tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_permmanager_ipc.js (3119B)

      1 /* Any copyright is dedicated to the Public Domain.
      2   http://creativecommons.org/publicdomain/zero/1.0/ */
      3 
      4 const { ExtensionTestUtils } = ChromeUtils.importESModule(
      5  "resource://testing-common/ExtensionXPCShellUtils.sys.mjs"
      6 );
      7 
      8 add_task(async function test_permissions_sent_over_ipc_on_bloburl() {
      9  const ssm = Services.scriptSecurityManager;
     10  const pm = Services.perms;
     11 
     12  // setup a profile.
     13  do_get_profile();
     14 
     15  async function assertExpectedContentPage() {
     16    const [processType, remoteType, principalSpec] = await page.spawn(
     17      [],
     18      async () => {
     19        return [
     20          Services.appinfo.processType,
     21          Services.appinfo.remoteType,
     22          this.content.document.nodePrincipal.spec,
     23        ];
     24      }
     25    );
     26 
     27    equal(
     28      processType,
     29      Services.appinfo.PROCESS_TYPE_CONTENT,
     30      "Got a content process"
     31    );
     32    equal(remoteType, "file", "Got a file child process");
     33    equal(principalSpec, principal.spec, "Got the expected document principal");
     34  }
     35 
     36  function getChildProcessID(contentPage) {
     37    return contentPage.spawn([], () => Services.appinfo.processID);
     38  }
     39 
     40  async function assertHasAllowedPermission(contentPage, perm) {
     41    const isPermissionAllowed = await contentPage.spawn(
     42      [perm],
     43      permName =>
     44        Services.perms.getPermissionObject(
     45          this.content.document.nodePrincipal,
     46          permName,
     47          true
     48        )?.capability === Services.perms.ALLOW_ACTION
     49    );
     50    ok(isPermissionAllowed, `Permission "${perm}" allowed as expected`);
     51  }
     52 
     53  let file = do_get_file(".", true);
     54  let fileURI = Services.io.newFileURI(file);
     55  const principal = ssm.createContentPrincipal(fileURI, {});
     56  info(`Add a test permission to the document principal: ${principal.spec}`);
     57  pm.addFromPrincipal(principal, "test/perm", pm.ALLOW_ACTION);
     58 
     59  info("Test expected permission is propagated into the child process");
     60  let page = await ExtensionTestUtils.loadContentPage(fileURI.spec);
     61  const childID1 = await getChildProcessID(page);
     62  await assertExpectedContentPage(page);
     63  await assertHasAllowedPermission(page, "test/perm");
     64  await page.close();
     65 
     66  // Ensure this blob url does not prevent permissions to be propagated
     67  // to a new child process.
     68  info("Create a blob url for a non http/https principal");
     69  const blob = new Blob();
     70  const blobURL = URL.createObjectURL(blob);
     71  ok(blobURL, "Got a blob URL");
     72 
     73  info("Test expected permission is still propagated");
     74  page = await ExtensionTestUtils.loadContentPage(fileURI.spec);
     75  const childID2 = await getChildProcessID(page);
     76  await assertExpectedContentPage(page);
     77  Assert.notEqual(childID1, childID2, "Got a new child process as expected");
     78  await assertHasAllowedPermission(page, "test/perm");
     79  await page.close();
     80 
     81  URL.revokeObjectURL(blobURL);
     82 
     83  page = await ExtensionTestUtils.loadContentPage(fileURI.spec);
     84  const childID3 = await getChildProcessID(page);
     85  await assertExpectedContentPage(page);
     86  Assert.notEqual(childID2, childID3, "Got a new child process as expected");
     87  await assertHasAllowedPermission(page, "test/perm");
     88  await page.close();
     89 });