Bug 1173523 - Part 1: Expose an nsIPrincipal from nsIPermission rathe…

…r than a host string, appId, and isInBrowserElement, r=ehsan
Brli · Jul 14, 2015 · a6c6410 · a6c6410
1 parent 4369af1
commit a6c6410
Show file tree

Hide file tree

Showing 9 changed files with 239 additions and 133 deletions.
diff --git a/dom/ipc/ContentChild.cpp b/dom/ipc/ContentChild.cpp
@@ -53,6 +53,7 @@
 #include "mozilla/plugins/PluginModuleParent.h"
 #include "mozilla/widget/WidgetMessageUtils.h"
 #include "mozilla/media/MediaChild.h"
+#include "mozilla/BasePrincipal.h"
 
 #if defined(MOZ_CONTENT_SANDBOX)
 #if defined(XP_WIN)
@@ -2112,19 +2113,16 @@ ContentChild::RecvAddPermission(const IPC::Permission& permission)
     MOZ_ASSERT(permissionManager,
                "We have no permissionManager in the Content process !");
 
-    nsCOMPtr<nsIURI> uri;
-    NS_NewURI(getter_AddRefs(uri), NS_LITERAL_CSTRING("http://") + nsCString(permission.host));
-    NS_ENSURE_TRUE(uri, true);
-
-    nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
-    MOZ_ASSERT(secMan);
+    nsAutoCString originNoSuffix;
+    OriginAttributes attrs;
+    attrs.PopulateFromOrigin(permission.origin, originNoSuffix);
 
-    nsCOMPtr<nsIPrincipal> principal;
-    nsresult rv = secMan->GetAppCodebasePrincipal(uri, permission.appId,
-                                                permission.isInBrowserElement,
-                                                getter_AddRefs(principal));
+    nsCOMPtr<nsIURI> uri;
+    nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
     NS_ENSURE_SUCCESS(rv, true);
 
+    nsCOMPtr<nsIPrincipal> principal = mozilla::BasePrincipal::CreateCodebasePrincipal(uri, attrs);
+
     // child processes don't care about modification time.
     int64_t modificationTime = 0;
 

diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp
@@ -2559,12 +2559,12 @@ ContentParent::RecvReadPermissions(InfallibleTArray<IPC::Permission>* aPermissio
         enumerator->GetNext(getter_AddRefs(supp));
         nsCOMPtr<nsIPermission> perm = do_QueryInterface(supp);
 
-        nsCString host;
-        perm->GetHost(host);
-        uint32_t appId;
-        perm->GetAppId(&appId);
-        bool isInBrowserElement;
-        perm->GetIsInBrowserElement(&isInBrowserElement);
+        nsCOMPtr<nsIPrincipal> principal;
+        perm->GetPrincipal(getter_AddRefs(principal));
+        nsCString origin;
+        if (principal) {
+            principal->GetOrigin(origin);
+        }
         nsCString type;
         perm->GetType(type);
         uint32_t capability;
@@ -2574,8 +2574,7 @@ ContentParent::RecvReadPermissions(InfallibleTArray<IPC::Permission>* aPermissio
         int64_t expireTime;
         perm->GetExpireTime(&expireTime);
 
-        aPermissions->AppendElement(IPC::Permission(host, appId,
-                                                    isInBrowserElement, type,
+        aPermissions->AppendElement(IPC::Permission(origin, type,
                                                     capability, expireType,
                                                     expireTime));
     }

diff --git a/dom/storage/DOMStorageObserver.cpp b/dom/storage/DOMStorageObserver.cpp
@@ -196,8 +196,20 @@ DOMStorageObserver::Observe(nsISupports* aSubject,
       return NS_OK;
     }
 
+    nsCOMPtr<nsIPrincipal> principal;
+    perm->GetPrincipal(getter_AddRefs(principal));
+    if (!principal) {
+      return NS_OK;
+    }
+
+    nsCOMPtr<nsIURI> origin;
+    principal->GetURI(getter_AddRefs(origin));
+    if (!origin) {
+      return NS_OK;
+    }
+
     nsAutoCString host;
-    perm->GetHost(host);
+    origin->GetHost(host);
     if (host.IsEmpty()) {
       return NS_OK;
     }

diff --git a/extensions/cookie/nsPermission.cpp b/extensions/cookie/nsPermission.cpp
@@ -4,75 +4,154 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsPermission.h"
+#include "nsContentUtils.h"
 #include "nsIClassInfoImpl.h"
+#include "nsIEffectiveTLDService.h"
 
 // nsPermission Implementation
 
 NS_IMPL_CLASSINFO(nsPermission, nullptr, 0, {0})
 NS_IMPL_ISUPPORTS_CI(nsPermission, nsIPermission)
 
-nsPermission::nsPermission(const nsACString &aHost,
-                           uint32_t aAppId,
-                           bool aIsInBrowserElement,
+nsPermission::nsPermission(nsIPrincipal*    aPrincipal,
                            const nsACString &aType,
                            uint32_t         aCapability,
                            uint32_t         aExpireType,
                            int64_t          aExpireTime)
- : mHost(aHost)
+ : mPrincipal(aPrincipal)
  , mType(aType)
  , mCapability(aCapability)
  , mExpireType(aExpireType)
  , mExpireTime(aExpireTime)
- , mAppId(aAppId)
- , mIsInBrowserElement(aIsInBrowserElement)
 {
 }
 
 NS_IMETHODIMP
-nsPermission::GetHost(nsACString &aHost)
+nsPermission::GetPrincipal(nsIPrincipal** aPrincipal)
 {
-  aHost = mHost;
+  nsCOMPtr<nsIPrincipal> copy = mPrincipal;
+  copy.forget(aPrincipal);
   return NS_OK;
 }
 
 NS_IMETHODIMP
-nsPermission::GetAppId(uint32_t* aAppId)
+nsPermission::GetType(nsACString &aType)
 {
-  *aAppId = mAppId;
+  aType = mType;
   return NS_OK;
 }
 
 NS_IMETHODIMP
-nsPermission::GetIsInBrowserElement(bool* aIsInBrowserElement)
+nsPermission::GetCapability(uint32_t *aCapability)
 {
-  *aIsInBrowserElement = mIsInBrowserElement;
+  *aCapability = mCapability;
   return NS_OK;
 }
 
 NS_IMETHODIMP
-nsPermission::GetType(nsACString &aType)
+nsPermission::GetExpireType(uint32_t *aExpireType)
 {
-  aType = mType;
+  *aExpireType = mExpireType;
   return NS_OK;
 }
 
 NS_IMETHODIMP
-nsPermission::GetCapability(uint32_t *aCapability)
+nsPermission::GetExpireTime(int64_t *aExpireTime)
 {
-  *aCapability = mCapability;
+  *aExpireTime = mExpireTime;
   return NS_OK;
 }
 
 NS_IMETHODIMP
-nsPermission::GetExpireType(uint32_t *aExpireType)
+nsPermission::Matches(nsIPrincipal* aPrincipal, bool aExactHost, bool* aMatches)
 {
-  *aExpireType = mExpireType;
+  NS_ENSURE_ARG_POINTER(aPrincipal);
+  NS_ENSURE_ARG_POINTER(aMatches);
+
+  *aMatches = false;
+
+  // If the principals are equal, then they match.
+  if (mPrincipal->Equals(aPrincipal)) {
+    *aMatches = true;
+    return NS_OK;
+  }
+
+  // Make sure that the OriginAttributes of the two entries are the same
+  nsAutoCString theirSuffix;
+  nsresult rv = aPrincipal->GetOriginSuffix(theirSuffix);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  nsAutoCString ourSuffix;
+  rv = mPrincipal->GetOriginSuffix(ourSuffix);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  if (theirSuffix != ourSuffix) {
+    return NS_OK;
+  }
+
+  // Right now, we only care about the hosts
+  nsCOMPtr<nsIURI> theirURI;
+  rv = aPrincipal->GetURI(getter_AddRefs(theirURI));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  nsCOMPtr<nsIURI> ourURI;
+  rv = mPrincipal->GetURI(getter_AddRefs(ourURI));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  // Get the hosts so we can compare them
+  nsAutoCString theirHost;
+  rv = theirURI->GetHost(theirHost);
+  if (NS_FAILED(rv) || theirHost.IsEmpty()) {
+    return NS_OK;
+  }
+
+  nsAutoCString ourHost;
+  rv = ourURI->GetHost(ourHost);
+  if (NS_FAILED(rv) || ourHost.IsEmpty()) {
+    return NS_OK;
+  }
+
+  if (aExactHost) { // If we only care about the exact host, we compare them and are done
+    *aMatches = theirHost == ourHost;
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsIEffectiveTLDService> tldService =
+    do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
+  if (!tldService) {
+    NS_ERROR("Should have a tld service!");
+    return NS_ERROR_FAILURE;
+  }
+
+  // Check if the host or any subdomain of the host matches. This loop will
+  // not loop forever, as GetNextSubDomain will eventually fail with
+  // NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS.
+  while (theirHost != ourHost) {
+    rv = tldService->GetNextSubDomain(theirHost, theirHost);
+    if (NS_FAILED(rv)) {
+      if (rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
+        return NS_OK;
+      } else {
+        return rv;
+      }
+    }
+  }
+
+  *aMatches = true;
   return NS_OK;
 }
 
 NS_IMETHODIMP
-nsPermission::GetExpireTime(int64_t *aExpireTime)
+nsPermission::MatchesURI(nsIURI* aURI, bool aExactHost, bool* aMatches)
 {
-  *aExpireTime = mExpireTime;
-  return NS_OK;
+  NS_ENSURE_ARG_POINTER(aURI);
+
+  nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
+  NS_ENSURE_TRUE(secMan, NS_ERROR_FAILURE);
+
+  nsCOMPtr<nsIPrincipal> principal;
+  nsresult rv = secMan->GetNoAppCodebasePrincipal(aURI, getter_AddRefs(principal));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  return Matches(principal, aExactHost, aMatches);
 }
diff --git a/extensions/cookie/nsPermission.h b/extensions/cookie/nsPermission.h
@@ -18,9 +18,7 @@ class nsPermission : public nsIPermission
   NS_DECL_ISUPPORTS
   NS_DECL_NSIPERMISSION
 
-  nsPermission(const nsACString &aHost,
-               uint32_t aAppId,
-               bool aIsInBrowserElement,
+  nsPermission(nsIPrincipal* aPrincipal,
                const nsACString &aType,
                uint32_t aCapability,
                uint32_t aExpireType,
@@ -29,13 +27,11 @@ class nsPermission : public nsIPermission
 protected:
   virtual ~nsPermission() {};
 
-  nsCString mHost;
+  nsCOMPtr<nsIPrincipal> mPrincipal;
   nsCString mType;
   uint32_t  mCapability;
   uint32_t  mExpireType;
   int64_t   mExpireTime;
-  uint32_t  mAppId;
-  bool      mIsInBrowserElement;
 };
 
 #endif // nsPermission_h__