1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 * RemotePageAccessManager determines which RPM functions a given
7 * about page is allowed to access. It does this based on a map from about
8 * page URLs to allowed functions for that page/URL.
10 * An RPM function will be exported into the page only if it appears
11 * in the access managers's accessMap for that page's uri.
13 * This module may be used from both the child and parent process.
15 * Please note that prefs that one wants to update need to be
16 * explicitly allowed within AsyncPrefs.sys.mjs.
18 export let RemotePageAccessManager = {
19 /* The accessMap lists the permissions that are allowed per page.
20 * The structure should be of the following form:
22 * <function name>: [<keys>],
25 * For the page with given URL, permission is allowed for each
26 * listed function with a matching key. The first argument to the
27 * function must match one of the keys. If keys is an array with a
28 * single asterisk element ["*"], then all values are permitted.
32 RPMSendAsyncMessage: [
33 "Browser:EnableOnlineMode",
34 "Browser:ResetSSLPreferences",
35 "GetChangedCertPrefs",
36 "Browser:OpenCaptivePortalPage",
37 "Browser:SSLErrorGoBack",
39 "Browser:ResetEnterpriseRootsPref",
40 "DisplayOfflineSupportPage",
42 RPMRecordTelemetryEvent: ["*"],
43 RPMAddMessageListener: ["*"],
44 RPMRemoveMessageListener: ["*"],
45 RPMGetFormatURLPref: ["app.support.baseURL"],
47 "security.certerrors.mitm.priming.enabled",
48 "security.certerrors.permanentOverride",
49 "security.enterprise_roots.auto-enabled",
50 "security.certerror.hideAddException",
51 "network.trr.display_fallback_warning",
54 "security.dialog_enable_delay",
55 "services.settings.clock_skew_seconds",
56 "services.settings.last_update_seconds",
58 RPMGetAppBuildID: ["*"],
59 RPMGetInnerMostURI: ["*"],
60 RPMIsWindowPrivate: ["*"],
61 RPMAddToHistogram: ["*"],
64 RPMSendAsyncMessage: ["ActivityStream:ContentToMain"],
65 RPMAddMessageListener: ["ActivityStream:MainToContent"],
67 "about:httpsonlyerror": {
68 RPMGetFormatURLPref: ["app.support.baseURL"],
69 RPMGetIntPref: ["security.dialog_enable_delay"],
70 RPMSendAsyncMessage: ["goBack", "openInsecure"],
71 RPMAddMessageListener: ["WWWReachable"],
72 RPMTryPingSecureWWWLink: ["*"],
73 RPMOpenSecureWWWLink: ["*"],
75 "about:certificate": {
76 RPMSendQuery: ["getCertificates"],
79 RPMSendAsyncMessage: [
80 "Browser:EnableOnlineMode",
81 "Browser:ResetSSLPreferences",
82 "GetChangedCertPrefs",
83 "Browser:OpenCaptivePortalPage",
84 "Browser:SSLErrorGoBack",
86 "Browser:ResetEnterpriseRootsPref",
87 "ReportBlockingError",
88 "DisplayOfflineSupportPage",
91 RPMCheckAlternateHostAvailable: ["*"],
92 RPMRecordTelemetryEvent: [
93 "security.doh.neterror",
94 "security.ui.tlserror",
96 RPMAddMessageListener: ["*"],
97 RPMRemoveMessageListener: ["*"],
98 RPMGetFormatURLPref: [
99 "app.support.baseURL",
100 "network.trr_ui.skip_reason_learn_more_url",
103 "security.certerror.hideAddException",
104 "security.xfocsp.errorReporting.automatic",
105 "security.xfocsp.errorReporting.enabled",
106 "security.xfocsp.hideOpenInNewWindow",
107 "network.trr.display_fallback_warning",
110 "security.xfocsp.errorReporting.automatic",
111 "network.trr.display_fallback_warning",
113 RPMAddToHistogram: ["*"],
114 RPMGetInnerMostURI: ["*"],
115 RPMGetHttpResponseHeader: ["*"],
116 RPMIsTRROnlyFailure: ["*"],
118 RPMIsNativeFallbackFailure: ["*"],
119 RPMGetTRRSkipReason: ["*"],
120 RPMGetTRRDomain: ["*"],
121 RPMIsSiteSpecificTRRError: ["*"],
122 RPMSetTRRDisabledLoadFlags: ["*"],
123 RPMSendQuery: ["Browser:AddTRRExcludedDomain"],
124 RPMGetIntPref: ["network.trr.mode"],
127 RPMSendAsyncMessage: ["ActivityStream:ContentToMain"],
128 RPMAddMessageListener: ["ActivityStream:MainToContent"],
130 "about:pocket-saved": {
131 RPMSendAsyncMessage: ["*"],
132 RPMAddMessageListener: ["*"],
133 RPMRemoveMessageListener: ["*"],
134 RPMGetStringPref: ["extensions.pocket.site"],
136 "about:pocket-signup": {
137 RPMSendAsyncMessage: ["*"],
138 RPMAddMessageListener: ["*"],
139 RPMRemoveMessageListener: ["*"],
140 RPMGetStringPref: ["extensions.pocket.site"],
142 "about:pocket-home": {
143 RPMSendAsyncMessage: ["*"],
144 RPMAddMessageListener: ["*"],
145 RPMRemoveMessageListener: ["*"],
146 RPMGetStringPref: ["extensions.pocket.site"],
148 "about:pocket-style-guide": {
149 RPMSendAsyncMessage: ["*"],
150 RPMAddMessageListener: ["*"],
151 RPMRemoveMessageListener: ["*"],
153 "about:privatebrowsing": {
154 RPMSendAsyncMessage: [
156 "SearchBannerDismissed",
157 "OpenSearchPreferences",
162 "ShouldShowSearchBanner",
164 "SpecialMessageActionDispatch",
166 RPMAddMessageListener: ["*"],
167 RPMRemoveMessageListener: ["*"],
168 RPMGetFormatURLPref: [
169 "app.support.baseURL",
170 "browser.privatebrowsing.vpnpromourl",
172 RPMIsWindowPrivate: ["*"],
173 RPMGetBoolPref: ["browser.privatebrowsing.felt-privacy-v1"],
175 "about:protections": {
176 RPMSendAsyncMessage: [
177 "OpenContentBlockingPreferences",
179 "OpenSyncPreferences",
184 "FetchUserLoginsData",
186 "FetchContentBlockingEvents",
187 "FetchMobileDeviceConnected",
193 RPMAddMessageListener: ["*"],
194 RPMRemoveMessageListener: ["*"],
196 "browser.contentblocking.report.show_mobile_app",
197 "browser.contentblocking.report.hide_vpn_banner",
200 "browser.contentblocking.report.lockwise.enabled",
201 "browser.contentblocking.report.monitor.enabled",
202 "privacy.fingerprintingProtection",
203 "privacy.socialtracking.block_cookies.enabled",
204 "browser.contentblocking.report.proxy.enabled",
205 "privacy.trackingprotection.cryptomining.enabled",
206 "privacy.trackingprotection.fingerprinting.enabled",
207 "privacy.trackingprotection.enabled",
208 "privacy.trackingprotection.socialtracking.enabled",
209 "browser.contentblocking.report.show_mobile_app",
210 "browser.contentblocking.report.hide_vpn_banner",
211 "browser.vpn_promo.enabled",
214 "browser.contentblocking.category",
215 "browser.contentblocking.report.monitor.url",
216 "browser.contentblocking.report.monitor.sign_in_url",
217 "browser.contentblocking.report.manage_devices.url",
218 "browser.contentblocking.report.proxy_extension.url",
219 "browser.contentblocking.report.lockwise.mobile-android.url",
220 "browser.contentblocking.report.lockwise.mobile-ios.url",
221 "browser.contentblocking.report.mobile-ios.url",
222 "browser.contentblocking.report.mobile-android.url",
223 "browser.contentblocking.report.vpn.url",
224 "browser.contentblocking.report.vpn-promo.url",
225 "browser.contentblocking.report.vpn-android.url",
226 "browser.contentblocking.report.vpn-ios.url",
228 RPMGetIntPref: ["network.cookie.cookieBehavior"],
229 RPMGetFormatURLPref: [
230 "browser.contentblocking.report.monitor.how_it_works.url",
231 "browser.contentblocking.report.lockwise.how_it_works.url",
232 "browser.contentblocking.report.monitor.preferences_url",
233 "browser.contentblocking.report.monitor.home_page_url",
234 "browser.contentblocking.report.social.url",
235 "browser.contentblocking.report.cookie.url",
236 "browser.contentblocking.report.tracker.url",
237 "browser.contentblocking.report.fingerprinter.url",
238 "browser.contentblocking.report.cryptominer.url",
240 RPMRecordTelemetryEvent: ["*"],
242 "about:shoppingsidebar": {
244 "browser.shopping.experience2023.optedIn",
245 "browser.shopping.experience2023.active",
246 "browser.shopping.experience2023.ads.userEnabled",
247 "browser.shopping.experience2023.sidebarClosedCount",
248 "browser.shopping.experience2023.showKeepSidebarClosedMessage",
249 "browser.shopping.experience2023.autoOpen.userEnabled",
251 RPMGetFormatURLPref: ["app.support.baseURL"],
252 RPMGetIntPref: ["browser.shopping.experience2023.sidebarClosedCount"],
254 "browser.shopping.experience2023.showKeepSidebarClosedMessage",
257 "about:tabcrashed": {
258 RPMSendAsyncMessage: ["Load", "closeTab", "restoreTab", "restoreAll"],
259 RPMAddMessageListener: ["*"],
260 RPMRemoveMessageListener: ["*"],
263 RPMSendAsyncMessage: ["ActivityStream:ContentToMain"],
264 RPMAddMessageListener: ["ActivityStream:MainToContent"],
269 * Check if access is allowed to the given feature for a given document.
270 * This should be called from within the child process.
272 * The feature within the accessMap must list the given aValue, for access to
275 * @param aDocument child process document to call from
276 * @param aFeature to feature to check access to
277 * @param aValue value that must be included with that feature's allow list
278 * @returns true if access is allowed or false otherwise
280 checkAllowAccess(aDocument, aFeature, aValue) {
281 let principal = aDocument.nodePrincipal;
282 // if there is no content principal; deny access
287 return this.checkAllowAccessWithPrincipal(
296 * Check if access is allowed to the given feature for a given principal.
297 * This may be called from within the child or parent process.
299 * The feature within the accessMap must list the given aValue, for access to
302 * In the parent process, the passed-in document is expected to be null.
304 * @param aPrincipal principal being called from
305 * @param aFeature to feature to check access to
306 * @param aValue value that must be included with that feature's allow list
307 * @param aDocument optional child process document to call from
308 * @returns true if access is allowed or false otherwise
310 checkAllowAccessWithPrincipal(aPrincipal, aFeature, aValue, aDocument) {
311 let accessMapForFeature = this.checkAllowAccessToFeature(
316 if (!accessMapForFeature) {
318 "RemotePageAccessManager does not allow access to Feature: ",
327 // If the actual value is in the allow list for that feature;
329 if (accessMapForFeature.includes(aValue) || accessMapForFeature[0] == "*") {
337 * Check if a particular feature can be accessed without checking for a
338 * specific feature value.
340 * @param aPrincipal principal being called from
341 * @param aFeature to feature to check access to
342 * @param aDocument optional child process document to call from
343 * @returns non-null allow list if access is allowed or null otherwise
345 checkAllowAccessToFeature(aPrincipal, aFeature, aDocument) {
347 if (!aPrincipal.isContentPrincipal) {
348 // For the sake of remote pages, when the principal has no uri,
349 // we want to access the "real" document URI directly, e.g. if the
350 // about: page is sandboxed.
354 if (!aDocument.documentURIObject.schemeIs("about")) {
358 aDocument.documentURIObject.prePath +
359 aDocument.documentURIObject.filePath;
361 if (!aPrincipal.schemeIs("about")) {
364 spec = aPrincipal.prePath + aPrincipal.filePath;
367 // Check if there is an entry for that requestying URI in the accessMap;
368 // if not, deny access.
369 let accessMapForURI = this.accessMap[spec];
370 if (!accessMapForURI) {
374 // Check if the feature is allowed to be accessed for that URI;
375 // if not, deny access.
376 return accessMapForURI[aFeature];
380 * This function adds a new page to the access map, but can only
381 * be used in a test environment.
383 addPage(aUrl, aFunctionMap) {
384 if (!Cu.isInAutomation) {
385 throw new Error("Cannot only modify privileges during testing");
388 if (aUrl in this.accessMap) {
389 throw new Error("Cannot modify privileges of existing page");
392 this.accessMap[aUrl] = aFunctionMap;