1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 * RemotePageAccessManager determines which RPM functions a given
7 * about page is allowed to access. It does this based on a map from about
8 * page URLs to allowed functions for that page/URL.
10 * An RPM function will be exported into the page only if it appears
11 * in the access managers's accessMap for that page's uri.
13 * This module may be used from both the child and parent process.
15 * Please note that prefs that one wants to update need to be
16 * explicitly allowed within AsyncPrefs.sys.mjs.
18 export let RemotePageAccessManager = {
19 /* The accessMap lists the permissions that are allowed per page.
20 * The structure should be of the following form:
22 * <function name>: [<keys>],
25 * For the page with given URL, permission is allowed for each
26 * listed function with a matching key. The first argument to the
27 * function must match one of the keys. If keys is an array with a
28 * single asterisk element ["*"], then all values are permitted.
32 RPMSendAsyncMessage: [
33 "Browser:EnableOnlineMode",
34 "Browser:ResetSSLPreferences",
35 "GetChangedCertPrefs",
36 "Browser:OpenCaptivePortalPage",
37 "Browser:SSLErrorGoBack",
39 "Browser:ResetEnterpriseRootsPref",
40 "DisplayOfflineSupportPage",
42 RPMRecordTelemetryEvent: ["*"],
43 RPMAddMessageListener: ["*"],
44 RPMRemoveMessageListener: ["*"],
45 RPMGetFormatURLPref: ["app.support.baseURL"],
47 "security.certerrors.mitm.priming.enabled",
48 "security.certerrors.permanentOverride",
49 "security.enterprise_roots.auto-enabled",
50 "security.certerror.hideAddException",
51 "network.trr.display_fallback_warning",
54 "security.dialog_enable_delay",
55 "services.settings.clock_skew_seconds",
56 "services.settings.last_update_seconds",
58 RPMGetAppBuildID: ["*"],
59 RPMGetInnerMostURI: ["*"],
60 RPMIsWindowPrivate: ["*"],
61 RPMAddToHistogram: ["*"],
64 RPMSendAsyncMessage: ["ActivityStream:ContentToMain"],
65 RPMAddMessageListener: ["ActivityStream:MainToContent"],
67 "about:httpsonlyerror": {
68 RPMGetFormatURLPref: ["app.support.baseURL"],
69 RPMGetIntPref: ["security.dialog_enable_delay"],
70 RPMSendAsyncMessage: ["goBack", "openInsecure"],
71 RPMAddMessageListener: ["WWWReachable"],
72 RPMTryPingSecureWWWLink: ["*"],
73 RPMOpenSecureWWWLink: ["*"],
75 "about:certificate": {
76 RPMSendQuery: ["getCertificates"],
79 RPMSendAsyncMessage: [
80 "Browser:EnableOnlineMode",
81 "Browser:ResetSSLPreferences",
82 "GetChangedCertPrefs",
83 "Browser:OpenCaptivePortalPage",
84 "Browser:SSLErrorGoBack",
86 "Browser:ResetEnterpriseRootsPref",
87 "ReportBlockingError",
88 "DisplayOfflineSupportPage",
91 RPMCheckAlternateHostAvailable: ["*"],
92 RPMRecordTelemetryEvent: [
93 "security.doh.neterror",
94 "security.ui.tlserror",
96 RPMAddMessageListener: ["*"],
97 RPMRemoveMessageListener: ["*"],
98 RPMGetFormatURLPref: [
99 "app.support.baseURL",
100 "network.trr_ui.skip_reason_learn_more_url",
103 "security.certerror.hideAddException",
104 "security.xfocsp.errorReporting.automatic",
105 "security.xfocsp.errorReporting.enabled",
106 "network.trr.display_fallback_warning",
109 "security.xfocsp.errorReporting.automatic",
110 "network.trr.display_fallback_warning",
112 RPMAddToHistogram: ["*"],
113 RPMGetInnerMostURI: ["*"],
114 RPMGetHttpResponseHeader: ["*"],
115 RPMIsTRROnlyFailure: ["*"],
117 RPMIsNativeFallbackFailure: ["*"],
118 RPMGetTRRSkipReason: ["*"],
119 RPMGetTRRDomain: ["*"],
120 RPMIsSiteSpecificTRRError: ["*"],
121 RPMSetTRRDisabledLoadFlags: ["*"],
122 RPMSendQuery: ["Browser:AddTRRExcludedDomain"],
123 RPMGetIntPref: ["network.trr.mode"],
126 RPMSendAsyncMessage: ["ActivityStream:ContentToMain"],
127 RPMAddMessageListener: ["ActivityStream:MainToContent"],
129 "about:pocket-saved": {
130 RPMSendAsyncMessage: ["*"],
131 RPMAddMessageListener: ["*"],
132 RPMRemoveMessageListener: ["*"],
133 RPMGetStringPref: ["extensions.pocket.site"],
135 "about:pocket-signup": {
136 RPMSendAsyncMessage: ["*"],
137 RPMAddMessageListener: ["*"],
138 RPMRemoveMessageListener: ["*"],
139 RPMGetStringPref: ["extensions.pocket.site"],
141 "about:pocket-home": {
142 RPMSendAsyncMessage: ["*"],
143 RPMAddMessageListener: ["*"],
144 RPMRemoveMessageListener: ["*"],
145 RPMGetStringPref: ["extensions.pocket.site"],
147 "about:pocket-style-guide": {
148 RPMSendAsyncMessage: ["*"],
149 RPMAddMessageListener: ["*"],
150 RPMRemoveMessageListener: ["*"],
152 "about:privatebrowsing": {
153 RPMSendAsyncMessage: [
155 "SearchBannerDismissed",
156 "OpenSearchPreferences",
161 "ShouldShowSearchBanner",
163 "SpecialMessageActionDispatch",
165 RPMAddMessageListener: ["*"],
166 RPMRemoveMessageListener: ["*"],
167 RPMGetFormatURLPref: [
168 "app.support.baseURL",
169 "browser.privatebrowsing.vpnpromourl",
171 RPMIsWindowPrivate: ["*"],
172 RPMGetBoolPref: ["browser.privatebrowsing.felt-privacy-v1"],
174 "about:protections": {
175 RPMSendAsyncMessage: [
176 "OpenContentBlockingPreferences",
178 "OpenSyncPreferences",
183 "FetchUserLoginsData",
185 "FetchContentBlockingEvents",
186 "FetchMobileDeviceConnected",
192 RPMAddMessageListener: ["*"],
193 RPMRemoveMessageListener: ["*"],
195 "browser.contentblocking.report.show_mobile_app",
196 "browser.contentblocking.report.hide_vpn_banner",
199 "browser.contentblocking.report.lockwise.enabled",
200 "browser.contentblocking.report.monitor.enabled",
201 "privacy.fingerprintingProtection",
202 "privacy.socialtracking.block_cookies.enabled",
203 "browser.contentblocking.report.proxy.enabled",
204 "privacy.trackingprotection.cryptomining.enabled",
205 "privacy.trackingprotection.fingerprinting.enabled",
206 "privacy.trackingprotection.enabled",
207 "privacy.trackingprotection.socialtracking.enabled",
208 "browser.contentblocking.report.show_mobile_app",
209 "browser.contentblocking.report.hide_vpn_banner",
210 "browser.vpn_promo.enabled",
213 "browser.contentblocking.category",
214 "browser.contentblocking.report.monitor.url",
215 "browser.contentblocking.report.monitor.sign_in_url",
216 "browser.contentblocking.report.manage_devices.url",
217 "browser.contentblocking.report.proxy_extension.url",
218 "browser.contentblocking.report.lockwise.mobile-android.url",
219 "browser.contentblocking.report.lockwise.mobile-ios.url",
220 "browser.contentblocking.report.mobile-ios.url",
221 "browser.contentblocking.report.mobile-android.url",
222 "browser.contentblocking.report.vpn.url",
223 "browser.contentblocking.report.vpn-promo.url",
224 "browser.contentblocking.report.vpn-android.url",
225 "browser.contentblocking.report.vpn-ios.url",
227 RPMGetIntPref: ["network.cookie.cookieBehavior"],
228 RPMGetFormatURLPref: [
229 "browser.contentblocking.report.monitor.how_it_works.url",
230 "browser.contentblocking.report.lockwise.how_it_works.url",
231 "browser.contentblocking.report.monitor.preferences_url",
232 "browser.contentblocking.report.monitor.home_page_url",
233 "browser.contentblocking.report.social.url",
234 "browser.contentblocking.report.cookie.url",
235 "browser.contentblocking.report.tracker.url",
236 "browser.contentblocking.report.fingerprinter.url",
237 "browser.contentblocking.report.cryptominer.url",
239 RPMRecordTelemetryEvent: ["*"],
241 "about:shoppingsidebar": {
243 "browser.shopping.experience2023.optedIn",
244 "browser.shopping.experience2023.active",
245 "browser.shopping.experience2023.ads.userEnabled",
246 "browser.shopping.experience2023.sidebarClosedCount",
247 "browser.shopping.experience2023.showKeepSidebarClosedMessage",
248 "browser.shopping.experience2023.autoOpen.userEnabled",
250 RPMGetFormatURLPref: ["app.support.baseURL"],
251 RPMGetIntPref: ["browser.shopping.experience2023.sidebarClosedCount"],
253 "browser.shopping.experience2023.showKeepSidebarClosedMessage",
256 "about:tabcrashed": {
257 RPMSendAsyncMessage: ["Load", "closeTab", "restoreTab", "restoreAll"],
258 RPMAddMessageListener: ["*"],
259 RPMRemoveMessageListener: ["*"],
262 RPMSendAsyncMessage: ["ActivityStream:ContentToMain"],
263 RPMAddMessageListener: ["ActivityStream:MainToContent"],
268 * Check if access is allowed to the given feature for a given document.
269 * This should be called from within the child process.
271 * The feature within the accessMap must list the given aValue, for access to
274 * @param aDocument child process document to call from
275 * @param aFeature to feature to check access to
276 * @param aValue value that must be included with that feature's allow list
277 * @returns true if access is allowed or false otherwise
279 checkAllowAccess(aDocument, aFeature, aValue) {
280 let principal = aDocument.nodePrincipal;
281 // if there is no content principal; deny access
286 return this.checkAllowAccessWithPrincipal(
295 * Check if access is allowed to the given feature for a given principal.
296 * This may be called from within the child or parent process.
298 * The feature within the accessMap must list the given aValue, for access to
301 * In the parent process, the passed-in document is expected to be null.
303 * @param aPrincipal principal being called from
304 * @param aFeature to feature to check access to
305 * @param aValue value that must be included with that feature's allow list
306 * @param aDocument optional child process document to call from
307 * @returns true if access is allowed or false otherwise
309 checkAllowAccessWithPrincipal(aPrincipal, aFeature, aValue, aDocument) {
310 let accessMapForFeature = this.checkAllowAccessToFeature(
315 if (!accessMapForFeature) {
317 "RemotePageAccessManager does not allow access to Feature: ",
326 // If the actual value is in the allow list for that feature;
328 if (accessMapForFeature.includes(aValue) || accessMapForFeature[0] == "*") {
336 * Check if a particular feature can be accessed without checking for a
337 * specific feature value.
339 * @param aPrincipal principal being called from
340 * @param aFeature to feature to check access to
341 * @param aDocument optional child process document to call from
342 * @returns non-null allow list if access is allowed or null otherwise
344 checkAllowAccessToFeature(aPrincipal, aFeature, aDocument) {
346 if (!aPrincipal.isContentPrincipal) {
347 // For the sake of remote pages, when the principal has no uri,
348 // we want to access the "real" document URI directly, e.g. if the
349 // about: page is sandboxed.
353 if (!aDocument.documentURIObject.schemeIs("about")) {
357 aDocument.documentURIObject.prePath +
358 aDocument.documentURIObject.filePath;
360 if (!aPrincipal.schemeIs("about")) {
363 spec = aPrincipal.prePath + aPrincipal.filePath;
366 // Check if there is an entry for that requestying URI in the accessMap;
367 // if not, deny access.
368 let accessMapForURI = this.accessMap[spec];
369 if (!accessMapForURI) {
373 // Check if the feature is allowed to be accessed for that URI;
374 // if not, deny access.
375 return accessMapForURI[aFeature];
379 * This function adds a new page to the access map, but can only
380 * be used in a test environment.
382 addPage(aUrl, aFunctionMap) {
383 if (!Cu.isInAutomation) {
384 throw new Error("Cannot only modify privileges during testing");
387 if (aUrl in this.accessMap) {
388 throw new Error("Cannot modify privileges of existing page");
391 this.accessMap[aUrl] = aFunctionMap;