com");
+  Services.prefs.setCharPref("xpinstall.blacklist.add.TEST", "http://blacklist.example.com");
 
   // Get list of preferences to check
   var whitelistPreferences = Services.prefs.getChildList(PREF_XPI_WHITELIST_PERMISSIONS, {});
@@ -53,19 +53,19 @@ function run_test() {
 
   // First, request to flush all permissions
   clear_imported_preferences_cache();
-  Services.prefs.setCharPref("xpinstall.whitelist.add.TEST2", "whitelist2.example.com");
+  Services.prefs.setCharPref("xpinstall.whitelist.add.TEST2", "https://whitelist2.example.com");
   Services.obs.notifyObservers(null, "flush-pending-permissions", "install");
   do_check_permission_prefs(preferences);
 
   // Then, request to flush just install permissions
   clear_imported_preferences_cache();
-  Services.prefs.setCharPref("xpinstall.whitelist.add.TEST3", "whitelist3.example.com");
+  Services.prefs.setCharPref("xpinstall.whitelist.add.TEST3", "https://whitelist3.example.com");
   Services.obs.notifyObservers(null, "flush-pending-permissions", "");
   do_check_permission_prefs(preferences);
 
   // And a request to flush some other permissions sholdn't flush install permissions
   clear_imported_preferences_cache();
-  Services.prefs.setCharPref("xpinstall.whitelist.add.TEST4", "whitelist4.example.com");
+  Services.prefs.setCharPref("xpinstall.whitelist.add.TEST4", "https://whitelist4.example.com");
   Services.obs.notifyObservers(null, "flush-pending-permissions", "lolcats");
-  do_check_eq(Services.prefs.getCharPref("xpinstall.whitelist.add.TEST4"), "whitelist4.example.com");
+  do_check_eq(Services.prefs.getCharPref("xpinstall.whitelist.add.TEST4"), "https://whitelist4.example.com");
 }