From d84eff858768003b78206a08369291dc52b1b33d Mon Sep 17 00:00:00 2001
From: Mugurell <Mugurell@users.noreply.github.com>
Date: Mon, 13 Dec 2021 20:15:24 +0200
Subject: [PATCH] [components] For
 https://github.com/mozilla-mobile/android-components/issues/10739 - Add
 support for the Storage Access API prompt

---
 .../gecko/permission/GeckoPermissionRequest.kt     |   4 +-
 .../permission/GeckoSitePermissionsStorage.kt      |  24 +++++
 .../permission/GeckoSitePermissionsStorageTest.kt  |  93 +++++++++++++++++--
 .../concept/engine/permission/PermissionRequest.kt |   2 +
 .../concept/engine/permission/SitePermissions.kt   |   2 +
 .../engine/permission/SitePermissionsStorage.kt    |   2 +-
 .../feature/sitepermissions/build.gradle           |   1 +
 .../8.json                                         | 100 ++++++++++++++++++++
 .../OnDiskSitePermissionsStorage.kt                |   2 +
 .../SitePermissionsDialogFragment.kt               |  30 +++++-
 .../sitepermissions/SitePermissionsFeature.kt      |  86 +++++++++++++++++
 .../sitepermissions/SitePermissionsRules.kt        |   7 +-
 .../sitepermissions/db/SitePermissionsDatabase.kt  |  18 +++-
 .../sitepermissions/db/SitePermissionsEntity.kt    |   5 +
 .../res/layout/mozac_site_permissions_prompt.xml   |  41 +++++++-
 .../src/main/res/values/strings.xml                |   8 ++
 .../OnDiskSitePermissionsStorageTest.kt            |   2 +
 .../SitePermissionsDialogFragmentTest.kt           | 103 +++++++++++++++++++++
 .../sitepermissions/SitePermissionsFeatureTest.kt  |  78 ++++++++++++++++
 .../sitepermissions/SitePermissionsRulesTest.kt    |  11 +++
 .../sitepermissions/db/SitePermissionEntityTest.kt |   4 +
 .../src/main/res/drawable/mozac_ic_cookies.xml     |  14 +++
 .../android/android-components/docs/changelog.md   |   3 +
 .../mozilla/samples/browser/BaseBrowserFragment.kt |   3 +-
 24 files changed, 628 insertions(+), 15 deletions(-)
 create mode 100644 mobile/android/android-components/components/feature/sitepermissions/schemas/mozilla.components.feature.sitepermissions.db.SitePermissionsDatabase/8.json
 create mode 100644 mobile/android/android-components/components/ui/icons/src/main/res/drawable/mozac_ic_cookies.xml

diff --git a/mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/permission/GeckoPermissionRequest.kt b/mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/permission/GeckoPermissionRequest.kt
index 20cc8dbdf0d6..49cb6f517c31 100644
--- a/mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/permission/GeckoPermissionRequest.kt
+++ b/mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/permission/GeckoPermissionRequest.kt
@@ -27,6 +27,7 @@ import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_DESKTOP_
 import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_GEOLOCATION
 import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_MEDIA_KEY_SYSTEM_ACCESS
 import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_PERSISTENT_STORAGE
+import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_STORAGE_ACCESS
 import java.util.UUID
 
 /**
@@ -66,7 +67,8 @@ sealed class GeckoPermissionRequest constructor(
                 PERMISSION_AUTOPLAY_AUDIBLE to Permission.ContentAutoPlayAudible(),
                 PERMISSION_AUTOPLAY_INAUDIBLE to Permission.ContentAutoPlayInaudible(),
                 PERMISSION_PERSISTENT_STORAGE to Permission.ContentPersistentStorage(),
-                PERMISSION_MEDIA_KEY_SYSTEM_ACCESS to Permission.ContentMediaKeySystemAccess()
+                PERMISSION_MEDIA_KEY_SYSTEM_ACCESS to Permission.ContentMediaKeySystemAccess(),
+                PERMISSION_STORAGE_ACCESS to Permission.ContentCrossOriginStorageAccess()
             )
         }
 
diff --git a/mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/permission/GeckoSitePermissionsStorage.kt b/mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/permission/GeckoSitePermissionsStorage.kt
index 801a443b4a3a..d00b92b169ee 100644
--- a/mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/permission/GeckoSitePermissionsStorage.kt
+++ b/mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/permission/GeckoSitePermissionsStorage.kt
@@ -18,6 +18,7 @@ import mozilla.components.concept.engine.permission.SitePermissions.Status.ALLOW
 import mozilla.components.concept.engine.permission.SitePermissions.Status.BLOCKED
 import mozilla.components.concept.engine.permission.SitePermissions.Status.NO_DECISION
 import mozilla.components.concept.engine.permission.SitePermissionsStorage
+import mozilla.components.support.ktx.kotlin.stripDefaultPort
 import mozilla.components.support.ktx.kotlin.tryGetHostFromUrl
 import org.mozilla.geckoview.GeckoRuntime
 import org.mozilla.geckoview.GeckoSession.PermissionDelegate.ContentPermission
@@ -30,6 +31,7 @@ import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_DESKTOP_
 import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_GEOLOCATION
 import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_MEDIA_KEY_SYSTEM_ACCESS
 import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_PERSISTENT_STORAGE
+import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_STORAGE_ACCESS
 import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_TRACKING
 import org.mozilla.geckoview.StorageController
 import org.mozilla.geckoview.StorageController.ClearFlags
@@ -154,6 +156,7 @@ class GeckoSitePermissionsStorage(
             val geckoLocation = geckoPermissionsByType[PERMISSION_GEOLOCATION]?.firstOrNull()
             val geckoMedia = geckoPermissionsByType[PERMISSION_MEDIA_KEY_SYSTEM_ACCESS]?.firstOrNull()
             val geckoLocalStorage = geckoPermissionsByType[PERMISSION_PERSISTENT_STORAGE]?.firstOrNull()
+            val geckoCrossOriginStorageAccess = geckoPermissionsByType[PERMISSION_STORAGE_ACCESS]?.firstOrNull()
             val geckoAudible = geckoPermissionsByType[PERMISSION_AUTOPLAY_AUDIBLE]?.firstOrNull()
             val geckoInAudible = geckoPermissionsByType[PERMISSION_AUTOPLAY_INAUDIBLE]?.firstOrNull()
 
@@ -199,6 +202,15 @@ class GeckoSitePermissionsStorage(
                 updatedPermission = updatedPermission.copy(localStorage = NO_DECISION)
             }
 
+            if (geckoCrossOriginStorageAccess != null) {
+                removeTemporaryPermissionIfAny(geckoCrossOriginStorageAccess)
+                geckoStorage.setPermission(
+                    geckoCrossOriginStorageAccess,
+                    userSitePermissions.crossOriginStorageAccess.toGeckoStatus()
+                )
+                updatedPermission = updatedPermission.copy(crossOriginStorageAccess = NO_DECISION)
+            }
+
             if (geckoAudible != null) {
                 removeTemporaryPermissionIfAny(geckoAudible)
                 geckoStorage.setPermission(
@@ -241,6 +253,12 @@ class GeckoSitePermissionsStorage(
             val geckoLocation = geckoPermissionByType[PERMISSION_GEOLOCATION]?.firstOrNull()
             val geckoMedia = geckoPermissionByType[PERMISSION_MEDIA_KEY_SYSTEM_ACCESS]?.firstOrNull()
             val geckoStorage = geckoPermissionByType[PERMISSION_PERSISTENT_STORAGE]?.firstOrNull()
+            // Currently we'll receive the "storage_access" permission for all iframes of the same parent
+            // so we need to ensure we are reporting the permission for the current iframe request.
+            // See https://bugzilla.mozilla.org/show_bug.cgi?id=1746436 for more details.
+            val geckoCrossOriginStorageAccess = geckoPermissionByType[PERMISSION_STORAGE_ACCESS]?.firstOrNull {
+                it.thirdPartyOrigin == onDiskPermissions.origin.stripDefaultPort()
+            }
             val geckoAudible = geckoPermissionByType[PERMISSION_AUTOPLAY_AUDIBLE]?.firstOrNull()
             val geckoInAudible = geckoPermissionByType[PERMISSION_AUTOPLAY_INAUDIBLE]?.firstOrNull()
 
@@ -272,6 +290,12 @@ class GeckoSitePermissionsStorage(
                 )
             }
 
+            if (geckoCrossOriginStorageAccess != null && geckoCrossOriginStorageAccess.value != VALUE_PROMPT) {
+                combinedPermissions = combinedPermissions?.copy(
+                    crossOriginStorageAccess = geckoCrossOriginStorageAccess.value.toStatus()
+                )
+            }
+
             /**
              * Autoplay permissions don't have initial values, so when the value is changed on
              * the gecko storage we trust it.
diff --git a/mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/permission/GeckoSitePermissionsStorageTest.kt b/mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/permission/GeckoSitePermissionsStorageTest.kt
index 923edc711dfa..2d87ec73602a 100644
--- a/mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/permission/GeckoSitePermissionsStorageTest.kt
+++ b/mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/permission/GeckoSitePermissionsStorageTest.kt
@@ -41,6 +41,7 @@ import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_DESKTOP_
 import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_GEOLOCATION
 import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_MEDIA_KEY_SYSTEM_ACCESS
 import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_PERSISTENT_STORAGE
+import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_STORAGE_ACCESS
 import org.mozilla.geckoview.GeckoSession.PermissionDelegate.PERMISSION_TRACKING
 import org.mozilla.geckoview.StorageController
 import org.mozilla.geckoview.StorageController.ClearFlags
@@ -116,6 +117,23 @@ class GeckoSitePermissionsStorageTest {
     }
 
     @Test
+    fun `GIVEN a crossOriginStorageAccess permission WHEN saving THEN the permission is saved in the gecko storage and set to the default value on the disk storage`() = runBlockingTest {
+        val sitePermissions = createNewSitePermission().copy(crossOriginStorageAccess = BLOCKED)
+        val geckoPermissions = geckoContentPermission("mozilla.org", PERMISSION_STORAGE_ACCESS)
+        val geckoRequest = GeckoPermissionRequest.Content("mozilla.org", PERMISSION_STORAGE_ACCESS, geckoPermissions, mock())
+        val permissionsCaptor = argumentCaptor<SitePermissions>()
+
+        doReturn(Unit).`when`(geckoStorage).clearGeckoCacheFor(sitePermissions.origin)
+
+        geckoStorage.save(sitePermissions, geckoRequest)
+
+        verify(onDiskStorage).save(permissionsCaptor.capture(), any())
+
+        assertEquals(NO_DECISION, permissionsCaptor.value.crossOriginStorageAccess)
+        verify(storageController).setPermission(geckoPermissions, VALUE_DENY)
+    }
+
+    @Test
     fun `GIVEN a mediaKeySystemAccess permission WHEN saving THEN the permission is saved in the gecko storage and set to the default value on the disk storage`() = runBlockingTest {
         val sitePermissions = createNewSitePermission().copy(mediaKeySystemAccess = ALLOWED)
         val geckoPermissions = geckoContentPermission("mozilla.org", PERMISSION_MEDIA_KEY_SYSTEM_ACCESS)
@@ -204,7 +222,8 @@ class GeckoSitePermissionsStorageTest {
     @Test
     fun `GIVEN multiple saved temporary permissions WHEN clearing all temporary permission THEN all permissions are cleared`() = runBlockingTest {
         val geckoAutoPlayPermissions = geckoContentPermission("mozilla.org", PERMISSION_AUTOPLAY_AUDIBLE)
-        val geckoStoragePermissions = geckoContentPermission("mozilla.org", PERMISSION_PERSISTENT_STORAGE)
+        val geckoPersistentStoragePermissions = geckoContentPermission("mozilla.org", PERMISSION_PERSISTENT_STORAGE)
+        val geckoStorageAccessPermissions = geckoContentPermission("mozilla.org", PERMISSION_STORAGE_ACCESS)
         val geckoRequest = GeckoPermissionRequest.Content("mozilla.org", PERMISSION_AUTOPLAY_AUDIBLE, geckoAutoPlayPermissions, mock())
 
         assertTrue(geckoStorage.geckoTemporaryPermissions.isEmpty())
@@ -213,14 +232,19 @@ class GeckoSitePermissionsStorageTest {
 
         assertEquals(1, geckoStorage.geckoTemporaryPermissions.size)
 
-        geckoStorage.saveTemporary(geckoRequest.copy(geckoPermission = geckoStoragePermissions))
+        geckoStorage.saveTemporary(geckoRequest.copy(geckoPermission = geckoPersistentStoragePermissions))
 
         assertEquals(2, geckoStorage.geckoTemporaryPermissions.size)
 
+        geckoStorage.saveTemporary(geckoRequest.copy(geckoPermission = geckoStorageAccessPermissions))
+
+        assertEquals(3, geckoStorage.geckoTemporaryPermissions.size)
+
         geckoStorage.clearTemporaryPermissions()
 
         verify(storageController).setPermission(geckoAutoPlayPermissions, VALUE_PROMPT)
-        verify(storageController).setPermission(geckoStoragePermissions, VALUE_PROMPT)
+        verify(storageController).setPermission(geckoPersistentStoragePermissions, VALUE_PROMPT)
+        verify(storageController).setPermission(geckoStorageAccessPermissions, VALUE_PROMPT)
 
         assertTrue(geckoStorage.geckoTemporaryPermissions.isEmpty())
     }
@@ -256,6 +280,7 @@ class GeckoSitePermissionsStorageTest {
         val sitePermissions = SitePermissions(
             origin = "mozilla.dev",
             localStorage = ALLOWED,
+            crossOriginStorageAccess = ALLOWED,
             location = ALLOWED,
             notification = ALLOWED,
             microphone = ALLOWED,
@@ -272,7 +297,8 @@ class GeckoSitePermissionsStorageTest {
             geckoContentPermission(type = PERMISSION_MEDIA_KEY_SYSTEM_ACCESS),
             geckoContentPermission(type = PERMISSION_PERSISTENT_STORAGE),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_AUDIBLE),
-            geckoContentPermission(type = PERMISSION_AUTOPLAY_INAUDIBLE)
+            geckoContentPermission(type = PERMISSION_AUTOPLAY_INAUDIBLE),
+            geckoContentPermission(type = PERMISSION_STORAGE_ACCESS)
         )
 
         doReturn(geckoPermissions).`when`(geckoStorage).findGeckoContentPermissionBy(anyString(), anyBoolean())
@@ -288,6 +314,7 @@ class GeckoSitePermissionsStorageTest {
         assertEquals(NO_DECISION, permission.location)
         assertEquals(NO_DECISION, permission.notification)
         assertEquals(NO_DECISION, permission.localStorage)
+        assertEquals(NO_DECISION, permission.crossOriginStorageAccess)
         assertEquals(NO_DECISION, permission.mediaKeySystemAccess)
         assertEquals(ALLOWED, permission.camera)
         assertEquals(ALLOWED, permission.microphone)
@@ -300,6 +327,7 @@ class GeckoSitePermissionsStorageTest {
         val sitePermissions = SitePermissions(
             origin = "mozilla.dev",
             localStorage = ALLOWED,
+            crossOriginStorageAccess = ALLOWED,
             location = ALLOWED,
             notification = ALLOWED,
             microphone = ALLOWED,
@@ -315,6 +343,7 @@ class GeckoSitePermissionsStorageTest {
             geckoContentPermission(type = PERMISSION_DESKTOP_NOTIFICATION, value = VALUE_ALLOW),
             geckoContentPermission(type = PERMISSION_MEDIA_KEY_SYSTEM_ACCESS, value = VALUE_ALLOW),
             geckoContentPermission(type = PERMISSION_PERSISTENT_STORAGE, value = VALUE_ALLOW),
+            geckoContentPermission(type = PERMISSION_STORAGE_ACCESS, value = VALUE_ALLOW),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_AUDIBLE, value = VALUE_ALLOW),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_INAUDIBLE, value = VALUE_ALLOW)
         )
@@ -327,6 +356,7 @@ class GeckoSitePermissionsStorageTest {
         assertEquals(ALLOWED, foundPermissions.location)
         assertEquals(ALLOWED, foundPermissions.notification)
         assertEquals(ALLOWED, foundPermissions.localStorage)
+        assertEquals(ALLOWED, foundPermissions.crossOriginStorageAccess)
         assertEquals(ALLOWED, foundPermissions.mediaKeySystemAccess)
         assertEquals(ALLOWED, foundPermissions.camera)
         assertEquals(ALLOWED, foundPermissions.microphone)
@@ -339,6 +369,7 @@ class GeckoSitePermissionsStorageTest {
         val onDiskPermissions = SitePermissions(
             origin = "mozilla.dev",
             localStorage = ALLOWED,
+            crossOriginStorageAccess = ALLOWED,
             location = ALLOWED,
             notification = ALLOWED,
             microphone = ALLOWED,
@@ -354,6 +385,7 @@ class GeckoSitePermissionsStorageTest {
             geckoContentPermission(type = PERMISSION_DESKTOP_NOTIFICATION, value = VALUE_DENY),
             geckoContentPermission(type = PERMISSION_MEDIA_KEY_SYSTEM_ACCESS, value = VALUE_DENY),
             geckoContentPermission(type = PERMISSION_PERSISTENT_STORAGE, value = VALUE_DENY),
+            geckoContentPermission(type = PERMISSION_STORAGE_ACCESS, value = VALUE_DENY),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_AUDIBLE, value = VALUE_DENY),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_INAUDIBLE, value = VALUE_DENY)
         ).groupByType()
@@ -363,6 +395,7 @@ class GeckoSitePermissionsStorageTest {
         assertEquals(BLOCKED, mergedPermissions.location)
         assertEquals(BLOCKED, mergedPermissions.notification)
         assertEquals(BLOCKED, mergedPermissions.localStorage)
+        assertEquals(BLOCKED, mergedPermissions.crossOriginStorageAccess)
         assertEquals(BLOCKED, mergedPermissions.mediaKeySystemAccess)
         assertEquals(ALLOWED, mergedPermissions.camera)
         assertEquals(ALLOWED, mergedPermissions.microphone)
@@ -375,6 +408,7 @@ class GeckoSitePermissionsStorageTest {
         val onDiskPermissions = SitePermissions(
             origin = "mozilla.dev",
             localStorage = ALLOWED,
+            crossOriginStorageAccess = ALLOWED,
             location = ALLOWED,
             notification = ALLOWED,
             microphone = ALLOWED,
@@ -394,6 +428,7 @@ class GeckoSitePermissionsStorageTest {
         assertEquals(BLOCKED, mergedPermissions.location)
         assertEquals(ALLOWED, mergedPermissions.notification)
         assertEquals(ALLOWED, mergedPermissions.localStorage)
+        assertEquals(ALLOWED, mergedPermissions.crossOriginStorageAccess)
         assertEquals(ALLOWED, mergedPermissions.mediaKeySystemAccess)
         assertEquals(ALLOWED, mergedPermissions.camera)
         assertEquals(ALLOWED, mergedPermissions.microphone)
@@ -402,6 +437,40 @@ class GeckoSitePermissionsStorageTest {
     }
 
     @Test
+    fun `GIVEN different cross_origin_storage_access permissions WHEN mergePermissions is called THEN they are filtered by origin url`() {
+        val onDiskPermissions = SitePermissions(
+            origin = "mozilla.dev",
+            localStorage = ALLOWED,
+            crossOriginStorageAccess = NO_DECISION,
+            location = ALLOWED,
+            notification = ALLOWED,
+            microphone = ALLOWED,
+            camera = ALLOWED,
+            bluetooth = ALLOWED,
+            mediaKeySystemAccess = ALLOWED,
+            autoplayAudible = AutoplayStatus.ALLOWED,
+            autoplayInaudible = AutoplayStatus.ALLOWED,
+            savedAt = 0
+        )
+        val geckoPermission1 = geckoContentPermission(
+            type = PERMISSION_STORAGE_ACCESS, value = VALUE_DENY, thirdPartyOrigin = "mozilla.com"
+        )
+        val geckoPermission2 = geckoContentPermission(
+            type = PERMISSION_STORAGE_ACCESS, value = VALUE_ALLOW, thirdPartyOrigin = "mozilla.dev"
+        )
+        val geckoPermission3 = geckoContentPermission(
+            type = PERMISSION_STORAGE_ACCESS, value = VALUE_PROMPT, thirdPartyOrigin = "mozilla.org"
+        )
+
+        val mergedPermissions = geckoStorage.mergePermissions(
+            onDiskPermissions,
+            mapOf(PERMISSION_STORAGE_ACCESS to listOf(geckoPermission1, geckoPermission2, geckoPermission3))
+        )
+
+        assertEquals(onDiskPermissions.copy(crossOriginStorageAccess = ALLOWED), mergedPermissions!!)
+    }
+
+    @Test
     fun `WHEN removing a site permissions THEN permissions should be removed from the on disk and gecko storage`() = runBlockingTest {
         val onDiskPermissions = createNewSitePermission()
 
@@ -420,6 +489,7 @@ class GeckoSitePermissionsStorageTest {
             geckoContentPermission(type = PERMISSION_DESKTOP_NOTIFICATION),
             geckoContentPermission(type = PERMISSION_MEDIA_KEY_SYSTEM_ACCESS),
             geckoContentPermission(type = PERMISSION_PERSISTENT_STORAGE),
+            geckoContentPermission(type = PERMISSION_STORAGE_ACCESS),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_AUDIBLE),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_INAUDIBLE),
             geckoContentPermission(type = PERMISSION_TRACKING)
@@ -449,6 +519,7 @@ class GeckoSitePermissionsStorageTest {
             geckoContentPermission(type = PERMISSION_MEDIA_KEY_SYSTEM_ACCESS),
             geckoContentPermission(type = PERMISSION_MEDIA_KEY_SYSTEM_ACCESS),
             geckoContentPermission(type = PERMISSION_PERSISTENT_STORAGE),
+            geckoContentPermission(type = PERMISSION_STORAGE_ACCESS),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_AUDIBLE),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_INAUDIBLE),
             geckoContentPermission(type = PERMISSION_TRACKING)
@@ -458,7 +529,7 @@ class GeckoSitePermissionsStorageTest {
 
         geckoStorage.geckoTemporaryPermissions.addAll(geckoPermissions)
 
-        assertEquals(9, geckoStorage.geckoTemporaryPermissions.size)
+        assertEquals(10, geckoStorage.geckoTemporaryPermissions.size)
 
         geckoPermissions.forEach {
             geckoStorage.removeTemporaryPermissionIfAny(it)
@@ -485,6 +556,7 @@ class GeckoSitePermissionsStorageTest {
             geckoContentPermission(type = PERMISSION_DESKTOP_NOTIFICATION),
             geckoContentPermission(type = PERMISSION_MEDIA_KEY_SYSTEM_ACCESS),
             geckoContentPermission(type = PERMISSION_PERSISTENT_STORAGE),
+            geckoContentPermission(type = PERMISSION_STORAGE_ACCESS),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_AUDIBLE),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_INAUDIBLE),
             geckoContentPermission(type = PERMISSION_TRACKING)
@@ -506,6 +578,7 @@ class GeckoSitePermissionsStorageTest {
         val onDiskPermissions = SitePermissions(
             origin = "mozilla.dev",
             localStorage = ALLOWED,
+            crossOriginStorageAccess = ALLOWED,
             location = ALLOWED,
             notification = ALLOWED,
             microphone = ALLOWED,
@@ -521,6 +594,7 @@ class GeckoSitePermissionsStorageTest {
             geckoContentPermission(type = PERMISSION_DESKTOP_NOTIFICATION, value = VALUE_DENY),
             geckoContentPermission(type = PERMISSION_MEDIA_KEY_SYSTEM_ACCESS, value = VALUE_DENY),
             geckoContentPermission(type = PERMISSION_PERSISTENT_STORAGE, value = VALUE_DENY),
+            geckoContentPermission(type = PERMISSION_STORAGE_ACCESS, value = VALUE_DENY),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_AUDIBLE, value = VALUE_DENY),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_INAUDIBLE, value = VALUE_DENY)
         )
@@ -533,6 +607,7 @@ class GeckoSitePermissionsStorageTest {
         assertEquals(BLOCKED, foundPermissions.location)
         assertEquals(BLOCKED, foundPermissions.notification)
         assertEquals(BLOCKED, foundPermissions.localStorage)
+        assertEquals(BLOCKED, foundPermissions.crossOriginStorageAccess)
         assertEquals(BLOCKED, foundPermissions.mediaKeySystemAccess)
         assertEquals(ALLOWED, foundPermissions.camera)
         assertEquals(ALLOWED, foundPermissions.microphone)
@@ -550,13 +625,14 @@ class GeckoSitePermissionsStorageTest {
             geckoContentPermission(type = PERMISSION_DESKTOP_NOTIFICATION),
             geckoContentPermission(type = PERMISSION_MEDIA_KEY_SYSTEM_ACCESS),
             geckoContentPermission(type = PERMISSION_PERSISTENT_STORAGE),
+            geckoContentPermission(type = PERMISSION_STORAGE_ACCESS),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_AUDIBLE),
             geckoContentPermission(type = PERMISSION_AUTOPLAY_INAUDIBLE)
         )
 
         val filteredPermissions = geckoPermissions.filterNotTemporaryPermissions(temporary)!!
 
-        assertEquals(5, filteredPermissions.size)
+        assertEquals(6, filteredPermissions.size)
         assertFalse(filteredPermissions.any { it.permission == PERMISSION_GEOLOCATION })
     }
 
@@ -601,6 +677,7 @@ class GeckoSitePermissionsStorageTest {
         return SitePermissions(
             origin = "mozilla.dev",
             localStorage = ALLOWED,
+            crossOriginStorageAccess = BLOCKED,
             location = BLOCKED,
             notification = NO_DECISION,
             microphone = NO_DECISION,
@@ -614,10 +691,12 @@ class GeckoSitePermissionsStorageTest {
 internal fun geckoContentPermission(
     uri: String = "mozilla.dev",
     type: Int,
-    value: Int = VALUE_PROMPT
+    value: Int = VALUE_PROMPT,
+    thirdPartyOrigin: String = "mozilla.dev"
 ): ContentPermission {
     val prompt: ContentPermission = mock()
     ReflectionUtils.setField(prompt, "uri", uri)
+    ReflectionUtils.setField(prompt, "thirdPartyOrigin", thirdPartyOrigin)
     ReflectionUtils.setField(prompt, "permission", type)
     ReflectionUtils.setField(prompt, "value", value)
     return prompt
diff --git a/mobile/android/android-components/components/concept/engine/src/main/java/mozilla/components/concept/engine/permission/PermissionRequest.kt b/mobile/android/android-components/components/concept/engine/src/main/java/mozilla/components/concept/engine/permission/PermissionRequest.kt
index 8a9e845c482f..ea7dd55e50cb 100644
--- a/mobile/android/android-components/components/concept/engine/src/main/java/mozilla/components/concept/engine/permission/PermissionRequest.kt
+++ b/mobile/android/android-components/components/concept/engine/src/main/java/mozilla/components/concept/engine/permission/PermissionRequest.kt
@@ -82,6 +82,8 @@ sealed class Permission {
     data class ContentPersistentStorage(override val id: String? = "", override val desc: String? = "") : Permission()
     data class ContentMediaKeySystemAccess(override val id: String? = "", override val desc: String? = "") :
         Permission()
+    data class ContentCrossOriginStorageAccess(override val id: String? = "", override val desc: String? = "") :
+        Permission()
 
     data class AppCamera(override val id: String? = "", override val desc: String? = "") : Permission()
     data class AppAudio(override val id: String? = "", override val desc: String? = "") : Permission()
diff --git a/mobile/android/android-components/components/concept/engine/src/main/java/mozilla/components/concept/engine/permission/SitePermissions.kt b/mobile/android/android-components/components/concept/engine/src/main/java/mozilla/components/concept/engine/permission/SitePermissions.kt
index a7ee953f3764..5fd5aa1343f3 100644
--- a/mobile/android/android-components/components/concept/engine/src/main/java/mozilla/components/concept/engine/permission/SitePermissions.kt
+++ b/mobile/android/android-components/components/concept/engine/src/main/java/mozilla/components/concept/engine/permission/SitePermissions.kt
@@ -26,6 +26,7 @@ data class SitePermissions(
     val autoplayAudible: AutoplayStatus = AutoplayStatus.BLOCKED,
     val autoplayInaudible: AutoplayStatus = AutoplayStatus.ALLOWED,
     val mediaKeySystemAccess: Status = NO_DECISION,
+    val crossOriginStorageAccess: Status = NO_DECISION,
     val savedAt: Long
 ) : Parcelable {
     enum class Status(
@@ -88,6 +89,7 @@ data class SitePermissions(
             Permission.AUTOPLAY_AUDIBLE -> autoplayAudible.toStatus()
             Permission.AUTOPLAY_INAUDIBLE -> autoplayInaudible.toStatus()
             Permission.MEDIA_KEY_SYSTEM_ACCESS -> mediaKeySystemAccess
+            Permission.STORAGE_ACCESS -> crossOriginStorageAccess
         }
     }
 }
diff --git a/mobile/android/android-components/components/concept/engine/src/main/java/mozilla/components/concept/engine/permission/SitePermissionsStorage.kt b/mobile/android/android-components/components/concept/engine/src/main/java/mozilla/components/concept/engine/permission/SitePermissionsStorage.kt
index 5dfeb77b984a..0938dc8ea026 100644
--- a/mobile/android/android-components/components/concept/engine/src/main/java/mozilla/components/concept/engine/permission/SitePermissionsStorage.kt
+++ b/mobile/android/android-components/components/concept/engine/src/main/java/mozilla/components/concept/engine/permission/SitePermissionsStorage.kt
@@ -69,6 +69,6 @@ interface SitePermissionsStorage {
 
     enum class Permission {
         MICROPHONE, BLUETOOTH, CAMERA, LOCAL_STORAGE, NOTIFICATION, LOCATION, AUTOPLAY_AUDIBLE,
-        AUTOPLAY_INAUDIBLE, MEDIA_KEY_SYSTEM_ACCESS
+        AUTOPLAY_INAUDIBLE, MEDIA_KEY_SYSTEM_ACCESS, STORAGE_ACCESS
     }
 }
diff --git a/mobile/android/android-components/components/feature/sitepermissions/build.gradle b/mobile/android/android-components/components/feature/sitepermissions/build.gradle
index e38b6bce05cf..1e98454601ff 100644
--- a/mobile/android/android-components/components/feature/sitepermissions/build.gradle
+++ b/mobile/android/android-components/components/feature/sitepermissions/build.gradle
@@ -56,6 +56,7 @@ dependencies {
     implementation project(':concept-engine')
     implementation project(':ui-icons')
     implementation project(':support-ktx')
+    implementation project(':feature-tabs')
 
     implementation Dependencies.kotlin_stdlib
     implementation Dependencies.kotlin_coroutines
diff --git a/mobile/android/android-components/components/feature/sitepermissions/schemas/mozilla.components.feature.sitepermissions.db.SitePermissionsDatabase/8.json b/mobile/android/android-components/components/feature/sitepermissions/schemas/mozilla.components.feature.sitepermissions.db.SitePermissionsDatabase/8.json
new file mode 100644
index 000000000000..f0ad6daa6860
--- /dev/null
+++ b/mobile/android/android-components/components/feature/sitepermissions/schemas/mozilla.components.feature.sitepermissions.db.SitePermissionsDatabase/8.json
@@ -0,0 +1,100 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 8,
+    "identityHash": "a4391f9f5b2a6448070c7f5cefb1b086",
+    "entities": [
+      {
+        "tableName": "site_permissions",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`origin` TEXT NOT NULL, `location` INTEGER NOT NULL, `notification` INTEGER NOT NULL, `microphone` INTEGER NOT NULL, `camera` INTEGER NOT NULL, `bluetooth` INTEGER NOT NULL, `local_storage` INTEGER NOT NULL, `autoplay_audible` INTEGER NOT NULL, `autoplay_inaudible` INTEGER NOT NULL, `media_key_system_access` INTEGER NOT NULL, `cross_origin_storage_access` INTEGER NOT NULL, `saved_at` INTEGER NOT NULL, PRIMARY KEY(`origin`))",
+        "fields": [
+          {
+            "fieldPath": "origin",
+            "columnName": "origin",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "location",
+            "columnName": "location",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "notification",
+            "columnName": "notification",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "microphone",
+            "columnName": "microphone",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "camera",
+            "columnName": "camera",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "bluetooth",
+            "columnName": "bluetooth",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "localStorage",
+            "columnName": "local_storage",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "autoplayAudible",
+            "columnName": "autoplay_audible",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "autoplayInaudible",
+            "columnName": "autoplay_inaudible",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "mediaKeySystemAccess",
+            "columnName": "media_key_system_access",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "crossOriginStorageAccess",
+            "columnName": "cross_origin_storage_access",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "savedAt",
+            "columnName": "saved_at",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "columnNames": [
+            "origin"
+          ],
+          "autoGenerate": false
+        },
+        "indices": [],
+        "foreignKeys": []
+      }
+    ],
+    "views": [],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, 'a4391f9f5b2a6448070c7f5cefb1b086')"
+    ]
+  }
+}
\ No newline at end of file
diff --git a/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/OnDiskSitePermissionsStorage.kt b/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/OnDiskSitePermissionsStorage.kt
index 278b9eddd7e4..95d41c46ae10 100644
--- a/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/OnDiskSitePermissionsStorage.kt
+++ b/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/OnDiskSitePermissionsStorage.kt
@@ -28,6 +28,7 @@ import mozilla.components.concept.engine.permission.SitePermissionsStorage.Permi
 import mozilla.components.concept.engine.permission.SitePermissionsStorage.Permission.MEDIA_KEY_SYSTEM_ACCESS
 import mozilla.components.concept.engine.permission.SitePermissionsStorage.Permission.MICROPHONE
 import mozilla.components.concept.engine.permission.SitePermissionsStorage.Permission.NOTIFICATION
+import mozilla.components.concept.engine.permission.SitePermissionsStorage.Permission.STORAGE_ACCESS
 import mozilla.components.feature.sitepermissions.db.SitePermissionsDatabase
 import mozilla.components.feature.sitepermissions.db.toSitePermissionsEntity
 
@@ -118,6 +119,7 @@ class OnDiskSitePermissionsStorage(
                 map.putIfAllowed(AUTOPLAY_AUDIBLE, autoplayAudible.toStatus(), permission)
                 map.putIfAllowed(AUTOPLAY_INAUDIBLE, autoplayInaudible.toStatus(), permission)
                 map.putIfAllowed(MEDIA_KEY_SYSTEM_ACCESS, mediaKeySystemAccess, permission)
+                map.putIfAllowed(STORAGE_ACCESS, crossOriginStorageAccess, permission)
             }
         }
         return map
diff --git a/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragment.kt b/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragment.kt
index dd99a878c911..766e1cca82b4 100644
--- a/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragment.kt
+++ b/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragment.kt
@@ -28,15 +28,17 @@ internal const val KEY_TITLE = "KEY_TITLE"
 private const val KEY_DIALOG_GRAVITY = "KEY_DIALOG_GRAVITY"
 private const val KEY_DIALOG_WIDTH_MATCH_PARENT = "KEY_DIALOG_WIDTH_MATCH_PARENT"
 private const val KEY_TITLE_ICON = "KEY_TITLE_ICON"
+private const val KEY_MESSAGE = "KEY_MESSAGE"
 private const val KEY_POSITIVE_BUTTON_BACKGROUND_COLOR = "KEY_POSITIVE_BUTTON_BACKGROUND_COLOR"
 private const val KEY_POSITIVE_BUTTON_TEXT_COLOR = "KEY_POSITIVE_BUTTON_TEXT_COLOR"
+private const val KEY_SHOULD_SHOW_LEARN_MORE_LINK = "KEY_SHOULD_SHOW_LEARN_MORE_LINK"
 private const val KEY_SHOULD_SHOW_DO_NOT_ASK_AGAIN_CHECKBOX = "KEY_SHOULD_SHOW_DO_NOT_ASK_AGAIN_CHECKBOX"
 private const val KEY_SHOULD_PRESELECT_DO_NOT_ASK_AGAIN_CHECKBOX = "KEY_SHOULD_PRESELECT_DO_NOT_ASK_AGAIN_CHECKBOX"
 private const val KEY_IS_NOTIFICATION_REQUEST = "KEY_IS_NOTIFICATION_REQUEST"
 private const val DEFAULT_VALUE = Int.MAX_VALUE
 private const val KEY_PERMISSION_ID = "KEY_PERMISSION_ID"
 
-internal class SitePermissionsDialogFragment : AppCompatDialogFragment() {
+internal open class SitePermissionsDialogFragment : AppCompatDialogFragment() {
 
     // Safe Arguments
 
@@ -48,6 +50,8 @@ internal class SitePermissionsDialogFragment : AppCompatDialogFragment() {
         safeArguments.getString(KEY_TITLE, "")
     internal val icon get() =
         safeArguments.getInt(KEY_TITLE_ICON, DEFAULT_VALUE)
+    internal val message: String? get() =
+        safeArguments.getString(KEY_MESSAGE, null)
 
     internal val dialogGravity: Int get() =
         safeArguments.getInt(KEY_DIALOG_GRAVITY, DEFAULT_VALUE)
@@ -62,6 +66,8 @@ internal class SitePermissionsDialogFragment : AppCompatDialogFragment() {
     internal val isNotificationRequest get() =
         safeArguments.getBoolean(KEY_IS_NOTIFICATION_REQUEST, false)
 
+    internal val shouldShowLearnMoreLink: Boolean get() =
+        safeArguments.getBoolean(KEY_SHOULD_SHOW_LEARN_MORE_LINK, false)
     internal val shouldShowDoNotAskAgainCheckBox: Boolean get() =
         safeArguments.getBoolean(KEY_SHOULD_SHOW_DO_NOT_ASK_AGAIN_CHECKBOX, true)
     internal val shouldPreselectDoNotAskAgainCheckBox: Boolean get() =
@@ -129,6 +135,22 @@ internal class SitePermissionsDialogFragment : AppCompatDialogFragment() {
 
         rootView.findViewById<TextView>(R.id.title).text = title
         rootView.findViewById<ImageView>(R.id.icon).setImageResource(icon)
+        message?.let {
+            rootView.findViewById<TextView>(R.id.message).apply {
+                visibility = VISIBLE
+                text = it
+            }
+        }
+        if (shouldShowLearnMoreLink) {
+            rootView.findViewById<TextView>(R.id.learn_more).apply {
+                visibility = VISIBLE
+                isLongClickable = false
+                setOnClickListener {
+                    dismiss()
+                    feature?.onLearnMorePress(permissionRequestId, sessionId)
+                }
+            }
+        }
 
         val positiveButton = rootView.findViewById<Button>(R.id.allow_button)
         val negativeButton = rootView.findViewById<Button>(R.id.deny_button)
@@ -184,7 +206,9 @@ internal class SitePermissionsDialogFragment : AppCompatDialogFragment() {
             feature: SitePermissionsFeature,
             shouldShowDoNotAskAgainCheckBox: Boolean,
             shouldSelectDoNotAskAgainCheckBox: Boolean = false,
-            isNotificationRequest: Boolean = false
+            isNotificationRequest: Boolean = false,
+            message: String? = null,
+            shouldShowLearnMoreLink: Boolean = false
         ): SitePermissionsDialogFragment {
 
             val fragment = SitePermissionsDialogFragment()
@@ -194,7 +218,9 @@ internal class SitePermissionsDialogFragment : AppCompatDialogFragment() {
                 putString(KEY_SESSION_ID, sessionId)
                 putString(KEY_TITLE, title)
                 putInt(KEY_TITLE_ICON, titleIcon)
+                putString(KEY_MESSAGE, message)
                 putString(KEY_PERMISSION_ID, permissionRequestId)
+                putBoolean(KEY_SHOULD_SHOW_LEARN_MORE_LINK, shouldShowLearnMoreLink)
 
                 putBoolean(KEY_IS_NOTIFICATION_REQUEST, isNotificationRequest)
                 if (isNotificationRequest) {
diff --git a/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsFeature.kt b/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsFeature.kt
index 680fee9ead35..8e1bf1b2c6df 100644
--- a/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsFeature.kt
+++ b/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsFeature.kt
@@ -34,6 +34,7 @@ import mozilla.components.browser.state.action.ContentAction.UpdatePermissionHig
 import mozilla.components.browser.state.action.ContentAction.UpdatePermissionHighlightsStateAction.PersistentStorageChangedAction
 import mozilla.components.browser.state.selector.findTabOrCustomTabOrSelectedTab
 import mozilla.components.browser.state.state.ContentState
+import mozilla.components.browser.state.state.SessionState
 import mozilla.components.browser.state.store.BrowserStore
 import mozilla.components.concept.engine.permission.Permission
 import mozilla.components.concept.engine.permission.Permission.AppAudio
@@ -44,6 +45,7 @@ import mozilla.components.concept.engine.permission.Permission.ContentAudioCaptu
 import mozilla.components.concept.engine.permission.Permission.ContentAudioMicrophone
 import mozilla.components.concept.engine.permission.Permission.ContentAutoPlayAudible
 import mozilla.components.concept.engine.permission.Permission.ContentAutoPlayInaudible
+import mozilla.components.concept.engine.permission.Permission.ContentCrossOriginStorageAccess
 import mozilla.components.concept.engine.permission.Permission.ContentGeoLocation
 import mozilla.components.concept.engine.permission.Permission.ContentMediaKeySystemAccess
 import mozilla.components.concept.engine.permission.Permission.ContentNotification
@@ -56,17 +58,22 @@ import mozilla.components.concept.engine.permission.SitePermissions.Status.ALLOW
 import mozilla.components.concept.engine.permission.SitePermissions.Status.BLOCKED
 import mozilla.components.concept.engine.permission.SitePermissionsStorage
 import mozilla.components.feature.sitepermissions.SitePermissionsFeature.DialogConfig
+import mozilla.components.feature.tabs.TabsUseCases.SelectOrAddUseCase
 import mozilla.components.lib.state.ext.flowScoped
 import mozilla.components.support.base.feature.LifecycleAwareFeature
 import mozilla.components.support.base.feature.OnNeedToRequestPermissions
 import mozilla.components.support.base.feature.PermissionsFeature
 import mozilla.components.support.ktx.android.content.isPermissionGranted
 import mozilla.components.support.ktx.kotlin.getOrigin
+import mozilla.components.support.ktx.kotlin.stripDefaultPort
 import mozilla.components.support.ktx.kotlinx.coroutines.flow.filterChanged
 import mozilla.components.support.ktx.kotlinx.coroutines.flow.ifChanged
 import java.security.InvalidParameterException
 
 internal const val FRAGMENT_TAG = "mozac_feature_sitepermissions_prompt_dialog"
+@VisibleForTesting
+internal const val STORAGE_ACCESS_DOCUMENTATION_URL =
+    "https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API"
 
 /**
  * This feature will collect [PermissionRequest] from [ContentState] and display
@@ -99,6 +106,10 @@ class SitePermissionsFeature(
     val onShouldShowRequestPermissionRationale: (permission: String) -> Boolean,
     private val store: BrowserStore
 ) : LifecycleAwareFeature, PermissionsFeature {
+    @VisibleForTesting
+    internal val selectOrAddUseCase by lazy {
+        SelectOrAddUseCase(store)
+    }
 
     internal val ioCoroutineScope by lazy { coroutineScopeInitializer() }
 
@@ -311,6 +322,27 @@ class SitePermissionsFeature(
         }
     }
 
+    internal fun onLearnMorePress(
+        permissionId: String,
+        sessionId: String,
+    ) {
+        findRequestedPermission(permissionId)?.let { permissionRequest ->
+            consumePermissionRequest(permissionRequest, sessionId)
+            onContentPermissionDeny(permissionRequest, false)
+
+            val permission = permissionRequest.permissions.first()
+            if (permission is ContentCrossOriginStorageAccess) {
+                store.state.findTabOrCustomTabOrSelectedTab(sessionId)?.let {
+                    selectOrAddUseCase.invoke(
+                        url = STORAGE_ACCESS_DOCUMENTATION_URL,
+                        private = it.content.private,
+                        source = SessionState.Source.Internal.TextSelection
+                    )
+                }
+            }
+        }
+    }
+
     internal fun onDismiss(
         permissionId: String,
         sessionId: String
@@ -559,6 +591,9 @@ class SitePermissionsFeature(
                 is ContentMediaKeySystemAccess -> {
                     permissionFromStore.mediaKeySystemAccess.doNotAskAgain()
                 }
+                is ContentCrossOriginStorageAccess -> {
+                    permissionFromStore.crossOriginStorageAccess.doNotAskAgain()
+                }
                 else -> false
             }
         }
@@ -656,6 +691,9 @@ class SitePermissionsFeature(
             is ContentMediaKeySystemAccess -> {
                 sitePermissions.copy(mediaKeySystemAccess = status)
             }
+            is ContentCrossOriginStorageAccess -> {
+                sitePermissions.copy(crossOriginStorageAccess = status)
+            }
             else ->
                 throw InvalidParameterException("$permission is not a valid permission.")
         }
@@ -761,6 +799,15 @@ class SitePermissionsFeature(
                     shouldSelectRememberChoice = true
                 )
             }
+            is ContentCrossOriginStorageAccess -> {
+                createContentCrossOriginStorageAccessPermissionPrompt(
+                    context = context,
+                    host = host,
+                    permissionRequest = permissionRequest,
+                    showDoNotAskAgainCheckBox = false,
+                    shouldSelectRememberChoice = true
+                )
+            }
             else ->
                 throw InvalidParameterException("$permission is not a valid permission.")
         }
@@ -795,6 +842,41 @@ class SitePermissionsFeature(
         )
     }
 
+    @VisibleForTesting
+    internal fun createContentCrossOriginStorageAccessPermissionPrompt(
+        context: Context,
+        host: String,
+        permissionRequest: PermissionRequest,
+        showDoNotAskAgainCheckBox: Boolean,
+        shouldSelectRememberChoice: Boolean,
+    ): SitePermissionsDialogFragment {
+        val currentSession = store.state.findTabOrCustomTabOrSelectedTab(sessionId)
+            ?: throw IllegalStateException("Unable to find session for $sessionId or selected session")
+
+        val title = context.getString(
+            R.string.mozac_feature_sitepermissions_storage_access_title,
+            host.stripDefaultPort(),
+            currentSession.content.url.stripDefaultPort()
+        )
+        val message = context.getString(
+            R.string.mozac_feature_sitepermissions_storage_access_message,
+            host.stripDefaultPort()
+        )
+
+        return SitePermissionsDialogFragment.newInstance(
+            sessionId = currentSession.id,
+            title = title,
+            titleIcon = R.drawable.mozac_ic_cookies,
+            message = message,
+            permissionRequestId = permissionRequest.id,
+            feature = this,
+            shouldShowDoNotAskAgainCheckBox = showDoNotAskAgainCheckBox,
+            isNotificationRequest = false,
+            shouldSelectDoNotAskAgainCheckBox = shouldSelectRememberChoice,
+            shouldShowLearnMoreLink = true
+        )
+    }
+
     private val PermissionRequest.isMedia: Boolean
         get() {
             return when (permissions.first()) {
@@ -896,6 +978,9 @@ internal fun isPermissionGranted(
         is ContentPersistentStorage -> {
             permissionFromStorage.localStorage.isAllowed()
         }
+        is ContentCrossOriginStorageAccess -> {
+            permissionFromStorage.crossOriginStorageAccess.isAllowed()
+        }
         is ContentMediaKeySystemAccess -> {
             permissionFromStorage.mediaKeySystemAccess.isAllowed()
         }
@@ -915,6 +1000,7 @@ private fun Permission.isSupported(): Boolean {
         is ContentGeoLocation,
         is ContentNotification,
         is ContentPersistentStorage,
+        is ContentCrossOriginStorageAccess,
         is ContentAudioCapture, is ContentAudioMicrophone,
         is ContentVideoCamera, is ContentVideoCapture,
         is ContentAutoPlayAudible, is ContentAutoPlayInaudible,
diff --git a/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsRules.kt b/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsRules.kt
index 8c81a1feace5..01db7b8f792e 100644
--- a/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsRules.kt
+++ b/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/SitePermissionsRules.kt
@@ -22,7 +22,8 @@ data class SitePermissionsRules constructor(
     val autoplayAudible: AutoplayAction,
     val autoplayInaudible: AutoplayAction,
     val persistentStorage: Action,
-    val mediaKeySystemAccess: Action
+    val mediaKeySystemAccess: Action,
+    val crossOriginStorageAccess: Action,
 ) {
 
     enum class Action {
@@ -88,6 +89,9 @@ data class SitePermissionsRules constructor(
             is Permission.ContentMediaKeySystemAccess -> {
                 mediaKeySystemAccess
             }
+            is Permission.ContentCrossOriginStorageAccess -> {
+                crossOriginStorageAccess
+            }
             else -> ASK_TO_ALLOW
         }
     }
@@ -114,6 +118,7 @@ data class SitePermissionsRules constructor(
             autoplayInaudible = autoplayInaudible.toAutoplayStatus(),
             localStorage = persistentStorage.toStatus(),
             mediaKeySystemAccess = mediaKeySystemAccess.toStatus(),
+            crossOriginStorageAccess = crossOriginStorageAccess.toStatus(),
             savedAt = savedAt
         )
     }
diff --git a/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/db/SitePermissionsDatabase.kt b/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/db/SitePermissionsDatabase.kt
index 20205fb09d08..442858fbef4e 100644
--- a/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/db/SitePermissionsDatabase.kt
+++ b/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/db/SitePermissionsDatabase.kt
@@ -17,7 +17,7 @@ import mozilla.components.concept.engine.permission.SitePermissions
 /**
  * Internal database for saving site permissions.
  */
-@Database(entities = [SitePermissionsEntity::class], version = 7)
+@Database(entities = [SitePermissionsEntity::class], version = 8)
 @TypeConverters(StatusConverter::class)
 internal abstract class SitePermissionsDatabase : RoomDatabase() {
     abstract fun sitePermissionsDao(): SitePermissionsDao
@@ -46,6 +46,8 @@ internal abstract class SitePermissionsDatabase : RoomDatabase() {
                 Migrations.migration_5_6
             ).addMigrations(
                 Migrations.migration_6_7
+            ).addMigrations(
+                Migrations.migration_7_8
             ).build().also { instance = it }
         }
     }
@@ -169,4 +171,18 @@ internal object Migrations {
             )
         }
     }
+
+    @Suppress("MagicNumber")
+    val migration_7_8 = object : Migration(7, 8) {
+        override fun migrate(database: SupportSQLiteDatabase) {
+            val hasCrossOriginStorageAccessColumn = database.query("SELECT * FROM site_permissions").columnCount == 12
+            if (!hasCrossOriginStorageAccessColumn) {
+                database.execSQL(
+                    "ALTER TABLE site_permissions ADD COLUMN cross_origin_storage_access INTEGER NOT NULL DEFAULT 0"
+                )
+                // default is NO_DECISION
+                database.execSQL("UPDATE site_permissions SET cross_origin_storage_access = 0")
+            }
+        }
+    }
 }
diff --git a/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/db/SitePermissionsEntity.kt b/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/db/SitePermissionsEntity.kt
index 26070b341bdd..4ca89bfe871b 100644
--- a/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/db/SitePermissionsEntity.kt
+++ b/mobile/android/android-components/components/feature/sitepermissions/src/main/java/mozilla/components/feature/sitepermissions/db/SitePermissionsEntity.kt
@@ -46,6 +46,9 @@ internal data class SitePermissionsEntity(
     @ColumnInfo(name = "media_key_system_access")
     var mediaKeySystemAccess: SitePermissions.Status,
 
+    @ColumnInfo(name = "cross_origin_storage_access")
+    var crossOriginStorageAccess: SitePermissions.Status,
+
     @ColumnInfo(name = "saved_at")
     var savedAt: Long
 ) {
@@ -62,6 +65,7 @@ internal data class SitePermissionsEntity(
             autoplayAudible,
             autoplayInaudible,
             mediaKeySystemAccess,
+            crossOriginStorageAccess,
             savedAt
         )
     }
@@ -79,6 +83,7 @@ internal fun SitePermissions.toSitePermissionsEntity(): SitePermissionsEntity {
         autoplayAudible,
         autoplayInaudible,
         mediaKeySystemAccess,
+        crossOriginStorageAccess,
         savedAt
     )
 }
diff --git a/mobile/android/android-components/components/feature/sitepermissions/src/main/res/layout/mozac_site_permissions_prompt.xml b/mobile/android/android-components/components/feature/sitepermissions/src/main/res/layout/mozac_site_permissions_prompt.xml
index c75ef0336ed2..5c8e71d9ab2f 100644
--- a/mobile/android/android-components/components/feature/sitepermissions/src/main/res/layout/mozac_site_permissions_prompt.xml
+++ b/mobile/android/android-components/components/feature/sitepermissions/src/main/res/layout/mozac_site_permissions_prompt.xml
@@ -38,11 +38,50 @@
         tools:text="Allow wikipedia.org to use your camera?"
         tools:textColor="#000000" />
 
+    <TextView
+        android:id="@+id/message"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:layout_below="@id/title"
+        android:layout_alignStart="@id/title"
+        android:layout_marginStart="3dp"
+        android:layout_marginTop="8dp"
+        android:layout_marginEnd="11dp"
+        android:layout_toEndOf="@id/icon"
+        android:paddingStart="5dp"
+        android:paddingTop="4dp"
+        android:paddingEnd="5dp"
+        android:textColor="?android:attr/textColorPrimary"
+        android:textSize="16sp"
+        tools:text="This is a message offering more context about the permission."
+        tools:textColor="#000000"
+        android:visibility="gone"
+        tools:visibility="visible"/>
+
+    <TextView
+        android:id="@+id/learn_more"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:layout_below="@id/message"
+        android:layout_alignStart="@id/title"
+        android:layout_marginStart="3dp"
+        android:layout_marginTop="8dp"
+        android:layout_marginEnd="11dp"
+        android:layout_toEndOf="@id/icon"
+        android:paddingStart="5dp"
+        android:paddingTop="4dp"
+        android:paddingEnd="5dp"
+        android:text="@string/mozac_feature_sitepermissions_learn_more_title"
+        android:textColor="?android:attr/textColorLink"
+        android:textSize="16sp"
+        android:visibility="gone"
+        tools:visibility="visible" />
+
     <CheckBox
         android:id="@+id/do_not_ask_again"
         android:layout_width="wrap_content"
         android:layout_height="wrap_content"
-        android:layout_below="@id/title"
+        android:layout_below="@id/learn_more"
         android:layout_alignStart="@id/title"
         android:layout_marginTop="2dp"
         android:checked="true"
diff --git a/mobile/android/android-components/components/feature/sitepermissions/src/main/res/values/strings.xml b/mobile/android/android-components/components/feature/sitepermissions/src/main/res/values/strings.xml
index 3211942fd206..9fb818c37e50 100644
--- a/mobile/android/android-components/components/feature/sitepermissions/src/main/res/values/strings.xml
+++ b/mobile/android/android-components/components/feature/sitepermissions/src/main/res/values/strings.xml
@@ -38,4 +38,12 @@
     <string name="mozac_feature_sitepermissions_persistent_storage_title">Allow %1$s to store data in persistent storage?</string>
     <!-- Title of a dialog to use EME. %1$s will be replaced with the URL of the current page -->
     <string name="mozac_feature_sitepermissions_media_key_system_access_title">Allow %1$s to play DRM-controlled content?</string>
+    <!-- Title of a dialog to use cross origin storage permission. %1$s is the name of the site URL (www.site1.example) trying to track the user's activity.
+     %2$s is the name of the site URL (www.site2.example) that the user is visiting.  This is the same domain name displayed in the address bar -->
+    <string name="mozac_feature_sitepermissions_storage_access_title">Allow %1$s to use its cookies on %2$s?</string>
+    <!-- Message of a dialog offering more context about the cross origin storage permission.
+    %s is the name of the site URL (www.site1.example) trying to track the user's activity. -->
+    <string name="mozac_feature_sitepermissions_storage_access_message">You may want to block access if it\'s not clear why %s needs this data.</string>
+    <!-- Clickable text that will open a new tab navigating the user to online documentation about specific features. -->
+    <string name="mozac_feature_sitepermissions_learn_more_title">Learn more</string>
 </resources>
diff --git a/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/OnDiskSitePermissionsStorageTest.kt b/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/OnDiskSitePermissionsStorageTest.kt
index 8f27e1bb6fd6..9fcf93dab9a7 100644
--- a/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/OnDiskSitePermissionsStorageTest.kt
+++ b/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/OnDiskSitePermissionsStorageTest.kt
@@ -153,6 +153,7 @@ class OnDiskSitePermissionsStorageTest {
             SitePermissionsEntity(
                 origin = "mozilla.dev",
                 localStorage = ALLOWED,
+                crossOriginStorageAccess = ALLOWED,
                 location = BLOCKED,
                 notification = NO_DECISION,
                 microphone = ALLOWED,
@@ -166,6 +167,7 @@ class OnDiskSitePermissionsStorageTest {
             SitePermissionsEntity(
                 origin = "mozilla.dev",
                 localStorage = ALLOWED,
+                crossOriginStorageAccess = ALLOWED,
                 location = BLOCKED,
                 notification = NO_DECISION,
                 microphone = ALLOWED,
diff --git a/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragmentTest.kt b/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragmentTest.kt
index 0c3701b1f24f..ced84f50df84 100644
--- a/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragmentTest.kt
+++ b/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsDialogFragmentTest.kt
@@ -8,6 +8,7 @@ import android.view.Gravity.TOP
 import android.view.ViewGroup
 import android.widget.Button
 import android.widget.CheckBox
+import android.widget.TextView
 import androidx.core.view.isVisible
 import androidx.fragment.app.FragmentManager
 import androidx.fragment.app.FragmentTransaction
@@ -15,6 +16,7 @@ import androidx.test.ext.junit.runners.AndroidJUnit4
 import mozilla.components.feature.sitepermissions.SitePermissionsFeature.PromptsStyling
 import mozilla.components.support.test.mock
 import mozilla.components.support.test.robolectric.testContext
+import org.junit.Assert.assertEquals
 import org.junit.Assert.assertFalse
 import org.junit.Assert.assertTrue
 import org.junit.Test
@@ -128,6 +130,107 @@ class SitePermissionsDialogFragmentTest {
     }
 
     @Test
+    fun `dialog with a default null message should not have a message section`() {
+        val fragment = spy(
+            SitePermissionsDialogFragment.newInstance(
+                "sessionId",
+                "title",
+                R.drawable.notification_icon_background,
+                permissionRequestId = permissionRequestId,
+                feature = mock(),
+                shouldShowDoNotAskAgainCheckBox = false
+            )
+        )
+
+        doReturn(testContext).`when`(fragment).requireContext()
+
+        val dialog = fragment.onCreateDialog(null)
+        dialog.show()
+
+        val message = dialog.findViewById<TextView>(R.id.message)
+
+        assertFalse("Message shouldn't be displayed", message.isVisible)
+    }
+
+    @Test
+    fun `dialog with passed in message should display that message`() {
+        val expectedMessage = "This is just a test"
+        val fragment = spy(
+            SitePermissionsDialogFragment.newInstance(
+                "sessionId",
+                "title",
+                R.drawable.notification_icon_background,
+                permissionRequestId = permissionRequestId,
+                feature = mock(),
+                shouldShowDoNotAskAgainCheckBox = false,
+                message = expectedMessage
+            )
+        )
+
+        doReturn(testContext).`when`(fragment).requireContext()
+
+        val dialog = fragment.onCreateDialog(null)
+        dialog.show()
+
+        val message = dialog.findViewById<TextView>(R.id.message)
+
+        assertTrue("Message should be displayed", message.isVisible)
+        assertEquals(expectedMessage, message.text)
+    }
+
+    @Test
+    fun `dialog with a default shouldShowLearnMoreLink being equal to false should not have a Learn more link`() {
+        val fragment = spy(
+            SitePermissionsDialogFragment.newInstance(
+                "sessionId",
+                "title",
+                R.drawable.notification_icon_background,
+                permissionRequestId = permissionRequestId,
+                feature = mock(),
+                shouldShowDoNotAskAgainCheckBox = false
+            )
+        )
+
+        doReturn(testContext).`when`(fragment).requireContext()
+
+        val dialog = fragment.onCreateDialog(null)
+        dialog.show()
+
+        val learnMoreLink = dialog.findViewById<TextView>(R.id.learn_more)
+
+        assertFalse("Learn more link shouldn't be displayed", learnMoreLink.isVisible)
+    }
+
+    @Test
+    fun `dialog with shouldShowLearnMoreLink equals true should show a properly configured Learn more link`() {
+        val feature: SitePermissionsFeature = mock()
+        val fragment = spy(
+            SitePermissionsDialogFragment.newInstance(
+                "sessionId",
+                "title",
+                R.drawable.notification_icon_background,
+                permissionRequestId = permissionRequestId,
+                feature = feature,
+                shouldShowDoNotAskAgainCheckBox = false,
+                shouldShowLearnMoreLink = true
+            )
+        )
+        doNothing().`when`(fragment).dismiss()
+        doReturn(testContext).`when`(fragment).requireContext()
+
+        val dialog = fragment.onCreateDialog(null)
+        dialog.show()
+
+        val learnMoreLink = dialog.findViewById<TextView>(R.id.learn_more)
+
+        assertTrue("Learn more link shouldn't be displayed", learnMoreLink.isVisible)
+        assertFalse("Learn more link should not be long clickable", learnMoreLink.isLongClickable)
+        learnMoreLink.callOnClick()
+        verify(fragment).dismiss()
+        verify(feature).onLearnMorePress(permissionRequestId, "sessionId")
+    }
+
+    @Test
     fun `clicking on positive button notifies the feature (temporary)`() {
         val mockFeature: SitePermissionsFeature = mock()
         val fragment = spy(
diff --git a/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsFeatureTest.kt b/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsFeatureTest.kt
index 672dbc3df402..e5fe60b0aafd 100644
--- a/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsFeatureTest.kt
+++ b/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsFeatureTest.kt
@@ -31,6 +31,7 @@ import mozilla.components.browser.state.action.ContentAction.UpdatePermissionHig
 import mozilla.components.browser.state.action.ContentAction.UpdatePermissionHighlightsStateAction.PersistentStorageChangedAction
 import mozilla.components.browser.state.state.BrowserState
 import mozilla.components.browser.state.state.ContentState
+import mozilla.components.browser.state.state.SessionState
 import mozilla.components.browser.state.state.TabSessionState
 import mozilla.components.browser.state.state.createTab
 import mozilla.components.browser.state.store.BrowserStore
@@ -40,6 +41,7 @@ import mozilla.components.concept.engine.permission.Permission.ContentAudioCaptu
 import mozilla.components.concept.engine.permission.Permission.ContentAudioMicrophone
 import mozilla.components.concept.engine.permission.Permission.ContentAutoPlayAudible
 import mozilla.components.concept.engine.permission.Permission.ContentAutoPlayInaudible
+import mozilla.components.concept.engine.permission.Permission.ContentCrossOriginStorageAccess
 import mozilla.components.concept.engine.permission.Permission.ContentGeoLocation
 import mozilla.components.concept.engine.permission.Permission.ContentMediaKeySystemAccess
 import mozilla.components.concept.engine.permission.Permission.ContentNotification
@@ -54,6 +56,7 @@ import mozilla.components.concept.engine.permission.SitePermissions.Status.ALLOW
 import mozilla.components.concept.engine.permission.SitePermissions.Status.BLOCKED
 import mozilla.components.concept.engine.permission.SitePermissions.Status.NO_DECISION
 import mozilla.components.concept.engine.permission.SitePermissionsStorage
+import mozilla.components.feature.tabs.TabsUseCases.SelectOrAddUseCase
 import mozilla.components.support.base.feature.OnNeedToRequestPermissions
 import mozilla.components.support.test.any
 import mozilla.components.support.test.eq
@@ -346,6 +349,36 @@ class SitePermissionsFeatureTest {
     }
 
     @Test
+    fun `GIVEN permissionRequest WHEN onLearnMorePress() THEN consumePermissionRequest, onContentPermissionDeny are called and SelectOrAddUseCase is used`() {
+        // given
+        val permission: ContentCrossOriginStorageAccess = mock()
+        val permissionRequest: PermissionRequest = mock {
+            whenever(permissions).thenReturn(listOf(permission))
+        }
+        doNothing().`when`(sitePermissionFeature).consumePermissionRequest(any(), any())
+        doNothing().`when`(sitePermissionFeature)
+            .onContentPermissionDeny(mockPermissionRequest, true)
+        doReturn(permissionRequest).`when`(sitePermissionFeature).findRequestedPermission(
+            anyString()
+        )
+        doReturn(mock<SelectOrAddUseCase>()).`when`(sitePermissionFeature).selectOrAddUseCase
+
+        // when
+        sitePermissionFeature.onLearnMorePress(PERMISSION_ID, SESSION_ID)
+
+        // then
+        verify(sitePermissionFeature)
+            .consumePermissionRequest(permissionRequest, SESSION_ID)
+        verify(sitePermissionFeature)
+            .onContentPermissionDeny(permissionRequest, false)
+        verify(sitePermissionFeature.selectOrAddUseCase).invoke(
+            url = STORAGE_ACCESS_DOCUMENTATION_URL,
+            private = false,
+            source = SessionState.Source.Internal.TextSelection
+        )
+    }
+
+    @Test
     fun `GIVEN a new permissionRequest WHEN storeSitePermissions() THEN save(permissionRequest) is called`() = runBlockingTest {
         // given
         val sitePermissions = SitePermissions(origin = "origin", savedAt = 0)
@@ -929,6 +962,46 @@ class SitePermissionsFeatureTest {
     }
 
     @Test
+    fun `GIVEN a ContentStorageAccess request WHEN handlingSingleContentPermissions is called THEN create a specific prompt`() {
+        // given
+        val host = "https://mozilla.org"
+        val permission = ContentCrossOriginStorageAccess(id = "permission")
+        val permissionRequest: PermissionRequest = mock {
+            whenever(permissions).thenReturn(listOf(permission))
+            whenever(id).thenReturn("id")
+        }
+
+        // when
+        sitePermissionFeature.handlingSingleContentPermissions(permissionRequest, permission, host)
+
+        // then
+        verify(sitePermissionFeature).createContentCrossOriginStorageAccessPermissionPrompt(
+            testContext, host, permissionRequest, false, true
+        )
+    }
+
+    @Test
+    fun `GIVEN a ContentStorageAccess request WHEN createContentStorageAccessPermissionPrompt is called THEN create a specific SitePermissionsDialogFragment`() {
+        // given
+        val host = "https://mozilla.org"
+        val permission = ContentCrossOriginStorageAccess(id = "permission")
+        val permissionRequest: PermissionRequest = mock {
+            whenever(permissions).thenReturn(listOf(permission))
+            whenever(id).thenReturn("id")
+        }
+
+        // when
+        sitePermissionFeature.createContentCrossOriginStorageAccessPermissionPrompt(
+            testContext, host, permissionRequest, false, true
+        )
+
+        // then
+        verify(sitePermissionFeature).createContentCrossOriginStorageAccessPermissionPrompt(
+            testContext, host, permissionRequest, false, true
+        )
+    }
+
+    @Test
     fun `GIVEN permissionRequest and containsVideoAndAudioSources true WHEN createPrompt THEN createSinglePermissionPrompt is called`() {
         // given
         val permissionRequest: PermissionRequest = object : PermissionRequest {
@@ -1006,6 +1079,7 @@ class SitePermissionsFeatureTest {
             doReturn(ALLOWED).`when`(sitePermissionFromStorage).camera
             doReturn(ALLOWED).`when`(sitePermissionFromStorage).microphone
             doReturn(ALLOWED).`when`(sitePermissionFromStorage).localStorage
+            doReturn(ALLOWED).`when`(sitePermissionFromStorage).crossOriginStorageAccess
             doReturn(ALLOWED).`when`(sitePermissionFromStorage).mediaKeySystemAccess
             doReturn(AutoplayStatus.ALLOWED).`when`(sitePermissionFromStorage).autoplayAudible
             doReturn(AutoplayStatus.ALLOWED).`when`(sitePermissionFromStorage).autoplayInaudible
@@ -1024,6 +1098,7 @@ class SitePermissionsFeatureTest {
             ContentAudioMicrophone(),
             ContentVideoCamera(),
             ContentVideoCapture(),
+            ContentCrossOriginStorageAccess(),
             Generic(id = null)
         )
 
@@ -1038,6 +1113,7 @@ class SitePermissionsFeatureTest {
             doReturn(BLOCKED).`when`(sitePermissionFromStorage).notification
             doReturn(BLOCKED).`when`(sitePermissionFromStorage).camera
             doReturn(BLOCKED).`when`(sitePermissionFromStorage).microphone
+            doReturn(BLOCKED).`when`(sitePermissionFromStorage).crossOriginStorageAccess
 
             try {
                 val isAllowed = sitePermissionFromStorage.isGranted(request)
@@ -1115,6 +1191,7 @@ class SitePermissionsFeatureTest {
             autoplayAudible = SitePermissionsRules.AutoplayAction.BLOCKED,
             autoplayInaudible = SitePermissionsRules.AutoplayAction.ALLOWED,
             persistentStorage = SitePermissionsRules.Action.BLOCKED,
+            crossOriginStorageAccess = SitePermissionsRules.Action.ALLOWED,
             mediaKeySystemAccess = SitePermissionsRules.Action.ASK_TO_ALLOW
         )
 
@@ -1130,6 +1207,7 @@ class SitePermissionsFeatureTest {
         assertEquals(BLOCKED, sitePermissions.autoplayAudible.toStatus())
         assertEquals(ALLOWED, sitePermissions.autoplayInaudible.toStatus())
         assertEquals(BLOCKED, sitePermissions.localStorage)
+        assertEquals(ALLOWED, sitePermissions.crossOriginStorageAccess)
         assertEquals(NO_DECISION, sitePermissions.mediaKeySystemAccess)
     }
 
diff --git a/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsRulesTest.kt b/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsRulesTest.kt
index 2ddbe6594508..325743fcaa0a 100644
--- a/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsRulesTest.kt
+++ b/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/SitePermissionsRulesTest.kt
@@ -18,6 +18,7 @@ import mozilla.components.concept.engine.permission.SitePermissions
 import mozilla.components.concept.engine.permission.SitePermissions.AutoplayStatus
 import mozilla.components.concept.engine.permission.SitePermissions.Status
 import mozilla.components.concept.engine.permission.SitePermissionsStorage
+import mozilla.components.feature.sitepermissions.SitePermissionsRules.Action.ALLOWED
 import mozilla.components.feature.sitepermissions.SitePermissionsRules.Action.ASK_TO_ALLOW
 import mozilla.components.feature.sitepermissions.SitePermissionsRules.Action.BLOCKED
 import mozilla.components.feature.sitepermissions.SitePermissionsRules.AutoplayAction
@@ -64,6 +65,7 @@ class SitePermissionsRulesTest {
             autoplayAudible = AutoplayAction.BLOCKED,
             autoplayInaudible = AutoplayAction.ALLOWED,
             persistentStorage = BLOCKED,
+            crossOriginStorageAccess = ALLOWED,
             mediaKeySystemAccess = ASK_TO_ALLOW
         )
 
@@ -101,6 +103,10 @@ class SitePermissionsRulesTest {
         action = rules.getActionFrom(mockRequest)
         assertEquals(action, rules.persistentStorage)
 
+        doReturn(listOf(Permission.ContentCrossOriginStorageAccess())).`when`(mockRequest).permissions
+        action = rules.getActionFrom(mockRequest)
+        assertEquals(action, rules.crossOriginStorageAccess)
+
         doReturn(listOf(Permission.ContentMediaKeySystemAccess())).`when`(mockRequest).permissions
         action = rules.getActionFrom(mockRequest)
         assertEquals(action, rules.mediaKeySystemAccess)
@@ -111,6 +117,7 @@ class SitePermissionsRulesTest {
         var rules = SitePermissionsRules(
             camera = ASK_TO_ALLOW,
             location = BLOCKED,
+            crossOriginStorageAccess = ALLOWED,
             persistentStorage = BLOCKED,
             notification = ASK_TO_ALLOW,
             microphone = BLOCKED,
@@ -128,6 +135,7 @@ class SitePermissionsRulesTest {
         rules = SitePermissionsRules(
             camera = ASK_TO_ALLOW,
             location = BLOCKED,
+            crossOriginStorageAccess = ALLOWED,
             notification = ASK_TO_ALLOW,
             microphone = ASK_TO_ALLOW,
             autoplayInaudible = AutoplayAction.ALLOWED,
@@ -147,6 +155,7 @@ class SitePermissionsRulesTest {
             camera = Status.NO_DECISION,
             location = Status.BLOCKED,
             localStorage = Status.BLOCKED,
+            crossOriginStorageAccess = Status.ALLOWED,
             notification = Status.NO_DECISION,
             microphone = Status.BLOCKED,
             autoplayInaudible = AutoplayStatus.ALLOWED,
@@ -163,6 +172,7 @@ class SitePermissionsRulesTest {
             autoplayInaudible = AutoplayAction.ALLOWED,
             autoplayAudible = AutoplayAction.BLOCKED,
             persistentStorage = BLOCKED,
+            crossOriginStorageAccess = ALLOWED,
             mediaKeySystemAccess = BLOCKED
         )
 
@@ -176,6 +186,7 @@ class SitePermissionsRulesTest {
         assertEquals(expectedSitePermission.autoplayInaudible, convertedSitePermissions.autoplayInaudible)
         assertEquals(expectedSitePermission.autoplayAudible, convertedSitePermissions.autoplayAudible)
         assertEquals(expectedSitePermission.localStorage, convertedSitePermissions.localStorage)
+        assertEquals(expectedSitePermission.crossOriginStorageAccess, convertedSitePermissions.crossOriginStorageAccess)
         assertEquals(expectedSitePermission.mediaKeySystemAccess, convertedSitePermissions.mediaKeySystemAccess)
         assertEquals(expectedSitePermission.savedAt, convertedSitePermissions.savedAt)
     }
diff --git a/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/db/SitePermissionEntityTest.kt b/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/db/SitePermissionEntityTest.kt
index 7bc191f5d8b6..ee864a2b4b9b 100644
--- a/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/db/SitePermissionEntityTest.kt
+++ b/mobile/android/android-components/components/feature/sitepermissions/src/test/java/mozilla/components/feature/sitepermissions/db/SitePermissionEntityTest.kt
@@ -19,6 +19,7 @@ class SitePermissionEntityTest {
         val dbEntity = SitePermissionsEntity(
             origin = "mozilla.dev",
             localStorage = ALLOWED,
+            crossOriginStorageAccess = BLOCKED,
             location = BLOCKED,
             notification = NO_DECISION,
             microphone = NO_DECISION,
@@ -35,6 +36,7 @@ class SitePermissionEntityTest {
         with(dbEntity) {
             assertEquals(origin, domainClass.origin)
             assertEquals(localStorage, domainClass.localStorage)
+            assertEquals(crossOriginStorageAccess, domainClass.crossOriginStorageAccess)
             assertEquals(location, domainClass.location)
             assertEquals(notification, domainClass.notification)
             assertEquals(microphone, domainClass.microphone)
@@ -52,6 +54,7 @@ class SitePermissionEntityTest {
         val domainClass = SitePermissions(
             origin = "mozilla.dev",
             localStorage = ALLOWED,
+            crossOriginStorageAccess = BLOCKED,
             location = BLOCKED,
             notification = NO_DECISION,
             microphone = NO_DECISION,
@@ -68,6 +71,7 @@ class SitePermissionEntityTest {
         with(dbEntity) {
             assertEquals(origin, domainClass.origin)
             assertEquals(localStorage, domainClass.localStorage)
+            assertEquals(crossOriginStorageAccess, domainClass.crossOriginStorageAccess)
             assertEquals(location, domainClass.location)
             assertEquals(notification, domainClass.notification)
             assertEquals(microphone, domainClass.microphone)
diff --git a/mobile/android/android-components/components/ui/icons/src/main/res/drawable/mozac_ic_cookies.xml b/mobile/android/android-components/components/ui/icons/src/main/res/drawable/mozac_ic_cookies.xml
new file mode 100644
index 000000000000..03838eafbabf
--- /dev/null
+++ b/mobile/android/android-components/components/ui/icons/src/main/res/drawable/mozac_ic_cookies.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+    android:width="24dp"
+    android:height="24dp"
+    android:viewportWidth="24"
+    android:viewportHeight="24">
+  <path
+      android:fillColor="#FF000000"
+      android:pathData="M21.3,12c-0.8,0 -1.6,-0.1 -2.4,-0.5l0.1,0.5c0,0.5 -0.5,1 -1,1a1,1 0,0 1,-1 -1c0,-0.5 0.3,-0.7 0.4,-0.8l0.3,-0.2C14,10 12,5 12,2.7c0,-1.4 -4,-0.6 -3.6,0.7 -0.5,-1.3 -4,1 -3,2 -1,-1 -3.3,2.5 -2,3 -1.3,-0.5 -2,3.6 -0.7,3.6 -1.4,0 -0.6,4 0.7,3.6 -1.3,0.5 1,4 2,3 -1,1 2.5,3.3 3,2 -0.5,1.3 3.6,2 3.6,0.7 0,1.4 4,0.6 3.5,-0.7 0.6,1.3 4,-1 3,-2 1,1 3.4,-2.5 2,-3 1.4,0.5 2.2,-3.6 0.8,-3.6zM7,12c0,0.5 -0.5,1 -1,1a1,1 0,0 1,-1 -1c0,-0.5 0.5,-1 1,-1s1,0.5 1,1zM9,18a1,1 0,0 1,-1 -1c0,-0.5 0.5,-1 1,-1s1,0.5 1,1 -0.5,1 -1,1zM9,8a1,1 0,0 1,-1 -1c0,-0.6 0.4,-1 1,-1s1,0.4 1,1 -0.4,1 -1,1zM12,13a1,1 0,0 1,-1 -1c0,-0.5 0.5,-1 1,-1s1,0.5 1,1 -0.5,1 -1,1zM15,18a1,1 0,0 1,-1 -1c0,-0.5 0.5,-1 1,-1s1,0.5 1,1 -0.5,1 -1,1z"/>
+</vector>
diff --git a/mobile/android/android-components/docs/changelog.md b/mobile/android/android-components/docs/changelog.md
index 512ad422d906..00751c9466f2 100644
--- a/mobile/android/android-components/docs/changelog.md
+++ b/mobile/android/android-components/docs/changelog.md
@@ -11,6 +11,9 @@ permalink: /changelog/
 * [Gecko](https://github.com/mozilla-mobile/android-components/blob/main/buildSrc/src/main/java/Gecko.kt)
 * [Configuration](https://github.com/mozilla-mobile/android-components/blob/main/.config.yml)
 
+* * **browser-engine**, **concept-engine*** **feature-sitepermissions**
+  * 🌟️️ **Add support for a new `storage_access` API prompt.
+
 * **concept-storage**:
   * ⚠️ **This is a breaking change**: `KeyProvider#key` has been renamed to `KeyProvider#getOrGenerateKey` and is now `suspend`.
   * ⚠️ **This is a breaking change**: `KeyRecoveryHandler` has been removed.
diff --git a/mobile/android/android-components/samples/browser/src/main/java/org/mozilla/samples/browser/BaseBrowserFragment.kt b/mobile/android/android-components/samples/browser/src/main/java/org/mozilla/samples/browser/BaseBrowserFragment.kt
index 311715e71548..fd795f40a60c 100644
--- a/mobile/android/android-components/samples/browser/src/main/java/org/mozilla/samples/browser/BaseBrowserFragment.kt
+++ b/mobile/android/android-components/samples/browser/src/main/java/org/mozilla/samples/browser/BaseBrowserFragment.kt
@@ -194,7 +194,8 @@ abstract class BaseBrowserFragment : Fragment(), UserInteractionHandler, Activit
                     notification = SitePermissionsRules.Action.ASK_TO_ALLOW,
                     microphone = SitePermissionsRules.Action.ASK_TO_ALLOW,
                     persistentStorage = SitePermissionsRules.Action.ASK_TO_ALLOW,
-                    mediaKeySystemAccess = SitePermissionsRules.Action.ASK_TO_ALLOW
+                    mediaKeySystemAccess = SitePermissionsRules.Action.ASK_TO_ALLOW,
+                    crossOriginStorageAccess = SitePermissionsRules.Action.ASK_TO_ALLOW,
                 ),
                 onNeedToRequestPermissions = { permissions ->
                     @Suppress("DEPRECATION") // https://github.com/mozilla-mobile/android-components/issues/10358
-- 
2.11.4.GIT