summaryrefslogtreecommitdiffstats
path: root/toolkit/components/extensions/ExtensionManagement.jsm
diff options
context:
space:
mode:
Diffstat (limited to 'toolkit/components/extensions/ExtensionManagement.jsm')
-rw-r--r--toolkit/components/extensions/ExtensionManagement.jsm321
1 files changed, 321 insertions, 0 deletions
diff --git a/toolkit/components/extensions/ExtensionManagement.jsm b/toolkit/components/extensions/ExtensionManagement.jsm
new file mode 100644
index 000000000..324c5b71b
--- /dev/null
+++ b/toolkit/components/extensions/ExtensionManagement.jsm
@@ -0,0 +1,321 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+this.EXPORTED_SYMBOLS = ["ExtensionManagement"];
+
+const Ci = Components.interfaces;
+const Cc = Components.classes;
+const Cu = Components.utils;
+const Cr = Components.results;
+
+Cu.import("resource://gre/modules/AppConstants.jsm");
+Cu.import("resource://gre/modules/Services.jsm");
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+
+XPCOMUtils.defineLazyModuleGetter(this, "ExtensionUtils",
+ "resource://gre/modules/ExtensionUtils.jsm");
+
+XPCOMUtils.defineLazyGetter(this, "console", () => ExtensionUtils.getConsole());
+
+XPCOMUtils.defineLazyGetter(this, "UUIDMap", () => {
+ let {UUIDMap} = Cu.import("resource://gre/modules/Extension.jsm", {});
+ return UUIDMap;
+});
+
+/*
+ * This file should be kept short and simple since it's loaded even
+ * when no extensions are running.
+ */
+
+// Keep track of frame IDs for content windows. Mostly we can just use
+// the outer window ID as the frame ID. However, the API specifies
+// that top-level windows have a frame ID of 0. So we need to keep
+// track of which windows are top-level. This code listens to messages
+// from ExtensionContent to do that.
+var Frames = {
+ // Window IDs of top-level content windows.
+ topWindowIds: new Set(),
+
+ init() {
+ if (Services.appinfo.processType == Services.appinfo.PROCESS_TYPE_CONTENT) {
+ return;
+ }
+
+ Services.mm.addMessageListener("Extension:TopWindowID", this);
+ Services.mm.addMessageListener("Extension:RemoveTopWindowID", this, true);
+ },
+
+ isTopWindowId(windowId) {
+ return this.topWindowIds.has(windowId);
+ },
+
+ // Convert an outer window ID to a frame ID. An outer window ID of 0
+ // is invalid.
+ getId(windowId) {
+ if (this.isTopWindowId(windowId)) {
+ return 0;
+ }
+ if (windowId == 0) {
+ return -1;
+ }
+ return windowId;
+ },
+
+ // Convert an outer window ID for a parent window to a frame
+ // ID. Outer window IDs follow the same convention that
+ // |window.top.parent === window.top|. The API works differently,
+ // giving a frame ID of -1 for the the parent of a top-level
+ // window. This function handles the conversion.
+ getParentId(parentWindowId, windowId) {
+ if (parentWindowId == windowId) {
+ // We have a top-level window.
+ return -1;
+ }
+
+ // Not a top-level window. Just return the ID as normal.
+ return this.getId(parentWindowId);
+ },
+
+ receiveMessage({name, data}) {
+ switch (name) {
+ case "Extension:TopWindowID":
+ // FIXME: Need to handle the case where the content process
+ // crashes. Right now we leak its top window IDs.
+ this.topWindowIds.add(data.windowId);
+ break;
+
+ case "Extension:RemoveTopWindowID":
+ this.topWindowIds.delete(data.windowId);
+ break;
+ }
+ },
+};
+Frames.init();
+
+var APIs = {
+ apis: new Map(),
+
+ register(namespace, schema, script) {
+ if (this.apis.has(namespace)) {
+ throw new Error(`API namespace already exists: ${namespace}`);
+ }
+
+ this.apis.set(namespace, {schema, script});
+ },
+
+ unregister(namespace) {
+ if (!this.apis.has(namespace)) {
+ throw new Error(`API namespace does not exist: ${namespace}`);
+ }
+
+ this.apis.delete(namespace);
+ },
+};
+
+function getURLForExtension(id, path = "") {
+ let uuid = UUIDMap.get(id, false);
+ if (!uuid) {
+ Cu.reportError(`Called getURLForExtension on unmapped extension ${id}`);
+ return null;
+ }
+ return `moz-extension://${uuid}/${path}`;
+}
+
+// This object manages various platform-level issues related to
+// moz-extension:// URIs. It lives here so that it can be used in both
+// the parent and child processes.
+//
+// moz-extension URIs have the form moz-extension://uuid/path. Each
+// extension has its own UUID, unique to the machine it's installed
+// on. This is easier and more secure than using the extension ID,
+// since it makes it slightly harder to fingerprint for extensions if
+// each user uses different URIs for the extension.
+var Service = {
+ initialized: false,
+
+ // Map[uuid -> extension].
+ // extension can be an Extension (parent process) or BrowserExtensionContent (child process).
+ uuidMap: new Map(),
+
+ init() {
+ let aps = Cc["@mozilla.org/addons/policy-service;1"].getService(Ci.nsIAddonPolicyService);
+ aps = aps.wrappedJSObject;
+ this.aps = aps;
+ aps.setExtensionURILoadCallback(this.extensionURILoadableByAnyone.bind(this));
+ aps.setExtensionURIToAddonIdCallback(this.extensionURIToAddonID.bind(this));
+ },
+
+ // Called when a new extension is loaded.
+ startupExtension(uuid, uri, extension) {
+ if (!this.initialized) {
+ this.initialized = true;
+ this.init();
+ }
+
+ // Create the moz-extension://uuid mapping.
+ let handler = Services.io.getProtocolHandler("moz-extension");
+ handler.QueryInterface(Ci.nsISubstitutingProtocolHandler);
+ handler.setSubstitution(uuid, uri);
+
+ this.uuidMap.set(uuid, extension);
+ this.aps.setAddonHasPermissionCallback(extension.id, extension.hasPermission.bind(extension));
+ this.aps.setAddonLoadURICallback(extension.id, this.checkAddonMayLoad.bind(this, extension));
+ this.aps.setAddonLocalizeCallback(extension.id, extension.localize.bind(extension));
+ this.aps.setAddonCSP(extension.id, extension.manifest.content_security_policy);
+ this.aps.setBackgroundPageUrlCallback(uuid, this.generateBackgroundPageUrl.bind(this, extension));
+ },
+
+ // Called when an extension is unloaded.
+ shutdownExtension(uuid) {
+ let extension = this.uuidMap.get(uuid);
+ this.uuidMap.delete(uuid);
+ this.aps.setAddonHasPermissionCallback(extension.id, null);
+ this.aps.setAddonLoadURICallback(extension.id, null);
+ this.aps.setAddonLocalizeCallback(extension.id, null);
+ this.aps.setAddonCSP(extension.id, null);
+ this.aps.setBackgroundPageUrlCallback(uuid, null);
+
+ let handler = Services.io.getProtocolHandler("moz-extension");
+ handler.QueryInterface(Ci.nsISubstitutingProtocolHandler);
+ handler.setSubstitution(uuid, null);
+ },
+
+ // Return true if the given URI can be loaded from arbitrary web
+ // content. The manifest.json |web_accessible_resources| directive
+ // determines this.
+ extensionURILoadableByAnyone(uri) {
+ let uuid = uri.host;
+ let extension = this.uuidMap.get(uuid);
+ if (!extension || !extension.webAccessibleResources) {
+ return false;
+ }
+
+ let path = uri.QueryInterface(Ci.nsIURL).filePath;
+ if (path.length > 0 && path[0] == "/") {
+ path = path.substr(1);
+ }
+ return extension.webAccessibleResources.matches(path);
+ },
+
+ // Checks whether a given extension can load this URI (typically via
+ // an XML HTTP request). The manifest.json |permissions| directive
+ // determines this.
+ checkAddonMayLoad(extension, uri) {
+ return extension.whiteListedHosts.matchesIgnoringPath(uri);
+ },
+
+ generateBackgroundPageUrl(extension) {
+ let background_scripts = extension.manifest.background &&
+ extension.manifest.background.scripts;
+ if (!background_scripts) {
+ return;
+ }
+ let html = "<!DOCTYPE html>\n<body>\n";
+ for (let script of background_scripts) {
+ script = script.replace(/"/g, "&quot;");
+ html += `<script src="${script}"></script>\n`;
+ }
+ html += "</body>\n</html>\n";
+ return "data:text/html;charset=utf-8," + encodeURIComponent(html);
+ },
+
+ // Finds the add-on ID associated with a given moz-extension:// URI.
+ // This is used to set the addonId on the originAttributes for the
+ // nsIPrincipal attached to the URI.
+ extensionURIToAddonID(uri) {
+ let uuid = uri.host;
+ let extension = this.uuidMap.get(uuid);
+ return extension ? extension.id : undefined;
+ },
+};
+
+// API Levels Helpers
+
+// Find the add-on associated with this document via the
+// principal's originAttributes. This value is computed by
+// extensionURIToAddonID, which ensures that we don't inject our
+// API into webAccessibleResources or remote web pages.
+function getAddonIdForWindow(window) {
+ return Cu.getObjectPrincipal(window).originAttributes.addonId;
+}
+
+const API_LEVELS = Object.freeze({
+ NO_PRIVILEGES: 0,
+ CONTENTSCRIPT_PRIVILEGES: 1,
+ FULL_PRIVILEGES: 2,
+});
+
+// Finds the API Level ("FULL_PRIVILEGES", "CONTENTSCRIPT_PRIVILEGES", "NO_PRIVILEGES")
+// with a given a window object.
+function getAPILevelForWindow(window, addonId) {
+ const {NO_PRIVILEGES, CONTENTSCRIPT_PRIVILEGES, FULL_PRIVILEGES} = API_LEVELS;
+
+ // Non WebExtension URLs and WebExtension URLs from a different extension
+ // has no access to APIs.
+ if (!addonId || getAddonIdForWindow(window) != addonId) {
+ return NO_PRIVILEGES;
+ }
+
+ // Extension pages running in the content process always defaults to
+ // "content script API level privileges".
+ if (Services.appinfo.processType == Services.appinfo.PROCESS_TYPE_CONTENT) {
+ return CONTENTSCRIPT_PRIVILEGES;
+ }
+
+ let docShell = window.QueryInterface(Ci.nsIInterfaceRequestor)
+ .getInterface(Ci.nsIDocShell);
+
+ // Handling of ExtensionPages running inside sub-frames.
+ if (docShell.sameTypeParent) {
+ let parentWindow = docShell.sameTypeParent.QueryInterface(Ci.nsIInterfaceRequestor)
+ .getInterface(Ci.nsIDOMWindow);
+
+ // The option page iframe embedded in the about:addons tab should have
+ // full API level privileges. (see Bug 1256282 for rationale)
+ let parentDocument = parentWindow.document;
+ let parentIsSystemPrincipal = Services.scriptSecurityManager
+ .isSystemPrincipal(parentDocument.nodePrincipal);
+ if (parentDocument.location.href == "about:addons" && parentIsSystemPrincipal) {
+ return FULL_PRIVILEGES;
+ }
+
+ // The addon iframes embedded in a addon page from with the same addonId
+ // should have the same privileges of the sameTypeParent.
+ // (see Bug 1258347 for rationale)
+ let parentSameAddonPrivileges = getAPILevelForWindow(parentWindow, addonId);
+ if (parentSameAddonPrivileges > NO_PRIVILEGES) {
+ return parentSameAddonPrivileges;
+ }
+
+ // In all the other cases, WebExtension URLs loaded into sub-frame UI
+ // will have "content script API level privileges".
+ // (see Bug 1214658 for rationale)
+ return CONTENTSCRIPT_PRIVILEGES;
+ }
+
+ // WebExtension URLs loaded into top frames UI could have full API level privileges.
+ return FULL_PRIVILEGES;
+}
+
+this.ExtensionManagement = {
+ startupExtension: Service.startupExtension.bind(Service),
+ shutdownExtension: Service.shutdownExtension.bind(Service),
+
+ registerAPI: APIs.register.bind(APIs),
+ unregisterAPI: APIs.unregister.bind(APIs),
+
+ getFrameId: Frames.getId.bind(Frames),
+ getParentFrameId: Frames.getParentId.bind(Frames),
+
+ getURLForExtension,
+
+ // exported API Level Helpers
+ getAddonIdForWindow,
+ getAPILevelForWindow,
+ API_LEVELS,
+
+ APIs,
+};