diff options
Diffstat (limited to '')
-rw-r--r-- | dom/permission/MidiPermissionStatus.cpp | 34 | ||||
-rw-r--r-- | dom/permission/MidiPermissionStatus.h | 32 | ||||
-rw-r--r-- | dom/permission/PermissionObserver.cpp | 115 | ||||
-rw-r--r-- | dom/permission/PermissionObserver.h | 45 | ||||
-rw-r--r-- | dom/permission/PermissionStatus.cpp | 142 | ||||
-rw-r--r-- | dom/permission/PermissionStatus.h | 71 | ||||
-rw-r--r-- | dom/permission/PermissionUtils.cpp | 65 | ||||
-rw-r--r-- | dom/permission/PermissionUtils.h | 32 | ||||
-rw-r--r-- | dom/permission/Permissions.cpp | 182 | ||||
-rw-r--r-- | dom/permission/Permissions.h | 54 | ||||
-rw-r--r-- | dom/permission/moz.build | 28 | ||||
-rw-r--r-- | dom/permission/tests/file_empty.html | 2 | ||||
-rw-r--r-- | dom/permission/tests/mochitest.ini | 11 | ||||
-rw-r--r-- | dom/permission/tests/test_cross_origin_iframe.html | 251 | ||||
-rw-r--r-- | dom/permission/tests/test_permissions_api.html | 298 |
15 files changed, 1362 insertions, 0 deletions
diff --git a/dom/permission/MidiPermissionStatus.cpp b/dom/permission/MidiPermissionStatus.cpp new file mode 100644 index 0000000000..9466989b24 --- /dev/null +++ b/dom/permission/MidiPermissionStatus.cpp @@ -0,0 +1,34 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/dom/MidiPermissionStatus.h" + +#include "mozilla/dom/PermissionStatus.h" +#include "mozilla/Permission.h" + +namespace mozilla::dom { + +/* static */ +already_AddRefed<PermissionStatus> MidiPermissionStatus::Create( + nsPIDOMWindowInner* aWindow, bool aSysex, ErrorResult& aRv) { + RefPtr<PermissionStatus> status = new MidiPermissionStatus(aWindow, aSysex); + aRv = status->Init(); + if (NS_WARN_IF(aRv.Failed())) { + return nullptr; + } + + return status.forget(); +} + +MidiPermissionStatus::MidiPermissionStatus(nsPIDOMWindowInner* aWindow, + bool aSysex) + : PermissionStatus(aWindow, PermissionName::Midi), mSysex(aSysex) {} + +nsLiteralCString MidiPermissionStatus::GetPermissionType() { + return mSysex ? "midi-sysex"_ns : "midi"_ns; +} + +} // namespace mozilla::dom diff --git a/dom/permission/MidiPermissionStatus.h b/dom/permission/MidiPermissionStatus.h new file mode 100644 index 0000000000..fd0d925c88 --- /dev/null +++ b/dom/permission/MidiPermissionStatus.h @@ -0,0 +1,32 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_dom_MidiPermissionStatus_h_ +#define mozilla_dom_MidiPermissionStatus_h_ + +#include "mozilla/dom/PermissionStatus.h" + +namespace mozilla::dom { + +class MidiPermissionStatus final : public PermissionStatus { + public: + static already_AddRefed<PermissionStatus> Create(nsPIDOMWindowInner* aWindow, + bool aSysex, + ErrorResult& aRv); + + private: + ~MidiPermissionStatus() {} + + MidiPermissionStatus(nsPIDOMWindowInner* aWindow, bool aSysex); + + virtual nsLiteralCString GetPermissionType() override; + + bool mSysex; +}; + +} // namespace mozilla::dom + +#endif // mozilla_dom_MidiPermissionStatus_h_ diff --git a/dom/permission/PermissionObserver.cpp b/dom/permission/PermissionObserver.cpp new file mode 100644 index 0000000000..47e1a23918 --- /dev/null +++ b/dom/permission/PermissionObserver.cpp @@ -0,0 +1,115 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "PermissionObserver.h" + +#include "mozilla/dom/PermissionStatus.h" +#include "mozilla/Services.h" +#include "mozilla/UniquePtr.h" +#include "nsIObserverService.h" +#include "nsIPermission.h" +#include "PermissionUtils.h" + +namespace mozilla::dom { + +namespace { +PermissionObserver* gInstance = nullptr; +} // namespace + +NS_IMPL_ISUPPORTS(PermissionObserver, nsIObserver, nsISupportsWeakReference) + +PermissionObserver::PermissionObserver() { MOZ_ASSERT(!gInstance); } + +PermissionObserver::~PermissionObserver() { + MOZ_ASSERT(mSinks.IsEmpty()); + MOZ_ASSERT(gInstance == this); + + gInstance = nullptr; +} + +/* static */ +already_AddRefed<PermissionObserver> PermissionObserver::GetInstance() { + RefPtr<PermissionObserver> instance = gInstance; + if (!instance) { + instance = new PermissionObserver(); + + nsCOMPtr<nsIObserverService> obs = services::GetObserverService(); + if (NS_WARN_IF(!obs)) { + return nullptr; + } + + nsresult rv = obs->AddObserver(instance, "perm-changed", true); + if (NS_WARN_IF(NS_FAILED(rv))) { + return nullptr; + } + + gInstance = instance; + } + + return instance.forget(); +} + +void PermissionObserver::AddSink(PermissionStatus* aSink) { + MOZ_ASSERT(aSink); + MOZ_ASSERT(!mSinks.Contains(aSink)); + + mSinks.AppendElement(aSink); +} + +void PermissionObserver::RemoveSink(PermissionStatus* aSink) { + MOZ_ASSERT(aSink); + MOZ_ASSERT(mSinks.Contains(aSink)); + + mSinks.RemoveElement(aSink); +} + +void PermissionObserver::Notify(PermissionName aName, + nsIPrincipal& aPrincipal) { + for (auto* sink : mSinks) { + if (sink->mName != aName) { + continue; + } + + nsCOMPtr<nsIPrincipal> sinkPrincipal = sink->GetPrincipal(); + if (NS_WARN_IF(!sinkPrincipal) || !aPrincipal.Equals(sinkPrincipal)) { + continue; + } + + sink->PermissionChanged(); + } +} + +NS_IMETHODIMP +PermissionObserver::Observe(nsISupports* aSubject, const char* aTopic, + const char16_t* aData) { + MOZ_ASSERT(!strcmp(aTopic, "perm-changed")); + + if (mSinks.IsEmpty()) { + return NS_OK; + } + + nsCOMPtr<nsIPermission> perm = do_QueryInterface(aSubject); + if (!perm) { + return NS_OK; + } + + nsCOMPtr<nsIPrincipal> principal; + perm->GetPrincipal(getter_AddRefs(principal)); + if (!principal) { + return NS_OK; + } + + nsAutoCString type; + perm->GetType(type); + Maybe<PermissionName> permission = TypeToPermissionName(type); + if (permission) { + Notify(permission.value(), *principal); + } + + return NS_OK; +} + +} // namespace mozilla::dom diff --git a/dom/permission/PermissionObserver.h b/dom/permission/PermissionObserver.h new file mode 100644 index 0000000000..cc085cc51b --- /dev/null +++ b/dom/permission/PermissionObserver.h @@ -0,0 +1,45 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_dom_PermissionObserver_h_ +#define mozilla_dom_PermissionObserver_h_ + +#include "mozilla/dom/PermissionsBinding.h" + +#include "nsIObserver.h" +#include "nsIPrincipal.h" +#include "nsTArray.h" +#include "nsWeakReference.h" + +namespace mozilla::dom { + +class PermissionStatus; + +// Singleton that watches for perm-changed notifications in order to notify +// PermissionStatus objects. +class PermissionObserver final : public nsIObserver, + public nsSupportsWeakReference { + public: + NS_DECL_ISUPPORTS + NS_DECL_NSIOBSERVER + + static already_AddRefed<PermissionObserver> GetInstance(); + + void AddSink(PermissionStatus* aObs); + void RemoveSink(PermissionStatus* aObs); + + private: + PermissionObserver(); + virtual ~PermissionObserver(); + + void Notify(PermissionName aName, nsIPrincipal& aPrincipal); + + nsTArray<PermissionStatus*> mSinks; +}; + +} // namespace mozilla::dom + +#endif diff --git a/dom/permission/PermissionStatus.cpp b/dom/permission/PermissionStatus.cpp new file mode 100644 index 0000000000..81e69d361c --- /dev/null +++ b/dom/permission/PermissionStatus.cpp @@ -0,0 +1,142 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/dom/PermissionStatus.h" +#include "mozilla/PermissionDelegateHandler.h" + +#include "mozilla/AsyncEventDispatcher.h" +#include "mozilla/Permission.h" +#include "mozilla/Services.h" +#include "nsIPermissionManager.h" +#include "PermissionObserver.h" +#include "PermissionUtils.h" + +namespace mozilla::dom { + +/* static */ +already_AddRefed<PermissionStatus> PermissionStatus::Create( + nsPIDOMWindowInner* aWindow, PermissionName aName, ErrorResult& aRv) { + RefPtr<PermissionStatus> status = new PermissionStatus(aWindow, aName); + aRv = status->Init(); + if (NS_WARN_IF(aRv.Failed())) { + return nullptr; + } + + return status.forget(); +} + +PermissionStatus::PermissionStatus(nsPIDOMWindowInner* aWindow, + PermissionName aName) + : DOMEventTargetHelper(aWindow), + mName(aName), + mState(PermissionState::Denied) { + KeepAliveIfHasListenersFor(nsGkAtoms::onchange); +} + +nsresult PermissionStatus::Init() { + mObserver = PermissionObserver::GetInstance(); + if (NS_WARN_IF(!mObserver)) { + return NS_ERROR_FAILURE; + } + + mObserver->AddSink(this); + + nsresult rv = UpdateState(); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + return NS_OK; +} + +PermissionStatus::~PermissionStatus() { + if (mObserver) { + mObserver->RemoveSink(this); + } +} + +JSObject* PermissionStatus::WrapObject(JSContext* aCx, + JS::Handle<JSObject*> aGivenProto) { + return PermissionStatus_Binding::Wrap(aCx, this, aGivenProto); +} + +nsLiteralCString PermissionStatus::GetPermissionType() { + return PermissionNameToType(mName); +} + +nsresult PermissionStatus::UpdateState() { + nsCOMPtr<nsPIDOMWindowInner> window = GetOwner(); + if (NS_WARN_IF(!window)) { + return NS_ERROR_FAILURE; + } + + RefPtr<Document> document = window->GetExtantDoc(); + if (NS_WARN_IF(!document)) { + return NS_ERROR_FAILURE; + } + + uint32_t action = nsIPermissionManager::DENY_ACTION; + + PermissionDelegateHandler* permissionHandler = + document->GetPermissionDelegateHandler(); + if (NS_WARN_IF(!permissionHandler)) { + return NS_ERROR_FAILURE; + } + + nsresult rv = permissionHandler->GetPermissionForPermissionsAPI( + GetPermissionType(), &action); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + mState = ActionToPermissionState(action); + return NS_OK; +} + +already_AddRefed<nsIPrincipal> PermissionStatus::GetPrincipal() const { + nsCOMPtr<nsPIDOMWindowInner> window = GetOwner(); + if (NS_WARN_IF(!window)) { + return nullptr; + } + + Document* doc = window->GetExtantDoc(); + if (NS_WARN_IF(!doc)) { + return nullptr; + } + + nsCOMPtr<nsIPrincipal> principal = + Permission::ClonePrincipalForPermission(doc->NodePrincipal()); + NS_ENSURE_TRUE(principal, nullptr); + + return principal.forget(); +} + +void PermissionStatus::PermissionChanged() { + nsCOMPtr<nsPIDOMWindowInner> window = GetOwner(); + if (NS_WARN_IF(!window) || !window->IsFullyActive()) { + return; + } + auto oldState = mState; + UpdateState(); + if (mState != oldState) { + RefPtr<AsyncEventDispatcher> eventDispatcher = + new AsyncEventDispatcher(this, u"change"_ns, CanBubble::eNo); + eventDispatcher->PostDOMEvent(); + } +} + +void PermissionStatus::DisconnectFromOwner() { + IgnoreKeepAliveIfHasListenersFor(nsGkAtoms::onchange); + + if (mObserver) { + mObserver->RemoveSink(this); + mObserver = nullptr; + } + + DOMEventTargetHelper::DisconnectFromOwner(); +} + +} // namespace mozilla::dom diff --git a/dom/permission/PermissionStatus.h b/dom/permission/PermissionStatus.h new file mode 100644 index 0000000000..37b11d42e9 --- /dev/null +++ b/dom/permission/PermissionStatus.h @@ -0,0 +1,71 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_dom_PermissionStatus_h_ +#define mozilla_dom_PermissionStatus_h_ + +#include "mozilla/dom/PermissionsBinding.h" +#include "mozilla/dom/PermissionStatusBinding.h" +#include "mozilla/DOMEventTargetHelper.h" + +namespace mozilla::dom { + +class PermissionObserver; + +class PermissionStatus : public DOMEventTargetHelper { + friend class PermissionObserver; + + public: + static already_AddRefed<PermissionStatus> Create(nsPIDOMWindowInner* aWindow, + PermissionName aName, + ErrorResult& aRv); + + JSObject* WrapObject(JSContext* aCx, + JS::Handle<JSObject*> aGivenProto) override; + + PermissionState State() const { return mState; } + + IMPL_EVENT_HANDLER(change) + + void DisconnectFromOwner() override; + + PermissionName Name() const { return mName; } + + nsresult Init(); + + protected: + ~PermissionStatus(); + + PermissionStatus(nsPIDOMWindowInner* aWindow, PermissionName aName); + + /** + * This method returns the internal permission type, which should be equal to + * the permission name for all but the MIDI permission because of the SysEx + * support: internally, we have both "midi" and "midi-sysex" permission types + * but we only have a "midi" (public) permission name. + * + * Note: the `MidiPermissionDescriptor` descriptor has an optional `sysex` + * boolean, which is used to determine whether to return "midi" or + * "midi-sysex" for the MIDI permission. + */ + virtual nsLiteralCString GetPermissionType(); + + private: + nsresult UpdateState(); + + already_AddRefed<nsIPrincipal> GetPrincipal() const; + + void PermissionChanged(); + + PermissionName mName; + PermissionState mState; + + RefPtr<PermissionObserver> mObserver; +}; + +} // namespace mozilla::dom + +#endif // mozilla_dom_permissionstatus_h_ diff --git a/dom/permission/PermissionUtils.cpp b/dom/permission/PermissionUtils.cpp new file mode 100644 index 0000000000..51deceee8b --- /dev/null +++ b/dom/permission/PermissionUtils.cpp @@ -0,0 +1,65 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "PermissionUtils.h" +#include "nsIPermissionManager.h" + +namespace mozilla::dom { + +static const nsLiteralCString kPermissionTypes[] = { + // clang-format off + "geo"_ns, + "desktop-notification"_ns, + // Alias `push` to `desktop-notification`. + "desktop-notification"_ns, + "persistent-storage"_ns, + // "midi" is the only public permission but internally we have both "midi" + // and "midi-sysex" (and yes, this is confusing). + "midi"_ns + // clang-format on +}; + +const size_t kPermissionNameCount = PermissionNameValues::Count; + +static_assert(MOZ_ARRAY_LENGTH(kPermissionTypes) == kPermissionNameCount, + "kPermissionTypes and PermissionName count should match"); + +const nsLiteralCString& PermissionNameToType(PermissionName aName) { + MOZ_ASSERT((size_t)aName < ArrayLength(kPermissionTypes)); + return kPermissionTypes[static_cast<size_t>(aName)]; +} + +Maybe<PermissionName> TypeToPermissionName(const nsACString& aType) { + // Annoyingly, "midi-sysex" is an internal permission. The public permission + // name is "midi" so we have to special-case it here... + if (aType.Equals("midi-sysex"_ns)) { + return Some(PermissionName::Midi); + } + + for (size_t i = 0; i < ArrayLength(kPermissionTypes); ++i) { + if (kPermissionTypes[i].Equals(aType)) { + return Some(static_cast<PermissionName>(i)); + } + } + + return Nothing(); +} + +PermissionState ActionToPermissionState(uint32_t aAction) { + switch (aAction) { + case nsIPermissionManager::ALLOW_ACTION: + return PermissionState::Granted; + + case nsIPermissionManager::DENY_ACTION: + return PermissionState::Denied; + + default: + case nsIPermissionManager::PROMPT_ACTION: + return PermissionState::Prompt; + } +} + +} // namespace mozilla::dom diff --git a/dom/permission/PermissionUtils.h b/dom/permission/PermissionUtils.h new file mode 100644 index 0000000000..18b176f7f6 --- /dev/null +++ b/dom/permission/PermissionUtils.h @@ -0,0 +1,32 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_dom_PermissionUtils_h_ +#define mozilla_dom_PermissionUtils_h_ + +#include "mozilla/dom/PermissionsBinding.h" +#include "mozilla/dom/PermissionStatusBinding.h" +#include "mozilla/Maybe.h" + +namespace mozilla::dom { + +const nsLiteralCString& PermissionNameToType(PermissionName aName); + +/** + * Returns the permission name given a permission type. + * + * Note: the "midi" permission is implemented with two internal permissions + * ("midi" and "midi-sysex"). For this reason, when we pass "midi-sysex" to + * this function, it unconditionally returns the "midi" permission name, + * because that's the only public permission name. + */ +Maybe<PermissionName> TypeToPermissionName(const nsACString& aType); + +PermissionState ActionToPermissionState(uint32_t aAction); + +} // namespace mozilla::dom + +#endif diff --git a/dom/permission/Permissions.cpp b/dom/permission/Permissions.cpp new file mode 100644 index 0000000000..571dec7630 --- /dev/null +++ b/dom/permission/Permissions.cpp @@ -0,0 +1,182 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "mozilla/dom/Permissions.h" + +#include "mozilla/dom/ContentChild.h" +#include "mozilla/dom/Document.h" +#include "mozilla/dom/MidiPermissionStatus.h" +#include "mozilla/dom/PermissionMessageUtils.h" +#include "mozilla/dom/PermissionStatus.h" +#include "mozilla/dom/PermissionsBinding.h" +#include "mozilla/dom/Promise.h" +#include "mozilla/Components.h" +#include "nsIPermissionManager.h" +#include "PermissionUtils.h" + +namespace mozilla::dom { + +NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(Permissions) + NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY + NS_INTERFACE_MAP_ENTRY(nsISupports) +NS_INTERFACE_MAP_END + +NS_IMPL_CYCLE_COLLECTING_ADDREF(Permissions) +NS_IMPL_CYCLE_COLLECTING_RELEASE(Permissions) + +NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(Permissions, mWindow) + +Permissions::Permissions(nsPIDOMWindowInner* aWindow) : mWindow(aWindow) {} + +Permissions::~Permissions() = default; + +JSObject* Permissions::WrapObject(JSContext* aCx, + JS::Handle<JSObject*> aGivenProto) { + return Permissions_Binding::Wrap(aCx, this, aGivenProto); +} + +namespace { + +already_AddRefed<PermissionStatus> CreatePermissionStatus( + JSContext* aCx, JS::Handle<JSObject*> aPermission, + nsPIDOMWindowInner* aWindow, ErrorResult& aRv) { + PermissionDescriptor permission; + JS::Rooted<JS::Value> value(aCx, JS::ObjectOrNullValue(aPermission)); + if (NS_WARN_IF(!permission.Init(aCx, value))) { + aRv.NoteJSContextException(aCx); + return nullptr; + } + + switch (permission.mName) { + case PermissionName::Midi: { + MidiPermissionDescriptor midiPerm; + if (NS_WARN_IF(!midiPerm.Init(aCx, value))) { + aRv.NoteJSContextException(aCx); + return nullptr; + } + + bool sysex = midiPerm.mSysex.WasPassed() && midiPerm.mSysex.Value(); + return MidiPermissionStatus::Create(aWindow, sysex, aRv); + } + case PermissionName::Geolocation: + case PermissionName::Notifications: + case PermissionName::Push: + case PermissionName::Persistent_storage: + return PermissionStatus::Create(aWindow, permission.mName, aRv); + + default: + MOZ_ASSERT_UNREACHABLE("Unhandled type"); + aRv.Throw(NS_ERROR_NOT_IMPLEMENTED); + return nullptr; + } +} + +} // namespace + +already_AddRefed<Promise> Permissions::Query(JSContext* aCx, + JS::Handle<JSObject*> aPermission, + ErrorResult& aRv) { + if (!mWindow || !mWindow->IsFullyActive()) { + aRv.ThrowInvalidStateError("The document is not fully active."); + return nullptr; + } + + RefPtr<PermissionStatus> status = + CreatePermissionStatus(aCx, aPermission, mWindow, aRv); + if (NS_WARN_IF(aRv.Failed())) { + MOZ_ASSERT(!status); + return nullptr; + } + + MOZ_ASSERT(status); + RefPtr<Promise> promise = Promise::Create(mWindow->AsGlobal(), aRv); + if (NS_WARN_IF(aRv.Failed())) { + return nullptr; + } + + promise->MaybeResolve(status); + return promise.forget(); +} + +/* static */ +nsresult Permissions::RemovePermission(nsIPrincipal* aPrincipal, + const nsACString& aPermissionType) { + MOZ_ASSERT(XRE_IsParentProcess()); + + nsCOMPtr<nsIPermissionManager> permMgr = + components::PermissionManager::Service(); + if (NS_WARN_IF(!permMgr)) { + return NS_ERROR_FAILURE; + } + + return permMgr->RemoveFromPrincipal(aPrincipal, aPermissionType); +} + +already_AddRefed<Promise> Permissions::Revoke(JSContext* aCx, + JS::Handle<JSObject*> aPermission, + ErrorResult& aRv) { + if (!mWindow) { + aRv.Throw(NS_ERROR_UNEXPECTED); + return nullptr; + } + + PermissionDescriptor permission; + JS::Rooted<JS::Value> value(aCx, JS::ObjectOrNullValue(aPermission)); + if (NS_WARN_IF(!permission.Init(aCx, value))) { + aRv.NoteJSContextException(aCx); + return nullptr; + } + + RefPtr<Promise> promise = Promise::Create(mWindow->AsGlobal(), aRv); + if (NS_WARN_IF(aRv.Failed())) { + return nullptr; + } + + nsCOMPtr<Document> document = mWindow->GetExtantDoc(); + if (!document) { + promise->MaybeReject(NS_ERROR_UNEXPECTED); + return promise.forget(); + } + + nsCOMPtr<nsIPermissionManager> permMgr = + components::PermissionManager::Service(); + if (NS_WARN_IF(!permMgr)) { + promise->MaybeReject(NS_ERROR_FAILURE); + return promise.forget(); + } + + const nsLiteralCString& permissionType = + PermissionNameToType(permission.mName); + + nsresult rv; + if (XRE_IsParentProcess()) { + rv = RemovePermission(document->NodePrincipal(), permissionType); + } else { + // Permissions can't be removed from the content process. Send a message + // to the parent; `ContentParent::RecvRemovePermission` will call + // `RemovePermission`. + ContentChild::GetSingleton()->SendRemovePermission( + document->NodePrincipal(), permissionType, &rv); + } + + if (NS_WARN_IF(NS_FAILED(rv))) { + promise->MaybeReject(rv); + return promise.forget(); + } + + RefPtr<PermissionStatus> status = + CreatePermissionStatus(aCx, aPermission, mWindow, aRv); + if (NS_WARN_IF(aRv.Failed())) { + MOZ_ASSERT(!status); + return nullptr; + } + + MOZ_ASSERT(status); + promise->MaybeResolve(status); + return promise.forget(); +} + +} // namespace mozilla::dom diff --git a/dom/permission/Permissions.h b/dom/permission/Permissions.h new file mode 100644 index 0000000000..f974fa49a9 --- /dev/null +++ b/dom/permission/Permissions.h @@ -0,0 +1,54 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_dom_Permissions_h_ +#define mozilla_dom_Permissions_h_ + +#include "nsISupports.h" +#include "nsPIDOMWindow.h" +#include "nsWrapperCache.h" + +namespace mozilla { + +class ErrorResult; + +namespace dom { + +class Promise; + +class Permissions final : public nsISupports, public nsWrapperCache { + public: + NS_DECL_CYCLE_COLLECTING_ISUPPORTS + NS_DECL_CYCLE_COLLECTION_WRAPPERCACHE_CLASS(Permissions) + + explicit Permissions(nsPIDOMWindowInner* aWindow); + + nsPIDOMWindowInner* GetParentObject() const { return mWindow; } + + JSObject* WrapObject(JSContext* aCx, + JS::Handle<JSObject*> aGivenProto) override; + + already_AddRefed<Promise> Query(JSContext* aCx, + JS::Handle<JSObject*> aPermission, + ErrorResult& aRv); + + static nsresult RemovePermission(nsIPrincipal* aPrincipal, + const nsACString& aPermissionType); + + already_AddRefed<Promise> Revoke(JSContext* aCx, + JS::Handle<JSObject*> aPermission, + ErrorResult& aRv); + + private: + ~Permissions(); + + nsCOMPtr<nsPIDOMWindowInner> mWindow; +}; + +} // namespace dom +} // namespace mozilla + +#endif // mozilla_dom_permissions_h_ diff --git a/dom/permission/moz.build b/dom/permission/moz.build new file mode 100644 index 0000000000..7e00baca04 --- /dev/null +++ b/dom/permission/moz.build @@ -0,0 +1,28 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +with Files("**"): + BUG_COMPONENT = ("Core", "DOM: Core & HTML") + +EXPORTS.mozilla.dom += [ + "MidiPermissionStatus.h", + "Permissions.h", + "PermissionStatus.h", +] + +UNIFIED_SOURCES += [ + "MidiPermissionStatus.cpp", + "PermissionObserver.cpp", + "Permissions.cpp", + "PermissionStatus.cpp", + "PermissionUtils.cpp", +] + +MOCHITEST_MANIFESTS += ["tests/mochitest.ini"] + +FINAL_LIBRARY = "xul" + +include("/ipc/chromium/chromium-config.mozbuild") diff --git a/dom/permission/tests/file_empty.html b/dom/permission/tests/file_empty.html new file mode 100644 index 0000000000..15648ec5aa --- /dev/null +++ b/dom/permission/tests/file_empty.html @@ -0,0 +1,2 @@ +<h1>I'm just a support file</h1> +<p>I get loaded to do permission testing.</p> diff --git a/dom/permission/tests/mochitest.ini b/dom/permission/tests/mochitest.ini new file mode 100644 index 0000000000..fb631736f6 --- /dev/null +++ b/dom/permission/tests/mochitest.ini @@ -0,0 +1,11 @@ +[DEFAULT] +support-files = + file_empty.html +prefs = + dom.security.featurePolicy.header.enabled=true + dom.security.featurePolicy.webidl.enabled=true + +[test_cross_origin_iframe.html] +fail-if = xorigin +[test_permissions_api.html] +skip-if = xorigin # Hangs diff --git a/dom/permission/tests/test_cross_origin_iframe.html b/dom/permission/tests/test_cross_origin_iframe.html new file mode 100644 index 0000000000..b024592e75 --- /dev/null +++ b/dom/permission/tests/test_cross_origin_iframe.html @@ -0,0 +1,251 @@ +<!-- + Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ +--> +<!DOCTYPE HTML> +<html> + +<head> + <meta charset="utf-8"> + <title>Test for Permissions API</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" href="/tests/SimpleTest/test.css"> +</head> + +<body> + <pre id="test"></pre> + <script type="application/javascript"> + /*globals SpecialPowers, SimpleTest, is, ok, */ + 'use strict'; + + function setPermission(type, allow) { + return new Promise(resolve => { + SpecialPowers.popPermissions(() => { + SpecialPowers.pushPermissions( + [{ type, allow, context: document }], + resolve + ); + }); + }); + } + + function checkPermission(aIFrame, aExpectedState, aName) { + return SpecialPowers.spawn( + aIFrame, + [{name: aName, expectedState: aExpectedState}], + async aInput => { + try { + let result = await content.navigator + .permissions + .query({ name: aInput.name }); + is( + SpecialPowers.wrap(result).state, + aInput.expectedState, + `correct state for '${aInput.name}'` + ); + } catch (e) { + ok(false, `query should not have rejected for '${aInput.name}'`) + } + } + ); + } + + function createIframe(aId, aAllow) { + return new Promise((resolve) => { + const iframe = document.createElement('iframe'); + iframe.id = aId; + iframe.src = 'https://example.org/tests/dom/permission/tests/file_empty.html'; + if (aAllow) { + iframe.allow = aAllow; + } + iframe.onload = () => resolve(iframe); + document.body.appendChild(iframe); + }); + } + + function removeIframe(aId) { + return new Promise((resolve) => { + document.body.removeChild(document.getElementById(aId)); + resolve(); + }); + } + + const { + UNKNOWN_ACTION, + PROMPT_ACTION, + ALLOW_ACTION, + DENY_ACTION + } = SpecialPowers.Ci.nsIPermissionManager; + + const tests = [ + { + id: 'query navigation top unknown', + top: UNKNOWN_ACTION, + name: 'geolocation', + type: 'geo', + expected: 'denied', + }, + { + id: 'query notifications top unknown', + top: UNKNOWN_ACTION, + name: 'notifications', + type: 'desktop-notification', + expected: 'denied', + }, + { + id: 'query push top unknown', + top: UNKNOWN_ACTION, + name: 'push', + type: 'desktop-notification', + expected: 'denied', + }, + { + id: 'query persistent-storage unknown', + top: UNKNOWN_ACTION, + name: 'persistent-storage', + type: 'persistent-storage', + expected: 'denied', + }, + { + id: 'query navigation top prompt', + top: PROMPT_ACTION, + name: 'geolocation', + type: 'geo', + expected: 'denied', + }, + { + id: 'query notifications top prompt', + top: PROMPT_ACTION, + name: 'notifications', + type: 'desktop-notification', + expected: 'denied', + }, + { + id: 'query push top prompt', + top: PROMPT_ACTION, + name: 'push', + type: 'desktop-notification', + expected: 'denied', + }, + { + id: 'query persistent-storage top prompt', + top: PROMPT_ACTION, + name: 'persistent-storage', + type: 'persistent-storage', + expected: 'denied', + }, + { + id: 'query navigation top denied', + top: DENY_ACTION, + name: 'geolocation', + type: 'geo', + expected: 'denied', + }, + { + id: 'query notifications top denied', + top: DENY_ACTION, + name: 'notifications', + type: 'desktop-notification', + expected: 'denied', + }, + { + id: 'query push top denied', + top: DENY_ACTION, + name: 'push', + type: 'desktop-notification', + expected: 'denied', + }, + { + id: 'query persistent-storage top denied', + top: DENY_ACTION, + name: 'persistent-storage', + type: 'persistent-storage', + expected: 'denied', + }, + { + id: 'query navigation top granted', + top: ALLOW_ACTION, + name: 'geolocation', + type: 'geo', + expected: 'denied', + }, + { + id: 'query notifications top granted', + top: ALLOW_ACTION, + name: 'notifications', + type: 'desktop-notification', + expected: 'denied', + }, + { + id: 'query push top granted', + top: ALLOW_ACTION, + name: 'push', + type: 'desktop-notification', + expected: 'denied', + }, + { + id: 'query persistent-storage top granted', + top: ALLOW_ACTION, + name: 'persistent-storage', + type: 'persistent-storage', + expected: 'denied', + }, + { + id: 'query navigation top denied, iframe has allow attribute', + top: DENY_ACTION, + allow: 'geolocation', + name: 'geolocation', + type: 'geo', + expected: 'denied', + }, + { + id: 'query navigation top granted, iframe has allow attribute', + top: ALLOW_ACTION, + allow: 'geolocation', + name: 'geolocation', + type: 'geo', + expected: 'granted', + }, + { + id: 'query navigation top prompt, iframe has allow attribute', + top: PROMPT_ACTION, + allow: 'geolocation', + name: 'geolocation', + type: 'geo', + expected: 'prompt', + }, + { + id: 'query navigation top unknown, iframe has allow attribute', + top: UNKNOWN_ACTION, + allow: 'geolocation', + name: 'geolocation', + type: 'geo', + expected: 'prompt', + }, + + ]; + + SimpleTest.waitForExplicitFinish(); + + async function nextTest() { + if (!tests.length) { + SimpleTest.finish(); + return; + } + + let test = tests.shift(); + await setPermission(test.type, test.top) + .then(() => createIframe(test.id, test.allow)) + .then(iframe => checkPermission(iframe, test.expected, test.name)) + .then(() => removeIframe(test.id)); + + SimpleTest.executeSoon(nextTest); + } + + SpecialPowers.pushPrefEnv({"set": [ + ["permissions.delegation.enabled", true], + ]}).then(nextTest); + </script> +</body> + +</html> diff --git a/dom/permission/tests/test_permissions_api.html b/dom/permission/tests/test_permissions_api.html new file mode 100644 index 0000000000..bef0b56a03 --- /dev/null +++ b/dom/permission/tests/test_permissions_api.html @@ -0,0 +1,298 @@ +<!-- + Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ +--> +<!DOCTYPE HTML> +<html> + +<head> + <meta charset="utf-8"> + <title>Test for Permissions API</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" href="/tests/SimpleTest/test.css"> +</head> + +<body> + <pre id="test"></pre> + <script type="application/javascript"> + /*globals SpecialPowers, SimpleTest, is, ok, */ + 'use strict'; + + const { + UNKNOWN_ACTION, + PROMPT_ACTION, + ALLOW_ACTION, + DENY_ACTION + } = SpecialPowers.Ci.nsIPermissionManager; + + SimpleTest.waitForExplicitFinish(); + + const PERMISSIONS = [{ + name: 'geolocation', + type: 'geo' + }, { + name: 'notifications', + type: 'desktop-notification' + }, { + name: 'push', + type: 'desktop-notification' + }, { + name: 'persistent-storage', + type: 'persistent-storage' + }, { + name: 'midi', + type: 'midi' + }, ]; + + const UNSUPPORTED_PERMISSIONS = [ + 'foobarbaz', // Not in spec, for testing only. + ]; + + // Create a closure, so that tests are run on the correct window object. + function createPermissionTester(iframe) { + const iframeWindow = iframe.contentWindow; + return { + async setPermissions(allow, context = iframeWindow.document) { + const permissions = PERMISSIONS.map(({ type }) => { + return { + type, + allow, + context, + }; + }); + await SpecialPowers.popPermissions(); + return SpecialPowers.pushPermissions(permissions); + }, + revokePermissions() { + const promisesToRevoke = PERMISSIONS.map(({ name }) => { + return iframeWindow.navigator.permissions + .revoke({ name }) + .then( + ({ state }) => is(state, 'prompt', `correct state for '${name}'`), + () => ok(false, `revoke should not have rejected for '${name}'`) + ); + }); + return Promise.all(promisesToRevoke); + }, + revokeUnsupportedPermissions() { + const promisesToRevoke = UNSUPPORTED_PERMISSIONS.map(({ name }) => { + return iframeWindow.navigator.permissions + .revoke({ name }) + .then( + () => ok(false, `revoke should not have resolved for '${name}'`), + error => is(error.name, 'TypeError', `revoke should have thrown TypeError for '${name}'`) + ); + }); + return Promise.all(promisesToRevoke); + }, + checkPermissions(expectedState) { + const promisesToQuery = PERMISSIONS.map(({ name: expectedName }) => { + return iframeWindow.navigator.permissions + .query({ name: expectedName }) + .then( + ({ state, name }) => { + is(state, expectedState, `correct state for '${expectedName}'`) + is(name, expectedName, `correct name for '${expectedName}'`) + }, + () => ok(false, `query should not have rejected for '${name}'`) + ); + }); + return Promise.all(promisesToQuery); + }, + checkUnsupportedPermissions() { + const promisesToQuery = UNSUPPORTED_PERMISSIONS.map(({ name }) => { + return iframeWindow.navigator.permissions + .query({ name }) + .then( + () => ok(false, `query should not have resolved for '${name}'`), + error => { + is(error.name, 'TypeError', + `query should have thrown TypeError for '${name}'`); + } + ); + }); + return Promise.all(promisesToQuery); + }, + promiseStateChanged(name, state) { + return iframeWindow.navigator.permissions + .query({ name }) + .then(status => { + return new Promise( resolve => { + status.onchange = () => { + status.onchange = null; + is(status.state, state, `state changed for '${name}'`); + resolve(); + }; + }); + }, + () => ok(false, `query should not have rejected for '${name}'`)); + }, + testStatusOnChange() { + return new Promise((resolve) => { + SpecialPowers.popPermissions(() => { + const permission = 'geolocation'; + const promiseGranted = this.promiseStateChanged(permission, 'granted'); + this.setPermissions(ALLOW_ACTION); + promiseGranted.then(async () => { + const promisePrompt = this.promiseStateChanged(permission, 'prompt'); + await SpecialPowers.popPermissions(); + return promisePrompt; + }).then(resolve); + }); + }); + }, + testInvalidQuery() { + return iframeWindow.navigator.permissions + .query({ name: 'invalid' }) + .then( + () => ok(false, 'invalid query should not have resolved'), + () => ok(true, 'invalid query should have rejected') + ); + }, + testInvalidRevoke() { + return iframeWindow.navigator.permissions + .revoke({ name: 'invalid' }) + .then( + () => ok(false, 'invalid revoke should not have resolved'), + () => ok(true, 'invalid revoke should have rejected') + ); + }, + async testNotFullyActiveDoc() { + const iframe1 = await createIframe(); + const expectedErrorClass = iframe1.contentWindow.DOMException; + const permAPI = iframe1.contentWindow.navigator.permissions; + // Document no longer fully active + iframe1.remove(); + await new Promise((res) => { + permAPI.query({ name: "geolocation" }).catch((error) => { + ok( + error instanceof expectedErrorClass, + "DOMException from other realm" + ); + is( + error.name, + "InvalidStateError", + "Must reject with a InvalidStateError" + ); + iframe1.remove(); + res(); + }); + }); + }, + async testNotFullyActiveChange() { + await SpecialPowers.popPermissions(); + const iframe2 = await createIframe(); + const initialStatus = await iframe2.contentWindow.navigator.permissions.query( + { name: "geolocation" } + ); + await SpecialPowers.pushPermissions([ + { + type: "geo", + allow: PROMPT_ACTION, + context: iframe2.contentWindow.document, + }, + ]); + is( + initialStatus.state, + "prompt", + "Initially the iframe's permission is prompt" + ); + + // Document no longer fully active + const stolenDoc = iframe2.contentWindow.document; + iframe2.remove(); + initialStatus.onchange = () => { + ok(false, "onchange must not fire when document is not fully active."); + }; + // We set it to grant for this origin, but the PermissionStatus doesn't change. + await SpecialPowers.pushPermissions([ + { + type: "geo", + allow: ALLOW_ACTION, + context: stolenDoc, + }, + ]); + is( + initialStatus.state, + "prompt", + "Inactive document's permission must not change" + ); + + // Re-attach the iframe + document.body.appendChild(iframe2); + await new Promise((res) => (iframe2.onload = res)); + // Fully active again + const newStatus = await iframe2.contentWindow.navigator.permissions.query({ + name: "geolocation", + }); + is(newStatus.state, "granted", "Reflect that we are granted"); + + const newEventPromise = new Promise((res) => (newStatus.onchange = res)); + await SpecialPowers.pushPermissions([ + { + type: "geo", + allow: DENY_ACTION, + context: iframe2.contentWindow.document, + }, + ]); + // Event fires... + await newEventPromise; + is(initialStatus.state, "prompt", "Remains prompt, as it's actually dead."); + is(newStatus.state, "denied", "New status must be 'denied'."); + iframe2.remove(); + }, + }; + } + + function enablePrefs() { + const ops = { + 'set': [ + ['dom.permissions.revoke.enable', true], + ], + }; + return SpecialPowers.pushPrefEnv(ops); + } + + function createIframe() { + return new Promise((resolve) => { + const iframe = document.createElement('iframe'); + iframe.src = 'file_empty.html'; + iframe.onload = () => resolve(iframe); + document.body.appendChild(iframe); + }); + } + + window.onload = () => { + enablePrefs() + .then(createIframe) + .then(createPermissionTester) + .then((tester) => { + return tester + .checkUnsupportedPermissions() + .then(() => tester.setPermissions(UNKNOWN_ACTION)) + .then(() => tester.checkPermissions('prompt')) + .then(() => tester.setPermissions(PROMPT_ACTION)) + .then(() => tester.checkPermissions('prompt')) + .then(() => tester.setPermissions(ALLOW_ACTION)) + .then(() => tester.checkPermissions('granted')) + .then(() => tester.setPermissions(DENY_ACTION)) + .then(() => tester.checkPermissions('denied')) + .then(() => tester.testStatusOnChange()) + .then(() => tester.testInvalidQuery()) + .then(() => tester.revokeUnsupportedPermissions()) + .then(() => tester.revokePermissions()) + .then(() => tester.checkPermissions('prompt')) + .then(() => tester.testInvalidRevoke()) + .then(() => tester.testNotFullyActiveDoc()) + .then(() => tester.testNotFullyActiveChange()); + }) + .then(SimpleTest.finish) + .catch((e) => { + ok(false, `Unexpected error ${e}`); + SimpleTest.finish(); + }); + }; + </script> +</body> + +</html> |