File: | var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp |
Warning: | line 779, column 5 Value stored to 'rv' is never read |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ |
2 | /* vim: set ts=8 sts=2 et sw=2 tw=80: */ |
3 | /* This Source Code Form is subject to the terms of the Mozilla Public |
4 | * License, v. 2.0. If a copy of the MPL was not distributed with this file, |
5 | * You can obtain one at http://mozilla.org/MPL/2.0/. */ |
6 | |
7 | #include "StorageAccess.h" |
8 | |
9 | #include "mozilla/BasePrincipal.h" |
10 | #include "mozilla/Components.h" |
11 | #include "mozilla/dom/Document.h" |
12 | #include "mozilla/net/CookieJarSettings.h" |
13 | #include "mozilla/PermissionManager.h" |
14 | #include "mozilla/StaticPrefs_browser.h" |
15 | #include "mozilla/StaticPrefs_network.h" |
16 | #include "mozilla/StaticPrefs_privacy.h" |
17 | #include "mozilla/StorageAccess.h" |
18 | #include "nsAboutProtocolUtils.h" |
19 | #include "nsContentUtils.h" |
20 | #include "nsGlobalWindowInner.h" |
21 | #include "nsICookiePermission.h" |
22 | #include "nsICookieService.h" |
23 | #include "nsICookieJarSettings.h" |
24 | #include "nsIHttpChannel.h" |
25 | #include "nsIPermission.h" |
26 | #include "nsIWebProgressListener.h" |
27 | #include "nsIClassifiedChannel.h" |
28 | #include "nsNetUtil.h" |
29 | #include "nsScriptSecurityManager.h" |
30 | #include "nsSandboxFlags.h" |
31 | #include "AntiTrackingUtils.h" |
32 | #include "AntiTrackingLog.h" |
33 | #include "ContentBlockingAllowList.h" |
34 | #include "mozIThirdPartyUtil.h" |
35 | |
36 | using namespace mozilla; |
37 | using namespace mozilla::dom; |
38 | using mozilla::net::CookieJarSettings; |
39 | |
40 | // This internal method returns ACCESS_DENY if the access is denied, |
41 | // ACCESS_DEFAULT if unknown, some other access code if granted. |
42 | uint32_t mozilla::detail::CheckCookiePermissionForPrincipal( |
43 | nsICookieJarSettings* aCookieJarSettings, nsIPrincipal* aPrincipal) { |
44 | MOZ_ASSERT(aCookieJarSettings)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aCookieJarSettings)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aCookieJarSettings))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aCookieJarSettings" , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 44); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aCookieJarSettings" ")"); do { *((volatile int*)__null) = 44; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
45 | MOZ_ASSERT(aPrincipal)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aPrincipal)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aPrincipal))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aPrincipal", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 45); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aPrincipal" ")" ); do { *((volatile int*)__null) = 45; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
46 | |
47 | uint32_t cookiePermission = nsICookiePermission::ACCESS_DEFAULT; |
48 | if (!aPrincipal->GetIsContentPrincipal()) { |
49 | return cookiePermission; |
50 | } |
51 | |
52 | nsresult rv = |
53 | aCookieJarSettings->CookiePermission(aPrincipal, &cookiePermission); |
54 | if (NS_WARN_IF(NS_FAILED(rv))NS_warn_if_impl(((bool)(__builtin_expect(!!(NS_FAILED_impl(rv )), 0))), "NS_FAILED(rv)", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 54)) { |
55 | return nsICookiePermission::ACCESS_DEFAULT; |
56 | } |
57 | |
58 | // If we have a custom cookie permission, let's use it. |
59 | return cookiePermission; |
60 | } |
61 | |
62 | /* |
63 | * Checks if storage for a given principal is permitted by the user's |
64 | * preferences. |
65 | * |
66 | * Ways this function is used: |
67 | * - aPrincipal, aWindow, optional aURI, others don't care: does this principal |
68 | * have storage access, testing this window's sandboxing and if it is |
69 | * third-party. If aURI is provided, we use that for the window's third party |
70 | * comparisons. |
71 | * - aPrincipal, aChannel, aWindow=nullptr, others don't care: does this |
72 | * principal have storage access, testing if this channel is third-party. Note |
73 | * that this ignores aURI. |
74 | * - aPrincipal, optional aCookieJarSettings, aWindow=nullptr, aChannel=nullptr, |
75 | * aURI don't care: does this principal have storage access (assuming it is in a |
76 | * first-party context and not sandboxed). If we aren't given a |
77 | * cookieJarSettings, we build one with the principal. |
78 | * |
79 | * In all of these cases, we test: |
80 | * - if aPrincipal is a NullPrincipal, denying |
81 | * - if this is for an about URI, allowing (maybe with private browsing |
82 | * constraints) We test the aWindow's extant doc's URI's, aURI's, and |
83 | * aPrincipal's scheme to be "about". |
84 | * |
85 | * We also send a decision to the ContentBlockingNotifier if we have aWindow or |
86 | * aChannel and didn't stop at the NullPrincipal or about: checks. |
87 | * |
88 | * Used in the implementation of StorageAllowedForWindow, |
89 | * StorageAllowedForDocument, StorageAllowedForChannel and |
90 | * StorageAllowedForServiceWorker. |
91 | */ |
92 | static StorageAccess InternalStorageAllowedCheck( |
93 | nsIPrincipal* aPrincipal, nsPIDOMWindowInner* aWindow, nsIURI* aURI, |
94 | nsIChannel* aChannel, nsICookieJarSettings* aCookieJarSettings, |
95 | uint32_t& aRejectedReason) { |
96 | MOZ_ASSERT(aPrincipal)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aPrincipal)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aPrincipal))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aPrincipal", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 96); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aPrincipal" ")" ); do { *((volatile int*)__null) = 96; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
97 | |
98 | aRejectedReason = 0; |
99 | |
100 | StorageAccess access = StorageAccess::eAllow; |
101 | |
102 | // We don't allow storage on the null principal, in general. Even if the |
103 | // calling context is chrome. |
104 | if (aPrincipal->GetIsNullPrincipal()) { |
105 | return StorageAccess::eDeny; |
106 | } |
107 | |
108 | nsCOMPtr<nsIURI> documentURI; |
109 | if (aWindow) { |
110 | // If the document is sandboxed, then it is not permitted to use storage |
111 | Document* document = aWindow->GetExtantDoc(); |
112 | if (document && document->GetSandboxFlags() & SANDBOXED_ORIGIN) { |
113 | return StorageAccess::eDeny; |
114 | } |
115 | |
116 | // Check if we are in private browsing, and record that fact |
117 | if (nsContentUtils::IsInPrivateBrowsing(document)) { |
118 | access = StorageAccess::ePrivateBrowsing; |
119 | } |
120 | |
121 | // Get the document URI for the below about: URI check. |
122 | documentURI = document ? document->GetDocumentURI() : nullptr; |
123 | } |
124 | |
125 | // About URIs are allowed to access storage, even if they don't have chrome |
126 | // privileges. If this is not desired, than the consumer will have to |
127 | // implement their own restriction functionality. |
128 | // |
129 | // This is due to backwards-compatibility and the state of storage access |
130 | // before the introducton of InternalStorageAllowedCheck: |
131 | // |
132 | // BEFORE: |
133 | // localStorage, caches: allowed in 3rd-party iframes always |
134 | // IndexedDB: allowed in 3rd-party iframes only if 3rd party URI is an about: |
135 | // URI within a specific allowlist |
136 | // |
137 | // AFTER: |
138 | // localStorage, caches: allowed in 3rd-party iframes by default. Preference |
139 | // can be set to disable in 3rd-party, which will not disallow in about: |
140 | // URIs. |
141 | // IndexedDB: allowed in 3rd-party iframes by default. Preference can be set |
142 | // to disable in 3rd-party, which will disallow in about: URIs, unless they |
143 | // are within a specific allowlist. |
144 | // |
145 | // This means that behavior for storage with internal about: URIs should not |
146 | // be affected, which is desireable due to the lack of automated testing for |
147 | // about: URIs with these preferences set, and the importance of the correct |
148 | // functioning of these URIs even with custom preferences. |
149 | // |
150 | // We need to check the aURI or the document URI here instead of only checking |
151 | // the URI from the principal. Because the principal might not have a URI if |
152 | // it is a system principal. |
153 | if ((aURI && aURI->SchemeIs("about") && |
154 | !NS_IsContentAccessibleAboutURI(aURI)) || |
155 | (documentURI && documentURI->SchemeIs("about") && |
156 | !NS_IsContentAccessibleAboutURI(documentURI)) || |
157 | aPrincipal->SchemeIs("about")) { |
158 | return access; |
159 | } |
160 | |
161 | bool disabled = true; |
162 | if (aWindow) { |
163 | nsIURI* documentURI = aURI ? aURI : aWindow->GetDocumentURI(); |
164 | disabled = !documentURI || |
165 | !ShouldAllowAccessFor(aWindow, documentURI, &aRejectedReason); |
166 | ContentBlockingNotifier::OnDecision( |
167 | aWindow, |
168 | disabled ? ContentBlockingNotifier::BlockingDecision::eBlock |
169 | : ContentBlockingNotifier::BlockingDecision::eAllow, |
170 | aRejectedReason); |
171 | } else if (aChannel) { |
172 | disabled = false; |
173 | nsCOMPtr<nsIURI> uri; |
174 | nsresult rv = aChannel->GetURI(getter_AddRefs(uri)); |
175 | if (!NS_WARN_IF(NS_FAILED(rv))NS_warn_if_impl(((bool)(__builtin_expect(!!(NS_FAILED_impl(rv )), 0))), "NS_FAILED(rv)", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 175)) { |
176 | disabled = !ShouldAllowAccessFor(aChannel, uri, &aRejectedReason); |
177 | } |
178 | ContentBlockingNotifier::OnDecision( |
179 | aChannel, |
180 | disabled ? ContentBlockingNotifier::BlockingDecision::eBlock |
181 | : ContentBlockingNotifier::BlockingDecision::eAllow, |
182 | aRejectedReason); |
183 | } else { |
184 | MOZ_ASSERT(aPrincipal)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aPrincipal)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aPrincipal))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aPrincipal", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 184); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aPrincipal" ")" ); do { *((volatile int*)__null) = 184; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
185 | nsCOMPtr<nsICookieJarSettings> cookieJarSettings = aCookieJarSettings; |
186 | if (!cookieJarSettings) { |
187 | cookieJarSettings = net::CookieJarSettings::Create(aPrincipal); |
188 | } |
189 | disabled = !ShouldAllowAccessFor(aPrincipal, aCookieJarSettings); |
190 | } |
191 | |
192 | if (!disabled) { |
193 | return access; |
194 | } |
195 | |
196 | // We want to have a partitioned storage only for trackers. |
197 | if (aRejectedReason == |
198 | static_cast<uint32_t>( |
199 | nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER) || |
200 | aRejectedReason == |
201 | static_cast<uint32_t>( |
202 | nsIWebProgressListener::STATE_COOKIES_BLOCKED_SOCIALTRACKER)) { |
203 | return StorageAccess::ePartitionTrackersOrDeny; |
204 | } |
205 | |
206 | // We want to have a partitioned storage for all third parties. |
207 | if (aRejectedReason == |
208 | static_cast<uint32_t>( |
209 | nsIWebProgressListener::STATE_COOKIES_PARTITIONED_FOREIGN)) { |
210 | return StorageAccess::ePartitionForeignOrDeny; |
211 | } |
212 | |
213 | return StorageAccess::eDeny; |
214 | } |
215 | |
216 | /** |
217 | * Wrapper around InternalStorageAllowedCheck which caches the check result on |
218 | * the inner window to improve performance. nsGlobalWindowInner is responsible |
219 | * for invalidating the cache state if storage access changes during window |
220 | * lifetime. |
221 | */ |
222 | static StorageAccess InternalStorageAllowedCheckCached( |
223 | nsIPrincipal* aPrincipal, nsPIDOMWindowInner* aWindow, nsIURI* aURI, |
224 | nsIChannel* aChannel, nsICookieJarSettings* aCookieJarSettings, |
225 | uint32_t& aRejectedReason) { |
226 | // If enabled, check if we have already computed the storage access field |
227 | // for this window. This avoids repeated calls to |
228 | // InternalStorageAllowedCheck. |
229 | nsGlobalWindowInner* win = nullptr; |
230 | if (aWindow) { |
231 | win = nsGlobalWindowInner::Cast(aWindow); |
232 | |
233 | Maybe<StorageAccess> storageAccess = |
234 | win->GetStorageAllowedCache(aRejectedReason); |
235 | if (storageAccess.isSome()) { |
236 | return storageAccess.value(); |
237 | } |
238 | } |
239 | |
240 | StorageAccess result = InternalStorageAllowedCheck( |
241 | aPrincipal, aWindow, aURI, aChannel, aCookieJarSettings, aRejectedReason); |
242 | if (win) { |
243 | // Remember check result for the lifetime of the window. It's the windows |
244 | // responsibility to invalidate this field if storage access changes |
245 | // because a storage access permission is granted. |
246 | win->SetStorageAllowedCache(result, aRejectedReason); |
247 | } |
248 | |
249 | return result; |
250 | } |
251 | |
252 | namespace mozilla { |
253 | |
254 | StorageAccess StorageAllowedForWindow(nsPIDOMWindowInner* aWindow, |
255 | uint32_t* aRejectedReason) { |
256 | uint32_t rejectedReason; |
257 | if (!aRejectedReason) { |
258 | aRejectedReason = &rejectedReason; |
259 | } |
260 | |
261 | *aRejectedReason = 0; |
262 | |
263 | if (Document* document = aWindow->GetExtantDoc()) { |
264 | nsCOMPtr<nsIPrincipal> principal = document->NodePrincipal(); |
265 | // Note that GetChannel() below may return null, but that's OK, since the |
266 | // callee is able to deal with a null channel argument, and if passed null, |
267 | // will only fail to notify the UI in case storage gets blocked. |
268 | nsIChannel* channel = document->GetChannel(); |
269 | return InternalStorageAllowedCheckCached( |
270 | principal, aWindow, nullptr, channel, document->CookieJarSettings(), |
271 | *aRejectedReason); |
272 | } |
273 | |
274 | // No document? Try checking Private Browsing Mode without document |
275 | if (const nsCOMPtr<nsIGlobalObject> global = aWindow->AsGlobal()) { |
276 | if (const nsCOMPtr<nsIPrincipal> principal = global->PrincipalOrNull()) { |
277 | if (principal->GetIsInPrivateBrowsing()) { |
278 | return StorageAccess::ePrivateBrowsing; |
279 | } |
280 | } |
281 | } |
282 | |
283 | // Everything failed? Let's return a generic rejected reason. |
284 | return StorageAccess::eDeny; |
285 | } |
286 | |
287 | StorageAccess StorageAllowedForDocument(const Document* aDoc) { |
288 | StorageAccess cookieAllowed = CookieAllowedForDocument(aDoc); |
289 | if (StaticPrefs:: |
290 | privacy_partition_always_partition_third_party_non_cookie_storage() && |
291 | cookieAllowed > StorageAccess::eDeny) { |
292 | return StorageAccess::ePartitionForeignOrDeny; |
293 | } |
294 | return cookieAllowed; |
295 | } |
296 | |
297 | StorageAccess CookieAllowedForDocument(const Document* aDoc) { |
298 | MOZ_ASSERT(aDoc)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aDoc)>::isValid, "invalid assertion condition"); if ((__builtin_expect(!!(!(!!(aDoc))), 0))) { do { } while (false ); MOZ_ReportAssertionFailure("aDoc", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 298); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aDoc" ")"); do { *((volatile int*)__null) = 298; __attribute__((nomerge)) :: abort(); } while (false); } } while (false); |
299 | |
300 | if (nsPIDOMWindowInner* inner = aDoc->GetInnerWindow()) { |
301 | nsCOMPtr<nsIPrincipal> principal = aDoc->NodePrincipal(); |
302 | // Note that GetChannel() below may return null, but that's OK, since the |
303 | // callee is able to deal with a null channel argument, and if passed null, |
304 | // will only fail to notify the UI in case storage gets blocked. |
305 | nsIChannel* channel = aDoc->GetChannel(); |
306 | |
307 | uint32_t rejectedReason = 0; |
308 | return InternalStorageAllowedCheckCached( |
309 | principal, inner, nullptr, channel, |
310 | const_cast<Document*>(aDoc)->CookieJarSettings(), rejectedReason); |
311 | } |
312 | |
313 | return StorageAccess::eDeny; |
314 | } |
315 | |
316 | StorageAccess StorageAllowedForNewWindow(nsIPrincipal* aPrincipal, nsIURI* aURI, |
317 | nsPIDOMWindowInner* aParent) { |
318 | MOZ_ASSERT(aPrincipal)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aPrincipal)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aPrincipal))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aPrincipal", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 318); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aPrincipal" ")" ); do { *((volatile int*)__null) = 318; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
319 | MOZ_ASSERT(aURI)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aURI)>::isValid, "invalid assertion condition"); if ((__builtin_expect(!!(!(!!(aURI))), 0))) { do { } while (false ); MOZ_ReportAssertionFailure("aURI", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 319); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aURI" ")"); do { *((volatile int*)__null) = 319; __attribute__((nomerge)) :: abort(); } while (false); } } while (false); |
320 | // parent may be nullptr |
321 | |
322 | uint32_t rejectedReason = 0; |
323 | nsCOMPtr<nsICookieJarSettings> cjs; |
324 | if (aParent && aParent->GetExtantDoc()) { |
325 | cjs = aParent->GetExtantDoc()->CookieJarSettings(); |
326 | } else { |
327 | cjs = net::CookieJarSettings::Create(aPrincipal); |
328 | } |
329 | return InternalStorageAllowedCheck(aPrincipal, aParent, aURI, nullptr, cjs, |
330 | rejectedReason); |
331 | } |
332 | |
333 | StorageAccess StorageAllowedForChannel(nsIChannel* aChannel) { |
334 | MOZ_DIAGNOSTIC_ASSERT(nsContentUtils::GetSecurityManager())do { static_assert( mozilla::detail::AssertionConditionType< decltype(nsContentUtils::GetSecurityManager())>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(nsContentUtils::GetSecurityManager ()))), 0))) { do { } while (false); MOZ_ReportAssertionFailure ("nsContentUtils::GetSecurityManager()", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 334); AnnotateMozCrashReason("MOZ_DIAGNOSTIC_ASSERT" "(" "nsContentUtils::GetSecurityManager()" ")"); do { *((volatile int*)__null) = 334; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
335 | MOZ_DIAGNOSTIC_ASSERT(aChannel)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aChannel)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aChannel))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aChannel", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 335); AnnotateMozCrashReason("MOZ_DIAGNOSTIC_ASSERT" "(" "aChannel" ")"); do { *((volatile int*)__null) = 335; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
336 | |
337 | nsCOMPtr<nsIPrincipal> principal; |
338 | Unused << nsContentUtils::GetSecurityManager()->GetChannelResultPrincipal( |
339 | aChannel, getter_AddRefs(principal)); |
340 | NS_ENSURE_TRUE(principal, StorageAccess::eDeny)do { if ((__builtin_expect(!!(!(principal)), 0))) { NS_DebugBreak (NS_DEBUG_WARNING, "NS_ENSURE_TRUE(" "principal" ") failed", nullptr , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 340); return StorageAccess::eDeny; } } while (false); |
341 | |
342 | nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); |
343 | nsCOMPtr<nsICookieJarSettings> cookieJarSettings; |
344 | nsresult rv = |
345 | loadInfo->GetCookieJarSettings(getter_AddRefs(cookieJarSettings)); |
346 | NS_ENSURE_SUCCESS(rv, StorageAccess::eDeny)do { nsresult __rv = rv; if (((bool)(__builtin_expect(!!(NS_FAILED_impl (__rv)), 0)))) { const char* name = mozilla::GetStaticErrorName (__rv); mozilla::SmprintfPointer msg = mozilla::Smprintf( "NS_ENSURE_SUCCESS(%s, %s) failed with " "result 0x%" "X" "%s%s%s", "rv", "StorageAccess::eDeny", static_cast <uint32_t>(__rv), name ? " (" : "", name ? name : "", name ? ")" : ""); NS_DebugBreak(NS_DEBUG_WARNING, msg.get(), nullptr , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 346); return StorageAccess::eDeny; } } while (false); |
347 | |
348 | uint32_t rejectedReason = 0; |
349 | StorageAccess result = InternalStorageAllowedCheck( |
350 | principal, nullptr, nullptr, aChannel, cookieJarSettings, rejectedReason); |
351 | |
352 | return result; |
353 | } |
354 | |
355 | StorageAccess StorageAllowedForServiceWorker( |
356 | nsIPrincipal* aPrincipal, nsICookieJarSettings* aCookieJarSettings) { |
357 | uint32_t rejectedReason = 0; |
358 | return InternalStorageAllowedCheck(aPrincipal, nullptr, nullptr, nullptr, |
359 | aCookieJarSettings, rejectedReason); |
360 | } |
361 | |
362 | bool ShouldPartitionStorage(StorageAccess aAccess) { |
363 | return aAccess == StorageAccess::ePartitionTrackersOrDeny || |
364 | aAccess == StorageAccess::ePartitionForeignOrDeny; |
365 | } |
366 | |
367 | bool ShouldPartitionStorage(uint32_t aRejectedReason) { |
368 | return aRejectedReason == |
369 | static_cast<uint32_t>( |
370 | nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER) || |
371 | aRejectedReason == |
372 | static_cast<uint32_t>( |
373 | nsIWebProgressListener::STATE_COOKIES_BLOCKED_SOCIALTRACKER) || |
374 | aRejectedReason == |
375 | static_cast<uint32_t>( |
376 | nsIWebProgressListener::STATE_COOKIES_PARTITIONED_FOREIGN); |
377 | } |
378 | |
379 | bool StoragePartitioningEnabled(StorageAccess aAccess, |
380 | nsICookieJarSettings* aCookieJarSettings) { |
381 | return aAccess == StorageAccess::ePartitionForeignOrDeny && |
382 | aCookieJarSettings->GetCookieBehavior() == |
383 | nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN; |
384 | } |
385 | |
386 | bool StoragePartitioningEnabled(uint32_t aRejectedReason, |
387 | nsICookieJarSettings* aCookieJarSettings) { |
388 | return aRejectedReason == |
389 | static_cast<uint32_t>( |
390 | nsIWebProgressListener::STATE_COOKIES_PARTITIONED_FOREIGN) && |
391 | aCookieJarSettings->GetCookieBehavior() == |
392 | nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN; |
393 | } |
394 | |
395 | int32_t CookiesBehavior(Document* a3rdPartyDocument) { |
396 | MOZ_ASSERT(a3rdPartyDocument)do { static_assert( mozilla::detail::AssertionConditionType< decltype(a3rdPartyDocument)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(a3rdPartyDocument))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("a3rdPartyDocument" , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 396); AnnotateMozCrashReason("MOZ_ASSERT" "(" "a3rdPartyDocument" ")"); do { *((volatile int*)__null) = 396; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
397 | |
398 | // WebExtensions principals always get BEHAVIOR_ACCEPT as cookieBehavior |
399 | // (See Bug 1406675 and Bug 1525917 for rationale). |
400 | if (BasePrincipal::Cast(a3rdPartyDocument->NodePrincipal())->AddonPolicy()) { |
401 | return nsICookieService::BEHAVIOR_ACCEPT; |
402 | } |
403 | |
404 | return a3rdPartyDocument->CookieJarSettings()->GetCookieBehavior(); |
405 | } |
406 | |
407 | bool CookiesBehaviorRejectsThirdPartyContexts(Document* aDocument) { |
408 | MOZ_ASSERT(aDocument)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aDocument)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aDocument))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aDocument", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 408); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aDocument" ")" ); do { *((volatile int*)__null) = 408; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
409 | |
410 | // WebExtensions principals always get BEHAVIOR_ACCEPT as cookieBehavior |
411 | // (See Bug 1406675 and Bug 1525917 for rationale). |
412 | if (BasePrincipal::Cast(aDocument->NodePrincipal())->AddonPolicy()) { |
413 | return false; |
414 | } |
415 | |
416 | return aDocument->CookieJarSettings()->GetRejectThirdPartyContexts(); |
417 | } |
418 | |
419 | int32_t CookiesBehavior(nsILoadInfo* aLoadInfo, nsIURI* a3rdPartyURI) { |
420 | MOZ_ASSERT(aLoadInfo)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aLoadInfo)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aLoadInfo))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aLoadInfo", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 420); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aLoadInfo" ")" ); do { *((volatile int*)__null) = 420; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
421 | MOZ_ASSERT(a3rdPartyURI)do { static_assert( mozilla::detail::AssertionConditionType< decltype(a3rdPartyURI)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(a3rdPartyURI))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("a3rdPartyURI", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 421); AnnotateMozCrashReason("MOZ_ASSERT" "(" "a3rdPartyURI" ")"); do { *((volatile int*)__null) = 421; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
422 | |
423 | // WebExtensions 3rd party URI always get BEHAVIOR_ACCEPT as cookieBehavior, |
424 | // this is semantically equivalent to the principal having a AddonPolicy(). |
425 | if (a3rdPartyURI->SchemeIs("moz-extension")) { |
426 | return nsICookieService::BEHAVIOR_ACCEPT; |
427 | } |
428 | |
429 | nsCOMPtr<nsICookieJarSettings> cookieJarSettings; |
430 | nsresult rv = |
431 | aLoadInfo->GetCookieJarSettings(getter_AddRefs(cookieJarSettings)); |
432 | if (NS_WARN_IF(NS_FAILED(rv))NS_warn_if_impl(((bool)(__builtin_expect(!!(NS_FAILED_impl(rv )), 0))), "NS_FAILED(rv)", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 432)) { |
433 | return nsICookieService::BEHAVIOR_REJECT; |
434 | } |
435 | |
436 | return cookieJarSettings->GetCookieBehavior(); |
437 | } |
438 | |
439 | int32_t CookiesBehavior(nsIPrincipal* aPrincipal, |
440 | nsICookieJarSettings* aCookieJarSettings) { |
441 | MOZ_ASSERT(aPrincipal)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aPrincipal)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aPrincipal))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aPrincipal", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 441); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aPrincipal" ")" ); do { *((volatile int*)__null) = 441; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
442 | MOZ_ASSERT(aCookieJarSettings)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aCookieJarSettings)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aCookieJarSettings))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aCookieJarSettings" , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 442); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aCookieJarSettings" ")"); do { *((volatile int*)__null) = 442; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
443 | |
444 | // WebExtensions principals always get BEHAVIOR_ACCEPT as cookieBehavior |
445 | // (See Bug 1406675 for rationale). |
446 | if (BasePrincipal::Cast(aPrincipal)->AddonPolicy()) { |
447 | return nsICookieService::BEHAVIOR_ACCEPT; |
448 | } |
449 | |
450 | return aCookieJarSettings->GetCookieBehavior(); |
451 | } |
452 | |
453 | bool ShouldAllowAccessFor(nsPIDOMWindowInner* aWindow, nsIURI* aURI, |
454 | uint32_t* aRejectedReason) { |
455 | MOZ_ASSERT(aWindow)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aWindow)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aWindow))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aWindow", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 455); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aWindow" ")" ); do { *((volatile int*)__null) = 455; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
456 | MOZ_ASSERT(aURI)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aURI)>::isValid, "invalid assertion condition"); if ((__builtin_expect(!!(!(!!(aURI))), 0))) { do { } while (false ); MOZ_ReportAssertionFailure("aURI", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 456); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aURI" ")"); do { *((volatile int*)__null) = 456; __attribute__((nomerge)) :: abort(); } while (false); } } while (false); |
457 | |
458 | // Let's avoid a null check on aRejectedReason everywhere else. |
459 | uint32_t rejectedReason = 0; |
460 | if (!aRejectedReason) { |
461 | aRejectedReason = &rejectedReason; |
462 | } |
463 | |
464 | LOG_SPEC(("Computing whether window %p has access to URI %s", aWindow, _spec),do { if ((__builtin_expect(!!(mozilla::detail::log_test(gAntiTrackingLog , mozilla::LogLevel::Debug)), 0))) { nsAutoCString _specStr("(null)"_ns ); if (aURI) { _specStr = (aURI)->GetSpecOrDefault(); } _specStr .Truncate(std::min(_specStr.Length(), sMaxSpecLength)); const char* _spec = _specStr.get(); do { const ::mozilla::LogModule * moz_real_module = gAntiTrackingLog; if ((__builtin_expect(! !(mozilla::detail::log_test(moz_real_module, mozilla::LogLevel ::Debug)), 0))) { mozilla::detail::log_print(moz_real_module, mozilla::LogLevel::Debug, "Computing whether window %p has access to URI %s" , aWindow, _spec); } } while (0); } } while (0) |
465 | aURI)do { if ((__builtin_expect(!!(mozilla::detail::log_test(gAntiTrackingLog , mozilla::LogLevel::Debug)), 0))) { nsAutoCString _specStr("(null)"_ns ); if (aURI) { _specStr = (aURI)->GetSpecOrDefault(); } _specStr .Truncate(std::min(_specStr.Length(), sMaxSpecLength)); const char* _spec = _specStr.get(); do { const ::mozilla::LogModule * moz_real_module = gAntiTrackingLog; if ((__builtin_expect(! !(mozilla::detail::log_test(moz_real_module, mozilla::LogLevel ::Debug)), 0))) { mozilla::detail::log_print(moz_real_module, mozilla::LogLevel::Debug, "Computing whether window %p has access to URI %s" , aWindow, _spec); } } while (0); } } while (0); |
466 | |
467 | nsGlobalWindowInner* innerWindow = nsGlobalWindowInner::Cast(aWindow); |
468 | Document* document = innerWindow->GetExtantDoc(); |
469 | if (!document) { |
470 | LOG(("Our window has no document"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Our window has no document" ); } } while (0); |
471 | return false; |
472 | } |
473 | |
474 | uint32_t cookiePermission = detail::CheckCookiePermissionForPrincipal( |
475 | document->CookieJarSettings(), document->NodePrincipal()); |
476 | if (cookiePermission != nsICookiePermission::ACCESS_DEFAULT) { |
477 | LOG(do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d) for window's principal, returning %s", int(cookiePermission ), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure"); } } while (0) |
478 | ("CheckCookiePermissionForPrincipal() returned a non-default access "do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d) for window's principal, returning %s", int(cookiePermission ), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure"); } } while (0) |
479 | "code (%d) for window's principal, returning %s",do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d) for window's principal, returning %s", int(cookiePermission ), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure"); } } while (0) |
480 | int(cookiePermission),do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d) for window's principal, returning %s", int(cookiePermission ), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure"); } } while (0) |
481 | cookiePermission != nsICookiePermission::ACCESS_DENY ? "success"do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d) for window's principal, returning %s", int(cookiePermission ), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure"); } } while (0) |
482 | : "failure"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d) for window's principal, returning %s", int(cookiePermission ), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure"); } } while (0); |
483 | if (cookiePermission != nsICookiePermission::ACCESS_DENY) { |
484 | return true; |
485 | } |
486 | |
487 | *aRejectedReason = |
488 | nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION; |
489 | return false; |
490 | } |
491 | |
492 | int32_t behavior = CookiesBehavior(document); |
493 | if (behavior == nsICookieService::BEHAVIOR_ACCEPT) { |
494 | LOG(("The cookie behavior pref mandates accepting all cookies!"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "The cookie behavior pref mandates accepting all cookies!" ); } } while (0); |
495 | return true; |
496 | } |
497 | |
498 | if (ContentBlockingAllowList::Check(aWindow)) { |
499 | return true; |
500 | } |
501 | |
502 | if (behavior == nsICookieService::BEHAVIOR_REJECT) { |
503 | LOG(("The cookie behavior pref mandates rejecting all cookies!"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "The cookie behavior pref mandates rejecting all cookies!" ); } } while (0); |
504 | *aRejectedReason = nsIWebProgressListener::STATE_COOKIES_BLOCKED_ALL; |
505 | return false; |
506 | } |
507 | |
508 | // As a performance optimization, we only perform this check for |
509 | // BEHAVIOR_REJECT_FOREIGN and BEHAVIOR_LIMIT_FOREIGN. For |
510 | // BEHAVIOR_REJECT_TRACKER and BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN, |
511 | // third-partiness is implicily checked later below. |
512 | if (behavior != nsICookieService::BEHAVIOR_REJECT_TRACKER && |
513 | behavior != |
514 | nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN) { |
515 | // Let's check if this is a 3rd party context. |
516 | if (!AntiTrackingUtils::IsThirdPartyWindow(aWindow, aURI)) { |
517 | LOG(("Our window isn't a third-party window"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Our window isn't a third-party window" ); } } while (0); |
518 | return true; |
519 | } |
520 | } |
521 | |
522 | if (behavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN || |
523 | behavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN) { |
524 | // XXX For non-cookie forms of storage, we handle BEHAVIOR_LIMIT_FOREIGN by |
525 | // simply rejecting the request to use the storage. In the future, if we |
526 | // change the meaning of BEHAVIOR_LIMIT_FOREIGN to be one which makes sense |
527 | // for non-cookie storage types, this may change. |
528 | LOG(("Nothing more to do due to the behavior code %d", int(behavior)))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Nothing more to do due to the behavior code %d" , int(behavior)); } } while (0); |
529 | *aRejectedReason = nsIWebProgressListener::STATE_COOKIES_BLOCKED_FOREIGN; |
530 | return false; |
531 | } |
532 | |
533 | // The document has been allowlisted. We can return from here directly. |
534 | if (document->HasStorageAccessPermissionGrantedByAllowList()) { |
535 | return true; |
536 | } |
537 | |
538 | MOZ_ASSERT(do { static_assert( mozilla::detail::AssertionConditionType< decltype(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN )>::isValid, "invalid assertion condition"); if ((__builtin_expect (!!(!(!!(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN ))), 0))) { do { } while (false); MOZ_ReportAssertionFailure( "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 541); AnnotateMozCrashReason("MOZ_ASSERT" "(" "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" ")"); do { *((volatile int*)__null) = 541; __attribute__((nomerge )) ::abort(); } while (false); } } while (false) |
539 | behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER ||do { static_assert( mozilla::detail::AssertionConditionType< decltype(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN )>::isValid, "invalid assertion condition"); if ((__builtin_expect (!!(!(!!(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN ))), 0))) { do { } while (false); MOZ_ReportAssertionFailure( "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 541); AnnotateMozCrashReason("MOZ_ASSERT" "(" "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" ")"); do { *((volatile int*)__null) = 541; __attribute__((nomerge )) ::abort(); } while (false); } } while (false) |
540 | behavior ==do { static_assert( mozilla::detail::AssertionConditionType< decltype(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN )>::isValid, "invalid assertion condition"); if ((__builtin_expect (!!(!(!!(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN ))), 0))) { do { } while (false); MOZ_ReportAssertionFailure( "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 541); AnnotateMozCrashReason("MOZ_ASSERT" "(" "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" ")"); do { *((volatile int*)__null) = 541; __attribute__((nomerge )) ::abort(); } while (false); } } while (false) |
541 | nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN)do { static_assert( mozilla::detail::AssertionConditionType< decltype(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN )>::isValid, "invalid assertion condition"); if ((__builtin_expect (!!(!(!!(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN ))), 0))) { do { } while (false); MOZ_ReportAssertionFailure( "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 541); AnnotateMozCrashReason("MOZ_ASSERT" "(" "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" ")"); do { *((volatile int*)__null) = 541; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
542 | |
543 | uint32_t blockedReason = |
544 | nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER; |
545 | |
546 | if (behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER) { |
547 | if (!nsContentUtils::IsThirdPartyTrackingResourceWindow(aWindow)) { |
548 | LOG(("Our window isn't a third-party tracking window"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Our window isn't a third-party tracking window" ); } } while (0); |
549 | return true; |
550 | } |
551 | |
552 | nsCOMPtr<nsIClassifiedChannel> classifiedChannel = |
553 | do_QueryInterface(document->GetChannel()); |
554 | if (classifiedChannel) { |
555 | uint32_t classificationFlags = |
556 | classifiedChannel->GetThirdPartyClassificationFlags(); |
557 | if (classificationFlags & nsIClassifiedChannel::ClassificationFlags:: |
558 | CLASSIFIED_SOCIALTRACKING) { |
559 | blockedReason = |
560 | nsIWebProgressListener::STATE_COOKIES_BLOCKED_SOCIALTRACKER; |
561 | } |
562 | } |
563 | } else if (behavior == |
564 | nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN) { |
565 | if (nsContentUtils::IsThirdPartyTrackingResourceWindow(aWindow)) { |
566 | // fall through |
567 | } else if (AntiTrackingUtils::IsThirdPartyWindow(aWindow, aURI)) { |
568 | LOG(("We're in the third-party context, storage should be partitioned"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "We're in the third-party context, storage should be partitioned" ); } } while (0); |
569 | // fall through, but remember that we're partitioning. |
570 | blockedReason = nsIWebProgressListener::STATE_COOKIES_PARTITIONED_FOREIGN; |
571 | } else { |
572 | LOG(("Our window isn't a third-party window, storage is allowed"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Our window isn't a third-party window, storage is allowed" ); } } while (0); |
573 | return true; |
574 | } |
575 | } else { |
576 | MOZ_ASSERT_UNREACHABLE(do { static_assert( mozilla::detail::AssertionConditionType< decltype(false)>::isValid, "invalid assertion condition"); if ((__builtin_expect(!!(!(!!(false))), 0))) { do { } while ( false); MOZ_ReportAssertionFailure("false" " (" "MOZ_ASSERT_UNREACHABLE: " "This should be an exhaustive list of cookie behaviors possible here." ")", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 577); AnnotateMozCrashReason("MOZ_ASSERT" "(" "false" ") (" "MOZ_ASSERT_UNREACHABLE: " "This should be an exhaustive list of cookie behaviors possible here." ")"); do { *((volatile int*)__null) = 577; __attribute__((nomerge )) ::abort(); } while (false); } } while (false) |
577 | "This should be an exhaustive list of cookie behaviors possible here.")do { static_assert( mozilla::detail::AssertionConditionType< decltype(false)>::isValid, "invalid assertion condition"); if ((__builtin_expect(!!(!(!!(false))), 0))) { do { } while ( false); MOZ_ReportAssertionFailure("false" " (" "MOZ_ASSERT_UNREACHABLE: " "This should be an exhaustive list of cookie behaviors possible here." ")", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 577); AnnotateMozCrashReason("MOZ_ASSERT" "(" "false" ") (" "MOZ_ASSERT_UNREACHABLE: " "This should be an exhaustive list of cookie behaviors possible here." ")"); do { *((volatile int*)__null) = 577; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
578 | } |
579 | |
580 | Document* doc = aWindow->GetExtantDoc(); |
581 | // Make sure storage access isn't disabled |
582 | if (doc && (doc->StorageAccessSandboxed())) { |
583 | LOG(("Our document is sandboxed"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Our document is sandboxed" ); } } while (0); |
584 | *aRejectedReason = blockedReason; |
585 | return false; |
586 | } |
587 | |
588 | // Document::UsingStorageAccess first checks if storage access granted is |
589 | // cached in the inner window, if no, it then checks the storage permission |
590 | // flag in the channel's loadinfo |
591 | bool allowed = document->UsingStorageAccess(); |
592 | |
593 | if (!allowed) { |
594 | *aRejectedReason = blockedReason; |
595 | } else { |
596 | if (MOZ_LOG_TEST(gAntiTrackingLog, mozilla::LogLevel::Debug)(__builtin_expect(!!(mozilla::detail::log_test(gAntiTrackingLog , mozilla::LogLevel::Debug)), 0)) && |
597 | aWindow->UsingStorageAccess()) { |
598 | LOG(("Permission stored in the window. All good."))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Permission stored in the window. All good." ); } } while (0); |
599 | } |
600 | } |
601 | |
602 | return allowed; |
603 | } |
604 | |
605 | bool ShouldAllowAccessFor(nsIChannel* aChannel, nsIURI* aURI, |
606 | uint32_t* aRejectedReason) { |
607 | MOZ_ASSERT(aURI)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aURI)>::isValid, "invalid assertion condition"); if ((__builtin_expect(!!(!(!!(aURI))), 0))) { do { } while (false ); MOZ_ReportAssertionFailure("aURI", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 607); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aURI" ")"); do { *((volatile int*)__null) = 607; __attribute__((nomerge)) :: abort(); } while (false); } } while (false); |
608 | MOZ_ASSERT(aChannel)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aChannel)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aChannel))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aChannel", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 608); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aChannel" ")" ); do { *((volatile int*)__null) = 608; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
609 | |
610 | // Let's avoid a null check on aRejectedReason everywhere else. |
611 | uint32_t rejectedReason = 0; |
612 | if (!aRejectedReason) { |
613 | aRejectedReason = &rejectedReason; |
614 | } |
615 | |
616 | nsIScriptSecurityManager* ssm = |
617 | nsScriptSecurityManager::GetScriptSecurityManager(); |
618 | MOZ_ASSERT(ssm)do { static_assert( mozilla::detail::AssertionConditionType< decltype(ssm)>::isValid, "invalid assertion condition"); if ((__builtin_expect(!!(!(!!(ssm))), 0))) { do { } while (false ); MOZ_ReportAssertionFailure("ssm", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 618); AnnotateMozCrashReason("MOZ_ASSERT" "(" "ssm" ")"); do { *((volatile int*)__null) = 618; __attribute__((nomerge)) :: abort(); } while (false); } } while (false); |
619 | |
620 | nsCOMPtr<nsIURI> channelURI; |
621 | nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(channelURI)); |
622 | if (NS_FAILED(rv)((bool)(__builtin_expect(!!(NS_FAILED_impl(rv)), 0)))) { |
623 | LOG(("Failed to get the channel final URI, bail out early"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Failed to get the channel final URI, bail out early" ); } } while (0); |
624 | return true; |
625 | } |
626 | LOG_SPEC(do { if ((__builtin_expect(!!(mozilla::detail::log_test(gAntiTrackingLog , mozilla::LogLevel::Debug)), 0))) { nsAutoCString _specStr("(null)"_ns ); if (channelURI) { _specStr = (channelURI)->GetSpecOrDefault (); } _specStr.Truncate(std::min(_specStr.Length(), sMaxSpecLength )); const char* _spec = _specStr.get(); do { const ::mozilla:: LogModule* moz_real_module = gAntiTrackingLog; if ((__builtin_expect (!!(mozilla::detail::log_test(moz_real_module, mozilla::LogLevel ::Debug)), 0))) { mozilla::detail::log_print(moz_real_module, mozilla::LogLevel::Debug, "Computing whether channel %p has access to URI %s" , aChannel, _spec); } } while (0); } } while (0) |
627 | ("Computing whether channel %p has access to URI %s", aChannel, _spec),do { if ((__builtin_expect(!!(mozilla::detail::log_test(gAntiTrackingLog , mozilla::LogLevel::Debug)), 0))) { nsAutoCString _specStr("(null)"_ns ); if (channelURI) { _specStr = (channelURI)->GetSpecOrDefault (); } _specStr.Truncate(std::min(_specStr.Length(), sMaxSpecLength )); const char* _spec = _specStr.get(); do { const ::mozilla:: LogModule* moz_real_module = gAntiTrackingLog; if ((__builtin_expect (!!(mozilla::detail::log_test(moz_real_module, mozilla::LogLevel ::Debug)), 0))) { mozilla::detail::log_print(moz_real_module, mozilla::LogLevel::Debug, "Computing whether channel %p has access to URI %s" , aChannel, _spec); } } while (0); } } while (0) |
628 | channelURI)do { if ((__builtin_expect(!!(mozilla::detail::log_test(gAntiTrackingLog , mozilla::LogLevel::Debug)), 0))) { nsAutoCString _specStr("(null)"_ns ); if (channelURI) { _specStr = (channelURI)->GetSpecOrDefault (); } _specStr.Truncate(std::min(_specStr.Length(), sMaxSpecLength )); const char* _spec = _specStr.get(); do { const ::mozilla:: LogModule* moz_real_module = gAntiTrackingLog; if ((__builtin_expect (!!(mozilla::detail::log_test(moz_real_module, mozilla::LogLevel ::Debug)), 0))) { mozilla::detail::log_print(moz_real_module, mozilla::LogLevel::Debug, "Computing whether channel %p has access to URI %s" , aChannel, _spec); } } while (0); } } while (0); |
629 | |
630 | nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); |
631 | nsCOMPtr<nsICookieJarSettings> cookieJarSettings; |
632 | rv = loadInfo->GetCookieJarSettings(getter_AddRefs(cookieJarSettings)); |
633 | if (NS_WARN_IF(NS_FAILED(rv))NS_warn_if_impl(((bool)(__builtin_expect(!!(NS_FAILED_impl(rv )), 0))), "NS_FAILED(rv)", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 633)) { |
634 | LOG(do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Failed to get the cookie jar settings from the loadinfo, bail out " "early"); } } while (0) |
635 | ("Failed to get the cookie jar settings from the loadinfo, bail out "do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Failed to get the cookie jar settings from the loadinfo, bail out " "early"); } } while (0) |
636 | "early"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Failed to get the cookie jar settings from the loadinfo, bail out " "early"); } } while (0); |
637 | return true; |
638 | } |
639 | |
640 | nsCOMPtr<nsIPrincipal> channelPrincipal; |
641 | rv = ssm->GetChannelURIPrincipal(aChannel, getter_AddRefs(channelPrincipal)); |
642 | if (NS_WARN_IF(NS_FAILED(rv))NS_warn_if_impl(((bool)(__builtin_expect(!!(NS_FAILED_impl(rv )), 0))), "NS_FAILED(rv)", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 642)) { |
643 | LOG(("No channel principal, bail out early"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "No channel principal, bail out early" ); } } while (0); |
644 | return false; |
645 | } |
646 | |
647 | uint32_t cookiePermission = detail::CheckCookiePermissionForPrincipal( |
648 | cookieJarSettings, channelPrincipal); |
649 | if (cookiePermission != nsICookiePermission::ACCESS_DEFAULT) { |
650 | LOG(do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d) for channel's principal, returning %s", int(cookiePermission ), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure"); } } while (0) |
651 | ("CheckCookiePermissionForPrincipal() returned a non-default access "do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d) for channel's principal, returning %s", int(cookiePermission ), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure"); } } while (0) |
652 | "code (%d) for channel's principal, returning %s",do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d) for channel's principal, returning %s", int(cookiePermission ), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure"); } } while (0) |
653 | int(cookiePermission),do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d) for channel's principal, returning %s", int(cookiePermission ), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure"); } } while (0) |
654 | cookiePermission != nsICookiePermission::ACCESS_DENY ? "success"do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d) for channel's principal, returning %s", int(cookiePermission ), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure"); } } while (0) |
655 | : "failure"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d) for channel's principal, returning %s", int(cookiePermission ), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure"); } } while (0); |
656 | if (cookiePermission != nsICookiePermission::ACCESS_DENY) { |
657 | return true; |
658 | } |
659 | |
660 | *aRejectedReason = |
661 | nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION; |
662 | return false; |
663 | } |
664 | |
665 | if (!channelURI) { |
666 | LOG(("No channel uri, bail out early"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "No channel uri, bail out early" ); } } while (0); |
667 | return false; |
668 | } |
669 | |
670 | int32_t behavior = CookiesBehavior(loadInfo, channelURI); |
671 | if (behavior == nsICookieService::BEHAVIOR_ACCEPT) { |
672 | LOG(("The cookie behavior pref mandates accepting all cookies!"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "The cookie behavior pref mandates accepting all cookies!" ); } } while (0); |
673 | return true; |
674 | } |
675 | |
676 | nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel); |
677 | |
678 | if (httpChannel && ContentBlockingAllowList::Check(httpChannel)) { |
679 | return true; |
680 | } |
681 | |
682 | if (behavior == nsICookieService::BEHAVIOR_REJECT) { |
683 | LOG(("The cookie behavior pref mandates rejecting all cookies!"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "The cookie behavior pref mandates rejecting all cookies!" ); } } while (0); |
684 | *aRejectedReason = nsIWebProgressListener::STATE_COOKIES_BLOCKED_ALL; |
685 | return false; |
686 | } |
687 | |
688 | nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil = |
689 | components::ThirdPartyUtil::Service(); |
690 | if (!thirdPartyUtil) { |
691 | LOG(("No thirdPartyUtil, bail out early"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "No thirdPartyUtil, bail out early" ); } } while (0); |
692 | return true; |
693 | } |
694 | |
695 | bool thirdParty = false; |
696 | rv = thirdPartyUtil->IsThirdPartyChannel(aChannel, aURI, &thirdParty); |
697 | // Grant if it's not a 3rd party. |
698 | // Be careful to check the return value of IsThirdPartyChannel, since |
699 | // IsThirdPartyChannel() will fail if the channel's loading principal is the |
700 | // system principal... |
701 | if (NS_SUCCEEDED(rv)((bool)(__builtin_expect(!!(!NS_FAILED_impl(rv)), 1))) && !thirdParty) { |
702 | LOG(("Our channel isn't a third-party channel"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Our channel isn't a third-party channel" ); } } while (0); |
703 | return true; |
704 | } |
705 | |
706 | if (behavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN || |
707 | behavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN) { |
708 | // XXX For non-cookie forms of storage, we handle BEHAVIOR_LIMIT_FOREIGN by |
709 | // simply rejecting the request to use the storage. In the future, if we |
710 | // change the meaning of BEHAVIOR_LIMIT_FOREIGN to be one which makes sense |
711 | // for non-cookie storage types, this may change. |
712 | LOG(("Nothing more to do due to the behavior code %d", int(behavior)))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Nothing more to do due to the behavior code %d" , int(behavior)); } } while (0); |
713 | *aRejectedReason = nsIWebProgressListener::STATE_COOKIES_BLOCKED_FOREIGN; |
714 | return false; |
715 | } |
716 | |
717 | // The channel has been allowlisted. We can return from here. |
718 | if (loadInfo->GetStoragePermission() == |
719 | nsILoadInfo::StoragePermissionAllowListed) { |
720 | return true; |
721 | } |
722 | |
723 | MOZ_ASSERT(do { static_assert( mozilla::detail::AssertionConditionType< decltype(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN )>::isValid, "invalid assertion condition"); if ((__builtin_expect (!!(!(!!(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN ))), 0))) { do { } while (false); MOZ_ReportAssertionFailure( "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 726); AnnotateMozCrashReason("MOZ_ASSERT" "(" "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" ")"); do { *((volatile int*)__null) = 726; __attribute__((nomerge )) ::abort(); } while (false); } } while (false) |
724 | behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER ||do { static_assert( mozilla::detail::AssertionConditionType< decltype(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN )>::isValid, "invalid assertion condition"); if ((__builtin_expect (!!(!(!!(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN ))), 0))) { do { } while (false); MOZ_ReportAssertionFailure( "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 726); AnnotateMozCrashReason("MOZ_ASSERT" "(" "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" ")"); do { *((volatile int*)__null) = 726; __attribute__((nomerge )) ::abort(); } while (false); } } while (false) |
725 | behavior ==do { static_assert( mozilla::detail::AssertionConditionType< decltype(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN )>::isValid, "invalid assertion condition"); if ((__builtin_expect (!!(!(!!(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN ))), 0))) { do { } while (false); MOZ_ReportAssertionFailure( "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 726); AnnotateMozCrashReason("MOZ_ASSERT" "(" "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" ")"); do { *((volatile int*)__null) = 726; __attribute__((nomerge )) ::abort(); } while (false); } } while (false) |
726 | nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN)do { static_assert( mozilla::detail::AssertionConditionType< decltype(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN )>::isValid, "invalid assertion condition"); if ((__builtin_expect (!!(!(!!(behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN ))), 0))) { do { } while (false); MOZ_ReportAssertionFailure( "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 726); AnnotateMozCrashReason("MOZ_ASSERT" "(" "behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER || behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN" ")"); do { *((volatile int*)__null) = 726; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
727 | |
728 | uint32_t blockedReason = |
729 | nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER; |
730 | |
731 | // Not a tracker. |
732 | nsCOMPtr<nsIClassifiedChannel> classifiedChannel = |
733 | do_QueryInterface(aChannel); |
734 | if (behavior == nsICookieService::BEHAVIOR_REJECT_TRACKER) { |
735 | if (classifiedChannel) { |
736 | if (!classifiedChannel->IsThirdPartyTrackingResource()) { |
737 | LOG(("Our channel isn't a third-party tracking channel"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Our channel isn't a third-party tracking channel" ); } } while (0); |
738 | return true; |
739 | } |
740 | |
741 | uint32_t classificationFlags = |
742 | classifiedChannel->GetThirdPartyClassificationFlags(); |
743 | if (classificationFlags & nsIClassifiedChannel::ClassificationFlags:: |
744 | CLASSIFIED_SOCIALTRACKING) { |
745 | blockedReason = |
746 | nsIWebProgressListener::STATE_COOKIES_BLOCKED_SOCIALTRACKER; |
747 | } |
748 | } |
749 | } else if (behavior == |
750 | nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN) { |
751 | if (classifiedChannel && |
752 | classifiedChannel->IsThirdPartyTrackingResource()) { |
753 | // fall through |
754 | } else if (AntiTrackingUtils::IsThirdPartyChannel(aChannel)) { |
755 | LOG(("We're in the third-party context, storage should be partitioned"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "We're in the third-party context, storage should be partitioned" ); } } while (0); |
756 | // fall through but remember that we're partitioning. |
757 | blockedReason = nsIWebProgressListener::STATE_COOKIES_PARTITIONED_FOREIGN; |
758 | } else { |
759 | LOG(("Our channel isn't a third-party channel, storage is allowed"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Our channel isn't a third-party channel, storage is allowed" ); } } while (0); |
760 | return true; |
761 | } |
762 | } else { |
763 | MOZ_ASSERT_UNREACHABLE(do { static_assert( mozilla::detail::AssertionConditionType< decltype(false)>::isValid, "invalid assertion condition"); if ((__builtin_expect(!!(!(!!(false))), 0))) { do { } while ( false); MOZ_ReportAssertionFailure("false" " (" "MOZ_ASSERT_UNREACHABLE: " "This should be an exhaustive list of cookie behaviors possible here." ")", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 764); AnnotateMozCrashReason("MOZ_ASSERT" "(" "false" ") (" "MOZ_ASSERT_UNREACHABLE: " "This should be an exhaustive list of cookie behaviors possible here." ")"); do { *((volatile int*)__null) = 764; __attribute__((nomerge )) ::abort(); } while (false); } } while (false) |
764 | "This should be an exhaustive list of cookie behaviors possible here.")do { static_assert( mozilla::detail::AssertionConditionType< decltype(false)>::isValid, "invalid assertion condition"); if ((__builtin_expect(!!(!(!!(false))), 0))) { do { } while ( false); MOZ_ReportAssertionFailure("false" " (" "MOZ_ASSERT_UNREACHABLE: " "This should be an exhaustive list of cookie behaviors possible here." ")", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 764); AnnotateMozCrashReason("MOZ_ASSERT" "(" "false" ") (" "MOZ_ASSERT_UNREACHABLE: " "This should be an exhaustive list of cookie behaviors possible here." ")"); do { *((volatile int*)__null) = 764; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
765 | } |
766 | |
767 | RefPtr<BrowsingContext> targetBC; |
768 | rv = loadInfo->GetTargetBrowsingContext(getter_AddRefs(targetBC)); |
769 | if (NS_WARN_IF(NS_FAILED(rv))NS_warn_if_impl(((bool)(__builtin_expect(!!(NS_FAILED_impl(rv )), 0))), "NS_FAILED(rv)", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 769)) { |
770 | LOG(("Failed to get the channel's target browsing context"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Failed to get the channel's target browsing context" ); } } while (0); |
771 | return false; |
772 | } |
773 | |
774 | // If we cannot get the target browsing context from the loadInfo, the channel |
775 | // could be a fetch request from a worker scope. In this case, we get the |
776 | // target browsing context from the worker associated browsing context |
777 | // instead. |
778 | if (!targetBC) { |
779 | rv = loadInfo->GetWorkerAssociatedBrowsingContext(getter_AddRefs(targetBC)); |
Value stored to 'rv' is never read | |
780 | } |
781 | |
782 | // We could have no target BC for the channel if it's for loading the script |
783 | // for remote workers, i.e. shared workers and service workers. In this case, |
784 | // we also don't have document, so we can skip the sandbox and the document |
785 | // check. |
786 | if (!targetBC) { |
787 | LOG(("No browsing context is available for the channel."))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "No browsing context is available for the channel." ); } } while (0); |
788 | } |
789 | |
790 | if (targetBC && |
791 | Document::StorageAccessSandboxed(targetBC->GetSandboxFlags())) { |
792 | LOG(("Our document is sandboxed"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Our document is sandboxed" ); } } while (0); |
793 | *aRejectedReason = blockedReason; |
794 | return false; |
795 | } |
796 | |
797 | // Let's see if we have to grant the access for this particular channel. |
798 | |
799 | // UsingStorageAccess only applies to channels that load |
800 | // documents, for sub-resources loads, just returns the result from loadInfo. |
801 | bool isDocument = false; |
802 | aChannel->GetIsDocument(&isDocument); |
803 | |
804 | if (targetBC && isDocument) { |
805 | nsCOMPtr<nsPIDOMWindowInner> inner = |
806 | AntiTrackingUtils::GetInnerWindow(targetBC); |
807 | if (inner && inner->UsingStorageAccess()) { |
808 | LOG(("Permission stored in the window. All good."))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Permission stored in the window. All good." ); } } while (0); |
809 | return true; |
810 | } |
811 | } |
812 | |
813 | bool allowed = |
814 | loadInfo->GetStoragePermission() != nsILoadInfo::NoStoragePermission; |
815 | if (!allowed) { |
816 | *aRejectedReason = blockedReason; |
817 | } |
818 | |
819 | return allowed; |
820 | } |
821 | |
822 | bool ShouldAllowAccessFor(nsIPrincipal* aPrincipal, |
823 | nsICookieJarSettings* aCookieJarSettings) { |
824 | MOZ_ASSERT(aPrincipal)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aPrincipal)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aPrincipal))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aPrincipal", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 824); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aPrincipal" ")" ); do { *((volatile int*)__null) = 824; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
825 | MOZ_ASSERT(aCookieJarSettings)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aCookieJarSettings)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aCookieJarSettings))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aCookieJarSettings" , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 825); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aCookieJarSettings" ")"); do { *((volatile int*)__null) = 825; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
826 | |
827 | uint32_t access = |
828 | detail::CheckCookiePermissionForPrincipal(aCookieJarSettings, aPrincipal); |
829 | |
830 | if (access != nsICookiePermission::ACCESS_DEFAULT) { |
831 | return access != nsICookiePermission::ACCESS_DENY; |
832 | } |
833 | |
834 | int32_t behavior = CookiesBehavior(aPrincipal, aCookieJarSettings); |
835 | return behavior != nsICookieService::BEHAVIOR_REJECT; |
836 | } |
837 | |
838 | /* static */ |
839 | bool ApproximateAllowAccessForWithoutChannel( |
840 | nsPIDOMWindowInner* aFirstPartyWindow, nsIURI* aURI) { |
841 | MOZ_ASSERT(aFirstPartyWindow)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aFirstPartyWindow)>::isValid, "invalid assertion condition" ); if ((__builtin_expect(!!(!(!!(aFirstPartyWindow))), 0))) { do { } while (false); MOZ_ReportAssertionFailure("aFirstPartyWindow" , "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 841); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aFirstPartyWindow" ")"); do { *((volatile int*)__null) = 841; __attribute__((nomerge )) ::abort(); } while (false); } } while (false); |
842 | MOZ_ASSERT(aURI)do { static_assert( mozilla::detail::AssertionConditionType< decltype(aURI)>::isValid, "invalid assertion condition"); if ((__builtin_expect(!!(!(!!(aURI))), 0))) { do { } while (false ); MOZ_ReportAssertionFailure("aURI", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 842); AnnotateMozCrashReason("MOZ_ASSERT" "(" "aURI" ")"); do { *((volatile int*)__null) = 842; __attribute__((nomerge)) :: abort(); } while (false); } } while (false); |
843 | |
844 | LOG_SPEC(do { if ((__builtin_expect(!!(mozilla::detail::log_test(gAntiTrackingLog , mozilla::LogLevel::Debug)), 0))) { nsAutoCString _specStr("(null)"_ns ); if (aURI) { _specStr = (aURI)->GetSpecOrDefault(); } _specStr .Truncate(std::min(_specStr.Length(), sMaxSpecLength)); const char* _spec = _specStr.get(); do { const ::mozilla::LogModule * moz_real_module = gAntiTrackingLog; if ((__builtin_expect(! !(mozilla::detail::log_test(moz_real_module, mozilla::LogLevel ::Debug)), 0))) { mozilla::detail::log_print(moz_real_module, mozilla::LogLevel::Debug, "Computing a best guess as to whether window %p has access to URI %s" , aFirstPartyWindow, _spec); } } while (0); } } while (0) |
845 | ("Computing a best guess as to whether window %p has access to URI %s",do { if ((__builtin_expect(!!(mozilla::detail::log_test(gAntiTrackingLog , mozilla::LogLevel::Debug)), 0))) { nsAutoCString _specStr("(null)"_ns ); if (aURI) { _specStr = (aURI)->GetSpecOrDefault(); } _specStr .Truncate(std::min(_specStr.Length(), sMaxSpecLength)); const char* _spec = _specStr.get(); do { const ::mozilla::LogModule * moz_real_module = gAntiTrackingLog; if ((__builtin_expect(! !(mozilla::detail::log_test(moz_real_module, mozilla::LogLevel ::Debug)), 0))) { mozilla::detail::log_print(moz_real_module, mozilla::LogLevel::Debug, "Computing a best guess as to whether window %p has access to URI %s" , aFirstPartyWindow, _spec); } } while (0); } } while (0) |
846 | aFirstPartyWindow, _spec),do { if ((__builtin_expect(!!(mozilla::detail::log_test(gAntiTrackingLog , mozilla::LogLevel::Debug)), 0))) { nsAutoCString _specStr("(null)"_ns ); if (aURI) { _specStr = (aURI)->GetSpecOrDefault(); } _specStr .Truncate(std::min(_specStr.Length(), sMaxSpecLength)); const char* _spec = _specStr.get(); do { const ::mozilla::LogModule * moz_real_module = gAntiTrackingLog; if ((__builtin_expect(! !(mozilla::detail::log_test(moz_real_module, mozilla::LogLevel ::Debug)), 0))) { mozilla::detail::log_print(moz_real_module, mozilla::LogLevel::Debug, "Computing a best guess as to whether window %p has access to URI %s" , aFirstPartyWindow, _spec); } } while (0); } } while (0) |
847 | aURI)do { if ((__builtin_expect(!!(mozilla::detail::log_test(gAntiTrackingLog , mozilla::LogLevel::Debug)), 0))) { nsAutoCString _specStr("(null)"_ns ); if (aURI) { _specStr = (aURI)->GetSpecOrDefault(); } _specStr .Truncate(std::min(_specStr.Length(), sMaxSpecLength)); const char* _spec = _specStr.get(); do { const ::mozilla::LogModule * moz_real_module = gAntiTrackingLog; if ((__builtin_expect(! !(mozilla::detail::log_test(moz_real_module, mozilla::LogLevel ::Debug)), 0))) { mozilla::detail::log_print(moz_real_module, mozilla::LogLevel::Debug, "Computing a best guess as to whether window %p has access to URI %s" , aFirstPartyWindow, _spec); } } while (0); } } while (0); |
848 | |
849 | Document* parentDocument = |
850 | nsGlobalWindowInner::Cast(aFirstPartyWindow)->GetExtantDoc(); |
851 | if (NS_WARN_IF(!parentDocument)NS_warn_if_impl(!parentDocument, "!parentDocument", "/var/lib/jenkins/workspace/firefox-scan-build/toolkit/components/antitracking/StorageAccess.cpp" , 851)) { |
852 | LOG(("Failed to get the first party window's document"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Failed to get the first party window's document" ); } } while (0); |
853 | return false; |
854 | } |
855 | |
856 | if (!CookiesBehaviorRejectsThirdPartyContexts(parentDocument)) { |
857 | LOG(("Disabled by the pref (%d), bail out early",do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Disabled by the pref (%d), bail out early" , CookiesBehavior(parentDocument)); } } while (0) |
858 | CookiesBehavior(parentDocument)))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Disabled by the pref (%d), bail out early" , CookiesBehavior(parentDocument)); } } while (0); |
859 | return true; |
860 | } |
861 | |
862 | if (ContentBlockingAllowList::Check(aFirstPartyWindow)) { |
863 | return true; |
864 | } |
865 | |
866 | if (!AntiTrackingUtils::IsThirdPartyWindow(aFirstPartyWindow, aURI)) { |
867 | LOG(("Our window isn't a third-party window"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "Our window isn't a third-party window" ); } } while (0); |
868 | return true; |
869 | } |
870 | |
871 | uint32_t cookiePermission = detail::CheckCookiePermissionForPrincipal( |
872 | parentDocument->CookieJarSettings(), parentDocument->NodePrincipal()); |
873 | if (cookiePermission != nsICookiePermission::ACCESS_DEFAULT) { |
874 | LOG(do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d), returning %s", int(cookiePermission), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure") ; } } while (0) |
875 | ("CheckCookiePermissionForPrincipal() returned a non-default access "do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d), returning %s", int(cookiePermission), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure") ; } } while (0) |
876 | "code (%d), returning %s",do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d), returning %s", int(cookiePermission), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure") ; } } while (0) |
877 | int(cookiePermission),do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d), returning %s", int(cookiePermission), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure") ; } } while (0) |
878 | cookiePermission != nsICookiePermission::ACCESS_DENY ? "success"do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d), returning %s", int(cookiePermission), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure") ; } } while (0) |
879 | : "failure"))do { const ::mozilla::LogModule* moz_real_module = gAntiTrackingLog ; if ((__builtin_expect(!!(mozilla::detail::log_test(moz_real_module , mozilla::LogLevel::Debug)), 0))) { mozilla::detail::log_print (moz_real_module, mozilla::LogLevel::Debug, "CheckCookiePermissionForPrincipal() returned a non-default access " "code (%d), returning %s", int(cookiePermission), cookiePermission != nsICookiePermission::ACCESS_DENY ? "success" : "failure") ; } } while (0); |
880 | return cookiePermission != nsICookiePermission::ACCESS_DENY; |
881 | } |
882 | |
883 | nsIPrincipal* parentPrincipal = parentDocument->NodePrincipal(); |
884 | |
885 | nsCOMPtr<nsIPrincipal> principal = BasePrincipal::CreateContentPrincipal( |
886 | aURI, parentPrincipal->OriginAttributesRef()); |
887 | |
888 | nsAutoCString type; |
889 | AntiTrackingUtils::CreateStoragePermissionKey(principal, type); |
890 | |
891 | return AntiTrackingUtils::CheckStoragePermission( |
892 | parentPrincipal, type, |
893 | nsContentUtils::IsInPrivateBrowsing(parentDocument), nullptr, 0); |
894 | } |
895 | } // namespace mozilla |