The Tor Browser / annotate

dom/indexedDB/CheckPermissionsHelper.cpp@129ffea94266 (annotated)

dom/indexedDB/CheckPermissionsHelper.cpp

Sat, 03 Jan 2015 20:18:00 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Sat, 03 Jan 2015 20:18:00 +0100
branch
TOR_BUG_3246
changeset 7
129ffea94266
permissions
-rw-r--r--

Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.

michael@0 1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
michael@0 2 /* vim: set ts=2 et sw=2 tw=80: */
michael@0 3 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 4 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 6
michael@0 7 #include "CheckPermissionsHelper.h"
michael@0 8
michael@0 9 #include "nsIDOMWindow.h"
michael@0 10 #include "nsILoadContext.h"
michael@0 11 #include "nsIWebNavigation.h"
michael@0 12 #include "nsIObserverService.h"
michael@0 13 #include "nsIPermissionManager.h"
michael@0 14 #include "nsIPrincipal.h"
michael@0 15 #include "nsIScriptObjectPrincipal.h"
michael@0 16 #include "nsIURI.h"
michael@0 17
michael@0 18 #include "CheckQuotaHelper.h"
michael@0 19 #include "nsContentUtils.h"
michael@0 20 #include "nsNetUtil.h"
michael@0 21 #include "nsThreadUtils.h"
michael@0 22 #include "mozilla/Services.h"
michael@0 23
michael@0 24 #include "IndexedDatabaseManager.h"
michael@0 25
michael@0 26 #define PERMISSION_INDEXEDDB "indexedDB"
michael@0 27 #define TOPIC_PERMISSIONS_PROMPT "indexedDB-permissions-prompt"
michael@0 28 #define TOPIC_PERMISSIONS_RESPONSE "indexedDB-permissions-response"
michael@0 29
michael@0 30 // This is a little confusing, but our default behavior (UNKNOWN_ACTION) is to
michael@0 31 // allow access without a prompt. If the "indexedDB" permission is set to
michael@0 32 // ALLOW_ACTION then we will issue a prompt before allowing access. Otherwise
michael@0 33 // (DENY_ACTION) we deny access.
michael@0 34 #define PERMISSION_ALLOWED nsIPermissionManager::UNKNOWN_ACTION
michael@0 35 #define PERMISSION_DENIED nsIPermissionManager::DENY_ACTION
michael@0 36 #define PERMISSION_PROMPT nsIPermissionManager::ALLOW_ACTION
michael@0 37
michael@0 38 USING_INDEXEDDB_NAMESPACE
michael@0 39 using namespace mozilla::services;
michael@0 40 using mozilla::dom::quota::CheckQuotaHelper;
michael@0 41
michael@0 42 namespace {
michael@0 43
michael@0 44 inline
michael@0 45 uint32_t
michael@0 46 GetIndexedDBPermissions(nsIDOMWindow* aWindow)
michael@0 47 {
michael@0 48 NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
michael@0 49
michael@0 50 NS_ASSERTION(aWindow, "Chrome shouldn't check the permission!");
michael@0 51
michael@0 52 nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(aWindow));
michael@0 53 NS_ENSURE_TRUE(sop, nsIPermissionManager::DENY_ACTION);
michael@0 54
michael@0 55 NS_ASSERTION(!nsContentUtils::IsSystemPrincipal(sop->GetPrincipal()),
michael@0 56 "Chrome windows shouldn't check the permission!");
michael@0 57
michael@0 58 nsCOMPtr<nsIWebNavigation> webNav = do_GetInterface(aWindow);
michael@0 59 nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(webNav);
michael@0 60 if (loadContext && loadContext->UsePrivateBrowsing()) {
michael@0 61 // TODO Support private browsing indexedDB?
michael@0 62 NS_WARNING("IndexedDB may not be used while in private browsing mode!");
michael@0 63 return PERMISSION_DENIED;
michael@0 64 }
michael@0 65
michael@0 66 nsCOMPtr<nsIPermissionManager> permissionManager =
michael@0 67 do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
michael@0 68 NS_ENSURE_TRUE(permissionManager, PERMISSION_DENIED);
michael@0 69
michael@0 70 uint32_t permission;
michael@0 71 nsresult rv =
michael@0 72 permissionManager->TestPermissionFromPrincipal(sop->GetPrincipal(),
michael@0 73 PERMISSION_INDEXEDDB,
michael@0 74 &permission);
michael@0 75 NS_ENSURE_SUCCESS(rv, PERMISSION_DENIED);
michael@0 76
michael@0 77 return permission;
michael@0 78 }
michael@0 79
michael@0 80 } // anonymous namespace
michael@0 81
michael@0 82 NS_IMPL_ISUPPORTS(CheckPermissionsHelper, nsIRunnable,
michael@0 83 nsIInterfaceRequestor,
michael@0 84 nsIObserver)
michael@0 85
michael@0 86 NS_IMETHODIMP
michael@0 87 CheckPermissionsHelper::Run()
michael@0 88 {
michael@0 89 NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
michael@0 90
michael@0 91 uint32_t permission = mHasPrompted ?
michael@0 92 mPromptResult :
michael@0 93 GetIndexedDBPermissions(mWindow);
michael@0 94
michael@0 95 nsresult rv;
michael@0 96 if (mHasPrompted) {
michael@0 97 // Add permissions to the database, but only if we are in the parent
michael@0 98 // process (if we are in the child process, we have already
michael@0 99 // set the permission when the prompt was shown in the parent, as
michael@0 100 // we cannot set the permission from the child).
michael@0 101 if (permission != PERMISSION_PROMPT &&
michael@0 102 IndexedDatabaseManager::IsMainProcess()) {
michael@0 103 NS_ASSERTION(mWindow, "Null window!");
michael@0 104
michael@0 105 nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(mWindow);
michael@0 106 NS_ASSERTION(sop, "Window didn't QI to nsIScriptObjectPrincipal!");
michael@0 107
michael@0 108 nsIPrincipal* windowPrincipal = sop->GetPrincipal();
michael@0 109 NS_ASSERTION(windowPrincipal, "Null principal!");
michael@0 110
michael@0 111 nsCOMPtr<nsIPermissionManager> permissionManager =
michael@0 112 do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
michael@0 113 NS_ENSURE_STATE(permissionManager);
michael@0 114
michael@0 115 rv = permissionManager->AddFromPrincipal(windowPrincipal,
michael@0 116 PERMISSION_INDEXEDDB, permission,
michael@0 117 nsIPermissionManager::EXPIRE_NEVER,
michael@0 118 0);
michael@0 119 NS_ENSURE_SUCCESS(rv, rv);
michael@0 120 }
michael@0 121 }
michael@0 122 else if (permission == PERMISSION_PROMPT && mPromptAllowed) {
michael@0 123 nsCOMPtr<nsIObserverService> obs = GetObserverService();
michael@0 124 rv = obs->NotifyObservers(static_cast<nsIRunnable*>(this),
michael@0 125 TOPIC_PERMISSIONS_PROMPT, nullptr);
michael@0 126 NS_ENSURE_SUCCESS(rv, rv);
michael@0 127
michael@0 128 return NS_OK;
michael@0 129 }
michael@0 130
michael@0 131 nsRefPtr<OpenDatabaseHelper> helper;
michael@0 132 helper.swap(mHelper);
michael@0 133
michael@0 134 nsCOMPtr<nsIDOMWindow> window;
michael@0 135 window.swap(mWindow);
michael@0 136
michael@0 137 if (permission == PERMISSION_ALLOWED) {
michael@0 138 // If we're running from a window then we should check the quota permission
michael@0 139 // as well. If we don't have a window then we're opening a chrome database
michael@0 140 // and the quota will be unlimited already.
michael@0 141 if (window) {
michael@0 142 nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(window);
michael@0 143 NS_ASSERTION(sop, "Window didn't QI to nsIScriptObjectPrincipal!");
michael@0 144
michael@0 145 nsIPrincipal* windowPrincipal = sop->GetPrincipal();
michael@0 146 NS_ASSERTION(windowPrincipal, "Null principal!");
michael@0 147
michael@0 148 uint32_t quotaPermission =
michael@0 149 CheckQuotaHelper::GetQuotaPermission(windowPrincipal);
michael@0 150
michael@0 151 if (quotaPermission == nsIPermissionManager::ALLOW_ACTION) {
michael@0 152 helper->SetUnlimitedQuotaAllowed();
michael@0 153 }
michael@0 154 }
michael@0 155
michael@0 156 return helper->DispatchToIOThread();
michael@0 157 }
michael@0 158
michael@0 159 NS_ASSERTION(permission == PERMISSION_PROMPT ||
michael@0 160 permission == PERMISSION_DENIED,
michael@0 161 "Unknown permission!");
michael@0 162
michael@0 163 helper->SetError(NS_ERROR_DOM_INDEXEDDB_NOT_ALLOWED_ERR);
michael@0 164
michael@0 165 return helper->RunImmediately();
michael@0 166 }
michael@0 167
michael@0 168 NS_IMETHODIMP
michael@0 169 CheckPermissionsHelper::GetInterface(const nsIID& aIID,
michael@0 170 void** aResult)
michael@0 171 {
michael@0 172 NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
michael@0 173 if (aIID.Equals(NS_GET_IID(nsIObserver))) {
michael@0 174 return QueryInterface(aIID, aResult);
michael@0 175 }
michael@0 176
michael@0 177 if (aIID.Equals(NS_GET_IID(nsIDOMWindow))) {
michael@0 178 return mWindow->QueryInterface(aIID, aResult);
michael@0 179 }
michael@0 180
michael@0 181 *aResult = nullptr;
michael@0 182 return NS_ERROR_NOT_AVAILABLE;
michael@0 183 }
michael@0 184
michael@0 185 NS_IMETHODIMP
michael@0 186 CheckPermissionsHelper::Observe(nsISupports* aSubject,
michael@0 187 const char* aTopic,
michael@0 188 const char16_t* aData)
michael@0 189 {
michael@0 190 NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
michael@0 191 NS_ASSERTION(!strcmp(aTopic, TOPIC_PERMISSIONS_RESPONSE), "Bad topic!");
michael@0 192 NS_ASSERTION(mPromptAllowed, "How did we get here?");
michael@0 193
michael@0 194 mHasPrompted = true;
michael@0 195
michael@0 196 nsresult rv;
michael@0 197 uint32_t promptResult = nsDependentString(aData).ToInteger(&rv);
michael@0 198 NS_ENSURE_SUCCESS(rv, rv);
michael@0 199
michael@0 200 // Have to convert the permission we got from the user to our weird reversed
michael@0 201 // permission type.
michael@0 202 switch (promptResult) {
michael@0 203 case nsIPermissionManager::ALLOW_ACTION:
michael@0 204 mPromptResult = PERMISSION_ALLOWED;
michael@0 205 break;
michael@0 206 case nsIPermissionManager::DENY_ACTION:
michael@0 207 mPromptResult = PERMISSION_DENIED;
michael@0 208 break;
michael@0 209 case nsIPermissionManager::UNKNOWN_ACTION:
michael@0 210 mPromptResult = PERMISSION_PROMPT;
michael@0 211 break;
michael@0 212
michael@0 213 default:
michael@0 214 NS_NOTREACHED("Unknown permission type!");
michael@0 215 mPromptResult = PERMISSION_DENIED;
michael@0 216 }
michael@0 217
michael@0 218 rv = NS_DispatchToCurrentThread(this);
michael@0 219 NS_ENSURE_SUCCESS(rv, rv);
michael@0 220
michael@0 221 return NS_OK;
michael@0 222 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial