uint32_t CheckPermission(PContentParent* aActor, nsIPrincipal* aPrincipal, const char* aPermission) { if (!AssertAppPrincipal(aActor, aPrincipal)) { return nsIPermissionManager::DENY_ACTION; } nsCOMPtr<nsIPermissionManager> pm = services::GetPermissionManager(); NS_ENSURE_TRUE(pm, nsIPermissionManager::DENY_ACTION); // Make sure that `aPermission' is an app permission before checking the origin. nsCOMPtr<nsIPrincipal> appPrincipal = GetAppPrincipal(aPrincipal->GetAppId()); uint32_t appPerm = nsIPermissionManager::UNKNOWN_ACTION; nsresult rv = pm->TestExactPermissionFromPrincipal(appPrincipal, aPermission, &appPerm); NS_ENSURE_SUCCESS(rv, nsIPermissionManager::UNKNOWN_ACTION); // Setting to "deny" in the settings UI should deny everywhere. if (appPerm == nsIPermissionManager::UNKNOWN_ACTION || appPerm == nsIPermissionManager::DENY_ACTION) { return appPerm; } uint32_t permission = nsIPermissionManager::UNKNOWN_ACTION; rv = pm->TestExactPermissionFromPrincipal(aPrincipal, aPermission, &permission); NS_ENSURE_SUCCESS(rv, nsIPermissionManager::UNKNOWN_ACTION); if (permission == nsIPermissionManager::UNKNOWN_ACTION || permission == nsIPermissionManager::DENY_ACTION) { return permission; } // For browser content (and if the app hasn't explicitly denied this), // consider the requesting origin, not the app. if (appPerm == nsIPermissionManager::PROMPT_ACTION && aPrincipal->GetIsInBrowserElement()) { return permission; } // Setting to "prompt" in the settings UI should prompt everywhere in // non-browser content. if (appPerm == nsIPermissionManager::PROMPT_ACTION || permission == nsIPermissionManager::PROMPT_ACTION) { return nsIPermissionManager::PROMPT_ACTION; } if (appPerm == nsIPermissionManager::ALLOW_ACTION || permission == nsIPermissionManager::ALLOW_ACTION) { return nsIPermissionManager::ALLOW_ACTION; } NS_RUNTIMEABORT("Invalid permission value"); return nsIPermissionManager::DENY_ACTION; }
uint32_t CheckPermission(PContentParent* aActor, nsIPrincipal* aPrincipal, const char* aPermission) { if (!AssertAppPrincipal(aActor, aPrincipal)) { return nsIPermissionManager::DENY_ACTION; } nsCOMPtr<nsIPermissionManager> pm = services::GetPermissionManager(); NS_ENSURE_TRUE(pm, nsIPermissionManager::DENY_ACTION); // Make sure that `aPermission' is an app permission before checking the origin. nsCOMPtr<nsIPrincipal> appPrincipal = GetAppPrincipal(aPrincipal->GetAppId()); uint32_t appPerm = nsIPermissionManager::UNKNOWN_ACTION; nsresult rv = pm->TestExactPermissionFromPrincipal(appPrincipal, aPermission, &appPerm); NS_ENSURE_SUCCESS(rv, nsIPermissionManager::UNKNOWN_ACTION); // Setting to "deny" in the settings UI should deny everywhere. if (appPerm == nsIPermissionManager::UNKNOWN_ACTION || appPerm == nsIPermissionManager::DENY_ACTION) { return appPerm; } uint32_t permission = nsIPermissionManager::UNKNOWN_ACTION; rv = pm->TestExactPermissionFromPrincipal(aPrincipal, aPermission, &permission); NS_ENSURE_SUCCESS(rv, nsIPermissionManager::UNKNOWN_ACTION); if (permission == nsIPermissionManager::UNKNOWN_ACTION || permission == nsIPermissionManager::DENY_ACTION) { return permission; } // For browser content (and if the app hasn't explicitly denied this), // consider the requesting origin, not the app. // After bug 1238160, the principal no longer knows how to answer "is this a // browser element", which is really what this code path wants. Currently, // desktop is the only platform where we intend to disable isolation on a // browser frame, so non-desktop should be able to assume that // inIsolatedMozBrowser is true for all mozbrowser frames. This code path is // currently unused on desktop, since MOZ_CHILD_PERMISSIONS is only set for // MOZ_B2G. We use a release assertion in // nsFrameLoader::OwnerIsIsolatedMozBrowserFrame so that platforms with apps // can assume inIsolatedMozBrowser is true for all mozbrowser frames. if (appPerm == nsIPermissionManager::PROMPT_ACTION && aPrincipal->GetIsInIsolatedMozBrowserElement()) { return permission; } // Setting to "prompt" in the settings UI should prompt everywhere in // non-browser content. if (appPerm == nsIPermissionManager::PROMPT_ACTION || permission == nsIPermissionManager::PROMPT_ACTION) { return nsIPermissionManager::PROMPT_ACTION; } if (appPerm == nsIPermissionManager::ALLOW_ACTION || permission == nsIPermissionManager::ALLOW_ACTION) { return nsIPermissionManager::ALLOW_ACTION; } NS_RUNTIMEABORT("Invalid permission value"); return nsIPermissionManager::DENY_ACTION; }