Bug 1572240 - Part 3: Introduce nsIHttpChannelInternal.contentBlockin…

…gAllowListPrincipal; r=michal Differential Revision: https://phabricator.services.mozilla.com/D42204 --HG-- extra : moz-landing-system : lando
mozilla · Aug 19, 2019 · 575c480 · 575c480
1 parent e06a6e7
commit 575c480
Show file tree

Hide file tree

Showing 23 changed files with 260 additions and 44 deletions.
diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp
@@ -15970,5 +15970,16 @@ bool Document::HasRecentlyStartedForegroundLoads() {
   return false;
 }
 
+already_AddRefed<nsIPrincipal>
+Document::RecomputeContentBlockingAllowListPrincipal(
+    nsIURI* aURIBeingLoaded, const OriginAttributes& aAttrs) {
+  AntiTrackingCommon::RecomputeContentBlockingAllowListPrincipal(
+      aURIBeingLoaded, aAttrs,
+      getter_AddRefs(mContentBlockingAllowListPrincipal));
+
+  nsCOMPtr<nsIPrincipal> copy = mContentBlockingAllowListPrincipal;
+  return copy.forget();
+}
+
 }  // namespace dom
 }  // namespace mozilla
diff --git a/dom/base/Document.h b/dom/base/Document.h
@@ -574,6 +574,9 @@ class Document : public nsINode,
     return mContentBlockingAllowListPrincipal;
   }
 
+  already_AddRefed<nsIPrincipal> RecomputeContentBlockingAllowListPrincipal(
+      nsIURI* aURIBeingLoaded, const OriginAttributes& aAttrs);
+
   // EventTarget
   void GetEventTargetParent(EventChainPreVisitor& aVisitor) override;
   EventListenerManager* GetOrCreateListenerManager() override;

diff --git a/dom/base/ThirdPartyUtil.cpp b/dom/base/ThirdPartyUtil.cpp
@@ -5,6 +5,7 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "ThirdPartyUtil.h"
+#include "nsDocShell.h"
 #include "nsGlobalWindowOuter.h"
 #include "nsNetCID.h"
 #include "nsNetUtil.h"
@@ -139,6 +140,43 @@ ThirdPartyUtil::GetURIFromWindow(mozIDOMWindowProxy* aWin, nsIURI** result) {
   return rv;
 }
 
+NS_IMETHODIMP
+ThirdPartyUtil::GetContentBlockingAllowListPrincipalFromWindow(
+    mozIDOMWindowProxy* aWin, nsIURI* aURIBeingLoaded, nsIPrincipal** result) {
+  nsPIDOMWindowOuter* outerWindow = nsPIDOMWindowOuter::From(aWin);
+  nsPIDOMWindowInner* innerWindow = outerWindow->GetCurrentInnerWindow();
+  Document* doc = innerWindow ? innerWindow->GetExtantDoc() : nullptr;
+  if (!doc) {
+    return GetPrincipalFromWindow(aWin, result);
+  }
+
+  nsCOMPtr<nsIPrincipal> principal =
+      doc->GetContentBlockingAllowListPrincipal();
+  if (aURIBeingLoaded && principal && principal->GetIsNullPrincipal()) {
+    // If we have an initial principal during navigation, recompute it to get
+    // the real content blocking allow list principal.
+    nsIDocShell* docShell = doc->GetDocShell();
+    OriginAttributes attrs =
+        docShell ? nsDocShell::Cast(docShell)->GetOriginAttributes()
+                 : OriginAttributes();
+    principal =
+        doc->RecomputeContentBlockingAllowListPrincipal(aURIBeingLoaded, attrs);
+  }
+
+  if (!principal || !principal->GetIsContentPrincipal()) {
+    // This is for compatibility with GetURIFromWindow.  Null principals are
+    // explicitly special cased there.  GetURI returns nullptr for
+    // SystemPrincipal and ExpandedPrincipal.
+    LOG(
+        ("ThirdPartyUtil::GetContentBlockingAllowListPrincipalFromWindow can't "
+         "use null principal\n"));
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  principal.forget(result);
+  return NS_OK;
+}
+
 // Determine if aFirstURI is third party with respect to aSecondURI. See docs
 // for mozIThirdPartyUtil.
 NS_IMETHODIMP

diff --git a/netwerk/base/mozIThirdPartyUtil.idl b/netwerk/base/mozIThirdPartyUtil.idl
@@ -177,6 +177,15 @@ interface mozIThirdPartyUtil : nsISupports
    */
   nsIPrincipal getPrincipalFromWindow(in mozIDOMWindowProxy aWindow);
 
+  /**
+   * getContentBlockingAllowListPrincipalFromWindow
+   *
+   * Returns the content blocking allow list principal for the window.
+   */
+  [noscript]
+  nsIPrincipal getContentBlockingAllowListPrincipalFromWindow(in mozIDOMWindowProxy aWindow,
+                                                              [optional] in nsIURI aURIBeingLoaded);
+
   /**
    * getTopWindowForChannel
    *

diff --git a/netwerk/ipc/NeckoChannelParams.ipdlh b/netwerk/ipc/NeckoChannelParams.ipdlh
@@ -234,6 +234,7 @@ struct HttpChannelOpenArgs
   nsIReferrerInfo             referrerInfo;
   URIParams?                  apiRedirectTo;
   URIParams?                  topWindowURI;
+  OptionalPrincipalInfo       contentBlockingAllowListPrincipal;
   uint32_t                    loadFlags;
   RequestHeaderTuples         requestHeaders;
   nsCString                   requestMethod;

diff --git a/netwerk/ipc/NeckoChild.cpp b/netwerk/ipc/NeckoChild.cpp
@@ -418,8 +418,9 @@ mozilla::ipc::IPCResult NeckoChild::RecvNetworkChangeNotification(
 }
 
 PClassifierDummyChannelChild* NeckoChild::AllocPClassifierDummyChannelChild(
-    nsIURI* aURI, nsIURI* aTopWindowURI, const nsresult& aTopWindowURIResult,
-    const Maybe<LoadInfoArgs>& aLoadInfo) {
+    nsIURI* aURI, nsIURI* aTopWindowURI,
+    nsIPrincipal* aContentBlockingAllowListPrincipal,
+    const nsresult& aTopWindowURIResult, const Maybe<LoadInfoArgs>& aLoadInfo) {
   return new ClassifierDummyChannelChild();
 }
 

diff --git a/netwerk/ipc/NeckoChild.h b/netwerk/ipc/NeckoChild.h
@@ -93,7 +93,9 @@ class NeckoChild : public PNeckoChild {
   mozilla::ipc::IPCResult RecvNetworkChangeNotification(nsCString const& type);
 
   PClassifierDummyChannelChild* AllocPClassifierDummyChannelChild(
-      nsIURI* aURI, nsIURI* aTopWindowURI, const nsresult& aTopWindowURIResult,
+      nsIURI* aURI, nsIURI* aTopWindowURI,
+      nsIPrincipal* aContentBlockingAllowListPrincipal,
+      const nsresult& aTopWindowURIResult,
       const Maybe<LoadInfoArgs>& aLoadInfo);
 
   bool DeallocPClassifierDummyChannelChild(

diff --git a/netwerk/ipc/NeckoParent.cpp b/netwerk/ipc/NeckoParent.cpp
@@ -905,14 +905,16 @@ mozilla::ipc::IPCResult NeckoParent::RecvGetExtensionFD(
 }
 
 PClassifierDummyChannelParent* NeckoParent::AllocPClassifierDummyChannelParent(
-    nsIURI* aURI, nsIURI* aTopWindowURI, const nsresult& aTopWindowURIResult,
-    const Maybe<LoadInfoArgs>& aLoadInfo) {
+    nsIURI* aURI, nsIURI* aTopWindowURI,
+    nsIPrincipal* aContentBlockingAllowListPrincipal,
+    const nsresult& aTopWindowURIResult, const Maybe<LoadInfoArgs>& aLoadInfo) {
   RefPtr<ClassifierDummyChannelParent> c = new ClassifierDummyChannelParent();
   return c.forget().take();
 }
 
 mozilla::ipc::IPCResult NeckoParent::RecvPClassifierDummyChannelConstructor(
     PClassifierDummyChannelParent* aActor, nsIURI* aURI, nsIURI* aTopWindowURI,
+    nsIPrincipal* aContentBlockingAllowListPrincipal,
     const nsresult& aTopWindowURIResult, const Maybe<LoadInfoArgs>& aLoadInfo) {
   ClassifierDummyChannelParent* p =
       static_cast<ClassifierDummyChannelParent*>(aActor);
@@ -927,7 +929,8 @@ mozilla::ipc::IPCResult NeckoParent::RecvPClassifierDummyChannelConstructor(
     return IPC_FAIL_NO_REASON(this);
   }
 
-  p->Init(aURI, aTopWindowURI, aTopWindowURIResult, loadInfo);
+  p->Init(aURI, aTopWindowURI, aContentBlockingAllowListPrincipal,
+          aTopWindowURIResult, loadInfo);
   return IPC_OK();
 }
 

diff --git a/netwerk/ipc/NeckoParent.h b/netwerk/ipc/NeckoParent.h
@@ -224,15 +224,18 @@ class NeckoParent : public PNeckoParent {
                                              GetExtensionFDResolver&& aResolve);
 
   PClassifierDummyChannelParent* AllocPClassifierDummyChannelParent(
-      nsIURI* aURI, nsIURI* aTopWindowURI, const nsresult& aTopWindowURIResult,
+      nsIURI* aURI, nsIURI* aTopWindowURI,
+      nsIPrincipal* aContentBlockingAllowListPrincipal,
+      const nsresult& aTopWindowURIResult,
       const Maybe<LoadInfoArgs>& aLoadInfo);
 
   bool DeallocPClassifierDummyChannelParent(
       PClassifierDummyChannelParent* aParent);
 
   virtual mozilla::ipc::IPCResult RecvPClassifierDummyChannelConstructor(
       PClassifierDummyChannelParent* aActor, nsIURI* aURI,
-      nsIURI* aTopWindowURI, const nsresult& aTopWindowURIResult,
+      nsIURI* aTopWindowURI, nsIPrincipal* aContentBlockingAllowListPrincipal,
+      const nsresult& aTopWindowURIResult,
       const Maybe<LoadInfoArgs>& aLoadInfo) override;
 
   mozilla::ipc::IPCResult RecvInitSocketProcessBridge(

diff --git a/netwerk/ipc/PNecko.ipdl b/netwerk/ipc/PNecko.ipdl
@@ -116,6 +116,7 @@ parent:
   async PChannelDiverter(ChannelDiverterArgs channel);
 
   async PClassifierDummyChannel(nsIURI uri, nsIURI aTopWindowURI,
+                                nsIPrincipal contentBlockingAllowListPrincipal,
                                 nsresult aTopWindowURIResult,
                                 LoadInfoArgs? loadInfo);
 

diff --git a/netwerk/protocol/http/ClassifierDummyChannel.cpp b/netwerk/protocol/http/ClassifierDummyChannel.cpp
@@ -77,11 +77,12 @@ NS_INTERFACE_MAP_BEGIN(ClassifierDummyChannel)
   NS_INTERFACE_MAP_ENTRY_CONCRETE(ClassifierDummyChannel)
 NS_INTERFACE_MAP_END
 
-ClassifierDummyChannel::ClassifierDummyChannel(nsIURI* aURI,
-                                               nsIURI* aTopWindowURI,
-                                               nsresult aTopWindowURIResult,
-                                               nsILoadInfo* aLoadInfo)
+ClassifierDummyChannel::ClassifierDummyChannel(
+    nsIURI* aURI, nsIURI* aTopWindowURI,
+    nsIPrincipal* aContentBlockingAllowListPrincipal,
+    nsresult aTopWindowURIResult, nsILoadInfo* aLoadInfo)
     : mTopWindowURI(aTopWindowURI),
+      mContentBlockingAllowListPrincipal(aContentBlockingAllowListPrincipal),
       mTopWindowURIResult(aTopWindowURIResult),
       mClassificationFlags(0) {
   MOZ_ASSERT(XRE_IsParentProcess());
@@ -97,6 +98,9 @@ ClassifierDummyChannel::~ClassifierDummyChannel() {
                                     mURI.forget());
   NS_ReleaseOnMainThreadSystemGroup("ClassifierDummyChannel::mTopWindowURI",
                                     mTopWindowURI.forget());
+  NS_ReleaseOnMainThreadSystemGroup(
+      "ClassifierDummyChannel::mContentBlockingAllowListPrincipal",
+      mContentBlockingAllowListPrincipal.forget());
 }
 
 uint32_t ClassifierDummyChannel::ClassificationFlags() const {
@@ -555,6 +559,14 @@ ClassifierDummyChannel::GetTopWindowURI(nsIURI** aTopWindowURI) {
   return mTopWindowURIResult;
 }
 
+NS_IMETHODIMP
+ClassifierDummyChannel::GetContentBlockingAllowListPrincipal(
+    nsIPrincipal** aPrincipal) {
+  nsCOMPtr<nsIPrincipal> copy = mContentBlockingAllowListPrincipal;
+  copy.forget(aPrincipal);
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 ClassifierDummyChannel::SetTopWindowURIIfUnknown(nsIURI* aTopWindowURI) {
   return NS_ERROR_NOT_IMPLEMENTED;

diff --git a/netwerk/protocol/http/ClassifierDummyChannel.h b/netwerk/protocol/http/ClassifierDummyChannel.h
@@ -19,6 +19,7 @@
   }
 
 class nsIChannel;
+class nsIPrincipal;
 
 namespace mozilla {
 namespace net {
@@ -64,6 +65,7 @@ class ClassifierDummyChannel final : public nsIChannel,
       nsIChannel* aChannel, const std::function<void(bool)>& aCallback);
 
   ClassifierDummyChannel(nsIURI* aURI, nsIURI* aTopWindowURI,
+                         nsIPrincipal* aContentBlockingAllowListPrincipal,
                          nsresult aTopWindowURIResult, nsILoadInfo* aLoadInfo);
 
   uint32_t ClassificationFlags() const;
@@ -76,6 +78,7 @@ class ClassifierDummyChannel final : public nsIChannel,
   nsCOMPtr<nsILoadInfo> mLoadInfo;
   nsCOMPtr<nsIURI> mURI;
   nsCOMPtr<nsIURI> mTopWindowURI;
+  nsCOMPtr<nsIPrincipal> mContentBlockingAllowListPrincipal;
   nsresult mTopWindowURIResult;
 
   uint32_t mClassificationFlags;

diff --git a/netwerk/protocol/http/ClassifierDummyChannelChild.cpp b/netwerk/protocol/http/ClassifierDummyChannelChild.cpp
@@ -33,13 +33,18 @@ bool ClassifierDummyChannelChild::Create(
   nsresult topWindowURIResult =
       httpChannelInternal->GetTopWindowURI(getter_AddRefs(topWindowURI));
 
+  nsCOMPtr<nsIPrincipal> principal;
+  nsresult rv = httpChannelInternal->GetContentBlockingAllowListPrincipal(
+      getter_AddRefs(principal));
+  MOZ_ALWAYS_SUCCEEDS(rv);
+
   nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
   Maybe<LoadInfoArgs> loadInfoArgs;
   mozilla::ipc::LoadInfoToLoadInfoArgs(loadInfo, &loadInfoArgs);
 
   PClassifierDummyChannelChild* actor =
       gNeckoChild->SendPClassifierDummyChannelConstructor(
-          aURI, topWindowURI, topWindowURIResult, loadInfoArgs);
+          aURI, topWindowURI, principal, topWindowURIResult, loadInfoArgs);
   if (!actor) {
     return false;
   }

diff --git a/netwerk/protocol/http/ClassifierDummyChannelParent.cpp b/netwerk/protocol/http/ClassifierDummyChannelParent.cpp
@@ -19,9 +19,10 @@ ClassifierDummyChannelParent::ClassifierDummyChannelParent()
 
 ClassifierDummyChannelParent::~ClassifierDummyChannelParent() = default;
 
-void ClassifierDummyChannelParent::Init(nsIURI* aURI, nsIURI* aTopWindowURI,
-                                        nsresult aTopWindowURIResult,
-                                        nsILoadInfo* aLoadInfo) {
+void ClassifierDummyChannelParent::Init(
+    nsIURI* aURI, nsIURI* aTopWindowURI,
+    nsIPrincipal* aContentBlockingAllowListPrincipal,
+    nsresult aTopWindowURIResult, nsILoadInfo* aLoadInfo) {
   MOZ_ASSERT(mIPCActive);
 
   RefPtr<ClassifierDummyChannelParent> self = this;
@@ -33,7 +34,8 @@ void ClassifierDummyChannelParent::Init(nsIURI* aURI, nsIURI* aTopWindowURI,
   }
 
   RefPtr<ClassifierDummyChannel> channel = new ClassifierDummyChannel(
-      aURI, aTopWindowURI, aTopWindowURIResult, aLoadInfo);
+      aURI, aTopWindowURI, aContentBlockingAllowListPrincipal,
+      aTopWindowURIResult, aLoadInfo);
 
   bool willCallback = NS_SUCCEEDED(AsyncUrlChannelClassifier::CheckChannel(
       channel, [self = std::move(self), channel]() {

diff --git a/netwerk/protocol/http/ClassifierDummyChannelParent.h b/netwerk/protocol/http/ClassifierDummyChannelParent.h
@@ -23,8 +23,9 @@ class ClassifierDummyChannelParent final
 
   ClassifierDummyChannelParent();
 
-  void Init(nsIURI* aURI, nsIURI* aTopWindowURI, nsresult aTopWindowURIResult,
-            nsILoadInfo* aLoadInfo);
+  void Init(nsIURI* aURI, nsIURI* aTopWindowURI,
+            nsIPrincipal* aContentBlockingAllowListPrincipal,
+            nsresult aTopWindowURIResult, nsILoadInfo* aLoadInfo);
 
  private:
   ~ClassifierDummyChannelParent();

diff --git a/netwerk/protocol/http/HttpBaseChannel.cpp b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -298,6 +298,7 @@ void HttpBaseChannel::ReleaseMainThreadOnlyReferences() {
   arrayToRelease.AppendElement(mProxyURI.forget());
   arrayToRelease.AppendElement(mPrincipal.forget());
   arrayToRelease.AppendElement(mTopWindowURI.forget());
+  arrayToRelease.AppendElement(mContentBlockingAllowListPrincipal.forget());
   arrayToRelease.AppendElement(mListener.forget());
   arrayToRelease.AppendElement(mCompressListener.forget());
 
@@ -2052,6 +2053,12 @@ nsresult HttpBaseChannel::GetTopWindowURI(nsIURI* aURIBeingLoaded,
         }
       }
 #endif
+
+      if (!mContentBlockingAllowListPrincipal) {
+        Unused << util->GetContentBlockingAllowListPrincipalFromWindow(
+            win, aURIBeingLoaded,
+            getter_AddRefs(mContentBlockingAllowListPrincipal));
+      }
     }
   }
   NS_IF_ADDREF(*aTopWindowURI = mTopWindowURI);
@@ -2066,6 +2073,27 @@ HttpBaseChannel::GetDocumentURI(nsIURI** aDocumentURI) {
   return NS_OK;
 }
 
+NS_IMETHODIMP
+HttpBaseChannel::GetContentBlockingAllowListPrincipal(
+    nsIPrincipal** aPrincipal) {
+  NS_ENSURE_ARG_POINTER(aPrincipal);
+  if (!mContentBlockingAllowListPrincipal) {
+    if (!mTopWindowURI) {
+      // If mTopWindowURI is null, it's possible that these two fields haven't
+      // been initialized yet.  GetTopWindowURI will lazily initilize both
+      // fields for us.
+      nsCOMPtr<nsIURI> throwAway;
+      Unused << GetTopWindowURI(getter_AddRefs(throwAway));
+    } else {
+      // Otherwise, the content blocking allow list principal is null (which is
+      // possible), so just return what we have...
+    }
+  }
+  nsCOMPtr<nsIPrincipal> copy = mContentBlockingAllowListPrincipal;
+  copy.forget(aPrincipal);
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 HttpBaseChannel::SetDocumentURI(nsIURI* aDocumentURI) {
   ENSURE_CALLED_BEFORE_CONNECT();

diff --git a/netwerk/protocol/http/HttpBaseChannel.h b/netwerk/protocol/http/HttpBaseChannel.h
@@ -299,6 +299,8 @@ class HttpBaseChannel : public nsHashPropertyBag,
   NS_IMETHOD GetFetchCacheMode(uint32_t* aFetchCacheMode) override;
   NS_IMETHOD SetFetchCacheMode(uint32_t aFetchCacheMode) override;
   NS_IMETHOD GetTopWindowURI(nsIURI** aTopWindowURI) override;
+  NS_IMETHOD GetContentBlockingAllowListPrincipal(
+      nsIPrincipal** aPrincipal) override;
   NS_IMETHOD SetTopWindowURIIfUnknown(nsIURI* aTopWindowURI) override;
   NS_IMETHOD GetProxyURI(nsIURI** proxyURI) override;
   virtual void SetCorsPreflightParameters(
@@ -464,6 +466,10 @@ class HttpBaseChannel : public nsHashPropertyBag,
     return NS_OK;
   }
 
+  void SetContentBlockingAllowListPrincipal(nsIPrincipal* aPrincipal) {
+    mContentBlockingAllowListPrincipal = aPrincipal;
+  }
+
   // Set referrerInfo and compute the referrer header if neccessary.
   nsresult SetReferrerInfo(nsIReferrerInfo* aReferrerInfo, bool aClone,
                            bool aCompute);
@@ -572,6 +578,7 @@ class HttpBaseChannel : public nsHashPropertyBag,
   nsCOMPtr<nsIURI> mProxyURI;
   nsCOMPtr<nsIPrincipal> mPrincipal;
   nsCOMPtr<nsIURI> mTopWindowURI;
+  nsCOMPtr<nsIPrincipal> mContentBlockingAllowListPrincipal;
   nsCOMPtr<nsIStreamListener> mListener;
   // An instance of nsHTTPCompressConv
   nsCOMPtr<nsIStreamListener> mCompressListener;