search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 1825333 - Make toolkit/components/sessionstore buildable outside of a unified...
[gecko.git] / dom / midi / MIDIPermissionRequest.cpp
blob1eed95f1774d6dd8f3e65eb8683acb321b5b60c8
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim:set ts=2 sw=2 sts=2 et cindent: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "mozilla/dom/MIDIPermissionRequest.h"
8 #include "mozilla/dom/Document.h"
9 #include "mozilla/dom/MIDIAccessManager.h"
10 #include "mozilla/dom/MIDIOptionsBinding.h"
11 #include "mozilla/ipc/BackgroundChild.h"
12 #include "mozilla/ipc/PBackgroundChild.h"
13 #include "mozilla/BasePrincipal.h"
14 #include "mozilla/RandomNum.h"
15 #include "mozilla/StaticPrefs_dom.h"
16 #include "nsIGlobalObject.h"
17 #include "mozilla/Preferences.h"
18 #include "nsContentUtils.h"
19
20 //-------------------------------------------------
21 // MIDI Permission Requests
22 //-------------------------------------------------
23
24 using namespace mozilla::dom;
25
26 NS_IMPL_CYCLE_COLLECTION_INHERITED(MIDIPermissionRequest,
27 ContentPermissionRequestBase, mPromise)
28
29 NS_IMPL_QUERY_INTERFACE_CYCLE_COLLECTION_INHERITED(MIDIPermissionRequest,
30 ContentPermissionRequestBase,
31 nsIRunnable)
32
33 NS_IMPL_ADDREF_INHERITED(MIDIPermissionRequest, ContentPermissionRequestBase)
34 NS_IMPL_RELEASE_INHERITED(MIDIPermissionRequest, ContentPermissionRequestBase)
35
36 MIDIPermissionRequest::MIDIPermissionRequest(nsPIDOMWindowInner* aWindow,
37 Promise* aPromise,
38 const MIDIOptions& aOptions)
39 : ContentPermissionRequestBase(
40 aWindow->GetDoc()->NodePrincipal(), aWindow,
41 ""_ns, // We check prefs in a custom way here
42 "midi"_ns),
43 mPromise(aPromise),
44 mNeedsSysex(aOptions.mSysex) {
45 MOZ_ASSERT(aWindow);
46 MOZ_ASSERT(aPromise, "aPromise should not be null!");
47 MOZ_ASSERT(aWindow->GetDoc());
48 mPrincipal = aWindow->GetDoc()->NodePrincipal();
49 MOZ_ASSERT(mPrincipal);
50 }
51
52 NS_IMETHODIMP
53 MIDIPermissionRequest::GetTypes(nsIArray** aTypes) {
54 NS_ENSURE_ARG_POINTER(aTypes);
55 nsTArray<nsString> options;
56
57 // The previous implementation made no differences between midi and
58 // midi-sysex. The check on the SitePermsAddonProvider pref should be removed
59 // at the same time as the old implementation.
60 if (mNeedsSysex || !StaticPrefs::dom_sitepermsaddon_provider_enabled()) {
61 options.AppendElement(u"sysex"_ns);
62 }
63 return nsContentPermissionUtils::CreatePermissionArray(mType, options,
64 aTypes);
65 }
66
67 NS_IMETHODIMP
68 MIDIPermissionRequest::Cancel() {
69 mCancelTimer = nullptr;
70
71 if (StaticPrefs::dom_sitepermsaddon_provider_enabled()) {
72 mPromise->MaybeRejectWithSecurityError(
73 "WebMIDI requires a site permission add-on to activate");
74 } else {
75 // This message is used for the initial XPIProvider-based implementation
76 // of Site Permissions.
77 // It should be removed as part of Bug 1789718.
78 mPromise->MaybeRejectWithSecurityError(
79 "WebMIDI requires a site permission add-on to activate — see "
80 "https://extensionworkshop.com/documentation/publish/"
81 "site-permission-add-on/ for details.");
82 }
83 return NS_OK;
84 }
85
86 NS_IMETHODIMP
87 MIDIPermissionRequest::Allow(JS::Handle<JS::Value> aChoices) {
88 MOZ_ASSERT(aChoices.isUndefined());
89 MIDIAccessManager* mgr = MIDIAccessManager::Get();
90 mgr->CreateMIDIAccess(mWindow, mNeedsSysex, mPromise);
91 return NS_OK;
92 }
93
94 NS_IMETHODIMP
95 MIDIPermissionRequest::Run() {
96 // If the testing flag is true, skip dialog
97 if (Preferences::GetBool("midi.prompt.testing", false)) {
98 bool allow =
99 Preferences::GetBool("media.navigator.permission.disabled", false);
100 if (allow) {
101 Allow(JS::UndefinedHandleValue);
102 } else {
103 Cancel();
104 }
105 return NS_OK;
106 }
107
108 nsCString permName = "midi"_ns;
109 // The previous implementation made no differences between midi and
110 // midi-sysex. The check on the SitePermsAddonProvider pref should be removed
111 // at the same time as the old implementation.
112 if (mNeedsSysex || !StaticPrefs::dom_sitepermsaddon_provider_enabled()) {
113 permName.Append("-sysex");
114 }
115
116 // First, check for an explicit allow/deny. Note that we want to support
117 // granting a permission on the base domain and then using it on a subdomain,
118 // which is why we use the non-"Exact" variants of these APIs. See bug
119 // 1757218.
120 if (nsContentUtils::IsSitePermAllow(mPrincipal, permName)) {
121 Allow(JS::UndefinedHandleValue);
122 return NS_OK;
123 }
124
125 if (nsContentUtils::IsSitePermDeny(mPrincipal, permName)) {
126 CancelWithRandomizedDelay();
127 return NS_OK;
128 }
129
130 // If the add-on is not installed, and sitepermsaddon provider not enabled,
131 // auto-deny (except for localhost).
132 if (StaticPrefs::dom_webmidi_gated() &&
133 !StaticPrefs::dom_sitepermsaddon_provider_enabled() &&
134 !nsContentUtils::HasSitePerm(mPrincipal, permName) &&
135 !mPrincipal->GetIsLoopbackHost()) {
136 CancelWithRandomizedDelay();
137 return NS_OK;
138 }
139
140 // If sitepermsaddon provider is enabled and user denied install,
141 // auto-deny (except for localhost, where we use a regular permission flow).
142 if (StaticPrefs::dom_sitepermsaddon_provider_enabled() &&
143 nsContentUtils::IsSitePermDeny(mPrincipal, "install"_ns) &&
144 !mPrincipal->GetIsLoopbackHost()) {
145 CancelWithRandomizedDelay();
146 return NS_OK;
147 }
148
149 // Before we bother the user with a prompt, see if they have any devices. If
150 // they don't, just report denial.
151 MOZ_ASSERT(NS_IsMainThread());
152 mozilla::ipc::PBackgroundChild* actor =
153 mozilla::ipc::BackgroundChild::GetOrCreateForCurrentThread();
154 if (NS_WARN_IF(!actor)) {
155 return NS_ERROR_FAILURE;
156 }
157 RefPtr<MIDIPermissionRequest> self = this;
158 actor->SendHasMIDIDevice(
159 [=](bool aHasDevices) {
160 MOZ_ASSERT(NS_IsMainThread());
161
162 if (aHasDevices) {
163 self->DoPrompt();
164 } else {
165 nsContentUtils::ReportToConsoleNonLocalized(
166 u"Silently denying site request for MIDI access because no devices were detected. You may need to restart your browser after connecting a new device."_ns,
167 nsIScriptError::infoFlag, "WebMIDI"_ns, mWindow->GetDoc());
168 self->CancelWithRandomizedDelay();
169 }
170 },
171 [=](auto) { self->CancelWithRandomizedDelay(); });
172
173 return NS_OK;
174 }
175
176 // If the user has no MIDI devices, we automatically deny the request. To
177 // prevent sites from using timing attack to discern the existence of MIDI
178 // devices, we instrument silent denials with a randomized delay between 3
179 // and 13 seconds, which is intended to model the time the user might spend
180 // considering a prompt before denying it.
181 //
182 // Note that we set the random component of the delay to zero in automation
183 // to avoid unnecessarily increasing test end-to-end time.
184 void MIDIPermissionRequest::CancelWithRandomizedDelay() {
185 MOZ_ASSERT(NS_IsMainThread());
186 uint32_t baseDelayMS = 3 * 1000;
187 uint32_t randomDelayMS =
188 xpc::IsInAutomation() ? 0 : RandomUint64OrDie() % (10 * 1000);
189 auto delay = TimeDuration::FromMilliseconds(baseDelayMS + randomDelayMS);
190 RefPtr<MIDIPermissionRequest> self = this;
191 NS_NewTimerWithCallback(
192 getter_AddRefs(mCancelTimer), [=](auto) { self->Cancel(); }, delay,
193 nsITimer::TYPE_ONE_SHOT, __func__);
194 }
195
196 nsresult MIDIPermissionRequest::DoPrompt() {
197 if (NS_FAILED(nsContentPermissionUtils::AskPermission(this, mWindow))) {
198 Cancel();
199 return NS_ERROR_FAILURE;
200 }
201 return NS_OK;
202 }