tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 65f795c3bcb08b74decb88651da4e45a1c2af94c
parent 2d16349b8d9c251672f2ea844d41d717c2c8cb08
Author: Emma Zuehlcke <emz@mozilla.com>
Date:   Tue, 28 Oct 2025 16:13:27 +0000

Bug 1991526 - Prevent BTP init before profile-after-change. r=manuel

Differential Revision: https://phabricator.services.mozilla.com/D266715

Diffstat:

Mtoolkit/components/antitracking/bouncetrackingprotection/BounceTrackingProtection.cpp | 8++++++++


Mtoolkit/components/antitracking/bouncetrackingprotection/BounceTrackingState.cpp | 8++++++++


Atoolkit/components/antitracking/bouncetrackingprotection/ProfileAfterChangeGate.cpp | 28++++++++++++++++++++++++++++


Atoolkit/components/antitracking/bouncetrackingprotection/ProfileAfterChangeGate.h | 24++++++++++++++++++++++++


Mtoolkit/components/antitracking/bouncetrackingprotection/components.conf | 10++++++++++


Mtoolkit/components/antitracking/bouncetrackingprotection/moz.build | 2++


6 files changed, 80 insertions(+), 0 deletions(-)

diff --git a/toolkit/components/antitracking/bouncetrackingprotection/BounceTrackingProtection.cpp b/toolkit/components/antitracking/bouncetrackingprotection/BounceTrackingProtection.cpp
@@ -11,6 +11,7 @@
 #include "BounceTrackingMapEntry.h"
 #include "ClearDataCallback.h"
 #include "PromiseNativeWrapper.h"
+#include "ProfileAfterChangeGate.h"
 
 #include "BounceTrackingStateGlobal.h"
 #include "ErrorList.h"
@@ -66,6 +67,13 @@ already_AddRefed<BounceTrackingProtection>
 BounceTrackingProtection::GetSingleton() {
   MOZ_ASSERT(XRE_IsParentProcess());
 
+  nsresult rv = EnsurePastProfileAfterChange();
+  if (NS_FAILED(rv)) {
+    // We haven't reached "profile-after-change" yet, so we can't initialize
+    // BounceTrackingProtection. Return nullptr.
+    return nullptr;
+  }
+
   // Init previously failed, don't try again.
   if (sInitFailed) {
     return nullptr;
diff --git a/toolkit/components/antitracking/bouncetrackingprotection/BounceTrackingState.cpp b/toolkit/components/antitracking/bouncetrackingprotection/BounceTrackingState.cpp
@@ -7,6 +7,7 @@
 #include "BounceTrackingProtection.h"
 #include "BounceTrackingState.h"
 #include "BounceTrackingRecord.h"
+#include "ProfileAfterChangeGate.h"
 
 #include "BounceTrackingStorageObserver.h"
 #include "ErrorList.h"
@@ -68,6 +69,13 @@ already_AddRefed<BounceTrackingState> BounceTrackingState::GetOrCreate(
     dom::BrowsingContextWebProgress* aWebProgress, nsresult& aRv) {
   aRv = NS_OK;
 
+  // Do not init before profile-after-change.
+  nsresult rv = EnsurePastProfileAfterChange();
+  if (NS_FAILED(rv)) {
+    aRv = rv;
+    return nullptr;
+  }
+
   if (!aWebProgress) {
     aRv = NS_ERROR_INVALID_ARG;
     return nullptr;
diff --git a/toolkit/components/antitracking/bouncetrackingprotection/ProfileAfterChangeGate.cpp b/toolkit/components/antitracking/bouncetrackingprotection/ProfileAfterChangeGate.cpp
@@ -0,0 +1,28 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
+
+// ProfileAfterChangeGate.cpp
+#include "ProfileAfterChangeGate.h"
+#include "nsError.h"
+#include <string.h>
+#include "MainThreadUtils.h"
+
+static bool sPastPAC = false;  // main-thread only
+
+NS_IMPL_ISUPPORTS(ProfileAfterChangeGate, nsIObserver)
+
+NS_IMETHODIMP
+ProfileAfterChangeGate::Observe(nsISupports*, const char* aTopic,
+                                const char16_t*) {
+  MOZ_ASSERT(NS_IsMainThread());
+  if (strcmp(aTopic, "profile-after-change") == 0) {
+    sPastPAC = true;
+  }
+  return NS_OK;
+}
+
+nsresult EnsurePastProfileAfterChange() {
+  MOZ_ASSERT(NS_IsMainThread());
+  return sPastPAC ? NS_OK : NS_ERROR_NOT_AVAILABLE;
+}
diff --git a/toolkit/components/antitracking/bouncetrackingprotection/ProfileAfterChangeGate.h b/toolkit/components/antitracking/bouncetrackingprotection/ProfileAfterChangeGate.h
@@ -0,0 +1,24 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
+
+// ProfileAfterChangeGate.h
+#ifndef mozilla_ProfileAfterChangeGate_h
+#define mozilla_ProfileAfterChangeGate_h
+
+#include "nsIObserver.h"
+
+// Tiny observer that flips a file-scope flag at "profile-after-change".
+
+class ProfileAfterChangeGate final : public nsIObserver {
+ public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+ private:
+  ~ProfileAfterChangeGate() = default;
+};
+
+// NS_OK if past "profile-after-change", else NS_ERROR_NOT_AVAILABLE.
+nsresult EnsurePastProfileAfterChange();
+
+#endif
diff --git a/toolkit/components/antitracking/bouncetrackingprotection/components.conf b/toolkit/components/antitracking/bouncetrackingprotection/components.conf
@@ -27,4 +27,14 @@ Classes = [
         'constructor': 'BTPRemoteExceptionList',
         'processes': ProcessSelector.MAIN_PROCESS_ONLY,
     },
+    {
+    'cid': '{F8319188-1992-4C16-A581-C06A950B01BF}',
+    'contract_ids': ['@mozilla.org/profile-after-change-gate;1'],
+    'type': 'ProfileAfterChangeGate',
+    'headers': ['mozilla/ProfileAfterChangeGate.h'],
+    'categories': {
+      'profile-after-change': 'service,@mozilla.org/profile-after-change-gate;1',
+    },
+    'singleton': True,
+  },
 ]
diff --git a/toolkit/components/antitracking/bouncetrackingprotection/moz.build b/toolkit/components/antitracking/bouncetrackingprotection/moz.build
@@ -34,6 +34,7 @@ EXPORTS.mozilla += [
     "BounceTrackingStateGlobal.h",
     "BounceTrackingStorageObserver.h",
     "ClearDataCallback.h",
+    "ProfileAfterChangeGate.h",
     "PromiseNativeWrapper.h",
 ]
 
@@ -47,6 +48,7 @@ UNIFIED_SOURCES += [
     "BounceTrackingStateGlobal.cpp",
     "BounceTrackingStorageObserver.cpp",
     "ClearDataCallback.cpp",
+    "ProfileAfterChangeGate.cpp",
     "PromiseNativeWrapper.cpp",
 ]