summaryrefslogtreecommitdiffstats
path: root/dom/midi/MIDIPermissionRequest.cpp
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 00:47:55 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 00:47:55 +0000
commit26a029d407be480d791972afb5975cf62c9360a6 (patch)
treef435a8308119effd964b339f76abb83a57c29483 /dom/midi/MIDIPermissionRequest.cpp
parentInitial commit. (diff)
downloadfirefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz
firefox-26a029d407be480d791972afb5975cf62c9360a6.zip
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/midi/MIDIPermissionRequest.cpp')
-rw-r--r--dom/midi/MIDIPermissionRequest.cpp202
1 files changed, 202 insertions, 0 deletions
diff --git a/dom/midi/MIDIPermissionRequest.cpp b/dom/midi/MIDIPermissionRequest.cpp
new file mode 100644
index 0000000000..1eed95f177
--- /dev/null
+++ b/dom/midi/MIDIPermissionRequest.cpp
@@ -0,0 +1,202 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/dom/MIDIPermissionRequest.h"
+#include "mozilla/dom/Document.h"
+#include "mozilla/dom/MIDIAccessManager.h"
+#include "mozilla/dom/MIDIOptionsBinding.h"
+#include "mozilla/ipc/BackgroundChild.h"
+#include "mozilla/ipc/PBackgroundChild.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/RandomNum.h"
+#include "mozilla/StaticPrefs_dom.h"
+#include "nsIGlobalObject.h"
+#include "mozilla/Preferences.h"
+#include "nsContentUtils.h"
+
+//-------------------------------------------------
+// MIDI Permission Requests
+//-------------------------------------------------
+
+using namespace mozilla::dom;
+
+NS_IMPL_CYCLE_COLLECTION_INHERITED(MIDIPermissionRequest,
+ ContentPermissionRequestBase, mPromise)
+
+NS_IMPL_QUERY_INTERFACE_CYCLE_COLLECTION_INHERITED(MIDIPermissionRequest,
+ ContentPermissionRequestBase,
+ nsIRunnable)
+
+NS_IMPL_ADDREF_INHERITED(MIDIPermissionRequest, ContentPermissionRequestBase)
+NS_IMPL_RELEASE_INHERITED(MIDIPermissionRequest, ContentPermissionRequestBase)
+
+MIDIPermissionRequest::MIDIPermissionRequest(nsPIDOMWindowInner* aWindow,
+ Promise* aPromise,
+ const MIDIOptions& aOptions)
+ : ContentPermissionRequestBase(
+ aWindow->GetDoc()->NodePrincipal(), aWindow,
+ ""_ns, // We check prefs in a custom way here
+ "midi"_ns),
+ mPromise(aPromise),
+ mNeedsSysex(aOptions.mSysex) {
+ MOZ_ASSERT(aWindow);
+ MOZ_ASSERT(aPromise, "aPromise should not be null!");
+ MOZ_ASSERT(aWindow->GetDoc());
+ mPrincipal = aWindow->GetDoc()->NodePrincipal();
+ MOZ_ASSERT(mPrincipal);
+}
+
+NS_IMETHODIMP
+MIDIPermissionRequest::GetTypes(nsIArray** aTypes) {
+ NS_ENSURE_ARG_POINTER(aTypes);
+ nsTArray<nsString> options;
+
+ // The previous implementation made no differences between midi and
+ // midi-sysex. The check on the SitePermsAddonProvider pref should be removed
+ // at the same time as the old implementation.
+ if (mNeedsSysex || !StaticPrefs::dom_sitepermsaddon_provider_enabled()) {
+ options.AppendElement(u"sysex"_ns);
+ }
+ return nsContentPermissionUtils::CreatePermissionArray(mType, options,
+ aTypes);
+}
+
+NS_IMETHODIMP
+MIDIPermissionRequest::Cancel() {
+ mCancelTimer = nullptr;
+
+ if (StaticPrefs::dom_sitepermsaddon_provider_enabled()) {
+ mPromise->MaybeRejectWithSecurityError(
+ "WebMIDI requires a site permission add-on to activate");
+ } else {
+ // This message is used for the initial XPIProvider-based implementation
+ // of Site Permissions.
+ // It should be removed as part of Bug 1789718.
+ mPromise->MaybeRejectWithSecurityError(
+ "WebMIDI requires a site permission add-on to activate — see "
+ "https://extensionworkshop.com/documentation/publish/"
+ "site-permission-add-on/ for details.");
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+MIDIPermissionRequest::Allow(JS::Handle<JS::Value> aChoices) {
+ MOZ_ASSERT(aChoices.isUndefined());
+ MIDIAccessManager* mgr = MIDIAccessManager::Get();
+ mgr->CreateMIDIAccess(mWindow, mNeedsSysex, mPromise);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+MIDIPermissionRequest::Run() {
+ // If the testing flag is true, skip dialog
+ if (Preferences::GetBool("midi.prompt.testing", false)) {
+ bool allow =
+ Preferences::GetBool("media.navigator.permission.disabled", false);
+ if (allow) {
+ Allow(JS::UndefinedHandleValue);
+ } else {
+ Cancel();
+ }
+ return NS_OK;
+ }
+
+ nsCString permName = "midi"_ns;
+ // The previous implementation made no differences between midi and
+ // midi-sysex. The check on the SitePermsAddonProvider pref should be removed
+ // at the same time as the old implementation.
+ if (mNeedsSysex || !StaticPrefs::dom_sitepermsaddon_provider_enabled()) {
+ permName.Append("-sysex");
+ }
+
+ // First, check for an explicit allow/deny. Note that we want to support
+ // granting a permission on the base domain and then using it on a subdomain,
+ // which is why we use the non-"Exact" variants of these APIs. See bug
+ // 1757218.
+ if (nsContentUtils::IsSitePermAllow(mPrincipal, permName)) {
+ Allow(JS::UndefinedHandleValue);
+ return NS_OK;
+ }
+
+ if (nsContentUtils::IsSitePermDeny(mPrincipal, permName)) {
+ CancelWithRandomizedDelay();
+ return NS_OK;
+ }
+
+ // If the add-on is not installed, and sitepermsaddon provider not enabled,
+ // auto-deny (except for localhost).
+ if (StaticPrefs::dom_webmidi_gated() &&
+ !StaticPrefs::dom_sitepermsaddon_provider_enabled() &&
+ !nsContentUtils::HasSitePerm(mPrincipal, permName) &&
+ !mPrincipal->GetIsLoopbackHost()) {
+ CancelWithRandomizedDelay();
+ return NS_OK;
+ }
+
+ // If sitepermsaddon provider is enabled and user denied install,
+ // auto-deny (except for localhost, where we use a regular permission flow).
+ if (StaticPrefs::dom_sitepermsaddon_provider_enabled() &&
+ nsContentUtils::IsSitePermDeny(mPrincipal, "install"_ns) &&
+ !mPrincipal->GetIsLoopbackHost()) {
+ CancelWithRandomizedDelay();
+ return NS_OK;
+ }
+
+ // Before we bother the user with a prompt, see if they have any devices. If
+ // they don't, just report denial.
+ MOZ_ASSERT(NS_IsMainThread());
+ mozilla::ipc::PBackgroundChild* actor =
+ mozilla::ipc::BackgroundChild::GetOrCreateForCurrentThread();
+ if (NS_WARN_IF(!actor)) {
+ return NS_ERROR_FAILURE;
+ }
+ RefPtr<MIDIPermissionRequest> self = this;
+ actor->SendHasMIDIDevice(
+ [=](bool aHasDevices) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ if (aHasDevices) {
+ self->DoPrompt();
+ } else {
+ nsContentUtils::ReportToConsoleNonLocalized(
+ u"Silently denying site request for MIDI access because no devices were detected. You may need to restart your browser after connecting a new device."_ns,
+ nsIScriptError::infoFlag, "WebMIDI"_ns, mWindow->GetDoc());
+ self->CancelWithRandomizedDelay();
+ }
+ },
+ [=](auto) { self->CancelWithRandomizedDelay(); });
+
+ return NS_OK;
+}
+
+// If the user has no MIDI devices, we automatically deny the request. To
+// prevent sites from using timing attack to discern the existence of MIDI
+// devices, we instrument silent denials with a randomized delay between 3
+// and 13 seconds, which is intended to model the time the user might spend
+// considering a prompt before denying it.
+//
+// Note that we set the random component of the delay to zero in automation
+// to avoid unnecessarily increasing test end-to-end time.
+void MIDIPermissionRequest::CancelWithRandomizedDelay() {
+ MOZ_ASSERT(NS_IsMainThread());
+ uint32_t baseDelayMS = 3 * 1000;
+ uint32_t randomDelayMS =
+ xpc::IsInAutomation() ? 0 : RandomUint64OrDie() % (10 * 1000);
+ auto delay = TimeDuration::FromMilliseconds(baseDelayMS + randomDelayMS);
+ RefPtr<MIDIPermissionRequest> self = this;
+ NS_NewTimerWithCallback(
+ getter_AddRefs(mCancelTimer), [=](auto) { self->Cancel(); }, delay,
+ nsITimer::TYPE_ONE_SHOT, __func__);
+}
+
+nsresult MIDIPermissionRequest::DoPrompt() {
+ if (NS_FAILED(nsContentPermissionUtils::AskPermission(this, mWindow))) {
+ Cancel();
+ return NS_ERROR_FAILURE;
+ }
+ return NS_OK;
+}