Bug 827895 - Settings app should not show the session permissions of apps, r=mounir
authorAndrea Marchesini <amarchesini@mozilla.com>
Thu, 10 Jan 2013 21:23:39 +0100
changeset 118455 b4a0d7140eaf1a51e91e7da3a188b0f016e4b71c
parent 118454 61eddbd33e8c4c6f3ec7493465a370c4dab824bb
child 118456 00175d6d4839c1dff3b40d0aba7909d2674f4921
push id24166
push userMs2ger@gmail.com
push dateFri, 11 Jan 2013 13:57:41 +0000
treeherdermozilla-central@63c4b0f66a0c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmounir
bugs827895
milestone21.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 827895 - Settings app should not show the session permissions of apps, r=mounir
dom/permission/PermissionSettings.js
extensions/cookie/nsPermissionManager.cpp
extensions/cookie/nsPermissionManager.h
netwerk/base/public/nsIPermissionManager.idl
--- a/dom/permission/PermissionSettings.js
+++ b/dom/permission/PermissionSettings.js
@@ -45,17 +45,17 @@ XPCOMUtils.defineLazyServiceGetter(this,
                                    "nsIAppsService");
 
 PermissionSettings.prototype = {
   get: function get(aPermName, aManifestURL, aOrigin, aBrowserFlag) {
     debug("Get called with: " + aPermName + ", " + aManifestURL + ", " + aOrigin + ", " + aBrowserFlag);
     let uri = Services.io.newURI(aOrigin, null, null);
     let appID = appsService.getAppLocalIdByManifestURL(aManifestURL);
     let principal = secMan.getAppCodebasePrincipal(uri, appID, aBrowserFlag);
-    let result = permissionManager.testExactPermissionFromPrincipal(principal, aPermName);
+    let result = permissionManager.testExactPermanentPermission(principal, aPermName);
 
     switch (result)
     {
       case Ci.nsIPermissionManager.UNKNOWN_ACTION:
         return "unknown";
       case Ci.nsIPermissionManager.ALLOW_ACTION:
         return "allow";
       case Ci.nsIPermissionManager.DENY_ACTION:
--- a/extensions/cookie/nsPermissionManager.cpp
+++ b/extensions/cookie/nsPermissionManager.cpp
@@ -904,24 +904,39 @@ nsPermissionManager::TestExactPermission
 
 NS_IMETHODIMP
 nsPermissionManager::TestExactPermissionFromPrincipal(nsIPrincipal* aPrincipal,
                                                       const char* aType,
                                                       uint32_t* aPermission)
 {
   NS_ENSURE_ARG_POINTER(aPrincipal);
 
+  if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
+    *aPermission = nsIPermissionManager::ALLOW_ACTION;
+    return NS_OK;
+  }
+
+  return CommonTestPermission(aPrincipal, aType, aPermission, true, true);
+}
+
+NS_IMETHODIMP
+nsPermissionManager::TestExactPermanentPermission(nsIPrincipal* aPrincipal,
+                                                  const char* aType,
+                                                  uint32_t* aPermission)
+{
+  NS_ENSURE_ARG_POINTER(aPrincipal);
+
   // System principals do not have URI so we can't try to get
   // retro-compatibility here.
   if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
     *aPermission = nsIPermissionManager::ALLOW_ACTION;
     return NS_OK;
   }
 
-  return CommonTestPermission(aPrincipal, aType, aPermission, true);
+  return CommonTestPermission(aPrincipal, aType, aPermission, true, false);
 }
 
 NS_IMETHODIMP
 nsPermissionManager::TestPermission(nsIURI     *aURI,
                                     const char *aType,
                                     uint32_t   *aPermission)
 {
   nsCOMPtr<nsIPrincipal> principal;
@@ -960,24 +975,25 @@ nsPermissionManager::TestPermissionFromP
 
   // System principals do not have URI so we can't try to get
   // retro-compatibility here.
   if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
     *aPermission = nsIPermissionManager::ALLOW_ACTION;
     return NS_OK;
   }
 
-  return CommonTestPermission(aPrincipal, aType, aPermission, false);
+  return CommonTestPermission(aPrincipal, aType, aPermission, false, true);
 }
 
 nsresult
 nsPermissionManager::CommonTestPermission(nsIPrincipal* aPrincipal,
                                           const char *aType,
                                           uint32_t   *aPermission,
-                                          bool        aExactHostMatch)
+                                          bool        aExactHostMatch,
+                                          bool        aIncludingSession)
 {
   NS_ENSURE_ARG_POINTER(aPrincipal);
   NS_ENSURE_ARG_POINTER(aType);
 
   // set the default
   *aPermission = nsIPermissionManager::UNKNOWN_ACTION;
 
   nsCOMPtr<nsIURI> uri;
@@ -1011,20 +1027,27 @@ nsPermissionManager::CommonTestPermissio
   NS_ENSURE_SUCCESS(rv, rv);
 
   bool isInBrowserElement;
   rv = aPrincipal->GetIsInBrowserElement(&isInBrowserElement);
   NS_ENSURE_SUCCESS(rv, rv);
 
   PermissionHashKey* entry = GetPermissionHashKey(host, appId, isInBrowserElement,
                                                   typeIndex, aExactHostMatch);
-  if (entry) {
-    *aPermission = entry->GetPermission(typeIndex).mPermission;
+  if (!entry ||
+      (!aIncludingSession &&
+       entry->GetPermission(typeIndex).mNonSessionExpireType ==
+         nsIPermissionManager::EXPIRE_SESSION)) {
+    return NS_OK;
   }
 
+  *aPermission = aIncludingSession
+                   ? entry->GetPermission(typeIndex).mPermission
+                   : entry->GetPermission(typeIndex).mNonSessionPermission;
+
   return NS_OK;
 }
 
 // Returns PermissionHashKey for a given { host, appId, isInBrowserElement } tuple.
 // This is not simply using PermissionKey because we will walk-up domains in
 // case of |host| contains sub-domains.
 // Returns null if nothing found.
 // Also accepts host on the format "<foo>". This will perform an exact match
--- a/extensions/cookie/nsPermissionManager.h
+++ b/extensions/cookie/nsPermissionManager.h
@@ -212,17 +212,18 @@ private:
                                           uint32_t aAppId,
                                           bool aIsInBrowserElement,
                                           uint32_t          aType,
                                           bool              aExactHostMatch);
 
   nsresult CommonTestPermission(nsIPrincipal* aPrincipal,
                                 const char *aType,
                                 uint32_t   *aPermission,
-                                bool        aExactHostMatch);
+                                bool        aExactHostMatch,
+                                bool        aIncludingSession);
 
   nsresult InitDB(bool aRemoveFile);
   nsresult CreateTable();
   nsresult Import();
   nsresult Read();
   void     NotifyObserversWithPermission(const nsACString &aHost,
                                          uint32_t          aAppId,
                                          bool              aIsInBrowserElement,
--- a/netwerk/base/public/nsIPermissionManager.idl
+++ b/netwerk/base/public/nsIPermissionManager.idl
@@ -31,17 +31,17 @@
 #include "nsISupports.idl"
 #include "nsISimpleEnumerator.idl"
 
 interface nsIURI;
 interface nsIObserver;
 interface nsIPrincipal;
 interface nsIDOMWindow;
 
-[scriptable, uuid(9b6ffbb9-5536-4216-afcf-1b7cd7b54005)]
+[scriptable, uuid(b38c982d-30bc-463f-9afc-0ca339eac03c)]
 interface nsIPermissionManager : nsISupports
 {
   /**
    * Predefined return values for the testPermission method and for
    * the permission param of the add method
    * NOTE: UNKNOWN_ACTION (0) is reserved to represent the
    * default permission when no entry is found for a host, and
    * should not be used by consumers to indicate otherwise.
@@ -168,16 +168,29 @@ interface nsIPermissionManager : nsISupp
 
   /**
    * See testExactPermission() above.
    * System principals will always have permissions granted.
    */
   uint32_t testExactPermissionFromPrincipal(in nsIPrincipal principal,
                                             in string type);
 
+  /**
+   * Test whether a website has permission to perform the given action
+   * ignoring active sessions.
+   * System principals will always have permissions granted.
+   *
+   * @param principal the principal
+   * @param type      a case-sensitive ASCII string, identifying the consumer
+   * @param return    see add(), param permission. returns UNKNOWN_ACTION when
+   *                  there is no stored permission for this uri and / or type.
+   */
+  uint32_t testExactPermanentPermission(in nsIPrincipal principal,
+                                        in string type);
+
    /**
     * Increment or decrement our "refcount" of an app id.
     *
     * We use this refcount to determine an app's lifetime.  When an app's
     * refcount goes to 0, we clear the permissions given to the app which are
     * set to expire at the end of its session.
     */
    void addrefAppId(in unsigned long appId);