Bug 1341250 - Moving nsExpandedPrincipal in separate files, r=qdot
authorAndrea Marchesini <amarchesini@mozilla.com>
Wed, 22 Feb 2017 10:01:43 +0100
changeset 373332 31ca9ebd033a6b88c3b03357491b602fe588512c
parent 373331 6cf3a4f98a622d3c1b40a24d3ae9f486339f8b1c
child 373333 a5b156516effa2901d542a079183bacd661482ad
push id10863
push userjlorenzo@mozilla.com
push dateMon, 06 Mar 2017 23:02:23 +0000
treeherdermozilla-aurora@0931190cd725 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersqdot
bugs1341250
milestone54.0a1
Bug 1341250 - Moving nsExpandedPrincipal in separate files, r=qdot
caps/moz.build
caps/nsExpandedPrincipal.cpp
caps/nsExpandedPrincipal.h
caps/nsPrincipal.cpp
caps/nsPrincipal.h
ipc/glue/BackgroundUtils.cpp
js/xpconnect/src/Sandbox.cpp
js/xpconnect/src/XPCWrappedNativeScope.cpp
--- a/caps/moz.build
+++ b/caps/moz.build
@@ -36,16 +36,17 @@ EXPORTS.mozilla = [
 SOURCES += [
     # Compile this separately since nsExceptionHandler.h conflicts
     # with something from nsNullPrincipal.cpp.
     'BasePrincipal.cpp',
 ]
 
 UNIFIED_SOURCES += [
     'DomainPolicy.cpp',
+    'nsExpandedPrincipal.cpp',
     'nsJSPrincipals.cpp',
     'nsNullPrincipal.cpp',
     'nsNullPrincipalURI.cpp',
     'nsPrincipal.cpp',
     'nsScriptSecurityManager.cpp',
     'nsSystemPrincipal.cpp',
 ]
 
copy from caps/nsPrincipal.cpp
copy to caps/nsExpandedPrincipal.cpp
--- a/caps/nsPrincipal.cpp
+++ b/caps/nsExpandedPrincipal.cpp
@@ -1,471 +1,19 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 sw=2 et tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include "nsPrincipal.h"
-
-#include "mozIThirdPartyUtil.h"
-#include "nscore.h"
-#include "nsScriptSecurityManager.h"
-#include "nsString.h"
-#include "nsReadableUtils.h"
-#include "pratom.h"
-#include "nsIURI.h"
-#include "nsIURL.h"
-#include "nsIStandardURL.h"
-#include "nsIURIWithPrincipal.h"
-#include "nsJSPrincipals.h"
-#include "nsIEffectiveTLDService.h"
+#include "nsExpandedPrincipal.h"
 #include "nsIClassInfoImpl.h"
-#include "nsIProtocolHandler.h"
-#include "nsError.h"
-#include "nsIContentSecurityPolicy.h"
-#include "nsNetCID.h"
-#include "jswrapper.h"
-
-#include "mozilla/dom/nsCSPContext.h"
-#include "mozilla/dom/ScriptSettings.h"
-#include "mozilla/Preferences.h"
-#include "mozilla/HashFunctions.h"
 
 using namespace mozilla;
 
-static bool gCodeBasePrincipalSupport = false;
-
-static bool URIIsImmutable(nsIURI* aURI)
-{
-  nsCOMPtr<nsIMutable> mutableObj(do_QueryInterface(aURI));
-  bool isMutable;
-  return
-    mutableObj &&
-    NS_SUCCEEDED(mutableObj->GetMutable(&isMutable)) &&
-    !isMutable;
-}
-
-NS_IMPL_CLASSINFO(nsPrincipal, nullptr, nsIClassInfo::MAIN_THREAD_ONLY,
-                  NS_PRINCIPAL_CID)
-NS_IMPL_QUERY_INTERFACE_CI(nsPrincipal,
-                           nsIPrincipal,
-                           nsISerializable)
-NS_IMPL_CI_INTERFACE_GETTER(nsPrincipal,
-                            nsIPrincipal,
-                            nsISerializable)
-
-// Called at startup:
-/* static */ void
-nsPrincipal::InitializeStatics()
-{
-  Preferences::AddBoolVarCache(&gCodeBasePrincipalSupport,
-                               "signed.applets.codebase_principal_support",
-                               false);
-}
-
-nsPrincipal::nsPrincipal()
-  : mCodebaseImmutable(false)
-  , mDomainImmutable(false)
-  , mInitialized(false)
-{ }
-
-nsPrincipal::~nsPrincipal()
-{
-  // let's clear the principal within the csp to avoid a tangling pointer
-  if (mCSP) {
-    static_cast<nsCSPContext*>(mCSP.get())->clearLoadingPrincipal();
-  }
-}
-
-nsresult
-nsPrincipal::Init(nsIURI *aCodebase, const OriginAttributes& aOriginAttributes)
-{
-  NS_ENSURE_STATE(!mInitialized);
-  NS_ENSURE_ARG(aCodebase);
-
-  mInitialized = true;
-
-  mCodebase = NS_TryToMakeImmutable(aCodebase);
-  mCodebaseImmutable = URIIsImmutable(mCodebase);
-  mOriginAttributes = aOriginAttributes;
-
-  return NS_OK;
-}
-
-nsresult
-nsPrincipal::GetScriptLocation(nsACString &aStr)
-{
-  return mCodebase->GetSpec(aStr);
-}
-
-nsresult
-nsPrincipal::GetOriginInternal(nsACString& aOrigin)
-{
-  if (!mCodebase) {
-    return NS_ERROR_FAILURE;
-  }
-
-  nsCOMPtr<nsIURI> origin = NS_GetInnermostURI(mCodebase);
-  if (!origin) {
-    return NS_ERROR_FAILURE;
-  }
-
-  nsAutoCString hostPort;
-
-  // chrome: URLs don't have a meaningful origin, so make
-  // sure we just get the full spec for them.
-  // XXX this should be removed in favor of the solution in
-  // bug 160042.
-  bool isChrome;
-  nsresult rv = origin->SchemeIs("chrome", &isChrome);
-  if (NS_SUCCEEDED(rv) && !isChrome) {
-    rv = origin->GetAsciiHostPort(hostPort);
-    // Some implementations return an empty string, treat it as no support
-    // for asciiHost by that implementation.
-    if (hostPort.IsEmpty()) {
-      rv = NS_ERROR_FAILURE;
-    }
-  }
-
-  // We want the invariant that prinA.origin == prinB.origin i.f.f.
-  // prinA.equals(prinB). However, this requires that we impose certain constraints
-  // on the behavior and origin semantics of principals, and in particular, forbid
-  // creating origin strings for principals whose equality constraints are not
-  // expressible as strings (i.e. object equality). Moreover, we want to forbid URIs
-  // containing the magic "^" we use as a separating character for origin
-  // attributes.
-  //
-  // These constraints can generally be achieved by restricting .origin to
-  // nsIStandardURL-based URIs, but there are a few other URI schemes that we need
-  // to handle.
-  bool isBehaved;
-  if ((NS_SUCCEEDED(origin->SchemeIs("about", &isBehaved)) && isBehaved) ||
-      (NS_SUCCEEDED(origin->SchemeIs("moz-safe-about", &isBehaved)) && isBehaved) ||
-      (NS_SUCCEEDED(origin->SchemeIs("indexeddb", &isBehaved)) && isBehaved)) {
-    rv = origin->GetAsciiSpec(aOrigin);
-    NS_ENSURE_SUCCESS(rv, rv);
-    // These URIs could technically contain a '^', but they never should.
-    if (NS_WARN_IF(aOrigin.FindChar('^', 0) != -1)) {
-      aOrigin.Truncate();
-      return NS_ERROR_FAILURE;
-    }
-    return NS_OK;
-  }
-
-  if (NS_SUCCEEDED(rv) && !isChrome) {
-    rv = origin->GetScheme(aOrigin);
-    NS_ENSURE_SUCCESS(rv, rv);
-    aOrigin.AppendLiteral("://");
-    aOrigin.Append(hostPort);
-    return NS_OK;
-  }
-
-  // This URL can be a blobURL. In this case, we should use the 'parent'
-  // principal instead.
-  nsCOMPtr<nsIURIWithPrincipal> uriWithPrincipal = do_QueryInterface(origin);
-  if (uriWithPrincipal) {
-    nsCOMPtr<nsIPrincipal> uriPrincipal;
-    rv = uriWithPrincipal->GetPrincipal(getter_AddRefs(uriPrincipal));
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    if (uriPrincipal) {
-      return uriPrincipal->GetOriginNoSuffix(aOrigin);
-    }
-  }
-
-  // If we reached this branch, we can only create an origin if we have a
-  // nsIStandardURL.  So, we query to a nsIStandardURL, and fail if we aren't
-  // an instance of an nsIStandardURL nsIStandardURLs have the good property
-  // of escaping the '^' character in their specs, which means that we can be
-  // sure that the caret character (which is reserved for delimiting the end
-  // of the spec, and the beginning of the origin attributes) is not present
-  // in the origin string
-  nsCOMPtr<nsIStandardURL> standardURL = do_QueryInterface(origin);
-  NS_ENSURE_TRUE(standardURL, NS_ERROR_FAILURE);
-
-  rv = origin->GetAsciiSpec(aOrigin);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  // The origin, when taken from the spec, should not contain the ref part of
-  // the URL.
-
-  int32_t pos = aOrigin.FindChar('?');
-  int32_t hashPos = aOrigin.FindChar('#');
-
-  if (hashPos != kNotFound && (pos == kNotFound || hashPos < pos)) {
-    pos = hashPos;
-  }
-
-  if (pos != kNotFound) {
-    aOrigin.Truncate(pos);
-  }
-
-  return NS_OK;
-}
-
-bool
-nsPrincipal::SubsumesInternal(nsIPrincipal* aOther,
-                              BasePrincipal::DocumentDomainConsideration aConsideration)
-{
-  MOZ_ASSERT(aOther);
-
-  // For nsPrincipal, Subsumes is equivalent to Equals.
-  if (aOther == this) {
-    return true;
-  }
-
-  // If either the subject or the object has changed its principal by
-  // explicitly setting document.domain then the other must also have
-  // done so in order to be considered the same origin. This prevents
-  // DNS spoofing based on document.domain (154930)
-  nsresult rv;
-  if (aConsideration == ConsiderDocumentDomain) {
-    // Get .domain on each principal.
-    nsCOMPtr<nsIURI> thisDomain, otherDomain;
-    GetDomain(getter_AddRefs(thisDomain));
-    aOther->GetDomain(getter_AddRefs(otherDomain));
-
-    // If either has .domain set, we have equality i.f.f. the domains match.
-    // Otherwise, we fall through to the non-document-domain-considering case.
-    if (thisDomain || otherDomain) {
-      return nsScriptSecurityManager::SecurityCompareURIs(thisDomain, otherDomain);
-    }
-  }
-
-  nsCOMPtr<nsIURI> otherURI;
-  rv = aOther->GetURI(getter_AddRefs(otherURI));
-  NS_ENSURE_SUCCESS(rv, false);
-
-  // Compare codebases.
-  return nsScriptSecurityManager::SecurityCompareURIs(mCodebase, otherURI);
-}
-
-NS_IMETHODIMP
-nsPrincipal::GetURI(nsIURI** aURI)
-{
-  if (mCodebaseImmutable) {
-    NS_ADDREF(*aURI = mCodebase);
-    return NS_OK;
-  }
-
-  if (!mCodebase) {
-    *aURI = nullptr;
-    return NS_OK;
-  }
-
-  return NS_EnsureSafeToReturn(mCodebase, aURI);
-}
-
-bool
-nsPrincipal::MayLoadInternal(nsIURI* aURI)
-{
-  // See if aURI is something like a Blob URI that is actually associated with
-  // a principal.
-  nsCOMPtr<nsIURIWithPrincipal> uriWithPrin = do_QueryInterface(aURI);
-  nsCOMPtr<nsIPrincipal> uriPrin;
-  if (uriWithPrin) {
-    uriWithPrin->GetPrincipal(getter_AddRefs(uriPrin));
-  }
-  if (uriPrin) {
-    return nsIPrincipal::Subsumes(uriPrin);
-  }
-
-  // If this principal is associated with an addon, check whether that addon
-  // has been given permission to load from this domain.
-  if (AddonAllowsLoad(aURI)) {
-    return true;
-  }
-
-  if (nsScriptSecurityManager::SecurityCompareURIs(mCodebase, aURI)) {
-    return true;
-  }
-
-  // If strict file origin policy is in effect, local files will always fail
-  // SecurityCompareURIs unless they are identical. Explicitly check file origin
-  // policy, in that case.
-  if (nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
-      NS_URIIsLocalFile(aURI) &&
-      NS_RelaxStrictFileOriginPolicy(aURI, mCodebase)) {
-    return true;
-  }
-
-  return false;
-}
-
-void
-nsPrincipal::SetURI(nsIURI* aURI)
-{
-  mCodebase = NS_TryToMakeImmutable(aURI);
-  mCodebaseImmutable = URIIsImmutable(mCodebase);
-}
-
-NS_IMETHODIMP
-nsPrincipal::GetHashValue(uint32_t* aValue)
-{
-  NS_PRECONDITION(mCodebase, "Need a codebase");
-
-  *aValue = nsScriptSecurityManager::HashPrincipalByOrigin(this);
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsPrincipal::GetDomain(nsIURI** aDomain)
-{
-  if (!mDomain) {
-    *aDomain = nullptr;
-    return NS_OK;
-  }
-
-  if (mDomainImmutable) {
-    NS_ADDREF(*aDomain = mDomain);
-    return NS_OK;
-  }
-
-  return NS_EnsureSafeToReturn(mDomain, aDomain);
-}
-
-NS_IMETHODIMP
-nsPrincipal::SetDomain(nsIURI* aDomain)
-{
-  mDomain = NS_TryToMakeImmutable(aDomain);
-  mDomainImmutable = URIIsImmutable(mDomain);
-
-  // Recompute all wrappers between compartments using this principal and other
-  // non-chrome compartments.
-  AutoSafeJSContext cx;
-  JSPrincipals *principals = nsJSPrincipals::get(static_cast<nsIPrincipal*>(this));
-  bool success = js::RecomputeWrappers(cx, js::ContentCompartmentsOnly(),
-                                       js::CompartmentsWithPrincipals(principals));
-  NS_ENSURE_TRUE(success, NS_ERROR_FAILURE);
-  success = js::RecomputeWrappers(cx, js::CompartmentsWithPrincipals(principals),
-                                  js::ContentCompartmentsOnly());
-  NS_ENSURE_TRUE(success, NS_ERROR_FAILURE);
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsPrincipal::GetBaseDomain(nsACString& aBaseDomain)
-{
-  // For a file URI, we return the file path.
-  if (NS_URIIsLocalFile(mCodebase)) {
-    nsCOMPtr<nsIURL> url = do_QueryInterface(mCodebase);
-
-    if (url) {
-      return url->GetFilePath(aBaseDomain);
-    }
-  }
-
-  bool hasNoRelativeFlag;
-  nsresult rv = NS_URIChainHasFlags(mCodebase,
-                                    nsIProtocolHandler::URI_NORELATIVE,
-                                    &hasNoRelativeFlag);
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return rv;
-  }
-
-  if (hasNoRelativeFlag) {
-    return mCodebase->GetSpec(aBaseDomain);
-  }
-
-  // For everything else, we ask the TLD service via
-  // the ThirdPartyUtil.
-  nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
-    do_GetService(THIRDPARTYUTIL_CONTRACTID);
-  if (thirdPartyUtil) {
-    return thirdPartyUtil->GetBaseDomain(mCodebase, aBaseDomain);
-  }
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsPrincipal::Read(nsIObjectInputStream* aStream)
-{
-  nsCOMPtr<nsISupports> supports;
-  nsCOMPtr<nsIURI> codebase;
-  nsresult rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  codebase = do_QueryInterface(supports);
-
-  nsCOMPtr<nsIURI> domain;
-  rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  domain = do_QueryInterface(supports);
-
-  nsAutoCString suffix;
-  rv = aStream->ReadCString(suffix);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  OriginAttributes attrs;
-  bool ok = attrs.PopulateFromSuffix(suffix);
-  NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
-
-  rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  rv = Init(codebase, attrs);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  mCSP = do_QueryInterface(supports, &rv);
-  // make sure setRequestContext is called after Init(),
-  // to make sure  the principals URI been initalized.
-  if (mCSP) {
-    mCSP->SetRequestContext(nullptr, this);
-  }
-
-  SetDomain(domain);
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsPrincipal::Write(nsIObjectOutputStream* aStream)
-{
-  NS_ENSURE_STATE(mCodebase);
-  nsresult rv = NS_WriteOptionalCompoundObject(aStream, mCodebase, NS_GET_IID(nsIURI),
-                                               true);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  rv = NS_WriteOptionalCompoundObject(aStream, mDomain, NS_GET_IID(nsIURI),
-                                      true);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  nsAutoCString suffix;
-  OriginAttributesRef().CreateSuffix(suffix);
-
-  rv = aStream->WriteStringZ(suffix.get());
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  rv = NS_WriteOptionalCompoundObject(aStream, mCSP,
-                                      NS_GET_IID(nsIContentSecurityPolicy),
-                                      true);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  // mCodebaseImmutable and mDomainImmutable will be recomputed based
-  // on the deserialized URIs in Read().
-
-  return NS_OK;
-}
-
-/************************************************************************************************************************/
-
 NS_IMPL_CLASSINFO(nsExpandedPrincipal, nullptr, nsIClassInfo::MAIN_THREAD_ONLY,
                   NS_EXPANDEDPRINCIPAL_CID)
 NS_IMPL_QUERY_INTERFACE_CI(nsExpandedPrincipal,
                            nsIPrincipal,
                            nsIExpandedPrincipal)
 NS_IMPL_CI_INTERFACE_GETTER(nsExpandedPrincipal,
                              nsIPrincipal,
                              nsIExpandedPrincipal)
copy from caps/nsPrincipal.h
copy to caps/nsExpandedPrincipal.h
--- a/caps/nsPrincipal.h
+++ b/caps/nsExpandedPrincipal.h
@@ -1,69 +1,24 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#ifndef nsPrincipal_h__
-#define nsPrincipal_h__
+#ifndef nsExpandedPrincipal_h
+#define nsExpandedPrincipal_h
 
 #include "nsCOMPtr.h"
 #include "nsJSPrincipals.h"
 #include "nsTArray.h"
-#include "nsIContentSecurityPolicy.h"
-#include "nsIProtocolHandler.h"
 #include "nsNetUtil.h"
-#include "nsScriptSecurityManager.h"
 #include "mozilla/BasePrincipal.h"
 
-class nsPrincipal final : public mozilla::BasePrincipal
-{
-public:
-  NS_DECL_NSISERIALIZABLE
-  NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override;
-  NS_IMETHOD GetHashValue(uint32_t* aHashValue) override;
-  NS_IMETHOD GetURI(nsIURI** aURI) override;
-  NS_IMETHOD GetDomain(nsIURI** aDomain) override;
-  NS_IMETHOD SetDomain(nsIURI* aDomain) override;
-  NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
-  bool IsCodebasePrincipal() const override { return true; }
-  nsresult GetOriginInternal(nsACString& aOrigin) override;
-
-  nsPrincipal();
-
-  // Init() must be called before the principal is in a usable state.
-  nsresult Init(nsIURI* aCodebase,
-                const mozilla::OriginAttributes& aOriginAttributes);
-
-  virtual nsresult GetScriptLocation(nsACString& aStr) override;
-  void SetURI(nsIURI* aURI);
-
-  /**
-   * Called at startup to setup static data, e.g. about:config pref-observers.
-   */
-  static void InitializeStatics();
-
-  PrincipalKind Kind() override { return eCodebasePrincipal; }
-
-  nsCOMPtr<nsIURI> mDomain;
-  nsCOMPtr<nsIURI> mCodebase;
-  // If mCodebaseImmutable is true, mCodebase is non-null and immutable
-  bool mCodebaseImmutable;
-  bool mDomainImmutable;
-  bool mInitialized;
-
-protected:
-  virtual ~nsPrincipal();
-
-  bool SubsumesInternal(nsIPrincipal* aOther, DocumentDomainConsideration aConsideration) override;
-  bool MayLoadInternal(nsIURI* aURI) override;
-};
-
-class nsExpandedPrincipal : public nsIExpandedPrincipal, public mozilla::BasePrincipal
+class nsExpandedPrincipal : public nsIExpandedPrincipal
+                          , public mozilla::BasePrincipal
 {
 public:
   nsExpandedPrincipal(nsTArray<nsCOMPtr<nsIPrincipal>> &aWhiteList,
                       const mozilla::OriginAttributes& aAttrs);
 
   NS_DECL_NSIEXPANDEDPRINCIPAL
   NS_DECL_NSISERIALIZABLE
   NS_IMETHOD_(MozExternalRefCountType) AddRef() override { return nsJSPrincipals::AddRef(); };
@@ -85,19 +40,14 @@ protected:
 
   bool SubsumesInternal(nsIPrincipal* aOther, DocumentDomainConsideration aConsideration) override;
   bool MayLoadInternal(nsIURI* aURI) override;
 
 private:
   nsTArray< nsCOMPtr<nsIPrincipal> > mPrincipals;
 };
 
-#define NS_PRINCIPAL_CONTRACTID "@mozilla.org/principal;1"
-#define NS_PRINCIPAL_CID \
-{ 0x653e0e4d, 0x3ee4, 0x45fa, \
-  { 0xb2, 0x72, 0x97, 0xc2, 0x0b, 0xc0, 0x1e, 0xb8 } }
-
 #define NS_EXPANDEDPRINCIPAL_CONTRACTID "@mozilla.org/expandedprincipal;1"
 #define NS_EXPANDEDPRINCIPAL_CID \
 { 0xe8ee88b0, 0x5571, 0x4086, \
   { 0xa4, 0x5b, 0x39, 0xa7, 0x16, 0x90, 0x6b, 0xdb } }
 
-#endif // nsPrincipal_h__
+#endif // nsExpandedPrincipal_h
--- a/caps/nsPrincipal.cpp
+++ b/caps/nsPrincipal.cpp
@@ -453,208 +453,8 @@ nsPrincipal::Write(nsIObjectOutputStream
     return rv;
   }
 
   // mCodebaseImmutable and mDomainImmutable will be recomputed based
   // on the deserialized URIs in Read().
 
   return NS_OK;
 }
-
-/************************************************************************************************************************/
-
-NS_IMPL_CLASSINFO(nsExpandedPrincipal, nullptr, nsIClassInfo::MAIN_THREAD_ONLY,
-                  NS_EXPANDEDPRINCIPAL_CID)
-NS_IMPL_QUERY_INTERFACE_CI(nsExpandedPrincipal,
-                           nsIPrincipal,
-                           nsIExpandedPrincipal)
-NS_IMPL_CI_INTERFACE_GETTER(nsExpandedPrincipal,
-                             nsIPrincipal,
-                             nsIExpandedPrincipal)
-
-struct OriginComparator
-{
-  bool LessThan(nsIPrincipal* a, nsIPrincipal* b) const
-  {
-    nsAutoCString originA;
-    nsresult rv = a->GetOrigin(originA);
-    NS_ENSURE_SUCCESS(rv, false);
-    nsAutoCString originB;
-    rv = b->GetOrigin(originB);
-    NS_ENSURE_SUCCESS(rv, false);
-    return originA < originB;
-  }
-
-  bool Equals(nsIPrincipal* a, nsIPrincipal* b) const
-  {
-    nsAutoCString originA;
-    nsresult rv = a->GetOrigin(originA);
-    NS_ENSURE_SUCCESS(rv, false);
-    nsAutoCString originB;
-    rv = b->GetOrigin(originB);
-    NS_ENSURE_SUCCESS(rv, false);
-    return a == b;
-  }
-};
-
-nsExpandedPrincipal::nsExpandedPrincipal(nsTArray<nsCOMPtr<nsIPrincipal>> &aWhiteList,
-                                         const OriginAttributes& aAttrs)
-{
-  // We force the principals to be sorted by origin so that nsExpandedPrincipal
-  // origins can have a canonical form.
-  OriginComparator c;
-  for (size_t i = 0; i < aWhiteList.Length(); ++i) {
-    mPrincipals.InsertElementSorted(aWhiteList[i], c);
-  }
-  mOriginAttributes = aAttrs;
-}
-
-nsExpandedPrincipal::~nsExpandedPrincipal()
-{ }
-
-NS_IMETHODIMP
-nsExpandedPrincipal::GetDomain(nsIURI** aDomain)
-{
-  *aDomain = nullptr;
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsExpandedPrincipal::SetDomain(nsIURI* aDomain)
-{
-  return NS_OK;
-}
-
-nsresult
-nsExpandedPrincipal::GetOriginInternal(nsACString& aOrigin)
-{
-  aOrigin.AssignLiteral("[Expanded Principal [");
-  for (size_t i = 0; i < mPrincipals.Length(); ++i) {
-    if (i != 0) {
-      aOrigin.AppendLiteral(", ");
-    }
-
-    nsAutoCString subOrigin;
-    nsresult rv = mPrincipals.ElementAt(i)->GetOrigin(subOrigin);
-    NS_ENSURE_SUCCESS(rv, rv);
-    aOrigin.Append(subOrigin);
-  }
-
-  aOrigin.Append("]]");
-  return NS_OK;
-}
-
-bool
-nsExpandedPrincipal::SubsumesInternal(nsIPrincipal* aOther,
-                                      BasePrincipal::DocumentDomainConsideration aConsideration)
-{
-  // If aOther is an ExpandedPrincipal too, we break it down into its component
-  // nsIPrincipals, and check subsumes on each one.
-  nsCOMPtr<nsIExpandedPrincipal> expanded = do_QueryInterface(aOther);
-  if (expanded) {
-    nsTArray< nsCOMPtr<nsIPrincipal> >* otherList;
-    expanded->GetWhiteList(&otherList);
-    for (uint32_t i = 0; i < otherList->Length(); ++i){
-      // Use SubsumesInternal rather than Subsumes here, since OriginAttribute
-      // checks are only done between non-expanded sub-principals, and we don't
-      // need to incur the extra virtual call overhead.
-      if (!SubsumesInternal((*otherList)[i], aConsideration)) {
-        return false;
-      }
-    }
-    return true;
-  }
-
-  // We're dealing with a regular principal. One of our principals must subsume
-  // it.
-  for (uint32_t i = 0; i < mPrincipals.Length(); ++i) {
-    if (Cast(mPrincipals[i])->Subsumes(aOther, aConsideration)) {
-      return true;
-    }
-  }
-
-  return false;
-}
-
-bool
-nsExpandedPrincipal::MayLoadInternal(nsIURI* uri)
-{
-  for (uint32_t i = 0; i < mPrincipals.Length(); ++i){
-    if (BasePrincipal::Cast(mPrincipals[i])->MayLoadInternal(uri)) {
-      return true;
-    }
-  }
-
-  return false;
-}
-
-NS_IMETHODIMP
-nsExpandedPrincipal::GetHashValue(uint32_t* result)
-{
-  MOZ_CRASH("extended principal should never be used as key in a hash map");
-}
-
-NS_IMETHODIMP
-nsExpandedPrincipal::GetURI(nsIURI** aURI)
-{
-  *aURI = nullptr;
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsExpandedPrincipal::GetWhiteList(nsTArray<nsCOMPtr<nsIPrincipal> >** aWhiteList)
-{
-  *aWhiteList = &mPrincipals;
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsExpandedPrincipal::GetBaseDomain(nsACString& aBaseDomain)
-{
-  return NS_ERROR_NOT_AVAILABLE;
-}
-
-bool
-nsExpandedPrincipal::AddonHasPermission(const nsAString& aPerm)
-{
-  for (size_t i = 0; i < mPrincipals.Length(); ++i) {
-    if (BasePrincipal::Cast(mPrincipals[i])->AddonHasPermission(aPerm)) {
-      return true;
-    }
-  }
-  return false;
-}
-
-nsresult
-nsExpandedPrincipal::GetScriptLocation(nsACString& aStr)
-{
-  aStr.Assign("[Expanded Principal [");
-  for (size_t i = 0; i < mPrincipals.Length(); ++i) {
-    if (i != 0) {
-      aStr.AppendLiteral(", ");
-    }
-
-    nsAutoCString spec;
-    nsresult rv =
-      nsJSPrincipals::get(mPrincipals.ElementAt(i))->GetScriptLocation(spec);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    aStr.Append(spec);
-  }
-  aStr.Append("]]");
-  return NS_OK;
-}
-
-//////////////////////////////////////////
-// Methods implementing nsISerializable //
-//////////////////////////////////////////
-
-NS_IMETHODIMP
-nsExpandedPrincipal::Read(nsIObjectInputStream* aStream)
-{
-  return NS_ERROR_NOT_IMPLEMENTED;
-}
-
-NS_IMETHODIMP
-nsExpandedPrincipal::Write(nsIObjectOutputStream* aStream)
-{
-  return NS_ERROR_NOT_IMPLEMENTED;
-}
--- a/caps/nsPrincipal.h
+++ b/caps/nsPrincipal.h
@@ -53,51 +53,14 @@ public:
 
 protected:
   virtual ~nsPrincipal();
 
   bool SubsumesInternal(nsIPrincipal* aOther, DocumentDomainConsideration aConsideration) override;
   bool MayLoadInternal(nsIURI* aURI) override;
 };
 
-class nsExpandedPrincipal : public nsIExpandedPrincipal, public mozilla::BasePrincipal
-{
-public:
-  nsExpandedPrincipal(nsTArray<nsCOMPtr<nsIPrincipal>> &aWhiteList,
-                      const mozilla::OriginAttributes& aAttrs);
-
-  NS_DECL_NSIEXPANDEDPRINCIPAL
-  NS_DECL_NSISERIALIZABLE
-  NS_IMETHOD_(MozExternalRefCountType) AddRef() override { return nsJSPrincipals::AddRef(); };
-  NS_IMETHOD_(MozExternalRefCountType) Release() override { return nsJSPrincipals::Release(); };
-  NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override;
-  NS_IMETHOD GetHashValue(uint32_t* aHashValue) override;
-  NS_IMETHOD GetURI(nsIURI** aURI) override;
-  NS_IMETHOD GetDomain(nsIURI** aDomain) override;
-  NS_IMETHOD SetDomain(nsIURI* aDomain) override;
-  NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
-  virtual bool AddonHasPermission(const nsAString& aPerm) override;
-  virtual nsresult GetScriptLocation(nsACString &aStr) override;
-  nsresult GetOriginInternal(nsACString& aOrigin) override;
-
-  PrincipalKind Kind() override { return eExpandedPrincipal; }
-
-protected:
-  virtual ~nsExpandedPrincipal();
-
-  bool SubsumesInternal(nsIPrincipal* aOther, DocumentDomainConsideration aConsideration) override;
-  bool MayLoadInternal(nsIURI* aURI) override;
-
-private:
-  nsTArray< nsCOMPtr<nsIPrincipal> > mPrincipals;
-};
-
 #define NS_PRINCIPAL_CONTRACTID "@mozilla.org/principal;1"
 #define NS_PRINCIPAL_CID \
 { 0x653e0e4d, 0x3ee4, 0x45fa, \
   { 0xb2, 0x72, 0x97, 0xc2, 0x0b, 0xc0, 0x1e, 0xb8 } }
 
-#define NS_EXPANDEDPRINCIPAL_CONTRACTID "@mozilla.org/expandedprincipal;1"
-#define NS_EXPANDEDPRINCIPAL_CID \
-{ 0xe8ee88b0, 0x5571, 0x4086, \
-  { 0xa4, 0x5b, 0x39, 0xa7, 0x16, 0x90, 0x6b, 0xdb } }
-
 #endif // nsPrincipal_h__
--- a/ipc/glue/BackgroundUtils.cpp
+++ b/ipc/glue/BackgroundUtils.cpp
@@ -6,16 +6,17 @@
 
 #include "BackgroundUtils.h"
 
 #include "MainThreadUtils.h"
 #include "mozilla/Assertions.h"
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/ipc/PBackgroundSharedTypes.h"
 #include "mozilla/net/NeckoChannelParams.h"
+#include "nsExpandedPrincipal.h"
 #include "nsPrincipal.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsIURI.h"
 #include "nsNetUtil.h"
 #include "mozilla/LoadInfo.h"
 #include "nsNullPrincipal.h"
 #include "nsServiceManagerUtils.h"
 #include "nsString.h"
--- a/js/xpconnect/src/Sandbox.cpp
+++ b/js/xpconnect/src/Sandbox.cpp
@@ -15,17 +15,17 @@
 #include "nsContentUtils.h"
 #include "nsGlobalWindow.h"
 #include "nsIScriptContext.h"
 #include "nsIScriptObjectPrincipal.h"
 #include "nsIURI.h"
 #include "nsJSUtils.h"
 #include "nsNetUtil.h"
 #include "nsNullPrincipal.h"
-#include "nsPrincipal.h"
+#include "nsExpandedPrincipal.h"
 #include "WrapperFactory.h"
 #include "xpcprivate.h"
 #include "xpc_make_class.h"
 #include "XPCWrapper.h"
 #include "XrayWrapper.h"
 #include "Crypto.h"
 #include "mozilla/dom/BindingUtils.h"
 #include "mozilla/dom/BlobBinding.h"
--- a/js/xpconnect/src/XPCWrappedNativeScope.cpp
+++ b/js/xpconnect/src/XPCWrappedNativeScope.cpp
@@ -5,17 +5,17 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* Class used to manage the wrapped native objects within a JS scope. */
 
 #include "xpcprivate.h"
 #include "XPCWrapper.h"
 #include "nsContentUtils.h"
 #include "nsCycleCollectionNoteRootCallback.h"
-#include "nsPrincipal.h"
+#include "nsExpandedPrincipal.h"
 #include "mozilla/MemoryReporting.h"
 #include "mozilla/Preferences.h"
 #include "nsIAddonInterposition.h"
 #include "nsIXULRuntime.h"
 
 #include "mozilla/dom/BindingUtils.h"
 
 using namespace mozilla;