summaryrefslogtreecommitdiffstats
path: root/extensions/permissions/test/unit/test_permmanager_oa_strip.js
diff options
context:
space:
mode:
Diffstat (limited to 'extensions/permissions/test/unit/test_permmanager_oa_strip.js')
-rw-r--r--extensions/permissions/test/unit/test_permmanager_oa_strip.js220
1 files changed, 220 insertions, 0 deletions
diff --git a/extensions/permissions/test/unit/test_permmanager_oa_strip.js b/extensions/permissions/test/unit/test_permmanager_oa_strip.js
new file mode 100644
index 0000000000..d6c15bd807
--- /dev/null
+++ b/extensions/permissions/test/unit/test_permmanager_oa_strip.js
@@ -0,0 +1,220 @@
+/* Any copyright is dedicated to the Public Domain.
+ http://creativecommons.org/publicdomain/zero/1.0/ */
+
+const TEST_URI = Services.io.newURI("http://example.com");
+const TEST_PERMISSION = "test/oastrip";
+const TEST_PERMISSION2 = "test/oastrip2";
+const TEST_PERMISSION3 = "test/oastrip3";
+
+// List of permissions which are not isolated by private browsing or user context
+// as per array kStripOAPermissions in PermissionManager.cpp
+const STRIPPED_PERMS = ["cookie"];
+
+let principal = Services.scriptSecurityManager.createContentPrincipal(
+ TEST_URI,
+ {}
+);
+let principalPrivateBrowsing =
+ Services.scriptSecurityManager.createContentPrincipal(TEST_URI, {
+ privateBrowsingId: 1,
+ });
+let principalUserContext1 =
+ Services.scriptSecurityManager.createContentPrincipal(TEST_URI, {
+ userContextId: 1,
+ });
+let principalUserContext2 =
+ Services.scriptSecurityManager.createContentPrincipal(TEST_URI, {
+ userContextId: 2,
+ });
+
+function testOAIsolation(permIsolateUserContext, permIsolatePrivateBrowsing) {
+ info(
+ `testOAIsolation: permIsolateUserContext: ${permIsolateUserContext}; permIsolatePrivateBrowsing: ${permIsolatePrivateBrowsing}`
+ );
+
+ let pm = Services.perms;
+
+ Services.prefs.setBoolPref(
+ "permissions.isolateBy.userContext",
+ permIsolateUserContext
+ );
+ Services.prefs.setBoolPref(
+ "permissions.isolateBy.privateBrowsing",
+ permIsolatePrivateBrowsing
+ );
+
+ // Set test permission for normal browsing
+ pm.addFromPrincipal(principal, TEST_PERMISSION, pm.ALLOW_ACTION);
+
+ // Check normal browsing permission
+ Assert.equal(
+ Ci.nsIPermissionManager.ALLOW_ACTION,
+ pm.testPermissionFromPrincipal(principal, TEST_PERMISSION)
+ );
+ // normal browsing => user context 1
+ Assert.equal(
+ permIsolateUserContext
+ ? Ci.nsIPermissionManager.UNKNOWN_ACTION
+ : Ci.nsIPermissionManager.ALLOW_ACTION,
+ pm.testPermissionFromPrincipal(principalUserContext1, TEST_PERMISSION)
+ );
+ // normal browsing => user context 2
+ Assert.equal(
+ permIsolateUserContext
+ ? Ci.nsIPermissionManager.UNKNOWN_ACTION
+ : Ci.nsIPermissionManager.ALLOW_ACTION,
+ pm.testPermissionFromPrincipal(principalUserContext2, TEST_PERMISSION)
+ );
+ // normal browsing => private browsing
+ Assert.equal(
+ permIsolatePrivateBrowsing
+ ? Ci.nsIPermissionManager.UNKNOWN_ACTION
+ : Ci.nsIPermissionManager.ALLOW_ACTION,
+ pm.testPermissionFromPrincipal(principalPrivateBrowsing, TEST_PERMISSION)
+ );
+
+ // Set permission for private browsing
+ pm.addFromPrincipal(
+ principalPrivateBrowsing,
+ TEST_PERMISSION2,
+ pm.DENY_ACTION
+ );
+
+ // Check private browsing permission
+ Assert.equal(
+ Ci.nsIPermissionManager.DENY_ACTION,
+ pm.testPermissionFromPrincipal(principalPrivateBrowsing, TEST_PERMISSION2)
+ );
+ // private browsing => normal browsing
+ Assert.equal(
+ permIsolatePrivateBrowsing
+ ? Ci.nsIPermissionManager.UNKNOWN_ACTION
+ : Ci.nsIPermissionManager.DENY_ACTION,
+ pm.testPermissionFromPrincipal(principal, TEST_PERMISSION2)
+ );
+ // private browsing => user context 1
+ Assert.equal(
+ permIsolatePrivateBrowsing || permIsolateUserContext
+ ? Ci.nsIPermissionManager.UNKNOWN_ACTION
+ : Ci.nsIPermissionManager.DENY_ACTION,
+ pm.testPermissionFromPrincipal(principalUserContext1, TEST_PERMISSION2)
+ );
+ // private browsing => user context 2
+ Assert.equal(
+ permIsolatePrivateBrowsing || permIsolateUserContext
+ ? Ci.nsIPermissionManager.UNKNOWN_ACTION
+ : Ci.nsIPermissionManager.DENY_ACTION,
+ pm.testPermissionFromPrincipal(principalUserContext2, TEST_PERMISSION2)
+ );
+
+ // Set permission for user context 1
+ pm.addFromPrincipal(
+ principalUserContext1,
+ TEST_PERMISSION3,
+ pm.PROMPT_ACTION
+ );
+
+ // Check user context 1 permission
+ Assert.equal(
+ Ci.nsIPermissionManager.PROMPT_ACTION,
+ pm.testPermissionFromPrincipal(principalUserContext1, TEST_PERMISSION3)
+ );
+
+ // user context 1 => normal browsing
+ Assert.equal(
+ permIsolateUserContext
+ ? Ci.nsIPermissionManager.UNKNOWN_ACTION
+ : Ci.nsIPermissionManager.PROMPT_ACTION,
+ pm.testPermissionFromPrincipal(principal, TEST_PERMISSION3)
+ );
+ // user context 1 => user context 2
+ Assert.equal(
+ permIsolateUserContext
+ ? Ci.nsIPermissionManager.UNKNOWN_ACTION
+ : Ci.nsIPermissionManager.PROMPT_ACTION,
+ pm.testPermissionFromPrincipal(principalUserContext2, TEST_PERMISSION3)
+ );
+ // user context 1 => private browsing
+ Assert.equal(
+ permIsolatePrivateBrowsing || permIsolateUserContext
+ ? Ci.nsIPermissionManager.UNKNOWN_ACTION
+ : Ci.nsIPermissionManager.PROMPT_ACTION,
+ pm.testPermissionFromPrincipal(principalPrivateBrowsing, TEST_PERMISSION3)
+ );
+
+ pm.removeAll();
+
+ // Modifying an non-isolated/stripped permission should affect all browsing contexts,
+ // independently of permission isolation pref state
+ STRIPPED_PERMS.forEach(perm => {
+ info("Testing stripped permission " + perm);
+
+ // Add a permission for the normal window
+ pm.addFromPrincipal(principal, perm, pm.ALLOW_ACTION);
+ Assert.equal(
+ pm.testPermissionFromPrincipal(principalPrivateBrowsing, perm),
+ Ci.nsIPermissionManager.ALLOW_ACTION
+ );
+ Assert.equal(
+ pm.testPermissionFromPrincipal(principalUserContext1, perm),
+ Ci.nsIPermissionManager.ALLOW_ACTION
+ );
+ Assert.equal(
+ pm.testPermissionFromPrincipal(principalUserContext2, perm),
+ Ci.nsIPermissionManager.ALLOW_ACTION
+ );
+
+ // Remove the permission from private window
+ pm.removeFromPrincipal(principalPrivateBrowsing, perm);
+ Assert.equal(
+ pm.testPermissionFromPrincipal(principal, perm),
+ Ci.nsIPermissionManager.UNKNOWN_ACTION
+ );
+ Assert.equal(
+ pm.testPermissionFromPrincipal(principalUserContext1, perm),
+ Ci.nsIPermissionManager.UNKNOWN_ACTION
+ );
+ Assert.equal(
+ pm.testPermissionFromPrincipal(principalUserContext2, perm),
+ Ci.nsIPermissionManager.UNKNOWN_ACTION
+ );
+
+ // Set a permission for a normal window and then override it by adding it to container 2 again
+ pm.addFromPrincipal(principal, perm, pm.PROMPT_ACTION);
+ pm.addFromPrincipal(principal, TEST_PERMISSION, pm.ALLOW_ACTION);
+ pm.addFromPrincipal(principalUserContext2, perm, pm.DENY_ACTION);
+
+ let principalPerms = pm.getAllForPrincipal(principalPrivateBrowsing, perm);
+
+ Assert.ok(
+ principalPerms.some(p => p.type == perm && p.capability == pm.DENY_ACTION)
+ );
+ if (permIsolatePrivateBrowsing) {
+ Assert.equal(principalPerms.length, 1);
+ Assert.ok(
+ principalPerms.some(
+ p => p.type == perm && p.capability == pm.DENY_ACTION
+ )
+ );
+ } else {
+ Assert.equal(principalPerms.length, 2);
+ Assert.ok(
+ principalPerms.some(
+ p => p.type == TEST_PERMISSION && p.capability == pm.ALLOW_ACTION
+ )
+ );
+ }
+ });
+
+ // Cleanup
+ pm.removeAll();
+}
+
+add_task(async function do_test() {
+ // Test all pref combinations and check if principals with different origin attributes
+ // are isolated.
+ testOAIsolation(true, true);
+ testOAIsolation(true, false);
+ testOAIsolation(false, true);
+ testOAIsolation(false, false);
+});
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 07:34:02 +0000