test_permmanager_oa_strip.js (7248B)
1 /* Any copyright is dedicated to the Public Domain. 2 http://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 const TEST_URI = Services.io.newURI("http://example.com"); 5 const TEST_PERMISSION = "test/oastrip"; 6 const TEST_PERMISSION2 = "test/oastrip2"; 7 const TEST_PERMISSION3 = "test/oastrip3"; 8 9 // List of permissions which are not isolated by private browsing or user context 10 // as per array kStripOAPermissions in PermissionManager.cpp 11 const STRIPPED_PERMS = ["cookie", "https-only-load-insecure", "ipp-vpn"]; 12 13 let principal = Services.scriptSecurityManager.createContentPrincipal( 14 TEST_URI, 15 {} 16 ); 17 let principalPrivateBrowsing = 18 Services.scriptSecurityManager.createContentPrincipal(TEST_URI, { 19 privateBrowsingId: 1, 20 }); 21 let principalUserContext1 = 22 Services.scriptSecurityManager.createContentPrincipal(TEST_URI, { 23 userContextId: 1, 24 }); 25 let principalUserContext2 = 26 Services.scriptSecurityManager.createContentPrincipal(TEST_URI, { 27 userContextId: 2, 28 }); 29 30 function testOAIsolation(permIsolateUserContext, permIsolatePrivateBrowsing) { 31 info( 32 `testOAIsolation: permIsolateUserContext: ${permIsolateUserContext}; permIsolatePrivateBrowsing: ${permIsolatePrivateBrowsing}` 33 ); 34 35 let pm = Services.perms; 36 37 Services.prefs.setBoolPref( 38 "permissions.isolateBy.userContext", 39 permIsolateUserContext 40 ); 41 Services.prefs.setBoolPref( 42 "permissions.isolateBy.privateBrowsing", 43 permIsolatePrivateBrowsing 44 ); 45 46 // Set test permission for normal browsing 47 pm.addFromPrincipal(principal, TEST_PERMISSION, pm.ALLOW_ACTION); 48 49 // Check normal browsing permission 50 Assert.equal( 51 Ci.nsIPermissionManager.ALLOW_ACTION, 52 pm.testPermissionFromPrincipal(principal, TEST_PERMISSION) 53 ); 54 // normal browsing => user context 1 55 Assert.equal( 56 permIsolateUserContext 57 ? Ci.nsIPermissionManager.UNKNOWN_ACTION 58 : Ci.nsIPermissionManager.ALLOW_ACTION, 59 pm.testPermissionFromPrincipal(principalUserContext1, TEST_PERMISSION) 60 ); 61 // normal browsing => user context 2 62 Assert.equal( 63 permIsolateUserContext 64 ? Ci.nsIPermissionManager.UNKNOWN_ACTION 65 : Ci.nsIPermissionManager.ALLOW_ACTION, 66 pm.testPermissionFromPrincipal(principalUserContext2, TEST_PERMISSION) 67 ); 68 // normal browsing => private browsing 69 Assert.equal( 70 permIsolatePrivateBrowsing 71 ? Ci.nsIPermissionManager.UNKNOWN_ACTION 72 : Ci.nsIPermissionManager.ALLOW_ACTION, 73 pm.testPermissionFromPrincipal(principalPrivateBrowsing, TEST_PERMISSION) 74 ); 75 76 // Set permission for private browsing 77 pm.addFromPrincipal( 78 principalPrivateBrowsing, 79 TEST_PERMISSION2, 80 pm.DENY_ACTION 81 ); 82 83 // Check private browsing permission 84 Assert.equal( 85 Ci.nsIPermissionManager.DENY_ACTION, 86 pm.testPermissionFromPrincipal(principalPrivateBrowsing, TEST_PERMISSION2) 87 ); 88 // private browsing => normal browsing 89 Assert.equal( 90 permIsolatePrivateBrowsing 91 ? Ci.nsIPermissionManager.UNKNOWN_ACTION 92 : Ci.nsIPermissionManager.DENY_ACTION, 93 pm.testPermissionFromPrincipal(principal, TEST_PERMISSION2) 94 ); 95 // private browsing => user context 1 96 Assert.equal( 97 permIsolatePrivateBrowsing || permIsolateUserContext 98 ? Ci.nsIPermissionManager.UNKNOWN_ACTION 99 : Ci.nsIPermissionManager.DENY_ACTION, 100 pm.testPermissionFromPrincipal(principalUserContext1, TEST_PERMISSION2) 101 ); 102 // private browsing => user context 2 103 Assert.equal( 104 permIsolatePrivateBrowsing || permIsolateUserContext 105 ? Ci.nsIPermissionManager.UNKNOWN_ACTION 106 : Ci.nsIPermissionManager.DENY_ACTION, 107 pm.testPermissionFromPrincipal(principalUserContext2, TEST_PERMISSION2) 108 ); 109 110 // Set permission for user context 1 111 pm.addFromPrincipal( 112 principalUserContext1, 113 TEST_PERMISSION3, 114 pm.PROMPT_ACTION 115 ); 116 117 // Check user context 1 permission 118 Assert.equal( 119 Ci.nsIPermissionManager.PROMPT_ACTION, 120 pm.testPermissionFromPrincipal(principalUserContext1, TEST_PERMISSION3) 121 ); 122 123 // user context 1 => normal browsing 124 Assert.equal( 125 permIsolateUserContext 126 ? Ci.nsIPermissionManager.UNKNOWN_ACTION 127 : Ci.nsIPermissionManager.PROMPT_ACTION, 128 pm.testPermissionFromPrincipal(principal, TEST_PERMISSION3) 129 ); 130 // user context 1 => user context 2 131 Assert.equal( 132 permIsolateUserContext 133 ? Ci.nsIPermissionManager.UNKNOWN_ACTION 134 : Ci.nsIPermissionManager.PROMPT_ACTION, 135 pm.testPermissionFromPrincipal(principalUserContext2, TEST_PERMISSION3) 136 ); 137 // user context 1 => private browsing 138 Assert.equal( 139 permIsolatePrivateBrowsing || permIsolateUserContext 140 ? Ci.nsIPermissionManager.UNKNOWN_ACTION 141 : Ci.nsIPermissionManager.PROMPT_ACTION, 142 pm.testPermissionFromPrincipal(principalPrivateBrowsing, TEST_PERMISSION3) 143 ); 144 145 pm.removeAll(); 146 147 // Modifying an non-isolated/stripped permission should affect all browsing contexts, 148 // independently of permission isolation pref state 149 STRIPPED_PERMS.forEach(perm => { 150 info("Testing stripped permission " + perm); 151 152 // Add a permission for the normal window 153 pm.addFromPrincipal(principal, perm, pm.ALLOW_ACTION); 154 Assert.equal( 155 pm.testPermissionFromPrincipal(principalPrivateBrowsing, perm), 156 Ci.nsIPermissionManager.ALLOW_ACTION 157 ); 158 Assert.equal( 159 pm.testPermissionFromPrincipal(principalUserContext1, perm), 160 Ci.nsIPermissionManager.ALLOW_ACTION 161 ); 162 Assert.equal( 163 pm.testPermissionFromPrincipal(principalUserContext2, perm), 164 Ci.nsIPermissionManager.ALLOW_ACTION 165 ); 166 167 // Remove the permission from private window 168 pm.removeFromPrincipal(principalPrivateBrowsing, perm); 169 Assert.equal( 170 pm.testPermissionFromPrincipal(principal, perm), 171 Ci.nsIPermissionManager.UNKNOWN_ACTION 172 ); 173 Assert.equal( 174 pm.testPermissionFromPrincipal(principalUserContext1, perm), 175 Ci.nsIPermissionManager.UNKNOWN_ACTION 176 ); 177 Assert.equal( 178 pm.testPermissionFromPrincipal(principalUserContext2, perm), 179 Ci.nsIPermissionManager.UNKNOWN_ACTION 180 ); 181 182 // Set a permission for a normal window and then override it by adding it to container 2 again 183 pm.addFromPrincipal(principal, perm, pm.PROMPT_ACTION); 184 pm.addFromPrincipal(principal, TEST_PERMISSION, pm.ALLOW_ACTION); 185 pm.addFromPrincipal(principalUserContext2, perm, pm.DENY_ACTION); 186 187 let principalPerms = pm.getAllForPrincipal(principalPrivateBrowsing, perm); 188 189 Assert.ok( 190 principalPerms.some(p => p.type == perm && p.capability == pm.DENY_ACTION) 191 ); 192 if (permIsolatePrivateBrowsing) { 193 Assert.equal(principalPerms.length, 1); 194 Assert.ok( 195 principalPerms.some( 196 p => p.type == perm && p.capability == pm.DENY_ACTION 197 ) 198 ); 199 } else { 200 Assert.equal(principalPerms.length, 2); 201 Assert.ok( 202 principalPerms.some( 203 p => p.type == TEST_PERMISSION && p.capability == pm.ALLOW_ACTION 204 ) 205 ); 206 } 207 208 // Cleanup 209 pm.removeAll(); 210 }); 211 } 212 213 add_task(async function do_test() { 214 // Test all pref combinations and check if principals with different origin attributes 215 // are isolated. 216 testOAIsolation(true, true); 217 testOAIsolation(true, false); 218 testOAIsolation(false, true); 219 testOAIsolation(false, false); 220 });