Bug 1547813 - Part 4: Rename StorageAccess::ePartitionedOrDeny to ePartitionTrackersOrDeny; r=baku
☠☠ backed out by 8fea66166287 ☠ ☠
authorEhsan Akhgari <ehsan@mozilla.com>
Wed, 08 May 2019 19:37:52 +0000
changeset 532057 77a040f527e9903657ccc0910adb760aef281619
parent 532056 b4651cfaff307a7f3f05538907045b1e24a07923
child 532058 4ced8d49ddc37cd3ecdb62c38e7df51f5603f475
push id11265
push userffxbld-merge
push dateMon, 13 May 2019 10:53:39 +0000
treeherdermozilla-beta@77e0fe8dbdd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku
bugs1547813
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1547813 - Part 4: Rename StorageAccess::ePartitionedOrDeny to ePartitionTrackersOrDeny; r=baku Differential Revision: https://phabricator.services.mozilla.com/D29739
dom/base/Document.cpp
dom/base/nsContentUtils.cpp
dom/base/nsContentUtils.h
dom/base/nsGlobalWindowInner.cpp
dom/broadcastchannel/BroadcastChannel.cpp
dom/clients/manager/ClientIPCUtils.h
dom/indexedDB/IDBFactory.cpp
dom/workers/WorkerScope.cpp
dom/workers/sharedworkers/SharedWorker.cpp
toolkit/components/antitracking/StoragePrincipalHelper.cpp
--- a/dom/base/Document.cpp
+++ b/dom/base/Document.cpp
@@ -3474,17 +3474,18 @@ void Document::GetCookie(nsAString& aCoo
   }
 
   nsContentUtils::StorageAccess storageAccess =
       nsContentUtils::StorageAllowedForDocument(this);
   if (storageAccess == nsContentUtils::StorageAccess::eDeny) {
     return;
   }
 
-  if (storageAccess == nsContentUtils::StorageAccess::ePartitionedOrDeny &&
+  if (storageAccess ==
+          nsContentUtils::StorageAccess::ePartitionTrackersOrDeny &&
       !StaticPrefs::privacy_storagePrincipal_enabledForTrackers()) {
     return;
   }
 
   // If the document is a cookie-averse Document... return the empty string.
   if (IsCookieAverse()) {
     return;
   }
@@ -3534,17 +3535,18 @@ void Document::SetCookie(const nsAString
   }
 
   nsContentUtils::StorageAccess storageAccess =
       nsContentUtils::StorageAllowedForDocument(this);
   if (storageAccess == nsContentUtils::StorageAccess::eDeny) {
     return;
   }
 
-  if (storageAccess == nsContentUtils::StorageAccess::ePartitionedOrDeny &&
+  if (storageAccess ==
+          nsContentUtils::StorageAccess::ePartitionTrackersOrDeny &&
       !StaticPrefs::privacy_storagePrincipal_enabledForTrackers()) {
     return;
   }
 
   // If the document is a cookie-averse Document... do nothing.
   if (IsCookieAverse()) {
     return;
   }
@@ -13027,17 +13029,17 @@ nsIPrincipal* Document::EffectiveStorage
   }
 
   nsContentUtils::StorageAccess access =
       nsContentUtils::StorageAllowedForDocument(this);
 
   // Let's use the storage principal only if we need to partition the cookie
   // jar. When the permission is granted, access will be different and the
   // normal principal will be used.
-  if (access != nsContentUtils::StorageAccess::ePartitionedOrDeny) {
+  if (access != nsContentUtils::StorageAccess::ePartitionTrackersOrDeny) {
     return NodePrincipal();
   }
 
   return mIntrinsicStoragePrincipal;
 }
 
 }  // namespace dom
 }  // namespace mozilla
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -8465,17 +8465,17 @@ nsContentUtils::StorageAccess nsContentU
   if (!StorageDisabledByAntiTracking(aWindow, aChannel, aPrincipal, aURI,
                                      aRejectedReason)) {
     return access;
   }
 
   // We want to have a partitioned storage only for trackers.
   if (aRejectedReason ==
       nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER) {
-    return StorageAccess::ePartitionedOrDeny;
+    return StorageAccess::ePartitionTrackersOrDeny;
   }
 
   return StorageAccess::eDeny;
 }
 
 namespace {
 
 // We put StringBuilder in the anonymous namespace to prevent anything outside
--- a/dom/base/nsContentUtils.h
+++ b/dom/base/nsContentUtils.h
@@ -2879,19 +2879,19 @@ class nsContentUtils {
   static bool IsNonSubresourceRequest(nsIChannel* aChannel);
 
   static bool IsNonSubresourceInternalPolicyType(nsContentPolicyType aType);
 
   // The order of these entries matters, as we use std::min for total ordering
   // of permissions. Private Browsing is considered to be more limiting
   // then session scoping
   enum class StorageAccess {
-    // The storage should be partitioned. if the caller is unable to do it, deny
-    // the storage access.
-    ePartitionedOrDeny = -1,
+    // The storage should be partitioned for third-party trackers. if the caller
+    // is unable to do it, deny the storage access.
+    ePartitionTrackersOrDeny = -1,
     // Don't allow access to the storage
     eDeny = 0,
     // Allow access to the storage, but only if it is secure to do so in a
     // private browsing context.
     ePrivateBrowsing = 1,
     // Allow access to the storage, but only persist it for the current session
     eSessionScoped = 2,
     // Allow access to the storage
--- a/dom/base/nsGlobalWindowInner.cpp
+++ b/dom/base/nsGlobalWindowInner.cpp
@@ -4323,18 +4323,18 @@ Storage* nsGlobalWindowInner::GetSession
     // STATE_COOKIES_BLOCKED_ALL.
     //
     // 2. Third-party cookies are limited via BEHAVIOR_REJECT_FOREIGN and
     // BEHAVIOR_LIMIT_FOREIGN and this is a third-party window. This will return
     // eDeny with a reason of STATE_COOKIES_BLOCKED_FOREIGN.
     //
     // 3. Tracking protection (BEHAVIOR_REJECT_TRACKER) is in effect and
     // IsThirdPartyTrackingResourceWindow() returned true and there wasn't a
-    // permission that allows it. This will return ePartitionedOrDeny with a
-    // reason of STATE_COOKIES_BLOCKED_TRACKER.
+    // permission that allows it. This will return ePartitionTrackersOrDeny with
+    // a reason of STATE_COOKIES_BLOCKED_TRACKER.
     //
     // In the 1st case, the user has explicitly indicated that they don't want
     // to allow any storage to the origin or all origins and so we throw an
     // error and deny access to SessionStorage. In the 2nd case, a legacy
     // decision reasoned that there's no harm in providing SessionStorage
     // because the information is not durable and cannot escape the current tab.
     // The rationale is similar for the 3rd case.
     if (access == nsContentUtils::StorageAccess::eDeny &&
@@ -4398,17 +4398,17 @@ Storage* nsGlobalWindowInner::GetLocalSt
   // privacy.restrict3rdpartystorage.partitionedHosts pref. See
   // nsContentUtils::IsURIInPrefList to know the syntax for the pref value.
   // This is a temporary web-compatibility hack.
 
   nsContentUtils::StorageAccess access =
       nsContentUtils::StorageAllowedForWindow(this);
 
   // We allow partitioned localStorage only to some hosts.
-  if (access == nsContentUtils::StorageAccess::ePartitionedOrDeny) {
+  if (access == nsContentUtils::StorageAccess::ePartitionTrackersOrDeny) {
     if (!mDoc) {
       access = nsContentUtils::StorageAccess::eDeny;
     } else {
       nsCOMPtr<nsIURI> uri;
       Unused << mDoc->NodePrincipal()->GetURI(getter_AddRefs(uri));
       static const char* kPrefName =
           "privacy.restrict3rdpartystorage.partitionedHosts";
       if (!uri || !nsContentUtils::IsURIInPrefList(uri, kPrefName)) {
@@ -4427,17 +4427,17 @@ Storage* nsGlobalWindowInner::GetLocalSt
     }
     return nullptr;
   }
 
   // Note that this behavior is observable: if we grant storage permission to a
   // tracker, we pass from the partitioned LocalStorage to the 'normal'
   // LocalStorage. The previous data is lost and the 2 window.localStorage
   // objects, before and after the permission granted, will be different.
-  if (access != nsContentUtils::StorageAccess::ePartitionedOrDeny &&
+  if (access != nsContentUtils::StorageAccess::ePartitionTrackersOrDeny &&
       (!mLocalStorage ||
        mLocalStorage->Type() == Storage::ePartitionedLocalStorage)) {
     RefPtr<Storage> storage;
 
     if (NextGenLocalStorageEnabled()) {
       aError = LSObject::CreateForWindow(this, getter_AddRefs(storage));
     } else {
       nsresult rv;
@@ -4470,29 +4470,30 @@ Storage* nsGlobalWindowInner::GetLocalSt
     if (aError.Failed()) {
       return nullptr;
     }
 
     mLocalStorage = storage;
     MOZ_ASSERT(mLocalStorage);
   }
 
-  if (access == nsContentUtils::StorageAccess::ePartitionedOrDeny &&
+  if (access == nsContentUtils::StorageAccess::ePartitionTrackersOrDeny &&
       !mLocalStorage) {
     nsIPrincipal* principal = GetPrincipal();
     if (!principal) {
       aError.Throw(NS_ERROR_DOM_SECURITY_ERR);
       return nullptr;
     }
 
     mLocalStorage = new PartitionedLocalStorage(this, principal);
   }
 
-  MOZ_ASSERT((access == nsContentUtils::StorageAccess::ePartitionedOrDeny) ==
-             (mLocalStorage->Type() == Storage::ePartitionedLocalStorage));
+  MOZ_ASSERT(
+      (access == nsContentUtils::StorageAccess::ePartitionTrackersOrDeny) ==
+      (mLocalStorage->Type() == Storage::ePartitionedLocalStorage));
 
   return mLocalStorage;
 }
 
 IDBFactory* nsGlobalWindowInner::GetIndexedDB(ErrorResult& aError) {
   if (!mIndexedDB) {
     // This may keep mIndexedDB null without setting an error.
     aError = IDBFactory::CreateForWindow(this, getter_AddRefs(mIndexedDB));
--- a/dom/broadcastchannel/BroadcastChannel.cpp
+++ b/dom/broadcastchannel/BroadcastChannel.cpp
@@ -296,17 +296,18 @@ already_AddRefed<BroadcastChannel> Broad
 
     storageAccess = workerPrivate->StorageAccess();
     bc->mWorkerRef = workerRef;
   }
 
   // We want to allow opaque origins.
   if (storagePrincipalInfo.type() != PrincipalInfo::TNullPrincipalInfo &&
       (storageAccess == nsContentUtils::StorageAccess::eDeny ||
-       (storageAccess == nsContentUtils::StorageAccess::ePartitionedOrDeny &&
+       (storageAccess ==
+            nsContentUtils::StorageAccess::ePartitionTrackersOrDeny &&
         !StaticPrefs::privacy_storagePrincipal_enabledForTrackers()))) {
     aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
     return nullptr;
   }
 
   // Register this component to PBackground.
   PBackgroundChild* actorChild = BackgroundChild::GetOrCreateForCurrentThread();
   if (NS_WARN_IF(!actorChild)) {
--- a/dom/clients/manager/ClientIPCUtils.h
+++ b/dom/clients/manager/ClientIPCUtils.h
@@ -31,13 +31,13 @@ struct ParamTraits<mozilla::dom::Visibil
     : public ContiguousEnumSerializer<
           mozilla::dom::VisibilityState, mozilla::dom::VisibilityState::Hidden,
           mozilla::dom::VisibilityState::EndGuard_> {};
 
 template <>
 struct ParamTraits<nsContentUtils::StorageAccess>
     : public ContiguousEnumSerializer<
           nsContentUtils::StorageAccess,
-          nsContentUtils::StorageAccess::ePartitionedOrDeny,
+          nsContentUtils::StorageAccess::ePartitionForeignOrDeny,
           nsContentUtils::StorageAccess::eNumValues> {};
 }  // namespace IPC
 
 #endif  // _mozilla_dom_ClientIPCUtils_h
--- a/dom/indexedDB/IDBFactory.cpp
+++ b/dom/indexedDB/IDBFactory.cpp
@@ -300,17 +300,17 @@ nsresult IDBFactory::AllowedForWindowInt
 
   // the factory callsite records whether the browser is in private browsing.
   // and thus we don't have to respect that setting here. IndexedDB has no
   // concept of session-local storage, and thus ignores it.
   if (access == nsContentUtils::StorageAccess::eDeny) {
     return NS_ERROR_DOM_SECURITY_ERR;
   }
 
-  if (access == nsContentUtils::StorageAccess::ePartitionedOrDeny &&
+  if (access == nsContentUtils::StorageAccess::ePartitionTrackersOrDeny &&
       !StaticPrefs::privacy_storagePrincipal_enabledForTrackers()) {
     return NS_ERROR_DOM_SECURITY_ERR;
   }
 
   nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(aWindow);
   MOZ_ASSERT(sop);
 
   nsCOMPtr<nsIPrincipal> principal = sop->GetEffectiveStoragePrincipal();
--- a/dom/workers/WorkerScope.cpp
+++ b/dom/workers/WorkerScope.cpp
@@ -401,17 +401,17 @@ already_AddRefed<IDBFactory> WorkerGloba
     nsContentUtils::StorageAccess access = mWorkerPrivate->StorageAccess();
 
     if (access == nsContentUtils::StorageAccess::eDeny) {
       NS_WARNING("IndexedDB is not allowed in this worker!");
       aErrorResult = NS_ERROR_DOM_SECURITY_ERR;
       return nullptr;
     }
 
-    if (access == nsContentUtils::StorageAccess::ePartitionedOrDeny &&
+    if (access == nsContentUtils::StorageAccess::ePartitionTrackersOrDeny &&
         !StaticPrefs::privacy_storagePrincipal_enabledForTrackers()) {
       NS_WARNING("IndexedDB is not allowed in this worker!");
       aErrorResult = NS_ERROR_DOM_SECURITY_ERR;
       return nullptr;
     }
 
     const PrincipalInfo& principalInfo =
         mWorkerPrivate->GetEffectiveStoragePrincipalInfo();
--- a/dom/workers/sharedworkers/SharedWorker.cpp
+++ b/dom/workers/sharedworkers/SharedWorker.cpp
@@ -103,17 +103,18 @@ already_AddRefed<SharedWorker> SharedWor
   MOZ_ASSERT(window);
 
   auto storageAllowed = nsContentUtils::StorageAllowedForWindow(window);
   if (storageAllowed == nsContentUtils::StorageAccess::eDeny) {
     aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
     return nullptr;
   }
 
-  if (storageAllowed == nsContentUtils::StorageAccess::ePartitionedOrDeny &&
+  if (storageAllowed ==
+          nsContentUtils::StorageAccess::ePartitionTrackersOrDeny &&
       !StaticPrefs::privacy_storagePrincipal_enabledForTrackers()) {
     aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
     return nullptr;
   }
 
   // Assert that the principal private browsing state matches the
   // StorageAccess value.
 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
@@ -174,17 +175,18 @@ already_AddRefed<SharedWorker> SharedWor
                                            loadingPrincipalPreloadCSP);
   if (NS_WARN_IF(aRv.Failed())) {
     return nullptr;
   }
 
   // Here, the StoragePrincipal is always equal to the SharedWorker's principal
   // because the channel is not opened yet, and, because of this, it's not
   // classified. We need to force the correct originAttributes.
-  if (storageAllowed == nsContentUtils::StorageAccess::ePartitionedOrDeny) {
+  if (storageAllowed ==
+      nsContentUtils::StorageAccess::ePartitionTrackersOrDeny) {
     nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(window);
     if (!sop) {
       aRv.Throw(NS_ERROR_FAILURE);
       return nullptr;
     }
 
     nsIPrincipal* windowPrincipal = sop->GetPrincipal();
     if (!windowPrincipal) {
--- a/toolkit/components/antitracking/StoragePrincipalHelper.cpp
+++ b/toolkit/components/antitracking/StoragePrincipalHelper.cpp
@@ -21,17 +21,17 @@ already_AddRefed<nsIURI> MaybeGetFirstPa
   if (!StaticPrefs::privacy_storagePrincipal_enabledForTrackers()) {
     return nullptr;
   }
 
   // Let's use the storage principal only if we need to partition the cookie
   // jar.
   nsContentUtils::StorageAccess access =
       nsContentUtils::StorageAllowedForChannel(aChannel);
-  if (access != nsContentUtils::StorageAccess::ePartitionedOrDeny) {
+  if (access != nsContentUtils::StorageAccess::ePartitionTrackersOrDeny) {
     return nullptr;
   }
 
   nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
   if (!httpChannel) {
     return nullptr;
   }