From da4c7e7ed675c3bf405668739c3012d140856109 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 15 May 2024 05:34:42 +0200 Subject: Adding upstream version 126.0. Signed-off-by: Daniel Baumann --- extensions/permissions/PermissionManager.cpp | 93 +++++++++++++++++++--------- extensions/permissions/PermissionManager.h | 6 ++ 2 files changed, 70 insertions(+), 29 deletions(-) (limited to 'extensions/permissions') diff --git a/extensions/permissions/PermissionManager.cpp b/extensions/permissions/PermissionManager.cpp index be144e2dfe..39373653a6 100644 --- a/extensions/permissions/PermissionManager.cpp +++ b/extensions/permissions/PermissionManager.cpp @@ -1682,22 +1682,15 @@ NS_IMETHODIMP PermissionManager::AddFromPrincipalAndPersistInPrivateBrowsing( nsIPrincipal* aPrincipal, const nsACString& aType, uint32_t aPermission) { ENSURE_NOT_CHILD_PROCESS; - NS_ENSURE_ARG_POINTER(aPrincipal); - // We don't add the system principal because it actually has no URI and we - // always allow action for them. - if (aPrincipal->IsSystemPrincipal()) { - return NS_OK; - } - // Null principals can't meaningfully have persisted permissions attached to - // them, so we don't allow adding permissions for them. - if (aPrincipal->GetIsNullPrincipal()) { - return NS_OK; - } + bool isValidPermissionPrincipal = false; + nsresult rv = ShouldHandlePrincipalForPermission(aPrincipal, + isValidPermissionPrincipal); - // Permissions may not be added to expanded principals. - if (IsExpandedPrincipal(aPrincipal)) { - return NS_ERROR_INVALID_ARG; + NS_ENSURE_SUCCESS(rv, rv); + if (!isValidPermissionPrincipal) { + // return early if the principal is invalid for permissions + return rv; } // A modificationTime of zero will cause AddInternal to use now(). @@ -1717,7 +1710,6 @@ PermissionManager::AddFromPrincipal(nsIPrincipal* aPrincipal, uint32_t aPermission, uint32_t aExpireType, int64_t aExpireTime) { ENSURE_NOT_CHILD_PROCESS; - NS_ENSURE_ARG_POINTER(aPrincipal); NS_ENSURE_TRUE(aExpireType == nsIPermissionManager::EXPIRE_NEVER || aExpireType == nsIPermissionManager::EXPIRE_TIME || aExpireType == nsIPermissionManager::EXPIRE_SESSION || @@ -1729,21 +1721,14 @@ PermissionManager::AddFromPrincipal(nsIPrincipal* aPrincipal, return NS_OK; } - // We don't add the system principal because it actually has no URI and we - // always allow action for them. - if (aPrincipal->IsSystemPrincipal()) { - return NS_OK; - } - - // Null principals can't meaningfully have persisted permissions attached to - // them, so we don't allow adding permissions for them. - if (aPrincipal->GetIsNullPrincipal()) { - return NS_OK; - } + bool isValidPermissionPrincipal = false; + nsresult rv = ShouldHandlePrincipalForPermission(aPrincipal, + isValidPermissionPrincipal); - // Permissions may not be added to expanded principals. - if (IsExpandedPrincipal(aPrincipal)) { - return NS_ERROR_INVALID_ARG; + NS_ENSURE_SUCCESS(rv, rv); + if (!isValidPermissionPrincipal) { + // return early if the principal is invalid for permissions + return rv; } // A modificationTime of zero will cause AddInternal to use now(). @@ -1753,6 +1738,28 @@ PermissionManager::AddFromPrincipal(nsIPrincipal* aPrincipal, aExpireTime, modificationTime, eNotify, eWriteToDB); } +NS_IMETHODIMP +PermissionManager::TestAddFromPrincipalByTime(nsIPrincipal* aPrincipal, + const nsACString& aType, + uint32_t aPermission, + int64_t aModificationTime) { + ENSURE_NOT_CHILD_PROCESS; + + bool isValidPermissionPrincipal = false; + nsresult rv = ShouldHandlePrincipalForPermission(aPrincipal, + isValidPermissionPrincipal); + + NS_ENSURE_SUCCESS(rv, rv); + if (!isValidPermissionPrincipal) { + // return early if the principal is invalid for permissions + return rv; + } + + return AddInternal(aPrincipal, aType, aPermission, 0, + nsIPermissionManager::EXPIRE_NEVER, 0, aModificationTime, + eNotify, eWriteToDB); +} + nsresult PermissionManager::AddInternal( nsIPrincipal* aPrincipal, const nsACString& aType, uint32_t aPermission, int64_t aID, uint32_t aExpireType, int64_t aExpireTime, @@ -2547,6 +2554,34 @@ NS_IMETHODIMP PermissionManager::GetAllByTypes( aResult); } +nsresult PermissionManager::ShouldHandlePrincipalForPermission( + nsIPrincipal* aPrincipal, bool& aIsPermissionPrincipalValid) { + NS_ENSURE_ARG_POINTER(aPrincipal); + // We don't add the system principal because it actually has no URI and we + // always allow action for them. + if (aPrincipal->IsSystemPrincipal()) { + aIsPermissionPrincipalValid = false; + return NS_OK; + } + + // Null principals can't meaningfully have persisted permissions attached to + // them, so we don't allow adding permissions for them. + if (aPrincipal->GetIsNullPrincipal()) { + aIsPermissionPrincipalValid = false; + return NS_OK; + } + + // Permissions may not be added to expanded principals. + if (IsExpandedPrincipal(aPrincipal)) { + aIsPermissionPrincipalValid = false; + return NS_ERROR_INVALID_ARG; + } + + // Permission principal is valid + aIsPermissionPrincipalValid = true; + return NS_OK; +} + nsresult PermissionManager::GetAllForPrincipalHelper( nsIPrincipal* aPrincipal, bool aSiteScopePermissions, nsTArray>& aResult) { diff --git a/extensions/permissions/PermissionManager.h b/extensions/permissions/PermissionManager.h index ffee6a5504..f9518c9211 100644 --- a/extensions/permissions/PermissionManager.h +++ b/extensions/permissions/PermissionManager.h @@ -401,6 +401,12 @@ class PermissionManager final : public nsIPermissionManager, bool aSiteScopePermissions, nsTArray>& aResult); + // Returns true if the principal can be used for getting / setting + // permissions. If the principal can not be used an error code may be + // returned. + nsresult ShouldHandlePrincipalForPermission( + nsIPrincipal* aPrincipal, bool& aIsPermissionPrincipalValid); + // Returns PermissionHashKey for a given { host, isInBrowserElement } tuple. // This is not simply using PermissionKey because we will walk-up domains in // case of |host| contains sub-domains. Returns null if nothing found. Also -- cgit v1.2.3