1 files changed, 89 insertions, 0 deletions
diff --git a/extensions/permissions/test/unit/test_permmanager_ipc.js b/extensions/permissions/test/unit/test_permmanager_ipc.js
new file mode 100644
index 0000000000..239cc5aeaf
--- /dev/null
+++ b/extensions/permissions/test/unit/test_permmanager_ipc.js
@@ -0,0 +1,89 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+const { ExtensionTestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/ExtensionXPCShellUtils.sys.mjs"
+);
+
+add_task(async function test_permissions_sent_over_ipc_on_bloburl() {
+  const ssm = Services.scriptSecurityManager;
+  const pm = Services.perms;
+
+  // setup a profile.
+  do_get_profile();
+
+  async function assertExpectedContentPage(contentPage) {
+    const [processType, remoteType, principalSpec] = await page.spawn(
+      [],
+      async () => {
+        return [
+          Services.appinfo.processType,
+          Services.appinfo.remoteType,
+          this.content.document.nodePrincipal.spec,
+        ];
+      }
+    );
+
+    equal(
+      processType,
+      Services.appinfo.PROCESS_TYPE_CONTENT,
+      "Got a content process"
+    );
+    equal(remoteType, "file", "Got a file child process");
+    equal(principalSpec, principal.spec, "Got the expected document principal");
+  }
+
+  function getChildProcessID(contentPage) {
+    return contentPage.spawn([], () => Services.appinfo.processID);
+  }
+
+  async function assertHasAllowedPermission(contentPage, perm) {
+    const isPermissionAllowed = await contentPage.spawn(
+      [perm],
+      permName =>
+        Services.perms.getPermissionObject(
+          this.content.document.nodePrincipal,
+          permName,
+          true
+        )?.capability === Services.perms.ALLOW_ACTION
+    );
+    ok(isPermissionAllowed, `Permission "${perm}" allowed as expected`);
+  }
+
+  let file = do_get_file(".", true);
+  let fileURI = Services.io.newFileURI(file);
+  const principal = ssm.createContentPrincipal(fileURI, {});
+  info(`Add a test permission to the document principal: ${principal.spec}`);
+  pm.addFromPrincipal(principal, "test/perm", pm.ALLOW_ACTION);
+
+  info("Test expected permission is propagated into the child process");
+  let page = await ExtensionTestUtils.loadContentPage(fileURI.spec);
+  const childID1 = await getChildProcessID(page);
+  await assertExpectedContentPage(page);
+  await assertHasAllowedPermission(page, "test/perm");
+  await page.close();
+
+  // Ensure this blob url does not prevent permissions to be propagated
+  // to a new child process.
+  info("Create a blob url for a non http/https principal");
+  const blob = new Blob();
+  const blobURL = URL.createObjectURL(blob);
+  ok(blobURL, "Got a blob URL");
+
+  info("Test expected permission is still propagated");
+  page = await ExtensionTestUtils.loadContentPage(fileURI.spec);
+  const childID2 = await getChildProcessID(page);
+  await assertExpectedContentPage(page);
+  Assert.notEqual(childID1, childID2, "Got a new child process as expected");
+  await assertHasAllowedPermission(page, "test/perm");
+  await page.close();
+
+  URL.revokeObjectURL(blobURL);
+
+  page = await ExtensionTestUtils.loadContentPage(fileURI.spec);
+  const childID3 = await getChildProcessID(page);
+  await assertExpectedContentPage(page);
+  Assert.notEqual(childID2, childID3, "Got a new child process as expected");
+  await assertHasAllowedPermission(page, "test/perm");
+  await page.close();
+});