summaryrefslogtreecommitdiffstats
path: root/extensions/permissions/PermissionManager.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--extensions/permissions/PermissionManager.h682
1 files changed, 682 insertions, 0 deletions
diff --git a/extensions/permissions/PermissionManager.h b/extensions/permissions/PermissionManager.h
new file mode 100644
index 0000000000..a92d583e49
--- /dev/null
+++ b/extensions/permissions/PermissionManager.h
@@ -0,0 +1,682 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_PermissionManager_h
+#define mozilla_PermissionManager_h
+
+#include "nsIPermissionManager.h"
+#include "nsIAsyncShutdown.h"
+#include "nsIObserver.h"
+#include "nsWeakReference.h"
+#include "nsCOMPtr.h"
+#include "nsIURI.h"
+#include "nsTHashtable.h"
+#include "nsTArray.h"
+#include "nsString.h"
+#include "nsHashKeys.h"
+#include "nsRefPtrHashtable.h"
+#include "mozilla/Atomics.h"
+#include "mozilla/Monitor.h"
+#include "mozilla/MozPromise.h"
+#include "mozilla/OriginAttributes.h"
+#include "mozilla/StaticMutex.h"
+#include "mozilla/ThreadBound.h"
+#include "mozilla/Variant.h"
+#include "mozilla/Vector.h"
+
+#include <utility>
+
+class mozIStorageConnection;
+class mozIStorageStatement;
+class nsIInputStream;
+class nsIPermission;
+class nsIPrefBranch;
+
+namespace IPC {
+struct Permission;
+}
+
+namespace mozilla {
+class OriginAttributesPattern;
+
+namespace dom {
+class ContentChild;
+} // namespace dom
+
+////////////////////////////////////////////////////////////////////////////////
+
+class PermissionManager final : public nsIPermissionManager,
+ public nsIObserver,
+ public nsSupportsWeakReference,
+ public nsIAsyncShutdownBlocker {
+ friend class dom::ContentChild;
+
+ public:
+ class PermissionEntry {
+ public:
+ PermissionEntry(int64_t aID, uint32_t aType, uint32_t aPermission,
+ uint32_t aExpireType, int64_t aExpireTime,
+ int64_t aModificationTime)
+ : mID(aID),
+ mExpireTime(aExpireTime),
+ mModificationTime(aModificationTime),
+ mType(aType),
+ mPermission(aPermission),
+ mExpireType(aExpireType),
+ mNonSessionPermission(aPermission),
+ mNonSessionExpireType(aExpireType),
+ mNonSessionExpireTime(aExpireTime) {}
+
+ int64_t mID;
+ int64_t mExpireTime;
+ int64_t mModificationTime;
+ uint32_t mType;
+ uint32_t mPermission;
+ uint32_t mExpireType;
+ uint32_t mNonSessionPermission;
+ uint32_t mNonSessionExpireType;
+ uint32_t mNonSessionExpireTime;
+ };
+
+ /**
+ * PermissionKey is the key used by PermissionHashKey hash table.
+ */
+ class PermissionKey {
+ public:
+ static PermissionKey* CreateFromPrincipal(nsIPrincipal* aPrincipal,
+ bool aForceStripOA,
+ bool aScopeToSite,
+ nsresult& aResult);
+ static PermissionKey* CreateFromURI(nsIURI* aURI, nsresult& aResult);
+ static PermissionKey* CreateFromURIAndOriginAttributes(
+ nsIURI* aURI, const OriginAttributes* aOriginAttributes,
+ bool aForceStripOA, nsresult& aResult);
+
+ explicit PermissionKey(const nsACString& aOrigin)
+ : mOrigin(aOrigin), mHashCode(HashString(aOrigin)) {}
+
+ bool operator==(const PermissionKey& aKey) const {
+ return mOrigin.Equals(aKey.mOrigin);
+ }
+
+ PLDHashNumber GetHashCode() const { return mHashCode; }
+
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(PermissionKey)
+
+ const nsCString mOrigin;
+ const PLDHashNumber mHashCode;
+
+ private:
+ // Default ctor shouldn't be used.
+ PermissionKey() = delete;
+
+ // Dtor shouldn't be used outside of the class.
+ ~PermissionKey(){};
+ };
+
+ class PermissionHashKey : public nsRefPtrHashKey<PermissionKey> {
+ public:
+ explicit PermissionHashKey(const PermissionKey* aPermissionKey)
+ : nsRefPtrHashKey<PermissionKey>(aPermissionKey) {}
+
+ PermissionHashKey(PermissionHashKey&& toCopy)
+ : nsRefPtrHashKey<PermissionKey>(std::move(toCopy)),
+ mPermissions(std::move(toCopy.mPermissions)) {}
+
+ bool KeyEquals(const PermissionKey* aKey) const {
+ return *aKey == *GetKey();
+ }
+
+ static PLDHashNumber HashKey(const PermissionKey* aKey) {
+ return aKey->GetHashCode();
+ }
+
+ // Force the hashtable to use the copy constructor when shuffling entries
+ // around, otherwise the Auto part of our AutoTArray won't be happy!
+ enum { ALLOW_MEMMOVE = false };
+
+ inline nsTArray<PermissionEntry>& GetPermissions() { return mPermissions; }
+ inline const nsTArray<PermissionEntry>& GetPermissions() const {
+ return mPermissions;
+ }
+
+ inline int32_t GetPermissionIndex(uint32_t aType) const {
+ for (uint32_t i = 0; i < mPermissions.Length(); ++i)
+ if (mPermissions[i].mType == aType) return i;
+
+ return -1;
+ }
+
+ inline PermissionEntry GetPermission(uint32_t aType) const {
+ for (uint32_t i = 0; i < mPermissions.Length(); ++i)
+ if (mPermissions[i].mType == aType) return mPermissions[i];
+
+ // unknown permission... return relevant data
+ return PermissionEntry(-1, aType, nsIPermissionManager::UNKNOWN_ACTION,
+ nsIPermissionManager::EXPIRE_NEVER, 0, 0);
+ }
+
+ private:
+ AutoTArray<PermissionEntry, 1> mPermissions;
+ };
+
+ // nsISupports
+ NS_DECL_THREADSAFE_ISUPPORTS
+ NS_DECL_NSIPERMISSIONMANAGER
+ NS_DECL_NSIOBSERVER
+ NS_DECL_NSIASYNCSHUTDOWNBLOCKER
+
+ PermissionManager();
+ static already_AddRefed<nsIPermissionManager> GetXPCOMSingleton();
+ static PermissionManager* GetInstance();
+ nsresult Init();
+
+ // enums for AddInternal()
+ enum OperationType {
+ eOperationNone,
+ eOperationAdding,
+ eOperationRemoving,
+ eOperationChanging,
+ eOperationReplacingDefault
+ };
+
+ enum DBOperationType { eNoDBOperation, eWriteToDB };
+
+ enum NotifyOperationType { eDontNotify, eNotify };
+
+ // Similar to TestPermissionFromPrincipal, except that it is used only for
+ // permissions which can never have default values.
+ nsresult TestPermissionWithoutDefaultsFromPrincipal(nsIPrincipal* aPrincipal,
+ const nsACString& aType,
+ uint32_t* aPermission);
+
+ nsresult LegacyTestPermissionFromURI(
+ nsIURI* aURI, const OriginAttributes* aOriginAttributes,
+ const nsACString& aType, uint32_t* aPermission);
+
+ nsresult RemovePermissionsWithAttributes(OriginAttributesPattern& aAttrs);
+
+ /**
+ * See `nsIPermissionManager::GetPermissionsWithKey` for more info on
+ * permission keys.
+ *
+ * Get the permission key corresponding to the given Principal. This method is
+ * intentionally infallible, as we want to provide an permission key to every
+ * principal. Principals which don't have meaningful URIs with http://,
+ * https://, or ftp:// schemes are given the default "" Permission Key.
+ *
+ * @param aPrincipal The Principal which the key is to be extracted from.
+ * @param aForceStripOA Whether to force stripping the principals origin
+ * attributes prior to generating the key.
+ * @param aSiteScopePermissions Whether to prepare the key for permissions
+ * scoped to the Principal's site, rather than origin. These are looked
+ * up independently. Scoping of a permission is fully determined by its
+ * type and determined by calls to the function IsSiteScopedPermission.
+ * @param aKey A string which will be filled with the permission
+ * key.
+ */
+ static nsresult GetKeyForPrincipal(nsIPrincipal* aPrincipal,
+ bool aForceStripOA,
+ bool aSiteScopePermissions,
+ nsACString& aKey);
+
+ /**
+ * See `nsIPermissionManager::GetPermissionsWithKey` for more info on
+ * permission keys.
+ *
+ * Get the permission key corresponding to the given Origin. This method is
+ * like GetKeyForPrincipal, except that it avoids creating a nsIPrincipal
+ * object when you already have access to an origin string.
+ *
+ * If this method is passed a nonsensical origin string it may produce a
+ * nonsensical permission key result.
+ *
+ * @param aOrigin The origin which the key is to be extracted from.
+ * @param aForceStripOA Whether to force stripping the origins attributes
+ * prior to generating the key.
+ * @param aSiteScopePermissions Whether to prepare the key for permissions
+ * scoped to the Principal's site, rather than origin. These are looked
+ * up independently. Scoping of a permission is fully determined by its
+ * type and determined by calls to the function IsSiteScopedPermission.
+ * @param aKey A string which will be filled with the permission
+ * key.
+ */
+ static nsresult GetKeyForOrigin(const nsACString& aOrigin, bool aForceStripOA,
+ bool aSiteScopePermissions, nsACString& aKey);
+
+ /**
+ * See `nsIPermissionManager::GetPermissionsWithKey` for more info on
+ * permission keys.
+ *
+ * Get the permission key corresponding to the given Principal and type. This
+ * method is intentionally infallible, as we want to provide an permission key
+ * to every principal. Principals which don't have meaningful URIs with
+ * http://, https://, or ftp:// schemes are given the default "" Permission
+ * Key.
+ *
+ * This method is different from GetKeyForPrincipal in that it also takes
+ * permissions which must be sent down before loading a document into account.
+ *
+ * @param aPrincipal The Principal which the key is to be extracted from.
+ * @param aType The type of the permission to get the key for.
+ * @param aPermissionKey A string which will be filled with the permission
+ * key.
+ */
+ static nsresult GetKeyForPermission(nsIPrincipal* aPrincipal,
+ const nsACString& aType,
+ nsACString& aKey);
+
+ /**
+ * See `nsIPermissionManager::GetPermissionsWithKey` for more info on
+ * permission keys.
+ *
+ * Get all permissions keys which could correspond to the given principal.
+ * This method, like GetKeyForPrincipal, is infallible and should always
+ * produce at least one (key, origin) pair.
+ *
+ * Unlike GetKeyForPrincipal, this method also gets the keys for base domains
+ * of the given principal. All keys returned by this method must be available
+ * in the content process for a given URL to successfully have its permissions
+ * checked in the `aExactHostMatch = false` situation.
+ *
+ * @param aPrincipal The Principal which the key is to be extracted from.
+ * @return returns an array of (key, origin) pairs.
+ */
+ static nsTArray<std::pair<nsCString, nsCString>> GetAllKeysForPrincipal(
+ nsIPrincipal* aPrincipal);
+
+ // From ContentChild.
+ nsresult RemoveAllFromIPC();
+
+ /**
+ * Returns false if this permission manager wouldn't have the permission
+ * requested available.
+ *
+ * If aType is empty, checks that the permission manager would have all
+ * permissions available for the given principal.
+ */
+ bool PermissionAvailable(nsIPrincipal* aPrincipal, const nsACString& aType);
+
+ /**
+ * The content process doesn't have access to every permission. Instead, when
+ * LOAD_DOCUMENT_URI channels for http://, https://, and ftp:// URIs are
+ * opened, the permissions for those channels are sent down to the content
+ * process before the OnStartRequest message. Permissions for principals with
+ * other schemes are sent down at process startup.
+ *
+ * Permissions are keyed and grouped by "Permission Key"s.
+ * `PermissionManager::GetKeyForPrincipal` provides the mechanism for
+ * determining the permission key for a given principal.
+ *
+ * This method may only be called in the parent process. It fills the nsTArray
+ * argument with the IPC::Permission objects which have a matching origin.
+ *
+ * @param origin The origin to use to find the permissions of interest.
+ * @param key The key to use to find the permissions of interest. Only used
+ * when the origin argument is empty.
+ * @param perms An array which will be filled with the permissions which
+ * match the given origin.
+ */
+ bool GetPermissionsFromOriginOrKey(const nsACString& aOrigin,
+ const nsACString& aKey,
+ nsTArray<IPC::Permission>& aPerms);
+
+ /**
+ * See `PermissionManager::GetPermissionsWithKey` for more info on
+ * Permission keys.
+ *
+ * `SetPermissionsWithKey` may only be called in the Child process, and
+ * initializes the permission manager with the permissions for a given
+ * Permission key. marking permissions with that key as available.
+ *
+ * @param permissionKey The key for the permissions which have been sent
+ * over.
+ * @param perms An array with the permissions which match the given key.
+ */
+ void SetPermissionsWithKey(const nsACString& aPermissionKey,
+ nsTArray<IPC::Permission>& aPerms);
+
+ /**
+ * Add a callback which should be run when all permissions are available for
+ * the given nsIPrincipal. This method invokes the callback runnable
+ * synchronously when the permissions are already available. Otherwise the
+ * callback will be run asynchronously in SystemGroup when all permissions
+ * are available in the future.
+ *
+ * NOTE: This method will not request the permissions be sent by the parent
+ * process. This should only be used to wait for permissions which may not
+ * have arrived yet in order to ensure they are present.
+ *
+ * @param aPrincipal The principal to wait for permissions to be available
+ * for.
+ * @param aRunnable The runnable to run when permissions are available for
+ * the given principal.
+ */
+ void WhenPermissionsAvailable(nsIPrincipal* aPrincipal,
+ nsIRunnable* aRunnable);
+
+ /**
+ * Strip origin attributes for permissions, depending on permission isolation
+ * pref state.
+ * @param aForceStrip If true, strips user context and private browsing id,
+ * ignoring permission isolation prefs.
+ * @param aOriginAttributes object to strip.
+ */
+ static void MaybeStripOriginAttributes(bool aForceStrip,
+ OriginAttributes& aOriginAttributes);
+
+ private:
+ ~PermissionManager();
+ static StaticMutex sCreationMutex MOZ_UNANNOTATED;
+
+ /**
+ * Get all permissions for a given principal, which should not be isolated
+ * by user context or private browsing. The principal has its origin
+ * attributes stripped before perm db lookup. This is currently only affects
+ * the "cookie" permission.
+ * @param aPrincipal Used for creating the permission key.
+ * @param aSiteScopePermissions Used to specify whether to get strip perms for
+ * site scoped permissions (defined in IsSiteScopedPermission) or all other
+ * permissions. Also used to create the permission key.
+ */
+ nsresult GetStripPermsForPrincipal(nsIPrincipal* aPrincipal,
+ bool aSiteScopePermissions,
+ nsTArray<PermissionEntry>& aResult);
+
+ // Returns -1 on failure
+ int32_t GetTypeIndex(const nsACString& aType, bool aAdd);
+
+ // Returns whether the given combination of expire type and expire time are
+ // expired. Note that EXPIRE_SESSION only honors expireTime if it is nonzero.
+ bool HasExpired(uint32_t aExpireType, int64_t aExpireTime);
+
+ // Appends the permissions associated with this principal to aResult.
+ // If the onlySiteScopePermissions argument is true, the permissions searched
+ // are those for the site of the principal and only the permissions that are
+ // site-scoped are used.
+ nsresult GetAllForPrincipalHelper(nsIPrincipal* aPrincipal,
+ bool aSiteScopePermissions,
+ nsTArray<RefPtr<nsIPermission>>& aResult);
+
+ // Returns PermissionHashKey for a given { host, isInBrowserElement } tuple.
+ // This is not simply using PermissionKey because we will walk-up domains in
+ // case of |host| contains sub-domains. Returns null if nothing found. Also
+ // accepts host on the format "<foo>". This will perform an exact match lookup
+ // as the string doesn't contain any dots.
+ PermissionHashKey* GetPermissionHashKey(nsIPrincipal* aPrincipal,
+ uint32_t aType, bool aExactHostMatch);
+
+ // Returns PermissionHashKey for a given { host, isInBrowserElement } tuple.
+ // This is not simply using PermissionKey because we will walk-up domains in
+ // case of |host| contains sub-domains. Returns null if nothing found. Also
+ // accepts host on the format "<foo>". This will perform an exact match lookup
+ // as the string doesn't contain any dots.
+ PermissionHashKey* GetPermissionHashKey(
+ nsIURI* aURI, const OriginAttributes* aOriginAttributes, uint32_t aType,
+ bool aExactHostMatch);
+
+ // The int32_t is the type index, the nsresult is an early bail-out return
+ // code.
+ typedef Variant<int32_t, nsresult> TestPreparationResult;
+ TestPreparationResult CommonPrepareToTestPermission(
+ nsIPrincipal* aPrincipal, int32_t aTypeIndex, const nsACString& aType,
+ uint32_t* aPermission, uint32_t aDefaultPermission,
+ bool aDefaultPermissionIsValid, bool aExactHostMatch,
+ bool aIncludingSession);
+
+ // If aTypeIndex is passed -1, we try to inder the type index from aType.
+ nsresult CommonTestPermission(nsIPrincipal* aPrincipal, int32_t aTypeIndex,
+ const nsACString& aType, uint32_t* aPermission,
+ uint32_t aDefaultPermission,
+ bool aDefaultPermissionIsValid,
+ bool aExactHostMatch, bool aIncludingSession);
+
+ // If aTypeIndex is passed -1, we try to inder the type index from aType.
+ nsresult CommonTestPermission(nsIURI* aURI, int32_t aTypeIndex,
+ const nsACString& aType, uint32_t* aPermission,
+ uint32_t aDefaultPermission,
+ bool aDefaultPermissionIsValid,
+ bool aExactHostMatch, bool aIncludingSession);
+
+ nsresult CommonTestPermission(nsIURI* aURI,
+ const OriginAttributes* aOriginAttributes,
+ int32_t aTypeIndex, const nsACString& aType,
+ uint32_t* aPermission,
+ uint32_t aDefaultPermission,
+ bool aDefaultPermissionIsValid,
+ bool aExactHostMatch, bool aIncludingSession);
+
+ // Only one of aPrincipal or aURI is allowed to be passed in.
+ nsresult CommonTestPermissionInternal(
+ nsIPrincipal* aPrincipal, nsIURI* aURI,
+ const OriginAttributes* aOriginAttributes, int32_t aTypeIndex,
+ const nsACString& aType, uint32_t* aPermission, bool aExactHostMatch,
+ bool aIncludingSession);
+
+ nsresult OpenDatabase(nsIFile* permissionsFile);
+
+ void InitDB(bool aRemoveFile);
+ nsresult TryInitDB(bool aRemoveFile, nsIInputStream* aDefaultsInputStream);
+
+ void AddIdleDailyMaintenanceJob();
+ void RemoveIdleDailyMaintenanceJob();
+ void PerformIdleDailyMaintenance();
+
+ nsresult ImportLatestDefaults();
+ already_AddRefed<nsIInputStream> GetDefaultsInputStream();
+ void ConsumeDefaultsInputStream(nsIInputStream* aDefaultsInputStream,
+ const MonitorAutoLock& aProofOfLock);
+
+ nsresult CreateTable();
+ void NotifyObserversWithPermission(nsIPrincipal* aPrincipal,
+ const nsACString& aType,
+ uint32_t aPermission, uint32_t aExpireType,
+ int64_t aExpireTime,
+ int64_t aModificationTime,
+ const char16_t* aData);
+ void NotifyObservers(nsIPermission* aPermission, const char16_t* aData);
+
+ // Finalize all statements, close the DB and null it.
+ enum CloseDBNextOp {
+ eNone,
+ eRebuldOnSuccess,
+ eShutdown,
+ };
+ void CloseDB(CloseDBNextOp aNextOp);
+
+ nsresult RemoveAllInternal(bool aNotifyObservers);
+ nsresult RemoveAllFromMemory();
+
+ void UpdateDB(OperationType aOp, int64_t aID, const nsACString& aOrigin,
+ const nsACString& aType, uint32_t aPermission,
+ uint32_t aExpireType, int64_t aExpireTime,
+ int64_t aModificationTime);
+
+ /**
+ * This method removes all permissions modified after the specified time.
+ */
+ nsresult RemoveAllModifiedSince(int64_t aModificationTime);
+
+ template <class T>
+ nsresult RemovePermissionEntries(T aCondition);
+
+ template <class T>
+ nsresult GetPermissionEntries(T aCondition,
+ nsTArray<RefPtr<nsIPermission>>& aResult);
+
+ // This method must be called before doing any operation to be sure that the
+ // DB reading has been completed. This method is also in charge to complete
+ // the migrations if needed.
+ void EnsureReadCompleted();
+
+ nsresult AddInternal(nsIPrincipal* aPrincipal, const nsACString& aType,
+ uint32_t aPermission, int64_t aID, uint32_t aExpireType,
+ int64_t aExpireTime, int64_t aModificationTime,
+ NotifyOperationType aNotifyOperation,
+ DBOperationType aDBOperation,
+ const bool aIgnoreSessionPermissions = false,
+ const nsACString* aOriginString = nullptr,
+ const bool aAllowPersistInPrivateBrowsing = false);
+
+ void MaybeAddReadEntryFromMigration(const nsACString& aOrigin,
+ const nsCString& aType,
+ uint32_t aPermission,
+ uint32_t aExpireType, int64_t aExpireTime,
+ int64_t aModificationTime, int64_t aId);
+
+ nsCOMPtr<nsIAsyncShutdownClient> GetAsyncShutdownBarrier() const;
+
+ void MaybeCompleteShutdown();
+
+ nsRefPtrHashtable<nsCStringHashKey, GenericNonExclusivePromise::Private>
+ mPermissionKeyPromiseMap;
+
+ nsCOMPtr<nsIFile> mPermissionsFile;
+
+ // This monitor is used to ensure the database reading before any other
+ // operation. The reading of the database happens OMT. See |State| to know the
+ // steps of the database reading.
+ Monitor mMonitor MOZ_UNANNOTATED;
+
+ enum State {
+ // Initial state. The database has not been read yet.
+ // |TryInitDB| is called at startup time to read the database OMT.
+ // During the reading, |mReadEntries| will be populated with all the
+ // existing permissions.
+ eInitializing,
+
+ // At the end of the database reading, we are in this state. A runnable is
+ // executed to call |EnsureReadCompleted| on the main thread.
+ // |EnsureReadCompleted| processes |mReadEntries| and goes to the next
+ // state.
+ eDBInitialized,
+
+ // The permissions are fully read and any pending operation can proceed.
+ eReady,
+
+ // The permission manager has been terminated. No extra database operations
+ // will be allowed.
+ eClosed,
+ };
+ Atomic<State> mState;
+
+ // A single entry, from the database.
+ struct ReadEntry {
+ ReadEntry()
+ : mId(0),
+ mPermission(0),
+ mExpireType(0),
+ mExpireTime(0),
+ mModificationTime(0) {}
+
+ nsCString mOrigin;
+ nsCString mType;
+ int64_t mId;
+ uint32_t mPermission;
+ uint32_t mExpireType;
+ int64_t mExpireTime;
+ int64_t mModificationTime;
+
+ // true if this entry is the result of a migration.
+ bool mFromMigration;
+ };
+
+ // List of entries read from the database. It will be populated OMT and
+ // consumed on the main-thread.
+ // This array is protected by the monitor.
+ nsTArray<ReadEntry> mReadEntries;
+
+ // A single entry, from the database.
+ struct MigrationEntry {
+ MigrationEntry()
+ : mId(0),
+ mPermission(0),
+ mExpireType(0),
+ mExpireTime(0),
+ mModificationTime(0),
+ mIsInBrowserElement(false) {}
+
+ nsCString mHost;
+ nsCString mType;
+ int64_t mId;
+ uint32_t mPermission;
+ uint32_t mExpireType;
+ int64_t mExpireTime;
+ int64_t mModificationTime;
+
+ // Legacy, for migration.
+ bool mIsInBrowserElement;
+ };
+
+ // List of entries read from the database. It will be populated OMT and
+ // consumed on the main-thread. The migration entries will be converted to
+ // ReadEntry in |CompleteMigrations|.
+ // This array is protected by the monitor.
+ nsTArray<MigrationEntry> mMigrationEntries;
+
+ // A single entry from the defaults URL.
+ struct DefaultEntry {
+ DefaultEntry() : mOp(eImportMatchTypeHost), mPermission(0) {}
+
+ enum Op {
+ eImportMatchTypeHost,
+ eImportMatchTypeOrigin,
+ };
+
+ Op mOp;
+
+ nsCString mHostOrOrigin;
+ nsCString mType;
+ uint32_t mPermission;
+ };
+
+ // List of entries read from the default settings.
+ // This array is protected by the monitor.
+ nsTArray<DefaultEntry> mDefaultEntries;
+
+ nsresult Read(const MonitorAutoLock& aProofOfLock);
+ void CompleteRead();
+
+ void CompleteMigrations();
+
+ bool mMemoryOnlyDB;
+
+ nsTHashtable<PermissionHashKey> mPermissionTable;
+ // a unique, monotonically increasing id used to identify each database entry
+ int64_t mLargestID;
+
+ nsCOMPtr<nsIPrefBranch> mDefaultPrefBranch;
+
+ // NOTE: Ensure this is the last member since it has a large inline buffer.
+ // An array to store the strings identifying the different types.
+ Vector<nsCString, 512> mTypeArray;
+
+ nsCOMPtr<nsIThread> mThread;
+
+ struct ThreadBoundData {
+ nsCOMPtr<mozIStorageConnection> mDBConn;
+
+ nsCOMPtr<mozIStorageStatement> mStmtInsert;
+ nsCOMPtr<mozIStorageStatement> mStmtDelete;
+ nsCOMPtr<mozIStorageStatement> mStmtUpdate;
+ };
+ ThreadBound<ThreadBoundData> mThreadBoundData;
+
+ friend class DeleteFromMozHostListener;
+ friend class CloseDatabaseListener;
+};
+
+// {4F6B5E00-0C36-11d5-A535-0010A401EB10}
+#define NS_PERMISSIONMANAGER_CID \
+ { \
+ 0x4f6b5e00, 0xc36, 0x11d5, { \
+ 0xa5, 0x35, 0x0, 0x10, 0xa4, 0x1, 0xeb, 0x10 \
+ } \
+ }
+
+} // namespace mozilla
+
+#endif // mozilla_PermissionManager_h