Previously, the WebExtension protocol used dynamic protocol flags which
were based on the WebExtension policy in order to enforce things such as
availability in private browsing and the accessibility of certain
resources.
Since the shift to MV3, these checks have required more complex checks
than what was possible to specify with protocol flags, which required
the addition of WEBEXT_URI_WEB_ACCESSIBLE - a security flag which would
trigger further checks with the EPS to determine if the URI can be
loaded.
This was somewhat inefficient, as fetching the URI flags would require
looking up the policy each time dynamic flags were looked up, as well as
when policy specifics were being checked after loading flags. In
addition, it lead to a number of flags which were very specific to
extension protocols.
This patch changes extensions to no longer have dynamic flags, instead
specifying the static `URI_IS_WEBEXTENSION_RESOURCE` security flag. When
this flag is specified, security checks are made by querying the
ExtensionPolicyService to ask if the load should be permitted, combining
the specific security checks for Extension resources into a simpler
code-path, and avoids redundant checks.
Differential Revision: https://phabricator.services.mozilla.com/D216076
This method was previously non-threadsafe due to it needing to access dynamic
URI flags. These flags were used to check the WEbExtensionPolicy to see if the
webextension resource being loaded should be accessible.
Making dynamic URI flags available off-main-thread in general would
unfortunately be quite difficult, due to some of them depending on things like
JS `nsIAboutModule` implementations, so that was not the approach taken.
Instead, all information required is already available in the threadsafe
WebExtensionPolicyCore, which is now directly queried, instead of being queried
indirectly through protocol flags.
Differential Revision: https://phabricator.services.mozilla.com/D215026
Inline Create() and Realloc() so that we don't get negative leaks, since
were that code end up in mozglue, it wouldn't have access to the logging
machinery.
Differential Revision: https://phabricator.services.mozilla.com/D209663
These properties were previously being checked much later, during xptcodegen,
and causing methods to be treated as noscript implicitly.
This change enforces the noscript requirements earlier when possible in
xpidl.py, to produce better errors, and adds addiitonal checks to ensure that
types which need to be builtinclass are marked as such.
This required some changes to interfaces in order to satisfy the new checks.
Differential Revision: https://phabricator.services.mozilla.com/D207804
Previously the `boolean` type was also declared using a `bool` typedef in
xpidl, meaning that both were used in various places. This patch standardizes
on the built-in `boolean` type, removing the typedef.
Differential Revision: https://phabricator.services.mozilla.com/D206382
Sorry for the massive patch but I found it hard to split without
introducing a bunch of copies around...
This mostly makes necko and DOM agree on which strings to use, which
should result on less copies and conversions.
Differential Revision: https://phabricator.services.mozilla.com/D205601
This patch is a no-op for observable functionality. All it does is add a bit to the partitionKey for OA, and then adds plumbing to be able to set it, and where it is required, sets it to false.
This is serialized identically to the absence of the bit, so nothing changes at all.
Differential Revision: https://phabricator.services.mozilla.com/D203155
This patch is a no-op for observable functionality. All it does is add a bit to the partitionKey for OA, and then adds plumbing to be able to set it, and where it is required, sets it to false.
This is serialized identically to the absence of the bit, so nothing changes at all.
Differential Revision: https://phabricator.services.mozilla.com/D203155
This patch is a no-op for observable functionality. All it does is add a bit to the partitionKey for OA, and then adds plumbing to be able to set it, and where it is required, sets it to false.
This is serialized identically to the absence of the bit, so nothing changes at all.
Differential Revision: https://phabricator.services.mozilla.com/D203155
This patch is a no-op for observable functionality. All it does is add a bit to the partitionKey for OA, and then adds plumbing to be able to set it, and where it is required, sets it to false.
This is serialized identically to the absence of the bit, so nothing changes at all.
Differential Revision: https://phabricator.services.mozilla.com/D203155