Bug 1164977 - Unify subsumes/equals logic on BasePrincipal and reduce duplicated code. r=gabor
authorBobby Holley <bobbyholley@gmail.com>
Thu, 14 May 2015 11:15:56 -0700
changeset 265367 2493c405317f9369d9cc573f0394bc67ae237380
parent 265366 f2bb0908e1f97b4b0a1fc78a0c315c8256448a50
child 265368 d4e6af40c5e87de3f2e91c6eeca96954d92c0166
push id2126
push userjosea.olivera@gmail.com
push dateTue, 19 May 2015 14:12:35 +0000
reviewersgabor
bugs1164977
milestone41.0a1
Bug 1164977 - Unify subsumes/equals logic on BasePrincipal and reduce duplicated code. r=gabor
caps/BasePrincipal.cpp
caps/BasePrincipal.h
caps/nsNullPrincipal.cpp
caps/nsNullPrincipal.h
caps/nsPrincipal.cpp
caps/nsPrincipal.h
caps/nsSystemPrincipal.cpp
caps/nsSystemPrincipal.h
--- a/caps/BasePrincipal.cpp
+++ b/caps/BasePrincipal.cpp
@@ -4,16 +4,54 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/BasePrincipal.h"
 #include "nsScriptSecurityManager.h"
 
 namespace mozilla {
 
+bool
+BasePrincipal::Subsumes(nsIPrincipal* aOther, DocumentDomainConsideration aConsideration)
+{
+  MOZ_RELEASE_ASSERT(aOther, "The caller is performing a nonsensical security check!");
+  return SubsumesInternal(aOther, aConsideration);
+}
+
+NS_IMETHODIMP
+BasePrincipal::Equals(nsIPrincipal *aOther, bool *aResult)
+{
+
+  *aResult = Subsumes(aOther, DontConsiderDocumentDomain) &&
+             Cast(aOther)->Subsumes(this, DontConsiderDocumentDomain);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+BasePrincipal::EqualsConsideringDomain(nsIPrincipal *aOther, bool *aResult)
+{
+  *aResult = Subsumes(aOther, ConsiderDocumentDomain) &&
+             Cast(aOther)->Subsumes(this, ConsiderDocumentDomain);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+BasePrincipal::Subsumes(nsIPrincipal *aOther, bool *aResult)
+{
+  *aResult = Subsumes(aOther, DontConsiderDocumentDomain);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+BasePrincipal::SubsumesConsideringDomain(nsIPrincipal *aOther, bool *aResult)
+{
+  *aResult = Subsumes(aOther, ConsiderDocumentDomain);
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 BasePrincipal::GetCsp(nsIContentSecurityPolicy** aCsp)
 {
   NS_IF_ADDREF(*aCsp = mCSP);
   return NS_OK;
 }
 
 NS_IMETHODIMP
--- a/caps/BasePrincipal.h
+++ b/caps/BasePrincipal.h
@@ -23,30 +23,41 @@ namespace mozilla {
 class BasePrincipal : public nsJSPrincipals
 {
 public:
   BasePrincipal()
     : mAppId(nsIScriptSecurityManager::NO_APP_ID)
     , mIsInBrowserElement(false)
   {}
 
+  enum DocumentDomainConsideration { DontConsiderDocumentDomain, ConsiderDocumentDomain};
+  bool Subsumes(nsIPrincipal* aOther, DocumentDomainConsideration aConsideration);
+
+  NS_IMETHOD Equals(nsIPrincipal* other, bool* _retval) final;
+  NS_IMETHOD EqualsConsideringDomain(nsIPrincipal* other, bool* _retval) final;
+  NS_IMETHOD Subsumes(nsIPrincipal* other, bool* _retval) final;
+  NS_IMETHOD SubsumesConsideringDomain(nsIPrincipal* other, bool* _retval) final;
   NS_IMETHOD GetCsp(nsIContentSecurityPolicy** aCsp) override;
   NS_IMETHOD SetCsp(nsIContentSecurityPolicy* aCsp) override;
   NS_IMETHOD GetIsNullPrincipal(bool* aIsNullPrincipal) override;
   NS_IMETHOD GetJarPrefix(nsACString& aJarPrefix) final;
   NS_IMETHOD GetAppStatus(uint16_t* aAppStatus) final;
   NS_IMETHOD GetAppId(uint32_t* aAppStatus) final;
   NS_IMETHOD GetIsInBrowserElement(bool* aIsInBrowserElement) final;
   NS_IMETHOD GetUnknownAppId(bool* aUnknownAppId) final;
 
   virtual bool IsOnCSSUnprefixingWhitelist() override { return false; }
 
+  static BasePrincipal* Cast(nsIPrincipal* aPrin) { return static_cast<BasePrincipal*>(aPrin); }
+
 protected:
   virtual ~BasePrincipal() {}
 
+  virtual bool SubsumesInternal(nsIPrincipal* aOther, DocumentDomainConsideration aConsider) = 0;
+
   nsCOMPtr<nsIContentSecurityPolicy> mCSP;
   uint32_t mAppId;
   bool mIsInBrowserElement;
 };
 
 } // namespace mozilla
 
 #endif /* mozilla_BasePrincipal_h */
--- a/caps/nsNullPrincipal.cpp
+++ b/caps/nsNullPrincipal.cpp
@@ -75,31 +75,16 @@ nsNullPrincipal::GetScriptLocation(nsACS
   mURI->GetSpec(aStr);
 }
 
 /**
  * nsIPrincipal implementation
  */
 
 NS_IMETHODIMP
-nsNullPrincipal::Equals(nsIPrincipal *aOther, bool *aResult)
-{
-  // Just equal to ourselves.  Note that nsPrincipal::Equals will return false
-  // for us since we have a unique domain/origin/etc.
-  *aResult = (aOther == this);
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsNullPrincipal::EqualsConsideringDomain(nsIPrincipal *aOther, bool *aResult)
-{
-  return Equals(aOther, aResult);
-}
-
-NS_IMETHODIMP
 nsNullPrincipal::GetHashValue(uint32_t *aResult)
 {
   *aResult = (NS_PTR_TO_INT32(this) >> 2);
   return NS_OK;
 }
 
 NS_IMETHODIMP 
 nsNullPrincipal::GetURI(nsIURI** aURI)
@@ -123,32 +108,16 @@ nsNullPrincipal::SetDomain(nsIURI* aDoma
 
 NS_IMETHODIMP
 nsNullPrincipal::GetOrigin(nsACString& aOrigin)
 {
   return mURI->GetSpec(aOrigin);
 }
 
 NS_IMETHODIMP
-nsNullPrincipal::Subsumes(nsIPrincipal *aOther, bool *aResult)
-{
-  // We don't subsume anything except ourselves.  Note that nsPrincipal::Equals
-  // will return false for us, since we're not about:blank and not Equals to
-  // reasonable nsPrincipals.
-  *aResult = (aOther == this);
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsNullPrincipal::SubsumesConsideringDomain(nsIPrincipal *aOther, bool *aResult)
-{
-  return Subsumes(aOther, aResult);
-}
-
-NS_IMETHODIMP
 nsNullPrincipal::CheckMayLoad(nsIURI* aURI, bool aReport, bool aAllowIfInheritsPrincipal)
  {
   if (aAllowIfInheritsPrincipal) {
     if (nsPrincipal::IsPrincipalInherited(aURI)) {
       return NS_OK;
     }
   }
 
--- a/caps/nsNullPrincipal.h
+++ b/caps/nsNullPrincipal.h
@@ -35,25 +35,21 @@ public:
   // This should only be used by deserialization, and the factory constructor.
   // Other consumers should use the Create and CreateWithInheritedAttributes
   // methods.
   nsNullPrincipal() {}
 
   NS_DECL_NSISERIALIZABLE
 
   NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override;
-  NS_IMETHOD Equals(nsIPrincipal* other, bool* _retval) override;
-  NS_IMETHOD EqualsConsideringDomain(nsIPrincipal* other, bool* _retval) override;
   NS_IMETHOD GetHashValue(uint32_t* aHashValue) override;
   NS_IMETHOD GetURI(nsIURI** aURI) override;
   NS_IMETHOD GetDomain(nsIURI** aDomain) override;
   NS_IMETHOD SetDomain(nsIURI* aDomain) override;
   NS_IMETHOD GetOrigin(nsACString& aOrigin) override;
-  NS_IMETHOD Subsumes(nsIPrincipal* other, bool* _retval) override;
-  NS_IMETHOD SubsumesConsideringDomain(nsIPrincipal* other, bool* _retval) override;
   NS_IMETHOD CheckMayLoad(nsIURI* uri, bool report, bool allowIfInheritsPrincipal) override;
   NS_IMETHOD GetIsNullPrincipal(bool* aIsNullPrincipal) override;
   NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
 
   // Returns null on failure.
   static already_AddRefed<nsNullPrincipal> CreateWithInheritedAttributes(nsIPrincipal *aInheritFrom);
 
   // Returns null on failure.
@@ -64,13 +60,18 @@ public:
   nsresult Init(uint32_t aAppId = nsIScriptSecurityManager::NO_APP_ID,
                 bool aInMozBrowser = false);
 
   virtual void GetScriptLocation(nsACString &aStr) override;
 
  protected:
   virtual ~nsNullPrincipal() {}
 
+  bool SubsumesInternal(nsIPrincipal* aOther, DocumentDomainConsideration aConsideration) override
+  {
+    return aOther == this;
+  }
+
   nsCOMPtr<nsIURI> mURI;
   nsCOMPtr<nsIContentSecurityPolicy> mCSP;
 };
 
 #endif // nsNullPrincipal_h__
--- a/caps/nsPrincipal.cpp
+++ b/caps/nsPrincipal.cpp
@@ -156,103 +156,55 @@ nsPrincipal::GetOriginForURI(nsIURI* aUR
 }
 
 NS_IMETHODIMP
 nsPrincipal::GetOrigin(nsACString& aOrigin)
 {
   return GetOriginForURI(mCodebase, aOrigin);
 }
 
-NS_IMETHODIMP
-nsPrincipal::EqualsConsideringDomain(nsIPrincipal *aOther, bool *aResult)
+bool
+nsPrincipal::SubsumesInternal(nsIPrincipal* aOther,
+                              BasePrincipal::DocumentDomainConsideration aConsideration)
 {
-  *aResult = false;
+  MOZ_ASSERT(aOther);
 
-  if (!aOther) {
-    NS_WARNING("Need a principal to compare this to!");
-    return NS_OK;
-  }
-
+  // For nsPrincipal, Subsumes is equivalent to Equals.
   if (aOther == this) {
-    *aResult = true;
-    return NS_OK;
+    return true;
   }
 
   if (!nsScriptSecurityManager::AppAttributesEqual(this, aOther)) {
-      return NS_OK;
+      return false;
   }
 
   // If either the subject or the object has changed its principal by
   // explicitly setting document.domain then the other must also have
   // done so in order to be considered the same origin. This prevents
   // DNS spoofing based on document.domain (154930)
-
-  nsCOMPtr<nsIURI> thisURI;
-  this->GetDomain(getter_AddRefs(thisURI));
-  bool thisSetDomain = !!thisURI;
-  if (!thisURI) {
-      this->GetURI(getter_AddRefs(thisURI));
-  }
+  nsresult rv;
+  if (aConsideration == ConsiderDocumentDomain) {
+    // Get .domain on each principal.
+    nsCOMPtr<nsIURI> thisDomain, otherDomain;
+    GetDomain(getter_AddRefs(thisDomain));
+    aOther->GetDomain(getter_AddRefs(otherDomain));
 
-  nsCOMPtr<nsIURI> otherURI;
-  aOther->GetDomain(getter_AddRefs(otherURI));
-  bool otherSetDomain = !!otherURI;
-  if (!otherURI) {
-      aOther->GetURI(getter_AddRefs(otherURI));
-  }
-
-  *aResult = thisSetDomain == otherSetDomain &&
-             nsScriptSecurityManager::SecurityCompareURIs(thisURI, otherURI);
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsPrincipal::Equals(nsIPrincipal *aOther, bool *aResult)
-{
-  *aResult = false;
-
-  if (!aOther) {
-    NS_WARNING("Need a principal to compare this to!");
-    return NS_OK;
+    // If either has .domain set, we have equality i.f.f. the domains match.
+    // Otherwise, we fall through to the non-document-domain-considering case.
+    if (thisDomain || otherDomain) {
+      return nsScriptSecurityManager::SecurityCompareURIs(thisDomain, otherDomain);
+    }
   }
 
-  if (aOther == this) {
-    *aResult = true;
-    return NS_OK;
-  }
-
-  if (!nsScriptSecurityManager::AppAttributesEqual(this, aOther)) {
-    return NS_OK;
-  }
-
-  nsCOMPtr<nsIURI> otherURI;
-  nsresult rv = aOther->GetURI(getter_AddRefs(otherURI));
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  NS_ASSERTION(mCodebase,
-               "shouldn't be calling this on principals from preferences");
+    nsCOMPtr<nsIURI> otherURI;
+    rv = aOther->GetURI(getter_AddRefs(otherURI));
+    NS_ENSURE_SUCCESS(rv, false);
 
   // Compare codebases.
-  *aResult = nsScriptSecurityManager::SecurityCompareURIs(mCodebase,
-                                                          otherURI);
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsPrincipal::Subsumes(nsIPrincipal *aOther, bool *aResult)
-{
-  return Equals(aOther, aResult);
-}
-
-NS_IMETHODIMP
-nsPrincipal::SubsumesConsideringDomain(nsIPrincipal *aOther, bool *aResult)
-{
-  return EqualsConsideringDomain(aOther, aResult);
+  return nsScriptSecurityManager::SecurityCompareURIs(mCodebase, otherURI);
 }
 
 NS_IMETHODIMP
 nsPrincipal::GetURI(nsIURI** aURI)
 {
   if (mCodebaseImmutable) {
     NS_ADDREF(*aURI = mCodebase);
     return NS_OK;
@@ -732,105 +684,43 @@ nsExpandedPrincipal::GetOrigin(nsACStrin
     NS_ENSURE_SUCCESS(rv, rv);
     aOrigin.Append(subOrigin);
   }
 
   aOrigin.Append("]]");
   return NS_OK;
 }
 
-typedef nsresult (NS_STDCALL nsIPrincipal::*nsIPrincipalMemFn)(nsIPrincipal* aOther,
-                                                               bool* aResult);
-#define CALL_MEMBER_FUNCTION(THIS,MEM_FN)  ((THIS)->*(MEM_FN))
-
-// nsExpandedPrincipal::Equals and nsExpandedPrincipal::EqualsConsideringDomain
-// shares the same logic. The difference only that Equals requires 'this'
-// and 'aOther' to Subsume each other while EqualsConsideringDomain requires
-// bidirectional SubsumesConsideringDomain.
-static nsresult
-Equals(nsExpandedPrincipal* aThis, nsIPrincipalMemFn aFn, nsIPrincipal* aOther,
-       bool* aResult)
+bool
+nsExpandedPrincipal::SubsumesInternal(nsIPrincipal* aOther,
+                                      BasePrincipal::DocumentDomainConsideration aConsideration)
 {
-  // If (and only if) 'aThis' and 'aOther' both Subsume/SubsumesConsideringDomain
-  // each other, then they are Equal.
-  *aResult = false;
-  // Calling the corresponding subsume function on this (aFn).
-  nsresult rv = CALL_MEMBER_FUNCTION(aThis, aFn)(aOther, aResult);
-  NS_ENSURE_SUCCESS(rv, rv);
-  if (!*aResult)
-    return NS_OK;
-
-  // Calling the corresponding subsume function on aOther (aFn).
-  rv = CALL_MEMBER_FUNCTION(aOther, aFn)(aThis, aResult);
-  NS_ENSURE_SUCCESS(rv, rv);
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsExpandedPrincipal::Equals(nsIPrincipal* aOther, bool* aResult)
-{
-  return ::Equals(this, &nsIPrincipal::Subsumes, aOther, aResult);
-}
-
-NS_IMETHODIMP
-nsExpandedPrincipal::EqualsConsideringDomain(nsIPrincipal* aOther, bool* aResult)
-{
-  return ::Equals(this, &nsIPrincipal::SubsumesConsideringDomain, aOther, aResult);
-}
-
-// nsExpandedPrincipal::Subsumes and nsExpandedPrincipal::SubsumesConsideringDomain
-// shares the same logic. The difference only that Subsumes calls are replaced
-//with SubsumesConsideringDomain calls in the second case.
-static nsresult
-Subsumes(nsExpandedPrincipal* aThis, nsIPrincipalMemFn aFn, nsIPrincipal* aOther,
-         bool* aResult)
-{
-  nsresult rv;
+  // If aOther is an ExpandedPrincipal too, we break it down into its component
+  // nsIPrincipals, and check subsumes on each one.
   nsCOMPtr<nsIExpandedPrincipal> expanded = do_QueryInterface(aOther);
   if (expanded) {
-    // If aOther is an ExpandedPrincipal too, check if all of its
-    // principals are subsumed.
     nsTArray< nsCOMPtr<nsIPrincipal> >* otherList;
     expanded->GetWhiteList(&otherList);
     for (uint32_t i = 0; i < otherList->Length(); ++i){
-      rv = CALL_MEMBER_FUNCTION(aThis, aFn)((*otherList)[i], aResult);
-      NS_ENSURE_SUCCESS(rv, rv);
-      if (!*aResult) {
-        // If we don't subsume at least one principal of aOther, return false.
-        return NS_OK;
+      if (!SubsumesInternal((*otherList)[i], aConsideration)) {
+        return false;
       }
     }
-  } else {
-    // For a regular aOther, one of our principals must subsume it.
-    nsTArray< nsCOMPtr<nsIPrincipal> >* list;
-    aThis->GetWhiteList(&list);
-    for (uint32_t i = 0; i < list->Length(); ++i){
-      rv = CALL_MEMBER_FUNCTION((*list)[i], aFn)(aOther, aResult);
-      NS_ENSURE_SUCCESS(rv, rv);
-      if (*aResult) {
-        // If one of our principal subsumes it, return true.
-        return NS_OK;
-      }
+    return true;
+  }
+
+  // We're dealing with a regular principal. One of our principals must subsume
+  // it.
+  for (uint32_t i = 0; i < mPrincipals.Length(); ++i) {
+    if (Cast(mPrincipals[i])->Subsumes(aOther, aConsideration)) {
+      return true;
     }
   }
-  return NS_OK;
-}
 
-#undef CALL_MEMBER_FUNCTION
-
-NS_IMETHODIMP
-nsExpandedPrincipal::Subsumes(nsIPrincipal* aOther, bool* aResult)
-{
-  return ::Subsumes(this, &nsIPrincipal::Subsumes, aOther, aResult);
-}
-
-NS_IMETHODIMP
-nsExpandedPrincipal::SubsumesConsideringDomain(nsIPrincipal* aOther, bool* aResult)
-{
-  return ::Subsumes(this, &nsIPrincipal::SubsumesConsideringDomain, aOther, aResult);
+  return false;
 }
 
 NS_IMETHODIMP
 nsExpandedPrincipal::CheckMayLoad(nsIURI* uri, bool aReport, bool aAllowIfInheritsPrincipal)
 {
   nsresult rv;
   for (uint32_t i = 0; i < mPrincipals.Length(); ++i){
     rv = mPrincipals[i]->CheckMayLoad(uri, aReport, aAllowIfInheritsPrincipal);
--- a/caps/nsPrincipal.h
+++ b/caps/nsPrincipal.h
@@ -17,25 +17,21 @@
 #include "nsScriptSecurityManager.h"
 #include "mozilla/BasePrincipal.h"
 
 class nsPrincipal final : public mozilla::BasePrincipal
 {
 public:
   NS_DECL_NSISERIALIZABLE
   NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override;
-  NS_IMETHOD Equals(nsIPrincipal* other, bool* _retval) override;
-  NS_IMETHOD EqualsConsideringDomain(nsIPrincipal* other, bool* _retval) override;
   NS_IMETHOD GetHashValue(uint32_t* aHashValue) override;
   NS_IMETHOD GetURI(nsIURI** aURI) override;
   NS_IMETHOD GetDomain(nsIURI** aDomain) override;
   NS_IMETHOD SetDomain(nsIURI* aDomain) override;
   NS_IMETHOD GetOrigin(nsACString& aOrigin) override;
-  NS_IMETHOD Subsumes(nsIPrincipal* other, bool* _retval) override;
-  NS_IMETHOD SubsumesConsideringDomain(nsIPrincipal* other, bool* _retval) override;
   NS_IMETHOD CheckMayLoad(nsIURI* uri, bool report, bool allowIfInheritsPrincipal) override;
   NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
   virtual bool IsOnCSSUnprefixingWhitelist() override;
 
   nsPrincipal();
 
   // Init() must be called before the principal is in a usable state.
   nsresult Init(nsIURI* aCodebase,
@@ -77,46 +73,45 @@ public:
   // If mCodebaseImmutable is true, mCodebase is non-null and immutable
   bool mCodebaseImmutable;
   bool mDomainImmutable;
   bool mInitialized;
   mozilla::Maybe<bool> mIsOnCSSUnprefixingWhitelist; // Lazily-computed
 
 protected:
   virtual ~nsPrincipal();
+
+  bool SubsumesInternal(nsIPrincipal* aOther, DocumentDomainConsideration aConsideration) override;
 };
 
 class nsExpandedPrincipal : public nsIExpandedPrincipal, public mozilla::BasePrincipal
 {
 public:
   explicit nsExpandedPrincipal(nsTArray< nsCOMPtr<nsIPrincipal> > &aWhiteList);
 
-protected:
-  virtual ~nsExpandedPrincipal();
-
-public:
   NS_DECL_NSIEXPANDEDPRINCIPAL
   NS_DECL_NSISERIALIZABLE
   NS_IMETHODIMP_(MozExternalRefCountType) AddRef() override { return nsJSPrincipals::AddRef(); };
   NS_IMETHODIMP_(MozExternalRefCountType) Release() override { return nsJSPrincipals::Release(); };
   NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override;
-  NS_IMETHOD Equals(nsIPrincipal* other, bool* _retval) override;
-  NS_IMETHOD EqualsConsideringDomain(nsIPrincipal* other, bool* _retval) override;
   NS_IMETHOD GetHashValue(uint32_t* aHashValue) override;
   NS_IMETHOD GetURI(nsIURI** aURI) override;
   NS_IMETHOD GetDomain(nsIURI** aDomain) override;
   NS_IMETHOD SetDomain(nsIURI* aDomain) override;
   NS_IMETHOD GetOrigin(nsACString& aOrigin) override;
-  NS_IMETHOD Subsumes(nsIPrincipal* other, bool* _retval) override;
-  NS_IMETHOD SubsumesConsideringDomain(nsIPrincipal* other, bool* _retval) override;
   NS_IMETHOD CheckMayLoad(nsIURI* uri, bool report, bool allowIfInheritsPrincipal) override;
   NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
   virtual bool IsOnCSSUnprefixingWhitelist() override;
   virtual void GetScriptLocation(nsACString &aStr) override;
 
+protected:
+  virtual ~nsExpandedPrincipal();
+
+  bool SubsumesInternal(nsIPrincipal* aOther, DocumentDomainConsideration aConsideration) override;
+
 private:
   nsTArray< nsCOMPtr<nsIPrincipal> > mPrincipals;
 };
 
 #define NS_PRINCIPAL_CONTRACTID "@mozilla.org/principal;1"
 #define NS_PRINCIPAL_CID \
   { 0x09b7e598, 0x490d, 0x423f, \
     { 0xa8, 0xa6, 0x2e, 0x6c, 0x4e, 0xc8, 0x77, 0x50 }}
--- a/caps/nsSystemPrincipal.cpp
+++ b/caps/nsSystemPrincipal.cpp
@@ -37,43 +37,16 @@ nsSystemPrincipal::GetScriptLocation(nsA
     aStr.AssignLiteral(SYSTEM_PRINCIPAL_SPEC);
 }
 
 ///////////////////////////////////////
 // Methods implementing nsIPrincipal //
 ///////////////////////////////////////
 
 NS_IMETHODIMP
-nsSystemPrincipal::Equals(nsIPrincipal *other, bool *result)
-{
-    *result = (other == this);
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsSystemPrincipal::EqualsConsideringDomain(nsIPrincipal *other, bool *result)
-{
-    return Equals(other, result);
-}
-
-NS_IMETHODIMP
-nsSystemPrincipal::Subsumes(nsIPrincipal *other, bool *result)
-{
-    *result = true;
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsSystemPrincipal::SubsumesConsideringDomain(nsIPrincipal *other, bool *result)
-{
-    *result = true;
-    return NS_OK;
-}
-
-NS_IMETHODIMP
 nsSystemPrincipal::CheckMayLoad(nsIURI* uri, bool aReport, bool aAllowIfInheritsPrincipal)
 {
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsSystemPrincipal::GetHashValue(uint32_t *result)
 {
--- a/caps/nsSystemPrincipal.h
+++ b/caps/nsSystemPrincipal.h
@@ -20,31 +20,32 @@
 #define NS_SYSTEMPRINCIPAL_CONTRACTID "@mozilla.org/systemprincipal;1"
 
 
 class nsSystemPrincipal final : public mozilla::BasePrincipal
 {
 public:
   NS_DECL_NSISERIALIZABLE
   NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override;
-  NS_IMETHOD Equals(nsIPrincipal* other, bool* _retval) override;
-  NS_IMETHOD EqualsConsideringDomain(nsIPrincipal* other, bool* _retval) override;
   NS_IMETHOD GetHashValue(uint32_t* aHashValue) override;
   NS_IMETHOD GetURI(nsIURI** aURI) override;
   NS_IMETHOD GetDomain(nsIURI** aDomain) override;
   NS_IMETHOD SetDomain(nsIURI* aDomain) override;
   NS_IMETHOD GetOrigin(nsACString& aOrigin) override;
-  NS_IMETHOD Subsumes(nsIPrincipal* other, bool* _retval) override;
-  NS_IMETHOD SubsumesConsideringDomain(nsIPrincipal* other, bool* _retval) override;
   NS_IMETHOD CheckMayLoad(nsIURI* uri, bool report, bool allowIfInheritsPrincipal) override;
   NS_IMETHOD GetCsp(nsIContentSecurityPolicy** aCsp) override;
   NS_IMETHOD SetCsp(nsIContentSecurityPolicy* aCsp) override;
   NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
 
   nsSystemPrincipal() {}
 
   virtual void GetScriptLocation(nsACString &aStr) override;
 
 protected:
   virtual ~nsSystemPrincipal(void) {}
+
+  bool SubsumesInternal(nsIPrincipal *aOther, DocumentDomainConsideration aConsideration) override
+  {
+    return true;
+  }
 };
 
 #endif // nsSystemPrincipal_h__