Bug 1165272 - Part 1: Remove getAppCodebasePrincipal. r=bholley

b2g/components/AboutServiceWorkers.jsm

@@ -154,11 +154,10 @@ this.AboutServiceWorkers = {
           return;
         }
 
-        let principal = Services.scriptSecurityManager.getAppCodebasePrincipal(
+        let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+          // TODO: Bug 1196652. use originNoSuffix
           Services.io.newURI(message.principal.origin, null, null),
-          message.principal.originAttributes.appId,
+          message.principal.originAttributes);
-          message.principal.originAttributes.inBrowser
-        );
 
         if (!message.scope) {
           self.sendError(message.id, "MissingScope");

b2g/components/ContentPermissionPrompt.js

@@ -205,9 +205,9 @@ ContentPermissionPrompt.prototype = {
     // URL.
     let notDenyAppPrincipal = function(type) {
       let url = Services.io.newURI(app.origin, null, null);
-      let principal = secMan.getAppCodebasePrincipal(url,
+      let principal =
-                                                     request.principal.appId,
+        secMan.createCodebasePrincipal(url,
-                                                     /*mozbrowser*/false);
+                                       {appId: request.principal.appId});
       let result = Services.perms.testExactPermissionFromPrincipal(principal,
                                                                    type.access);
 

caps/nsIScriptSecurityManager.idl

@@ -26,7 +26,7 @@ class DomainPolicyClone;
 [ptr] native JSObjectPtr(JSObject);
 [ptr] native DomainPolicyClonePtr(mozilla::dom::DomainPolicyClone);
 
-[scriptable, uuid(9a8f0b70-6b9f-4e19-8885-7cfe24f4a42d)]
+[scriptable, uuid(73f92674-f59d-4c9b-a9b5-f7a3ae8ffa98)]
 interface nsIScriptSecurityManager : nsISupports
 {
     /**
@@ -150,10 +150,12 @@ interface nsIScriptSecurityManager : nsISupports
      * @param appId is the app id of the principal. It can't be UNKNOWN_APP_ID.
      * @param inMozBrowser is true if the principal has to be considered as
      * inside a mozbrowser frame.
+     *
+     * @deprecated use createCodebasePrincipal instead.
      */
-    nsIPrincipal getAppCodebasePrincipal(in nsIURI uri,
+    [deprecated] nsIPrincipal getAppCodebasePrincipal(in nsIURI uri,
-                                         in unsigned long appId,
+                                                      in unsigned long appId,
-                                         in boolean inMozBrowser);
+                                                      in boolean inMozBrowser);
 
     /**
      * Returns a principal that has the appId and inMozBrowser of the load

docshell/base/nsDocShell.cpp

@@ -11,6 +11,7 @@
 #include "mozilla/ArrayUtils.h"
 #include "mozilla/Attributes.h"
 #include "mozilla/AutoRestore.h"
+#include "mozilla/BasePrincipal.h"
 #include "mozilla/Casting.h"
 #include "mozilla/dom/ContentChild.h"
 #include "mozilla/dom/Element.h"
@@ -9360,9 +9361,6 @@ nsDocShell::CreatePrincipalFromReferrer(nsIURI* aReferrer,
                                         nsIPrincipal** aResult)
 {
   nsresult rv;
-  nsCOMPtr<nsIScriptSecurityManager> secMan =
-    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-  NS_ENSURE_SUCCESS(rv, rv);
 
   uint32_t appId;
   rv = GetAppId(&appId);
@@ -9370,12 +9368,14 @@ nsDocShell::CreatePrincipalFromReferrer(nsIURI* aReferrer,
   bool isInBrowserElement;
   rv = GetIsInBrowserElement(&isInBrowserElement);
   NS_ENSURE_SUCCESS(rv, rv);
-  rv = secMan->GetAppCodebasePrincipal(aReferrer,
+
-                                       appId,
+  // TODO: Bug 1165466 - Pass mOriginAttributes directly.
-                                       isInBrowserElement,
+  OriginAttributes attrs(appId, isInBrowserElement);
-                                       aResult);
+  nsCOMPtr<nsIPrincipal> prin =
-  NS_ENSURE_SUCCESS(rv, rv);
+    BasePrincipal::CreateCodebasePrincipal(aReferrer, attrs);
-  return NS_OK;
+  prin.forget(aResult);
+
+  return *aResult ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP

dom/apps/AppsUtils.jsm

@@ -73,11 +73,9 @@ mozIApplication.prototype = {
     this._principal = null;
 
     try {
-      this._principal = Services.scriptSecurityManager.getAppCodebasePrincipal(
+      this._principal = Services.scriptSecurityManager.createCodebasePrincipal(
         Services.io.newURI(this.origin, null, null),
-        this.localId,
+        {appId: this.localId});
-        false /* mozbrowser */
-      );
     } catch(e) {
       dump("Could not create app principal " + e + "\n");
     }

dom/apps/OfflineCacheInstaller.jsm

@@ -228,8 +228,8 @@ function installCache(app) {
   if (!cacheManifest.exists())
     return;
 
-  let principal = Services.scriptSecurityManager.getAppCodebasePrincipal(
+  let principal =
-      app.origin, app.localId, false);
+    Services.scriptSecurityManager.createCodebasePrincipal(app.origin, {appId: aApp.localId});
 
   // If the build has been correctly configured, this should not happen!
   // If we install the cache anyway, it won't be updateable. If we don't install

dom/apps/ScriptPreloader.jsm

@@ -40,7 +40,7 @@ this.ScriptPreloader = {
       let toLoad = aManifest.precompile.length;
       let principal =
         Services.scriptSecurityManager
-                .getAppCodebasePrincipal(origin, aApp.localId, false);
+                .createCodebasePrincipal(origin, {appId: aApp.localId});
 
       aManifest.precompile.forEach((aPath) => {
         let uri = Services.io.newURI(aPath, null, origin);

dom/apps/Webapps.jsm

@@ -820,8 +820,7 @@ this.DOMApplicationRegistry = {
     let uri = Services.io.newURI(aOrigin, null, null);
     let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"]
                    .getService(Ci.nsIScriptSecurityManager);
-    let principal = secMan.getAppCodebasePrincipal(uri, aId,
+    let principal = secMan.createCodebasePrincipal(uri, {appId: aId});
-                                                   /*mozbrowser*/ false);
     if (!dataStoreService.checkPermission(principal)) {
       return;
     }
@@ -3361,8 +3360,9 @@ this.DOMApplicationRegistry = {
     let requestChannel;
 
     let appURI = NetUtil.newURI(aNewApp.origin, null, null);
-    let principal = Services.scriptSecurityManager.getAppCodebasePrincipal(
+    let principal =
-                      appURI, aNewApp.localId, false);
+      Services.scriptSecurityManager.createCodebasePrincipal(appURI,
+                                                             {appId: aNewApp.localId});
 
     if (aIsLocalFileInstall) {
       requestChannel = NetUtil.newChannel({

dom/base/nsGlobalWindow.cpp

@@ -95,7 +95,6 @@
 #include "nsThreadUtils.h"
 #include "nsILoadContext.h"
 #include "nsIPresShell.h"
-#include "nsIScriptSecurityManager.h"
 #include "nsIScrollableFrame.h"
 #include "nsView.h"
 #include "nsViewManager.h"
@@ -192,6 +191,7 @@
 #include "nsRefreshDriver.h"
 
 #include "mozilla/AddonPathService.h"
+#include "mozilla/BasePrincipal.h"
 #include "mozilla/Services.h"
 #include "mozilla/Telemetry.h"
 #include "nsLocation.h"
@@ -256,6 +256,8 @@ static const char kStorageEnabled[] = "dom.storage.enabled";
 using namespace mozilla;
 using namespace mozilla::dom;
 using namespace mozilla::dom::ipc;
+using mozilla::BasePrincipal;
+using mozilla::OriginAttributes;
 using mozilla::TimeStamp;
 using mozilla::TimeDuration;
 using mozilla::dom::cache::CacheStorage;
@@ -8587,21 +8589,14 @@ nsGlobalWindow::PostMessageMozOuter(JSContext* aCx, JS::Handle<JS::Value> aMessa
       return;
     }
 
-    nsCOMPtr<nsIScriptSecurityManager> ssm =
-      nsContentUtils::GetSecurityManager();
-    MOZ_ASSERT(ssm);
-
     nsCOMPtr<nsIPrincipal> principal = nsContentUtils::SubjectPrincipal();
     MOZ_ASSERT(principal);
 
-    uint32_t appId = principal->GetAppId();
+    OriginAttributes attrs = BasePrincipal::Cast(principal)->OriginAttributesRef();
-    bool isInBrowser = principal->GetIsInBrowserElement();
-
     // Create a nsIPrincipal inheriting the app/browser attributes from the
     // caller.
-    nsresult rv = ssm->GetAppCodebasePrincipal(originURI, appId, isInBrowser,
+    providedPrincipal = BasePrincipal::CreateCodebasePrincipal(originURI, attrs);
-                                             getter_AddRefs(providedPrincipal));
+    if (NS_WARN_IF(!providedPrincipal)) {
-    if (NS_WARN_IF(NS_FAILED(rv))) {
       return;
     }
   }

dom/browser-element/BrowserElementParent.js

@@ -833,14 +833,16 @@ BrowserElementParent.prototype = {
       catch(e) {
         debug('Malformed referrer -- ' + e);
       }
+
+      // TODO Bug 1165466: use originAttributes from nsILoadContext.
+      let attrs = {appId: this._frameLoader.loadContext.appId,
+                   inBrowser: this._frameLoader.loadContext.isInBrowserElement};
       // This simply returns null if there is no principal available
       // for the requested uri. This is an acceptable fallback when
       // calling newChannelFromURI2.
-      principal = 
+      principal =
-        Services.scriptSecurityManager.getAppCodebasePrincipal(
+        Services.scriptSecurityManager.createCodebasePrincipal(
-          referrer, 
+          referrer, attrs);
-          this._frameLoader.loadContext.appId, 
-          this._frameLoader.loadContext.isInBrowserElement);
     }
 
     debug('Using principal? ' + !!principal);

dom/browser-element/mochitest/browserElement_Auth.js

@@ -158,15 +158,17 @@ function testAuthJarNoInterfere(e) {
 
   // Set a bunch of auth data that should not conflict with the correct auth data already
   // stored in the cache.
-  var principal = secMan.getAppCodebasePrincipal(uri, 1, false);
+  var attrs = {appId: 1};
+  var principal = secMan.createCodebasePrincipal(uri, attrs);
   authMgr.setAuthIdentity('http', 'test', -1, 'basic', 'http_realm',
                           'tests/dom/browser-element/mochitest/file_http_401_response.sjs',
                           '', 'httpuser', 'wrongpass', false, principal);
-  principal = secMan.getAppCodebasePrincipal(uri, 1, true);
+  attrs = {appId: 1, inBrowser: true};
+  principal = secMan.createCodebasePrincipal(uri, attrs);
   authMgr.setAuthIdentity('http', 'test', -1, 'basic', 'http_realm',
                           'tests/dom/browser-element/mochitest/file_http_401_response.sjs',
                           '', 'httpuser', 'wrongpass', false, principal);
-  principal = secMan.getAppCodebasePrincipal(uri, secMan.NO_APP_ID, false);
+  principal = secMan.createCodebasePrincipal(uri, {});
   authMgr.setAuthIdentity('http', 'test', -1, 'basic', 'http_realm',
                           'tests/dom/browser-element/mochitest/file_http_401_response.sjs',
                           '', 'httpuser', 'wrongpass', false, principal);
@@ -196,7 +198,7 @@ function testAuthJarInterfere(e) {
   var uri = ioService.newURI("http://test/tests/dom/browser-element/mochitest/file_http_401_response.sjs", null, null);
 
   // Set some auth data that should overwrite the successful stored details.
-  var principal = secMan.getAppCodebasePrincipal(uri, secMan.NO_APP_ID, true);
+  var principal = secMan.createCodebasePrincipal(uri, {inBrowser: true});
   authMgr.setAuthIdentity('http', 'test', -1, 'basic', 'http_realm',
                           'tests/dom/browser-element/mochitest/file_http_401_response.sjs',
                           '', 'httpuser', 'wrongpass', false, principal);

dom/datastore/DataStoreService.cpp

@@ -14,6 +14,7 @@
 #include "mozilla/dom/DataStoreImplBinding.h"
 #include "nsIDataStore.h"
 
+#include "mozilla/BasePrincipal.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/Services.h"
 #include "mozilla/StaticPtr.h"
@@ -56,6 +57,9 @@
     return NS_ERROR_FAILURE;                                                \
   }
 
+using mozilla::BasePrincipal;
+using mozilla::OriginAttributes;
+
 namespace mozilla {
 namespace dom {
 
@@ -213,17 +217,10 @@ ResetPermission(uint32_t aAppId, const nsAString& aOriginURL,
     return rv;
   }
 
-  nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
+  OriginAttributes attrs(aAppId, false);
-  if (!ssm) {
+  nsCOMPtr<nsIPrincipal> principal =
-    return NS_ERROR_FAILURE;
+    BasePrincipal::CreateCodebasePrincipal(uri, attrs);
-  }
+  NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
-
-  nsCOMPtr<nsIPrincipal> principal;
-  rv = ssm->GetAppCodebasePrincipal(uri, aAppId, false,
-                                    getter_AddRefs(principal));
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return rv;
-  }
 
   nsCOMPtr<nsIPermissionManager> pm =
     do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);

dom/indexedDB/ActorsParent.cpp

@@ -18519,12 +18519,6 @@ FactoryOp::CheckAtLeastOneAppHasPermission(ContentParent* aContentParent,
       return false;
     }
 
-    nsCOMPtr<nsIScriptSecurityManager> secMan =
-      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
-    if (NS_WARN_IF(!secMan)) {
-      return false;
-    }
-
     nsCOMPtr<nsIPermissionManager> permMan =
       mozilla::services::GetPermissionManager();
     if (NS_WARN_IF(!permMan)) {
@@ -18548,24 +18542,9 @@ FactoryOp::CheckAtLeastOneAppHasPermission(ContentParent* aContentParent,
         return false;
       }
 
-      nsString origin;
-      rv = app->GetOrigin(origin);
-      if (NS_WARN_IF(NS_FAILED(rv))) {
-        return false;
-      }
-
-      nsCOMPtr<nsIURI> uri;
-      rv = NS_NewURI(getter_AddRefs(uri), origin, nullptr, nullptr, ioService);
-      if (NS_WARN_IF(NS_FAILED(rv))) {
-        return false;
-      }
-
       nsCOMPtr<nsIPrincipal> principal;
-      rv = secMan->GetAppCodebasePrincipal(uri, appId, false,
+      app->GetPrincipal(getter_AddRefs(principal));
-                                           getter_AddRefs(principal));
+      NS_ENSURE_TRUE(principal, false);
-      if (NS_WARN_IF(NS_FAILED(rv))) {
-        return false;
-      }
 
       uint32_t permission;
       rv = permMan->TestExactPermissionFromPrincipal(principal,

dom/indexedDB/test/unit/test_defaultStorageUpgrade.js

@@ -92,8 +92,9 @@ function testSteps()
       let uri = ios.newURI(params.url, null, null);
       let principal;
       if ("appId" in params) {
-        principal = ssm.getAppCodebasePrincipal(uri, params.appId,
+        principal =
-                                                params.inMozBrowser);
+          ssm.createCodebasePrincipal(uri, {appId: params.appId,
+                                            inBrowser: params.inMozBrowser});
       } else {
         principal = ssm.getNoAppCodebasePrincipal(uri);
       }

dom/ipc/AppProcessChecker.cpp

@@ -12,7 +12,6 @@
 #include "mozilla/hal_sandbox/PHalParent.h"
 #include "nsIAppsService.h"
 #include "nsIPrincipal.h"
-#include "nsIScriptSecurityManager.h"
 #include "nsPrintfCString.h"
 #include "nsIURI.h"
 #include "nsNetUtil.h"
@@ -232,21 +231,10 @@ GetAppPrincipal(uint32_t aAppId)
   nsresult rv = appsService->GetAppByLocalId(aAppId, getter_AddRefs(app));
   NS_ENSURE_SUCCESS(rv, nullptr);
 
-  nsString origin;
+  nsCOMPtr<nsIPrincipal> principal;
-  rv = app->GetOrigin(origin);
+  app->GetPrincipal(getter_AddRefs(principal));
-  NS_ENSURE_SUCCESS(rv, nullptr);
 
-  nsCOMPtr<nsIURI> uri;
+  return principal.forget();
-  NS_NewURI(getter_AddRefs(uri), origin);
-
-  nsCOMPtr<nsIScriptSecurityManager> secMan =
-    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
-
-  nsCOMPtr<nsIPrincipal> appPrincipal;
-  rv = secMan->GetAppCodebasePrincipal(uri, aAppId, false,
-                                       getter_AddRefs(appPrincipal));
-  NS_ENSURE_SUCCESS(rv, nullptr);
-  return appPrincipal.forget();
 }
 
 uint32_t

dom/ipc/TabChild.cpp

@@ -1562,23 +1562,15 @@ TabChild::MaybeRequestPreinitCamera()
       return;
     }
 
-    nsString manifestUrl = EmptyString();
+    nsCOMPtr<mozIApplication> app;
-    appsService->GetManifestURLByLocalId(OwnAppId(), manifestUrl);
+    nsresult rv = appsService->GetAppByLocalId(OwnAppId(), getter_AddRefs(app));
-    nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
-    if (NS_WARN_IF(!secMan)) {
-      return;
-    }
-
-    nsCOMPtr<nsIURI> uri;
-    nsresult rv = NS_NewURI(getter_AddRefs(uri), manifestUrl);
     if (NS_WARN_IF(NS_FAILED(rv))) {
       return;
     }
 
     nsCOMPtr<nsIPrincipal> principal;
-    rv = secMan->GetAppCodebasePrincipal(uri, OwnAppId(), false,
+    app->GetPrincipal(getter_AddRefs(principal));
-                                         getter_AddRefs(principal));
+    if (NS_WARN_IF(!principal)) {
-    if (NS_WARN_IF(NS_FAILED(rv))) {
       return;
     }
 

dom/payment/Payment.jsm

@@ -236,8 +236,9 @@ let PaymentManager =  {
         if (systemAppId != Ci.nsIScriptSecurityManager.NO_APP_ID) {
           this.LOG("Granting firefox-accounts permission to " + provider.uri);
           let uri = Services.io.newURI(provider.uri, null, null);
-          let principal = Services.scriptSecurityManager
+          let attrs = {appId: systemAppId, inBrowser: true};
-                            .getAppCodebasePrincipal(uri, systemAppId, true);
+          let principal =
+            Services.scriptSecurityManager.createCodebasePrincipal(uri, attrs);
 
           Services.perms.addFromPrincipal(principal, "firefox-accounts",
                                           Ci.nsIPermissionManager.ALLOW_ACTION,

dom/permission/PermissionSettings.js

@@ -35,10 +35,14 @@ XPCOMUtils.defineLazyServiceGetter(this,
 
 PermissionSettings.prototype = {
   get: function get(aPermName, aManifestURL, aOrigin, aBrowserFlag) {
+    // TODO: Bug 1196644 - Add signPKg parameter into PermissionSettings.js
     debug("Get called with: " + aPermName + ", " + aManifestURL + ", " + aOrigin + ", " + aBrowserFlag);
     let uri = Services.io.newURI(aOrigin, null, null);
     let appID = appsService.getAppLocalIdByManifestURL(aManifestURL);
-    let principal = Services.scriptSecurityManager.getAppCodebasePrincipal(uri, appID, aBrowserFlag);
+    let principal =
+      Services.scriptSecurityManager.createCodebasePrincipal(uri,
+                                                             {appId: appID,
+                                                              inBrowser: aBrowserFlag});
     let result = Services.perms.testExactPermanentPermission(principal, aPermName);
 
     switch (result)
@@ -59,11 +63,12 @@ PermissionSettings.prototype = {
 
   isExplicit: function isExplicit(aPermName, aManifestURL, aOrigin,
                                   aBrowserFlag) {
+    // TODO: Bug 1196644 - Add signPKg parameter into PermissionSettings.js
     debug("isExplicit: " + aPermName + ", " + aManifestURL + ", " + aOrigin);
     let uri = Services.io.newURI(aOrigin, null, null);
     let app = appsService.getAppByManifestURL(aManifestURL);
     let principal = Services.scriptSecurityManager
-      .getAppCodebasePrincipal(uri, app.localId, aBrowserFlag);
+      .createCodebasePrincipal(uri, {appId: app.localId, inBrowser: aBrowserFlag});
 
     return isExplicitInPermissionsTable(aPermName,
                                         principal.appStatus,
@@ -99,9 +104,13 @@ PermissionSettings.prototype = {
   },
 
   remove: function remove(aPermName, aManifestURL, aOrigin) {
+    // TODO: Bug 1196644 - Add signPKg parameter into PermissionSettings.js
     let uri = Services.io.newURI(aOrigin, null, null);
     let appID = appsService.getAppLocalIdByManifestURL(aManifestURL);
-    let principal = Services.scriptSecurityManager.getAppCodebasePrincipal(uri, appID, true);
+    let principal =
+      Services.scriptSecurityManager.createCodebasePrincipal(uri,
+                                                             {appId: appID,
+                                                              inBrowser: true});
 
     if (principal.appStatus !== Ci.nsIPrincipal.APP_STATUS_NOT_INSTALLED) {
       let errorMsg = "PermissionSettings.js: '" + aOrigin + "'" +

dom/permission/PermissionSettings.jsm

@@ -67,9 +67,13 @@ this.PermissionSettingsModule = {
 
 
   _internalAddPermission: function _internalAddPermission(aData, aAllowAllChanges, aCallbacks) {
+    // TODO: Bug 1196644 - Add signPKg parameter into PermissionSettings.jsm
     let uri = Services.io.newURI(aData.origin, null, null);
     let app = appsService.getAppByManifestURL(aData.manifestURL);
-    let principal = Services.scriptSecurityManager.getAppCodebasePrincipal(uri, app.localId, aData.browserFlag);
+    let principal =
+      Services.scriptSecurityManager.createCodebasePrincipal(uri,
+                                                             {appId: app.localId,
+                                                              inBrowser: aData.browserFlag});
 
     let action;
     switch (aData.value)
@@ -103,10 +107,14 @@ this.PermissionSettingsModule = {
   },
 
   getPermission: function getPermission(aPermName, aManifestURL, aOrigin, aBrowserFlag) {
+    // TODO: Bug 1196644 - Add signPKg parameter into PermissionSettings.jsm
     debug("getPermission: " + aPermName + ", " + aManifestURL + ", " + aOrigin);
     let uri = Services.io.newURI(aOrigin, null, null);
     let appID = appsService.getAppLocalIdByManifestURL(aManifestURL);
-    let principal = Services.scriptSecurityManager.getAppCodebasePrincipal(uri, appID, aBrowserFlag);
+    let principal =
+      Services.scriptSecurityManager.createCodebasePrincipal(uri,
+                                                             {appId: appID,
+                                                              inBrowser: aBrowserFlag});
     let result = Services.perms.testExactPermissionFromPrincipal(principal, aPermName);
 
     switch (result)

dom/quota/QuotaManager.cpp

@@ -5288,10 +5288,9 @@ StorageDirectoryHelper::RunOnMainThread()
           rv = secMan->GetSimpleCodebasePrincipal(uri,
                                                   getter_AddRefs(principal));
         } else {
-          rv = secMan->GetAppCodebasePrincipal(uri,
+          OriginAttributes attrs(originProps.mAppId, originProps.mInMozBrowser);
-                                               originProps.mAppId,
+          principal = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
-                                               originProps.mInMozBrowser,
+          rv = principal ? NS_OK : NS_ERROR_FAILURE;
-                                               getter_AddRefs(principal));
         }
         if (NS_WARN_IF(NS_FAILED(rv))) {
           return rv;

extensions/cookie/nsPermissionManager.cpp

@@ -126,10 +126,13 @@ GetPrincipalFromOrigin(const nsACString& aOrigin, nsIPrincipal** aPrincipal)
 nsresult
 GetPrincipal(nsIURI* aURI, uint32_t aAppId, bool aIsInBrowserElement, nsIPrincipal** aPrincipal)
 {
-  nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
+  // TODO: Bug 1165267 - Use OriginAttributes for nsCookieService
-  NS_ENSURE_TRUE(secMan, NS_ERROR_FAILURE);
+  mozilla::OriginAttributes attrs(aAppId, aIsInBrowserElement);
+  nsCOMPtr<nsIPrincipal> principal = mozilla::BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
+  NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
-  return secMan->GetAppCodebasePrincipal(aURI, aAppId, aIsInBrowserElement, aPrincipal);
+  principal.forget(aPrincipal);
+  return NS_OK;
 }
 
 nsresult

extensions/cookie/test/test_app_uninstall_permissions.html

@@ -67,19 +67,22 @@ function onInstall() {
 
   var currentPermissionCount = getPermissionCountForApp(-1);
 
-  var principal = secMan.getAppCodebasePrincipal(ioService.newURI("http://www.example.com", null, null),
+  var attrs = {appId: testAppId};
-                                                 testAppId, false);
+  var principal = secMan.createCodebasePrincipal(ioService.newURI("http://www.example.com", null, null),
+                                                 attrs);
 
   permManager.addFromPrincipal(principal, "foobar", Ci.nsIPermissionManager.ALLOW_ACTION);
   permManager.addFromPrincipal(principal, "foo", Ci.nsIPermissionManager.DENY_ACTION);
   permManager.addFromPrincipal(principal, "bar", Ci.nsIPermissionManager.ALLOW_ACTION, Ci.nsIPermissionManager.EXPIRE_SESSION, 0);
 
-  principal = secMan.getAppCodebasePrincipal(ioService.newURI("http://www.example.com", null, null),
+  attrs = {appId: testAppId, inBrowser: true};
-                                             testAppId, true);
+  principal = secMan.createCodebasePrincipal(ioService.newURI("http://www.example.com", null, null),
+                                             attrs);
   permManager.addFromPrincipal(principal, "foobar", Ci.nsIPermissionManager.ALLOW_ACTION);
 
-  principal = secMan.getAppCodebasePrincipal(ioService.newURI("http://www.example.org", null, null),
+  attrs = {appId: testAppId};
-                                             testAppId, false);
+  principal = secMan.createCodebasePrincipal(ioService.newURI("http://www.example.org", null, null),
+                                             attrs);
   permManager.addFromPrincipal(principal, "foobar", Ci.nsIPermissionManager.ALLOW_ACTION);
 
   is(getPermissionCountForApp(testAppId), 5, "App should have 5 permissions");

extensions/cookie/test/unit/test_permmanager_cleardata.js

@@ -6,7 +6,8 @@ let pm;
 // Create a principal based on the { origin, appId, browserElement }.
 function createPrincipal(aOrigin, aAppId, aBrowserElement)
 {
-  return Services.scriptSecurityManager.getAppCodebasePrincipal(NetUtil.newURI(aOrigin), aAppId, aBrowserElement);
+  var attrs = {appId: aAppId, inBrowser: aBrowserElement};
+  return Services.scriptSecurityManager.createCodebasePrincipal(NetUtil.newURI(aOrigin), attrs);
 }
 
 // Return the subject required by 'webapps-clear-data' notification.

extensions/cookie/test/unit/test_permmanager_defaults.js

@@ -55,8 +55,9 @@ add_task(function* do_test() {
   let principalHttps = Services.scriptSecurityManager.getNoAppCodebasePrincipal(TEST_ORIGIN_HTTPS);
   let principal2 = Services.scriptSecurityManager.getNoAppCodebasePrincipal(TEST_ORIGIN_2);
   let principal3 = Services.scriptSecurityManager.getNoAppCodebasePrincipal(TEST_ORIGIN_3);
-  let principal4 = Services.scriptSecurityManager.getAppCodebasePrincipal(TEST_ORIGIN, 1000, true);
+  let attrs = {appId: 1000, inBrowser: true};
-  let principal5 = Services.scriptSecurityManager.getAppCodebasePrincipal(TEST_ORIGIN_3, 1000, true);
+  let principal4 = Services.scriptSecurityManager.createCodebasePrincipal(TEST_ORIGIN, attrs);
+  let principal5 = Services.scriptSecurityManager.createCodebasePrincipal(TEST_ORIGIN_3, attrs);
 
   do_check_eq(Ci.nsIPermissionManager.ALLOW_ACTION,
               pm.testPermissionFromPrincipal(principal, TEST_PERMISSION));

extensions/cookie/test/unit/test_permmanager_matches.js

@@ -45,33 +45,37 @@ function run_test() {
   let uri4_n_n = secMan.getNoAppCodebasePrincipal(uri4);
   let uri5_n_n = secMan.getNoAppCodebasePrincipal(uri5);
 
-  let uri0_1000_n = secMan.getAppCodebasePrincipal(uri0, 1000, false);
+  let attrs = {appId: 1000};
-  let uri1_1000_n = secMan.getAppCodebasePrincipal(uri1, 1000, false);
+  let uri0_1000_n = secMan.createCodebasePrincipal(uri0, attrs);
-  let uri2_1000_n = secMan.getAppCodebasePrincipal(uri2, 1000, false);
+  let uri1_1000_n = secMan.createCodebasePrincipal(uri1, attrs);
-  let uri3_1000_n = secMan.getAppCodebasePrincipal(uri3, 1000, false);
+  let uri2_1000_n = secMan.createCodebasePrincipal(uri2, attrs);
-  let uri4_1000_n = secMan.getAppCodebasePrincipal(uri4, 1000, false);
+  let uri3_1000_n = secMan.createCodebasePrincipal(uri3, attrs);
-  let uri5_1000_n = secMan.getAppCodebasePrincipal(uri5, 1000, false);
+  let uri4_1000_n = secMan.createCodebasePrincipal(uri4, attrs);
+  let uri5_1000_n = secMan.createCodebasePrincipal(uri5, attrs);
 
-  let uri0_1000_y = secMan.getAppCodebasePrincipal(uri0, 1000, true);
+  attrs = {appId: 1000, inBrowser: true};
-  let uri1_1000_y = secMan.getAppCodebasePrincipal(uri1, 1000, true);
+  let uri0_1000_y = secMan.createCodebasePrincipal(uri0, attrs);
-  let uri2_1000_y = secMan.getAppCodebasePrincipal(uri2, 1000, true);
+  let uri1_1000_y = secMan.createCodebasePrincipal(uri1, attrs);
-  let uri3_1000_y = secMan.getAppCodebasePrincipal(uri3, 1000, true);
+  let uri2_1000_y = secMan.createCodebasePrincipal(uri2, attrs);
-  let uri4_1000_y = secMan.getAppCodebasePrincipal(uri4, 1000, true);
+  let uri3_1000_y = secMan.createCodebasePrincipal(uri3, attrs);
-  let uri5_1000_y = secMan.getAppCodebasePrincipal(uri5, 1000, true);
+  let uri4_1000_y = secMan.createCodebasePrincipal(uri4, attrs);
+  let uri5_1000_y = secMan.createCodebasePrincipal(uri5, attrs);
 
-  let uri0_2000_n = secMan.getAppCodebasePrincipal(uri0, 2000, false);
+  attrs = {appId: 2000};
-  let uri1_2000_n = secMan.getAppCodebasePrincipal(uri1, 2000, false);
+  let uri0_2000_n = secMan.createCodebasePrincipal(uri0, attrs);
-  let uri2_2000_n = secMan.getAppCodebasePrincipal(uri2, 2000, false);
+  let uri1_2000_n = secMan.createCodebasePrincipal(uri1, attrs);
-  let uri3_2000_n = secMan.getAppCodebasePrincipal(uri3, 2000, false);
+  let uri2_2000_n = secMan.createCodebasePrincipal(uri2, attrs);
-  let uri4_2000_n = secMan.getAppCodebasePrincipal(uri4, 2000, false);
+  let uri3_2000_n = secMan.createCodebasePrincipal(uri3, attrs);
-  let uri5_2000_n = secMan.getAppCodebasePrincipal(uri5, 2000, false);
+  let uri4_2000_n = secMan.createCodebasePrincipal(uri4, attrs);
+  let uri5_2000_n = secMan.createCodebasePrincipal(uri5, attrs);
 
-  let uri0_2000_y = secMan.getAppCodebasePrincipal(uri0, 2000, true);
+  attrs = {appId: 2000, inBrowser: true};
-  let uri1_2000_y = secMan.getAppCodebasePrincipal(uri1, 2000, true);
+  let uri0_2000_y = secMan.createCodebasePrincipal(uri0, attrs);
-  let uri2_2000_y = secMan.getAppCodebasePrincipal(uri2, 2000, true);
+  let uri1_2000_y = secMan.createCodebasePrincipal(uri1, attrs);
-  let uri3_2000_y = secMan.getAppCodebasePrincipal(uri3, 2000, true);
+  let uri2_2000_y = secMan.createCodebasePrincipal(uri2, attrs);
-  let uri4_2000_y = secMan.getAppCodebasePrincipal(uri4, 2000, true);
+  let uri3_2000_y = secMan.createCodebasePrincipal(uri3, attrs);
-  let uri5_2000_y = secMan.getAppCodebasePrincipal(uri5, 2000, true);
+  let uri4_2000_y = secMan.createCodebasePrincipal(uri4, attrs);
+  let uri5_2000_y = secMan.createCodebasePrincipal(uri5, attrs);
 
   pm.addFromPrincipal(uri0_n_n, "test/matches", pm.ALLOW_ACTION);
   let perm_n_n = pm.getPermissionObject(uri0_n_n, "test/matches", true);

extensions/cookie/test/unit/test_permmanager_matchesuri.js

@@ -30,8 +30,9 @@ function mk_permission(uri, isAppPermission = false) {
         .getService(Ci.nsIScriptSecurityManager);
 
   // Get the permission from the principal!
+  let attrs = {appId: 1000};
   let principal = isAppPermission ?
-        secMan.getAppCodebasePrincipal(uri, 1000, false) :
+        secMan.createCodebasePrincipal(uri, attrs) :
         secMan.getNoAppCodebasePrincipal(uri);
 
   pm.addFromPrincipal(principal, "test/matchesuri", pm.ALLOW_ACTION);

ipc/glue/BackgroundUtils.cpp

@@ -6,6 +6,7 @@
 
 #include "MainThreadUtils.h"
 #include "mozilla/Assertions.h"
+#include "mozilla/BasePrincipal.h"
 #include "mozilla/ipc/PBackgroundSharedTypes.h"
 #include "mozilla/net/NeckoChannelParams.h"
 #include "nsPrincipal.h"
@@ -23,6 +24,8 @@ namespace net {
 class OptionalLoadInfoArgs;
 }
 
+using mozilla::BasePrincipal;
+using mozilla::OriginAttributes;
 using namespace mozilla::net;
 
 namespace ipc {
@@ -77,10 +80,10 @@ PrincipalInfoToPrincipal(const PrincipalInfo& aPrincipalInfo,
       if (info.appId() == nsIScriptSecurityManager::UNKNOWN_APP_ID) {
         rv = secMan->GetSimpleCodebasePrincipal(uri, getter_AddRefs(principal));
       } else {
-        rv = secMan->GetAppCodebasePrincipal(uri,
+        // TODO: Bug 1167100 - User nsIPrincipal.originAttribute in ContentPrincipalInfo
-                                             info.appId(),
+        OriginAttributes attrs(info.appId(), info.isInBrowserElement());
-                                             info.isInBrowserElement(),
+        principal = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
-                                             getter_AddRefs(principal));
+        rv = principal ? NS_OK : NS_ERROR_FAILURE;
       }
       if (NS_WARN_IF(NS_FAILED(rv))) {
         return nullptr;

netwerk/cookie/CookieServiceParent.cpp

@@ -7,6 +7,7 @@
 #include "mozilla/dom/PContentParent.h"
 #include "mozilla/net/NeckoParent.h"
 
+#include "mozilla/BasePrincipal.h"
 #include "mozilla/ipc/URIUtils.h"
 #include "nsCookieService.h"
 #include "nsIScriptSecurityManager.h"
@@ -16,6 +17,8 @@
 #include "SerializedLoadContext.h"
 
 using namespace mozilla::ipc;
+using mozilla::BasePrincipal;
+using mozilla::OriginAttributes;
 using mozilla::dom::PContentParent;
 using mozilla::net::NeckoParent;
 
@@ -29,16 +32,16 @@ CreateDummyChannel(nsIURI* aHostURI, uint32_t aAppId, bool aInMozBrowser,
 {
   MOZ_ASSERT(aAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID);
 
-  nsCOMPtr<nsIPrincipal> principal;
+  // TODO: Bug 1165267 - Use OriginAttributes for nsCookieService 
-  nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
+  OriginAttributes attrs(aAppId, aInMozBrowser);
-  nsresult rv = ssm->GetAppCodebasePrincipal(aHostURI, aAppId, aInMozBrowser,
+  nsCOMPtr<nsIPrincipal> principal =
-                                             getter_AddRefs(principal));
+    BasePrincipal::CreateCodebasePrincipal(aHostURI, attrs);
-  if (NS_FAILED(rv)) {
+  if (!principal) {
     return;
   }
 
   nsCOMPtr<nsIURI> dummyURI;
-  rv = NS_NewURI(getter_AddRefs(dummyURI), "about:blank");
+  nsresult rv = NS_NewURI(getter_AddRefs(dummyURI), "about:blank");
   if (NS_FAILED(rv)) {
       return;
   }

netwerk/protocol/http/HttpChannelParent.cpp

@@ -17,7 +17,6 @@
 #include "nsNetUtil.h"
 #include "nsISupportsPriority.h"
 #include "nsIAuthPromptProvider.h"
-#include "nsIScriptSecurityManager.h"
 #include "nsSerializationHelper.h"
 #include "nsISerializable.h"
 #include "nsIAssociatedContentSecurity.h"
@@ -34,7 +33,10 @@
 #include "mozilla/LoadInfo.h"
 #include "nsIHttpHeaderVisitor.h"
 #include "nsQueryObject.h"
+#include "mozilla/BasePrincipal.h"
 
+using mozilla::BasePrincipal;
+using mozilla::OriginAttributes;
 using namespace mozilla::dom;
 using namespace mozilla::ipc;
 
@@ -456,17 +458,15 @@ HttpChannelParent::DoAsyncOpen(  const URIParams&           aURI,
         mLoadContext->GetIsInBrowserElement(&inBrowser);
       }
 
-      bool chooseAppCache = false;
+      // TODO: Bug 1165466 - use originAttribute in nsILoadContext.
-      nsCOMPtr<nsIScriptSecurityManager> secMan =
+      OriginAttributes attrs(appId, inBrowser);
-        do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
+      nsCOMPtr<nsIPrincipal> principal =
-      if (secMan) {
+        BasePrincipal::CreateCodebasePrincipal(uri, attrs);
-        nsCOMPtr<nsIPrincipal> principal;
-        secMan->GetAppCodebasePrincipal(uri, appId, inBrowser, getter_AddRefs(principal));
 
-        // This works because we've already called SetNotificationCallbacks and
+      bool chooseAppCache = false;
-        // done mPBOverride logic by this point.
+      // This works because we've already called SetNotificationCallbacks and
-        chooseAppCache = NS_ShouldCheckAppCache(principal, NS_UsePrivateBrowsing(mChannel));
+      // done mPBOverride logic by this point.
-      }
+      chooseAppCache = NS_ShouldCheckAppCache(principal, NS_UsePrivateBrowsing(mChannel));
 
       appCacheChan->SetChooseApplicationCache(chooseAppCache);
     }

netwerk/test/unit/test_auth_jar.js

@@ -13,9 +13,9 @@ function run_test() {
 
   var secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(Ci.nsIScriptSecurityManager);
   const kURI1 = "http://example.com";
-  var app1 = secMan.getAppCodebasePrincipal(createURI(kURI1), 1, false);
+  var app1 = secMan.createCodebasePrincipal(createURI(kURI1), {appId: 1});
-  var app10 = secMan.getAppCodebasePrincipal(createURI(kURI1), 10, false);
+  var app10 = secMan.createCodebasePrincipal(createURI(kURI1),{appId: 10});
-  var app1browser = secMan.getAppCodebasePrincipal(createURI(kURI1), 1, true);
+  var app1browser = secMan.createCodebasePrincipal(createURI(kURI1), {appId: 1, inBrowser: true});
 
   var am = Cc["@mozilla.org/network/http-auth-manager;1"].
            getService(Ci.nsIHttpAuthManager);

services/fxaccounts/tests/xpcshell/test_manager.js

@@ -25,7 +25,7 @@ function makePrincipal(origin, appId) {
   let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"]
                  .getService(Ci.nsIScriptSecurityManager);
   let uri = Services.io.newURI(origin, null, null);
-  return secMan.getAppCodebasePrincipal(uri, appId, false);
+  return secMan.createCodebasePrincipal(uri, {appId: appId});
 }
 let principal = makePrincipal('app://settings.gaiamobile.org', 27, false);
 

services/mobileid/MobileIdentityManager.jsm

@@ -897,9 +897,7 @@ this.MobileIdentityManager = {
   getMobileIdAssertion: function(aPrincipal, aPromiseId, aOptions) {
     log.debug("getMobileIdAssertion ${}", aPrincipal);
 
-    let uri = Services.io.newURI(aPrincipal.origin, null, null);
+    let principal = aPrincipal;
-    let principal = securityManager.getAppCodebasePrincipal(
-      uri, aPrincipal.appId, aPrincipal.isInBrowserElement);
     let manifestURL = appsService.getManifestURLByLocalId(aPrincipal.appId);
 
     let permission = permissionManager.testPermissionFromPrincipal(

services/mobileid/tests/xpcshell/head.js

@@ -125,9 +125,10 @@ function addPermission(aAction) {
   let uri = Cc["@mozilla.org/network/io-service;1"]
               .getService(Ci.nsIIOService)
               .newURI(ORIGIN, null, null);
+  let attrs = {appId: APP_ID};
   let _principal = Cc["@mozilla.org/scriptsecuritymanager;1"]
                      .getService(Ci.nsIScriptSecurityManager)
-                     .getAppCodebasePrincipal(uri, APP_ID, false);
+                     .createCodebasePrincipal(uri, attrs);
   let pm = Cc["@mozilla.org/permissionmanager;1"]
              .getService(Ci.nsIPermissionManager);
   pm.addFromPrincipal(_principal, MOBILEID_PERM, aAction);
@@ -137,9 +138,10 @@ function removePermission() {
   let uri = Cc["@mozilla.org/network/io-service;1"]
               .getService(Ci.nsIIOService)
               .newURI(ORIGIN, null, null);
+  let attrs = {appId: APP_ID};
   let _principal = Cc["@mozilla.org/scriptsecuritymanager;1"]
                      .getService(Ci.nsIScriptSecurityManager)
-                     .getAppCodebasePrincipal(uri, APP_ID, false);
+                     .createCodebasePrincipal(uri, attrs);
   let pm = Cc["@mozilla.org/permissionmanager;1"]
              .getService(Ci.nsIPermissionManager);
   pm.removeFromPrincipal(_principal, MOBILEID_PERM);

testing/marionette/driver/marionette_driver/marionette.py

@@ -809,9 +809,10 @@ class Marionette(object):
                 Components.utils.import("resource://gre/modules/Services.jsm");
                 let perm = arguments[0];
                 let secMan = Services.scriptSecurityManager;
-                let principal = secMan.getAppCodebasePrincipal(
+                let attrs = {appId: perm.appId, inBrowser: perm.isInBrowserElement};
+                let principal = secMan.createCodebasePrincipal(
                                 Services.io.newURI(perm.url, null, null),
-                                perm.appId, perm.isInBrowserElement);
+                                attrs);
                 let testPerm = Services.perms.testPermissionFromPrincipal(
                                principal, perm.type);
                 return testPerm;
@@ -870,8 +871,9 @@ class Marionette(object):
                 Components.utils.import("resource://gre/modules/Services.jsm");
                 let perm = arguments[0];
                 let secMan = Services.scriptSecurityManager;
-                let principal = secMan.getAppCodebasePrincipal(Services.io.newURI(perm.url, null, null),
+                let attrs = {appId: perm.appId, inBrowser: perm.isInBrowserElement};
-                                perm.appId, perm.isInBrowserElement);
+                let principal = secMan.createCodebasePrincipal(Services.io.newURI(perm.url, null, null),
+                                                               attrs);
                 Services.perms.addFromPrincipal(principal, perm.type, perm.action);
                 return true;
                 """, script_args=[perm])

testing/mochitest/tests/Harness_sanity/test_bug816847.html

@@ -36,12 +36,7 @@ const perms = ['network-events', 'geolocation', 'camera', 'alarms']
 function createPrincipal(aURI, aIsApp, aIsInBrowserElement) {
   if(aIsApp) {
     var app = appsSvc.getAppByManifestURL(aURI);
-    var localId = appsSvc.getAppLocalIdByManifestURL(aURI);
+    return app.principal;
-    var uri = Services.io.newURI(app.origin, null, null);
-    return Services.scriptSecurityManager
-                   .getAppCodebasePrincipal(uri,
-                                            localId,
-                                            aIsInBrowserElement);
   }
 
   var uri = Services.io.newURI(aURI, null, null);

testing/specialpowers/content/SpecialPowersObserverAPI.js

@@ -314,7 +314,9 @@ SpecialPowersObserverAPI.prototype = {
         let msg = aMessage.json;
 
         let secMan = Services.scriptSecurityManager;
-        let principal = secMan.getAppCodebasePrincipal(this._getURI(msg.url), msg.appId, msg.isInBrowserElement);
+        // TODO: Bug 1196665 - Add originAttributes into SpecialPowers
+        let attrs = {appId: msg.appId, inBrowser: msg.isInBrowserElement};
+        let principal = secMan.createCodebasePrincipal(this._getURI(msg.url), attrs);
 
         switch (msg.op) {
           case "add":

uriloader/prefetch/OfflineCacheUpdateParent.cpp

@@ -5,6 +5,7 @@
 
 #include "OfflineCacheUpdateParent.h"
 
+#include "mozilla/BasePrincipal.h"
 #include "mozilla/dom/TabParent.h"
 #include "mozilla/ipc/URIUtils.h"
 #include "mozilla/unused.h"
@@ -12,9 +13,10 @@
 #include "nsIApplicationCache.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsNetUtil.h"
-#include "nsContentUtils.h"
 
 using namespace mozilla::ipc;
+using mozilla::BasePrincipal;
+using mozilla::OriginAttributes;
 using mozilla::dom::TabParent;
 
 //
@@ -91,10 +93,10 @@ OfflineCacheUpdateParent::Schedule(const URIParams& aManifestURI,
 
     bool offlinePermissionAllowed = false;
 
-    nsCOMPtr<nsIPrincipal> principal;
+    // TODO: Bug 1165466 - use OriginAttributes
-    nsContentUtils::GetSecurityManager()->
+    OriginAttributes attrs(mAppId, mIsInBrowserElement);
-        GetAppCodebasePrincipal(manifestURI, mAppId, mIsInBrowserElement,
+    nsCOMPtr<nsIPrincipal> principal =
-                                getter_AddRefs(principal));
+      BasePrincipal::CreateCodebasePrincipal(manifestURI, attrs);
 
     nsresult rv = service->OfflineAppAllowed(
         principal, nullptr, &offlinePermissionAllowed);