nsIAddonPolicyService.idl (3644B)
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- 2 * 3 * This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #include "nsISupports.idl" 8 #include "nsIURI.idl" 9 10 /** 11 * This interface allows the security manager to query custom per-addon security 12 * policy. 13 */ 14 [scriptable, uuid(8a034ef9-9d14-4c5d-8319-06c1ab574baa)] 15 interface nsIAddonPolicyService : nsISupports 16 { 17 /** 18 * Returns the default content security policy which applies to extension 19 * documents which do not specify any custom policies. 20 */ 21 readonly attribute AString defaultCSP; 22 23 /** 24 * Same as above, but used for extensions using manifest v3. 25 */ 26 readonly attribute AString defaultCSPV3; 27 28 /** 29 * Returns the base content security policy which applies to all extension resources. 30 */ 31 AString getBaseCSP(in AString aAddonId); 32 33 /** 34 * Returns the content security policy which applies to documents belonging 35 * to the extension with the given ID. This may be either a custom policy, 36 * if one was supplied, or the default policy if one was not. 37 */ 38 AString getExtensionPageCSP(in AString aAddonId); 39 40 /** 41 * Returns the generated background page as a data-URI, if any. If the addon 42 * does not have an auto-generated background page, an empty string is 43 * returned. 44 */ 45 ACString getGeneratedBackgroundPageUrl(in ACString aAddonId); 46 47 /** 48 * Returns true if the addon was granted the |aPerm| API permission. 49 */ 50 boolean addonHasPermission(in AString aAddonId, in AString aPerm); 51 52 /** 53 * Returns true if unprivileged code associated with the given addon may load 54 * data from |aURI|. If |aExplicit| is true, the <all_urls> permission and 55 * permissive host globs are ignored when checking for a match. 56 */ 57 boolean addonMayLoadURI(in AString aAddonId, in nsIURI aURI, [optional] in boolean aExplicit); 58 59 /** 60 * Returns the name of the WebExtension with the given ID, or the ID string 61 * if no matching add-on can be found. 62 */ 63 AString getExtensionName(in AString aAddonId); 64 65 /** 66 * Returns true if a given moz-extension:// URI is web-accessible and loadable by the source. 67 * This should be called if the protocol flags for the extension URI has 68 * URI_IS_WEBEXTENSION_RESOURCE. 69 */ 70 boolean sourceMayLoadExtensionURI(in nsIURI aSourceURI, in nsIURI aExtensionURI, 71 [optional] in boolean aFromPrivateWindow); 72 73 /** 74 * Maps an extension URI to the ID of the addon it belongs to. 75 */ 76 AString extensionURIToAddonId(in nsIURI aURI); 77 }; 78 79 /** 80 * This interface exposes functionality related to add-on content policy 81 * enforcement. 82 */ 83 [scriptable, uuid(7a4fe60b-9131-45f5-83f3-dc63b5d71a5d)] 84 interface nsIAddonContentPolicy : nsISupports 85 { 86 /* options to pass to validateAddonCSP 87 * 88 * Manifest V2 uses CSP_ALLOW_ANY. 89 * In Manifest V3, extension_pages would use CSP_ALLOW_WASM 90 * and sandbox would use CSP_ALLOW_EVAL. 91 */ 92 const unsigned long CSP_ALLOW_ANY = 0xFFFF; 93 const unsigned long CSP_ALLOW_LOCALHOST = (1<<0); 94 const unsigned long CSP_ALLOW_EVAL = (1<<1); 95 const unsigned long CSP_ALLOW_REMOTE = (1<<2); 96 const unsigned long CSP_ALLOW_WASM = (1<<3); 97 98 /** 99 * Checks a custom content security policy string, to ensure that it meets 100 * minimum security requirements. Returns null for valid policies, or a 101 * string describing the error for invalid policies. 102 */ 103 AString validateAddonCSP(in AString aPolicyString, in unsigned long aPermittedPolicy); 104 };