/src/mozilla-central/caps/DomainPolicy.cpp

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* vim: set ts=4 et sw=4 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "DomainPolicy.h"
#include "mozilla/dom/ContentParent.h"
#include "mozilla/ipc/URIUtils.h"
#include "mozilla/Unused.h"
#include "nsIMessageManager.h"
#include "nsIURIMutator.h"
#include "nsScriptSecurityManager.h"

namespace mozilla {

using namespace ipc;
using namespace dom;

NS_IMPL_ISUPPORTS(DomainPolicy, nsIDomainPolicy)

static nsresult
BroadcastDomainSetChange(DomainSetType aSetType, DomainSetChangeType aChangeType,
                         nsIURI* aDomain = nullptr)
{
    MOZ_ASSERT(XRE_IsParentProcess(),
               "DomainPolicy should only be exposed to the chrome process.");

    nsTArray<ContentParent*> parents;
    ContentParent::GetAll(parents);
    if (!parents.Length()) {
       return NS_OK;
    }

    OptionalURIParams uri;
    SerializeURI(aDomain, uri);

    for (uint32_t i = 0; i < parents.Length(); i++) {
        Unused << parents[i]->SendDomainSetChanged(aSetType, aChangeType, uri);
    }
    return NS_OK;
}

DomainPolicy::DomainPolicy() : mBlacklist(new DomainSet(BLACKLIST))
                             , mSuperBlacklist(new DomainSet(SUPER_BLACKLIST))
                             , mWhitelist(new DomainSet(WHITELIST))
                             , mSuperWhitelist(new DomainSet(SUPER_WHITELIST))
{
    if (XRE_IsParentProcess()) {
        BroadcastDomainSetChange(NO_TYPE, ACTIVATE_POLICY);
    }
}

DomainPolicy::~DomainPolicy()
{
    // The SSM holds a strong ref to the DomainPolicy until Deactivate() is
    // invoked, so we should never hit the destructor until that happens.
    MOZ_ASSERT(!mBlacklist && !mSuperBlacklist &&
               !mWhitelist && !mSuperWhitelist);
}


NS_IMETHODIMP
DomainPolicy::GetBlacklist(nsIDomainSet** aSet)
{
    nsCOMPtr<nsIDomainSet> set = mBlacklist.get();
    set.forget(aSet);
    return NS_OK;
}

NS_IMETHODIMP
DomainPolicy::GetSuperBlacklist(nsIDomainSet** aSet)
{
    nsCOMPtr<nsIDomainSet> set = mSuperBlacklist.get();
    set.forget(aSet);
    return NS_OK;
}

NS_IMETHODIMP
DomainPolicy::GetWhitelist(nsIDomainSet** aSet)
{
    nsCOMPtr<nsIDomainSet> set = mWhitelist.get();
    set.forget(aSet);
    return NS_OK;
}

NS_IMETHODIMP
DomainPolicy::GetSuperWhitelist(nsIDomainSet** aSet)
{
    nsCOMPtr<nsIDomainSet> set = mSuperWhitelist.get();
    set.forget(aSet);
    return NS_OK;
}

NS_IMETHODIMP
DomainPolicy::Deactivate()
{
    // Clear the hashtables first to free up memory, since script might
    // hold the doomed sets alive indefinitely.
    mBlacklist->Clear();
    mSuperBlacklist->Clear();
    mWhitelist->Clear();
    mSuperWhitelist->Clear();

    // Null them out.
    mBlacklist = nullptr;
    mSuperBlacklist = nullptr;
    mWhitelist = nullptr;
    mSuperWhitelist = nullptr;

    // Inform the SSM.
    nsScriptSecurityManager* ssm = nsScriptSecurityManager::GetScriptSecurityManager();
    if (ssm) {
        ssm->DeactivateDomainPolicy();
    }
    if (XRE_IsParentProcess()) {
        BroadcastDomainSetChange(NO_TYPE, DEACTIVATE_POLICY);
    }
    return NS_OK;
}

void
DomainPolicy::CloneDomainPolicy(DomainPolicyClone* aClone)
{
    aClone->active() = true;
    mBlacklist->CloneSet(&aClone->blacklist());
    mSuperBlacklist->CloneSet(&aClone->superBlacklist());
    mWhitelist->CloneSet(&aClone->whitelist());
    mSuperWhitelist->CloneSet(&aClone->superWhitelist());
}

static
void
CopyURIs(const InfallibleTArray<URIParams>& aDomains, nsIDomainSet* aSet)
{
    for (uint32_t i = 0; i < aDomains.Length(); i++) {
        nsCOMPtr<nsIURI> uri = DeserializeURI(aDomains[i]);
        aSet->Add(uri);
    }
}

void
DomainPolicy::ApplyClone(const DomainPolicyClone* aClone)
{
    CopyURIs(aClone->blacklist(), mBlacklist);
    CopyURIs(aClone->whitelist(), mWhitelist);
    CopyURIs(aClone->superBlacklist(), mSuperBlacklist);
    CopyURIs(aClone->superWhitelist(), mSuperWhitelist);
}

static already_AddRefed<nsIURI>
GetCanonicalClone(nsIURI* aURI)
{
    nsCOMPtr<nsIURI> clone;
    nsresult rv = NS_MutateURI(aURI)
           .SetUserPass(EmptyCString())
           .SetPathQueryRef(EmptyCString())
           .Finalize(clone);
    NS_ENSURE_SUCCESS(rv, nullptr);
    return clone.forget();
}

NS_IMPL_ISUPPORTS(DomainSet, nsIDomainSet)

NS_IMETHODIMP
DomainSet::Add(nsIURI* aDomain)
{
    nsCOMPtr<nsIURI> clone = GetCanonicalClone(aDomain);
    NS_ENSURE_TRUE(clone, NS_ERROR_FAILURE);
    mHashTable.PutEntry(clone);
    if (XRE_IsParentProcess())
        return BroadcastDomainSetChange(mType, ADD_DOMAIN, aDomain);

    return NS_OK;
}

NS_IMETHODIMP
DomainSet::Remove(nsIURI* aDomain)
{
    nsCOMPtr<nsIURI> clone = GetCanonicalClone(aDomain);
    NS_ENSURE_TRUE(clone, NS_ERROR_FAILURE);
    mHashTable.RemoveEntry(clone);
    if (XRE_IsParentProcess())
        return BroadcastDomainSetChange(mType, REMOVE_DOMAIN, aDomain);

    return NS_OK;
}

NS_IMETHODIMP
DomainSet::Clear()
{
    mHashTable.Clear();
    if (XRE_IsParentProcess())
        return BroadcastDomainSetChange(mType, CLEAR_DOMAINS);

    return NS_OK;
}

NS_IMETHODIMP
DomainSet::Contains(nsIURI* aDomain, bool* aContains)
{
    *aContains = false;
    nsCOMPtr<nsIURI> clone = GetCanonicalClone(aDomain);
    NS_ENSURE_TRUE(clone, NS_ERROR_FAILURE);
    *aContains = mHashTable.Contains(clone);
    return NS_OK;
}

NS_IMETHODIMP
DomainSet::ContainsSuperDomain(nsIURI* aDomain, bool* aContains)
{
    *aContains = false;
    nsCOMPtr<nsIURI> clone = GetCanonicalClone(aDomain);
    NS_ENSURE_TRUE(clone, NS_ERROR_FAILURE);
    nsAutoCString domain;
    nsresult rv = clone->GetHost(domain);
    NS_ENSURE_SUCCESS(rv, rv);
    while (true) {
        // Check the current domain.
        if (mHashTable.Contains(clone)) {
            *aContains = true;
            return NS_OK;
        }

        // Chop off everything before the first dot, or break if there are no
        // dots left.
        int32_t index = domain.Find(".");
        if (index == kNotFound)
            break;
        domain.Assign(Substring(domain, index + 1));
        rv = NS_MutateURI(clone)
               .SetHost(domain)
               .Finalize(clone);
        NS_ENSURE_SUCCESS(rv, rv);
    }

    // No match.
    return NS_OK;

}

NS_IMETHODIMP
DomainSet::GetType(uint32_t* aType)
{
    *aType = mType;
    return NS_OK;
}

void
DomainSet::CloneSet(InfallibleTArray<URIParams>* aDomains)
{
    for (auto iter = mHashTable.Iter(); !iter.Done(); iter.Next()) {
        nsIURI* key = iter.Get()->GetKey();

        URIParams uri;
        SerializeURI(key, uri);

        aDomains->AppendElement(uri);
    }
}

} /* namespace mozilla */

Coverage Report

Created: 2018-09-25 14:53

Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -- */
2		/* vim: set ts=4 et sw=4 tw=80: */
3		/* This Source Code Form is subject to the terms of the Mozilla Public
4		* License, v. 2.0. If a copy of the MPL was not distributed with this
5		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7		#include "DomainPolicy.h"
8		#include "mozilla/dom/ContentParent.h"
9		#include "mozilla/ipc/URIUtils.h"
10		#include "mozilla/Unused.h"
11		#include "nsIMessageManager.h"
12		#include "nsIURIMutator.h"
13		#include "nsScriptSecurityManager.h"
14
15		namespace mozilla {
16
17		using namespace ipc;
18		using namespace dom;
19
20		NS_IMPL_ISUPPORTS(DomainPolicy, nsIDomainPolicy)
21
22		static nsresult
23		BroadcastDomainSetChange(DomainSetType aSetType, DomainSetChangeType aChangeType,
24		nsIURI* aDomain = nullptr)
25	0	{
26	0	MOZ_ASSERT(XRE_IsParentProcess(),
27	0	"DomainPolicy should only be exposed to the chrome process.");
28	0
29	0	nsTArray<ContentParent*> parents;
30	0	ContentParent::GetAll(parents);
31	0	if (!parents.Length()) {
32	0	return NS_OK;
33	0	}
34	0
35	0	OptionalURIParams uri;
36	0	SerializeURI(aDomain, uri);
37	0
38	0	for (uint32_t i = 0; i < parents.Length(); i++) {
39	0	Unused << parents[i]->SendDomainSetChanged(aSetType, aChangeType, uri);
40	0	}
41	0	return NS_OK;
42	0	}
43
44		DomainPolicy::DomainPolicy() : mBlacklist(new DomainSet(BLACKLIST))
45		, mSuperBlacklist(new DomainSet(SUPER_BLACKLIST))
46		, mWhitelist(new DomainSet(WHITELIST))
47		, mSuperWhitelist(new DomainSet(SUPER_WHITELIST))
48	0	{
49	0	if (XRE_IsParentProcess()) {
50	0	BroadcastDomainSetChange(NO_TYPE, ACTIVATE_POLICY);
51	0	}
52	0	}
53
54		DomainPolicy::~DomainPolicy()
55	0	{
56	0	// The SSM holds a strong ref to the DomainPolicy until Deactivate() is
57	0	// invoked, so we should never hit the destructor until that happens.
58	0	MOZ_ASSERT(!mBlacklist && !mSuperBlacklist &&
59	0	!mWhitelist && !mSuperWhitelist);
60	0	}
61
62
63		NS_IMETHODIMP
64		DomainPolicy::GetBlacklist(nsIDomainSet** aSet)
65	0	{
66	0	nsCOMPtr<nsIDomainSet> set = mBlacklist.get();
67	0	set.forget(aSet);
68	0	return NS_OK;
69	0	}
70
71		NS_IMETHODIMP
72		DomainPolicy::GetSuperBlacklist(nsIDomainSet** aSet)
73	0	{
74	0	nsCOMPtr<nsIDomainSet> set = mSuperBlacklist.get();
75	0	set.forget(aSet);
76	0	return NS_OK;
77	0	}
78
79		NS_IMETHODIMP
80		DomainPolicy::GetWhitelist(nsIDomainSet** aSet)
81	0	{
82	0	nsCOMPtr<nsIDomainSet> set = mWhitelist.get();
83	0	set.forget(aSet);
84	0	return NS_OK;
85	0	}
86
87		NS_IMETHODIMP
88		DomainPolicy::GetSuperWhitelist(nsIDomainSet** aSet)
89	0	{
90	0	nsCOMPtr<nsIDomainSet> set = mSuperWhitelist.get();
91	0	set.forget(aSet);
92	0	return NS_OK;
93	0	}
94
95		NS_IMETHODIMP
96		DomainPolicy::Deactivate()
97	0	{
98	0	// Clear the hashtables first to free up memory, since script might
99	0	// hold the doomed sets alive indefinitely.
100	0	mBlacklist->Clear();
101	0	mSuperBlacklist->Clear();
102	0	mWhitelist->Clear();
103	0	mSuperWhitelist->Clear();
104	0
105	0	// Null them out.
106	0	mBlacklist = nullptr;
107	0	mSuperBlacklist = nullptr;
108	0	mWhitelist = nullptr;
109	0	mSuperWhitelist = nullptr;
110	0
111	0	// Inform the SSM.
112	0	nsScriptSecurityManager* ssm = nsScriptSecurityManager::GetScriptSecurityManager();
113	0	if (ssm) {
114	0	ssm->DeactivateDomainPolicy();
115	0	}
116	0	if (XRE_IsParentProcess()) {
117	0	BroadcastDomainSetChange(NO_TYPE, DEACTIVATE_POLICY);
118	0	}
119	0	return NS_OK;
120	0	}
121
122		void
123		DomainPolicy::CloneDomainPolicy(DomainPolicyClone* aClone)
124	0	{
125	0	aClone->active() = true;
126	0	mBlacklist->CloneSet(&aClone->blacklist());
127	0	mSuperBlacklist->CloneSet(&aClone->superBlacklist());
128	0	mWhitelist->CloneSet(&aClone->whitelist());
129	0	mSuperWhitelist->CloneSet(&aClone->superWhitelist());
130	0	}
131
132		static
133		void
134		CopyURIs(const InfallibleTArray<URIParams>& aDomains, nsIDomainSet* aSet)
135	0	{
136	0	for (uint32_t i = 0; i < aDomains.Length(); i++) {
137	0	nsCOMPtr<nsIURI> uri = DeserializeURI(aDomains[i]);
138	0	aSet->Add(uri);
139	0	}
140	0	}
141
142		void
143		DomainPolicy::ApplyClone(const DomainPolicyClone* aClone)
144	0	{
145	0	CopyURIs(aClone->blacklist(), mBlacklist);
146	0	CopyURIs(aClone->whitelist(), mWhitelist);
147	0	CopyURIs(aClone->superBlacklist(), mSuperBlacklist);
148	0	CopyURIs(aClone->superWhitelist(), mSuperWhitelist);
149	0	}
150
151		static already_AddRefed<nsIURI>
152		GetCanonicalClone(nsIURI* aURI)
153	0	{
154	0	nsCOMPtr<nsIURI> clone;
155	0	nsresult rv = NS_MutateURI(aURI)
156	0	.SetUserPass(EmptyCString())
157	0	.SetPathQueryRef(EmptyCString())
158	0	.Finalize(clone);
159	0	NS_ENSURE_SUCCESS(rv, nullptr);
160	0	return clone.forget();
161	0	}
162
163		NS_IMPL_ISUPPORTS(DomainSet, nsIDomainSet)
164
165		NS_IMETHODIMP
166		DomainSet::Add(nsIURI* aDomain)
167	0	{
168	0	nsCOMPtr<nsIURI> clone = GetCanonicalClone(aDomain);
169	0	NS_ENSURE_TRUE(clone, NS_ERROR_FAILURE);
170	0	mHashTable.PutEntry(clone);
171	0	if (XRE_IsParentProcess())
172	0	return BroadcastDomainSetChange(mType, ADD_DOMAIN, aDomain);
173	0
174	0	return NS_OK;
175	0	}
176
177		NS_IMETHODIMP
178		DomainSet::Remove(nsIURI* aDomain)
179	0	{
180	0	nsCOMPtr<nsIURI> clone = GetCanonicalClone(aDomain);
181	0	NS_ENSURE_TRUE(clone, NS_ERROR_FAILURE);
182	0	mHashTable.RemoveEntry(clone);
183	0	if (XRE_IsParentProcess())
184	0	return BroadcastDomainSetChange(mType, REMOVE_DOMAIN, aDomain);
185	0
186	0	return NS_OK;
187	0	}
188
189		NS_IMETHODIMP
190		DomainSet::Clear()
191	0	{
192	0	mHashTable.Clear();
193	0	if (XRE_IsParentProcess())
194	0	return BroadcastDomainSetChange(mType, CLEAR_DOMAINS);
195	0
196	0	return NS_OK;
197	0	}
198
199		NS_IMETHODIMP
200		DomainSet::Contains(nsIURI* aDomain, bool* aContains)
201	0	{
202	0	*aContains = false;
203	0	nsCOMPtr<nsIURI> clone = GetCanonicalClone(aDomain);
204	0	NS_ENSURE_TRUE(clone, NS_ERROR_FAILURE);
205	0	*aContains = mHashTable.Contains(clone);
206	0	return NS_OK;
207	0	}
208
209		NS_IMETHODIMP
210		DomainSet::ContainsSuperDomain(nsIURI* aDomain, bool* aContains)
211	0	{
212	0	*aContains = false;
213	0	nsCOMPtr<nsIURI> clone = GetCanonicalClone(aDomain);
214	0	NS_ENSURE_TRUE(clone, NS_ERROR_FAILURE);
215	0	nsAutoCString domain;
216	0	nsresult rv = clone->GetHost(domain);
217	0	NS_ENSURE_SUCCESS(rv, rv);
218	0	while (true) {
219	0	// Check the current domain.
220	0	if (mHashTable.Contains(clone)) {
221	0	*aContains = true;
222	0	return NS_OK;
223	0	}
224	0
225	0	// Chop off everything before the first dot, or break if there are no
226	0	// dots left.
227	0	int32_t index = domain.Find(".");
228	0	if (index == kNotFound)
229	0	break;
230	0	domain.Assign(Substring(domain, index + 1));
231	0	rv = NS_MutateURI(clone)
232	0	.SetHost(domain)
233	0	.Finalize(clone);
234	0	NS_ENSURE_SUCCESS(rv, rv);
235	0	}
236	0
237	0	// No match.
238	0	return NS_OK;
239	0
240	0	}
241
242		NS_IMETHODIMP
243		DomainSet::GetType(uint32_t* aType)
244	0	{
245	0	*aType = mType;
246	0	return NS_OK;
247	0	}
248
249		void
250		DomainSet::CloneSet(InfallibleTArray<URIParams>* aDomains)
251	0	{
252	0	for (auto iter = mHashTable.Iter(); !iter.Done(); iter.Next()) {
253	0	nsIURI* key = iter.Get()->GetKey();
254	0
255	0	URIParams uri;
256	0	SerializeURI(key, uri);
257	0
258	0	aDomains->AppendElement(uri);
259	0	}
260	0	}
261
262		} /* namespace mozilla */