Bug 1699627 - Use nsIMarionette service to get enabled state of Marionette within the Content Security Manager. r=freddyb

Differential Revision: https://phabricator.services.mozilla.com/D109363

dom/security/nsContentSecurityManager.cpp

@@ -24,6 +24,9 @@
 #include "nsNetUtil.h"
 #include "nsReadableUtils.h"
 #include "nsIXPConnect.h"
+#ifdef ENABLE_MARIONETTE
+#  include "nsIMarionette.h"
+#endif
 
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/ClearOnShutdown.h"
@@ -948,13 +951,20 @@ nsresult nsContentSecurityManager::CheckAllowLoadInSystemPrivilegedContext(
     MeasureUnexpectedPrivilegedLoads(finalURI, contentPolicyType, remoteType);
   }
 
+  bool marionetteRunning = false;
+#ifdef ENABLE_MARIONETTE
+  nsCOMPtr<nsIMarionette> marionette = do_GetService(NS_MARIONETTE_CONTRACTID);
+  if (marionette) {
+    marionette->GetRunning(&marionetteRunning);
+  }
+#endif
+
   // Relaxing restrictions for our test suites:
   // (1) AreNonLocalConnectionsDisabled() disables network, so http://mochitest
   // is actually local and allowed. (2) The marionette test framework uses
   // injections and data URLs to execute scripts, checking for the environment
   // variable breaks the attack but not the tests.
-  if (xpc::AreNonLocalConnectionsDisabled() ||
-      mozilla::EnvHasValue("MOZ_MARIONETTE")) {
+  if (xpc::AreNonLocalConnectionsDisabled() || marionetteRunning) {
     bool disallowSystemPrincipalRemoteDocuments = Preferences::GetBool(
         "security.disallow_non_local_systemprincipal_in_tests");
     if (disallowSystemPrincipalRemoteDocuments) {