search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1882232 [wpt PR 44805] - [wdspec] add a test for contextCreated events on subcrib...
[gecko.git] / caps / BasePrincipal.cpp
blob6cd94741b0a9b88b0f5482d59c555babd8461c9d
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 sw=2 et tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "mozilla/BasePrincipal.h"
8
9 #include "nsDocShell.h"
10
11 #include "ExpandedPrincipal.h"
12 #include "nsNetUtil.h"
13 #include "nsContentUtils.h"
14 #include "nsIOService.h"
15 #include "nsIURIWithSpecialOrigin.h"
16 #include "nsScriptSecurityManager.h"
17 #include "nsServiceManagerUtils.h"
18 #include "nsAboutProtocolUtils.h"
19 #include "ThirdPartyUtil.h"
20 #include "mozilla/ContentPrincipal.h"
21 #include "mozilla/ExtensionPolicyService.h"
22 #include "mozilla/NullPrincipal.h"
23 #include "mozilla/dom/BlobURLProtocolHandler.h"
24 #include "mozilla/dom/ChromeUtils.h"
25 #include "mozilla/dom/ReferrerInfo.h"
26 #include "mozilla/dom/ToJSValue.h"
27 #include "mozilla/dom/nsMixedContentBlocker.h"
28 #include "mozilla/Components.h"
29 #include "mozilla/dom/StorageUtils.h"
30 #include "mozilla/dom/StorageUtils.h"
31 #include "mozilla/JSONStringWriteFuncs.h"
32 #include "mozilla/JSONWriter.h"
33 #include "nsIURL.h"
34 #include "nsEffectiveTLDService.h"
35 #include "nsIURIMutator.h"
36 #include "mozilla/StaticPrefs_permissions.h"
37 #include "nsIURIMutator.h"
38 #include "nsMixedContentBlocker.h"
39 #include "prnetdb.h"
40 #include "nsIURIFixup.h"
41 #include "mozilla/dom/StorageUtils.h"
42 #include "mozilla/StorageAccess.h"
43 #include "nsPIDOMWindow.h"
44 #include "nsIURIMutator.h"
45 #include "mozilla/PermissionManager.h"
46
47 #include "nsSerializationHelper.h"
48
49 #include "js/JSON.h"
50 #include "ContentPrincipalJSONHandler.h"
51 #include "ExpandedPrincipalJSONHandler.h"
52 #include "NullPrincipalJSONHandler.h"
53 #include "PrincipalJSONHandler.h"
54 #include "SubsumedPrincipalJSONHandler.h"
55
56 namespace mozilla {
57
58 BasePrincipal::BasePrincipal(PrincipalKind aKind,
59 const nsACString& aOriginNoSuffix,
60 const OriginAttributes& aOriginAttributes)
61 : mOriginNoSuffix(NS_Atomize(aOriginNoSuffix)),
62 mOriginSuffix(aOriginAttributes.CreateSuffixAtom()),
63 mOriginAttributes(aOriginAttributes),
64 mKind(aKind),
65 mHasExplicitDomain(false) {}
66
67 BasePrincipal::BasePrincipal(BasePrincipal* aOther,
68 const OriginAttributes& aOriginAttributes)
69 : mOriginNoSuffix(aOther->mOriginNoSuffix),
70 mOriginSuffix(aOriginAttributes.CreateSuffixAtom()),
71 mOriginAttributes(aOriginAttributes),
72 mKind(aOther->mKind),
73 mHasExplicitDomain(aOther->mHasExplicitDomain.load()) {}
74
75 BasePrincipal::~BasePrincipal() = default;
76
77 NS_IMETHODIMP
78 BasePrincipal::GetOrigin(nsACString& aOrigin) {
79 nsresult rv = GetOriginNoSuffix(aOrigin);
80 NS_ENSURE_SUCCESS(rv, rv);
81
82 nsAutoCString suffix;
83 rv = GetOriginSuffix(suffix);
84 NS_ENSURE_SUCCESS(rv, rv);
85 aOrigin.Append(suffix);
86 return NS_OK;
87 }
88
89 NS_IMETHODIMP
90 BasePrincipal::GetWebExposedOriginSerialization(nsACString& aOrigin) {
91 aOrigin.Truncate();
92 nsCOMPtr<nsIURI> prinURI;
93 nsresult rv = GetURI(getter_AddRefs(prinURI));
94 if (NS_FAILED(rv) || !prinURI) {
95 return NS_ERROR_NOT_AVAILABLE;
96 }
97 return nsContentUtils::GetWebExposedOriginSerialization(prinURI, aOrigin);
98 }
99
100 NS_IMETHODIMP
101 BasePrincipal::GetHostPort(nsACString& aRes) {
102 aRes.Truncate();
103 nsCOMPtr<nsIURI> prinURI;
104 nsresult rv = GetURI(getter_AddRefs(prinURI));
105 if (NS_FAILED(rv) || !prinURI) {
106 return NS_OK;
107 }
108 return prinURI->GetHostPort(aRes);
109 }
110
111 NS_IMETHODIMP
112 BasePrincipal::GetHost(nsACString& aRes) {
113 aRes.Truncate();
114 nsCOMPtr<nsIURI> prinURI;
115 nsresult rv = GetURI(getter_AddRefs(prinURI));
116 if (NS_FAILED(rv) || !prinURI) {
117 return NS_OK;
118 }
119 return prinURI->GetHost(aRes);
120 }
121
122 NS_IMETHODIMP
123 BasePrincipal::GetOriginNoSuffix(nsACString& aOrigin) {
124 mOriginNoSuffix->ToUTF8String(aOrigin);
125 return NS_OK;
126 }
127
128 NS_IMETHODIMP
129 BasePrincipal::GetSiteOrigin(nsACString& aSiteOrigin) {
130 nsresult rv = GetSiteOriginNoSuffix(aSiteOrigin);
131 NS_ENSURE_SUCCESS(rv, rv);
132
133 nsAutoCString suffix;
134 rv = GetOriginSuffix(suffix);
135 NS_ENSURE_SUCCESS(rv, rv);
136 aSiteOrigin.Append(suffix);
137 return NS_OK;
138 }
139
140 NS_IMETHODIMP
141 BasePrincipal::GetSiteOriginNoSuffix(nsACString& aSiteOrigin) {
142 return GetOriginNoSuffix(aSiteOrigin);
143 }
144
145 template <typename HandlerTypesT>
146 bool ContainerPrincipalJSONHandler<HandlerTypesT>::ProcessInnerResult(
147 bool aResult) {
148 if (!aResult) {
149 NS_WARNING("Failed to parse inner object");
150 mState = State::Error;
151 return false;
152 }
153 return true;
154 }
155
156 template <typename HandlerTypesT>
157 bool ContainerPrincipalJSONHandler<HandlerTypesT>::startObject() {
158 if (mInnerHandler.isSome()) {
159 return CallOnInner([&](auto& aInner) { return aInner.startObject(); });
160 }
161
162 switch (mState) {
163 case State::Init:
164 mState = State::StartObject;
165 break;
166 case State::SystemPrincipal_Key:
167 mState = State::SystemPrincipal_StartObject;
168 break;
169 default:
170 NS_WARNING("Unexpected object value");
171 mState = State::Error;
172 return false;
173 }
174
175 return true;
176 }
177
178 template <typename HandlerTypesT>
179 bool ContainerPrincipalJSONHandler<HandlerTypesT>::propertyName(
180 const JS::Latin1Char* name, size_t length) {
181 if (mInnerHandler.isSome()) {
182 return CallOnInner(
183 [&](auto& aInner) { return aInner.propertyName(name, length); });
184 }
185
186 switch (mState) {
187 case State::StartObject: {
188 if (length != 1) {
189 NS_WARNING(
190 nsPrintfCString("Unexpected property name length: %zu", length)
191 .get());
192 mState = State::Error;
193 return false;
194 }
195
196 char key = char(name[0]);
197 switch (key) {
198 case BasePrincipal::NullPrincipalKey:
199 mState = State::NullPrincipal_Inner;
200 mInnerHandler.emplace(VariantType<NullPrincipalJSONHandler>());
201 break;
202 case BasePrincipal::ContentPrincipalKey:
203 mState = State::ContentPrincipal_Inner;
204 mInnerHandler.emplace(VariantType<ContentPrincipalJSONHandler>());
205 break;
206 case BasePrincipal::SystemPrincipalKey:
207 mState = State::SystemPrincipal_Key;
208 break;
209 default:
210 if constexpr (CanContainExpandedPrincipal) {
211 if (key == BasePrincipal::ExpandedPrincipalKey) {
212 mState = State::ExpandedPrincipal_Inner;
213 mInnerHandler.emplace(
214 VariantType<ExpandedPrincipalJSONHandler>());
215 break;
216 }
217 }
218 NS_WARNING(
219 nsPrintfCString("Unexpected property name: '%c'", key).get());
220 mState = State::Error;
221 return false;
222 }
223 break;
224 }
225 default:
226 NS_WARNING("Unexpected property name");
227 mState = State::Error;
228 return false;
229 }
230
231 return true;
232 }
233
234 template <typename HandlerTypesT>
235 bool ContainerPrincipalJSONHandler<HandlerTypesT>::endObject() {
236 if (mInnerHandler.isSome()) {
237 return CallOnInner([&](auto& aInner) {
238 if (!aInner.endObject()) {
239 return false;
240 }
241 if (aInner.HasAccepted()) {
242 this->mPrincipal = aInner.mPrincipal.forget();
243 MOZ_ASSERT(this->mPrincipal);
244 mInnerHandler.reset();
245 }
246 return true;
247 });
248 }
249
250 switch (mState) {
251 case State::SystemPrincipal_StartObject:
252 mState = State::SystemPrincipal_EndObject;
253 break;
254 case State::SystemPrincipal_EndObject:
255 this->mPrincipal =
256 BasePrincipal::Cast(nsContentUtils::GetSystemPrincipal());
257 mState = State::EndObject;
258 break;
259 case State::NullPrincipal_Inner:
260 mState = State::EndObject;
261 break;
262 case State::ContentPrincipal_Inner:
263 mState = State::EndObject;
264 break;
265 default:
266 if constexpr (CanContainExpandedPrincipal) {
267 if (mState == State::ExpandedPrincipal_Inner) {
268 mState = State::EndObject;
269 break;
270 }
271 }
272 NS_WARNING("Unexpected end of object");
273 mState = State::Error;
274 return false;
275 }
276
277 return true;
278 }
279
280 template <typename HandlerTypesT>
281 bool ContainerPrincipalJSONHandler<HandlerTypesT>::startArray() {
282 if constexpr (CanContainExpandedPrincipal) {
283 if (mInnerHandler.isSome()) {
284 return CallOnInner([&](auto& aInner) { return aInner.startArray(); });
285 }
286 }
287
288 NS_WARNING("Unexpected array value");
289 mState = State::Error;
290 return false;
291 }
292
293 template <typename HandlerTypesT>
294 bool ContainerPrincipalJSONHandler<HandlerTypesT>::endArray() {
295 if constexpr (CanContainExpandedPrincipal) {
296 if (mInnerHandler.isSome()) {
297 return CallOnInner([&](auto& aInner) { return aInner.endArray(); });
298 }
299 }
300
301 NS_WARNING("Unexpected array value");
302 mState = State::Error;
303 return false;
304 }
305
306 template <typename HandlerTypesT>
307 bool ContainerPrincipalJSONHandler<HandlerTypesT>::stringValue(
308 const JS::Latin1Char* str, size_t length) {
309 if (mInnerHandler.isSome()) {
310 return CallOnInner(
311 [&](auto& aInner) { return aInner.stringValue(str, length); });
312 }
313
314 NS_WARNING("Unexpected string value");
315 mState = State::Error;
316 return false;
317 }
318
319 template class ContainerPrincipalJSONHandler<PrincipalJSONHandlerTypes>;
320 template class ContainerPrincipalJSONHandler<SubsumedPrincipalJSONHandlerTypes>;
321
322 // Takes a JSON string and parses it turning it into a principal of the
323 // corresponding type
324 //
325 // Given a content principal:
326 //
327 // inner JSON object
328 // |
329 // ---------------------------------------------------------
330 // | |
331 // {"1": {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}}
332 // | | | | |
333 // | ----------------------------- |
334 // | | | |
335 // PrincipalKind | | |
336 // | ----------------------------
337 // SerializableKeys |
338 // Value
339 //
340 already_AddRefed<BasePrincipal> BasePrincipal::FromJSON(
341 const nsACString& aJSON) {
342 PrincipalJSONHandler handler;
343
344 if (!JS::ParseJSONWithHandler(
345 reinterpret_cast<const JS::Latin1Char*>(aJSON.BeginReading()),
346 aJSON.Length(), &handler)) {
347 NS_WARNING(
348 nsPrintfCString("Unable to parse: %s", aJSON.BeginReading()).get());
349 MOZ_ASSERT(false,
350 "Unable to parse string as JSON to deserialize as a principal");
351 return nullptr;
352 }
353
354 return handler.Get();
355 }
356
357 // Returns a JSON representation of the principal.
358 // Calling BasePrincipal::FromJSON will deserialize the JSON into
359 // the corresponding principal type.
360 nsresult BasePrincipal::ToJSON(nsACString& aJSON) {
361 MOZ_ASSERT(aJSON.IsEmpty(), "ToJSON only supports an empty result input");
362 aJSON.Truncate();
363
364 // NOTE: JSONWriter emits raw UTF-8 code units for non-ASCII range.
365 JSONStringRefWriteFunc func(aJSON);
366 JSONWriter writer(func, JSONWriter::CollectionStyle::SingleLineStyle);
367
368 nsresult rv = ToJSON(writer);
369 NS_ENSURE_SUCCESS(rv, rv);
370
371 return NS_OK;
372 }
373
374 nsresult BasePrincipal::ToJSON(JSONWriter& aWriter) {
375 static_assert(eKindMax < ArrayLength(JSONEnumKeyStrings));
376
377 aWriter.Start(JSONWriter::CollectionStyle::SingleLineStyle);
378
379 nsresult rv = WriteJSONProperties(aWriter);
380 NS_ENSURE_SUCCESS(rv, rv);
381
382 aWriter.End();
383
384 return NS_OK;
385 }
386
387 nsresult BasePrincipal::WriteJSONProperties(JSONWriter& aWriter) {
388 aWriter.StartObjectProperty(JSONEnumKeyStrings[Kind()],
389 JSONWriter::CollectionStyle::SingleLineStyle);
390
391 nsresult rv = WriteJSONInnerProperties(aWriter);
392 NS_ENSURE_SUCCESS(rv, rv);
393
394 aWriter.EndObject();
395
396 return NS_OK;
397 }
398
399 nsresult BasePrincipal::WriteJSONInnerProperties(JSONWriter& aWriter) {
400 return NS_OK;
401 }
402
403 bool BasePrincipal::FastSubsumesIgnoringFPD(
404 nsIPrincipal* aOther, DocumentDomainConsideration aConsideration) {
405 MOZ_ASSERT(aOther);
406
407 if (Kind() == eContentPrincipal &&
408 !dom::ChromeUtils::IsOriginAttributesEqualIgnoringFPD(
409 mOriginAttributes, Cast(aOther)->mOriginAttributes)) {
410 return false;
411 }
412
413 return SubsumesInternal(aOther, aConsideration);
414 }
415
416 bool BasePrincipal::Subsumes(nsIPrincipal* aOther,
417 DocumentDomainConsideration aConsideration) {
418 MOZ_ASSERT(aOther);
419 MOZ_ASSERT_IF(Kind() == eContentPrincipal, mOriginSuffix);
420
421 // Expanded principals handle origin attributes for each of their
422 // sub-principals individually, null principals do only simple checks for
423 // pointer equality, and system principals are immune to origin attributes
424 // checks, so only do this check for content principals.
425 if (Kind() == eContentPrincipal &&
426 mOriginSuffix != Cast(aOther)->mOriginSuffix) {
427 return false;
428 }
429
430 return SubsumesInternal(aOther, aConsideration);
431 }
432
433 NS_IMETHODIMP
434 BasePrincipal::Equals(nsIPrincipal* aOther, bool* aResult) {
435 NS_ENSURE_ARG_POINTER(aOther);
436
437 *aResult = FastEquals(aOther);
438
439 return NS_OK;
440 }
441
442 NS_IMETHODIMP
443 BasePrincipal::EqualsForPermission(nsIPrincipal* aOther, bool aExactHost,
444 bool* aResult) {
445 *aResult = false;
446 NS_ENSURE_ARG_POINTER(aOther);
447 NS_ENSURE_ARG_POINTER(aResult);
448
449 auto* other = Cast(aOther);
450 if (Kind() != other->Kind()) {
451 // Principals of different kinds can't be equal.
452 return NS_OK;
453 }
454
455 if (Kind() == eSystemPrincipal) {
456 *aResult = this == other;
457 return NS_OK;
458 }
459
460 if (Kind() == eNullPrincipal) {
461 // We don't store permissions for NullPrincipals.
462 return NS_OK;
463 }
464
465 MOZ_ASSERT(Kind() == eExpandedPrincipal || Kind() == eContentPrincipal);
466
467 // Certain origin attributes should not be used to isolate permissions.
468 // Create a stripped copy of both OA sets to compare.
469 mozilla::OriginAttributes ourAttrs = mOriginAttributes;
470 PermissionManager::MaybeStripOriginAttributes(false, ourAttrs);
471 mozilla::OriginAttributes theirAttrs = aOther->OriginAttributesRef();
472 PermissionManager::MaybeStripOriginAttributes(false, theirAttrs);
473
474 if (ourAttrs != theirAttrs) {
475 return NS_OK;
476 }
477
478 if (mOriginNoSuffix == other->mOriginNoSuffix) {
479 *aResult = true;
480 return NS_OK;
481 }
482
483 // If we are matching with an exact host, we're done now - the permissions
484 // don't match otherwise, we need to start comparing subdomains!
485 if (aExactHost) {
486 return NS_OK;
487 }
488
489 nsCOMPtr<nsIURI> ourURI;
490 nsresult rv = GetURI(getter_AddRefs(ourURI));
491 NS_ENSURE_SUCCESS(rv, rv);
492 // Some principal types may indicate success, but still return nullptr for
493 // URI.
494 NS_ENSURE_TRUE(ourURI, NS_ERROR_FAILURE);
495
496 nsCOMPtr<nsIURI> otherURI;
497 rv = other->GetURI(getter_AddRefs(otherURI));
498 NS_ENSURE_SUCCESS(rv, rv);
499 NS_ENSURE_TRUE(otherURI, NS_ERROR_FAILURE);
500
501 // Compare schemes
502 nsAutoCString otherScheme;
503 rv = otherURI->GetScheme(otherScheme);
504 NS_ENSURE_SUCCESS(rv, rv);
505
506 nsAutoCString ourScheme;
507 rv = ourURI->GetScheme(ourScheme);
508 NS_ENSURE_SUCCESS(rv, rv);
509
510 if (otherScheme != ourScheme) {
511 return NS_OK;
512 }
513
514 // Compare ports
515 int32_t otherPort;
516 rv = otherURI->GetPort(&otherPort);
517 NS_ENSURE_SUCCESS(rv, rv);
518
519 int32_t ourPort;
520 rv = ourURI->GetPort(&ourPort);
521 NS_ENSURE_SUCCESS(rv, rv);
522
523 if (otherPort != ourPort) {
524 return NS_OK;
525 }
526
527 // Check if the host or any subdomain of their host matches.
528 nsAutoCString otherHost;
529 rv = otherURI->GetHost(otherHost);
530 if (NS_FAILED(rv) || otherHost.IsEmpty()) {
531 return NS_OK;
532 }
533
534 nsAutoCString ourHost;
535 rv = ourURI->GetHost(ourHost);
536 if (NS_FAILED(rv) || ourHost.IsEmpty()) {
537 return NS_OK;
538 }
539
540 nsCOMPtr<nsIEffectiveTLDService> tldService =
541 do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
542 if (!tldService) {
543 NS_ERROR("Should have a tld service!");
544 return NS_ERROR_FAILURE;
545 }
546
547 // This loop will not loop forever, as GetNextSubDomain will eventually fail
548 // with NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS.
549 while (otherHost != ourHost) {
550 rv = tldService->GetNextSubDomain(otherHost, otherHost);
551 if (NS_FAILED(rv)) {
552 if (rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
553 return NS_OK;
554 }
555 return rv;
556 }
557 }
558
559 *aResult = true;
560 return NS_OK;
561 }
562
563 NS_IMETHODIMP
564 BasePrincipal::EqualsConsideringDomain(nsIPrincipal* aOther, bool* aResult) {
565 NS_ENSURE_ARG_POINTER(aOther);
566
567 *aResult = FastEqualsConsideringDomain(aOther);
568
569 return NS_OK;
570 }
571
572 NS_IMETHODIMP
573 BasePrincipal::EqualsURI(nsIURI* aOtherURI, bool* aResult) {
574 *aResult = false;
575 nsCOMPtr<nsIURI> prinURI;
576 nsresult rv = GetURI(getter_AddRefs(prinURI));
577 if (NS_FAILED(rv) || !prinURI) {
578 return NS_OK;
579 }
580 return prinURI->EqualsExceptRef(aOtherURI, aResult);
581 }
582
583 NS_IMETHODIMP
584 BasePrincipal::Subsumes(nsIPrincipal* aOther, bool* aResult) {
585 NS_ENSURE_ARG_POINTER(aOther);
586
587 *aResult = FastSubsumes(aOther);
588
589 return NS_OK;
590 }
591
592 NS_IMETHODIMP
593 BasePrincipal::SubsumesConsideringDomain(nsIPrincipal* aOther, bool* aResult) {
594 NS_ENSURE_ARG_POINTER(aOther);
595
596 *aResult = FastSubsumesConsideringDomain(aOther);
597
598 return NS_OK;
599 }
600
601 NS_IMETHODIMP
602 BasePrincipal::SubsumesConsideringDomainIgnoringFPD(nsIPrincipal* aOther,
603 bool* aResult) {
604 NS_ENSURE_ARG_POINTER(aOther);
605
606 *aResult = FastSubsumesConsideringDomainIgnoringFPD(aOther);
607
608 return NS_OK;
609 }
610
611 NS_IMETHODIMP
612 BasePrincipal::CheckMayLoad(nsIURI* aURI, bool aAllowIfInheritsPrincipal) {
613 AssertIsOnMainThread();
614 return CheckMayLoadHelper(aURI, aAllowIfInheritsPrincipal, false, 0);
615 }
616
617 NS_IMETHODIMP
618 BasePrincipal::CheckMayLoadWithReporting(nsIURI* aURI,
619 bool aAllowIfInheritsPrincipal,
620 uint64_t aInnerWindowID) {
621 AssertIsOnMainThread();
622 return CheckMayLoadHelper(aURI, aAllowIfInheritsPrincipal, true,
623 aInnerWindowID);
624 }
625
626 nsresult BasePrincipal::CheckMayLoadHelper(nsIURI* aURI,
627 bool aAllowIfInheritsPrincipal,
628 bool aReport,
629 uint64_t aInnerWindowID) {
630 AssertIsOnMainThread(); // Accesses non-threadsafe URI flags and the
631 // non-threadsafe ExtensionPolicyService
632 NS_ENSURE_ARG_POINTER(aURI);
633 MOZ_ASSERT(
634 aReport || aInnerWindowID == 0,
635 "Why do we have an inner window id if we're not supposed to report?");
636
637 // Check the internal method first, which allows us to quickly approve loads
638 // for the System Principal.
639 if (MayLoadInternal(aURI)) {
640 return NS_OK;
641 }
642
643 nsresult rv;
644 if (aAllowIfInheritsPrincipal) {
645 // If the caller specified to allow loads of URIs that inherit
646 // our principal, allow the load if this URI inherits its principal.
647 bool doesInheritSecurityContext;
648 rv = NS_URIChainHasFlags(aURI,
649 nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
650 &doesInheritSecurityContext);
651 if (NS_SUCCEEDED(rv) && doesInheritSecurityContext) {
652 return NS_OK;
653 }
654 }
655
656 // Web Accessible Resources in MV2 Extensions are marked with
657 // URI_FETCHABLE_BY_ANYONE
658 bool fetchableByAnyone;
659 rv = NS_URIChainHasFlags(aURI, nsIProtocolHandler::URI_FETCHABLE_BY_ANYONE,
660 &fetchableByAnyone);
661 if (NS_SUCCEEDED(rv) && fetchableByAnyone) {
662 return NS_OK;
663 }
664
665 // Get the principal uri for the last flag check or error.
666 nsCOMPtr<nsIURI> prinURI;
667 rv = GetURI(getter_AddRefs(prinURI));
668 if (!(NS_SUCCEEDED(rv) && prinURI)) {
669 return NS_ERROR_DOM_BAD_URI;
670 }
671
672 // If MV3 Extension uris are web accessible by this principal it is allowed to
673 // load.
674 bool maybeWebAccessible = false;
675 NS_URIChainHasFlags(aURI, nsIProtocolHandler::WEBEXT_URI_WEB_ACCESSIBLE,
676 &maybeWebAccessible);
677 NS_ENSURE_SUCCESS(rv, rv);
678 if (maybeWebAccessible) {
679 bool isWebAccessible = false;
680 rv = ExtensionPolicyService::GetSingleton().SourceMayLoadExtensionURI(
681 prinURI, aURI, &isWebAccessible);
682 if (NS_SUCCEEDED(rv) && isWebAccessible) {
683 return NS_OK;
684 }
685 }
686
687 if (aReport) {
688 nsScriptSecurityManager::ReportError(
689 "CheckSameOriginError", prinURI, aURI,
690 mOriginAttributes.mPrivateBrowsingId > 0, aInnerWindowID);
691 }
692
693 return NS_ERROR_DOM_BAD_URI;
694 }
695
696 NS_IMETHODIMP
697 BasePrincipal::IsThirdPartyURI(nsIURI* aURI, bool* aRes) {
698 if (IsSystemPrincipal() || (AddonPolicyCore() && AddonAllowsLoad(aURI))) {
699 *aRes = false;
700 return NS_OK;
701 }
702
703 *aRes = true;
704 // If we do not have a URI its always 3rd party.
705 nsCOMPtr<nsIURI> prinURI;
706 nsresult rv = GetURI(getter_AddRefs(prinURI));
707 if (NS_FAILED(rv) || !prinURI) {
708 return NS_OK;
709 }
710 ThirdPartyUtil* thirdPartyUtil = ThirdPartyUtil::GetInstance();
711 return thirdPartyUtil->IsThirdPartyURI(prinURI, aURI, aRes);
712 }
713
714 NS_IMETHODIMP
715 BasePrincipal::IsThirdPartyPrincipal(nsIPrincipal* aPrin, bool* aRes) {
716 *aRes = true;
717 nsCOMPtr<nsIURI> prinURI;
718 nsresult rv = GetURI(getter_AddRefs(prinURI));
719 if (NS_FAILED(rv) || !prinURI) {
720 return NS_OK;
721 }
722 return aPrin->IsThirdPartyURI(prinURI, aRes);
723 }
724
725 NS_IMETHODIMP
726 BasePrincipal::IsThirdPartyChannel(nsIChannel* aChan, bool* aRes) {
727 AssertIsOnMainThread();
728 if (IsSystemPrincipal()) {
729 // Nothing is 3rd party to the system principal.
730 *aRes = false;
731 return NS_OK;
732 }
733
734 nsCOMPtr<nsIURI> prinURI;
735 GetURI(getter_AddRefs(prinURI));
736 ThirdPartyUtil* thirdPartyUtil = ThirdPartyUtil::GetInstance();
737 return thirdPartyUtil->IsThirdPartyChannel(aChan, prinURI, aRes);
738 }
739
740 NS_IMETHODIMP
741 BasePrincipal::IsSameOrigin(nsIURI* aURI, bool* aRes) {
742 *aRes = false;
743 nsCOMPtr<nsIURI> prinURI;
744 nsresult rv = GetURI(getter_AddRefs(prinURI));
745 if (NS_FAILED(rv) || !prinURI) {
746 // Note that expanded and system principals return here, because they have
747 // no URI.
748 return NS_OK;
749 }
750 *aRes = nsScriptSecurityManager::SecurityCompareURIs(prinURI, aURI);
751 return NS_OK;
752 }
753
754 NS_IMETHODIMP
755 BasePrincipal::IsL10nAllowed(nsIURI* aURI, bool* aRes) {
756 AssertIsOnMainThread(); // URI_DANGEROUS_TO_LOAD is not threadsafe to query.
757 *aRes = false;
758
759 if (nsContentUtils::IsErrorPage(aURI)) {
760 *aRes = true;
761 return NS_OK;
762 }
763
764 // The system principal is always allowed.
765 if (IsSystemPrincipal()) {
766 *aRes = true;
767 return NS_OK;
768 }
769
770 nsCOMPtr<nsIURI> uri;
771 nsresult rv = GetURI(getter_AddRefs(uri));
772 NS_ENSURE_SUCCESS(rv, NS_OK);
773
774 bool hasFlags;
775
776 // Allow access to uris that cannot be loaded by web content.
777 rv = NS_URIChainHasFlags(uri, nsIProtocolHandler::URI_DANGEROUS_TO_LOAD,
778 &hasFlags);
779 NS_ENSURE_SUCCESS(rv, NS_OK);
780 if (hasFlags) {
781 *aRes = true;
782 return NS_OK;
783 }
784
785 // UI resources also get access.
786 rv = NS_URIChainHasFlags(uri, nsIProtocolHandler::URI_IS_UI_RESOURCE,
787 &hasFlags);
788 NS_ENSURE_SUCCESS(rv, NS_OK);
789 if (hasFlags) {
790 *aRes = true;
791 return NS_OK;
792 }
793
794 auto policy = AddonPolicyCore();
795 *aRes = (policy && policy->IsPrivileged());
796 return NS_OK;
797 }
798
799 NS_IMETHODIMP
800 BasePrincipal::AllowsRelaxStrictFileOriginPolicy(nsIURI* aURI, bool* aRes) {
801 *aRes = false;
802 nsCOMPtr<nsIURI> prinURI;
803 nsresult rv = GetURI(getter_AddRefs(prinURI));
804 if (NS_FAILED(rv) || !prinURI) {
805 return NS_OK;
806 }
807 *aRes = NS_RelaxStrictFileOriginPolicy(aURI, prinURI);
808 return NS_OK;
809 }
810
811 NS_IMETHODIMP
812 BasePrincipal::GetPrefLightCacheKey(nsIURI* aURI, bool aWithCredentials,
813 const OriginAttributes& aOriginAttributes,
814 nsACString& _retval) {
815 _retval.Truncate();
816 constexpr auto space = " "_ns;
817
818 nsCOMPtr<nsIURI> uri;
819 nsresult rv = GetURI(getter_AddRefs(uri));
820 NS_ENSURE_SUCCESS(rv, rv);
821
822 nsAutoCString scheme, host, port;
823 if (uri) {
824 uri->GetScheme(scheme);
825 uri->GetHost(host);
826 port.AppendInt(NS_GetRealPort(uri));
827 }
828
829 if (aWithCredentials) {
830 _retval.AssignLiteral("cred");
831 } else {
832 _retval.AssignLiteral("nocred");
833 }
834
835 nsAutoCString spec;
836 rv = aURI->GetSpec(spec);
837 NS_ENSURE_SUCCESS(rv, rv);
838
839 nsAutoCString originAttributesSuffix;
840 aOriginAttributes.CreateSuffix(originAttributesSuffix);
841
842 _retval.Append(space + scheme + space + host + space + port + space + spec +
843 space + originAttributesSuffix);
844
845 return NS_OK;
846 }
847
848 NS_IMETHODIMP
849 BasePrincipal::HasFirstpartyStorageAccess(mozIDOMWindow* aCheckWindow,
850 uint32_t* aRejectedReason,
851 bool* aOutAllowed) {
852 AssertIsOnMainThread();
853 *aRejectedReason = 0;
854 *aOutAllowed = false;
855
856 nsPIDOMWindowInner* win = nsPIDOMWindowInner::From(aCheckWindow);
857 nsCOMPtr<nsIURI> uri;
858 nsresult rv = GetURI(getter_AddRefs(uri));
859 if (NS_FAILED(rv)) {
860 return rv;
861 }
862 *aOutAllowed = ShouldAllowAccessFor(win, uri, aRejectedReason);
863 return NS_OK;
864 }
865
866 NS_IMETHODIMP
867 BasePrincipal::GetIsNullPrincipal(bool* aResult) {
868 *aResult = Kind() == eNullPrincipal;
869 return NS_OK;
870 }
871
872 NS_IMETHODIMP
873 BasePrincipal::GetIsContentPrincipal(bool* aResult) {
874 *aResult = Kind() == eContentPrincipal;
875 return NS_OK;
876 }
877
878 NS_IMETHODIMP
879 BasePrincipal::GetIsExpandedPrincipal(bool* aResult) {
880 *aResult = Kind() == eExpandedPrincipal;
881 return NS_OK;
882 }
883
884 NS_IMETHODIMP
885 BasePrincipal::GetAsciiSpec(nsACString& aSpec) {
886 aSpec.Truncate();
887 nsCOMPtr<nsIURI> prinURI;
888 nsresult rv = GetURI(getter_AddRefs(prinURI));
889 if (NS_FAILED(rv) || !prinURI) {
890 return NS_OK;
891 }
892 return prinURI->GetAsciiSpec(aSpec);
893 }
894
895 NS_IMETHODIMP
896 BasePrincipal::GetSpec(nsACString& aSpec) {
897 aSpec.Truncate();
898 nsCOMPtr<nsIURI> prinURI;
899 nsresult rv = GetURI(getter_AddRefs(prinURI));
900 if (NS_FAILED(rv) || !prinURI) {
901 return NS_OK;
902 }
903 return prinURI->GetSpec(aSpec);
904 }
905
906 NS_IMETHODIMP
907 BasePrincipal::GetAsciiHost(nsACString& aHost) {
908 aHost.Truncate();
909 nsCOMPtr<nsIURI> prinURI;
910 nsresult rv = GetURI(getter_AddRefs(prinURI));
911 if (NS_FAILED(rv) || !prinURI) {
912 return NS_OK;
913 }
914 return prinURI->GetAsciiHost(aHost);
915 }
916
917 NS_IMETHODIMP
918 BasePrincipal::GetExposablePrePath(nsACString& aPrepath) {
919 aPrepath.Truncate();
920 nsCOMPtr<nsIURI> prinURI;
921 nsresult rv = GetURI(getter_AddRefs(prinURI));
922 if (NS_FAILED(rv) || !prinURI) {
923 return NS_OK;
924 }
925
926 nsCOMPtr<nsIURI> exposableURI = net::nsIOService::CreateExposableURI(prinURI);
927 return exposableURI->GetDisplayPrePath(aPrepath);
928 }
929
930 NS_IMETHODIMP
931 BasePrincipal::GetExposableSpec(nsACString& aSpec) {
932 aSpec.Truncate();
933 nsCOMPtr<nsIURI> prinURI;
934 nsresult rv = GetURI(getter_AddRefs(prinURI));
935 if (NS_FAILED(rv) || !prinURI) {
936 return NS_OK;
937 }
938 nsCOMPtr<nsIURI> clone;
939 rv = NS_MutateURI(prinURI)
940 .SetQuery(""_ns)
941 .SetRef(""_ns)
942 .SetUserPass(""_ns)
943 .Finalize(clone);
944 NS_ENSURE_SUCCESS(rv, rv);
945 return clone->GetAsciiSpec(aSpec);
946 }
947
948 NS_IMETHODIMP
949 BasePrincipal::GetPrePath(nsACString& aPath) {
950 aPath.Truncate();
951 nsCOMPtr<nsIURI> prinURI;
952 nsresult rv = GetURI(getter_AddRefs(prinURI));
953 if (NS_FAILED(rv) || !prinURI) {
954 return NS_OK;
955 }
956 return prinURI->GetPrePath(aPath);
957 }
958
959 NS_IMETHODIMP
960 BasePrincipal::GetFilePath(nsACString& aPath) {
961 aPath.Truncate();
962 nsCOMPtr<nsIURI> prinURI;
963 nsresult rv = GetURI(getter_AddRefs(prinURI));
964 if (NS_FAILED(rv) || !prinURI) {
965 return NS_OK;
966 }
967 return prinURI->GetFilePath(aPath);
968 }
969
970 NS_IMETHODIMP
971 BasePrincipal::GetIsSystemPrincipal(bool* aResult) {
972 *aResult = IsSystemPrincipal();
973 return NS_OK;
974 }
975
976 NS_IMETHODIMP
977 BasePrincipal::GetIsAddonOrExpandedAddonPrincipal(bool* aResult) {
978 *aResult = AddonPolicyCore() || ContentScriptAddonPolicyCore();
979 return NS_OK;
980 }
981
982 NS_IMETHODIMP BasePrincipal::GetIsOnion(bool* aIsOnion) {
983 *aIsOnion = false;
984 nsCOMPtr<nsIURI> prinURI;
985 nsresult rv = GetURI(getter_AddRefs(prinURI));
986 if (NS_FAILED(rv) || !prinURI) {
987 return NS_OK;
988 }
989
990 nsAutoCString host;
991 rv = prinURI->GetHost(host);
992 if (NS_FAILED(rv)) {
993 return NS_OK;
994 }
995 *aIsOnion = StringEndsWith(host, ".onion"_ns);
996 return NS_OK;
997 }
998
999 NS_IMETHODIMP BasePrincipal::GetIsIpAddress(bool* aIsIpAddress) {
1000 *aIsIpAddress = false;
1001
1002 nsCOMPtr<nsIURI> prinURI;
1003 nsresult rv = GetURI(getter_AddRefs(prinURI));
1004 if (NS_FAILED(rv) || !prinURI) {
1005 return NS_OK;
1006 }
1007
1008 nsAutoCString host;
1009 rv = prinURI->GetHost(host);
1010 if (NS_FAILED(rv)) {
1011 return NS_OK;
1012 }
1013
1014 PRNetAddr prAddr;
1015 memset(&prAddr, 0, sizeof(prAddr));
1016
1017 if (PR_StringToNetAddr(host.get(), &prAddr) == PR_SUCCESS) {
1018 *aIsIpAddress = true;
1019 }
1020
1021 return NS_OK;
1022 }
1023
1024 NS_IMETHODIMP BasePrincipal::GetIsLocalIpAddress(bool* aIsIpAddress) {
1025 *aIsIpAddress = false;
1026
1027 nsCOMPtr<nsIURI> prinURI;
1028 nsresult rv = GetURI(getter_AddRefs(prinURI));
1029 if (NS_FAILED(rv) || !prinURI) {
1030 return NS_OK;
1031 }
1032
1033 nsCOMPtr<nsIIOService> ioService = do_GetIOService(&rv);
1034 if (NS_FAILED(rv) || !ioService) {
1035 return NS_OK;
1036 }
1037 rv = ioService->HostnameIsLocalIPAddress(prinURI, aIsIpAddress);
1038 if (NS_FAILED(rv)) {
1039 *aIsIpAddress = false;
1040 }
1041 return NS_OK;
1042 }
1043
1044 NS_IMETHODIMP
1045 BasePrincipal::GetScheme(nsACString& aScheme) {
1046 aScheme.Truncate();
1047
1048 nsCOMPtr<nsIURI> prinURI;
1049 nsresult rv = GetURI(getter_AddRefs(prinURI));
1050 if (NS_FAILED(rv) || !prinURI) {
1051 return NS_OK;
1052 }
1053
1054 return prinURI->GetScheme(aScheme);
1055 }
1056
1057 NS_IMETHODIMP
1058 BasePrincipal::SchemeIs(const char* aScheme, bool* aResult) {
1059 *aResult = false;
1060 nsCOMPtr<nsIURI> prinURI;
1061 nsresult rv = GetURI(getter_AddRefs(prinURI));
1062 if (NS_WARN_IF(NS_FAILED(rv)) || !prinURI) {
1063 return NS_OK;
1064 }
1065 *aResult = prinURI->SchemeIs(aScheme);
1066 return NS_OK;
1067 }
1068
1069 NS_IMETHODIMP
1070 BasePrincipal::IsURIInPrefList(const char* aPref, bool* aResult) {
1071 AssertIsOnMainThread();
1072 *aResult = false;
1073 nsCOMPtr<nsIURI> prinURI;
1074 nsresult rv = GetURI(getter_AddRefs(prinURI));
1075 if (NS_FAILED(rv) || !prinURI) {
1076 return NS_OK;
1077 }
1078 *aResult = nsContentUtils::IsURIInPrefList(prinURI, aPref);
1079 return NS_OK;
1080 }
1081
1082 NS_IMETHODIMP
1083 BasePrincipal::IsURIInList(const nsACString& aList, bool* aResult) {
1084 *aResult = false;
1085 nsCOMPtr<nsIURI> prinURI;
1086
1087 nsresult rv = GetURI(getter_AddRefs(prinURI));
1088 if (NS_FAILED(rv) || !prinURI) {
1089 return NS_OK;
1090 }
1091
1092 *aResult = nsContentUtils::IsURIInList(prinURI, nsCString(aList));
1093 return NS_OK;
1094 }
1095
1096 NS_IMETHODIMP
1097 BasePrincipal::IsContentAccessibleAboutURI(bool* aResult) {
1098 *aResult = false;
1099
1100 nsCOMPtr<nsIURI> prinURI;
1101 nsresult rv = GetURI(getter_AddRefs(prinURI));
1102 if (NS_FAILED(rv) || !prinURI) {
1103 return NS_OK;
1104 }
1105
1106 if (!prinURI->SchemeIs("about")) {
1107 return NS_OK;
1108 }
1109
1110 *aResult = NS_IsContentAccessibleAboutURI(prinURI);
1111 return NS_OK;
1112 }
1113
1114 NS_IMETHODIMP
1115 BasePrincipal::GetIsOriginPotentiallyTrustworthy(bool* aResult) {
1116 AssertIsOnMainThread();
1117 *aResult = false;
1118
1119 nsCOMPtr<nsIURI> uri;
1120 nsresult rv = GetURI(getter_AddRefs(uri));
1121 if (NS_FAILED(rv) || !uri) {
1122 return NS_OK;
1123 }
1124
1125 *aResult = nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(uri);
1126 return NS_OK;
1127 }
1128
1129 NS_IMETHODIMP
1130 BasePrincipal::GetIsLoopbackHost(bool* aRes) {
1131 AssertIsOnMainThread();
1132 *aRes = false;
1133 nsAutoCString host;
1134 nsresult rv = GetHost(host);
1135 // Swallow potential failure as this method is infallible.
1136 if (NS_FAILED(rv)) {
1137 return NS_OK;
1138 }
1139
1140 *aRes = nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackHost(host);
1141 return NS_OK;
1142 }
1143
1144 NS_IMETHODIMP
1145 BasePrincipal::GetAboutModuleFlags(uint32_t* flags) {
1146 AssertIsOnMainThread();
1147 *flags = 0;
1148 nsCOMPtr<nsIURI> prinURI;
1149 nsresult rv = GetURI(getter_AddRefs(prinURI));
1150 if (NS_FAILED(rv) || !prinURI) {
1151 return NS_ERROR_NOT_AVAILABLE;
1152 }
1153 if (!prinURI->SchemeIs("about")) {
1154 return NS_OK;
1155 }
1156
1157 nsCOMPtr<nsIAboutModule> aboutModule;
1158 rv = NS_GetAboutModule(prinURI, getter_AddRefs(aboutModule));
1159 if (NS_FAILED(rv) || !aboutModule) {
1160 return rv;
1161 }
1162 return aboutModule->GetURIFlags(prinURI, flags);
1163 }
1164
1165 NS_IMETHODIMP
1166 BasePrincipal::GetOriginAttributes(JSContext* aCx,
1167 JS::MutableHandle<JS::Value> aVal) {
1168 if (NS_WARN_IF(!ToJSValue(aCx, mOriginAttributes, aVal))) {
1169 return NS_ERROR_FAILURE;
1170 }
1171 return NS_OK;
1172 }
1173
1174 NS_IMETHODIMP
1175 BasePrincipal::GetOriginSuffix(nsACString& aOriginAttributes) {
1176 MOZ_ASSERT(mOriginSuffix);
1177 mOriginSuffix->ToUTF8String(aOriginAttributes);
1178 return NS_OK;
1179 }
1180
1181 NS_IMETHODIMP
1182 BasePrincipal::GetUserContextId(uint32_t* aUserContextId) {
1183 *aUserContextId = UserContextId();
1184 return NS_OK;
1185 }
1186
1187 NS_IMETHODIMP
1188 BasePrincipal::GetPrivateBrowsingId(uint32_t* aPrivateBrowsingId) {
1189 *aPrivateBrowsingId = PrivateBrowsingId();
1190 return NS_OK;
1191 }
1192
1193 NS_IMETHODIMP
1194 BasePrincipal::GetIsInIsolatedMozBrowserElement(
1195 bool* aIsInIsolatedMozBrowserElement) {
1196 *aIsInIsolatedMozBrowserElement = IsInIsolatedMozBrowserElement();
1197 return NS_OK;
1198 }
1199
1200 nsresult BasePrincipal::GetAddonPolicy(
1201 extensions::WebExtensionPolicy** aResult) {
1202 AssertIsOnMainThread();
1203 RefPtr<extensions::WebExtensionPolicy> policy(AddonPolicy());
1204 policy.forget(aResult);
1205 return NS_OK;
1206 }
1207
1208 nsresult BasePrincipal::GetContentScriptAddonPolicy(
1209 extensions::WebExtensionPolicy** aResult) {
1210 RefPtr<extensions::WebExtensionPolicy> policy(ContentScriptAddonPolicy());
1211 policy.forget(aResult);
1212 return NS_OK;
1213 }
1214
1215 extensions::WebExtensionPolicy* BasePrincipal::AddonPolicy() {
1216 AssertIsOnMainThread();
1217 RefPtr<extensions::WebExtensionPolicyCore> core = AddonPolicyCore();
1218 return core ? core->GetMainThreadPolicy() : nullptr;
1219 }
1220
1221 RefPtr<extensions::WebExtensionPolicyCore> BasePrincipal::AddonPolicyCore() {
1222 if (Is<ContentPrincipal>()) {
1223 return As<ContentPrincipal>()->AddonPolicyCore();
1224 }
1225 return nullptr;
1226 }
1227
1228 bool BasePrincipal::AddonHasPermission(const nsAtom* aPerm) {
1229 if (auto policy = AddonPolicyCore()) {
1230 return policy->HasPermission(aPerm);
1231 }
1232 return false;
1233 }
1234
1235 nsIPrincipal* BasePrincipal::PrincipalToInherit(nsIURI* aRequestedURI) {
1236 if (Is<ExpandedPrincipal>()) {
1237 return As<ExpandedPrincipal>()->PrincipalToInherit(aRequestedURI);
1238 }
1239 return this;
1240 }
1241
1242 bool BasePrincipal::OverridesCSP(nsIPrincipal* aDocumentPrincipal) {
1243 MOZ_ASSERT(aDocumentPrincipal);
1244
1245 // Expanded principals override CSP if and only if they subsume the document
1246 // principal.
1247 if (mKind == eExpandedPrincipal) {
1248 return FastSubsumes(aDocumentPrincipal);
1249 }
1250 // Extension principals always override the CSP of non-extension principals.
1251 // This is primarily for the sake of their stylesheets, which are usually
1252 // loaded from channels and cannot have expanded principals.
1253 return (AddonPolicyCore() &&
1254 !BasePrincipal::Cast(aDocumentPrincipal)->AddonPolicyCore());
1255 }
1256
1257 already_AddRefed<BasePrincipal> BasePrincipal::CreateContentPrincipal(
1258 nsIURI* aURI, const OriginAttributes& aAttrs, nsIURI* aInitialDomain) {
1259 MOZ_ASSERT(aURI);
1260
1261 nsAutoCString originNoSuffix;
1262 nsresult rv =
1263 ContentPrincipal::GenerateOriginNoSuffixFromURI(aURI, originNoSuffix);
1264 if (NS_FAILED(rv)) {
1265 // If the generation of the origin fails, we still want to have a valid
1266 // principal. Better to return a null principal here.
1267 return NullPrincipal::Create(aAttrs);
1268 }
1269
1270 return CreateContentPrincipal(aURI, aAttrs, originNoSuffix, aInitialDomain);
1271 }
1272
1273 already_AddRefed<BasePrincipal> BasePrincipal::CreateContentPrincipal(
1274 nsIURI* aURI, const OriginAttributes& aAttrs,
1275 const nsACString& aOriginNoSuffix, nsIURI* aInitialDomain) {
1276 MOZ_ASSERT(aURI);
1277 MOZ_ASSERT(!aOriginNoSuffix.IsEmpty());
1278
1279 // If the URI is supposed to inherit the security context of whoever loads it,
1280 // we shouldn't make a content principal for it.
1281 bool inheritsPrincipal;
1282 nsresult rv = NS_URIChainHasFlags(
1283 aURI, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
1284 &inheritsPrincipal);
1285 if (NS_FAILED(rv) || inheritsPrincipal) {
1286 return NullPrincipal::Create(aAttrs);
1287 }
1288
1289 // Check whether the URI knows what its principal is supposed to be.
1290 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
1291 nsCOMPtr<nsIURIWithSpecialOrigin> uriWithSpecialOrigin =
1292 do_QueryInterface(aURI);
1293 if (uriWithSpecialOrigin) {
1294 nsCOMPtr<nsIURI> origin;
1295 rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
1296 if (NS_WARN_IF(NS_FAILED(rv))) {
1297 return nullptr;
1298 }
1299 MOZ_ASSERT(origin);
1300 OriginAttributes attrs;
1301 RefPtr<BasePrincipal> principal =
1302 CreateContentPrincipal(origin, attrs, aInitialDomain);
1303 return principal.forget();
1304 }
1305 #endif
1306
1307 nsCOMPtr<nsIPrincipal> blobPrincipal;
1308 if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(
1309 aURI, getter_AddRefs(blobPrincipal))) {
1310 MOZ_ASSERT(blobPrincipal);
1311 MOZ_ASSERT(!aInitialDomain,
1312 "an initial domain for a blob URI makes no sense");
1313 RefPtr<BasePrincipal> principal = Cast(blobPrincipal);
1314 return principal.forget();
1315 }
1316
1317 // Mint a content principal.
1318 RefPtr<ContentPrincipal> principal =
1319 new ContentPrincipal(aURI, aAttrs, aOriginNoSuffix, aInitialDomain);
1320 return principal.forget();
1321 }
1322
1323 already_AddRefed<BasePrincipal> BasePrincipal::CreateContentPrincipal(
1324 const nsACString& aOrigin) {
1325 MOZ_ASSERT(!StringBeginsWith(aOrigin, "["_ns),
1326 "CreateContentPrincipal does not support System and Expanded "
1327 "principals");
1328
1329 MOZ_ASSERT(
1330 !StringBeginsWith(aOrigin, nsLiteralCString(NS_NULLPRINCIPAL_SCHEME ":")),
1331 "CreateContentPrincipal does not support NullPrincipal");
1332
1333 nsAutoCString originNoSuffix;
1334 OriginAttributes attrs;
1335 if (!attrs.PopulateFromOrigin(aOrigin, originNoSuffix)) {
1336 return nullptr;
1337 }
1338
1339 nsCOMPtr<nsIURI> uri;
1340 nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
1341 NS_ENSURE_SUCCESS(rv, nullptr);
1342
1343 return BasePrincipal::CreateContentPrincipal(uri, attrs);
1344 }
1345
1346 already_AddRefed<BasePrincipal> BasePrincipal::CloneForcingOriginAttributes(
1347 const OriginAttributes& aOriginAttributes) {
1348 if (NS_WARN_IF(!IsContentPrincipal())) {
1349 return nullptr;
1350 }
1351
1352 nsAutoCString originNoSuffix;
1353 nsresult rv = GetOriginNoSuffix(originNoSuffix);
1354 NS_ENSURE_SUCCESS(rv, nullptr);
1355
1356 nsCOMPtr<nsIURI> uri;
1357 MOZ_ALWAYS_SUCCEEDS(GetURI(getter_AddRefs(uri)));
1358
1359 // XXX: This does not copy over the domain. Should it?
1360 RefPtr<ContentPrincipal> copy =
1361 new ContentPrincipal(uri, aOriginAttributes, originNoSuffix, nullptr);
1362 return copy.forget();
1363 }
1364
1365 extensions::WebExtensionPolicy* BasePrincipal::ContentScriptAddonPolicy() {
1366 AssertIsOnMainThread();
1367 RefPtr<extensions::WebExtensionPolicyCore> core =
1368 ContentScriptAddonPolicyCore();
1369 return core ? core->GetMainThreadPolicy() : nullptr;
1370 }
1371
1372 RefPtr<extensions::WebExtensionPolicyCore>
1373 BasePrincipal::ContentScriptAddonPolicyCore() {
1374 if (!Is<ExpandedPrincipal>()) {
1375 return nullptr;
1376 }
1377
1378 auto* expanded = As<ExpandedPrincipal>();
1379 for (const auto& prin : expanded->AllowList()) {
1380 if (RefPtr<extensions::WebExtensionPolicyCore> policy =
1381 BasePrincipal::Cast(prin)->AddonPolicyCore()) {
1382 return policy;
1383 }
1384 }
1385
1386 return nullptr;
1387 }
1388
1389 bool BasePrincipal::AddonAllowsLoad(nsIURI* aURI,
1390 bool aExplicit /* = false */) {
1391 if (Is<ExpandedPrincipal>()) {
1392 return As<ExpandedPrincipal>()->AddonAllowsLoad(aURI, aExplicit);
1393 }
1394 if (auto policy = AddonPolicyCore()) {
1395 return policy->CanAccessURI(aURI, aExplicit);
1396 }
1397 return false;
1398 }
1399
1400 NS_IMETHODIMP
1401 BasePrincipal::GetLocalStorageQuotaKey(nsACString& aKey) {
1402 aKey.Truncate();
1403
1404 nsCOMPtr<nsIURI> uri;
1405 nsresult rv = GetURI(getter_AddRefs(uri));
1406 NS_ENSURE_SUCCESS(rv, rv);
1407 NS_ENSURE_TRUE(uri, NS_ERROR_UNEXPECTED);
1408
1409 // The special handling of the file scheme should be consistent with
1410 // GetStorageOriginKey.
1411
1412 nsAutoCString baseDomain;
1413 rv = uri->GetAsciiHost(baseDomain);
1414 NS_ENSURE_SUCCESS(rv, rv);
1415
1416 if (baseDomain.IsEmpty() && uri->SchemeIs("file")) {
1417 nsCOMPtr<nsIURL> url = do_QueryInterface(uri, &rv);
1418 NS_ENSURE_SUCCESS(rv, rv);
1419
1420 rv = url->GetDirectory(baseDomain);
1421 NS_ENSURE_SUCCESS(rv, rv);
1422 } else {
1423 nsCOMPtr<nsIEffectiveTLDService> eTLDService(
1424 do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID, &rv));
1425 NS_ENSURE_SUCCESS(rv, rv);
1426
1427 nsAutoCString eTLDplusOne;
1428 rv = eTLDService->GetBaseDomain(uri, 0, eTLDplusOne);
1429 if (NS_SUCCEEDED(rv)) {
1430 baseDomain = eTLDplusOne;
1431 } else if (rv == NS_ERROR_HOST_IS_IP_ADDRESS ||
1432 rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
1433 rv = NS_OK;
1434 }
1435 NS_ENSURE_SUCCESS(rv, rv);
1436 }
1437
1438 OriginAttributesRef().CreateSuffix(aKey);
1439
1440 nsAutoCString subdomainsDBKey;
1441 rv = dom::StorageUtils::CreateReversedDomain(baseDomain, subdomainsDBKey);
1442 NS_ENSURE_SUCCESS(rv, rv);
1443
1444 aKey.Append(':');
1445 aKey.Append(subdomainsDBKey);
1446
1447 return NS_OK;
1448 }
1449
1450 NS_IMETHODIMP
1451 BasePrincipal::GetNextSubDomainPrincipal(
1452 nsIPrincipal** aNextSubDomainPrincipal) {
1453 nsCOMPtr<nsIURI> uri;
1454 nsresult rv = GetURI(getter_AddRefs(uri));
1455 if (NS_FAILED(rv) || !uri) {
1456 return NS_OK;
1457 }
1458
1459 nsAutoCString host;
1460 rv = uri->GetHost(host);
1461 if (NS_FAILED(rv) || host.IsEmpty()) {
1462 return NS_OK;
1463 }
1464
1465 nsCString subDomain;
1466 rv = nsEffectiveTLDService::GetInstance()->GetNextSubDomain(host, subDomain);
1467
1468 if (NS_FAILED(rv) || subDomain.IsEmpty()) {
1469 return NS_OK;
1470 }
1471
1472 nsCOMPtr<nsIURI> subDomainURI;
1473 rv = NS_MutateURI(uri).SetHost(subDomain).Finalize(subDomainURI);
1474 if (NS_FAILED(rv) || !subDomainURI) {
1475 return NS_OK;
1476 }
1477 // Copy the attributes over
1478 mozilla::OriginAttributes attrs = OriginAttributesRef();
1479
1480 if (!StaticPrefs::permissions_isolateBy_userContext()) {
1481 // Disable userContext for permissions.
1482 attrs.StripAttributes(mozilla::OriginAttributes::STRIP_USER_CONTEXT_ID);
1483 }
1484 RefPtr<nsIPrincipal> principal =
1485 mozilla::BasePrincipal::CreateContentPrincipal(subDomainURI, attrs);
1486
1487 if (!principal) {
1488 return NS_OK;
1489 }
1490 principal.forget(aNextSubDomainPrincipal);
1491 return NS_OK;
1492 }
1493
1494 NS_IMETHODIMP
1495 BasePrincipal::GetStorageOriginKey(nsACString& aOriginKey) {
1496 aOriginKey.Truncate();
1497
1498 nsCOMPtr<nsIURI> uri;
1499 nsresult rv = GetURI(getter_AddRefs(uri));
1500 NS_ENSURE_SUCCESS(rv, rv);
1501 NS_ENSURE_TRUE(uri, NS_ERROR_UNEXPECTED);
1502
1503 // The special handling of the file scheme should be consistent with
1504 // GetLocalStorageQuotaKey.
1505
1506 nsAutoCString domainOrigin;
1507 rv = uri->GetAsciiHost(domainOrigin);
1508 NS_ENSURE_SUCCESS(rv, rv);
1509
1510 if (domainOrigin.IsEmpty()) {
1511 // For the file:/// protocol use the exact directory as domain.
1512 if (uri->SchemeIs("file")) {
1513 nsCOMPtr<nsIURL> url = do_QueryInterface(uri, &rv);
1514 NS_ENSURE_SUCCESS(rv, rv);
1515 rv = url->GetDirectory(domainOrigin);
1516 NS_ENSURE_SUCCESS(rv, rv);
1517 }
1518 }
1519
1520 // Append reversed domain
1521 nsAutoCString reverseDomain;
1522 rv = dom::StorageUtils::CreateReversedDomain(domainOrigin, reverseDomain);
1523 NS_ENSURE_SUCCESS(rv, rv);
1524
1525 aOriginKey.Append(reverseDomain);
1526
1527 // Append scheme
1528 nsAutoCString scheme;
1529 rv = uri->GetScheme(scheme);
1530 NS_ENSURE_SUCCESS(rv, rv);
1531
1532 aOriginKey.Append(':');
1533 aOriginKey.Append(scheme);
1534
1535 // Append port if any
1536 int32_t port = NS_GetRealPort(uri);
1537 if (port != -1) {
1538 aOriginKey.Append(nsPrintfCString(":%d", port));
1539 }
1540
1541 return NS_OK;
1542 }
1543
1544 NS_IMETHODIMP
1545 BasePrincipal::GetIsScriptAllowedByPolicy(bool* aIsScriptAllowedByPolicy) {
1546 AssertIsOnMainThread();
1547 *aIsScriptAllowedByPolicy = false;
1548 nsCOMPtr<nsIURI> prinURI;
1549 nsresult rv = GetURI(getter_AddRefs(prinURI));
1550 if (NS_FAILED(rv) || !prinURI) {
1551 return NS_OK;
1552 }
1553 nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
1554 if (!ssm) {
1555 return NS_ERROR_UNEXPECTED;
1556 }
1557 return ssm->PolicyAllowsScript(prinURI, aIsScriptAllowedByPolicy);
1558 }
1559
1560 bool SiteIdentifier::Equals(const SiteIdentifier& aOther) const {
1561 MOZ_ASSERT(IsInitialized());
1562 MOZ_ASSERT(aOther.IsInitialized());
1563 return mPrincipal->FastEquals(aOther.mPrincipal);
1564 }
1565
1566 NS_IMETHODIMP
1567 BasePrincipal::CreateReferrerInfo(mozilla::dom::ReferrerPolicy aReferrerPolicy,
1568 nsIReferrerInfo** _retval) {
1569 nsCOMPtr<nsIURI> prinURI;
1570 RefPtr<dom::ReferrerInfo> info;
1571 nsresult rv = GetURI(getter_AddRefs(prinURI));
1572 if (NS_FAILED(rv) || !prinURI) {
1573 info = new dom::ReferrerInfo(nullptr);
1574 info.forget(_retval);
1575 return NS_OK;
1576 }
1577 info = new dom::ReferrerInfo(prinURI, aReferrerPolicy);
1578 info.forget(_retval);
1579 return NS_OK;
1580 }
1581
1582 NS_IMETHODIMP
1583 BasePrincipal::GetPrecursorPrincipal(nsIPrincipal** aPrecursor) {
1584 *aPrecursor = nullptr;
1585 return NS_OK;
1586 }
1587
1588 NS_IMPL_ADDREF(BasePrincipal::Deserializer)
1589 NS_IMPL_RELEASE(BasePrincipal::Deserializer)
1590
1591 NS_INTERFACE_MAP_BEGIN(BasePrincipal::Deserializer)
1592 NS_INTERFACE_MAP_ENTRY(nsISupports)
1593 NS_INTERFACE_MAP_ENTRY(nsISerializable)
1594 if (mPrincipal) {
1595 return mPrincipal->QueryInterface(aIID, aInstancePtr);
1596 } else
1597 NS_INTERFACE_MAP_END
1598
1599 NS_IMETHODIMP
1600 BasePrincipal::Deserializer::Write(nsIObjectOutputStream* aStream) {
1601 // Read is used still for legacy principals
1602 MOZ_RELEASE_ASSERT(false, "Old style serialization is removed");
1603 return NS_OK;
1604 }
1605
1606 /* static */
1607 void BasePrincipal::WriteJSONProperty(JSONWriter& aWriter,
1608 const Span<const char>& aKey,
1609 const nsCString& aValue) {
1610 aWriter.StringProperty(aKey, aValue);
1611 }
1612
1613 } // namespace mozilla