docshell/base/nsAboutRedirector.cpp

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
   3 /* This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #include "nsAboutRedirector.h"
   8 #include "nsNetUtil.h"
   9 #include "nsAboutProtocolUtils.h"
  10 #include "nsBaseChannel.h"
  11 #include "mozilla/ArrayUtils.h"
  12 #include "nsIProtocolHandler.h"
  13 #include "nsXULAppAPI.h"
  14 #include "mozilla/Preferences.h"
  15 #include "mozilla/dom/ContentParent.h"
  16 #include "mozilla/dom/RemoteType.h"
  17 #include "mozilla/gfx/GPUProcessManager.h"
  18
  19 #define ABOUT_CONFIG_ENABLED_PREF "general.aboutConfig.enable"
  20
  21 NS_IMPL_ISUPPORTS(nsAboutRedirector, nsIAboutModule)
  22
  23 struct RedirEntry {
  24   const char* id;
  25   const char* url;
  26   uint32_t flags;
  27 };
  28
  29 class CrashChannel final : public nsBaseChannel {
  30  public:
  31   explicit CrashChannel(nsIURI* aURI) { SetURI(aURI); }
  32
  33   nsresult OpenContentStream(bool async, nsIInputStream** stream,
  34                              nsIChannel** channel) override {
  35     nsAutoCString spec;
  36     mURI->GetSpec(spec);
  37
  38     if (spec.EqualsASCII("about:crashparent") && XRE_IsParentProcess()) {
  39       MOZ_CRASH("Crash via about:crashparent");
  40     }
  41
  42     if (spec.EqualsASCII("about:crashgpu") && XRE_IsParentProcess()) {
  43       if (auto* gpu = mozilla::gfx::GPUProcessManager::Get()) {
  44         gpu->CrashProcess();
  45       }
  46     }
  47
  48     if (spec.EqualsASCII("about:crashcontent") && XRE_IsContentProcess()) {
  49       MOZ_CRASH("Crash via about:crashcontent");
  50     }
  51
  52     if (spec.EqualsASCII("about:crashextensions") && XRE_IsParentProcess()) {
  53       using ContentParent = mozilla::dom::ContentParent;
  54       nsTArray<RefPtr<ContentParent>> toKill;
  55       for (auto* cp : ContentParent::AllProcesses(ContentParent::eLive)) {
  56         if (cp->GetRemoteType() == EXTENSION_REMOTE_TYPE) {
  57           toKill.AppendElement(cp);
  58         }
  59       }
  60       for (auto& cp : toKill) {
  61         cp->KillHard("Killed via about:crashextensions");
  62       }
  63     }
  64
  65     NS_WARNING("Unhandled about:crash* URI or wrong process");
  66     return NS_ERROR_NOT_IMPLEMENTED;
  67   }
  68
  69  protected:
  70   virtual ~CrashChannel() = default;
  71 };
  72
  73 /*
  74   Entries which do not have URI_SAFE_FOR_UNTRUSTED_CONTENT will run with chrome
  75   privileges. This is potentially dangerous. Please use
  76   URI_SAFE_FOR_UNTRUSTED_CONTENT in the third argument to each map item below
  77   unless your about: page really needs chrome privileges. Security review is
  78   required before adding new map entries without
  79   URI_SAFE_FOR_UNTRUSTED_CONTENT.
  80
  81   URI_SAFE_FOR_UNTRUSTED_CONTENT is not enough to let web pages load that page,
  82   for that you need MAKE_LINKABLE.
  83
  84   NOTE: changes to this redir map need to be accompanied with changes to
  85     docshell/build/components.conf
  86  */
  87 static const RedirEntry kRedirMap[] = {
  88     {"about", "chrome://global/content/aboutAbout.html", 0},
  89     {"addons", "chrome://mozapps/content/extensions/aboutaddons.html",
  90      nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
  91     {"buildconfig", "chrome://global/content/buildconfig.html",
  92      nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
  93          nsIAboutModule::IS_SECURE_CHROME_UI},
  94     {"checkerboard", "chrome://global/content/aboutCheckerboard.html",
  95      nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
  96          nsIAboutModule::ALLOW_SCRIPT},
  97 #ifndef MOZ_WIDGET_ANDROID
  98     {"config", "chrome://global/content/aboutconfig/aboutconfig.html",
  99      nsIAboutModule::IS_SECURE_CHROME_UI},
 100 #else
 101     {"config", "chrome://geckoview/content/config.xhtml",
 102      nsIAboutModule::IS_SECURE_CHROME_UI},
 103 #endif
 104 #ifdef MOZ_CRASHREPORTER
 105     {"crashes", "chrome://global/content/crashes.html",
 106      nsIAboutModule::IS_SECURE_CHROME_UI},
 107 #endif
 108     {"credits", "https://www.mozilla.org/credits/",
 109      nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
 110          nsIAboutModule::URI_MUST_LOAD_IN_CHILD},
 111     {"httpsonlyerror", "chrome://global/content/httpsonlyerror/errorpage.html",
 112      nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
 113          nsIAboutModule::URI_CAN_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT |
 114          nsIAboutModule::HIDE_FROM_ABOUTABOUT},
 115     {"license", "chrome://global/content/license.html",
 116      nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
 117          nsIAboutModule::IS_SECURE_CHROME_UI},
 118     {"logging", "chrome://global/content/aboutLogging.html",
 119      nsIAboutModule::ALLOW_SCRIPT},
 120     {"logo", "chrome://branding/content/about.png",
 121      nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
 122          // Linkable for testing reasons.
 123          nsIAboutModule::MAKE_LINKABLE},
 124     {"memory", "chrome://global/content/aboutMemory.xhtml",
 125      nsIAboutModule::ALLOW_SCRIPT},
 126     {"certificate", "chrome://global/content/certviewer/certviewer.html",
 127      nsIAboutModule::ALLOW_SCRIPT |
 128          nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
 129          nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
 130          nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
 131          nsIAboutModule::IS_SECURE_CHROME_UI},
 132     {"mozilla", "chrome://global/content/mozilla.html",
 133      nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT},
 134 #if !defined(ANDROID) && !defined(XP_WIN)
 135     {"webauthn", "chrome://global/content/aboutWebauthn.html",
 136      nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
 137 #endif
 138     {"neterror", "chrome://global/content/aboutNetError.html",
 139      nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
 140          nsIAboutModule::URI_CAN_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT |
 141          nsIAboutModule::HIDE_FROM_ABOUTABOUT},
 142     {"networking", "chrome://global/content/aboutNetworking.html",
 143      nsIAboutModule::ALLOW_SCRIPT},
 144     {"performance", "about:processes",
 145      nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI |
 146          nsIAboutModule::HIDE_FROM_ABOUTABOUT},
 147     {"processes", "chrome://global/content/aboutProcesses.html",
 148      nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
 149     // about:serviceworkers always wants to load in the parent process because
 150     // the only place nsIServiceWorkerManager has any data is in the parent
 151     // process.
 152     //
 153     // There is overlap without about:debugging, but about:debugging is not
 154     // available on mobile at this time, and it's useful to be able to know if
 155     // a ServiceWorker is registered directly from the mobile browser without
 156     // having to connect the device to a desktop machine and all that entails.
 157     {"serviceworkers", "chrome://global/content/aboutServiceWorkers.xhtml",
 158      nsIAboutModule::ALLOW_SCRIPT},
 159 #ifndef ANDROID
 160     {"profiles", "chrome://global/content/aboutProfiles.xhtml",
 161      nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
 162 #endif
 163     // about:srcdoc is unresolvable by specification.  It is included here
 164     // because the security manager would disallow srcdoc iframes otherwise.
 165     {"srcdoc", "about:blank",
 166      nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
 167          nsIAboutModule::HIDE_FROM_ABOUTABOUT |
 168          // Needs to be linkable so content can touch its own srcdoc frames
 169          nsIAboutModule::MAKE_LINKABLE | nsIAboutModule::URI_CAN_LOAD_IN_CHILD},
 170     {"support", "chrome://global/content/aboutSupport.xhtml",
 171      nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
 172 #ifdef XP_WIN
 173     {"third-party", "chrome://global/content/aboutThirdParty.html",
 174      nsIAboutModule::ALLOW_SCRIPT},
 175     {"windows-messages", "chrome://global/content/aboutWindowsMessages.html",
 176      nsIAboutModule::ALLOW_SCRIPT},
 177 #endif
 178 #ifndef MOZ_GLEAN_ANDROID
 179     {"glean", "chrome://global/content/aboutGlean.html",
 180 #  if !defined(NIGHTLY_BUILD) && defined(MOZILLA_OFFICIAL)
 181      nsIAboutModule::HIDE_FROM_ABOUTABOUT |
 182 #  endif
 183          nsIAboutModule::ALLOW_SCRIPT},
 184 #endif
 185     {"telemetry", "chrome://global/content/aboutTelemetry.xhtml",
 186      nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
 187     {"translations", "chrome://global/content/translations/translations.html",
 188      nsIAboutModule::ALLOW_SCRIPT |
 189          nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
 190          nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
 191          nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS |
 192          nsIAboutModule::HIDE_FROM_ABOUTABOUT},
 193     {"url-classifier", "chrome://global/content/aboutUrlClassifier.xhtml",
 194      nsIAboutModule::ALLOW_SCRIPT},
 195     {"webrtc", "chrome://global/content/aboutwebrtc/aboutWebrtc.html",
 196      nsIAboutModule::ALLOW_SCRIPT},
 197     {"crashparent", "about:blank", nsIAboutModule::HIDE_FROM_ABOUTABOUT},
 198     {"crashcontent", "about:blank",
 199      nsIAboutModule::HIDE_FROM_ABOUTABOUT |
 200          nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
 201          nsIAboutModule::URI_CAN_LOAD_IN_CHILD |
 202          nsIAboutModule::URI_MUST_LOAD_IN_CHILD},
 203     {"crashgpu", "about:blank", nsIAboutModule::HIDE_FROM_ABOUTABOUT},
 204     {"crashextensions", "about:blank", nsIAboutModule::HIDE_FROM_ABOUTABOUT}};
 205 static const int kRedirTotal = mozilla::ArrayLength(kRedirMap);
 206
 207 NS_IMETHODIMP
 208 nsAboutRedirector::NewChannel(nsIURI* aURI, nsILoadInfo* aLoadInfo,
 209                               nsIChannel** aResult) {
 210   NS_ENSURE_ARG_POINTER(aURI);
 211   NS_ENSURE_ARG_POINTER(aLoadInfo);
 212   NS_ASSERTION(aResult, "must not be null");
 213
 214   nsAutoCString path;
 215   nsresult rv = NS_GetAboutModuleName(aURI, path);
 216   NS_ENSURE_SUCCESS(rv, rv);
 217
 218   nsCOMPtr<nsIIOService> ioService = do_GetIOService(&rv);
 219   NS_ENSURE_SUCCESS(rv, rv);
 220
 221   if (path.EqualsASCII("crashparent") || path.EqualsASCII("crashcontent") ||
 222       path.EqualsASCII("crashgpu") || path.EqualsASCII("crashextensions")) {
 223     bool isExternal;
 224     aLoadInfo->GetLoadTriggeredFromExternal(&isExternal);
 225     if (isExternal || !aLoadInfo->TriggeringPrincipal() ||
 226         !aLoadInfo->TriggeringPrincipal()->IsSystemPrincipal()) {
 227       return NS_ERROR_NOT_AVAILABLE;
 228     }
 229
 230     nsCOMPtr<nsIChannel> channel = new CrashChannel(aURI);
 231     channel->SetLoadInfo(aLoadInfo);
 232     channel.forget(aResult);
 233     return NS_OK;
 234   }
 235
 236   if (path.EqualsASCII("config") &&
 237       !mozilla::Preferences::GetBool(ABOUT_CONFIG_ENABLED_PREF, true)) {
 238     return NS_ERROR_NOT_AVAILABLE;
 239   }
 240
 241   for (int i = 0; i < kRedirTotal; i++) {
 242     if (!strcmp(path.get(), kRedirMap[i].id)) {
 243       nsCOMPtr<nsIChannel> tempChannel;
 244       nsCOMPtr<nsIURI> tempURI;
 245       rv = NS_NewURI(getter_AddRefs(tempURI), kRedirMap[i].url);
 246       NS_ENSURE_SUCCESS(rv, rv);
 247
 248       rv = NS_NewChannelInternal(getter_AddRefs(tempChannel), tempURI,
 249                                  aLoadInfo);
 250       NS_ENSURE_SUCCESS(rv, rv);
 251
 252       // If tempURI links to an external URI (i.e. something other than
 253       // chrome:// or resource://) then set result principal URI on the
 254       // load info which forces the channel principal to reflect the displayed
 255       // URL rather then being the systemPrincipal.
 256       bool isUIResource = false;
 257       rv = NS_URIChainHasFlags(tempURI, nsIProtocolHandler::URI_IS_UI_RESOURCE,
 258                                &isUIResource);
 259       NS_ENSURE_SUCCESS(rv, rv);
 260
 261       bool isAboutBlank = NS_IsAboutBlank(tempURI);
 262
 263       if (!isUIResource && !isAboutBlank) {
 264         aLoadInfo->SetResultPrincipalURI(tempURI);
 265       }
 266
 267       tempChannel->SetOriginalURI(aURI);
 268
 269       tempChannel.forget(aResult);
 270       return rv;
 271     }
 272   }
 273
 274   NS_ERROR("nsAboutRedirector called for unknown case");
 275   return NS_ERROR_ILLEGAL_VALUE;
 276 }
 277
 278 NS_IMETHODIMP
 279 nsAboutRedirector::GetURIFlags(nsIURI* aURI, uint32_t* aResult) {
 280   NS_ENSURE_ARG_POINTER(aURI);
 281
 282   nsAutoCString name;
 283   nsresult rv = NS_GetAboutModuleName(aURI, name);
 284   NS_ENSURE_SUCCESS(rv, rv);
 285
 286   for (int i = 0; i < kRedirTotal; i++) {
 287     if (name.EqualsASCII(kRedirMap[i].id)) {
 288       *aResult = kRedirMap[i].flags;
 289       return NS_OK;
 290     }
 291   }
 292
 293   NS_ERROR("nsAboutRedirector called for unknown case");
 294   return NS_ERROR_ILLEGAL_VALUE;
 295 }
 296
 297 NS_IMETHODIMP
 298 nsAboutRedirector::GetChromeURI(nsIURI* aURI, nsIURI** chromeURI) {
 299   NS_ENSURE_ARG_POINTER(aURI);
 300
 301   nsAutoCString name;
 302   nsresult rv = NS_GetAboutModuleName(aURI, name);
 303   NS_ENSURE_SUCCESS(rv, rv);
 304
 305   for (const auto& redir : kRedirMap) {
 306     if (name.EqualsASCII(redir.id)) {
 307       return NS_NewURI(chromeURI, redir.url);
 308     }
 309   }
 310
 311   NS_ERROR("nsAboutRedirector called for unknown case");
 312   return NS_ERROR_ILLEGAL_VALUE;
 313 }
 314
 315 nsresult nsAboutRedirector::Create(REFNSIID aIID, void** aResult) {
 316   RefPtr<nsAboutRedirector> about = new nsAboutRedirector();
 317   return about->QueryInterface(aIID, aResult);
 318 }