Bug 827895 - Settings app should not show the session permissions of apps, r=mounir

2024-09-13 09:24:08 -07:00 · 2013-01-10 21:23:39 +01:00 · 2013-01-10 21:23:39 +01:00 · 3066e0aff8
commit 3066e0aff8
parent 7668fbc3ee
4 changed files with 45 additions and 8 deletions
--- a/dom/permission/PermissionSettings.js
+++ b/dom/permission/PermissionSettings.js
@ -50,7 +50,7 @@ PermissionSettings.prototype = {
    let uri = Services.io.newURI(aOrigin, null, null);
    let appID = appsService.getAppLocalIdByManifestURL(aManifestURL);
    let principal = secMan.getAppCodebasePrincipal(uri, appID, aBrowserFlag);
-    let result = permissionManager.testExactPermissionFromPrincipal(principal, aPermName);
+    let result = permissionManager.testExactPermanentPermission(principal, aPermName);

    switch (result)
    {
--- a/extensions/cookie/nsPermissionManager.cpp
+++ b/extensions/cookie/nsPermissionManager.cpp
@ -909,6 +909,21 @@ nsPermissionManager::TestExactPermissionFromPrincipal(nsIPrincipal* aPrincipal,
 {
  NS_ENSURE_ARG_POINTER(aPrincipal);

+  if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
+    *aPermission = nsIPermissionManager::ALLOW_ACTION;
+    return NS_OK;
+  }
+
+  return CommonTestPermission(aPrincipal, aType, aPermission, true, true);
+}
+
+NS_IMETHODIMP
+nsPermissionManager::TestExactPermanentPermission(nsIPrincipal* aPrincipal,
+                                                  const char* aType,
+                                                  uint32_t* aPermission)
+{
+  NS_ENSURE_ARG_POINTER(aPrincipal);
+
  // System principals do not have URI so we can't try to get
  // retro-compatibility here.
  if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
@ -916,7 +931,7 @@ nsPermissionManager::TestExactPermissionFromPrincipal(nsIPrincipal* aPrincipal,
    return NS_OK;
  }

-  return CommonTestPermission(aPrincipal, aType, aPermission, true);
+  return CommonTestPermission(aPrincipal, aType, aPermission, true, false);
 }

 NS_IMETHODIMP
@ -965,14 +980,15 @@ nsPermissionManager::TestPermissionFromPrincipal(nsIPrincipal* aPrincipal,
    return NS_OK;
  }

-  return CommonTestPermission(aPrincipal, aType, aPermission, false);
+  return CommonTestPermission(aPrincipal, aType, aPermission, false, true);
 }

 nsresult
 nsPermissionManager::CommonTestPermission(nsIPrincipal* aPrincipal,
                                          const char *aType,
                                          uint32_t   *aPermission,
-                                          bool        aExactHostMatch)
+                                          bool        aExactHostMatch,
+                                          bool        aIncludingSession)
 {
  NS_ENSURE_ARG_POINTER(aPrincipal);
  NS_ENSURE_ARG_POINTER(aType);
@ -1016,10 +1032,17 @@ nsPermissionManager::CommonTestPermission(nsIPrincipal* aPrincipal,

  PermissionHashKey* entry = GetPermissionHashKey(host, appId, isInBrowserElement,
                                                  typeIndex, aExactHostMatch);
-  if (entry) {
-    *aPermission = entry->GetPermission(typeIndex).mPermission;
+  if (!entry ||
+      (!aIncludingSession &&
+       entry->GetPermission(typeIndex).mNonSessionExpireType ==
+         nsIPermissionManager::EXPIRE_SESSION)) {
+    return NS_OK;
  }

+  *aPermission = aIncludingSession
+                   ? entry->GetPermission(typeIndex).mPermission
+                   : entry->GetPermission(typeIndex).mNonSessionPermission;
+
  return NS_OK;
 }

--- a/extensions/cookie/nsPermissionManager.h
+++ b/extensions/cookie/nsPermissionManager.h
@ -217,7 +217,8 @@ private:
  nsresult CommonTestPermission(nsIPrincipal* aPrincipal,
                                const char *aType,
                                uint32_t   *aPermission,
-                                bool        aExactHostMatch);
+                                bool        aExactHostMatch,
+                                bool        aIncludingSession);

  nsresult InitDB(bool aRemoveFile);
  nsresult CreateTable();
--- a/netwerk/base/public/nsIPermissionManager.idl
+++ b/netwerk/base/public/nsIPermissionManager.idl
@ -36,7 +36,7 @@ interface nsIObserver;
 interface nsIPrincipal;
 interface nsIDOMWindow;

-[scriptable, uuid(9b6ffbb9-5536-4216-afcf-1b7cd7b54005)]
+[scriptable, uuid(b38c982d-30bc-463f-9afc-0ca339eac03c)]
 interface nsIPermissionManager : nsISupports
 {
  /**
@ -173,6 +173,19 @@ interface nsIPermissionManager : nsISupports
  uint32_t testExactPermissionFromPrincipal(in nsIPrincipal principal,
                                            in string type);

+  /**
+   * Test whether a website has permission to perform the given action
+   * ignoring active sessions.
+   * System principals will always have permissions granted.
+   *
+   * @param principal the principal
+   * @param type      a case-sensitive ASCII string, identifying the consumer
+   * @param return    see add(), param permission. returns UNKNOWN_ACTION when
+   *                  there is no stored permission for this uri and / or type.
+   */
+  uint32_t testExactPermanentPermission(in nsIPrincipal principal,
+                                        in string type);
+
   /**
    * Increment or decrement our "refcount" of an app id.
    *