Bug 1363243 - Avoid checking nsPermissionManager in nsContentBlocker …

…when no preload permissions are set, r=ehsan MozReview-Commit-ID: B8A8QXie8SX
mozilla-spidermonkey · May 11, 2017 · 2ab9f38 · 2ab9f38
1 parent 9f5c691
commit 2ab9f38
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 8 deletions.
diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
@@ -84,10 +84,15 @@ LogToConsole(const nsAString& aMsg)
 
 namespace {
 
+// The number of permissions from the kPreloadPermissions list which are present
+// in the permission manager. Used to determine if the permission manager should
+// be checked for one of these preload permissions in nsContentBlocker.
+static int32_t sPreloadPermissionCount = 0;
+
 // These permissions are special permissions which must be transmitted to the
 // content process before documents with their principals have loaded within
-// that process. For example, the permissions which are used for content
-// blocking are sent using this mechanism.
+// that process. This is because these permissions are used for content
+// blocking in nsContentBlocker.
 //
 // Permissions which are in this list are considered to have a "" permission
 // key, even if their principal would not normally have that key.
@@ -118,7 +123,6 @@ static const char* kPreloadPermissions[] = {
   "fetch",
   "image",
   "manifest"
-  // ------------------------------------------
 };
 
 // NOTE: nullptr can be passed as aType - if it is this function will return
@@ -1781,6 +1785,12 @@ nsPermissionManager::AddInternal(nsIPrincipal* aPrincipal,
                                                             aExpireType, aExpireTime,
                                                             aModificationTime));
 
+      // Record a count of the number of preload permissions present in the
+      // content process.
+      if (IsPreloadPermission(mTypeArray[typeIndex].get())) {
+        sPreloadPermissionCount++;
+      }
+
       if (aDBOperation == eWriteToDB && aExpireType != nsIPermissionManager::EXPIRE_SESSION) {
         UpdateDB(op, mStmtInsert, id, origin, aType, aPermission, aExpireType, aExpireTime, aModificationTime);
       }
@@ -1803,6 +1813,12 @@ nsPermissionManager::AddInternal(nsIPrincipal* aPrincipal,
       id = oldPermissionEntry.mID;
       entry->GetPermissions().RemoveElementAt(index);
 
+      // Record a count of the number of preload permissions present in the
+      // content process.
+      if (IsPreloadPermission(mTypeArray[typeIndex].get())) {
+        sPreloadPermissionCount--;
+      }
+
       if (aDBOperation == eWriteToDB)
         // We care only about the id here so we pass dummy values for all other
         // parameters.
@@ -3248,3 +3264,10 @@ nsPermissionManager::WhenPermissionsAvailable(nsIPrincipal* aPrincipal,
     });
   return NS_OK;
 }
+
+NS_IMETHODIMP
+nsPermissionManager::GetHasPreloadPermissions(bool* aResult)
+{
+  *aResult = sPreloadPermissionCount > 0;
+  return NS_OK;
+}
diff --git a/extensions/permissions/nsContentBlocker.cpp b/extensions/permissions/nsContentBlocker.cpp
@@ -267,6 +267,7 @@ nsContentBlocker::TestPermission(nsIURI *aCurrentURI,
                                  bool *aFromPrefs)
 {
   *aFromPrefs = false;
+  nsresult rv;
 
   if (!*kTypeString[aContentType - 1]) {
     // Disallow internal content policy types, they should not be used here.
@@ -282,11 +283,16 @@ nsContentBlocker::TestPermission(nsIURI *aCurrentURI,
   // default prefs.
   // Don't forget the aContentType ranges from 1..8, while the
   // array is indexed 0..7
-  uint32_t permission;
-  nsresult rv = mPermissionManager->TestPermission(aCurrentURI, 
-                                                   kTypeString[aContentType - 1],
-                                                   &permission);
-  NS_ENSURE_SUCCESS(rv, rv);
+  // All permissions tested by this method are preload permissions, so don't
+  // bother actually checking with the permission manager unless we have a
+  // preload permission.
+  uint32_t permission = nsIPermissionManager::UNKNOWN_ACTION;
+  if (mPermissionManager->GetHasPreloadPermissions()) {
+    rv = mPermissionManager->TestPermission(aCurrentURI,
+                                            kTypeString[aContentType - 1],
+                                            &permission);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
 
   // If there is nothing on the list, use the default.
   if (!permission) {

diff --git a/netwerk/base/nsIPermissionManager.idl b/netwerk/base/nsIPermissionManager.idl
@@ -343,6 +343,12 @@ interface nsIPermissionManager : nsISupports
    */
   void whenPermissionsAvailable(in nsIPrincipal aPrincipal,
                                 in nsIRunnable aRunnable);
+
+  /**
+   * True if any "preload" permissions are present. This is used to avoid making
+   * potentially expensive permissions checks in nsContentBlocker.
+   */
+  [infallible] readonly attribute boolean hasPreloadPermissions;
 };
 
 %{ C++