summaryrefslogtreecommitdiffstats
path: root/extensions/permissions
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-15 03:34:42 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-15 03:34:42 +0000
commitda4c7e7ed675c3bf405668739c3012d140856109 (patch)
treecdd868dba063fecba609a1d819de271f0d51b23e /extensions/permissions
parentAdding upstream version 125.0.3. (diff)
downloadfirefox-da4c7e7ed675c3bf405668739c3012d140856109.tar.xz
firefox-da4c7e7ed675c3bf405668739c3012d140856109.zip
Adding upstream version 126.0.upstream/126.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'extensions/permissions')
-rw-r--r--extensions/permissions/PermissionManager.cpp93
-rw-r--r--extensions/permissions/PermissionManager.h6
2 files changed, 70 insertions, 29 deletions
diff --git a/extensions/permissions/PermissionManager.cpp b/extensions/permissions/PermissionManager.cpp
index be144e2dfe..39373653a6 100644
--- a/extensions/permissions/PermissionManager.cpp
+++ b/extensions/permissions/PermissionManager.cpp
@@ -1682,22 +1682,15 @@ NS_IMETHODIMP
PermissionManager::AddFromPrincipalAndPersistInPrivateBrowsing(
nsIPrincipal* aPrincipal, const nsACString& aType, uint32_t aPermission) {
ENSURE_NOT_CHILD_PROCESS;
- NS_ENSURE_ARG_POINTER(aPrincipal);
- // We don't add the system principal because it actually has no URI and we
- // always allow action for them.
- if (aPrincipal->IsSystemPrincipal()) {
- return NS_OK;
- }
- // Null principals can't meaningfully have persisted permissions attached to
- // them, so we don't allow adding permissions for them.
- if (aPrincipal->GetIsNullPrincipal()) {
- return NS_OK;
- }
+ bool isValidPermissionPrincipal = false;
+ nsresult rv = ShouldHandlePrincipalForPermission(aPrincipal,
+ isValidPermissionPrincipal);
- // Permissions may not be added to expanded principals.
- if (IsExpandedPrincipal(aPrincipal)) {
- return NS_ERROR_INVALID_ARG;
+ NS_ENSURE_SUCCESS(rv, rv);
+ if (!isValidPermissionPrincipal) {
+ // return early if the principal is invalid for permissions
+ return rv;
}
// A modificationTime of zero will cause AddInternal to use now().
@@ -1717,7 +1710,6 @@ PermissionManager::AddFromPrincipal(nsIPrincipal* aPrincipal,
uint32_t aPermission, uint32_t aExpireType,
int64_t aExpireTime) {
ENSURE_NOT_CHILD_PROCESS;
- NS_ENSURE_ARG_POINTER(aPrincipal);
NS_ENSURE_TRUE(aExpireType == nsIPermissionManager::EXPIRE_NEVER ||
aExpireType == nsIPermissionManager::EXPIRE_TIME ||
aExpireType == nsIPermissionManager::EXPIRE_SESSION ||
@@ -1729,21 +1721,14 @@ PermissionManager::AddFromPrincipal(nsIPrincipal* aPrincipal,
return NS_OK;
}
- // We don't add the system principal because it actually has no URI and we
- // always allow action for them.
- if (aPrincipal->IsSystemPrincipal()) {
- return NS_OK;
- }
-
- // Null principals can't meaningfully have persisted permissions attached to
- // them, so we don't allow adding permissions for them.
- if (aPrincipal->GetIsNullPrincipal()) {
- return NS_OK;
- }
+ bool isValidPermissionPrincipal = false;
+ nsresult rv = ShouldHandlePrincipalForPermission(aPrincipal,
+ isValidPermissionPrincipal);
- // Permissions may not be added to expanded principals.
- if (IsExpandedPrincipal(aPrincipal)) {
- return NS_ERROR_INVALID_ARG;
+ NS_ENSURE_SUCCESS(rv, rv);
+ if (!isValidPermissionPrincipal) {
+ // return early if the principal is invalid for permissions
+ return rv;
}
// A modificationTime of zero will cause AddInternal to use now().
@@ -1753,6 +1738,28 @@ PermissionManager::AddFromPrincipal(nsIPrincipal* aPrincipal,
aExpireTime, modificationTime, eNotify, eWriteToDB);
}
+NS_IMETHODIMP
+PermissionManager::TestAddFromPrincipalByTime(nsIPrincipal* aPrincipal,
+ const nsACString& aType,
+ uint32_t aPermission,
+ int64_t aModificationTime) {
+ ENSURE_NOT_CHILD_PROCESS;
+
+ bool isValidPermissionPrincipal = false;
+ nsresult rv = ShouldHandlePrincipalForPermission(aPrincipal,
+ isValidPermissionPrincipal);
+
+ NS_ENSURE_SUCCESS(rv, rv);
+ if (!isValidPermissionPrincipal) {
+ // return early if the principal is invalid for permissions
+ return rv;
+ }
+
+ return AddInternal(aPrincipal, aType, aPermission, 0,
+ nsIPermissionManager::EXPIRE_NEVER, 0, aModificationTime,
+ eNotify, eWriteToDB);
+}
+
nsresult PermissionManager::AddInternal(
nsIPrincipal* aPrincipal, const nsACString& aType, uint32_t aPermission,
int64_t aID, uint32_t aExpireType, int64_t aExpireTime,
@@ -2547,6 +2554,34 @@ NS_IMETHODIMP PermissionManager::GetAllByTypes(
aResult);
}
+nsresult PermissionManager::ShouldHandlePrincipalForPermission(
+ nsIPrincipal* aPrincipal, bool& aIsPermissionPrincipalValid) {
+ NS_ENSURE_ARG_POINTER(aPrincipal);
+ // We don't add the system principal because it actually has no URI and we
+ // always allow action for them.
+ if (aPrincipal->IsSystemPrincipal()) {
+ aIsPermissionPrincipalValid = false;
+ return NS_OK;
+ }
+
+ // Null principals can't meaningfully have persisted permissions attached to
+ // them, so we don't allow adding permissions for them.
+ if (aPrincipal->GetIsNullPrincipal()) {
+ aIsPermissionPrincipalValid = false;
+ return NS_OK;
+ }
+
+ // Permissions may not be added to expanded principals.
+ if (IsExpandedPrincipal(aPrincipal)) {
+ aIsPermissionPrincipalValid = false;
+ return NS_ERROR_INVALID_ARG;
+ }
+
+ // Permission principal is valid
+ aIsPermissionPrincipalValid = true;
+ return NS_OK;
+}
+
nsresult PermissionManager::GetAllForPrincipalHelper(
nsIPrincipal* aPrincipal, bool aSiteScopePermissions,
nsTArray<RefPtr<nsIPermission>>& aResult) {
diff --git a/extensions/permissions/PermissionManager.h b/extensions/permissions/PermissionManager.h
index ffee6a5504..f9518c9211 100644
--- a/extensions/permissions/PermissionManager.h
+++ b/extensions/permissions/PermissionManager.h
@@ -401,6 +401,12 @@ class PermissionManager final : public nsIPermissionManager,
bool aSiteScopePermissions,
nsTArray<RefPtr<nsIPermission>>& aResult);
+ // Returns true if the principal can be used for getting / setting
+ // permissions. If the principal can not be used an error code may be
+ // returned.
+ nsresult ShouldHandlePrincipalForPermission(
+ nsIPrincipal* aPrincipal, bool& aIsPermissionPrincipalValid);
+
// Returns PermissionHashKey for a given { host, isInBrowserElement } tuple.
// This is not simply using PermissionKey because we will walk-up domains in
// case of |host| contains sub-domains. Returns null if nothing found. Also