Bug 1499768 - camera, microphone and speaker feature policies should have 'self' as default allowlist, r=jib
authorAndrea Marchesini <amarchesini@mozilla.com>
Thu, 18 Oct 2018 11:08:37 +0200
changeset 490139 5b56f7a89ad4657ebc9dcc0ec444dacec3c0a69c
parent 490138 3eb04f5363eb661fa2ae544a934a7ace85b65282
child 490140 8f74f5dbf5c0d12bebf84841b8553b179b7d04a0
push id247
push userfmarier@mozilla.com
push dateSat, 27 Oct 2018 01:06:44 +0000
reviewersjib
bugs1499768
milestone64.0a1
Bug 1499768 - camera, microphone and speaker feature policies should have 'self' as default allowlist, r=jib
dom/security/featurepolicy/FeaturePolicyUtils.cpp
dom/security/featurepolicy/test/mochitest/test_parser.html
--- a/dom/security/featurepolicy/FeaturePolicyUtils.cpp
+++ b/dom/security/featurepolicy/FeaturePolicyUtils.cpp
@@ -18,25 +18,25 @@ struct FeatureMap {
 };
 
 /*
  * IMPORTANT: Do not change this list without review from a DOM peer _AND_ a
  * DOM Security peer!
  */
 static FeatureMap sSupportedFeatures[] = {
   { "autoplay", FeaturePolicyUtils::FeaturePolicyValue::eAll },
-  { "camera", FeaturePolicyUtils::FeaturePolicyValue::eAll },
+  { "camera", FeaturePolicyUtils::FeaturePolicyValue::eSelf },
   { "encrypted-media", FeaturePolicyUtils::FeaturePolicyValue::eAll },
   { "fullscreen", FeaturePolicyUtils::FeaturePolicyValue::eAll },
   { "geolocation", FeaturePolicyUtils::FeaturePolicyValue::eAll },
-  { "microphone", FeaturePolicyUtils::FeaturePolicyValue::eAll },
+  { "microphone", FeaturePolicyUtils::FeaturePolicyValue::eSelf },
   { "midi", FeaturePolicyUtils::FeaturePolicyValue::eAll },
   { "payment", FeaturePolicyUtils::FeaturePolicyValue::eAll },
   // TODO: not supported yet!!!
-  { "speaker", FeaturePolicyUtils::FeaturePolicyValue::eAll },
+  { "speaker", FeaturePolicyUtils::FeaturePolicyValue::eSelf },
   { "vr", FeaturePolicyUtils::FeaturePolicyValue::eAll },
 };
 
 /* static */ bool
 FeaturePolicyUtils::IsSupportedFeature(const nsAString& aFeatureName)
 {
   uint32_t numFeatures = (sizeof(sSupportedFeatures) / sizeof(sSupportedFeatures[0]));
   for (uint32_t i = 0; i < numFeatures; ++i) {
--- a/dom/security/featurepolicy/test/mochitest/test_parser.html
+++ b/dom/security/featurepolicy/test/mochitest/test_parser.html
@@ -13,34 +13,34 @@ SimpleTest.waitForExplicitFinish();
 
 function test_document() {
   info("Checking document.policy");
   ok("policy" in document, "We have document.policy");
 
   ok(!document.policy.allowsFeature("foobar"), "Random feature");
   ok(!document.policy.allowsFeature("foobar", "http://www.something.net"), "Random feature");
 
-  ok(document.policy.allowsFeature("camera"), "Camera is always enabled");
-  ok(document.policy.allowsFeature("camera", "http://foo.bar"), "Camera is always enabled");
+  ok(document.policy.allowsFeature("camera"), "Camera is allowed for self");
+  ok(document.policy.allowsFeature("camera", "http://foo.bar"), "Camera is always allowed");
   let allowed = document.policy.getAllowlistForFeature("camera");
   is(allowed.length, 1, "Only 1 entry in allowlist for camera");
   is(allowed[0], "*", "allowlist is *");
 
-  ok(document.policy.allowsFeature("geolocation"), "Geolocation is enabled for self");
-  ok(document.policy.allowsFeature("geolocation", location.origin), "Geolocation is enabled for self");
-  ok(!document.policy.allowsFeature("geolocation", "http://foo.bar"), "Geolocation is not enabled for any random URL");
+  ok(document.policy.allowsFeature("geolocation"), "Geolocation is allowed for self");
+  ok(document.policy.allowsFeature("geolocation", location.origin), "Geolocation is allowed for self");
+  ok(!document.policy.allowsFeature("geolocation", "http://foo.bar"), "Geolocation is not allowed for any random URL");
   allowed = document.policy.getAllowlistForFeature("geolocation");
   is(allowed.length, 1, "Only 1 entry in allowlist for geolocation");
   is(allowed[0], location.origin, "allowlist is self");
 
   ok(!document.policy.allowsFeature("microphone"), "Microphone is disabled for self");
   ok(!document.policy.allowsFeature("microphone", location.origin), "Microphone is disabled for self");
   ok(!document.policy.allowsFeature("microphone", "http://foo.bar"), "Microphone is disabled for foo.bar");
-  ok(document.policy.allowsFeature("microphone", "http://example.com"), "Microphone is enabled for example.com");
-  ok(document.policy.allowsFeature("microphone", "http://example.org"), "Microphone is enabled for example.org");
+  ok(document.policy.allowsFeature("microphone", "http://example.com"), "Microphone is allowed for example.com");
+  ok(document.policy.allowsFeature("microphone", "http://example.org"), "Microphone is allowed for example.org");
   allowed = document.policy.getAllowlistForFeature("microphone");
   is(allowed.length, 0, "No allowlist for microphone");
 
   ok(!document.policy.allowsFeature("vr"), "Vibrate is disabled for self");
   ok(!document.policy.allowsFeature("vr", location.origin), "Vibrate is disabled for self");
   ok(!document.policy.allowsFeature("vr", "http://foo.bar"), "Vibrate is disabled for foo.bar");
   allowed = document.policy.getAllowlistForFeature("vr");
   is(allowed.length, 0, "No allowlist for vr");
@@ -63,25 +63,25 @@ function test_document() {
 function test_iframe_without_allow() {
   info("Checking HTMLIFrameElement.policy");
   let ifr = document.getElementById("ifr");
   ok("policy" in ifr, "HTMLIFrameElement.policy exists");
 
   ok(!ifr.policy.allowsFeature("foobar"), "Random feature");
   ok(!ifr.policy.allowsFeature("foobar", "http://www.something.net"), "Random feature");
 
-  ok(ifr.policy.allowsFeature("camera"), "Camera is always allowed");
-  ok(ifr.policy.allowsFeature("camera", location.origin), "Camera is always allowed");
-  ok(ifr.policy.allowsFeature("camera", "http://foo.bar"), "Camera is always allowed");
+  ok(ifr.policy.allowsFeature("camera"), "Camera is allowed for self");
+  ok(ifr.policy.allowsFeature("camera", location.origin), "Camera is allowed for self");
+  ok(!ifr.policy.allowsFeature("camera", "http://foo.bar"), "Camera is not allowed for a random URL");
   let allowed = ifr.policy.getAllowlistForFeature("camera");
   is(allowed.length, 1, "Only 1 entry in allowlist for camera");
-  is(allowed[0], "*", "allowlist is '*'");
+  is(allowed[0], location.origin, "allowlist is 'self'");
 
-  ok(ifr.policy.allowsFeature("geolocation"), "Geolocation is enabled for all");
-  ok(ifr.policy.allowsFeature("geolocation", location.origin), "Geolocation is enabled for all");
+  ok(ifr.policy.allowsFeature("geolocation"), "Geolocation is allowed for all");
+  ok(ifr.policy.allowsFeature("geolocation", location.origin), "Geolocation is allowed for all");
   ok(ifr.policy.allowsFeature("geolocation", "http://foo.bar"), "Geolocation is allowed for any random URL");
   allowed = ifr.policy.getAllowlistForFeature("geolocation");
   is(allowed.length, 1, "Only 1 entry in allowlist for geolocation");
   is(allowed[0], "*", "allowlist is '*'");
 
   ok(!ifr.policy.allowsFeature("microphone"), "Microphone is disabled for self");
   ok(!ifr.policy.allowsFeature("microphone", location.origin), "Microphone is disabled for self");
   ok(!ifr.policy.allowsFeature("microphone", "http://foo.bar"), "Microphone is disabled for foo.bar");
@@ -111,23 +111,23 @@ function test_iframe_with_allow() {
   let ifr = document.getElementById("ifr");
   ok("policy" in ifr, "HTMLIFrameElement.policy exists");
 
   ifr.setAttribute("allow", "camera 'none'");
 
   ok(!ifr.policy.allowsFeature("foobar"), "Random feature");
   ok(!ifr.policy.allowsFeature("foobar", "http://www.something.net"), "Random feature");
 
-  ok(!ifr.policy.allowsFeature("camera"), "Camera is not enabled");
+  ok(!ifr.policy.allowsFeature("camera"), "Camera is not allowed");
   let allowed = ifr.policy.getAllowlistForFeature("camera");
   is(allowed.length, 0, "Camera has an empty allowlist");
 
-  ok(ifr.policy.allowsFeature("geolocation"), "Geolocation is enabled for all");
-  ok(ifr.policy.allowsFeature("geolocation", location.origin), "Geolocation is enabled for all");
-  ok(ifr.policy.allowsFeature("geolocation", "http://foo.bar"), "Geolocation is enabled for all");
+  ok(ifr.policy.allowsFeature("geolocation"), "Geolocation is allowed for all");
+  ok(ifr.policy.allowsFeature("geolocation", location.origin), "Geolocation is allowed for all");
+  ok(ifr.policy.allowsFeature("geolocation", "http://foo.bar"), "Geolocation is allowed for all");
   allowed = ifr.policy.getAllowlistForFeature("geolocation");
   is(allowed.length, 1, "Only 1 entry in allowlist for geolocation");
   is(allowed[0], "*", "allowlist is '*'");
 
   ok(!ifr.policy.allowsFeature("microphone"), "Microphone is disabled for self");
   ok(!ifr.policy.allowsFeature("microphone", location.origin), "Microphone is disabled for self");
   ok(!ifr.policy.allowsFeature("microphone", "http://foo.bar"), "Microphone is disabled for foo.bar");
   ok(!ifr.policy.allowsFeature("microphone", "http://example.com"), "Microphone is disabled for example.com");
@@ -152,34 +152,35 @@ function test_iframe_contentDocument() {
   let ifr = document.createElement("iframe");
   ifr.setAttribute("src", "empty.html");
   ifr.onload = function() {
     ok("policy" in ifr.contentDocument, "We have ifr.contentDocument.policy");
 
     ok(!ifr.contentDocument.policy.allowsFeature("foobar"), "Random feature");
     ok(!ifr.contentDocument.policy.allowsFeature("foobar", "http://www.something.net"), "Random feature");
 
-    ok(ifr.contentDocument.policy.allowsFeature("camera"), "Camera is always allowed");
-    ok(ifr.contentDocument.policy.allowsFeature("camera", "http://foo.bar"), "Camera is always allowed");
+    ok(ifr.contentDocument.policy.allowsFeature("camera"), "Camera is allowed for self");
+    ok(ifr.contentDocument.policy.allowsFeature("camera", location.origin), "Camera is allowed for self");
+    ok(!ifr.contentDocument.policy.allowsFeature("camera", "http://foo.bar"), "Camera is allowed for self");
     let allowed = ifr.contentDocument.policy.getAllowlistForFeature("camera");
     is(allowed.length, 1, "Only 1 entry in allowlist for camera");
-    is(allowed[0], "*", "allowlist is '*'");
+    is(allowed[0], location.origin, "allowlist is 'self'");
 
-    ok(ifr.contentDocument.policy.allowsFeature("geolocation"), "Geolocation is enabled for all");
-    ok(ifr.contentDocument.policy.allowsFeature("geolocation", location.origin), "Geolocation is enabled for all");
-    ok(ifr.contentDocument.policy.allowsFeature("geolocation", "http://foo.bar"), "Geolocation is enabled for any random URL");
+    ok(ifr.contentDocument.policy.allowsFeature("geolocation"), "Geolocation is allowed for all");
+    ok(ifr.contentDocument.policy.allowsFeature("geolocation", location.origin), "Geolocation is allowed for all");
+    ok(ifr.contentDocument.policy.allowsFeature("geolocation", "http://foo.bar"), "Geolocation is allowed for any random URL");
     allowed = ifr.contentDocument.policy.getAllowlistForFeature("geolocation");
     is(allowed.length, 1, "Only 1 entry in allowlist for geolocation");
     is(allowed[0], "*", "allowlist is '*'");
 
     ok(!ifr.contentDocument.policy.allowsFeature("microphone"), "Microphone is disabled for self");
     ok(!ifr.contentDocument.policy.allowsFeature("microphone", location.origin), "Microphone is disabled for self");
     ok(!ifr.contentDocument.policy.allowsFeature("microphone", "http://foo.bar"), "Microphone is disabled for foo.bar");
-    ok(!ifr.contentDocument.policy.allowsFeature("microphone", "http://example.com"), "Microphone is enabled for example.com");
-    ok(!ifr.contentDocument.policy.allowsFeature("microphone", "http://example.org"), "Microphone is enabled for example.org");
+    ok(!ifr.contentDocument.policy.allowsFeature("microphone", "http://example.com"), "Microphone is allowed for example.com");
+    ok(!ifr.contentDocument.policy.allowsFeature("microphone", "http://example.org"), "Microphone is allowed for example.org");
     allowed = ifr.contentDocument.policy.getAllowlistForFeature("microphone");
     is(allowed.length, 0, "No allowlist for microphone");
 
     ok(!ifr.contentDocument.policy.allowsFeature("vr"), "Vibrate is disabled for self");
     ok(!ifr.contentDocument.policy.allowsFeature("vr", location.origin), "Vibrate is disabled for self");
     ok(!ifr.contentDocument.policy.allowsFeature("vr", "http://foo.bar"), "Vibrate is disabled for foo.bar");
     allowed = ifr.contentDocument.policy.getAllowlistForFeature("vr");
     is(allowed.length, 0, "No allowlist for vr");