Bug 1357107 - Remove nsContentBlocker. r=bzbarsky
authorpbz <pbz@mozilla.com>
Tue, 21 Jan 2020 19:19:17 +0000
changeset 511089 798234088fd904c05e9312a0f703980e284d3bf7
parent 511088 dea8bc3b320acdd689a27596a0a54eb794941333
child 511090 c9e1dfd4ffb0c6a024c562cb1b1485bcab9f3e81
push id37045
push usercsabou@mozilla.com
push dateWed, 22 Jan 2020 21:48:55 +0000
treeherdermozilla-central@a80ee2878a79 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbzbarsky
bugs1357107
milestone74.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1357107 - Remove nsContentBlocker. r=bzbarsky Differential Revision: https://phabricator.services.mozilla.com/D59696
dom/base/nsIContentPolicy.idl
dom/base/nsObjectLoadingContent.cpp
dom/base/test/test_blocking_image.html
extensions/permissions/components.conf
extensions/permissions/moz.build
extensions/permissions/nsContentBlocker.cpp
extensions/permissions/nsContentBlocker.h
extensions/permissions/nsPermissionManager.cpp
extensions/permissions/nsPermissionManager.h
extensions/permissions/test/browser_permmgr_sync.js
modules/libpref/init/StaticPrefList.yaml
--- a/dom/base/nsIContentPolicy.idl
+++ b/dom/base/nsIContentPolicy.idl
@@ -371,17 +371,17 @@ interface nsIContentPolicy : nsISupports
   const nsContentPolicyType TYPE_INTERNAL_DTD = 47;
 
   /**
    * Indicates a TYPE_INTERNAL_DTD which will not be blocked no matter
    * what principal is being loaded from.
    */
   const nsContentPolicyType TYPE_INTERNAL_FORCE_ALLOWED_DTD = 48;
 
-  /* When adding new content types, please update nsContentBlocker,
+  /* When adding new content types, please update
    * NS_CP_ContentTypeName, nsCSPContext, CSP_ContentTypeToDirective,
    * DoContentSecurityChecks, all nsIContentPolicy implementations, the
    * static_assert in dom/cache/DBSchema.cpp, ChannelWrapper.webidl,
    * ChannelWrapper.cpp, nsPermissionManager.cpp, and other things that are not
    * listed here that are related to nsIContentPolicy. */
 
   //////////////////////////////////////////////////////////////////////
 
--- a/dom/base/nsObjectLoadingContent.cpp
+++ b/dom/base/nsObjectLoadingContent.cpp
@@ -1961,19 +1961,16 @@ nsresult nsObjectLoadingContent::LoadObj
       return NS_OK;
     }
 
     // Load denied, switch to fallback and set disabled/suppressed if applicable
     if (!allowLoad) {
       LOG(("OBJLC [%p]: Load denied by policy", this));
       mType = eType_Null;
       if (contentPolicy == nsIContentPolicy::REJECT_TYPE) {
-        // XXX(johns) This is assuming that we were rejected by
-        //            nsContentBlocker, which rejects by type if permissions
-        //            reject plugins
         fallbackType = eFallbackUserDisabled;
       } else {
         fallbackType = eFallbackSuppressed;
       }
     }
   }
 
   // Don't allow view-source scheme.
--- a/dom/base/test/test_blocking_image.html
+++ b/dom/base/test/test_blocking_image.html
@@ -71,21 +71,16 @@ function onLoad() {
       doc.body.appendChild(img2);
       return imgListener(img2);
     }).then(() => {
       ok(true, "img2 shouldn't be loaded");
       is(iframe.contentWindow.getComputedStyle(img2).color, "rgb(255, 0, 0)",
          "color of img2 should be red");
       ok(img2.matches(":-moz-broken"), "should match ':-moz-broken' selector");
 
-      // If nsContentBlocker is disabled, skip remaining checks
-      if(!SpecialPowers.Services.prefs.getBoolPref("extensions.contentblocker.enabled")) {
-        return Promise.reject(true);
-      }
-
       // Now prepare for the next test, deny image.
       return new Promise(resolve => {
           SpecialPowers.pushPrefEnv({"set": [["permissions.default.image", 2]]}, resolve)
       });
     }).then(() => {
       // Now image is denied, loading image will be rejected with REJECT_TYPE,
       // which will be mapped to :-moz-user-disabled
       img3.src = "https://example.com/tests/image/test/mochitest/shaver.png";
--- a/extensions/permissions/components.conf
+++ b/extensions/permissions/components.conf
@@ -1,24 +1,16 @@
 # -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 Classes = [
     {
-        'cid': '{4ca6b67b-5cc7-4e71-a98a-97af1c134862}',
-        'contract_ids': ['@mozilla.org/permissions/contentblocker;1'],
-        'type': 'nsContentBlocker',
-        'headers': ['/extensions/permissions/nsContentBlocker.h'],
-        'init_method': 'Init',
-        'categories': {'content-policy': '@mozilla.org/permissions/contentblocker;1'},
-    },
-    {
         'cid': '{4f6b5e00-0c36-11d5-a535-0010a401eb10}',
         'contract_ids': ['@mozilla.org/permissionmanager;1'],
         'singleton': True,
         'type': 'nsIPermissionManager',
         'constructor': 'nsPermissionManager::GetXPCOMSingleton',
         'headers': ['/extensions/permissions/nsPermissionManager.h'],
     },
     {
--- a/extensions/permissions/moz.build
+++ b/extensions/permissions/moz.build
@@ -10,17 +10,16 @@ TESTING_JS_MODULES += [
     'test/PermissionTestUtils.jsm',
 ]
 
 EXPORTS += [
     'PermissionDelegateHandler.h',
 ]
 
 UNIFIED_SOURCES += [
-    'nsContentBlocker.cpp',
     'nsPermission.cpp',
     'nsPermissionManager.cpp',
     'PermissionDelegateHandler.cpp',
 ]
 
 XPCOM_MANIFESTS += [
     'components.conf',
 ]
deleted file mode 100644
--- a/extensions/permissions/nsContentBlocker.cpp
+++ /dev/null
@@ -1,398 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsContentBlocker.h"
-#include "nsIContent.h"
-#include "nsIURI.h"
-#include "nsIDocShellTreeItem.h"
-#include "nsIPrefService.h"
-#include "nsIPrefBranch.h"
-#include "nsIDocShell.h"
-#include "nsString.h"
-#include "nsContentPolicyUtils.h"
-#include "mozilla/ArrayUtils.h"
-#include "nsContentUtils.h"
-#include "nsNetUtil.h"
-#include "mozilla/StaticPrefs_extensions.h"
-
-// Possible behavior pref values
-// Those map to the nsIPermissionManager values where possible
-#define BEHAVIOR_ACCEPT nsIPermissionManager::ALLOW_ACTION
-#define BEHAVIOR_REJECT nsIPermissionManager::DENY_ACTION
-#define BEHAVIOR_NOFOREIGN 3
-
-// From nsIContentPolicy
-static const nsLiteralCString kTypeString[] = {
-    NS_LITERAL_CSTRING("other"),
-    NS_LITERAL_CSTRING("script"),
-    NS_LITERAL_CSTRING("image"),
-    NS_LITERAL_CSTRING("stylesheet"),
-    NS_LITERAL_CSTRING("object"),
-    NS_LITERAL_CSTRING("document"),
-    NS_LITERAL_CSTRING("subdocument"),
-    NS_LITERAL_CSTRING("refresh"),
-    NS_LITERAL_CSTRING("xbl"),
-    NS_LITERAL_CSTRING("ping"),
-    NS_LITERAL_CSTRING("xmlhttprequest"),
-    NS_LITERAL_CSTRING("objectsubrequest"),
-    NS_LITERAL_CSTRING("dtd"),
-    NS_LITERAL_CSTRING("font"),
-    NS_LITERAL_CSTRING("media"),
-    NS_LITERAL_CSTRING("websocket"),
-    NS_LITERAL_CSTRING("csp_report"),
-    NS_LITERAL_CSTRING("xslt"),
-    NS_LITERAL_CSTRING("beacon"),
-    NS_LITERAL_CSTRING("fetch"),
-    NS_LITERAL_CSTRING("image"),
-    NS_LITERAL_CSTRING("manifest"),
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_SCRIPT
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_WORKER
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_SHARED_WORKER
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_EMBED
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_OBJECT
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_FRAME
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_IFRAME
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_AUDIO
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_VIDEO
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_TRACK
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_XMLHTTPREQUEST
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_EVENTSOURCE
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_SERVICE_WORKER
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_SCRIPT_PRELOAD
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_IMAGE
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_IMAGE_PRELOAD
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_STYLESHEET
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_STYLESHEET_PRELOAD
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_IMAGE_FAVICON
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_WORKERS_IMPORT_SCRIPTS
-    NS_LITERAL_CSTRING("saveas_download"),
-    NS_LITERAL_CSTRING("speculative"),
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_MODULE
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_MODULE_PRELOAD
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_DTD
-    NS_LITERAL_CSTRING(""),  // TYPE_INTERNAL_FORCE_ALLOWED_DTD
-};
-
-#define NUMBER_OF_TYPES MOZ_ARRAY_LENGTH(kTypeString)
-uint8_t nsContentBlocker::mBehaviorPref[NUMBER_OF_TYPES];
-
-NS_IMPL_ISUPPORTS(nsContentBlocker, nsIContentPolicy, nsIObserver,
-                  nsISupportsWeakReference)
-
-nsContentBlocker::nsContentBlocker() {
-  memset(mBehaviorPref, BEHAVIOR_ACCEPT, NUMBER_OF_TYPES);
-}
-
-nsresult nsContentBlocker::Init() {
-  if (!StaticPrefs::extensions_contentblocker_enabled_AtStartup()) {
-    return NS_OK;
-  }
-
-  mPermissionManager = nsPermissionManager::GetInstance();
-  if (!mPermissionManager) {
-    return NS_ERROR_NULL_POINTER;
-  }
-
-  nsresult rv;
-  nsCOMPtr<nsIPrefService> prefService =
-      do_GetService(NS_PREFSERVICE_CONTRACTID, &rv);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  nsCOMPtr<nsIPrefBranch> prefBranch;
-  rv = prefService->GetBranch("permissions.default.",
-                              getter_AddRefs(prefBranch));
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  // Migrate old image blocker pref
-  nsCOMPtr<nsIPrefBranch> oldPrefBranch;
-  oldPrefBranch = do_QueryInterface(prefService);
-  int32_t oldPref;
-  rv = oldPrefBranch->GetIntPref("network.image.imageBehavior", &oldPref);
-  if (NS_SUCCEEDED(rv) && oldPref) {
-    int32_t newPref;
-    switch (oldPref) {
-      default:
-        newPref = BEHAVIOR_ACCEPT;
-        break;
-      case 1:
-        newPref = BEHAVIOR_NOFOREIGN;
-        break;
-      case 2:
-        newPref = BEHAVIOR_REJECT;
-        break;
-    }
-    prefBranch->SetIntPref("image", newPref);
-    oldPrefBranch->ClearUserPref("network.image.imageBehavior");
-  }
-
-  // The branch is not a copy of the prefservice, but a new object, because
-  // it is a non-default branch. Adding obeservers to it will only work if
-  // we make sure that the object doesn't die. So, keep a reference to it.
-  mPrefBranchInternal = prefBranch;
-
-  rv = mPrefBranchInternal->AddObserver("", this, true);
-  PrefChanged(prefBranch, nullptr);
-
-  return rv;
-}
-
-#undef LIMIT
-#define LIMIT(x, low, high, default) \
-  ((x) >= (low) && (x) <= (high) ? (x) : (default))
-
-void nsContentBlocker::PrefChanged(nsIPrefBranch* aPrefBranch,
-                                   const char* aPref) {
-  int32_t val;
-
-#define PREF_CHANGED(_P) (!aPref || !strcmp(aPref, _P))
-
-  for (uint32_t i = 0; i < NUMBER_OF_TYPES; ++i) {
-    if (!kTypeString[i].IsEmpty() && PREF_CHANGED(kTypeString[i].get()) &&
-        NS_SUCCEEDED(aPrefBranch->GetIntPref(kTypeString[i].get(), &val))) {
-      mBehaviorPref[i] = LIMIT(val, 1, 3, 1);
-    }
-  }
-}
-
-// nsIContentPolicy Implementation
-NS_IMETHODIMP
-nsContentBlocker::ShouldLoad(nsIURI* aContentLocation, nsILoadInfo* aLoadInfo,
-                             const nsACString& aMimeGuess, int16_t* aDecision) {
-  if (!StaticPrefs::extensions_contentblocker_enabled_AtStartup()) {
-    *aDecision = nsIContentPolicy::ACCEPT;
-    return NS_OK;
-  }
-  uint32_t contentType = aLoadInfo->GetExternalContentPolicyType();
-  nsCOMPtr<nsIPrincipal> loadingPrincipal = aLoadInfo->LoadingPrincipal();
-  nsCOMPtr<nsIURI> requestingLocation;
-  if (loadingPrincipal) {
-    loadingPrincipal->GetURI(getter_AddRefs(requestingLocation));
-  }
-
-  MOZ_ASSERT(contentType == nsContentUtils::InternalContentPolicyTypeToExternal(
-                                contentType),
-             "We should only see external content policy types here.");
-
-  *aDecision = nsIContentPolicy::ACCEPT;
-  nsresult rv;
-
-  // Ony support NUMBER_OF_TYPES content types. that all there is at the
-  // moment, but you never know...
-  if (contentType > NUMBER_OF_TYPES) return NS_OK;
-
-  // we can't do anything without this
-  if (!aContentLocation) return NS_OK;
-
-  // The final type of an object tag may mutate before it reaches
-  // shouldProcess, so we cannot make any sane blocking decisions here
-  if (contentType == nsIContentPolicy::TYPE_OBJECT) return NS_OK;
-
-  // we only want to check http, https, ftp
-  // for chrome:// and resources and others, no need to check.
-  nsAutoCString scheme;
-  aContentLocation->GetScheme(scheme);
-  if (!scheme.LowerCaseEqualsLiteral("ftp") &&
-      !scheme.LowerCaseEqualsLiteral("http") &&
-      !scheme.LowerCaseEqualsLiteral("https"))
-    return NS_OK;
-
-  bool shouldLoad, fromPrefs;
-  rv = TestPermission(aContentLocation, requestingLocation, contentType,
-                      &shouldLoad, &fromPrefs);
-  NS_ENSURE_SUCCESS(rv, rv);
-  if (!shouldLoad) {
-    NS_SetRequestBlockingReason(
-        aLoadInfo, nsILoadInfo::BLOCKING_REASON_CONTENT_POLICY_CONTENT_BLOCKED);
-
-    if (fromPrefs) {
-      *aDecision = nsIContentPolicy::REJECT_TYPE;
-    } else {
-      *aDecision = nsIContentPolicy::REJECT_SERVER;
-    }
-  }
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsContentBlocker::ShouldProcess(nsIURI* aContentLocation,
-                                nsILoadInfo* aLoadInfo,
-                                const nsACString& aMimeGuess,
-                                int16_t* aDecision) {
-  if (!StaticPrefs::extensions_contentblocker_enabled_AtStartup()) {
-    *aDecision = nsIContentPolicy::ACCEPT;
-    return NS_OK;
-  }
-  uint32_t contentType = aLoadInfo->GetExternalContentPolicyType();
-  nsCOMPtr<nsISupports> requestingContext = aLoadInfo->GetLoadingContext();
-  nsCOMPtr<nsIPrincipal> loadingPrincipal = aLoadInfo->LoadingPrincipal();
-  nsCOMPtr<nsIURI> requestingLocation;
-  if (loadingPrincipal) {
-    loadingPrincipal->GetURI(getter_AddRefs(requestingLocation));
-  }
-
-  MOZ_ASSERT(contentType == nsContentUtils::InternalContentPolicyTypeToExternal(
-                                contentType),
-             "We should only see external content policy types here.");
-
-  // For loads where requesting context is chrome, we should just
-  // accept.  Those are most likely toplevel loads in windows, and
-  // chrome generally knows what it's doing anyway.
-  nsCOMPtr<nsIDocShellTreeItem> item =
-      NS_CP_GetDocShellFromContext(requestingContext);
-
-  if (item && item->ItemType() == nsIDocShellTreeItem::typeChrome) {
-    *aDecision = nsIContentPolicy::ACCEPT;
-    return NS_OK;
-  }
-
-  // For objects, we only check policy in shouldProcess, as the final type isn't
-  // determined until the channel is open -- We don't want to block images in
-  // object tags because plugins are disallowed.
-  // NOTE that this bypasses the aContentLocation checks in ShouldLoad - this is
-  // intentional, as aContentLocation may be null for plugins that load by type
-  // (e.g. java)
-  if (contentType == nsIContentPolicy::TYPE_OBJECT) {
-    *aDecision = nsIContentPolicy::ACCEPT;
-
-    bool shouldLoad, fromPrefs;
-    nsresult rv = TestPermission(aContentLocation, requestingLocation,
-                                 contentType, &shouldLoad, &fromPrefs);
-    NS_ENSURE_SUCCESS(rv, rv);
-    if (!shouldLoad) {
-      NS_SetRequestBlockingReason(
-          aLoadInfo,
-          nsILoadInfo::BLOCKING_REASON_CONTENT_POLICY_CONTENT_BLOCKED);
-
-      if (fromPrefs) {
-        *aDecision = nsIContentPolicy::REJECT_TYPE;
-      } else {
-        *aDecision = nsIContentPolicy::REJECT_SERVER;
-      }
-    }
-    return NS_OK;
-  }
-
-  // This isn't a load from chrome or an object tag - Just do a ShouldLoad()
-  // check -- we want the same answer here
-  return ShouldLoad(aContentLocation, aLoadInfo, aMimeGuess, aDecision);
-}
-
-nsresult nsContentBlocker::TestPermission(nsIURI* aCurrentURI,
-                                          nsIURI* aFirstURI,
-                                          int32_t aContentType,
-                                          bool* aPermission, bool* aFromPrefs) {
-  *aFromPrefs = false;
-  nsresult rv;
-
-  if (kTypeString[aContentType - 1].IsEmpty()) {
-    // Disallow internal content policy types, they should not be used here.
-    *aPermission = false;
-    return NS_OK;
-  }
-
-  // This default will also get used if there is an unknown value in the
-  // permission list, or if the permission manager returns unknown values.
-  *aPermission = true;
-
-  // check the permission list first; if we find an entry, it overrides
-  // default prefs.
-  // Don't forget the aContentType ranges from 1..8, while the
-  // array is indexed 0..7
-  // All permissions tested by this method are preload permissions, so don't
-  // bother actually checking with the permission manager unless we have a
-  // preload permission.
-  uint32_t permission = nsIPermissionManager::UNKNOWN_ACTION;
-  if (mPermissionManager->HasPreloadPermissions()) {
-    rv = mPermissionManager->LegacyTestPermissionFromURI(
-        aCurrentURI, nullptr, kTypeString[aContentType - 1], &permission);
-    NS_ENSURE_SUCCESS(rv, rv);
-  }
-
-  // If there is nothing on the list, use the default.
-  if (!permission) {
-    permission = mBehaviorPref[aContentType - 1];
-    *aFromPrefs = true;
-  }
-
-  // Use the fact that the nsIPermissionManager values map to
-  // the BEHAVIOR_* values above.
-  switch (permission) {
-    case BEHAVIOR_ACCEPT:
-      *aPermission = true;
-      break;
-    case BEHAVIOR_REJECT:
-      *aPermission = false;
-      break;
-
-    case BEHAVIOR_NOFOREIGN:
-      // Third party checking
-
-      // Need a requesting uri for third party checks to work.
-      if (!aFirstURI) return NS_OK;
-
-      // chrome: and resource: are always trusted.
-      if (aFirstURI->SchemeIs("chrome") || aFirstURI->SchemeIs("resource")) {
-        return NS_OK;
-      }
-
-      // compare tails of names checking to see if they have a common domain
-      // we do this by comparing the tails of both names where each tail
-      // includes at least one dot
-
-      // A more generic method somewhere would be nice
-
-      nsAutoCString currentHost;
-      rv = aCurrentURI->GetAsciiHost(currentHost);
-      NS_ENSURE_SUCCESS(rv, rv);
-
-      // Search for two dots, starting at the end.
-      // If there are no two dots found, ++dot will turn to zero,
-      // that will return the entire string.
-      int32_t dot = currentHost.RFindChar('.');
-      dot = currentHost.RFindChar('.', dot - 1);
-      ++dot;
-
-      // Get the domain, ie the last part of the host (www.domain.com ->
-      // domain.com) This will break on co.uk
-      const nsACString& tail =
-          Substring(currentHost, dot, currentHost.Length() - dot);
-
-      nsAutoCString firstHost;
-      rv = aFirstURI->GetAsciiHost(firstHost);
-      NS_ENSURE_SUCCESS(rv, rv);
-
-      // If the tail is longer then the whole firstHost, it will never match
-      if (firstHost.Length() < tail.Length()) {
-        *aPermission = false;
-        return NS_OK;
-      }
-
-      // Get the last part of the firstUri with the same length as |tail|
-      const nsACString& firstTail = Substring(
-          firstHost, firstHost.Length() - tail.Length(), tail.Length());
-
-      // Check that both tails are the same, and that just before the tail in
-      // |firstUri| there is a dot. That means both url are in the same domain
-      if ((firstHost.Length() > tail.Length() &&
-           firstHost.CharAt(firstHost.Length() - tail.Length() - 1) != '.') ||
-          !tail.Equals(firstTail)) {
-        *aPermission = false;
-      }
-      break;
-  }
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsContentBlocker::Observe(nsISupports* aSubject, const char* aTopic,
-                          const char16_t* aData) {
-  NS_ASSERTION(!strcmp(NS_PREFBRANCH_PREFCHANGE_TOPIC_ID, aTopic),
-               "unexpected topic - we only deal with pref changes!");
-
-  if (mPrefBranchInternal)
-    PrefChanged(mPrefBranchInternal, NS_LossyConvertUTF16toASCII(aData).get());
-  return NS_OK;
-}
deleted file mode 100644
--- a/extensions/permissions/nsContentBlocker.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#ifndef nsContentBlocker_h__
-#define nsContentBlocker_h__
-
-#include "nsIContentPolicy.h"
-#include "nsIObserver.h"
-#include "nsWeakReference.h"
-#include "nsPermissionManager.h"
-#include "nsIPrefBranch.h"
-#include "mozilla/Attributes.h"
-
-class nsIPrefBranch;
-
-////////////////////////////////////////////////////////////////////////////////
-
-class nsContentBlocker final : public nsIContentPolicy,
-                               public nsIObserver,
-                               public nsSupportsWeakReference {
- public:
-  // nsISupports
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSICONTENTPOLICY
-  NS_DECL_NSIOBSERVER
-
-  nsContentBlocker();
-  nsresult Init();
-
- private:
-  ~nsContentBlocker() {}
-
-  void PrefChanged(nsIPrefBranch*, const char*);
-  nsresult TestPermission(nsIURI* aCurrentURI, nsIURI* aFirstURI,
-                          int32_t aContentType, bool* aPermission,
-                          bool* aFromPrefs);
-
-  RefPtr<nsPermissionManager> mPermissionManager;
-  nsCOMPtr<nsIPrefBranch> mPrefBranchInternal;
-  static uint8_t mBehaviorPref[];
-};
-
-#define NS_CONTENTBLOCKER_CID                        \
-  {                                                  \
-    0x4ca6b67b, 0x5cc7, 0x4e71, {                    \
-      0xa9, 0x8a, 0x97, 0xaf, 0x1c, 0x13, 0x48, 0x62 \
-    }                                                \
-  }
-
-#define NS_CONTENTBLOCKER_CONTRACTID "@mozilla.org/permissions/contentblocker;1"
-
-#endif /* nsContentBlocker_h__ */
--- a/extensions/permissions/nsPermissionManager.cpp
+++ b/extensions/permissions/nsPermissionManager.cpp
@@ -82,46 +82,23 @@ static void LogToConsole(const nsAString
   ENSURE_NOT_CHILD_PROCESS_({ return NS_ERROR_NOT_AVAILABLE; })
 
 #define ENSURE_NOT_CHILD_PROCESS_NORET ENSURE_NOT_CHILD_PROCESS_(;)
 
 ////////////////////////////////////////////////////////////////////////////////
 
 namespace {
 
-// The number of permissions from the kPreloadPermissions list which are present
-// in the permission manager. Used to determine if the permission manager should
-// be checked for one of these preload permissions in nsContentBlocker.
-static int32_t sPreloadPermissionCount = 0;
-
 // These permissions are special permissions which must be transmitted to the
 // content process before documents with their principals have loaded within
-// that process. This is because these permissions are used for content
-// blocking in nsContentBlocker.
+// that process.
 //
 // Permissions which are in this list are considered to have a "" permission
 // key, even if their principal would not normally have that key.
 static const nsLiteralCString kPreloadPermissions[] = {
-    // NOTE: These permissions are the different nsContentBlocker permissions
-    // for allowing or denying certain content types from being loaded. Every
-    // permission listed in the `kTypeString` array in nsContentBlocker.cpp
-    // should appear in this list.
-    NS_LITERAL_CSTRING("other"), NS_LITERAL_CSTRING("script"),
-    NS_LITERAL_CSTRING("image"), NS_LITERAL_CSTRING("stylesheet"),
-    NS_LITERAL_CSTRING("object"), NS_LITERAL_CSTRING("document"),
-    NS_LITERAL_CSTRING("subdocument"), NS_LITERAL_CSTRING("refresh"),
-    NS_LITERAL_CSTRING("xbl"), NS_LITERAL_CSTRING("ping"),
-    NS_LITERAL_CSTRING("xmlhttprequest"),
-    NS_LITERAL_CSTRING("objectsubrequest"), NS_LITERAL_CSTRING("dtd"),
-    NS_LITERAL_CSTRING("font"), NS_LITERAL_CSTRING("media"),
-    NS_LITERAL_CSTRING("websocket"), NS_LITERAL_CSTRING("csp_report"),
-    NS_LITERAL_CSTRING("xslt"), NS_LITERAL_CSTRING("beacon"),
-    NS_LITERAL_CSTRING("fetch"), NS_LITERAL_CSTRING("image"),
-    NS_LITERAL_CSTRING("manifest"), NS_LITERAL_CSTRING("speculative"),
-
     // This permission is preloaded to support properly blocking service worker
     // interception when a user has disabled storage for a specific site.  Once
     // service worker interception moves to the parent process this should be
     // removed.  See bug 1428130.
     NS_LITERAL_CSTRING("cookie"), NS_LITERAL_CSTRING("trackingprotection"),
     NS_LITERAL_CSTRING("trackingprotection-pb"),
 
     USER_INTERACTION_PERM};
@@ -1861,22 +1838,16 @@ nsresult nsPermissionManager::AddInterna
         // we're reading from the database - use the id already assigned
         id = aID;
       }
 
       entry->GetPermissions().AppendElement(
           PermissionEntry(id, typeIndex, aPermission, aExpireType, aExpireTime,
                           aModificationTime));
 
-      // Record a count of the number of preload permissions present in the
-      // content process.
-      if (IsPreloadPermission(mTypeArray[typeIndex])) {
-        sPreloadPermissionCount++;
-      }
-
       if (aDBOperation == eWriteToDB &&
           IsPersistentExpire(aExpireType, aType)) {
         UpdateDB(op, mStmtInsert, id, origin, aType, aPermission, aExpireType,
                  aExpireTime, aModificationTime);
       }
 
       if (aNotifyOperation == eNotify) {
         NotifyObserversWithPermission(aPrincipal, mTypeArray[typeIndex],
@@ -1895,22 +1866,16 @@ nsresult nsPermissionManager::AddInterna
       // attempts to change the permission.
       if (entry->GetPermissions()[index].mExpireType == EXPIRE_POLICY) {
         NS_WARNING("Attempting to remove EXPIRE_POLICY permission");
         break;
       }
 
       entry->GetPermissions().RemoveElementAt(index);
 
-      // Record a count of the number of preload permissions present in the
-      // content process.
-      if (IsPreloadPermission(mTypeArray[typeIndex])) {
-        sPreloadPermissionCount--;
-      }
-
       if (aDBOperation == eWriteToDB)
         // We care only about the id here so we pass dummy values for all other
         // parameters.
         UpdateDB(op, mStmtDelete, id, EmptyCString(), EmptyCString(), 0,
                  nsIPermissionManager::EXPIRE_NEVER, 0, 0);
 
       if (aNotifyOperation == eNotify) {
         NotifyObserversWithPermission(
@@ -3334,12 +3299,8 @@ void nsPermissionManager::WhenPermission
       ->Then(
           thread, __func__, [runnable]() { runnable->Run(); },
           []() {
             NS_WARNING(
                 "nsPermissionManager permission promise rejected. We're "
                 "probably shutting down.");
           });
 }
-
-bool nsPermissionManager::HasPreloadPermissions() {
-  return sPreloadPermissionCount > 0;
-}
--- a/extensions/permissions/nsPermissionManager.h
+++ b/extensions/permissions/nsPermissionManager.h
@@ -352,22 +352,16 @@ class nsPermissionManager final : public
    * @param aPrincipal The principal to wait for permissions to be available
    * for.
    * @param aRunnable  The runnable to run when permissions are available for
    * the given principal.
    */
   void WhenPermissionsAvailable(nsIPrincipal* aPrincipal,
                                 nsIRunnable* aRunnable);
 
-  /**
-   * True if any "preload" permissions are present. This is used to avoid making
-   * potentially expensive permissions checks in nsContentBlocker.
-   */
-  bool HasPreloadPermissions();
-
  private:
   virtual ~nsPermissionManager();
 
   /**
    * Get all permissions for a given principal, which should not be isolated
    * by user context or private browsing. The principal has its origin
    * attributes stripped before perm db lookup. This is currently only affects
    * the "cookie" permission.
--- a/extensions/permissions/test/browser_permmgr_sync.js
+++ b/extensions/permissions/test/browser_permmgr_sync.js
@@ -15,17 +15,17 @@ add_task(async function() {
   // of the local permissions cache.
 
   addPerm("http://example.com", "perm1");
   addPerm("http://foo.bar.example.com", "perm2");
   addPerm("about:home", "perm3");
   addPerm("https://example.com", "perm4");
   // NOTE: This permission is a preload permission, so it should be available in
   // the content process from startup.
-  addPerm("https://somerandomwebsite.com", "document");
+  addPerm("https://somerandomwebsite.com", "cookie");
 
   await BrowserTestUtils.withNewTab(
     { gBrowser, url: "about:blank", forceNewProcess: true },
     async function(aBrowser) {
       await SpecialPowers.spawn(aBrowser, [], async function() {
         // Before the load http URIs shouldn't have been sent down yet
         is(
           Services.perms.testPermissionFromPrincipal(
@@ -67,20 +67,20 @@ add_task(async function() {
           Services.perms.UNKNOWN_ACTION,
           "perm4-1"
         );
         is(
           Services.perms.testPermissionFromPrincipal(
             Services.scriptSecurityManager.createContentPrincipalFromOrigin(
               "https://somerandomwebsite.com"
             ),
-            "document"
+            "cookie"
           ),
           Services.perms.ALLOW_ACTION,
-          "document-1"
+          "cookie-1"
         );
 
         // Perform a load of example.com
         await new Promise(resolve => {
           let iframe = content.document.createElement("iframe");
           iframe.setAttribute("src", "http://example.com");
           iframe.onload = resolve;
           content.document.body.appendChild(iframe);
@@ -127,28 +127,28 @@ add_task(async function() {
           Services.perms.UNKNOWN_ACTION,
           "perm4-2"
         );
         is(
           Services.perms.testPermissionFromPrincipal(
             Services.scriptSecurityManager.createContentPrincipalFromOrigin(
               "https://somerandomwebsite.com"
             ),
-            "document"
+            "cookie"
           ),
           Services.perms.ALLOW_ACTION,
-          "document-2"
+          "cookie-2"
         );
       });
 
       addPerm("http://example.com", "newperm1");
       addPerm("http://foo.bar.example.com", "newperm2");
       addPerm("about:home", "newperm3");
       addPerm("https://example.com", "newperm4");
-      addPerm("https://someotherrandomwebsite.com", "document");
+      addPerm("https://someotherrandomwebsite.com", "cookie");
 
       await SpecialPowers.spawn(aBrowser, [], async function() {
         // The new permissions should be available, but only for
         // http://example.com, and about:home
         is(
           Services.perms.testPermissionFromPrincipal(
             Services.scriptSecurityManager.createContentPrincipalFromOrigin(
               "http://example.com"
@@ -228,30 +228,30 @@ add_task(async function() {
           Services.perms.UNKNOWN_ACTION,
           "newperm4-3"
         );
         is(
           Services.perms.testPermissionFromPrincipal(
             Services.scriptSecurityManager.createContentPrincipalFromOrigin(
               "https://somerandomwebsite.com"
             ),
-            "document"
+            "cookie"
           ),
           Services.perms.ALLOW_ACTION,
-          "document-3"
+          "cookie-3"
         );
         is(
           Services.perms.testPermissionFromPrincipal(
             Services.scriptSecurityManager.createContentPrincipalFromOrigin(
               "https://someotherrandomwebsite.com"
             ),
-            "document"
+            "cookie"
           ),
           Services.perms.ALLOW_ACTION,
-          "otherdocument-3"
+          "othercookie-3"
         );
 
         // Loading a subdomain now, on https
         await new Promise(resolve => {
           let iframe = content.document.createElement("iframe");
           iframe.setAttribute("src", "https://sub1.test1.example.com");
           iframe.onload = resolve;
           content.document.body.appendChild(iframe);
@@ -339,27 +339,27 @@ add_task(async function() {
           Services.perms.ALLOW_ACTION,
           "newperm4-4"
         );
         is(
           Services.perms.testPermissionFromPrincipal(
             Services.scriptSecurityManager.createContentPrincipalFromOrigin(
               "https://somerandomwebsite.com"
             ),
-            "document"
+            "cookie"
           ),
           Services.perms.ALLOW_ACTION,
-          "document-4"
+          "cookie-4"
         );
         is(
           Services.perms.testPermissionFromPrincipal(
             Services.scriptSecurityManager.createContentPrincipalFromOrigin(
               "https://someotherrandomwebsite.com"
             ),
-            "document"
+            "cookie"
           ),
           Services.perms.ALLOW_ACTION,
-          "otherdocument-4"
+          "othercookie-4"
         );
       });
     }
   );
 });
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@@ -2983,22 +2983,16 @@
 
 # This pref governs whether we run webextensions in a separate process (true)
 # or the parent/main process (false)
 - name: extensions.webextensions.remote
   type: RelaxedAtomicBool
   value: false
   mirror: always
 
-# This pref enables/disables nsContentBlocker
-- name: extensions.contentblocker.enabled
-  type: bool
-  value: false
-  mirror: once
-
 #---------------------------------------------------------------------------
 # Prefs starting with "findbar."
 #---------------------------------------------------------------------------
 
 - name: findbar.modalHighlight
   type: bool
   value: false
   mirror: always