diff options
Diffstat (limited to 'toolkit/components/extensions/ExtensionManagement.jsm')
-rw-r--r-- | toolkit/components/extensions/ExtensionManagement.jsm | 321 |
1 files changed, 321 insertions, 0 deletions
diff --git a/toolkit/components/extensions/ExtensionManagement.jsm b/toolkit/components/extensions/ExtensionManagement.jsm new file mode 100644 index 000000000..324c5b71b --- /dev/null +++ b/toolkit/components/extensions/ExtensionManagement.jsm @@ -0,0 +1,321 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +this.EXPORTED_SYMBOLS = ["ExtensionManagement"]; + +const Ci = Components.interfaces; +const Cc = Components.classes; +const Cu = Components.utils; +const Cr = Components.results; + +Cu.import("resource://gre/modules/AppConstants.jsm"); +Cu.import("resource://gre/modules/Services.jsm"); +Cu.import("resource://gre/modules/XPCOMUtils.jsm"); + +XPCOMUtils.defineLazyModuleGetter(this, "ExtensionUtils", + "resource://gre/modules/ExtensionUtils.jsm"); + +XPCOMUtils.defineLazyGetter(this, "console", () => ExtensionUtils.getConsole()); + +XPCOMUtils.defineLazyGetter(this, "UUIDMap", () => { + let {UUIDMap} = Cu.import("resource://gre/modules/Extension.jsm", {}); + return UUIDMap; +}); + +/* + * This file should be kept short and simple since it's loaded even + * when no extensions are running. + */ + +// Keep track of frame IDs for content windows. Mostly we can just use +// the outer window ID as the frame ID. However, the API specifies +// that top-level windows have a frame ID of 0. So we need to keep +// track of which windows are top-level. This code listens to messages +// from ExtensionContent to do that. +var Frames = { + // Window IDs of top-level content windows. + topWindowIds: new Set(), + + init() { + if (Services.appinfo.processType == Services.appinfo.PROCESS_TYPE_CONTENT) { + return; + } + + Services.mm.addMessageListener("Extension:TopWindowID", this); + Services.mm.addMessageListener("Extension:RemoveTopWindowID", this, true); + }, + + isTopWindowId(windowId) { + return this.topWindowIds.has(windowId); + }, + + // Convert an outer window ID to a frame ID. An outer window ID of 0 + // is invalid. + getId(windowId) { + if (this.isTopWindowId(windowId)) { + return 0; + } + if (windowId == 0) { + return -1; + } + return windowId; + }, + + // Convert an outer window ID for a parent window to a frame + // ID. Outer window IDs follow the same convention that + // |window.top.parent === window.top|. The API works differently, + // giving a frame ID of -1 for the the parent of a top-level + // window. This function handles the conversion. + getParentId(parentWindowId, windowId) { + if (parentWindowId == windowId) { + // We have a top-level window. + return -1; + } + + // Not a top-level window. Just return the ID as normal. + return this.getId(parentWindowId); + }, + + receiveMessage({name, data}) { + switch (name) { + case "Extension:TopWindowID": + // FIXME: Need to handle the case where the content process + // crashes. Right now we leak its top window IDs. + this.topWindowIds.add(data.windowId); + break; + + case "Extension:RemoveTopWindowID": + this.topWindowIds.delete(data.windowId); + break; + } + }, +}; +Frames.init(); + +var APIs = { + apis: new Map(), + + register(namespace, schema, script) { + if (this.apis.has(namespace)) { + throw new Error(`API namespace already exists: ${namespace}`); + } + + this.apis.set(namespace, {schema, script}); + }, + + unregister(namespace) { + if (!this.apis.has(namespace)) { + throw new Error(`API namespace does not exist: ${namespace}`); + } + + this.apis.delete(namespace); + }, +}; + +function getURLForExtension(id, path = "") { + let uuid = UUIDMap.get(id, false); + if (!uuid) { + Cu.reportError(`Called getURLForExtension on unmapped extension ${id}`); + return null; + } + return `moz-extension://${uuid}/${path}`; +} + +// This object manages various platform-level issues related to +// moz-extension:// URIs. It lives here so that it can be used in both +// the parent and child processes. +// +// moz-extension URIs have the form moz-extension://uuid/path. Each +// extension has its own UUID, unique to the machine it's installed +// on. This is easier and more secure than using the extension ID, +// since it makes it slightly harder to fingerprint for extensions if +// each user uses different URIs for the extension. +var Service = { + initialized: false, + + // Map[uuid -> extension]. + // extension can be an Extension (parent process) or BrowserExtensionContent (child process). + uuidMap: new Map(), + + init() { + let aps = Cc["@mozilla.org/addons/policy-service;1"].getService(Ci.nsIAddonPolicyService); + aps = aps.wrappedJSObject; + this.aps = aps; + aps.setExtensionURILoadCallback(this.extensionURILoadableByAnyone.bind(this)); + aps.setExtensionURIToAddonIdCallback(this.extensionURIToAddonID.bind(this)); + }, + + // Called when a new extension is loaded. + startupExtension(uuid, uri, extension) { + if (!this.initialized) { + this.initialized = true; + this.init(); + } + + // Create the moz-extension://uuid mapping. + let handler = Services.io.getProtocolHandler("moz-extension"); + handler.QueryInterface(Ci.nsISubstitutingProtocolHandler); + handler.setSubstitution(uuid, uri); + + this.uuidMap.set(uuid, extension); + this.aps.setAddonHasPermissionCallback(extension.id, extension.hasPermission.bind(extension)); + this.aps.setAddonLoadURICallback(extension.id, this.checkAddonMayLoad.bind(this, extension)); + this.aps.setAddonLocalizeCallback(extension.id, extension.localize.bind(extension)); + this.aps.setAddonCSP(extension.id, extension.manifest.content_security_policy); + this.aps.setBackgroundPageUrlCallback(uuid, this.generateBackgroundPageUrl.bind(this, extension)); + }, + + // Called when an extension is unloaded. + shutdownExtension(uuid) { + let extension = this.uuidMap.get(uuid); + this.uuidMap.delete(uuid); + this.aps.setAddonHasPermissionCallback(extension.id, null); + this.aps.setAddonLoadURICallback(extension.id, null); + this.aps.setAddonLocalizeCallback(extension.id, null); + this.aps.setAddonCSP(extension.id, null); + this.aps.setBackgroundPageUrlCallback(uuid, null); + + let handler = Services.io.getProtocolHandler("moz-extension"); + handler.QueryInterface(Ci.nsISubstitutingProtocolHandler); + handler.setSubstitution(uuid, null); + }, + + // Return true if the given URI can be loaded from arbitrary web + // content. The manifest.json |web_accessible_resources| directive + // determines this. + extensionURILoadableByAnyone(uri) { + let uuid = uri.host; + let extension = this.uuidMap.get(uuid); + if (!extension || !extension.webAccessibleResources) { + return false; + } + + let path = uri.QueryInterface(Ci.nsIURL).filePath; + if (path.length > 0 && path[0] == "/") { + path = path.substr(1); + } + return extension.webAccessibleResources.matches(path); + }, + + // Checks whether a given extension can load this URI (typically via + // an XML HTTP request). The manifest.json |permissions| directive + // determines this. + checkAddonMayLoad(extension, uri) { + return extension.whiteListedHosts.matchesIgnoringPath(uri); + }, + + generateBackgroundPageUrl(extension) { + let background_scripts = extension.manifest.background && + extension.manifest.background.scripts; + if (!background_scripts) { + return; + } + let html = "<!DOCTYPE html>\n<body>\n"; + for (let script of background_scripts) { + script = script.replace(/"/g, """); + html += `<script src="${script}"></script>\n`; + } + html += "</body>\n</html>\n"; + return "data:text/html;charset=utf-8," + encodeURIComponent(html); + }, + + // Finds the add-on ID associated with a given moz-extension:// URI. + // This is used to set the addonId on the originAttributes for the + // nsIPrincipal attached to the URI. + extensionURIToAddonID(uri) { + let uuid = uri.host; + let extension = this.uuidMap.get(uuid); + return extension ? extension.id : undefined; + }, +}; + +// API Levels Helpers + +// Find the add-on associated with this document via the +// principal's originAttributes. This value is computed by +// extensionURIToAddonID, which ensures that we don't inject our +// API into webAccessibleResources or remote web pages. +function getAddonIdForWindow(window) { + return Cu.getObjectPrincipal(window).originAttributes.addonId; +} + +const API_LEVELS = Object.freeze({ + NO_PRIVILEGES: 0, + CONTENTSCRIPT_PRIVILEGES: 1, + FULL_PRIVILEGES: 2, +}); + +// Finds the API Level ("FULL_PRIVILEGES", "CONTENTSCRIPT_PRIVILEGES", "NO_PRIVILEGES") +// with a given a window object. +function getAPILevelForWindow(window, addonId) { + const {NO_PRIVILEGES, CONTENTSCRIPT_PRIVILEGES, FULL_PRIVILEGES} = API_LEVELS; + + // Non WebExtension URLs and WebExtension URLs from a different extension + // has no access to APIs. + if (!addonId || getAddonIdForWindow(window) != addonId) { + return NO_PRIVILEGES; + } + + // Extension pages running in the content process always defaults to + // "content script API level privileges". + if (Services.appinfo.processType == Services.appinfo.PROCESS_TYPE_CONTENT) { + return CONTENTSCRIPT_PRIVILEGES; + } + + let docShell = window.QueryInterface(Ci.nsIInterfaceRequestor) + .getInterface(Ci.nsIDocShell); + + // Handling of ExtensionPages running inside sub-frames. + if (docShell.sameTypeParent) { + let parentWindow = docShell.sameTypeParent.QueryInterface(Ci.nsIInterfaceRequestor) + .getInterface(Ci.nsIDOMWindow); + + // The option page iframe embedded in the about:addons tab should have + // full API level privileges. (see Bug 1256282 for rationale) + let parentDocument = parentWindow.document; + let parentIsSystemPrincipal = Services.scriptSecurityManager + .isSystemPrincipal(parentDocument.nodePrincipal); + if (parentDocument.location.href == "about:addons" && parentIsSystemPrincipal) { + return FULL_PRIVILEGES; + } + + // The addon iframes embedded in a addon page from with the same addonId + // should have the same privileges of the sameTypeParent. + // (see Bug 1258347 for rationale) + let parentSameAddonPrivileges = getAPILevelForWindow(parentWindow, addonId); + if (parentSameAddonPrivileges > NO_PRIVILEGES) { + return parentSameAddonPrivileges; + } + + // In all the other cases, WebExtension URLs loaded into sub-frame UI + // will have "content script API level privileges". + // (see Bug 1214658 for rationale) + return CONTENTSCRIPT_PRIVILEGES; + } + + // WebExtension URLs loaded into top frames UI could have full API level privileges. + return FULL_PRIVILEGES; +} + +this.ExtensionManagement = { + startupExtension: Service.startupExtension.bind(Service), + shutdownExtension: Service.shutdownExtension.bind(Service), + + registerAPI: APIs.register.bind(APIs), + unregisterAPI: APIs.unregister.bind(APIs), + + getFrameId: Frames.getId.bind(Frames), + getParentFrameId: Frames.getParentId.bind(Frames), + + getURLForExtension, + + // exported API Level Helpers + getAddonIdForWindow, + getAPILevelForWindow, + API_LEVELS, + + APIs, +}; |