Bug 773891 - With AppsService changes

build/automation.py.in

@@ -304,11 +304,13 @@ class Automation(object):
 "installTime": 132333986000,
 "manifestURL": "$manifestURL",
 "localId": $localId,
-"appStatus": $appStatus
+"appStatus": $appStatus,
+"csp": "$csp"
 }""")
 
     manifestTemplate = Template("""{
   "name": "$name",
+  "csp": "$csp",
   "description": "$description",
   "launch_path": "/",
   "developer": {
@@ -530,6 +532,7 @@ user_pref("camino.use_system_proxy_settings", false); // Camino-only, harmless t
     apps = [
       {
         'name': 'http_example_org',
+        'csp': '',
         'origin': 'http://example.org',
         'manifestURL': 'http://example.org/manifest.webapp',
         'description': 'http://example.org App',
@@ -537,6 +540,7 @@ user_pref("camino.use_system_proxy_settings", false); // Camino-only, harmless t
       },
       {
         'name': 'https_example_com',
+        'csp': '',
         'origin': 'https://example.com',
         'manifestURL': 'https://example.com/manifest.webapp',
         'description': 'https://example.com App',
@@ -544,6 +548,7 @@ user_pref("camino.use_system_proxy_settings", false); // Camino-only, harmless t
       },
       {
         'name': 'http_test1_example_org',
+        'csp': '',
         'origin': 'http://test1.example.org',
         'manifestURL': 'http://test1.example.org/manifest.webapp',
         'description': 'http://test1.example.org App',
@@ -551,6 +556,7 @@ user_pref("camino.use_system_proxy_settings", false); // Camino-only, harmless t
       },
       {
         'name': 'http_test1_example_org_8000',
+        'csp': '',
         'origin': 'http://test1.example.org:8000',
         'manifestURL': 'http://test1.example.org:8000/manifest.webapp',
         'description': 'http://test1.example.org:8000 App',
@@ -558,6 +564,7 @@ user_pref("camino.use_system_proxy_settings", false); // Camino-only, harmless t
       },
       {
         'name': 'http_sub1_test1_example_org',
+        'csp': '',
         'origin': 'http://sub1.test1.example.org',
         'manifestURL': 'http://sub1.test1.example.org/manifest.webapp',
         'description': 'http://sub1.test1.example.org App',
@@ -565,6 +572,7 @@ user_pref("camino.use_system_proxy_settings", false); // Camino-only, harmless t
       },
       {
         'name': 'https_example_com_privileged',
+        'csp': '',
         'origin': 'https://example.com',
         'manifestURL': 'https://example.com/manifest_priv.webapp',
         'description': 'https://example.com Privileged App',
@@ -572,11 +580,36 @@ user_pref("camino.use_system_proxy_settings", false); // Camino-only, harmless t
       },
       {
         'name': 'https_example_com_certified',
+        'csp': '',
         'origin': 'https://example.com',
         'manifestURL': 'https://example.com/manifest_cert.webapp',
         'description': 'https://example.com Certified App',
         'appStatus': _APP_STATUS_CERTIFIED
       },
+      {
+        'name': 'https_example_csp_certified',
+        'csp': "default-src *; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'",
+        'origin': 'https://example.com',
+        'manifestURL': 'https://example.com/manifest_csp_cert.webapp',
+        'description': 'https://example.com Certified App with manifest policy',
+        'appStatus': _APP_STATUS_CERTIFIED
+      }, 
+      {
+        'name': 'https_example_csp_installed',
+        'csp': "default-src *; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'",
+        'origin': 'https://example.com',
+        'manifestURL': 'https://example.com/manifest_csp_inst.webapp',
+        'description': 'https://example.com Installed App with manifest policy',
+        'appStatus': _APP_STATUS_INSTALLED
+      }, 
+      {
+        'name': 'https_example_csp_privileged',
+        'csp': "default-src *; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'",
+        'origin': 'https://example.com',
+        'manifestURL': 'https://example.com/manifest_csp_priv.webapp',
+        'description': 'https://example.com Privileged App with manifest policy',
+        'appStatus': _APP_STATUS_PRIVILEGED
+      }, 
     ];
     self.setupTestApps(profileDir, apps)
 

content/base/src/nsDocument.cpp

@@ -170,6 +170,7 @@
 #include "imgILoader.h"
 #include "nsWrapperCacheInlines.h"
 #include "nsSandboxFlags.h"
+#include "nsIAppsService.h"
 
 using namespace mozilla;
 using namespace mozilla::dom;
@@ -2276,6 +2277,22 @@ nsDocument::InitCSP(nsIChannel* aChannel)
       NS_SUCCEEDED(principal->GetAppStatus(&appStatus))) {
     applyAppDefaultCSP = ( appStatus == nsIPrincipal::APP_STATUS_PRIVILEGED ||
                            appStatus == nsIPrincipal::APP_STATUS_CERTIFIED);
+
+    // Bug 773981. Allow a per-app policy from the manifest.
+    // Just read the CSP from the manifest into cspHeaderValue.
+    // That way we don't have to change the rest of the function logic
+    if (applyAppDefaultCSP || appStatus == nsIPrincipal::APP_STATUS_INSTALLED) {
+      nsCOMPtr<nsIAppsService> appsService =
+        do_GetService(APPS_SERVICE_CONTRACTID);
+
+      if (appsService)  {
+        uint32_t appId;
+
+        if ( NS_SUCCEEDED(principal->GetAppId(&appId)) ) {
+          appsService->GetCSPByLocalId(appId, cspHeaderValue);
+        }
+      }
+    }
   }
 #ifdef PR_LOGGING
   else

content/base/test/Makefile.in

@@ -373,6 +373,8 @@ MOCHITEST_FILES_B = \
 		file_CSP_evalscript_main.js \
 		file_csp_bug768029.html \
 		file_csp_bug768029.sjs \
+		file_csp_bug773891.html \
+		file_csp_bug773891.sjs \
 		test_bug540854.html \
 		bug540854.sjs \
 		test_bug548463.html \

content/base/test/chrome/Makefile.in

@@ -48,6 +48,7 @@ MOCHITEST_CHROME_FILES = \
     test_bug780529.xul \
     test_csp_bug768029.html \
     test_bug800386.xul \
+    test_csp_bug773891.html \
     $(NULL)
 
 include $(topsrcdir)/config/rules.mk

content/base/test/chrome/test_csp_bug773891.html

@@ -0,0 +1,228 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+  https://bugzilla.mozilla.org/show_bug.cgi?id=768029
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test for CSP on trusted/certified and installed apps -- bug 773891</title>
+  <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=773891">Mozilla Bug 773891</a>
+<p id="display"></p>
+<div id="content">
+
+</div>
+<pre id="test">
+<script type="application/javascript;version=1.7">
+
+Components.utils.import("resource://gre/modules/Services.jsm");
+
+/** Test for Bug 773891 **/
+
+// Note: we don't have to inspect all the different operations of CSP,
+// we're just looking for specific differences in behavior that indicate
+// a default CSP got applied.
+const DEFAULT_CSP_PRIV = "default-src *; script-src *; style-src 'self' 'unsafe-inline'; object-src 'none'";
+const DEFAULT_CSP_CERT = "default-src *; script-src *; style-src 'self'; object-src 'none'";
+
+const MANIFEST_CSP_PRIV = "default-src *; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'";
+const MANIFEST_CSP_INST = "default-src *; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'";
+const MANIFEST_CSP_CERT = "default-src *; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'";
+
+SimpleTest.waitForExplicitFinish();
+
+var gData = [
+
+  {
+    app: "https://example.com/manifest_csp_inst.webapp",
+    appStatus: Components.interfaces.nsIPrincipal.APP_STATUS_INSTALLED,
+    csp: MANIFEST_CSP_INST,
+    origin: "https://example.com",
+    uri: "https://example.com/tests/content/base/test/file_csp_bug773891.html",
+    statusString: "installed app",
+    expectedTestResults: {
+      max_tests: 7, /* number of bools below plus one for the status check */
+      cross_origin: { img: true,  script: false, style: false },
+      same_origin:  { img: true,  script: true,  style: true  },
+    },
+  },
+  {
+    app: "https://example.com/manifest_csp_cert.webapp",
+    appStatus: Components.interfaces.nsIPrincipal.APP_STATUS_CERTIFIED,
+    csp: MANIFEST_CSP_CERT,
+    origin: "https://example.com",
+    uri: "https://example.com/tests/content/base/test/file_csp_bug773891.html",
+    statusString: "certified app",
+    expectedTestResults: {
+      max_tests: 7, /* number of bools below plus one for the status check */
+      cross_origin: { img: true,  script: false, style: false },
+      same_origin:  { img: true,  script: true,  style: true  },
+    },
+  },
+  {
+    app: "https://example.com/manifest_csp_priv.webapp",
+    appStatus: Components.interfaces.nsIPrincipal.APP_STATUS_PRIVILEGED,
+    csp: MANIFEST_CSP_PRIV,
+    origin: "https://example.com",
+    uri: "https://example.com/tests/content/base/test/file_csp_bug773891.html",
+    statusString: "privileged app",
+    expectedTestResults: {
+      max_tests: 7, /* number of bools below plus one for the status check */
+      cross_origin: { img: true,  script: false, style: false },
+      same_origin:  { img: true,  script: true,  style: true  },
+    },
+  },
+];
+
+// Observer for watching allowed loads and blocked attempts
+function ThingyListener(app, iframe) {
+  Services.obs.addObserver(this, "csp-on-violate-policy", false);
+  Services.obs.addObserver(this, "http-on-modify-request", false);
+  dump("added observers\n");
+  // keep track of which app ID this test is monitoring.
+  this._testData = app;
+  this._expectedResults = app.expectedTestResults;
+  this._resultsRecorded = { cross_origin: {}, same_origin: {}};
+  this._iframe = iframe;
+  this._countedTests = 0;
+}
+ThingyListener.prototype = {
+
+  observe: function(subject, topic, data) {
+    // make sure to only observe app-generated calls to the helper for this test.
+    var testpat = new RegExp("file_csp_bug773891\\.sjs");
+
+    // used to extract which kind of load this is (img, script, etc).
+    var typepat = new RegExp("type=([\\_a-z0-9]+)");
+
+    // used to identify whether it's cross-origin or same-origin loads
+    // (the applied CSP allows same-origin loads).
+    var originpat = new RegExp("origin=([\\_a-z0-9]+)");
+
+    if (topic === "http-on-modify-request") {
+      // Matching requests on this topic were allowed by the csp
+      var chan = subject.QueryInterface(Components.interfaces.nsIHttpChannel);
+      var uri = chan.URI;
+      // ignore irrelevent URIs
+      if (!testpat.test(uri.asciiSpec)) return;
+
+      var loadType = typepat.exec(uri.asciiSpec)[1];
+      var originType = originpat.exec(uri.asciiSpec)[1];
+
+      // skip duplicate hits to this topic (potentially document loads
+      // may generate duplicate loads.
+      if (this._resultsRecorded[originType] &&
+          this._resultsRecorded[originType][loadType]) {
+        return;
+      }
+      var message = originType + " : " + loadType + " should be " +
+                    (this._expectedResults[originType][loadType] ? "allowed" : "blocked");
+      ok(this._expectedResults[originType][loadType] == true, message);
+      this._resultsRecorded[originType][loadType] = true;
+      this._countedTests++;
+    }
+    else if (topic === "csp-on-violate-policy") {
+      // Matching hits on this topic were blocked by the csp
+      var uri = subject.QueryInterface(Components.interfaces.nsIURI);
+      // ignore irrelevent URIs
+      if (!testpat.test(uri.asciiSpec)) return;
+
+      var loadType = typepat.exec(uri.asciiSpec)[1];
+      var originType = originpat.exec(uri.asciiSpec)[1];
+
+      // skip duplicate hits to this topic (potentially document loads
+      // may generate duplicate loads.
+      if (this._resultsRecorded[originType] &&
+          this._resultsRecorded[originType][loadType]) {
+        return;
+      }
+
+      var message = originType + " : " + loadType + " should be " +
+                    (this._expectedResults[originType][loadType] ? "allowed" : "blocked");
+      ok(this._expectedResults[originType][loadType] == false, message);
+      this._resultsRecorded[originType][loadType] = true;
+      this._countedTests++;
+    }
+    else {
+      // wrong topic!  Nothing to do.
+      return;
+    }
+
+    this._checkForFinish();
+  },
+
+  _checkForFinish: function() {
+    // check to see if there are load tests still pending.
+    // (All requests triggered by the app should hit one of the
+    // two observer topics.)
+    if (this._countedTests == this._expectedResults.max_tests) {
+      Services.obs.removeObserver(this, "csp-on-violate-policy");
+      Services.obs.removeObserver(this, "http-on-modify-request");
+      dump("removed observers\n");
+      checkedCount++;
+      if (checkedCount == checksTodo) {
+        SpecialPowers.removePermission("browser", "https://example.com");
+        SimpleTest.finish();
+      } else {
+        gTestRunner.next();
+      }
+    }
+  },
+
+  // verify the status of the app
+  checkAppStatus: function() {
+    var principal = this._iframe.contentDocument.nodePrincipal;
+    if (this._testData.app) {
+      is(principal.appStatus, this._testData.appStatus,
+         "iframe principal's app status doesn't match the expected app status.");
+      this._countedTests++;
+      this._checkForFinish();
+    }
+  }
+}
+
+var content = document.getElementById('content');
+var checkedCount = 0; // number of apps checked
+var checksTodo = gData.length;
+
+// quick check to make sure we can test apps:
+is('appStatus' in document.nodePrincipal, true,
+   'appStatus should be present in nsIPrincipal, if not the rest of this test will fail');
+
+function runTest() {
+  for (var i = 0; i < gData.length; i++) {
+    let data = gData[i];
+    var iframe = document.createElement('iframe');
+
+    // watch for successes and failures
+    var examiner = new ThingyListener(data, iframe);
+
+    iframe.setAttribute('mozapp', data.app);
+    iframe.setAttribute('mozbrowser', 'true');
+    iframe.addEventListener('load', examiner.checkAppStatus.bind(examiner));
+    iframe.src = data.uri;
+
+    content.appendChild(iframe);
+
+    yield;
+  }
+}
+
+var gTestRunner = runTest();
+
+// load the default CSP and pref it on
+SpecialPowers.addPermission("browser", true, "https://example.com");
+
+SpecialPowers.pushPrefEnv({'set': [["dom.mozBrowserFramesEnabled", true],
+                                   ["security.apps.privileged.CSP.default", DEFAULT_CSP_PRIV],
+                                   ["security.apps.certified.CSP.default", DEFAULT_CSP_CERT]]},
+                          function() {  gTestRunner.next(); });
+
+
+</script>
+</pre>
+</body>
+</html>

content/base/test/file_csp_bug773891.html

@@ -0,0 +1,25 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+  https://bugzilla.mozilla.org/show_bug.cgi?id=773891
+-->
+<head>
+  <meta charset="utf-8">
+    <title>This is an app for csp testing</title>
+
+    <link rel="stylesheet" type="text/css"
+          href="file_csp_bug773891.sjs?type=style&origin=same_origin" />
+    <link rel="stylesheet" type="text/css"
+          href="http://example.com/tests/content/base/test/file_csp_bug773891.sjs?type=style&origin=cross_origin" />
+  </head>
+  <body>
+
+    <script src="file_csp_bug773891.sjs?type=script&origin=same_origin"></script>
+    <script src="http://example.com/tests/content/base/test/file_csp_bug773891.sjs?type=script&origin=cross_origin"></script>
+    <img src="file_csp_bug773891.sjs?type=img&origin=same_origin" />
+    <img src="http://example.com/tests/content/base/test/file_csp_bug773891.sjs?type=img&origin=cross_origin" />
+
+    Test for CSP applied to (simulated) app.
+
+  </body>
+</html>

content/base/test/file_csp_bug773891.sjs

@@ -0,0 +1,29 @@
+function handleRequest(request, response) {
+
+  var query = {};
+
+  request.queryString.split('&').forEach(function(val) {
+    var [name, value] = val.split('=');
+    query[name] = unescape(value);
+  });
+  response.setHeader("Cache-Control", "no-cache", false);
+
+  if ("type" in query) {
+    switch (query.type) {
+      case "script":
+        response.setHeader("Content-Type", "application/javascript");
+        response.write("\n\ndocument.write('<pre>script loaded\\n</pre>');\n\n");
+        return;
+      case "style":
+        response.setHeader("Content-Type", "text/css");
+        response.write("\n\n.cspfoo { color:red; }\n\n");
+        return;
+      case "img":
+        response.setHeader("Content-Type", "image/png");
+        return;
+    }
+  }
+
+  response.setHeader("Content-Type", "text/plain");
+  response.write("ohnoes!");
+}

dom/apps/src/AppsService.js

@@ -27,6 +27,12 @@ function AppsService()
 }
 
 AppsService.prototype = {
+
+  getCSPByLocalId: function getCSPByLocalId(localId) {
+    debug("GetCSPByLocalId( " + localId + " )");
+    return DOMApplicationRegistry.getCSPByLocalId(localId);
+  },
+
   getAppByManifestURL: function getAppByManifestURL(aManifestURL) {
     debug("GetAppByManifestURL( " + aManifestURL + " )");
     return DOMApplicationRegistry.getAppByManifestURL(aManifestURL);

dom/apps/src/AppsServiceChild.jsm

@@ -68,6 +68,11 @@ let DOMApplicationRegistry = {
     return AppsUtils.getAppLocalIdByManifestURL(this.webapps, aManifestURL);
   },
 
+  getCSPByLocalId: function(aLocalId) {
+    debug("getCSPByLocalId:" + aLocalId);
+    return AppsUtils.getCSPByLocalId(this.webapps, aLocalId);
+  },
+
   getAppByLocalId: function getAppByLocalId(aLocalId) {
     debug("getAppByLocalId " + aLocalId);
     return AppsUtils.getAppByLocalId(this.webapps, aLocalId);

dom/apps/src/AppsUtils.jsm

@@ -25,6 +25,7 @@ let AppsUtils = {
   cloneAppObject: function cloneAppObject(aApp) {
     return {
       name: aApp.name,
+      csp: aApp.csp,
       installOrigin: aApp.installOrigin,
       origin: aApp.origin,
       receipts: aApp.receipts ? JSON.parse(JSON.stringify(aApp.receipts)) : null,
@@ -90,6 +91,18 @@ let AppsUtils = {
     return Ci.nsIScriptSecurityManager.NO_APP_ID;
   },
 
+  getCSPByLocalId: function getCSPByLocalId(aApps, aLocalId) {
+    debug("getCSPByLocalId " + aLocalId);
+    for (let id in aApps) {
+      let app = aApps[id];
+      if (app.localId == aLocalId) {
+	  return ( app.csp || "" );
+      }
+    }
+
+    return "";
+  },
+
   getAppByLocalId: function getAppByLocalId(aApps, aLocalId) {
     debug("getAppByLocalId " + aLocalId);
     for (let id in aApps) {

dom/apps/src/Webapps.jsm

@@ -139,13 +139,22 @@ let DOMApplicationRegistry = {
   // Registers all the activities and system messages.
   registerAppsHandlers: function registerAppsHandlers() {
     this.notifyAppsRegistryStart();
-#ifdef MOZ_SYS_MSG
     let ids = [];
     for (let id in this.webapps) {
       ids.push({ id: id });
     }
+#ifdef MOZ_SYS_MSG
     this._processManifestForIds(ids);
 #else
+    // Read the CSPs. If MOZ_SYS_MSG is defined this is done on
+    // _processManifestForIds so as to not reading the manifests
+    // twice
+    this._readManifests(ids, (function readCSPs(aResults) {
+      aResults.forEach(function registerManifest(aResult) {
+        this.webapps[aResult.id].csp = manifest.csp || "";
+      }, this);
+    }).bind(this));
+
     // Nothing else to do but notifying we're ready.
     this.notifyAppsRegistryReady();
 #endif
@@ -419,6 +428,7 @@ let DOMApplicationRegistry = {
         let app = this.webapps[aResult.id];
         let manifest = aResult.manifest;
         app.name = manifest.name;
+        app.csp = manifest.csp || "";
         this._registerSystemMessages(manifest, app);
         appsToRegister.push({ manifest: manifest, app: app });
       }, this);
@@ -884,6 +894,7 @@ let DOMApplicationRegistry = {
       }
 
       app.name = aManifest.name;
+      app.csp = aManifest.csp || "";
 
       // Update the registry.
       this.webapps[id] = app;
@@ -1037,6 +1048,7 @@ let DOMApplicationRegistry = {
     }
 
     appObject.name = manifest.name;
+    appObject.csp = manifest.csp || "";
 
     this.webapps[id] = appObject;
 
@@ -1506,6 +1518,11 @@ let DOMApplicationRegistry = {
     return AppsUtils.getAppByManifestURL(this.webapps, aManifestURL);
   },
 
+  getCSPByLocalId: function(aLocalId) {
+    debug("getCSPByLocalId:" + aLocalId);
+    return AppsUtils.getCSPByLocalId(this.webapps, aLocalId);
+  },
+
   getAppByLocalId: function(aLocalId) {
     return AppsUtils.getAppByLocalId(this.webapps, aLocalId);
   },

dom/interfaces/apps/mozIApplication.idl

@@ -11,7 +11,7 @@
  * We expose Gecko-internal helpers related to "web apps" through this
  * sub-interface.
  */
-[scriptable, uuid(efe22f80-f973-11e1-8a00-b7888ac0d2b9)]
+[scriptable, uuid(8ac7827f-f982-40fb-be11-ba16dd665635)]
 interface mozIApplication: mozIDOMApplication
 {
   /* Return true if this app has |permission|. */
@@ -25,4 +25,7 @@ interface mozIApplication: mozIDOMApplication
 
   /* Name copied from the manifest */
   readonly attribute DOMString name;
+
+  /* CSP copied from the manifest */
+  readonly attribute DOMString csp;
 };

dom/interfaces/apps/nsIAppsService.idl

@@ -16,7 +16,7 @@ interface mozIApplication;
  * This service allows accessing some DOMApplicationRegistry methods from
  * non-javascript code.
  */
-[scriptable, uuid(1f0ec00c-57c7-4ad2-a648-1359aa390360)]
+[scriptable, uuid(4a182c18-dbdf-4f9c-93a0-0f0cffb88ed0)]
 interface nsIAppsService : nsISupports
 {
   mozIDOMApplication getAppByManifestURL(in DOMString manifestURL);
@@ -45,4 +45,9 @@ interface nsIAppsService : nsISupports
    * of the message when listening to one.
    */
   mozIApplication getAppFromObserverMessage(in DOMString message);
+
+  /**
+   * Returns the CSP associated to this localId.
+   */
+  DOMString getCSPByLocalId(in unsigned long localId);
 };