extensions/permissions/test/unit/test_permmanager_ipc.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

/* Any copyright is dedicated to the Public Domain.
   http://creativecommons.org/publicdomain/zero/1.0/ */

const { ExtensionTestUtils } = ChromeUtils.importESModule(
  "resource://testing-common/ExtensionXPCShellUtils.sys.mjs"
);

add_task(async function test_permissions_sent_over_ipc_on_bloburl() {
  const ssm = Services.scriptSecurityManager;
  const pm = Services.perms;

  // setup a profile.
  do_get_profile();

  async function assertExpectedContentPage(contentPage) {
    const [processType, remoteType, principalSpec] = await page.spawn(
      [],
      async () => {
        return [
          Services.appinfo.processType,
          Services.appinfo.remoteType,
          this.content.document.nodePrincipal.spec,
        ];
      }
    );

    equal(
      processType,
      Services.appinfo.PROCESS_TYPE_CONTENT,
      "Got a content process"
    );
    equal(remoteType, "file", "Got a file child process");
    equal(principalSpec, principal.spec, "Got the expected document principal");
  }

  function getChildProcessID(contentPage) {
    return contentPage.spawn([], () => Services.appinfo.processID);
  }

  async function assertHasAllowedPermission(contentPage, perm) {
    const isPermissionAllowed = await contentPage.spawn(
      [perm],
      permName =>
        Services.perms.getPermissionObject(
          this.content.document.nodePrincipal,
          permName,
          true
        )?.capability === Services.perms.ALLOW_ACTION
    );
    ok(isPermissionAllowed, `Permission "${perm}" allowed as expected`);
  }

  let file = do_get_file(".", true);
  let fileURI = Services.io.newFileURI(file);
  const principal = ssm.createContentPrincipal(fileURI, {});
  info(`Add a test permission to the document principal: ${principal.spec}`);
  pm.addFromPrincipal(principal, "test/perm", pm.ALLOW_ACTION);

  info("Test expected permission is propagated into the child process");
  let page = await ExtensionTestUtils.loadContentPage(fileURI.spec);
  const childID1 = await getChildProcessID(page);
  await assertExpectedContentPage(page);
  await assertHasAllowedPermission(page, "test/perm");
  await page.close();

  // Ensure this blob url does not prevent permissions to be propagated
  // to a new child process.
  info("Create a blob url for a non http/https principal");
  const blob = new Blob();
  const blobURL = URL.createObjectURL(blob);
  ok(blobURL, "Got a blob URL");

  info("Test expected permission is still propagated");
  page = await ExtensionTestUtils.loadContentPage(fileURI.spec);
  const childID2 = await getChildProcessID(page);
  await assertExpectedContentPage(page);
  Assert.notEqual(childID1, childID2, "Got a new child process as expected");
  await assertHasAllowedPermission(page, "test/perm");
  await page.close();

  URL.revokeObjectURL(blobURL);

  page = await ExtensionTestUtils.loadContentPage(fileURI.spec);
  const childID3 = await getChildProcessID(page);
  await assertExpectedContentPage(page);
  Assert.notEqual(childID2, childID3, "Got a new child process as expected");
  await assertHasAllowedPermission(page, "test/perm");
  await page.close();
});