Bug 1174307 - Add some internal content policy types for the purpose of reflecting them on RequestContext; r=sicking
authorEhsan Akhgari <ehsan@mozilla.com>
Fri, 12 Jun 2015 16:52:07 -0400
changeset 248971 1eefebfb86eb72ac66b6a5707bcdff3fd1043974
parent 248970 eebb50d7259610da6f4d29160eb6f8d33104df0f
child 248972 4d9c70392f0ef9079abaa649c61be9728b52e2dd
push id28914
push usercbook@mozilla.com
push dateTue, 16 Jun 2015 14:11:13 +0000
treeherdermozilla-central@abaec2f7ed2c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssicking
bugs1174307
milestone41.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1174307 - Add some internal content policy types for the purpose of reflecting them on RequestContext; r=sicking These new content policy types will be internal ones that we will map to external nsContentPolicyTypes before passing them to content policy implementations.
dom/base/nsContentPolicy.cpp
dom/base/nsContentPolicy.h
dom/base/nsContentPolicyUtils.h
dom/base/nsContentUtils.cpp
dom/base/nsContentUtils.h
dom/base/nsDataDocumentContentPolicy.cpp
dom/base/nsIContentPolicy.idl
dom/base/nsIContentPolicyBase.idl
dom/base/nsISimpleContentPolicy.idl
dom/security/nsCSPService.cpp
dom/security/nsMixedContentBlocker.cpp
extensions/permissions/nsContentBlocker.cpp
--- a/dom/base/nsContentPolicy.cpp
+++ b/dom/base/nsContentPolicy.cpp
@@ -63,17 +63,17 @@ nsContentPolicy::~nsContentPolicy()
 
 #define WARN_IF_URI_UNINITIALIZED(uri,name)
 
 #endif // defined(DEBUG)
 
 inline nsresult
 nsContentPolicy::CheckPolicy(CPMethod          policyMethod,
                              SCPMethod         simplePolicyMethod,
-                             uint32_t          contentType,
+                             nsContentPolicyType contentType,
                              nsIURI           *contentLocation,
                              nsIURI           *requestingLocation,
                              nsISupports      *requestingContext,
                              const nsACString &mimeType,
                              nsISupports      *extra,
                              nsIPrincipal     *requestPrincipal,
                              int16_t           *decision)
 {
@@ -105,27 +105,30 @@ nsContentPolicy::CheckPolicy(CPMethod   
         if (!doc) {
             doc = do_QueryInterface(requestingContext);
         }
         if (doc) {
             requestingLocation = doc->GetDocumentURI();
         }
     }
 
+    nsContentPolicyType externalType =
+        nsContentUtils::InternalContentPolicyTypeToExternal(contentType);
+
     /* 
      * Enumerate mPolicies and ask each of them, taking the logical AND of
      * their permissions.
      */
     nsresult rv;
     nsCOMArray<nsIContentPolicy> entries;
     mPolicies.GetEntries(entries);
     int32_t count = entries.Count();
     for (int32_t i = 0; i < count; i++) {
         /* check the appropriate policy */
-        rv = (entries[i]->*policyMethod)(contentType, contentLocation,
+        rv = (entries[i]->*policyMethod)(externalType, contentLocation,
                                          requestingLocation, requestingContext,
                                          mimeType, extra, requestPrincipal,
                                          decision);
 
         if (NS_SUCCEEDED(rv) && NS_CP_REJECTED(*decision)) {
             /* policy says no, no point continuing to check */
             return NS_OK;
         }
@@ -161,17 +164,17 @@ nsContentPolicy::CheckPolicy(CPMethod   
         }
     }
 
     nsCOMArray<nsISimpleContentPolicy> simpleEntries;
     mSimplePolicies.GetEntries(simpleEntries);
     count = simpleEntries.Count();
     for (int32_t i = 0; i < count; i++) {
         /* check the appropriate policy */
-        rv = (simpleEntries[i]->*simplePolicyMethod)(contentType, contentLocation,
+        rv = (simpleEntries[i]->*simplePolicyMethod)(externalType, contentLocation,
                                                      requestingLocation,
                                                      topFrameElement, isTopLevel,
                                                      mimeType, extra, requestPrincipal,
                                                      decision);
 
         if (NS_SUCCEEDED(rv) && NS_CP_REJECTED(*decision)) {
             /* policy says no, no point continuing to check */
             return NS_OK;
--- a/dom/base/nsContentPolicy.h
+++ b/dom/base/nsContentPolicy.h
@@ -44,17 +44,17 @@ class nsContentPolicy : public nsIConten
                          ShouldProcess,
                          (uint32_t, nsIURI*, nsIURI*, nsIDOMElement*, bool,
                            const nsACString &, nsISupports*, nsIPrincipal*,
                            int16_t*));
 
     //Helper method that applies policyMethod across all policies in mPolicies
     // with the given parameters
     nsresult CheckPolicy(CPMethod policyMethod, SCPMethod simplePolicyMethod,
-                         uint32_t contentType,
+                         nsContentPolicyType contentType,
                          nsIURI *aURI, nsIURI *origURI,
                          nsISupports *requestingContext,
                          const nsACString &mimeGuess, nsISupports *extra,
                          nsIPrincipal *requestPrincipal,
                          int16_t *decision);
 };
 
 nsresult
--- a/dom/base/nsContentPolicyUtils.h
+++ b/dom/base/nsContentPolicyUtils.h
@@ -87,38 +87,48 @@ NS_CP_ResponseName(int16_t response)
  *
  * @param contentType the content type code
  * @return the name of the given content type code
  */
 inline const char *
 NS_CP_ContentTypeName(uint32_t contentType)
 {
   switch (contentType) {
-    CASE_RETURN( TYPE_OTHER             );
-    CASE_RETURN( TYPE_SCRIPT            );
-    CASE_RETURN( TYPE_IMAGE             );
-    CASE_RETURN( TYPE_STYLESHEET        );
-    CASE_RETURN( TYPE_OBJECT            );
-    CASE_RETURN( TYPE_DOCUMENT          );
-    CASE_RETURN( TYPE_SUBDOCUMENT       );
-    CASE_RETURN( TYPE_REFRESH           );
-    CASE_RETURN( TYPE_XBL               );
-    CASE_RETURN( TYPE_PING              );
-    CASE_RETURN( TYPE_XMLHTTPREQUEST    );
-    CASE_RETURN( TYPE_OBJECT_SUBREQUEST );
-    CASE_RETURN( TYPE_DTD               );
-    CASE_RETURN( TYPE_FONT              );
-    CASE_RETURN( TYPE_MEDIA             );
-    CASE_RETURN( TYPE_WEBSOCKET         );
-    CASE_RETURN( TYPE_CSP_REPORT        );
-    CASE_RETURN( TYPE_XSLT              );
-    CASE_RETURN( TYPE_BEACON            );
-    CASE_RETURN( TYPE_FETCH             );
-    CASE_RETURN( TYPE_IMAGESET          );
-    CASE_RETURN( TYPE_WEB_MANIFEST      );
+    CASE_RETURN( TYPE_OTHER                  );
+    CASE_RETURN( TYPE_SCRIPT                 );
+    CASE_RETURN( TYPE_IMAGE                  );
+    CASE_RETURN( TYPE_STYLESHEET             );
+    CASE_RETURN( TYPE_OBJECT                 );
+    CASE_RETURN( TYPE_DOCUMENT               );
+    CASE_RETURN( TYPE_SUBDOCUMENT            );
+    CASE_RETURN( TYPE_REFRESH                );
+    CASE_RETURN( TYPE_XBL                    );
+    CASE_RETURN( TYPE_PING                   );
+    CASE_RETURN( TYPE_XMLHTTPREQUEST         );
+    CASE_RETURN( TYPE_OBJECT_SUBREQUEST      );
+    CASE_RETURN( TYPE_DTD                    );
+    CASE_RETURN( TYPE_FONT                   );
+    CASE_RETURN( TYPE_MEDIA                  );
+    CASE_RETURN( TYPE_WEBSOCKET              );
+    CASE_RETURN( TYPE_CSP_REPORT             );
+    CASE_RETURN( TYPE_XSLT                   );
+    CASE_RETURN( TYPE_BEACON                 );
+    CASE_RETURN( TYPE_FETCH                  );
+    CASE_RETURN( TYPE_IMAGESET               );
+    CASE_RETURN( TYPE_WEB_MANIFEST           );
+    CASE_RETURN( TYPE_INTERNAL_SCRIPT        );
+    CASE_RETURN( TYPE_INTERNAL_WORKER        );
+    CASE_RETURN( TYPE_INTERNAL_SHARED_WORKER );
+    CASE_RETURN( TYPE_INTERNAL_EMBED         );
+    CASE_RETURN( TYPE_INTERNAL_OBJECT        );
+    CASE_RETURN( TYPE_INTERNAL_FRAME         );
+    CASE_RETURN( TYPE_INTERNAL_IFRAME        );
+    CASE_RETURN( TYPE_INTERNAL_AUDIO         );
+    CASE_RETURN( TYPE_INTERNAL_VIDEO         );
+    CASE_RETURN( TYPE_INTERNAL_TRACK         );
    default:
     return "<Unknown Type>";
   }
 }
 
 #undef CASE_RETURN
 
 /* Passes on parameters from its "caller"'s context. */
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -7807,8 +7807,36 @@ nsContentUtils::GetWindowRoot(nsIDocumen
   if (aDoc) {
     nsPIDOMWindow* win = aDoc->GetWindow();
     if (win) {
       return win->GetTopWindowRoot();
     }
   }
   return nullptr;
 }
+
+/* static */
+nsContentPolicyType
+nsContentUtils::InternalContentPolicyTypeToExternal(nsContentPolicyType aType)
+{
+  switch (aType) {
+  case nsIContentPolicy::TYPE_INTERNAL_SCRIPT:
+  case nsIContentPolicy::TYPE_INTERNAL_WORKER:
+  case nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER:
+    return nsIContentPolicy::TYPE_SCRIPT;
+
+  case nsIContentPolicy::TYPE_INTERNAL_EMBED:
+  case nsIContentPolicy::TYPE_INTERNAL_OBJECT:
+    return nsIContentPolicy::TYPE_OBJECT;
+
+  case nsIContentPolicy::TYPE_INTERNAL_FRAME:
+  case nsIContentPolicy::TYPE_INTERNAL_IFRAME:
+    return nsIContentPolicy::TYPE_SUBDOCUMENT;
+
+  case nsIContentPolicy::TYPE_INTERNAL_AUDIO:
+  case nsIContentPolicy::TYPE_INTERNAL_VIDEO:
+  case nsIContentPolicy::TYPE_INTERNAL_TRACK:
+    return nsIContentPolicy::TYPE_MEDIA;
+
+  default:
+    return aType;
+  }
+}
--- a/dom/base/nsContentUtils.h
+++ b/dom/base/nsContentUtils.h
@@ -912,16 +912,21 @@ public:
   static bool IsInChromeDocshell(nsIDocument *aDocument);
 
   /**
    * Return the content policy service
    */
   static nsIContentPolicy *GetContentPolicy();
 
   /**
+   * Map internal content policy types to external ones.
+   */
+  static nsContentPolicyType InternalContentPolicyTypeToExternal(nsContentPolicyType aType);
+
+  /**
    * Quick helper to determine whether there are any mutation listeners
    * of a given type that apply to this content or any of its ancestors.
    * The method has the side effect to call document's MayDispatchMutationEvent
    * using aTargetForSubtreeModified as the parameter.
    *
    * @param aNode  The node to search for listeners
    * @param aType  The type of listener (NS_EVENT_BITS_MUTATION_*)
    * @param aTargetForSubtreeModified The node which is the target of the
--- a/dom/base/nsDataDocumentContentPolicy.cpp
+++ b/dom/base/nsDataDocumentContentPolicy.cpp
@@ -38,16 +38,19 @@ nsDataDocumentContentPolicy::ShouldLoad(
                                         nsIURI *aContentLocation,
                                         nsIURI *aRequestingLocation,
                                         nsISupports *aRequestingContext,
                                         const nsACString &aMimeGuess,
                                         nsISupports *aExtra,
                                         nsIPrincipal *aRequestPrincipal,
                                         int16_t *aDecision)
 {
+  MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
+             "We should only see external content policy types here.");
+
   *aDecision = nsIContentPolicy::ACCEPT;
   // Look for the document.  In most cases, aRequestingContext is a node.
   nsCOMPtr<nsIDocument> doc;
   nsCOMPtr<nsINode> node = do_QueryInterface(aRequestingContext);
   if (node) {
     doc = node->OwnerDoc();
   } else {
     nsCOMPtr<nsPIDOMWindow> window = do_QueryInterface(aRequestingContext);
--- a/dom/base/nsIContentPolicy.idl
+++ b/dom/base/nsIContentPolicy.idl
@@ -15,17 +15,17 @@ interface nsIPrincipal;
  * Interface for content policy mechanism.  Implementations of this
  * interface can be used to control loading of various types of out-of-line
  * content, or processing of certain types of in-line content.
  *
  * WARNING: do not block the caller from shouldLoad or shouldProcess (e.g.,
  * by launching a dialog to prompt the user for something).
  */
 
-[scriptable,uuid(cb978019-0c5b-4067-abb6-c914461208c1)]
+[scriptable,uuid(b545899e-42bd-434c-8fec-a0af3448ea15)]
 interface nsIContentPolicy : nsIContentPolicyBase
 {
   /**
    * Should the resource at this location be loaded?
    * ShouldLoad will be called before loading the resource at aContentLocation
    * to determine whether to start the load at all.
    *
    * @param aContentType      the type of content being tested. This will be one
--- a/dom/base/nsIContentPolicyBase.idl
+++ b/dom/base/nsIContentPolicyBase.idl
@@ -19,17 +19,17 @@ typedef unsigned long nsContentPolicyTyp
  * Interface for content policy mechanism.  Implementations of this
  * interface can be used to control loading of various types of out-of-line
  * content, or processing of certain types of in-line content.
  *
  * WARNING: do not block the caller from shouldLoad or shouldProcess (e.g.,
  * by launching a dialog to prompt the user for something).
  */
 
-[scriptable,uuid(4f2655e8-6365-4583-8510-732bff2186c5)]
+[scriptable,uuid(11b8d725-7c2b-429e-b51f-8b5b542d5009)]
 interface nsIContentPolicyBase : nsISupports
 {
   /**
    * Indicates a unset or bogus policy type.
    */
   const nsContentPolicyType TYPE_INVALID = 0;
 
   /**
@@ -52,16 +52,20 @@ interface nsIContentPolicyBase : nsISupp
    * of the existing ones. In the bug you file, provide a more detailed
    * description of the new type of content you want Gecko to support, so that
    * the existing implementations of nsIContentPolicy can be properly modified
    * to deal with that new type of content.
    *
    * Implementations of nsIContentPolicy should treat this the same way they
    * treat unknown types, because existing users of TYPE_OTHER may be converted
    * to use new content types.
+   *
+   * Note that the TYPE_INTERNAL_* constants are never passed to content
+   * policy implementations.  They are mapped to other TYPE_* constants, and
+   * are only intended for internal usage inside Gecko.
    */
   const nsContentPolicyType TYPE_OTHER = 1;
 
   /**
    * Indicates an executable script (such as JavaScript).
    */
   const nsContentPolicyType TYPE_SCRIPT = 2;
 
@@ -172,16 +176,92 @@ interface nsIContentPolicyBase : nsISupp
    */
   const nsContentPolicyType TYPE_IMAGESET = 21;
 
   /**
    * Indicates a web manifest.
    */
   const nsContentPolicyType TYPE_WEB_MANIFEST = 22;
 
+  /**
+   * Indicates an internal constant for scripts loaded through script
+   * elements.
+   *
+   * This will be mapped to TYPE_SCRIPT before being passed to content policy
+   * implementations.
+   */
+  const nsContentPolicyType TYPE_INTERNAL_SCRIPT = 23;
+
+  /**
+   * Indicates an internal constant for scripts loaded through a dedicated
+   * worker.
+   *
+   * This will be mapped to TYPE_SCRIPT before being passed to content policy
+   * implementations.
+   */
+  const nsContentPolicyType TYPE_INTERNAL_WORKER = 24;
+
+  /**
+   * Indicates an internal constant for scripts loaded through a shared
+   * worker.
+   *
+   * This will be mapped to TYPE_SCRIPT before being passed to content policy
+   * implementations.
+   */
+  const nsContentPolicyType TYPE_INTERNAL_SHARED_WORKER = 25;
+
+  /**
+   * Indicates an internal constant for content loaded from embed elements.
+   *
+   * This will be mapped to TYPE_OBJECT.
+   */
+  const nsContentPolicyType TYPE_INTERNAL_EMBED = 26;
+
+  /**
+   * Indicates an internal constant for content loaded from object elements.
+   *
+   * This will be mapped to TYPE_OBJECT.
+   */
+  const nsContentPolicyType TYPE_INTERNAL_OBJECT = 27;
+
+  /**
+   * Indicates an internal constant for content loaded from frame elements.
+   *
+   * This will be mapped to TYPE_SUBDOCUMENT.
+   */
+  const nsContentPolicyType TYPE_INTERNAL_FRAME = 28;
+
+  /**
+   * Indicates an internal constant for content loaded from iframe elements.
+   *
+   * This will be mapped to TYPE_SUBDOCUMENT.
+   */
+  const nsContentPolicyType TYPE_INTERNAL_IFRAME = 29;
+
+  /**
+   * Indicates an internal constant for content loaded from audio elements.
+   *
+   * This will be mapped to TYPE_MEDIA.
+   */
+  const nsContentPolicyType TYPE_INTERNAL_AUDIO = 30;
+
+  /**
+   * Indicates an internal constant for content loaded from video elements.
+   *
+   * This will be mapped to TYPE_MEDIA.
+   */
+  const nsContentPolicyType TYPE_INTERNAL_VIDEO = 31;
+
+  /**
+   * Indicates an internal constant for content loaded from track elements.
+   *
+   * This will be mapped to TYPE_MEDIA.
+   */
+  const nsContentPolicyType TYPE_INTERNAL_TRACK = 32;
+
   /* When adding new content types, please update nsContentBlocker,
    * NS_CP_ContentTypeName, nsCSPContext, all nsIContentPolicy
    * implementations, and other things that are not listed here that are
    * related to nsIContentPolicy. */
 
   //////////////////////////////////////////////////////////////////////
 
   /**
--- a/dom/base/nsISimpleContentPolicy.idl
+++ b/dom/base/nsISimpleContentPolicy.idl
@@ -23,17 +23,17 @@ interface nsIDOMElement;
  * to block loads without using cross-process wrappers (CPOWs). Add-ons should
  * prefer this interface to nsIContentPolicy because it should be faster in
  * e10s. In the future, it may also be run asynchronously.
  *
  * WARNING: do not block the caller from shouldLoad or shouldProcess (e.g.,
  * by launching a dialog to prompt the user for something).
  */
 
-[scriptable,uuid(704b4b8e-2287-498a-9c0a-d1bde547a2d4)]
+[scriptable,uuid(b181c97c-9d67-4da1-95a0-e0a202e1807c)]
 interface nsISimpleContentPolicy : nsIContentPolicyBase
 {
   /**
    * Should the resource at this location be loaded?
    * ShouldLoad will be called before loading the resource at aContentLocation
    * to determine whether to start the load at all.
    *
    * @param aContentType      the type of content being tested. This will be one
--- a/dom/security/nsCSPService.cpp
+++ b/dom/security/nsCSPService.cpp
@@ -100,16 +100,19 @@ CSPService::ShouldLoad(uint32_t aContent
                        nsIURI *aContentLocation,
                        nsIURI *aRequestOrigin,
                        nsISupports *aRequestContext,
                        const nsACString &aMimeTypeGuess,
                        nsISupports *aExtra,
                        nsIPrincipal *aRequestPrincipal,
                        int16_t *aDecision)
 {
+  MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
+             "We should only see external content policy types here.");
+
   if (!aContentLocation) {
     return NS_ERROR_FAILURE;
   }
 
   if (MOZ_LOG_TEST(gCspPRLog, LogLevel::Debug)) {
     nsAutoCString location;
     aContentLocation->GetSpec(location);
     MOZ_LOG(gCspPRLog, LogLevel::Debug,
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@@ -334,16 +334,19 @@ nsMixedContentBlocker::ShouldLoad(bool a
                                   nsIPrincipal* aRequestPrincipal,
                                   int16_t* aDecision)
 {
   // Asserting that we are on the main thread here and hence do not have to lock
   // and unlock sBlockMixedScript and sBlockMixedDisplay before reading/writing
   // to them.
   MOZ_ASSERT(NS_IsMainThread());
 
+  MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
+             "We should only see external content policy types here.");
+
   // Assume active (high risk) content and blocked by default
   MixedContentTypes classification = eMixedScript;
   // Make decision to block/reject by default
   *aDecision = REJECT_REQUEST;
 
 
   // Notes on non-obvious decisions:
   //
--- a/extensions/permissions/nsContentBlocker.cpp
+++ b/extensions/permissions/nsContentBlocker.cpp
@@ -17,17 +17,18 @@
 
 // Possible behavior pref values
 // Those map to the nsIPermissionManager values where possible
 #define BEHAVIOR_ACCEPT nsIPermissionManager::ALLOW_ACTION
 #define BEHAVIOR_REJECT nsIPermissionManager::DENY_ACTION
 #define BEHAVIOR_NOFOREIGN 3
 
 // From nsIContentPolicy
-static const char *kTypeString[] = {"other",
+static const char *kTypeString[] = {
+                                    "other",
                                     "script",
                                     "image",
                                     "stylesheet",
                                     "object",
                                     "document",
                                     "subdocument",
                                     "refresh",
                                     "xbl",
@@ -38,17 +39,28 @@ static const char *kTypeString[] = {"oth
                                     "font",
                                     "media",
                                     "websocket",
                                     "csp_report",
                                     "xslt",
                                     "beacon",
                                     "fetch",
                                     "imageset",
-                                    "manifest"};
+                                    "manifest",
+                                    "", // TYPE_INTERNAL_SCRIPT
+                                    "", // TYPE_INTERNAL_WORKER
+                                    "", // TYPE_INTERNAL_SHARED_WORKER
+                                    "", // TYPE_INTERNAL_EMBED
+                                    "", // TYPE_INTERNAL_OBJECT
+                                    "", // TYPE_INTERNAL_FRAME
+                                    "", // TYPE_INTERNAL_IFRAME
+                                    "", // TYPE_INTERNAL_AUDIO
+                                    "", // TYPE_INTERNAL_VIDEO
+                                    ""  // TYPE_INTERNAL_TRACK
+};
 
 #define NUMBER_OF_TYPES MOZ_ARRAY_LENGTH(kTypeString)
 uint8_t nsContentBlocker::mBehaviorPref[NUMBER_OF_TYPES];
 
 NS_IMPL_ISUPPORTS(nsContentBlocker, 
                   nsIContentPolicy,
                   nsIObserver,
                   nsISupportsWeakReference)
@@ -114,17 +126,18 @@ void
 nsContentBlocker::PrefChanged(nsIPrefBranch *aPrefBranch,
                               const char    *aPref)
 {
   int32_t val;
 
 #define PREF_CHANGED(_P) (!aPref || !strcmp(aPref, _P))
 
   for(uint32_t i = 0; i < NUMBER_OF_TYPES; ++i) {
-    if (PREF_CHANGED(kTypeString[i]) &&
+    if (*kTypeString[i] &&
+        PREF_CHANGED(kTypeString[i]) &&
         NS_SUCCEEDED(aPrefBranch->GetIntPref(kTypeString[i], &val)))
       mBehaviorPref[i] = LIMIT(val, 1, 3, 1);
   }
 
 }
 
 // nsIContentPolicy Implementation
 NS_IMETHODIMP 
@@ -232,16 +245,23 @@ nsContentBlocker::ShouldProcess(uint32_t
 nsresult
 nsContentBlocker::TestPermission(nsIURI *aCurrentURI,
                                  nsIURI *aFirstURI,
                                  int32_t aContentType,
                                  bool *aPermission,
                                  bool *aFromPrefs)
 {
   *aFromPrefs = false;
+
+  if (!*kTypeString[aContentType - 1]) {
+    // Disallow internal content policy types, they should not be used here.
+    *aPermission = false;
+    return NS_OK;
+  }
+
   // This default will also get used if there is an unknown value in the
   // permission list, or if the permission manager returns unknown values.
   *aPermission = true;
 
   // check the permission list first; if we find an entry, it overrides
   // default prefs.
   // Don't forget the aContentType ranges from 1..8, while the
   // array is indexed 0..7