1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
/* Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ */
const { ExtensionTestUtils } = ChromeUtils.import(
"resource://testing-common/ExtensionXPCShellUtils.jsm"
);
add_task(async function test_permissions_sent_over_ipc_on_bloburl() {
const ssm = Services.scriptSecurityManager;
const pm = Services.perms;
// setup a profile.
do_get_profile();
async function assertExpectedContentPage(contentPage) {
const [processType, remoteType, principalSpec] = await page.spawn(
[],
async () => {
return [
Services.appinfo.processType,
Services.appinfo.remoteType,
this.content.document.nodePrincipal.spec,
];
}
);
equal(
processType,
Services.appinfo.PROCESS_TYPE_CONTENT,
"Got a content process"
);
equal(remoteType, "file", "Got a file child process");
equal(principalSpec, principal.spec, "Got the expected document principal");
}
function getChildProcessID(contentPage) {
return contentPage.spawn([], () => Services.appinfo.processID);
}
async function assertHasAllowedPermission(contentPage, perm) {
const isPermissionAllowed = await contentPage.spawn(
[perm],
permName =>
Services.perms.getPermissionObject(
this.content.document.nodePrincipal,
permName,
true
)?.capability === Services.perms.ALLOW_ACTION
);
ok(isPermissionAllowed, `Permission "${perm}" allowed as expected`);
}
let file = do_get_file(".", true);
let fileURI = Services.io.newFileURI(file);
const principal = ssm.createContentPrincipal(fileURI, {});
info(`Add a test permission to the document principal: ${principal.spec}`);
pm.addFromPrincipal(principal, "test/perm", pm.ALLOW_ACTION);
info("Test expected permission is propagated into the child process");
let page = await ExtensionTestUtils.loadContentPage(fileURI.spec);
const childID1 = await getChildProcessID(page);
await assertExpectedContentPage(page);
await assertHasAllowedPermission(page, "test/perm");
await page.close();
// Ensure this blob url does not prevent permissions to be propagated
// to a new child process.
info("Create a blob url for a non http/https principal");
const blob = new Blob();
const blobURL = URL.createObjectURL(blob);
ok(blobURL, "Got a blob URL");
info("Test expected permission is still propagated");
page = await ExtensionTestUtils.loadContentPage(fileURI.spec);
const childID2 = await getChildProcessID(page);
await assertExpectedContentPage(page);
Assert.notEqual(childID1, childID2, "Got a new child process as expected");
await assertHasAllowedPermission(page, "test/perm");
await page.close();
URL.revokeObjectURL(blobURL);
page = await ExtensionTestUtils.loadContentPage(fileURI.spec);
const childID3 = await getChildProcessID(page);
await assertExpectedContentPage(page);
Assert.notEqual(childID2, childID3, "Got a new child process as expected");
await assertHasAllowedPermission(page, "test/perm");
await page.close();
});
|