Backed out 6 changesets (bug 1484876) for eslint failure on PrivateBrowsingUtils. CLOSED TREE
authorCosmin Sabou <csabou@mozilla.com>
Wed, 22 Aug 2018 16:26:33 +0300
changeset 487928 41ebcb085bb01e54c1a7eea9e794cde45afbe734
parent 487927 e80737d6af552187ffeb8099c8d6fd936febed5e
child 487929 971943621f6e52daa0e94e48c3d846567978ff26
push id9719
push userffxbld-merge
push dateFri, 24 Aug 2018 17:49:46 +0000
treeherdermozilla-beta@719ec98fba77 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1484876
milestone63.0a1
backs oute80737d6af552187ffeb8099c8d6fd936febed5e
b1cb63d8c8bb98823dab57773d150178f19e694b
cd2ced68989568aaadd21e09d7d68664cf43e91d
d31e39a477046ed8a574e43dc6bbd4192829680d
babf6abc7f4cc189f17f73c7ddff8987da69a43a
1c9895ab06c6a1fa7799005bda10bc21d35c8a9b
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 6 changesets (bug 1484876) for eslint failure on PrivateBrowsingUtils. CLOSED TREE Backed out changeset e80737d6af55 (bug 1484876) Backed out changeset b1cb63d8c8bb (bug 1484876) Backed out changeset cd2ced689895 (bug 1484876) Backed out changeset d31e39a47704 (bug 1484876) Backed out changeset babf6abc7f4c (bug 1484876) Backed out changeset 1c9895ab06c6 (bug 1484876)
browser/base/content/browser-contentblocking.js
browser/installer/package-manifest.in
mobile/android/installer/package-manifest.in
netwerk/base/nsChannelClassifier.cpp
toolkit/components/antitracking/AntiTrackingCommon.cpp
toolkit/components/antitracking/AntiTrackingCommon.h
toolkit/components/moz.build
toolkit/components/privatebrowsing/PrivateBrowsing.manifest
toolkit/components/privatebrowsing/PrivateBrowsingTrackingProtectionWhitelist.js
toolkit/components/privatebrowsing/moz.build
toolkit/components/privatebrowsing/nsIPrivateBrowsingTrackingProtectionWhitelist.idl
toolkit/modules/PrivateBrowsingUtils.jsm
--- a/browser/base/content/browser-contentblocking.js
+++ b/browser/base/content/browser-contentblocking.js
@@ -407,21 +407,23 @@ var ContentBlocking = {
     // This state will be overriden later if there's an exception set for this site.
     let active = this.enabled && detected;
 
     for (let blocker of this.blockers) {
       blocker.categoryItem.classList.toggle("blocked", this.enabled && blocker.enabled);
     }
 
     // Check whether the user has added an exception for this site.
-    let type = PrivateBrowsingUtils.isBrowserPrivate(gBrowser.selectedBrowser) ?
-                 "trackingprotection-pb" :
-                 "trackingprotection";
-    let hasException = Services.perms.testExactPermission(baseURI, type) ==
-      Services.perms.ALLOW_ACTION;
+    let hasException = false;
+    if (PrivateBrowsingUtils.isBrowserPrivate(gBrowser.selectedBrowser)) {
+      hasException = PrivateBrowsingUtils.existsInTrackingAllowlist(baseURI);
+    } else {
+      hasException = Services.perms.testExactPermission(baseURI,
+        "trackingprotection") == Services.perms.ALLOW_ACTION;
+    }
 
     this.content.toggleAttribute("detected", detected);
     this.content.toggleAttribute("hasException", hasException);
 
     this.iconBox.toggleAttribute("active", active);
     this.iconBox.toggleAttribute("hasException", this.enabled && hasException);
 
     if (isSimulated) {
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -383,16 +383,20 @@
 @RESPATH@/actors/*
 
 ; Safe Browsing
 @RESPATH@/components/nsURLClassifier.manifest
 @RESPATH@/components/nsUrlClassifierHashCompleter.js
 @RESPATH@/components/nsUrlClassifierListManager.js
 @RESPATH@/components/nsUrlClassifierLib.js
 
+; Private Browsing
+@RESPATH@/components/PrivateBrowsing.manifest
+@RESPATH@/components/PrivateBrowsingTrackingProtectionWhitelist.js
+
 ; Security Reports
 @RESPATH@/components/SecurityReporter.manifest
 @RESPATH@/components/SecurityReporter.js
 
 ; ANGLE GLES-on-D3D rendering library
 #ifdef MOZ_ANGLE_RENDERER
 @BINPATH@/libEGL.dll
 @BINPATH@/libGLESv2.dll
--- a/mobile/android/installer/package-manifest.in
+++ b/mobile/android/installer/package-manifest.in
@@ -248,16 +248,20 @@
 @BINPATH@/actors/*
 
 ; Safe Browsing
 @BINPATH@/components/nsURLClassifier.manifest
 @BINPATH@/components/nsUrlClassifierHashCompleter.js
 @BINPATH@/components/nsUrlClassifierListManager.js
 @BINPATH@/components/nsUrlClassifierLib.js
 
+; Private Browsing
+@BINPATH@/components/PrivateBrowsing.manifest
+@BINPATH@/components/PrivateBrowsingTrackingProtectionWhitelist.js
+
 ; Security Reports
 @BINPATH@/components/SecurityReporter.manifest
 @BINPATH@/components/SecurityReporter.js
 
 ; [Browser Chrome Files]
 @BINPATH@/chrome/toolkit@JAREXT@
 @BINPATH@/chrome/toolkit.manifest
 
--- a/netwerk/base/nsChannelClassifier.cpp
+++ b/netwerk/base/nsChannelClassifier.cpp
@@ -17,32 +17,32 @@
 #include "nsIClassOfService.h"
 #include "nsIDocShell.h"
 #include "nsIDocument.h"
 #include "nsIHttpChannel.h"
 #include "nsIHttpChannelInternal.h"
 #include "nsIIOService.h"
 #include "nsIParentChannel.h"
 #include "nsIPermissionManager.h"
+#include "nsIPrivateBrowsingTrackingProtectionWhitelist.h"
 #include "nsIProtocolHandler.h"
 #include "nsIScriptError.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsISecureBrowserUI.h"
 #include "nsISecurityEventSink.h"
 #include "nsISupportsPriority.h"
 #include "nsIURL.h"
 #include "nsIWebProgressListener.h"
 #include "nsNetUtil.h"
 #include "nsPIDOMWindow.h"
 #include "nsXULAppAPI.h"
 #include "nsQueryObject.h"
 #include "nsIUrlClassifierDBService.h"
 #include "nsIURLFormatter.h"
 
-#include "mozilla/AntiTrackingCommon.h"
 #include "mozilla/ErrorNames.h"
 #include "mozilla/Logging.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/net/HttpBaseChannel.h"
 #include "mozilla/ClearOnShutdown.h"
 #include "mozilla/Services.h"
 #include "mozilla/StaticPrefs.h"
 #include "mozilla/Unused.h"
@@ -444,49 +444,94 @@ nsChannelClassifier::ShouldEnableTrackin
         return NS_OK;
       }
     }
 
     if (AddonMayLoad(aChannel, chanURI)) {
         return NS_OK;
     }
 
-    nsCOMPtr<nsIIOService> ios = services::GetIOService();
-    NS_ENSURE_TRUE(ios, NS_ERROR_FAILURE);
+    nsCOMPtr<nsIIOService> ios = do_GetService(NS_IOSERVICE_CONTRACTID, &rv);
+    NS_ENSURE_SUCCESS(rv, rv);
 
     nsCOMPtr<nsIURI> topWinURI;
     rv = chan->GetTopWindowURI(getter_AddRefs(topWinURI));
     if (NS_FAILED(rv)) {
       return rv;
     }
 
     if (!topWinURI && CachedPrefs::GetInstance()->IsAllowListExample()) {
       LOG(("nsChannelClassifier[%p]: Allowlisting test domain\n", this));
       rv = ios->NewURI(NS_LITERAL_CSTRING("http://allowlisted.example.com"),
                        nullptr, nullptr, getter_AddRefs(topWinURI));
       NS_ENSURE_SUCCESS(rv, rv);
     }
 
-    rv = AntiTrackingCommon::IsOnContentBlockingAllowList(topWinURI, mIsAllowListed);
+    // Take the host/port portion so we can allowlist by site. Also ignore the
+    // scheme, since users who put sites on the allowlist probably don't expect
+    // allowlisting to depend on scheme.
+    nsCOMPtr<nsIURL> url = do_QueryInterface(topWinURI, &rv);
     if (NS_FAILED(rv)) {
       return rv; // normal for some loads, no need to print a warning
     }
 
-    if (mIsAllowListed) {
-      *result = false;
+    nsCString escaped(NS_LITERAL_CSTRING("https://"));
+    nsAutoCString temp;
+    rv = url->GetHostPort(temp);
+    NS_ENSURE_SUCCESS(rv, rv);
+    escaped.Append(temp);
+
+    // Stuff the whole thing back into a URI for the permission manager.
+    rv = ios->NewURI(escaped, nullptr, nullptr, getter_AddRefs(topWinURI));
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    nsCOMPtr<nsIPermissionManager> permMgr =
+        do_GetService(NS_PERMISSIONMANAGER_CONTRACTID, &rv);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    uint32_t permissions = nsIPermissionManager::UNKNOWN_ACTION;
+    rv = permMgr->TestPermission(topWinURI, "trackingprotection", &permissions);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    if (permissions == nsIPermissionManager::ALLOW_ACTION) {
       if (LOG_ENABLED()) {
         nsCString chanSpec = chanURI->GetSpecOrDefault();
         chanSpec.Truncate(std::min(chanSpec.Length(), sMaxSpecLength));
-        LOG(("nsChannelClassifier[%p]: User override on channel[%p] (%s)",
-             this, aChannel, chanSpec.get()));
+        LOG(("nsChannelClassifier[%p]: User override on channel[%p] (%s) for %s",
+             this, aChannel, chanSpec.get(), escaped.get()));
       }
+      mIsAllowListed = true;
+      *result = false;
     } else {
       *result = true;
     }
 
+    // In Private Browsing Mode we also check against an in-memory list.
+    if (NS_UsePrivateBrowsing(aChannel)) {
+      nsCOMPtr<nsIPrivateBrowsingTrackingProtectionWhitelist> pbmtpWhitelist =
+          do_GetService(NS_PBTRACKINGPROTECTIONWHITELIST_CONTRACTID, &rv);
+      NS_ENSURE_SUCCESS(rv, rv);
+
+      bool exists = false;
+      rv = pbmtpWhitelist->ExistsInAllowList(topWinURI, &exists);
+      NS_ENSURE_SUCCESS(rv, rv);
+
+      if (exists) {
+        mIsAllowListed = true;
+        if (LOG_ENABLED()) {
+          nsCString chanSpec = chanURI->GetSpecOrDefault();
+          chanSpec.Truncate(std::min(chanSpec.Length(), sMaxSpecLength));
+          LOG(("nsChannelClassifier[%p]: User override (PBM) on channel[%p] (%s) for %s",
+               this, aChannel, chanSpec.get(), escaped.get()));
+        }
+      }
+
+      *result = !exists;
+    }
+
     // Tracking protection will be enabled so return without updating
     // the security state. If any channels are subsequently cancelled
     // (page elements blocked) the state will be then updated.
     if (*result) {
       if (LOG_ENABLED()) {
         nsCString chanSpec = chanURI->GetSpecOrDefault();
         chanSpec.Truncate(std::min(chanSpec.Length(), sMaxSpecLength));
         nsCString topWinSpec = topWinURI->GetSpecOrDefault();
--- a/toolkit/components/antitracking/AntiTrackingCommon.cpp
+++ b/toolkit/components/antitracking/AntiTrackingCommon.cpp
@@ -11,40 +11,36 @@
 #include "mozilla/AbstractThread.h"
 #include "mozilla/Logging.h"
 #include "mozilla/StaticPrefs.h"
 #include "mozIThirdPartyUtil.h"
 #include "nsContentUtils.h"
 #include "nsGlobalWindowInner.h"
 #include "nsICookiePermission.h"
 #include "nsICookieService.h"
-#include "nsIIOService.h"
 #include "nsIPermissionManager.h"
 #include "nsIPrincipal.h"
 #include "nsIURI.h"
-#include "nsIURL.h"
 #include "nsPIDOMWindow.h"
 #include "nsScriptSecurityManager.h"
 #include "prtime.h"
 
 #define ANTITRACKING_PERM_KEY "3rdPartyStorage"
 
 using namespace mozilla;
 using mozilla::dom::ContentChild;
 
 static LazyLogModule gAntiTrackingLog("AntiTracking");
-static const nsCString::size_type sMaxSpecLength = 128;
 
 #define LOG(format) MOZ_LOG(gAntiTrackingLog, mozilla::LogLevel::Debug, format)
 
 #define LOG_SPEC(format, uri)                                                 \
   PR_BEGIN_MACRO                                                              \
     if (MOZ_LOG_TEST(gAntiTrackingLog, mozilla::LogLevel::Debug)) {           \
       nsAutoCString _specStr(NS_LITERAL_CSTRING("(null)"));                   \
-      _specStr.Truncate(std::min(_specStr.Length(), sMaxSpecLength));         \
       if (uri) {                                                              \
         _specStr = uri->GetSpecOrDefault();                                   \
       }                                                                       \
       const char* _spec = _specStr.get();                                     \
       LOG(format);                                                            \
     }                                                                         \
   PR_END_MACRO
 
@@ -641,71 +637,8 @@ AntiTrackingCommon::MaybeIsFirstPartySto
   Unused << parentPrincipal->GetURI(getter_AddRefs(parentPrincipalURI));
   LOG_SPEC(("Testing permission type %s for %s resulted in %d (%s)",
             type.get(), _spec, int(result),
             result == nsIPermissionManager::ALLOW_ACTION ?
               "success" : "failure"), parentPrincipalURI);
 
   return result == nsIPermissionManager::ALLOW_ACTION;
 }
-
-nsresult
-AntiTrackingCommon::IsOnContentBlockingAllowList(nsIURI* aTopWinURI,
-                                                 bool& aIsAllowListed)
-{
-  aIsAllowListed = false;
-
-  LOG_SPEC(("Deciding whether the user has overridden content blocking for %s",
-            _spec), aTopWinURI);
-
-  nsCOMPtr<nsIIOService> ios = services::GetIOService();
-  NS_ENSURE_TRUE(ios, NS_ERROR_FAILURE);
-
-  // Take the host/port portion so we can allowlist by site. Also ignore the
-  // scheme, since users who put sites on the allowlist probably don't expect
-  // allowlisting to depend on scheme.
-  nsresult rv = NS_ERROR_FAILURE;
-  nsCOMPtr<nsIURL> url = do_QueryInterface(aTopWinURI, &rv);
-  if (NS_FAILED(rv)) {
-    return rv; // normal for some loads, no need to print a warning
-  }
-
-  nsCString escaped(NS_LITERAL_CSTRING("https://"));
-  nsAutoCString temp;
-  rv = url->GetHostPort(temp);
-  NS_ENSURE_SUCCESS(rv, rv);
-  escaped.Append(temp);
-
-  // Stuff the whole thing back into a URI for the permission manager.
-  nsCOMPtr<nsIURI> topWinURI;
-  rv = ios->NewURI(escaped, nullptr, nullptr, getter_AddRefs(topWinURI));
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  nsCOMPtr<nsIPermissionManager> permMgr =
-    do_GetService(NS_PERMISSIONMANAGER_CONTRACTID, &rv);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  // Check both the normal mode and private browsing mode user override permissions.
-  const char* types[] = {
-    "trackingprotection",
-    "trackingprotection-pb"
-  };
-
-  for (size_t i = 0; i < ArrayLength(types); ++i) {
-    uint32_t permissions = nsIPermissionManager::UNKNOWN_ACTION;
-    rv = permMgr->TestPermission(topWinURI, types[i], &permissions);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    if (permissions == nsIPermissionManager::ALLOW_ACTION) {
-      aIsAllowListed = true;
-      LOG_SPEC(("Found user override type %s for %s", types[i], _spec),
-               topWinURI);
-      // Stop checking the next permisson type if we decided to override.
-      break;
-    }
-  }
-
-  if (!aIsAllowListed) {
-    LOG(("No user override found"));
-  }
-
-  return NS_OK;
-}
--- a/toolkit/components/antitracking/AntiTrackingCommon.h
+++ b/toolkit/components/antitracking/AntiTrackingCommon.h
@@ -78,18 +78,13 @@ public:
 
   // For IPC only.
   static void
   SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess(nsIPrincipal* aPrincipal,
                                                              const nsCString& aParentOrigin,
                                                              const nsCString& aGrantedOrigin,
                                                              FirstPartyStorageAccessGrantedForOriginResolver&& aResolver);
 
-
-  // Check whether a top window URI is on the content blocking allow list.
-  static nsresult
-  IsOnContentBlockingAllowList(nsIURI* aTopWinURI, bool& aIsAllowListed);
-
 };
 
 } // namespace mozilla
 
 #endif // mozilla_antitrackingservice_h
--- a/toolkit/components/moz.build
+++ b/toolkit/components/moz.build
@@ -44,16 +44,17 @@ DIRS += [
     'mozintl',
     'mozprotocol',
     'osfile',
     'parentalcontrols',
     'passwordmgr',
     'perf',
     'perfmonitoring',
     'places',
+    'privatebrowsing',
     'processsingleton',
     'promiseworker',
     'prompts',
     'protobuf',
     'reader',
     'remotebrowserutils',
     'remotepagemanager',
     'reflect',
new file mode 100644
--- /dev/null
+++ b/toolkit/components/privatebrowsing/PrivateBrowsing.manifest
@@ -0,0 +1,2 @@
+component {a319b616-c45d-4037-8d86-01c592b5a9af} PrivateBrowsingTrackingProtectionWhitelist.js
+contract @mozilla.org/pbm-tp-whitelist;1 {a319b616-c45d-4037-8d86-01c592b5a9af}
new file mode 100644
--- /dev/null
+++ b/toolkit/components/privatebrowsing/PrivateBrowsingTrackingProtectionWhitelist.js
@@ -0,0 +1,62 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
+ChromeUtils.import("resource://gre/modules/Services.jsm");
+
+function PrivateBrowsingTrackingProtectionWhitelist() {
+  // The list of URIs explicitly excluded from tracking protection.
+  this._allowlist = [];
+
+  Services.obs.addObserver(this, "last-pb-context-exited", true);
+}
+
+PrivateBrowsingTrackingProtectionWhitelist.prototype = {
+  classID: Components.ID("{a319b616-c45d-4037-8d86-01c592b5a9af}"),
+  QueryInterface: ChromeUtils.generateQI([Ci.nsIPrivateBrowsingTrackingProtectionWhitelist, Ci.nsIObserver, Ci.nsISupportsWeakReference]),
+  _xpcom_factory: XPCOMUtils.generateSingletonFactory(PrivateBrowsingTrackingProtectionWhitelist),
+
+  /**
+   * Add the provided URI to the list of allowed tracking sites.
+   *
+   * @param uri nsIURI
+   *        The URI to add to the list.
+   */
+  addToAllowList(uri) {
+    if (!this._allowlist.includes(uri.spec)) {
+      this._allowlist.push(uri.spec);
+    }
+  },
+
+  /**
+   * Remove the provided URI from the list of allowed tracking sites.
+   *
+   * @param uri nsIURI
+   *        The URI to add to the list.
+   */
+  removeFromAllowList(uri) {
+    let index = this._allowlist.indexOf(uri.spec);
+    if (index !== -1) {
+      this._allowlist.splice(index, 1);
+    }
+  },
+
+  /**
+   * Check if the provided URI exists in the list of allowed tracking sites.
+   *
+   * @param uri nsIURI
+   *        The URI to add to the list.
+   */
+  existsInAllowList(uri) {
+    return this._allowlist.includes(uri.spec);
+  },
+
+  observe(subject, topic, data) {
+    if (topic == "last-pb-context-exited") {
+      this._allowlist = [];
+    }
+  }
+};
+
+this.NSGetFactory = XPCOMUtils.generateNSGetFactory([PrivateBrowsingTrackingProtectionWhitelist]);
new file mode 100644
--- /dev/null
+++ b/toolkit/components/privatebrowsing/moz.build
@@ -0,0 +1,19 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files('**'):
+    BUG_COMPONENT = ('Core', 'DOM: Security')
+
+XPIDL_SOURCES += [
+    'nsIPrivateBrowsingTrackingProtectionWhitelist.idl',
+]
+
+XPIDL_MODULE = 'privatebrowsing'
+
+EXTRA_COMPONENTS += [
+    'PrivateBrowsing.manifest',
+    'PrivateBrowsingTrackingProtectionWhitelist.js',
+]
new file mode 100644
--- /dev/null
+++ b/toolkit/components/privatebrowsing/nsIPrivateBrowsingTrackingProtectionWhitelist.idl
@@ -0,0 +1,46 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIURI;
+
+/**
+ * The Private Browsing Tracking Protection service checks a URI against an
+ * in-memory list of tracking sites.
+ */
+[scriptable, uuid(c77ddfac-6cd6-43a9-84e8-91682a1a7b18)]
+interface nsIPrivateBrowsingTrackingProtectionWhitelist : nsISupports
+{
+  /**
+   * Add a URI to the list of allowed tracking sites in Private Browsing mode
+   * (essentially a tracking whitelist). This operation will cause the URI to
+   * be registered if it does not currently exist. If it already exists, then
+   * the operation is essentially a no-op.
+   *
+   * @param uri         the uri to add to the list
+   */
+  void addToAllowList(in nsIURI uri);
+
+  /**
+   * Remove a URI from the list of allowed tracking sites in Private Browsing
+   * mode (the tracking whitelist). If the URI is not already in the list,
+   * then the operation is essentially a no-op.
+   *
+   * @param uri         the uri to remove from the list
+   */
+  void removeFromAllowList(in nsIURI uri);
+
+  /**
+   * Check if a URI exists in the list of allowed tracking sites in Private
+   * Browsing mode (the tracking whitelist).
+   *
+   * @param uri         the uri to look for in the list
+   */
+  bool existsInAllowList(in nsIURI uri);
+};
+
+%{ C++
+#define NS_PBTRACKINGPROTECTIONWHITELIST_CONTRACTID "@mozilla.org/pbm-tp-whitelist;1"
+%}
--- a/toolkit/modules/PrivateBrowsingUtils.jsm
+++ b/toolkit/modules/PrivateBrowsingUtils.jsm
@@ -2,50 +2,19 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 var EXPORTED_SYMBOLS = ["PrivateBrowsingUtils"];
 
 ChromeUtils.import("resource://gre/modules/Services.jsm");
 ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
 
-function PrivateBrowsingContentBlockingAllowList() {
-  Services.obs.addObserver(this, "last-pb-context-exited", true);
-}
-
-PrivateBrowsingContentBlockingAllowList.prototype = {
-  QueryInterface: ChromeUtils.generateQI([Ci.nsIObserver, Ci.nsISupportsWeakReference]),
-
-  /**
-   * Add the provided URI to the list of allowed tracking sites.
-   *
-   * @param uri nsIURI
-   *        The URI to add to the list.
-   */
-  addToAllowList(uri) {
-    Services.perms.add(uri, "trackingprotection-pb", Ci.nsIPermissionManager.ALLOW_ACTION,
-                       Ci.nsIPermissionManager.EXPIRE_SESSION);
-  },
-
-  /**
-   * Remove the provided URI from the list of allowed tracking sites.
-   *
-   * @param uri nsIURI
-   *        The URI to remove from the list.
-   */
-  removeFromAllowList(uri) {
-    Services.perms.remove(uri, "trackingprotection-pb");
-  },
-
-  observe(subject, topic, data) {
-    if (topic == "last-pb-context-exited") {
-      Services.perms.removeByType("trackingprotection-pb");
-    }
-  }
-};
+XPCOMUtils.defineLazyServiceGetter(this, "gPBMTPWhitelist",
+                                   "@mozilla.org/pbm-tp-whitelist;1",
+                                   "nsIPrivateBrowsingTrackingProtectionWhitelist");
 
 const kAutoStartPref = "browser.privatebrowsing.autostart";
 
 // This will be set to true when the PB mode is autostarted from the command
 // line for the current session.
 var gTemporaryAutoStartMode = false;
 
 var PrivateBrowsingUtils = {
@@ -82,27 +51,26 @@ var PrivateBrowsingUtils = {
     }
     return this.privacyContextFromWindow(aBrowser.contentWindow).usePrivateBrowsing;
   },
 
   privacyContextFromWindow: function pbu_privacyContextFromWindow(aWindow) {
     return aWindow.docShell.QueryInterface(Ci.nsILoadContext);
   },
 
-  get _pbCBAllowList() {
-    delete this._pbCBAllowList;
-    return this._pbCBAllowList = new PrivateBrowsingContentBlockingAllowList();
+  addToTrackingAllowlist(aURI) {
+    gPBMTPWhitelist.addToAllowList(aURI);
   },
 
-  addToTrackingAllowlist(aURI) {
-    this._pbCBAllowList.addToAllowList(aURI);
+  existsInTrackingAllowlist(aURI) {
+    return gPBMTPWhitelist.existsInAllowList(aURI);
   },
 
   removeFromTrackingAllowlist(aURI) {
-    this._pbCBAllowList.removeFromAllowList(aURI);
+    gPBMTPWhitelist.removeFromAllowList(aURI);
   },
 
   get permanentPrivateBrowsing() {
     try {
       return gTemporaryAutoStartMode ||
              Services.prefs.getBoolPref(kAutoStartPref);
     } catch (e) {
       // The pref does not exist