Back out bug 777072, bug 619236, and bug 784878
authorChris Jones <jones.chris.g@gmail.com>
Thu, 23 Aug 2012 22:00:14 -0700
changeset 105260 6bd825157e6cc3050804ceb2b901fd5f62dfc79f
parent 105169 53f3963dedc01f50f36a94c39f9110622f1f2040
child 105261 eccef9b3f1f1a82b6d9753b7b518964a52b4ea50
push id55
push usershu@rfrn.org
push dateThu, 30 Aug 2012 01:33:09 +0000
bugs777072, 619236, 784878
milestone17.0a1
Back out bug 777072, bug 619236, and bug 784878
build/automation.py.in
caps/tests/mochitest/test_principal_extendedorigin_appid_appstatus.html
dom/browser-element/mochitest/browserElement_SetVisibleFrames.js
dom/browser-element/mochitest/browserElement_SetVisibleFrames2.js
dom/ipc/ContentChild.cpp
dom/ipc/ContentParent.cpp
extensions/cookie/nsPermission.cpp
extensions/cookie/nsPermission.h
extensions/cookie/nsPermissionManager.cpp
extensions/cookie/nsPermissionManager.h
extensions/cookie/test/Makefile.in
extensions/cookie/test/test_permissionmanager_app_isolation.html
netwerk/base/public/nsIPermission.idl
netwerk/ipc/NeckoMessageUtils.h
testing/mozbase/mozprofile/mozprofile/permissions.py
--- a/build/automation.py.in
+++ b/build/automation.py.in
@@ -259,36 +259,31 @@ class Automation(object):
       raise SyntaxError(lineno + 1, "missing primary location")
 
     return locations
 
   def setupPermissionsDatabase(self, profileDir, permissions):
     # Open database and create table
     permDB = sqlite3.connect(os.path.join(profileDir, "permissions.sqlite"))
     cursor = permDB.cursor();
-
-    cursor.execute("PRAGMA user_version=3");
-
     # SQL copied from nsPermissionManager.cpp
     cursor.execute("""CREATE TABLE moz_hosts (
        id INTEGER PRIMARY KEY,
        host TEXT,
        type TEXT,
        permission INTEGER,
        expireType INTEGER,
-       expireTime INTEGER,
-       appId INTEGER,
-       isInBrowserElement INTEGER)""")
+       expireTime INTEGER)""")
 
     # Insert desired permissions
     c = 0
     for perm in permissions.keys():
       for host,allow in permissions[perm]:
         c += 1
-        cursor.execute("INSERT INTO moz_hosts values(?, ?, ?, ?, 0, 0, 0, 0)",
+        cursor.execute("INSERT INTO moz_hosts values(?, ?, ?, ?, 0, 0)",
                        (c, host, perm, 1 if allow else 2))
 
     # Commit and close
     permDB.commit()
     cursor.close()
 
   def setupTestApps(self, profileDir, apps):
     webappJSONTemplate = Template(""""$name": {
--- a/caps/tests/mochitest/test_principal_extendedorigin_appid_appstatus.html
+++ b/caps/tests/mochitest/test_principal_extendedorigin_appid_appstatus.html
@@ -384,18 +384,16 @@ function runTest() {
   for (var i=0; i<gData.length; ++i) {
     let data = gData[i];
 
     var iframe = document.createElement('iframe');
     iframe.check = function() {
       checkIFrame(this, data);
     };
     iframe.addChild = function() {
-      SpecialPowers.addPermission("browser", true, iframe.contentDocument);
-
       var childFrame = document.createElement('iframe');
 
       if (data.child.app) {
         childFrame.setAttribute('mozapp', data.child.app)
         childFrame.setAttribute('mozbrowser', '');
       } else if (data.child.browser) {
         childFrame.setAttribute('mozbrowser', '');
       }
@@ -426,15 +424,16 @@ function runTest() {
     content.appendChild(iframe);
 
     yield;
   }
 }
 
 var gTestRunner = runTest();
 
+SpecialPowers.addPermission("browser", true, "http://example.org");
 SpecialPowers.pushPrefEnv({'set':[["dom.mozBrowserFramesEnabled", true]]},
                            function() { gTestRunner.next(); });
 
 </script>
 </pre>
 </body>
 </html>
--- a/dom/browser-element/mochitest/browserElement_SetVisibleFrames.js
+++ b/dom/browser-element/mochitest/browserElement_SetVisibleFrames.js
@@ -13,21 +13,16 @@
 SimpleTest.waitForExplicitFinish();
 
 var iframe;
 
 function runTest() {
   browserElementTestHelpers.setEnabledPref(true);
   browserElementTestHelpers.addPermission();
 
-  var principal = SpecialPowers.wrap(SpecialPowers.getNodePrincipal(document));
-  SpecialPowers.addPermission("browser", true, { url: SpecialPowers.wrap(principal.URI).spec,
-                                                 appId: principal.appId,
-                                                 isInBrowserElement: true });
-
   iframe = document.createElement('iframe');
   iframe.mozbrowser = true;
 
   // Our test involves three <iframe mozbrowser>'s, parent, child1, and child2.
   // child1 and child2 are contained inside parent.  child1 is visibile, and
   // child2 is not.
   //
   // For the purposes of this test, we want there to be a process barrier
@@ -55,22 +50,16 @@ function test2() {
 
 function finish() {
   // We need to remove this listener because when this test finishes and the
   // iframe containing this document is navigated, we'll fire a
   // visibilitychange(false) event on all child iframes.  That's OK and
   // expected, but if we don't remove our listener, then we'll end up causing
   // the /next/ test to fail!
   iframe.removeEventListener('mozbrowsershowmodalprompt', checkMessage);
-
-  var principal = SpecialPowers.wrap(SpecialPowers.getNodePrincipal(document));
-  SpecialPowers.removePermission("browser", { url: SpecialPowers.wrap(principal.URI).spec,
-                                              appId: principal.appId,
-                                              isInBrowserElement: true });
-
   SimpleTest.finish();
 }
 
 var expectedMsg = null;
 var expectedMsgCallback = null;
 function expectMessage(msg, next) {
   expectedMsg = msg;
   expectedMsgCallback = next;
--- a/dom/browser-element/mochitest/browserElement_SetVisibleFrames2.js
+++ b/dom/browser-element/mochitest/browserElement_SetVisibleFrames2.js
@@ -7,21 +7,16 @@
 "use strict";
 
 SimpleTest.waitForExplicitFinish();
 
 function runTest() {
   browserElementTestHelpers.setEnabledPref(true);
   browserElementTestHelpers.addPermission();
 
-  var principal = SpecialPowers.wrap(SpecialPowers.getNodePrincipal(document));
-  SpecialPowers.addPermission("browser", true, { url: SpecialPowers.wrap(principal.URI).spec,
-                                                 appId: principal.appId,
-                                                 isInBrowserElement: true });
-
   var iframe = document.createElement('iframe');
   iframe.mozbrowser = true;
 
   // We need remote = false here until bug 761935 is fixed; see
   // SetVisibleFrames.js for an explanation.
   iframe.remote = false;
 
   iframe.addEventListener('mozbrowserloadend', function loadEnd(e) {
@@ -35,33 +30,24 @@ function runTest() {
       ok(true, "Got parent:finish");
 
       // Give any extra events a chance to fire, then end the test.
       SimpleTest.executeSoon(function() {
         SimpleTest.executeSoon(function() {
           SimpleTest.executeSoon(function() {
             SimpleTest.executeSoon(function() {
               SimpleTest.executeSoon(function() {
-                finish();
+                SimpleTest.finish();
               });
             });
           });
         });
       });
     }
     else {
       ok(false, "Got unexpected message: " + e.detail.message);
     }
   });
 
   document.body.appendChild(iframe);
 }
 
-function finish() {
-  var principal = SpecialPowers.wrap(SpecialPowers.getNodePrincipal(document));
-  SpecialPowers.removePermission("browser", { url: SpecialPowers.wrap(principal.URI).spec,
-                                              appId: principal.appId,
-                                              isInBrowserElement: true });
-
-  SimpleTest.finish();
-}
-
 runTest();
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@@ -89,19 +89,16 @@
 
 #include "mozilla/dom/indexedDB/PIndexedDBChild.h"
 #include "mozilla/dom/sms/SmsChild.h"
 #include "mozilla/dom/devicestorage/DeviceStorageRequestChild.h"
 
 #include "nsDOMFile.h"
 #include "nsIRemoteBlob.h"
 #include "StructuredCloneUtils.h"
-#include "nsIScriptSecurityManager.h"
-#include "nsContentUtils.h"
-#include "nsIPrincipal.h"
 
 using namespace mozilla::docshell;
 using namespace mozilla::dom::devicestorage;
 using namespace mozilla::dom::sms;
 using namespace mozilla::dom::indexedDB;
 using namespace mozilla::hal_sandbox;
 using namespace mozilla::ipc;
 using namespace mozilla::layers;
@@ -839,30 +836,17 @@ ContentChild::RecvAddPermission(const IP
 #if MOZ_PERMISSIONS
   nsCOMPtr<nsIPermissionManager> permissionManagerIface =
       do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
   nsPermissionManager* permissionManager =
       static_cast<nsPermissionManager*>(permissionManagerIface.get());
   NS_ABORT_IF_FALSE(permissionManager, 
                    "We have no permissionManager in the Content process !");
 
-  nsCOMPtr<nsIURI> uri;
-  NS_NewURI(getter_AddRefs(uri), NS_LITERAL_CSTRING("http://") + nsCString(permission.host));
-  NS_ENSURE_TRUE(uri, true);
-
-  nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
-  MOZ_ASSERT(secMan);
-
-  nsCOMPtr<nsIPrincipal> principal;
-  nsresult rv = secMan->GetAppCodebasePrincipal(uri, permission.appId,
-                                                permission.isInBrowserElement,
-                                                getter_AddRefs(principal));
-  NS_ENSURE_SUCCESS(rv, true);
-
-  permissionManager->AddInternal(principal,
+  permissionManager->AddInternal(nsCString(permission.host),
                                  nsCString(permission.type),
                                  permission.capability,
                                  0,
                                  permission.expireType,
                                  permission.expireTime,
                                  nsPermissionManager::eNotify,
                                  nsPermissionManager::eNoDBOperation);
 #endif
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -768,33 +768,27 @@ ContentParent::RecvReadPermissions(Infal
             break;
 
         nsCOMPtr<nsISupports> supp;
         enumerator->GetNext(getter_AddRefs(supp));
         nsCOMPtr<nsIPermission> perm = do_QueryInterface(supp);
 
         nsCString host;
         perm->GetHost(host);
-        uint32_t appId;
-        perm->GetAppId(&appId);
-        bool isInBrowserElement;
-        perm->GetIsInBrowserElement(&isInBrowserElement);
         nsCString type;
         perm->GetType(type);
         uint32_t capability;
         perm->GetCapability(&capability);
         uint32_t expireType;
         perm->GetExpireType(&expireType);
         int64_t expireTime;
         perm->GetExpireTime(&expireTime);
 
-        aPermissions->AppendElement(IPC::Permission(host, appId,
-                                                    isInBrowserElement, type,
-                                                    capability, expireType,
-                                                    expireTime));
+        aPermissions->AppendElement(IPC::Permission(host, type, capability,
+                                                    expireType, expireTime));
     }
 
     // Ask for future changes
     mSendPermissionUpdates = true;
 #endif
 
     return true;
 }
--- a/extensions/cookie/nsPermission.cpp
+++ b/extensions/cookie/nsPermission.cpp
@@ -5,54 +5,40 @@
 
 #include "nsPermission.h"
 
 // nsPermission Implementation
 
 NS_IMPL_ISUPPORTS1(nsPermission, nsIPermission)
 
 nsPermission::nsPermission(const nsACString &aHost,
-                           uint32_t aAppId,
-                           bool aIsInBrowserElement,
                            const nsACString &aType,
                            uint32_t         aCapability,
                            uint32_t         aExpireType,
                            int64_t          aExpireTime)
  : mHost(aHost)
  , mType(aType)
  , mCapability(aCapability)
  , mExpireType(aExpireType)
  , mExpireTime(aExpireTime)
- , mAppId(aAppId)
- , mIsInBrowserElement(aIsInBrowserElement)
+{
+}
+
+nsPermission::~nsPermission()
 {
 }
 
 NS_IMETHODIMP
 nsPermission::GetHost(nsACString &aHost)
 {
   aHost = mHost;
   return NS_OK;
 }
 
 NS_IMETHODIMP
-nsPermission::GetAppId(uint32_t* aAppId)
-{
-  *aAppId = mAppId;
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsPermission::GetIsInBrowserElement(bool* aIsInBrowserElement)
-{
-  *aIsInBrowserElement = mIsInBrowserElement;
-  return NS_OK;
-}
-
-NS_IMETHODIMP
 nsPermission::GetType(nsACString &aType)
 {
   aType = mType;
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsPermission::GetCapability(uint32_t *aCapability)
--- a/extensions/cookie/nsPermission.h
+++ b/extensions/cookie/nsPermission.h
@@ -14,28 +14,24 @@
 class nsPermission : public nsIPermission
 {
 public:
   // nsISupports
   NS_DECL_ISUPPORTS
   NS_DECL_NSIPERMISSION
 
   nsPermission(const nsACString &aHost,
-               uint32_t aAppId,
-               bool aIsInBrowserElement,
-               const nsACString &aType,
+               const nsACString &aType, 
                uint32_t aCapability,
                uint32_t aExpireType,
                int64_t aExpireTime);
 
-  virtual ~nsPermission() {};
-
+  virtual ~nsPermission();
+  
 protected:
   nsCString mHost;
   nsCString mType;
   uint32_t  mCapability;
   uint32_t  mExpireType;
   int64_t   mExpireTime;
-  uint32_t  mAppId;
-  bool      mIsInBrowserElement;
 };
 
 #endif // nsPermission_h__
--- a/extensions/cookie/nsPermissionManager.cpp
+++ b/extensions/cookie/nsPermissionManager.cpp
@@ -18,17 +18,16 @@
 #include "nsIIDNService.h"
 #include "nsAppDirectoryServiceDefs.h"
 #include "prprf.h"
 #include "mozilla/storage.h"
 #include "mozilla/Attributes.h"
 #include "nsXULAppAPI.h"
 #include "nsIPrincipal.h"
 #include "nsContentUtils.h"
-#include "nsIScriptSecurityManager.h"
 
 static nsPermissionManager *gPermissionManager = nullptr;
 
 using mozilla::dom::ContentParent;
 using mozilla::dom::ContentChild;
 using mozilla::unused; // ha!
 
 static bool
@@ -66,76 +65,52 @@ ChildProcess()
 #define ENSURE_NOT_CHILD_PROCESS \
   ENSURE_NOT_CHILD_PROCESS_({ return NS_ERROR_NOT_AVAILABLE; })
 
 #define ENSURE_NOT_CHILD_PROCESS_NORET \
   ENSURE_NOT_CHILD_PROCESS_()
 
 ////////////////////////////////////////////////////////////////////////////////
 
-namespace {
+#define PL_ARENA_CONST_ALIGN_MASK 3
+#include "plarena.h"
 
-nsresult
-GetPrincipal(const nsACString& aHost, uint32_t aAppId, bool aIsInBrowserElement,
-             nsIPrincipal** aPrincipal)
-{
-  nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
-  NS_ENSURE_TRUE(secMan, NS_ERROR_FAILURE);
+static PLArenaPool *gHostArena = nullptr;
+
+// making sHostArena 512b for nice allocation
+// growing is quite cheap
+#define HOST_ARENA_SIZE 512
 
-  nsCOMPtr<nsIURI> uri;
-  // NOTE: we use "http://" as a protocal but we will just use the host so it
-  // doesn't really matter.
-  NS_NewURI(getter_AddRefs(uri), NS_LITERAL_CSTRING("http://") + aHost);
-
-  return secMan->GetAppCodebasePrincipal(uri, aAppId, aIsInBrowserElement, aPrincipal);
-}
-
-nsresult
-GetPrincipal(nsIURI* aURI, nsIPrincipal** aPrincipal)
+// equivalent to strdup() - does no error checking,
+// we're assuming we're only called with a valid pointer
+static char *
+ArenaStrDup(const char* str, PLArenaPool* aArena)
 {
-  nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
-  NS_ENSURE_TRUE(secMan, NS_ERROR_FAILURE);
-
-  return secMan->GetNoAppCodebasePrincipal(aURI, aPrincipal);
+  void* mem;
+  const uint32_t size = strlen(str) + 1;
+  PL_ARENA_ALLOCATE(mem, aArena, size);
+  if (mem)
+    memcpy(mem, str, size);
+  return static_cast<char*>(mem);
 }
 
-nsresult
-GetPrincipal(const nsACString& aHost, nsIPrincipal** aPrincipal)
+nsHostEntry::nsHostEntry(const char* aHost)
 {
-  return GetPrincipal(aHost, nsIScriptSecurityManager::NO_APP_ID, false, aPrincipal);
+  mHost = ArenaStrDup(aHost, gHostArena);
 }
 
-nsresult
-GetHostForPrincipal(nsIPrincipal* aPrincipal, nsACString& aHost)
+// XXX this can fail on OOM
+nsHostEntry::nsHostEntry(const nsHostEntry& toCopy)
+ : mHost(toCopy.mHost)
+ , mPermissions(toCopy.mPermissions)
 {
-  nsCOMPtr<nsIURI> uri;
-  nsresult rv = aPrincipal->GetURI(getter_AddRefs(uri));
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  uri = NS_GetInnermostURI(uri);
-  NS_ENSURE_TRUE(uri, NS_ERROR_FAILURE);
-
-  rv = uri->GetAsciiHost(aHost);
-  if (NS_FAILED(rv) || aHost.IsEmpty()) {
-    return NS_ERROR_UNEXPECTED;
-  }
-
-  return NS_OK;
 }
 
-} // anonymous namespace
-
 ////////////////////////////////////////////////////////////////////////////////
 
-nsPermissionManager::PermissionKey::PermissionKey(nsIPrincipal* aPrincipal)
-{
-  MOZ_ALWAYS_TRUE(NS_SUCCEEDED(GetHostForPrincipal(aPrincipal, mHost)));
-  MOZ_ALWAYS_TRUE(NS_SUCCEEDED(aPrincipal->GetAppId(&mAppId)));
-  MOZ_ALWAYS_TRUE(NS_SUCCEEDED(aPrincipal->GetIsInBrowserElement(&mIsInBrowserElement)));
-}
 
 /**
  * Simple callback used by |AsyncClose| to trigger a treatment once
  * the database is closed.
  *
  * Note: Beware that, if you hold onto a |CloseDatabaseListener| from a
  * |nsPermissionManager|, this will create a cycle.
  *
@@ -237,17 +212,17 @@ NS_IMETHODIMP DeleteFromMozHostListener:
 
   return NS_OK;
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // nsPermissionManager Implementation
 
 static const char kPermissionsFileName[] = "permissions.sqlite";
-#define HOSTS_SCHEMA_VERSION 3
+#define HOSTS_SCHEMA_VERSION 2
 
 static const char kHostpermFileName[] = "hostperm.1";
 
 static const char kPermissionChangeNotification[] = PERM_CHANGE_NOTIFICATION;
 
 NS_IMPL_ISUPPORTS3(nsPermissionManager, nsIPermissionManager, nsIObserver, nsISupportsWeakReference)
 
 nsPermissionManager::nsPermissionManager()
@@ -288,37 +263,32 @@ nsPermissionManager::GetXPCOMSingleton()
   return gPermissionManager;
 }
 
 nsresult
 nsPermissionManager::Init()
 {
   nsresult rv;
 
-  mPermissionTable.Init();
+  mHostTable.Init();
 
   mObserverService = do_GetService("@mozilla.org/observer-service;1", &rv);
   if (NS_SUCCEEDED(rv)) {
     mObserverService->AddObserver(this, "profile-before-change", true);
     mObserverService->AddObserver(this, "profile-do-change", true);
   }
 
   if (IsChildProcess()) {
     // Get the permissions from the parent process
     InfallibleTArray<IPC::Permission> perms;
     ChildProcess()->SendReadPermissions(&perms);
 
     for (uint32_t i = 0; i < perms.Length(); i++) {
       const IPC::Permission &perm = perms[i];
-
-      nsCOMPtr<nsIPrincipal> principal;
-      rv = GetPrincipal(perm.host, perm.appId, perm.isInBrowserElement, getter_AddRefs(principal));
-      NS_ENSURE_SUCCESS(rv, rv);
-
-      AddInternal(principal, perm.type, perm.capability, 0, perm.expireType,
+      AddInternal(perm.host, perm.type, perm.capability, 0, perm.expireType,
                   perm.expireTime, eNotify, eNoDBOperation);
     }
 
     // Stop here; we don't need the DB in the child process
     return NS_OK;
   }
 
   // ignore failure here, since it's non-fatal (we can run fine without
@@ -399,55 +369,53 @@ nsPermissionManager::InitDB(bool aRemove
         // expiration columns
         rv = mDBConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
               "ALTER TABLE moz_hosts ADD expireType INTEGER"));
         NS_ENSURE_SUCCESS(rv, rv);
 
         rv = mDBConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
               "ALTER TABLE moz_hosts ADD expireTime INTEGER"));
         NS_ENSURE_SUCCESS(rv, rv);
-      }
-
-      // fall through to the next upgrade
-
-    // TODO: we want to make default version as version 2 in order to fix bug 784875.
-    case 0:
-    case 2:
-      {
-        // Add appId/isInBrowserElement fields.
-        rv = mDBConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
-              "ALTER TABLE moz_hosts ADD appId INTEGER"));
-        NS_ENSURE_SUCCESS(rv, rv);
-
-        rv = mDBConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
-              "ALTER TABLE moz_hosts ADD isInBrowserElement INTEGER"));
-        NS_ENSURE_SUCCESS(rv, rv);
 
         rv = mDBConn->SetSchemaVersion(HOSTS_SCHEMA_VERSION);
         NS_ENSURE_SUCCESS(rv, rv);
       }
 
       // fall through to the next upgrade
-
+      
     // current version.
     case HOSTS_SCHEMA_VERSION:
       break;
 
+    case 0:
+      {
+        NS_WARNING("couldn't get schema version!");
+          
+        // the table may be usable; someone might've just clobbered the schema
+        // version. we can treat this case like a downgrade using the codepath
+        // below, by verifying the columns we care about are all there. for now,
+        // re-set the schema version in the db, in case the checks succeed (if
+        // they don't, we're dropping the table anyway).
+        rv = mDBConn->SetSchemaVersion(HOSTS_SCHEMA_VERSION);
+        NS_ENSURE_SUCCESS(rv, rv);
+      }
+      // fall through to downgrade check
+
     // downgrading.
     // if columns have been added to the table, we can still use the ones we
     // understand safely. if columns have been deleted or altered, just
     // blow away the table and start from scratch! if you change the way
     // a column is interpreted, make sure you also change its name so this
     // check will catch it.
     default:
       {
         // check if all the expected columns exist
         nsCOMPtr<mozIStorageStatement> stmt;
         rv = mDBConn->CreateStatement(NS_LITERAL_CSTRING(
-          "SELECT host, type, permission, expireType, expireTime, appId, isInBrowserElement FROM moz_hosts"),
+          "SELECT host, type, permission, expireType, expireTime FROM moz_hosts"),
           getter_AddRefs(stmt));
         if (NS_SUCCEEDED(rv))
           break;
 
         // our columns aren't there - drop the table!
         rv = mDBConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING("DROP TABLE moz_hosts"));
         NS_ENSURE_SUCCESS(rv, rv);
 
@@ -459,18 +427,18 @@ nsPermissionManager::InitDB(bool aRemove
   }
 
   // make operations on the table asynchronous, for performance
   mDBConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING("PRAGMA synchronous = OFF"));
 
   // cache frequently used statements (for insertion, deletion, and updating)
   rv = mDBConn->CreateStatement(NS_LITERAL_CSTRING(
     "INSERT INTO moz_hosts "
-    "(id, host, type, permission, expireType, expireTime, appId, isInBrowserElement) "
-    "VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8)"), getter_AddRefs(mStmtInsert));
+    "(id, host, type, permission, expireType, expireTime) "
+    "VALUES (?1, ?2, ?3, ?4, ?5, ?6)"), getter_AddRefs(mStmtInsert));
   NS_ENSURE_SUCCESS(rv, rv);
 
   rv = mDBConn->CreateStatement(NS_LITERAL_CSTRING(
     "DELETE FROM moz_hosts "
     "WHERE id = ?1"), getter_AddRefs(mStmtDelete));
   NS_ENSURE_SUCCESS(rv, rv);
 
   rv = mDBConn->CreateStatement(NS_LITERAL_CSTRING(
@@ -500,126 +468,124 @@ nsPermissionManager::CreateTable()
   return mDBConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
     "CREATE TABLE moz_hosts ("
       " id INTEGER PRIMARY KEY"
       ",host TEXT"
       ",type TEXT"
       ",permission INTEGER"
       ",expireType INTEGER"
       ",expireTime INTEGER"
-      ",appId INTEGER"
-      ",isInBrowserElement INTEGER"
     ")"));
 }
 
 NS_IMETHODIMP
 nsPermissionManager::Add(nsIURI     *aURI,
                          const char *aType,
                          uint32_t    aPermission,
                          uint32_t    aExpireType,
                          int64_t     aExpireTime)
 {
+  ENSURE_NOT_CHILD_PROCESS;
+
   NS_ENSURE_ARG_POINTER(aURI);
+  NS_ENSURE_ARG_POINTER(aType);
+  NS_ENSURE_TRUE(aExpireType == nsIPermissionManager::EXPIRE_NEVER ||
+                 aExpireType == nsIPermissionManager::EXPIRE_TIME ||
+                 aExpireType == nsIPermissionManager::EXPIRE_SESSION,
+                 NS_ERROR_INVALID_ARG);
 
-  nsCOMPtr<nsIPrincipal> principal;
-  nsresult rv = GetPrincipal(aURI, getter_AddRefs(principal));
+  nsresult rv;
+
+  // Skip addition if the permission is already expired.
+  if (aExpireType == nsIPermissionManager::EXPIRE_TIME &&
+      aExpireTime <= PR_Now() / 1000)
+    return NS_OK;
+
+  nsCAutoString host;
+  rv = GetHost(aURI, host);
   NS_ENSURE_SUCCESS(rv, rv);
 
-  return AddFromPrincipal(principal, aType, aPermission, aExpireType, aExpireTime);
+  return AddInternal(host, nsDependentCString(aType), aPermission, 0, 
+                     aExpireType, aExpireTime, eNotify, eWriteToDB);
 }
 
 NS_IMETHODIMP
 nsPermissionManager::AddFromPrincipal(nsIPrincipal* aPrincipal,
                                       const char* aType, uint32_t aPermission,
                                       uint32_t aExpireType, int64_t aExpireTime)
 {
-  ENSURE_NOT_CHILD_PROCESS;
   NS_ENSURE_ARG_POINTER(aPrincipal);
-  NS_ENSURE_ARG_POINTER(aType);
-  NS_ENSURE_TRUE(aExpireType == nsIPermissionManager::EXPIRE_NEVER ||
-                 aExpireType == nsIPermissionManager::EXPIRE_TIME ||
-                 aExpireType == nsIPermissionManager::EXPIRE_SESSION,
-                 NS_ERROR_INVALID_ARG);
-
-  // Skip addition if the permission is already expired.
-  if (aExpireType == nsIPermissionManager::EXPIRE_TIME &&
-      aExpireTime <= (PR_Now() / 1000)) {
-    return NS_OK;
-  }
 
   // We don't add the system principal because it actually has no URI and we
   // always allow action for them.
   if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
     return NS_OK;
   }
 
-  return AddInternal(aPrincipal, nsDependentCString(aType), aPermission, 0,
-                     aExpireType, aExpireTime, eNotify, eWriteToDB);
+  nsCOMPtr<nsIURI> uri;
+  aPrincipal->GetURI(getter_AddRefs(uri));
+
+  return Add(uri, aType, aPermission, aExpireType, aExpireTime);
 }
 
 nsresult
-nsPermissionManager::AddInternal(nsIPrincipal* aPrincipal,
+nsPermissionManager::AddInternal(const nsAFlatCString &aHost,
                                  const nsAFlatCString &aType,
                                  uint32_t              aPermission,
                                  int64_t               aID,
                                  uint32_t              aExpireType,
                                  int64_t               aExpireTime,
                                  NotifyOperationType   aNotifyOperation,
                                  DBOperationType       aDBOperation)
 {
-  nsCAutoString host;
-  nsresult rv = GetHostForPrincipal(aPrincipal, host);
-  NS_ENSURE_SUCCESS(rv, rv);
-
   if (!IsChildProcess()) {
-    uint32_t appId;
-    rv = aPrincipal->GetAppId(&appId);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    bool isInBrowserElement;
-    rv = aPrincipal->GetIsInBrowserElement(&isInBrowserElement);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    IPC::Permission permission(host, appId, isInBrowserElement, aType,
+    IPC::Permission permission((aHost),
+                               (aType),
                                aPermission, aExpireType, aExpireTime);
 
     nsTArray<ContentParent*> cplist;
     ContentParent::GetAll(cplist);
     for (uint32_t i = 0; i < cplist.Length(); ++i) {
       ContentParent* cp = cplist[i];
       if (cp->NeedsPermissionsUpdate())
         unused << cp->SendAddPermission(permission);
     }
   }
 
+  if (!gHostArena) {
+    gHostArena = new PLArenaPool;
+    if (!gHostArena)
+      return NS_ERROR_OUT_OF_MEMORY;    
+    PL_INIT_ARENA_POOL(gHostArena, "PermissionHostArena", HOST_ARENA_SIZE);
+  }
+
   // look up the type index
   int32_t typeIndex = GetTypeIndex(aType.get(), true);
   NS_ENSURE_TRUE(typeIndex != -1, NS_ERROR_OUT_OF_MEMORY);
 
   // When an entry already exists, PutEntry will return that, instead
   // of adding a new one
-  nsRefPtr<PermissionKey> key = new PermissionKey(aPrincipal);
-  PermissionHashKey* entry = mPermissionTable.PutEntry(key);
+  nsHostEntry *entry = mHostTable.PutEntry(aHost.get());
   if (!entry) return NS_ERROR_FAILURE;
   if (!entry->GetKey()) {
-    mPermissionTable.RawRemoveEntry(entry);
+    mHostTable.RawRemoveEntry(entry);
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
   // figure out the transaction type, and get any existing permission value
   OperationType op;
   int32_t index = entry->GetPermissionIndex(typeIndex);
   if (index == -1) {
     if (aPermission == nsIPermissionManager::UNKNOWN_ACTION)
       op = eOperationNone;
     else
       op = eOperationAdding;
 
   } else {
-    PermissionEntry oldPermissionEntry = entry->GetPermissions()[index];
+    nsPermissionEntry oldPermissionEntry = entry->GetPermissions()[index];
 
     // remove the permission if the permission is UNKNOWN, update the
     // permission if its value or expire type have changed OR if the time has
     // changed and the expire type is time, otherwise, don't modify.  There's
     // no need to modify a permission that doesn't expire with time when the
     // only thing changed is the expire time.
     if (aPermission == oldPermissionEntry.mPermission && 
         aExpireType == oldPermissionEntry.mExpireType &&
@@ -647,89 +613,69 @@ nsPermissionManager::AddInternal(nsIPrin
       if (aDBOperation == eWriteToDB) {
         // we'll be writing to the database - generate a known unique id
         id = ++mLargestID;
       } else {
         // we're reading from the database - use the id already assigned
         id = aID;
       }
 
-      entry->GetPermissions().AppendElement(PermissionEntry(id, typeIndex, aPermission, aExpireType, aExpireTime));
-
-      if (aDBOperation == eWriteToDB && aExpireType != nsIPermissionManager::EXPIRE_SESSION) {
-        uint32_t appId;
-        rv = aPrincipal->GetAppId(&appId);
-        NS_ENSURE_SUCCESS(rv, rv);
+      entry->GetPermissions().AppendElement(nsPermissionEntry(typeIndex, aPermission, id, aExpireType, aExpireTime));
 
-        bool isInBrowserElement;
-        rv = aPrincipal->GetIsInBrowserElement(&isInBrowserElement);
-        NS_ENSURE_SUCCESS(rv, rv);
-
-        UpdateDB(op, mStmtInsert, id, host, aType, aPermission, aExpireType, aExpireTime, appId, isInBrowserElement);
-      }
+      if (aDBOperation == eWriteToDB && aExpireType != nsIPermissionManager::EXPIRE_SESSION)
+        UpdateDB(op, mStmtInsert, id, aHost, aType, aPermission, aExpireType, aExpireTime);
 
       if (aNotifyOperation == eNotify) {
-        NotifyObserversWithPermission(host,
-                                      entry->GetKey()->mAppId,
-                                      entry->GetKey()->mIsInBrowserElement,
+        NotifyObserversWithPermission(aHost,
                                       mTypeArray[typeIndex],
                                       aPermission,
                                       aExpireType,
                                       aExpireTime,
                                       NS_LITERAL_STRING("added").get());
       }
 
       break;
     }
 
   case eOperationRemoving:
     {
-      PermissionEntry oldPermissionEntry = entry->GetPermissions()[index];
+      nsPermissionEntry oldPermissionEntry = entry->GetPermissions()[index];
       id = oldPermissionEntry.mID;
       entry->GetPermissions().RemoveElementAt(index);
 
       // If no more types are present, remove the entry
       if (entry->GetPermissions().IsEmpty())
-        mPermissionTable.RawRemoveEntry(entry);
+        mHostTable.RawRemoveEntry(entry);
 
       if (aDBOperation == eWriteToDB)
-        // We care only about the id here so we pass dummy values for all other
-        // parameters.
-        UpdateDB(op, mStmtDelete, id, EmptyCString(), EmptyCString(), 0,
-                 nsIPermissionManager::EXPIRE_NEVER, 0, 0, false);
+        UpdateDB(op, mStmtDelete, id, EmptyCString(), EmptyCString(), 0, 
+                 nsIPermissionManager::EXPIRE_NEVER, 0);
 
       if (aNotifyOperation == eNotify) {
-        NotifyObserversWithPermission(host,
-                                      entry->GetKey()->mAppId,
-                                      entry->GetKey()->mIsInBrowserElement,
+        NotifyObserversWithPermission(aHost,
                                       mTypeArray[typeIndex],
                                       oldPermissionEntry.mPermission,
                                       oldPermissionEntry.mExpireType,
                                       oldPermissionEntry.mExpireTime,
                                       NS_LITERAL_STRING("deleted").get());
       }
 
       break;
     }
 
   case eOperationChanging:
     {
       id = entry->GetPermissions()[index].mID;
       entry->GetPermissions()[index].mPermission = aPermission;
 
       if (aDBOperation == eWriteToDB && aExpireType != nsIPermissionManager::EXPIRE_SESSION)
-        // We care only about the id, the permission and expireType/expireTime here.
-        // We pass dummy values for all other parameters.
-        UpdateDB(op, mStmtUpdate, id, EmptyCString(), EmptyCString(),
-                 aPermission, aExpireType, aExpireTime, 0, false);
+        UpdateDB(op, mStmtUpdate, id, EmptyCString(), EmptyCString(), aPermission, aExpireType, aExpireTime);
 
       if (aNotifyOperation == eNotify) {
-        NotifyObserversWithPermission(host,
-                                      entry->GetKey()->mAppId,
-                                      entry->GetKey()->mIsInBrowserElement,
+        NotifyObserversWithPermission(aHost,
                                       mTypeArray[typeIndex],
                                       aPermission,
                                       aExpireType,
                                       aExpireTime,
                                       NS_LITERAL_STRING("changed").get());
       }
 
       break;
@@ -738,48 +684,53 @@ nsPermissionManager::AddInternal(nsIPrin
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsPermissionManager::Remove(const nsACString &aHost,
                             const char       *aType)
 {
-  nsCOMPtr<nsIPrincipal> principal;
-  nsresult rv = GetPrincipal(aHost, getter_AddRefs(principal));
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  return RemoveFromPrincipal(principal, aType);
-}
+  ENSURE_NOT_CHILD_PROCESS;
 
-NS_IMETHODIMP
-nsPermissionManager::RemoveFromPrincipal(nsIPrincipal* aPrincipal,
-                                         const char* aType)
-{
-  ENSURE_NOT_CHILD_PROCESS;
-  NS_ENSURE_ARG_POINTER(aPrincipal);
   NS_ENSURE_ARG_POINTER(aType);
 
-  // System principals are never added to the database, no need to remove them.
-  if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
-    return NS_OK;
-  }
-
   // AddInternal() handles removal, just let it do the work
-  return AddInternal(aPrincipal,
+  return AddInternal(PromiseFlatCString(aHost),
                      nsDependentCString(aType),
                      nsIPermissionManager::UNKNOWN_ACTION,
                      0,
                      nsIPermissionManager::EXPIRE_NEVER,
                      0,
                      eNotify,
                      eWriteToDB);
 }
 
 NS_IMETHODIMP
+nsPermissionManager::RemoveFromPrincipal(nsIPrincipal* aPrincipal,
+                                         const char* aType)
+{
+  NS_ENSURE_ARG_POINTER(aPrincipal);
+
+  // System principals are never added to the database, no need to remove them.
+  if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsIURI> uri;
+  aPrincipal->GetURI(getter_AddRefs(uri));
+  NS_ENSURE_TRUE(uri, NS_ERROR_FAILURE);
+
+  nsCAutoString host;
+  uri->GetHost(host);
+
+  return Remove(host, aType);
+}
+
+NS_IMETHODIMP
 nsPermissionManager::RemoveAll()
 {
   ENSURE_NOT_CHILD_PROCESS;
   return RemoveAllInternal(true);
 }
 
 void
 nsPermissionManager::CloseDB(bool aRebuildOnSuccess)
@@ -830,159 +781,132 @@ nsPermissionManager::RemoveAllInternal(b
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsPermissionManager::TestExactPermission(nsIURI     *aURI,
                                          const char *aType,
                                          uint32_t   *aPermission)
 {
-  nsCOMPtr<nsIPrincipal> principal;
-  nsresult rv = GetPrincipal(aURI, getter_AddRefs(principal));
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  return TestExactPermissionFromPrincipal(principal, aType, aPermission);
-}
-
-NS_IMETHODIMP
-nsPermissionManager::TestExactPermissionFromPrincipal(nsIPrincipal* aPrincipal,
-                                                      const char* aType,
-                                                      uint32_t* aPermission)
-{
-  NS_ENSURE_ARG_POINTER(aPrincipal);
-
-  // System principals do not have URI so we can't try to get
-  // retro-compatibility here.
-  if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
-    *aPermission = nsIPermissionManager::ALLOW_ACTION;
-    return NS_OK;
-  }
-
-  return CommonTestPermission(aPrincipal, aType, aPermission, true);
+  return CommonTestPermission(aURI, aType, aPermission, true);
 }
 
 NS_IMETHODIMP
 nsPermissionManager::TestPermission(nsIURI     *aURI,
                                     const char *aType,
                                     uint32_t   *aPermission)
 {
-  nsCOMPtr<nsIPrincipal> principal;
-  nsresult rv = GetPrincipal(aURI, getter_AddRefs(principal));
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  return TestPermissionFromPrincipal(principal, aType, aPermission);
+  return CommonTestPermission(aURI, aType, aPermission, false);
 }
 
 NS_IMETHODIMP
 nsPermissionManager::TestPermissionFromPrincipal(nsIPrincipal* aPrincipal,
                                                  const char* aType,
                                                  uint32_t* aPermission)
 {
   NS_ENSURE_ARG_POINTER(aPrincipal);
 
   // System principals do not have URI so we can't try to get
   // retro-compatibility here.
   if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
     *aPermission = nsIPermissionManager::ALLOW_ACTION;
     return NS_OK;
   }
 
-  return CommonTestPermission(aPrincipal, aType, aPermission, false);
+  nsCOMPtr<nsIURI> uri;
+  aPrincipal->GetURI(getter_AddRefs(uri));
+
+  return TestPermission(uri, aType, aPermission);
+}
+
+NS_IMETHODIMP
+nsPermissionManager::TestExactPermissionFromPrincipal(nsIPrincipal* aPrincipal,
+                                                      const char* aType,
+                                                      uint32_t* aPermission)
+{
+  NS_ENSURE_ARG_POINTER(aPrincipal);
+
+  // System principals do not have URI so we can't try to get
+  // retro-compatibility here.
+  if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
+    *aPermission = nsIPermissionManager::ALLOW_ACTION;
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsIURI> uri;
+  aPrincipal->GetURI(getter_AddRefs(uri));
+
+  return TestExactPermission(uri, aType, aPermission);
 }
 
 nsresult
-nsPermissionManager::CommonTestPermission(nsIPrincipal* aPrincipal,
+nsPermissionManager::CommonTestPermission(nsIURI     *aURI,
                                           const char *aType,
                                           uint32_t   *aPermission,
                                           bool        aExactHostMatch)
 {
-  NS_ENSURE_ARG_POINTER(aPrincipal);
+  NS_ENSURE_ARG_POINTER(aURI);
   NS_ENSURE_ARG_POINTER(aType);
 
   // set the default
   *aPermission = nsIPermissionManager::UNKNOWN_ACTION;
 
-  nsCOMPtr<nsIURI> uri;
-  nsresult rv = aPrincipal->GetURI(getter_AddRefs(uri));
-  NS_ENSURE_SUCCESS(rv, rv);
-
   nsCAutoString host;
-  rv = GetHostForPrincipal(aPrincipal, host);
-
+  nsresult rv = GetHost(aURI, host);
   // No host doesn't mean an error. Just return the default. Unless this is
   // a file uri. In that case use a magic host.
   if (NS_FAILED(rv)) {
     bool isFile;
-    rv = uri->SchemeIs("file", &isFile);
+    rv = aURI->SchemeIs("file", &isFile);
     NS_ENSURE_SUCCESS(rv, rv);
     if (isFile) {
       host.AssignLiteral("<file>");
     }
     else {
       return NS_OK;
     }
   }
-
+  
   int32_t typeIndex = GetTypeIndex(aType, false);
   // If type == -1, the type isn't known,
   // so just return NS_OK
   if (typeIndex == -1) return NS_OK;
 
-  uint32_t appId;
-  rv = aPrincipal->GetAppId(&appId);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  bool isInBrowserElement;
-  rv = aPrincipal->GetIsInBrowserElement(&isInBrowserElement);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  PermissionHashKey* entry = GetPermissionHashKey(host, appId, isInBrowserElement,
-                                                  typeIndex, aExactHostMatch);
-  if (entry) {
+  nsHostEntry *entry = GetHostEntry(host, typeIndex, aExactHostMatch);
+  if (entry)
     *aPermission = entry->GetPermission(typeIndex).mPermission;
-  }
 
   return NS_OK;
 }
 
-// Returns PermissionHashKey for a given { host, appId, isInBrowserElement } tuple.
-// This is not simply using PermissionKey because we will walk-up domains in
-// case of |host| contains sub-domains.
-// Returns null if nothing found.
+// Get hostentry for given host string and permission type.
+// walk up the domain if needed.
+// return null if nothing found.
 // Also accepts host on the format "<foo>". This will perform an exact match
 // lookup as the string doesn't contain any dots.
-nsPermissionManager::PermissionHashKey*
-nsPermissionManager::GetPermissionHashKey(const nsACString& aHost,
-                                          uint32_t aAppId,
-                                          bool aIsInBrowserElement,
-                                          uint32_t aType,
-                                          bool aExactHostMatch)
+nsHostEntry *
+nsPermissionManager::GetHostEntry(const nsAFlatCString &aHost,
+                                  uint32_t              aType,
+                                  bool                  aExactHostMatch)
 {
   uint32_t offset = 0;
-  PermissionHashKey* entry;
+  nsHostEntry *entry;
   int64_t now = PR_Now() / 1000;
 
   do {
-    nsRefPtr<PermissionKey> key = new PermissionKey(Substring(aHost, offset), aAppId, aIsInBrowserElement);
-    entry = mPermissionTable.GetEntry(key);
+    entry = mHostTable.GetEntry(aHost.get() + offset);
     if (entry) {
-      PermissionEntry permEntry = entry->GetPermission(aType);
+      nsPermissionEntry permEntry = entry->GetPermission(aType);
 
       // if the entry is expired, remove and keep looking for others.
       if (permEntry.mExpireType == nsIPermissionManager::EXPIRE_TIME &&
-          permEntry.mExpireTime <= now) {
-        nsCOMPtr<nsIPrincipal> principal;
-        if (NS_FAILED(GetPrincipal(aHost, aAppId, aIsInBrowserElement, getter_AddRefs(principal)))) {
-          return nullptr;
-        }
-
-        RemoveFromPrincipal(principal, mTypeArray[aType].get());
-      } else if (permEntry.mPermission != nsIPermissionManager::UNKNOWN_ACTION) {
+          permEntry.mExpireTime <= now)
+        Remove(aHost, mTypeArray[aType].get());
+      else if (permEntry.mPermission != nsIPermissionManager::UNKNOWN_ACTION)
         break;
-      }
 
       // reset entry, to be able to return null on failure
       entry = nullptr;
     }
     if (aExactHostMatch)
       break; // do not try super domains
 
     offset = aHost.FindChar('.', offset) + 1;
@@ -1000,26 +924,24 @@ struct nsGetEnumeratorData
    : array(aArray)
    , types(aTypes) {}
 
   nsCOMArray<nsIPermission> *array;
   const nsTArray<nsCString> *types;
 };
 
 static PLDHashOperator
-AddPermissionsToList(nsPermissionManager::PermissionHashKey* entry, void *arg)
+AddPermissionsToList(nsHostEntry *entry, void *arg)
 {
   nsGetEnumeratorData *data = static_cast<nsGetEnumeratorData *>(arg);
 
   for (uint32_t i = 0; i < entry->GetPermissions().Length(); ++i) {
-    nsPermissionManager::PermissionEntry& permEntry = entry->GetPermissions()[i];
+    nsPermissionEntry &permEntry = entry->GetPermissions()[i];
 
-    nsPermission *perm = new nsPermission(entry->GetKey()->mHost,
-                                          entry->GetKey()->mAppId,
-                                          entry->GetKey()->mIsInBrowserElement,
+    nsPermission *perm = new nsPermission(entry->GetHost(), 
                                           data->types->ElementAt(permEntry.mType),
                                           permEntry.mPermission,
                                           permEntry.mExpireType,
                                           permEntry.mExpireTime);
 
     data->array->AppendObject(perm);
   }
 
@@ -1027,17 +949,17 @@ AddPermissionsToList(nsPermissionManager
 }
 
 NS_IMETHODIMP nsPermissionManager::GetEnumerator(nsISimpleEnumerator **aEnum)
 {
   // roll an nsCOMArray of all our permissions, then hand out an enumerator
   nsCOMArray<nsIPermission> array;
   nsGetEnumeratorData data(&array, &mTypeArray);
 
-  mPermissionTable.EnumerateEntries(AddPermissionsToList, &data);
+  mHostTable.EnumerateEntries(AddPermissionsToList, &data);
 
   return NS_NewArrayEnumerator(aEnum, array);
 }
 
 NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aTopic, const PRUnichar *someData)
 {
   ENSURE_NOT_CHILD_PROCESS;
 
@@ -1065,18 +987,22 @@ NS_IMETHODIMP nsPermissionManager::Obser
 //*** nsPermissionManager private methods
 //*****************************************************************************
 
 nsresult
 nsPermissionManager::RemoveAllFromMemory()
 {
   mLargestID = 0;
   mTypeArray.Clear();
-  mPermissionTable.Clear();
-
+  mHostTable.Clear();
+  if (gHostArena) {
+    PL_FinishArenaPool(gHostArena);
+    delete gHostArena;
+  }
+  gHostArena = nullptr;
   return NS_OK;
 }
 
 // Returns -1 on failure
 int32_t
 nsPermissionManager::GetTypeIndex(const char *aType,
                                   bool        aAdd)
 {
@@ -1098,27 +1024,24 @@ nsPermissionManager::GetTypeIndex(const 
   elem->Assign(aType);
   return mTypeArray.Length() - 1;
 }
 
 // wrapper function for mangling (host,type,perm,expireType,expireTime)
 // set into an nsIPermission.
 void
 nsPermissionManager::NotifyObserversWithPermission(const nsACString &aHost,
-                                                   uint32_t          aAppId,
-                                                   bool              aIsInBrowserElement,
                                                    const nsCString  &aType,
                                                    uint32_t          aPermission,
                                                    uint32_t          aExpireType,
                                                    int64_t           aExpireTime,
                                                    const PRUnichar  *aData)
 {
   nsCOMPtr<nsIPermission> permission =
-    new nsPermission(aHost, aAppId, aIsInBrowserElement, aType, aPermission,
-                     aExpireType, aExpireTime);
+    new nsPermission(aHost, aType, aPermission, aExpireType, aExpireTime);
   if (permission)
     NotifyObservers(permission, aData);
 }
 
 // notify observers that the permission list changed. there are four possible
 // values for aData:
 // "deleted" means a permission was deleted. aPermission is the deleted permission.
 // "added"   means a permission was added. aPermission is the added permission.
@@ -1158,27 +1081,25 @@ nsPermissionManager::Read()
 
     bool hasResult;
     rv = stmtDeleteExpired->ExecuteStep(&hasResult);
     NS_ENSURE_SUCCESS(rv, rv);
   }
 
   nsCOMPtr<mozIStorageStatement> stmt;
   rv = mDBConn->CreateStatement(NS_LITERAL_CSTRING(
-    "SELECT id, host, type, permission, expireType, expireTime, appId, isInBrowserElement "
+    "SELECT id, host, type, permission, expireType, expireTime "
     "FROM moz_hosts"), getter_AddRefs(stmt));
   NS_ENSURE_SUCCESS(rv, rv);
 
   int64_t id;
   nsCAutoString host, type;
   uint32_t permission;
   uint32_t expireType;
   int64_t expireTime;
-  uint32_t appId;
-  bool isInBrowserElement;
   bool hasResult;
   while (NS_SUCCEEDED(stmt->ExecuteStep(&hasResult)) && hasResult) {
     // explicitly set our entry id counter for use in AddInternal(),
     // and keep track of the largest id so we know where to pick up.
     id = stmt->AsInt64(0);
     if (id > mLargestID)
       mLargestID = id;
 
@@ -1189,25 +1110,17 @@ nsPermissionManager::Read()
     NS_ENSURE_SUCCESS(rv, rv);
 
     permission = stmt->AsInt32(3);
     expireType = stmt->AsInt32(4);
 
     // convert into int64_t value (milliseconds)
     expireTime = stmt->AsInt64(5);
 
-    MOZ_ASSERT(stmt->AsInt64(6) >= 0);
-    appId = static_cast<uint32_t>(stmt->AsInt64(6));
-    isInBrowserElement = static_cast<bool>(stmt->AsInt32(7));
-
-    nsCOMPtr<nsIPrincipal> principal;
-    nsresult rv = GetPrincipal(host, appId, isInBrowserElement, getter_AddRefs(principal));
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    rv = AddInternal(principal, type, permission, id, expireType, expireTime,
+    rv = AddInternal(host, type, permission, id, expireType, expireTime,
                      eDontNotify, eNoDBOperation);
     NS_ENSURE_SUCCESS(rv, rv);
   }
 
   return NS_OK;
 }
 
 static const char kMatchTypeHost[] = "host";
@@ -1267,21 +1180,17 @@ nsPermissionManager::Import()
 
       // hosts might be encoded in UTF8; switch them to ACE to be consistent
       if (!IsASCII(lineArray[3])) {
         rv = NormalizeToACE(lineArray[3]);
         if (NS_FAILED(rv))
           continue;
       }
 
-      nsCOMPtr<nsIPrincipal> principal;
-      nsresult rv = GetPrincipal(lineArray[3], getter_AddRefs(principal));
-      NS_ENSURE_SUCCESS(rv, rv);
-
-      rv = AddInternal(principal, lineArray[1], permission, 0,
+      rv = AddInternal(lineArray[3], lineArray[1], permission, 0, 
                        nsIPermissionManager::EXPIRE_NEVER, 0, eDontNotify, eWriteToDB);
       NS_ENSURE_SUCCESS(rv, rv);
     }
   }
 
   // we're done importing - delete the old file
   permissionsFile->Remove(false);
 
@@ -1296,27 +1205,39 @@ nsPermissionManager::NormalizeToACE(nsCS
     nsresult rv;
     mIDNService = do_GetService(NS_IDNSERVICE_CONTRACTID, &rv);
     NS_ENSURE_SUCCESS(rv, rv);
   }
 
   return mIDNService->ConvertUTF8toACE(aHost, aHost);
 }
 
+nsresult
+nsPermissionManager::GetHost(nsIURI *aURI, nsACString &aResult)
+{
+  nsCOMPtr<nsIURI> innerURI = NS_GetInnermostURI(aURI);
+  if (!innerURI) return NS_ERROR_FAILURE;
+
+  nsresult rv = innerURI->GetAsciiHost(aResult);
+
+  if (NS_FAILED(rv) || aResult.IsEmpty())
+    return NS_ERROR_UNEXPECTED;
+
+  return NS_OK;
+}
+
 void
 nsPermissionManager::UpdateDB(OperationType         aOp,
                               mozIStorageStatement* aStmt,
                               int64_t               aID,
                               const nsACString     &aHost,
                               const nsACString     &aType,
                               uint32_t              aPermission,
                               uint32_t              aExpireType,
-                              int64_t               aExpireTime,
-                              uint32_t              aAppId,
-                              bool                  aIsInBrowserElement)
+                              int64_t               aExpireTime)
 {
   ENSURE_NOT_CHILD_PROCESS_NORET;
 
   nsresult rv;
 
   // no statement is ok - just means we don't have a profile
   if (!aStmt)
     return;
@@ -1335,22 +1256,16 @@ nsPermissionManager::UpdateDB(OperationT
 
       rv = aStmt->BindInt32ByIndex(3, aPermission);
       if (NS_FAILED(rv)) break;
 
       rv = aStmt->BindInt32ByIndex(4, aExpireType);
       if (NS_FAILED(rv)) break;
 
       rv = aStmt->BindInt64ByIndex(5, aExpireTime);
-      if (NS_FAILED(rv)) break;
-
-      rv = aStmt->BindInt64ByIndex(6, aAppId);
-      if (NS_FAILED(rv)) break;
-
-      rv = aStmt->BindInt64ByIndex(7, aIsInBrowserElement);
       break;
     }
 
   case eOperationRemoving:
     {
       rv = aStmt->BindInt64ByIndex(0, aID);
       break;
     }
--- a/extensions/cookie/nsPermissionManager.h
+++ b/extensions/cookie/nsPermissionManager.h
@@ -11,152 +11,125 @@
 #include "nsIObserverService.h"
 #include "nsWeakReference.h"
 #include "nsCOMPtr.h"
 #include "nsIFile.h"
 #include "nsTHashtable.h"
 #include "nsTArray.h"
 #include "nsString.h"
 #include "nsPermission.h"
-#include "nsHashKeys.h"
-#include "nsAutoPtr.h"
 
 class nsIPermission;
 class nsIIDNService;
 class mozIStorageConnection;
 class mozIStorageStatement;
 
 ////////////////////////////////////////////////////////////////////////////////
 
+class nsPermissionEntry
+{
+public:
+  nsPermissionEntry(uint32_t aType, uint32_t aPermission, int64_t aID, 
+                    uint32_t aExpireType, int64_t aExpireTime)
+   : mType(aType)
+   , mPermission(aPermission)
+   , mID(aID)
+   , mExpireType(aExpireType)
+   , mExpireTime(aExpireTime) {}
+
+  uint32_t mType;
+  uint32_t mPermission;
+  int64_t  mID;
+  uint32_t mExpireType;
+  int64_t  mExpireTime;
+};
+
+class nsHostEntry : public PLDHashEntryHdr
+{
+public:
+  // Hash methods
+  typedef const char* KeyType;
+  typedef const char* KeyTypePointer;
+
+  nsHostEntry(const char* aHost);
+  nsHostEntry(const nsHostEntry& toCopy);
+
+  ~nsHostEntry()
+  {
+  }
+
+  KeyType GetKey() const
+  {
+    return mHost;
+  }
+
+  bool KeyEquals(KeyTypePointer aKey) const
+  {
+    return !strcmp(mHost, aKey);
+  }
+
+  static KeyTypePointer KeyToPointer(KeyType aKey)
+  {
+    return aKey;
+  }
+
+  static PLDHashNumber HashKey(KeyTypePointer aKey)
+  {
+    // PL_DHashStringKey doesn't use the table parameter, so we can safely
+    // pass nullptr
+    return PL_DHashStringKey(nullptr, aKey);
+  }
+
+  // force the hashtable to use the copy constructor when shuffling entries
+  // around, otherwise the Auto part of our nsAutoTArray won't be happy!
+  enum { ALLOW_MEMMOVE = false };
+
+  // Permissions methods
+  inline const nsDependentCString GetHost() const
+  {
+    return nsDependentCString(mHost);
+  }
+
+  inline nsTArray<nsPermissionEntry> & GetPermissions()
+  {
+    return mPermissions;
+  }
+
+  inline int32_t GetPermissionIndex(uint32_t aType) const
+  {
+    for (uint32_t i = 0; i < mPermissions.Length(); ++i)
+      if (mPermissions[i].mType == aType)
+        return i;
+
+    return -1;
+  }
+
+  inline nsPermissionEntry GetPermission(uint32_t aType) const
+  {
+    for (uint32_t i = 0; i < mPermissions.Length(); ++i)
+      if (mPermissions[i].mType == aType)
+        return mPermissions[i];
+
+    // unknown permission... return relevant data 
+    nsPermissionEntry unk = nsPermissionEntry(aType, nsIPermissionManager::UNKNOWN_ACTION,
+                                              -1, nsIPermissionManager::EXPIRE_NEVER, 0);
+    return unk;
+  }
+
+private:
+  const char *mHost;
+  nsAutoTArray<nsPermissionEntry, 1> mPermissions;
+};
+
+
 class nsPermissionManager : public nsIPermissionManager,
                             public nsIObserver,
                             public nsSupportsWeakReference
 {
 public:
-  class PermissionEntry
-  {
-  public:
-    PermissionEntry(int64_t aID, uint32_t aType, uint32_t aPermission,
-                    uint32_t aExpireType, int64_t aExpireTime)
-     : mID(aID)
-     , mType(aType)
-     , mPermission(aPermission)
-     , mExpireType(aExpireType)
-     , mExpireTime(aExpireTime)
-    {}
-
-    int64_t  mID;
-    uint32_t mType;
-    uint32_t mPermission;
-    uint32_t mExpireType;
-    int64_t  mExpireTime;
-  };
-
-  /**
-   * PermissionKey is the key used by PermissionHashKey hash table.
-   *
-   * NOTE: It could be implementing nsIHashable but there is no reason to worry
-   * with XPCOM interfaces while we don't need to.
-   */
-  class PermissionKey
-  {
-  public:
-    PermissionKey(nsIPrincipal* aPrincipal);
-    PermissionKey(const nsACString& aHost,
-                  uint32_t aAppId,
-                  bool aIsInBrowserElement)
-      : mHost(aHost)
-      , mAppId(aAppId)
-      , mIsInBrowserElement(aIsInBrowserElement)
-    {
-    }
-
-    bool operator==(const PermissionKey& aKey) const {
-      return mHost.Equals(aKey.mHost) &&
-             mAppId == aKey.mAppId &&
-             mIsInBrowserElement == aKey.mIsInBrowserElement;
-    }
-
-    PLDHashNumber GetHashCode() const {
-      nsCAutoString str;
-      str.Assign(mHost);
-      str.AppendInt(mAppId);
-      str.AppendInt(static_cast<int32_t>(mIsInBrowserElement));
-
-      return mozilla::HashString(str);
-    }
-
-    NS_INLINE_DECL_THREADSAFE_REFCOUNTING(PermissionKey);
-
-    nsCString mHost;
-    uint32_t  mAppId;
-    bool      mIsInBrowserElement;
-
-  private:
-    // Default ctor shouldn't be used.
-    PermissionKey() MOZ_DELETE;
-
-    // Dtor shouldn't be used outside of the class.
-    ~PermissionKey() {};
-  };
-
-  class PermissionHashKey : public nsRefPtrHashKey<PermissionKey>
-  {
-  public:
-    PermissionHashKey(const PermissionKey* aPermissionKey)
-      : nsRefPtrHashKey<PermissionKey>(aPermissionKey)
-    {}
-
-    PermissionHashKey(const PermissionHashKey& toCopy)
-      : nsRefPtrHashKey<PermissionKey>(toCopy)
-      , mPermissions(toCopy.mPermissions)
-    {}
-
-    bool KeyEquals(const PermissionKey* aKey) const
-    {
-      return *aKey == *GetKey();
-    }
-
-    static PLDHashNumber HashKey(const PermissionKey* aKey)
-    {
-      return aKey->GetHashCode();
-    }
-
-    // Force the hashtable to use the copy constructor when shuffling entries
-    // around, otherwise the Auto part of our nsAutoTArray won't be happy!
-    enum { ALLOW_MEMMOVE = false };
-
-    inline nsTArray<PermissionEntry> & GetPermissions()
-    {
-      return mPermissions;
-    }
-
-    inline int32_t GetPermissionIndex(uint32_t aType) const
-    {
-      for (uint32_t i = 0; i < mPermissions.Length(); ++i)
-        if (mPermissions[i].mType == aType)
-          return i;
-
-      return -1;
-    }
-
-    inline PermissionEntry GetPermission(uint32_t aType) const
-    {
-      for (uint32_t i = 0; i < mPermissions.Length(); ++i)
-        if (mPermissions[i].mType == aType)
-          return mPermissions[i];
-
-      // unknown permission... return relevant data 
-      return PermissionEntry(-1, aType, nsIPermissionManager::UNKNOWN_ACTION,
-                             nsIPermissionManager::EXPIRE_NEVER, 0);
-    }
-
-  private:
-    nsAutoTArray<PermissionEntry, 1> mPermissions;
-  };
 
   // nsISupports
   NS_DECL_ISUPPORTS
   NS_DECL_NSIPERMISSIONMANAGER
   NS_DECL_NSIOBSERVER
 
   nsPermissionManager();
   virtual ~nsPermissionManager();
@@ -176,81 +149,77 @@ public:
     eWriteToDB
   };
 
   enum NotifyOperationType {
     eDontNotify,
     eNotify
   };
 
-  nsresult AddInternal(nsIPrincipal* aPrincipal,
+  nsresult AddInternal(const nsAFlatCString &aHost,
                        const nsAFlatCString &aType,
                        uint32_t aPermission,
                        int64_t aID,
                        uint32_t aExpireType,
                        int64_t  aExpireTime,
                        NotifyOperationType aNotifyOperation,
                        DBOperationType aDBOperation);
 
 private:
+
   int32_t GetTypeIndex(const char *aTypeString,
                        bool        aAdd);
 
-  PermissionHashKey* GetPermissionHashKey(const nsACString& aHost,
-                                          uint32_t aAppId,
-                                          bool aIsInBrowserElement,
-                                          uint32_t          aType,
-                                          bool              aExactHostMatch);
+  nsHostEntry *GetHostEntry(const nsAFlatCString &aHost,
+                            uint32_t              aType,
+                            bool                  aExactHostMatch);
 
-  nsresult CommonTestPermission(nsIPrincipal* aPrincipal,
+  nsresult CommonTestPermission(nsIURI     *aURI,
                                 const char *aType,
                                 uint32_t   *aPermission,
                                 bool        aExactHostMatch);
 
   nsresult InitDB(bool aRemoveFile);
   nsresult CreateTable();
   nsresult Import();
   nsresult Read();
   void     NotifyObserversWithPermission(const nsACString &aHost,
-                                         uint32_t          aAppId,
-                                         bool              aIsInBrowserElement,
                                          const nsCString  &aType,
                                          uint32_t          aPermission,
                                          uint32_t          aExpireType,
                                          int64_t           aExpireTime,
                                          const PRUnichar  *aData);
   void     NotifyObservers(nsIPermission *aPermission, const PRUnichar *aData);
 
   // Finalize all statements, close the DB and null it.
   // if aRebuildOnSuccess, reinitialize database
   void     CloseDB(bool aRebuildOnSuccess = false);
 
   nsresult RemoveAllInternal(bool aNotifyObservers);
   nsresult RemoveAllFromMemory();
   nsresult NormalizeToACE(nsCString &aHost);
+  nsresult GetHost(nsIURI *aURI, nsACString &aResult);
   static void UpdateDB(OperationType         aOp,
                        mozIStorageStatement* aStmt,
                        int64_t               aID,
                        const nsACString     &aHost,
                        const nsACString     &aType,
                        uint32_t              aPermission,
                        uint32_t              aExpireType,
-                       int64_t               aExpireTime,
-                       uint32_t              aAppId,
-                       bool                  aIsInBrowserElement);
+                       int64_t               aExpireTime);
 
   nsCOMPtr<nsIObserverService> mObserverService;
   nsCOMPtr<nsIIDNService>      mIDNService;
 
   nsCOMPtr<mozIStorageConnection> mDBConn;
   nsCOMPtr<mozIStorageStatement> mStmtInsert;
   nsCOMPtr<mozIStorageStatement> mStmtDelete;
   nsCOMPtr<mozIStorageStatement> mStmtUpdate;
 
-  nsTHashtable<PermissionHashKey> mPermissionTable;
+  nsTHashtable<nsHostEntry>    mHostTable;
   // a unique, monotonically increasing id used to identify each database entry
   int64_t                      mLargestID;
 
   // An array to store the strings identifying the different types.
   nsTArray<nsCString>          mTypeArray;
 
   // Initially, |false|. Set to |true| once shutdown has started, to avoid
   // reopening the database.
--- a/extensions/cookie/test/Makefile.in
+++ b/extensions/cookie/test/Makefile.in
@@ -47,20 +47,16 @@ MOCHITEST_FILES = \
   test_same_base_domain_3.html \
   test_same_base_domain_4.html \
   file_localhost_inner.html \
   test_same_base_domain_5.html \
   test_same_base_domain_6.html \
   file_loopback_inner.html \
   $(NULL)
 
-MOCHITEST_CHROME_FILES = \
-  test_permissionmanager_app_isolation.html \
-  $(NULL)
-
 MOCHITEST_BROWSER_FILES = \
   browser_test_favicon.js \
   $(NULL)
 
 XPCSHELL_TESTS = unit
 
 # FIXME/bug 575918: out-of-process xpcshell is broken on OS X
 ifneq ($(OS_ARCH),Darwin)
deleted file mode 100644
--- a/extensions/cookie/test/test_permissionmanager_app_isolation.html
+++ /dev/null
@@ -1,168 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-https://bugzilla.mozilla.org/show_bug.cgi?id=758258
--->
-<head>
-  <meta charset="utf-8">
-  <title>Test for nsIPrincipal extendedOrigin, appStatus and appId</title>
-  <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
-  <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
-</head>
-<body>
-<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=758258">Mozilla Bug 758258</a>
-<p id="display"></p>
-<div id="content">
-  
-</div>
-<pre id="test">
-<script type="application/javascript;version=1.7">
-
-/** Test for Bug 758258 **/
-
-var Ci = Components.interfaces;
-var Cc = Components.classes;
-
-SimpleTest.waitForExplicitFinish();
-
-var permManager = Cc["@mozilla.org/permissionmanager;1"]
-                    .getService(Ci.nsIPermissionManager);
-
-const gPermName = 'foobar';
-
-var previousPrefs = {
-  mozBrowserFramesEnabled: undefined,
-};
-
-try {
-  previousPrefs.mozBrowserFramesEnabled = SpecialPowers.getBoolPref('dom.mozBrowserFramesEnabled');
-} catch(e)
-{
-}
-
-SpecialPowers.setBoolPref('dom.mozBrowserFramesEnabled', true);
-
-// We use http://test/ as url so all apps use the same url and app isolation is
-// more obvious.
-var gData = [
-  // APP 1
-  {
-    app: 'http://example.org/manifest.webapp',
-    action: 'read-no',
-    src: 'http://test/',
-  },
-  {
-    app: 'http://example.org/manifest.webapp',
-    action: 'write',
-    src: 'http://test/',
-  },
-  {
-    app: 'http://example.org/manifest.webapp',
-    action: 'read-yes',
-    src: 'http://test/',
-  },
-  // APP 2
-  {
-    app: 'https://example.com/manifest.webapp',
-    action: 'read-no',
-    src: 'http://test/',
-  },
-  {
-    app: 'https://example.com/manifest.webapp',
-    action: 'write',
-    src: 'http://test/',
-  },
-  {
-    app: 'https://example.com/manifest.webapp',
-    action: 'read-yes',
-    src: 'http://test/',
-  },
-  // Browser
-  {
-    browser: true,
-    action: 'read-no',
-    src: 'http://test/',
-  },
-  {
-    browser: true,
-    action: 'write',
-    src: 'http://test/',
-  },
-  {
-    browser: true,
-    action: 'read-yes',
-    src: 'http://test/',
-  },
-];
-
-function runTest() {
-  for (var i in gData) {
-    var iframe = document.createElement('iframe');
-    var data = gData[i];
-
-    if (data.app) {
-      iframe.setAttribute('mozbrowser', '');
-      iframe.setAttribute('mozapp', data.app);
-    } else if (data.browser) {
-      iframe.setAttribute('mozbrowser', '');
-    }
-
-    if (data.app || data.browser) {
-      iframe.addEventListener('load', function(e) {
-        var principal = iframe.contentDocument.nodePrincipal;
-
-        switch (data.action) {
-          case 'read-no':
-            is(permManager.testPermissionFromPrincipal(principal, gPermName),
-               Ci.nsIPermissionManager.UNKNOWN_ACTION,
-               "Permission should not be set yet");
-            is(permManager.testExactPermissionFromPrincipal(principal, gPermName),
-               Ci.nsIPermissionManager.UNKNOWN_ACTION,
-               "Permission should not be set yet");
-            break;
-          case 'write':
-            permManager.addFromPrincipal(principal, gPermName, Ci.nsIPermissionManager.ALLOW_ACTION);
-            break;
-          case 'read-yes':
-            is(permManager.testPermissionFromPrincipal(principal, gPermName),
-               Ci.nsIPermissionManager.ALLOW_ACTION,
-               "Permission should be set");
-            is(permManager.testExactPermissionFromPrincipal(principal, gPermName),
-               Ci.nsIPermissionManager.ALLOW_ACTION,
-               "Permission should be set");
-            break;
-          default:
-            ok(false, "shouldn't be there");
-        }
-
-        // Calling removeChild() produces an error that creates failures.
-        //document.getElementById('content').removeChild(iframe);
-
-        i++;
-        if (i >= gData.length) {
-          if (previousPrefs.mozBrowserFramesEnabled !== undefined) {
-            SpecialPowers.setBoolPref('dom.mozBrowserFramesEnabled', previousPrefs.mozBrowserFramesEnabled);
-          }
-
-          SimpleTest.finish();
-        } else {
-          gTestRunner.next();
-        }
-      });
-    }
-
-    iframe.src = data.src;
-
-    document.getElementById('content').appendChild(iframe);
-
-    yield;
-  }
-}
-
-var gTestRunner = runTest();
-gTestRunner.next();
-
-</script>
-</pre>
-</body>
-</html>
--- a/netwerk/base/public/nsIPermission.idl
+++ b/netwerk/base/public/nsIPermission.idl
@@ -1,41 +1,31 @@
 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsISupports.idl"
 
-[scriptable, uuid(cfb08e46-193c-4be7-a467-d7775fb2a31e)]
+[scriptable, uuid(5036f0f6-f77b-4168-9d57-a1c0dd66cf02)]
 /**
  * This interface defines a "permission" object,
  * used to specify allowed/blocked objects from
  * user-specified sites (cookies, images etc).
  */
 
 interface nsIPermission : nsISupports
 {
     /**
      * The name of the host for which the permission is set
      */
     readonly attribute AUTF8String host;
 
     /**
-     * The id of the app for which the permission is set.
-     */
-    readonly attribute unsigned long appId;
-
-    /**
-     * Whether the permission has been set to a page inside a browser element.
-     */
-    readonly attribute boolean isInBrowserElement;
-
-    /**
      * a case-sensitive ASCII string, indicating the type of permission
      * (e.g., "cookie", "image", etc).
      * This string is specified by the consumer when adding a permission 
      * via nsIPermissionManager.
      * @see nsIPermissionManager
      */
     readonly attribute ACString type;
 
--- a/netwerk/ipc/NeckoMessageUtils.h
+++ b/netwerk/ipc/NeckoMessageUtils.h
@@ -257,76 +257,53 @@ struct ParamTraits<InputStream>
 
 // nsIPermissionManager utilities
 
 struct Permission
 {
   nsCString host, type;
   uint32_t capability, expireType;
   int64_t expireTime;
-  uint32_t appId;
-  bool isInBrowserElement;
 
   Permission() { }
   Permission(const nsCString& aHost,
-             const uint32_t aAppId,
-             const bool aIsInBrowserElement,
              const nsCString& aType,
              const uint32_t aCapability,
              const uint32_t aExpireType,
              const int64_t aExpireTime) : host(aHost),
                                           type(aType),
                                           capability(aCapability),
                                           expireType(aExpireType),
-                                          expireTime(aExpireTime),
-                                          appId(aAppId),
-                                          isInBrowserElement(aIsInBrowserElement)
-  {}
+                                          expireTime(aExpireTime) { }
 };
 
 template<>
 struct ParamTraits<Permission>
 {
   static void Write(Message* aMsg, const Permission& aParam)
   {
     WriteParam(aMsg, aParam.host);
     WriteParam(aMsg, aParam.type);
     WriteParam(aMsg, aParam.capability);
     WriteParam(aMsg, aParam.expireType);
     WriteParam(aMsg, aParam.expireTime);
-    WriteParam(aMsg, aParam.appId);
-    WriteParam(aMsg, aParam.isInBrowserElement);
   }
 
   static bool Read(const Message* aMsg, void** aIter, Permission* aResult)
   {
     return ReadParam(aMsg, aIter, &aResult->host) &&
            ReadParam(aMsg, aIter, &aResult->type) &&
            ReadParam(aMsg, aIter, &aResult->capability) &&
            ReadParam(aMsg, aIter, &aResult->expireType) &&
-           ReadParam(aMsg, aIter, &aResult->expireTime) &&
-           ReadParam(aMsg, aIter, &aResult->appId) &&
-           ReadParam(aMsg, aIter, &aResult->isInBrowserElement);
+           ReadParam(aMsg, aIter, &aResult->expireTime);
   }
 
-  static void Log(const Permission& p, std::wstring* l)
+  static void Log(const Permission& aParam, std::wstring* aLog)
   {
-    l->append(L"(");
-    LogParam(p.host, l);
-    l->append(L", ");
-    LogParam(p.appId, l);
-    l->append(L", ");
-    LogParam(p.isInBrowserElement, l);
-    l->append(L", ");
-    LogParam(p.capability, l);
-    l->append(L", ");
-    LogParam(p.expireTime, l);
-    l->append(L", ");
-    LogParam(p.expireType, l);
-    l->append(L")");
+    aLog->append(StringPrintf(L"[%s]", aParam.host.get()));
   }
 };
 
 template<>
 struct ParamTraits<PRNetAddr>
 {
   static void Write(Message* aMsg, const PRNetAddr &aParam)
   {
--- a/testing/mozbase/mozprofile/mozprofile/permissions.py
+++ b/testing/mozbase/mozprofile/mozprofile/permissions.py
@@ -226,41 +226,36 @@ class Permissions(object):
                 self._locations.read(locations)
 
     def write_db(self, locations):
         """write permissions to the sqlite database"""
 
         # Open database and create table
         permDB = sqlite3.connect(os.path.join(self._profileDir, "permissions.sqlite"))
         cursor = permDB.cursor();
-
-        cursor.execute("PRAGMA user_version=3");
-
         # SQL copied from
         # http://mxr.mozilla.org/mozilla-central/source/extensions/cookie/nsPermissionManager.cpp
         cursor.execute("""CREATE TABLE IF NOT EXISTS moz_hosts (
            id INTEGER PRIMARY KEY,
            host TEXT,
            type TEXT,
            permission INTEGER,
            expireType INTEGER,
-           expireTime INTEGER,
-           appId INTEGER,
-           isInBrowserElement INTEGER)""")
+           expireTime INTEGER)""")
 
         for location in locations:
             # set the permissions
             permissions = { 'allowXULXBL': 'noxul' not in location.options }
             for perm, allow in permissions.iteritems():
                 self._num_permissions += 1
                 if allow:
                     permission_type = 1
                 else:
                     permission_type = 2
-                cursor.execute("INSERT INTO moz_hosts values(?, ?, ?, ?, 0, 0, 0, 0)",
+                cursor.execute("INSERT INTO moz_hosts values(?, ?, ?, ?, 0, 0)",
                                (self._num_permissions, location.host, perm,
                                 permission_type))
 
         # Commit and close
         permDB.commit()
         cursor.close()
 
     def network_prefs(self, proxy=False):