Bug 1745819 - Require origin permission for content scripts in mv3 r=robwu

Differential Revision: https://phabricator.services.mozilla.com/D141557

Author: zombie

dom/chrome-webidl/WebExtensionContentScript.webidl

@@ -20,13 +20,6 @@ interface MozDocumentMatcher {
    */
   boolean matchesURI(URI uri);
 
-  /**
-   * Returns true if the the given URI and LoadInfo objects match.
-   * This should be used to determine whether to begin pre-loading a content
-   * script based on network events.
-   */
-  boolean matchesLoadInfo(URI uri, LoadInfo loadInfo);
-
   /**
    * Returns true if the given window matches. This should be used
    * to determine whether to run a script in a window at load time.
@@ -39,6 +32,14 @@ interface MozDocumentMatcher {
   [Constant]
   readonly attribute boolean allFrames;
 
+  /**
+   * If we can't check extension has permissions to access the URI upfront,
+   * set the flag to perform the origin check at runtime, upon matching.
+   * This is always true in MV3, where host permissions are optional.
+   */
+  [Constant]
+  readonly attribute boolean checkPermissions;
+
   /**
    * If true, this (misleadingly-named, but inherited from Chrome) attribute
    * causes us to match frames with URLs which inherit a principal that
@@ -102,6 +103,8 @@ interface MozDocumentMatcher {
 dictionary MozDocumentMatcherInit {
   boolean allFrames = false;
 
+  boolean checkPermissions = false;
+
   sequence<OriginAttributesPatternDictionary>? originAttributesPatterns = null;
 
   boolean matchAboutBlank = false;

toolkit/components/extensions/WebExtensionContentScript.h

@@ -115,10 +115,6 @@ class MozDocumentMatcher : public nsISupports, public nsWrapperCache {
   bool Matches(const DocInfo& aDoc) const;
   bool MatchesURI(const URLInfo& aURL) const;
 
-  bool MatchesLoadInfo(const URLInfo& aURL, nsILoadInfo* aLoadInfo) const {
-    return Matches({aURL, aLoadInfo});
-  }
-
   bool MatchesWindowGlobal(dom::WindowGlobalChild& aWindow) const;
 
   WebExtensionPolicy* GetExtension() { return mExtension; }
@@ -127,6 +123,7 @@ class MozDocumentMatcher : public nsISupports, public nsWrapperCache {
   const WebExtensionPolicy* Extension() const { return mExtension; }
 
   bool AllFrames() const { return mAllFrames; }
+  bool CheckPermissions() const { return mCheckPermissions; }
   bool MatchAboutBlank() const { return mMatchAboutBlank; }
 
   MatchPatternSet* Matches() { return mMatches; }
@@ -173,6 +170,7 @@ class MozDocumentMatcher : public nsISupports, public nsWrapperCache {
   Nullable<MatchGlobSet> mExcludeGlobs;
 
   bool mAllFrames;
+  bool mCheckPermissions;
   Nullable<uint64_t> mFrameID;
   bool mMatchAboutBlank;
   Nullable<dom::Sequence<OriginAttributesPattern>> mOriginAttributesPatterns;

toolkit/components/extensions/WebExtensionPolicy.cpp

@@ -634,6 +634,7 @@ MozDocumentMatcher::MozDocumentMatcher(GlobalObject& aGlobal,
     : mHasActiveTabPermission(aInit.mHasActiveTabPermission),
       mRestricted(aRestricted),
       mAllFrames(aInit.mAllFrames),
+      mCheckPermissions(aInit.mCheckPermissions),
       mFrameID(aInit.mFrameID),
       mMatchAboutBlank(aInit.mMatchAboutBlank) {
   MatchPatternOptions options;
@@ -690,6 +691,11 @@ WebExtensionContentScript::WebExtensionContentScript(
   mCssPaths.Assign(aInit.mCssPaths);
   mJsPaths.Assign(aInit.mJsPaths);
   mExtension = &aExtension;
+
+  // Origin permissions are optional in mv3, so always check them at runtime.
+  if (mExtension->ManifestVersion() >= 3) {
+    mCheckPermissions = true;
+  }
 }
 
 bool MozDocumentMatcher::Matches(const DocInfo& aDoc) const {
@@ -738,7 +744,7 @@ bool MozDocumentMatcher::Matches(const DocInfo& aDoc) const {
     return true;
   }
 
-  if (mRestricted && mExtension->IsRestrictedDoc(aDoc)) {
+  if (mRestricted && mExtension && mExtension->IsRestrictedDoc(aDoc)) {
     return false;
   }
 
@@ -752,6 +758,8 @@ bool MozDocumentMatcher::Matches(const DocInfo& aDoc) const {
 }
 
 bool MozDocumentMatcher::MatchesURI(const URLInfo& aURL) const {
+  MOZ_ASSERT(!mRestricted && !mCheckPermissions || mExtension);
+
   if (!mMatches->Matches(aURL)) {
     return false;
   }
@@ -772,6 +780,11 @@ bool MozDocumentMatcher::MatchesURI(const URLInfo& aURL) const {
     return false;
   }
 
+  if (mCheckPermissions &&
+      !mExtension->CanAccessURI(aURL, false, false, true)) {
+    return false;
+  }
+
   return true;
 }
 

toolkit/components/extensions/test/mochitest/test_ext_scripting_contentScripts.html

@@ -30,8 +30,10 @@
         // Used in `file_contains_iframe.html`
         "*://example.org/",
       ],
+      granted_host_permissions: true,
       ...manifestProps,
     },
+    useAddonManager: "temporary",
     ...otherProps,
   });
 };