Bug 897516 - Implement a separate cookie jar for safebrowsing - cookie separation part. r=mmc

caps/idl/nsIScriptSecurityManager.idl

@@ -227,6 +227,7 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
 
     const unsigned long NO_APP_ID = 0;
     const unsigned long UNKNOWN_APP_ID = 4294967295; // UINT32_MAX
+    const unsigned long SAFEBROWSING_APP_ID = 4294967294; // UINT32_MAX - 1
 
     /**
      * Returns the jar prefix for the app.

docshell/base/LoadContext.cpp

@@ -8,7 +8,7 @@
 
 namespace mozilla {
 
-NS_IMPL_ISUPPORTS1(LoadContext, nsILoadContext)
+NS_IMPL_ISUPPORTS2(LoadContext, nsILoadContext, nsIInterfaceRequestor)
 
 //-----------------------------------------------------------------------------
 // LoadContext::nsILoadContext
@@ -111,4 +111,22 @@ LoadContext::GetAppId(uint32_t* aAppId)
   return NS_OK;
 }
 
+//-----------------------------------------------------------------------------
+// LoadContext::nsIInterfaceRequestor
+//-----------------------------------------------------------------------------
+NS_IMETHODIMP
+LoadContext::GetInterface(const nsIID &aIID, void **aResult)
+{
+  NS_ENSURE_ARG_POINTER(aResult);
+  *aResult = nullptr;
+
+  if (aIID.Equals(NS_GET_IID(nsILoadContext))) {
+    *aResult = static_cast<nsILoadContext*>(this);
+    NS_ADDREF_THIS();
+    return NS_OK;
+  }
+
+  return NS_NOINTERFACE;
+}
+
 } // namespace mozilla

docshell/base/LoadContext.h

@@ -11,6 +11,7 @@
 #include "mozilla/Attributes.h"
 #include "nsIWeakReferenceUtils.h"
 #include "mozilla/dom/Element.h"
+#include "nsIInterfaceRequestor.h"
 
 class mozIApplication;
 
@@ -24,13 +25,18 @@ namespace mozilla {
  * typically provided by nsDocShell.  This is only used when the original
  * docshell is in a different process and we need to copy certain values from
  * it.
+ *
+ * Note: we also generate a new nsILoadContext using LoadContext(uint32_t aAppId)
+ * to separate the safebrowsing cookie.
  */
 
-class LoadContext MOZ_FINAL : public nsILoadContext
+class LoadContext MOZ_FINAL : public nsILoadContext,
+                              public nsIInterfaceRequestor
 {
 public:
   NS_DECL_ISUPPORTS
   NS_DECL_NSILOADCONTEXT
+  NS_DECL_NSIINTERFACEREQUESTOR
 
   // AppId/inBrowser arguments override those in SerializedLoadContext provided
   // by child process.
@@ -47,6 +53,18 @@ public:
 #endif
   {}
 
+  // Constructor taking reserved appId for the safebrowsing cookie.
+  LoadContext(uint32_t aAppId)
+    : mTopFrameElement(nullptr)
+    , mAppId(aAppId)
+    , mIsContent(false)
+    , mUsePrivateBrowsing(false)
+    , mIsInBrowserElement(false)
+#ifdef DEBUG
+    , mIsNotNull(true)
+#endif
+  {}
+
 private:
   nsWeakPtr     mTopFrameElement;
   uint32_t      mAppId;

netwerk/base/public/nsNetUtil.h

@@ -1354,6 +1354,8 @@ NS_UsePrivateBrowsing(nsIChannel *channel)
 // know about script security manager.
 #define NECKO_NO_APP_ID 0
 #define NECKO_UNKNOWN_APP_ID UINT32_MAX
+// special app id reserved for separating the safebrowsing cookie
+#define NECKO_SAFEBROWSING_APP_ID UINT32_MAX - 1
 
 /**
  * Gets AppId and isInBrowserElement from channel's nsILoadContext.

toolkit/components/url-classifier/Makefile.in

@@ -5,5 +5,6 @@
 
 LOCAL_INCLUDES = \
   -I$(srcdir)/../build \
+  -I$(topsrcdir)/ipc/chromium/src \
   $(SQLITE_CFLAGS) \
   $(NULL)

toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp

@@ -15,9 +15,13 @@
 #include "nsToolkitCompsCID.h"
 #include "nsUrlClassifierStreamUpdater.h"
 #include "prlog.h"
+#include "nsIInterfaceRequestor.h"
+#include "mozilla/LoadContext.h"
 
 static const char* gQuitApplicationMessage = "quit-application";
 
+#undef LOG
+
 // NSPR_LOG_MODULES=UrlClassifierStreamUpdater:5
 #if defined(PR_LOGGING)
 static const PRLogModuleInfo *gUrlClassifierStreamUpdaterLog = nullptr;
@@ -124,6 +128,14 @@ nsUrlClassifierStreamUpdater::FetchUpdate(nsIURI *aUpdateUrl,
     mChannel->SetContentType(NS_LITERAL_CSTRING("application/vnd.google.safebrowsing-update"));
   }
 
+   // Create a custom LoadContext for SafeBrowsing, so we can use callbacks on
+   // the channel to query the appId which allows separation of safebrowsing
+   // cookies in a separate jar.
+  nsCOMPtr<nsIInterfaceRequestor> sbContext =
+    new mozilla::LoadContext(NECKO_SAFEBROWSING_APP_ID);
+  rv = mChannel->SetNotificationCallbacks(sbContext);
+  NS_ENSURE_SUCCESS(rv, rv);
+
   // Make the request
   rv = mChannel->AsyncOpen(this, nullptr);
   NS_ENSURE_SUCCESS(rv, rv);