tor-browser

nsIPermissionManager.idl (12138B)

---

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/**
* This file contains an interface to the Permission Manager,
* used to persistenly store permissions for different object types (cookies,
* images etc) on a site-by-site basis.
*
* This service broadcasts the following notification when the permission list
* is changed:
*
* topic  : "perm-changed" (PERM_CHANGE_NOTIFICATION)
*          broadcast whenever the permission list changes in some way. there
*          are four possible data strings for this notification; one
*          notification will be broadcast for each change, and will involve
*          a single permission.
* subject: an nsIPermission interface pointer representing the permission object
*          that changed.
* data   : "deleted"
*          a permission was deleted. the subject is the deleted permission.
*          "added"
*          a permission was added. the subject is the added permission.
*          "changed"
*          a permission was changed. the subject is the new permission.
*          "cleared"
*          the entire permission list was cleared. the subject is null.
*/

#include "nsISupports.idl"

interface nsIPrincipal;
interface nsIPermission;

[scriptable, builtinclass, uuid(4dcb3851-eba2-4e42-b236-82d2596fca22)]
interface nsIPermissionManager : nsISupports
{
 /**
  * Predefined return values for the testPermission method and for
  * the permission param of the add method
  * NOTES:
  *
  * UNKNOWN_ACTION (0) is reserved to represent the
  * default permission when no entry is found for a host, and
  * should not be used by consumers to indicate otherwise.
  * If no other entries are found, it translates into "prompt"
  * in the permissions.query() API.
  *
  * PROMPT_ACTION (3) is not persisted for most permissions.
  * Except for camera and microphone, where persisting it means
  * "Always Ask" (the user leaves "☐ Remember this decision"
  * unchecked in the permission grant). It translates into
  * "granted" in permissions.query() to prevent websites from
  * asking users to escalate permissions further.
  *
  * MAX_VALID_ACTION is the highest value (used to validate prefs)
  */
 const uint32_t UNKNOWN_ACTION = 0;
 const uint32_t ALLOW_ACTION = 1;
 const uint32_t DENY_ACTION = 2;
 const uint32_t PROMPT_ACTION = 3;
 const uint32_t MAX_VALID_ACTION = 3;

 /**
  * Predefined expiration types for permissions.  Permissions can be permanent
  * (never expire), expire at the end of the session, or expire at a specified
  * time. Permissions that expire at the end of a session may also have a
  * specified expiration time.
  *
  * EXPIRE_POLICY is a special expiration status. It is set when the permission
  * is set by reading an enterprise policy. These permissions cannot be overridden.
  */
 const uint32_t EXPIRE_NEVER = 0;
 const uint32_t EXPIRE_SESSION = 1;
 const uint32_t EXPIRE_TIME = 2;
 const uint32_t EXPIRE_POLICY = 3;


 /**
  * Get all custom permissions for a given nsIPrincipal. This will return an
  * enumerator of all permissions which are not set to default and which
  * belong to the matching principal of the given nsIPrincipal.
  *
  * @param principal  the URI to get all permissions for
  */
 Array<nsIPermission> getAllForPrincipal(in nsIPrincipal principal);

 /**
  * Get all custom permissions of a specific type, specified with a prefix
  * string.  This will return an array of all permissions which are not set to
  * default.  Also the passed type argument is either equal to or a prefix of
  * the type of the returned permissions.
  *
  * @param prefix  the type prefix string
  */
 Array<nsIPermission> getAllWithTypePrefix(in ACString prefix);


 /**
  * Get all custom permissions whose type exactly match one of the types defined
  * in the passed array argument.
  * This will return an array of all permissions which are not set to default.
  *
  * @param types  an array of case-sensitive ASCII strings, identifying the
  *               permissions to be matched.
  */
 Array<nsIPermission> getAllByTypes(in Array<ACString> types);

 /**
  * Get all custom permissions of a specific type and that were modified after
  * the specified date. This will return an array of all permissions which are
  * not set to default.
  *
  * @param type    a case-sensitive ASCII string, identifying the permission.
  * @param since   a unix timestamp representing the number of milliseconds from
  *                Jan 1, 1970 00:00:00 UTC.
  */
 Array<nsIPermission> getAllByTypeSince(in ACString type, in int64_t since);

 /**
  * Add permission information for a given principal.
  * It is internally calling the other add() method using the nsIURI from the
  * principal.
  * Passing a system principal will be a no-op because they will always be
  * granted permissions.
  */
 void addFromPrincipal(in nsIPrincipal principal, in ACString type,
                       in uint32_t permission,
                       [optional] in uint32_t expireType,
                       [optional] in int64_t expireTime);

 /**
  * Test method to add a permission for a given principal with custom modification time.
  */
 void testAddFromPrincipalByTime(in nsIPrincipal principal, in ACString type,
   in uint32_t permission,
   in int64_t modificationTime
 );

 /**
  * Add permanent permission information for a given principal in private
  * browsing.
  *
  * Normally permissions in private browsing are cleared at the end of the
  * session, this method allows you to override this behavior and set
  * permanent permissions.
  *
  * WARNING: setting permanent permissions _will_ leak data in private
  * browsing. Only use if you understand the consequences and trade-offs. If
  * you are unsure, |addFromPrincipal| is very likely what you want to use
  * instead.
  */
 void addFromPrincipalAndPersistInPrivateBrowsing(in nsIPrincipal principal,
                                                  in ACString type,
                                                  in uint32_t permission);

 /**
  * Add temporary default permission information for a given principal.
  * This permission will be cleared at the end of the session, will not be
  * stored on disk, and will not be set if a conflicting (non-default)
  * permission already exists.
  *
  * This function shouldn't be used by regular permission manager consumers and
  * is only expected to be called by the RemotePermissionService.sys.mjs for
  * the purpose of importing default permissions from remote settings.
  */
 void addDefaultFromPrincipal(in nsIPrincipal principal,
                              in ACString type,
                              in uint32_t permission);

 /**
  * Remove permission information for a given principal.
  * This is internally calling remove() with the host from the principal's URI.
  * Passing system principal will be a no-op because we never add them to the
  * database.
  */
 void removeFromPrincipal(in nsIPrincipal principal, in ACString type);

 /**
  * Remove the given permission from the permission manager.
  *
  * @param perm   a permission obtained from the permission manager.
  */
 void removePermission(in nsIPermission perm);

 /**
  * Clear permission information for all websites.
  */
 void removeAll();

 /**
  * Clear all permission information added since the specified time.
  */
 void removeAllSince(in int64_t since);

 /**
  * Clear all permissions of the passed type.
  */
 void removeByType(in ACString type);

 /**
  * Clear all permissions not of the passed types.
  */
 void removeAllExceptTypes(in Array<ACString> typeExceptions);

 /**
  * Clear all permissions of the passed type added since the specified time.
  * @param type    a case-sensitive ASCII string, identifying the permission.
  * @param since   a unix timestamp representing the number of milliseconds from
  *                Jan 1, 1970 00:00:00 UTC.
  */
 void removeByTypeSince(in ACString type, in int64_t since);

 /**
  * Clear all permissions of the passed types added since the specified time.
  * @param since   a unix timestamp representing the number of milliseconds from
  *                Jan 1, 1970 00:00:00 UTC.
  * @param typeExceptions    a array of case-sensitive ASCII strings, identifying
  *                          the types to not remove.
  */
 void removeAllSinceWithTypeExceptions(in int64_t since, in Array<ACString> typeExceptions);

 /**
  * Test whether the principal has the permission to perform a given action.
  * System principals will always have permissions granted.
  * This function will perform a pref lookup to permissions.default.<type>
  * if the specific permission type is part of the whitelist for that functionality.
  */
 uint32_t testPermissionFromPrincipal(in nsIPrincipal principal,
                                      in ACString type);

 /**
  * Test whether the principal has the permission to perform a given action.
  * This requires an exact hostname match. Subdomain principals do not match
  * permissions of base domains.
  * System principals will always have permissions granted.
  * This function will perform a pref lookup to permissions.default.<type>
  * if the specific permission type is part of the whitelist for that functionality.
  */
 uint32_t testExactPermissionFromPrincipal(in nsIPrincipal principal,
                                           in ACString type);

 /**
  * Test whether a website has permission to perform the given action
  * ignoring active sessions.
  * System principals will always have permissions granted.
  * This function will perform a pref lookup to permissions.default.<type>
  * if the specific permission type is part of the whitelist for that functionality.
  *
  * @param principal the principal
  * @param type      a case-sensitive ASCII string, identifying the consumer
  * @param return    see add(), param permission. returns UNKNOWN_ACTION when
  *                  there is no stored permission for this uri and / or type.
  */
 uint32_t testExactPermanentPermission(in nsIPrincipal principal,
                                       in ACString type);

 /**
  * Get the permission object associated with the given principal and action.
  * @param principal The principal
  * @param type      A case-sensitive ASCII string identifying the consumer
  * @param exactHost If true, only the specific host will be matched.
  *                  If false, base domains of the principal will also
  *                  be searched.
  * @returns The matching permission object, or null if no matching object
  *          was found. No matching object is equivalent to UNKNOWN_ACTION.
  * @note Clients in general should prefer the test* methods unless they
  *       need to know the specific stored details.
  * @note This method will always return null for the system principal.
  */
 nsIPermission getPermissionObject(in nsIPrincipal principal,
                                   in ACString type,
                                   in boolean exactHost);

 /**
  * Returns all stored permissions.
  * @return an array of nsIPermission objects
  */
 readonly attribute Array<nsIPermission> all;

 /**
  * Remove all permissions that will match the origin pattern.
  * @param patternAsJSON    Origin pattern to match.
  * @param typeInclusions   Types to include in search. If empty, includes all types.
  * @param typeExceptions   Types to skip in search.
  */
 void removePermissionsWithAttributes(in AString patternAsJSON, in Array<ACString> typeInclusions, in Array<ACString> typeExceptions);
};

%{ C++
#define NS_PERMISSIONMANAGER_CONTRACTID "@mozilla.org/permissionmanager;1"

#define PERM_CHANGE_NOTIFICATION "perm-changed"
%}