Source code

Revision control

Other Tools

1
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
/* This Source Code Form is subject to the terms of the Mozilla Public
3
* License, v. 2.0. If a copy of the MPL was not distributed with this
4
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5
6
/**
7
* This file contains an interface to the Permission Manager,
8
* used to persistenly store permissions for different object types (cookies,
9
* images etc) on a site-by-site basis.
10
*
11
* This service broadcasts the following notification when the permission list
12
* is changed:
13
*
14
* topic : "perm-changed" (PERM_CHANGE_NOTIFICATION)
15
* broadcast whenever the permission list changes in some way. there
16
* are four possible data strings for this notification; one
17
* notification will be broadcast for each change, and will involve
18
* a single permission.
19
* subject: an nsIPermission interface pointer representing the permission object
20
* that changed.
21
* data : "deleted"
22
* a permission was deleted. the subject is the deleted permission.
23
* "added"
24
* a permission was added. the subject is the added permission.
25
* "changed"
26
* a permission was changed. the subject is the new permission.
27
* "cleared"
28
* the entire permission list was cleared. the subject is null.
29
*/
30
31
#include "nsISupports.idl"
32
33
interface nsIObserver;
34
interface nsIPrincipal;
35
interface mozIDOMWindow;
36
interface nsIPermission;
37
interface nsIRunnable;
38
39
%{ C++
40
namespace IPC {
41
struct Permission;
42
}
43
#include "nsTArrayForwardDeclare.h"
44
%}
45
[ref] native IPCPermissionArrayRef(nsTArray<IPC::Permission>);
46
47
[scriptable, builtinclass, uuid(4dcb3851-eba2-4e42-b236-82d2596fca22)]
48
interface nsIPermissionManager : nsISupports
49
{
50
/**
51
* Predefined return values for the testPermission method and for
52
* the permission param of the add method
53
* NOTE: UNKNOWN_ACTION (0) is reserved to represent the
54
* default permission when no entry is found for a host, and
55
* should not be used by consumers to indicate otherwise.
56
*/
57
const uint32_t UNKNOWN_ACTION = 0;
58
const uint32_t ALLOW_ACTION = 1;
59
const uint32_t DENY_ACTION = 2;
60
const uint32_t PROMPT_ACTION = 3;
61
62
/**
63
* Predefined expiration types for permissions. Permissions can be permanent
64
* (never expire), expire at the end of the session, or expire at a specified
65
* time. Permissions that expire at the end of a session may also have a
66
* specified expiration time.
67
*
68
* EXPIRE_POLICY is a special expiration status. It is set when the permission
69
* is set by reading an enterprise policy. These permissions cannot be overridden.
70
*/
71
const uint32_t EXPIRE_NEVER = 0;
72
const uint32_t EXPIRE_SESSION = 1;
73
const uint32_t EXPIRE_TIME = 2;
74
const uint32_t EXPIRE_POLICY = 3;
75
76
77
/**
78
* Get all custom permissions for a given nsIPrincipal. This will return an
79
* enumerator of all permissions which are not set to default and which
80
* belong to the matching principal of the given nsIPrincipal.
81
*
82
* @param principal the URI to get all permissions for
83
*/
84
Array<nsIPermission> getAllForPrincipal(in nsIPrincipal principal);
85
86
/**
87
* Get all custom permissions of a specific type, specified with a prefix
88
* string. This will return an array of all permissions which are not set to
89
* default. Also the passed type argument is either equal to or a prefix of
90
* the type of the returned permissions.
91
*
92
* @param prefix the type prefix string
93
*/
94
Array<nsIPermission> getAllWithTypePrefix(in ACString prefix);
95
96
/**
97
* Add permission information for a given principal.
98
* It is internally calling the other add() method using the nsIURI from the
99
* principal.
100
* Passing a system principal will be a no-op because they will always be
101
* granted permissions.
102
*/
103
void addFromPrincipal(in nsIPrincipal principal, in ACString type,
104
in uint32_t permission,
105
[optional] in uint32_t expireType,
106
[optional] in int64_t expireTime);
107
108
/**
109
* Remove permission information for a given principal.
110
* This is internally calling remove() with the host from the principal's URI.
111
* Passing system principal will be a no-op because we never add them to the
112
* database.
113
*/
114
void removeFromPrincipal(in nsIPrincipal principal, in ACString type);
115
116
/**
117
* Remove the given permission from the permission manager.
118
*
119
* @param perm a permission obtained from the permission manager.
120
*/
121
void removePermission(in nsIPermission perm);
122
123
/**
124
* Clear permission information for all websites.
125
*/
126
void removeAll();
127
128
/**
129
* Clear all permission information added since the specified time.
130
*/
131
void removeAllSince(in int64_t since);
132
133
/**
134
* Clear all permissions of the passed type.
135
*/
136
void removeByType(in ACString type);
137
138
/**
139
* Clear all permissions of the passed type added since the specified time.
140
* @param type a case-sensitive ASCII string, identifying the permission.
141
* @param since a unix timestamp representing the number of milliseconds from
142
* Jan 1, 1970 00:00:00 UTC.
143
*/
144
void removeByTypeSince(in ACString type, in int64_t since);
145
146
/**
147
* Test whether the principal has the permission to perform a given action.
148
* System principals will always have permissions granted.
149
* This function will perform a pref lookup to permissions.default.<type>
150
* if the specific permission type is part of the whitelist for that functionality.
151
*/
152
uint32_t testPermissionFromPrincipal(in nsIPrincipal principal,
153
in ACString type);
154
155
/**
156
* Test whether the principal associated with the window's document has the
157
* permission to perform a given action. System principals will always
158
* have permissions granted.
159
* This function will perform a pref lookup to permissions.default.<type>
160
* if the specific permission type is part of the whitelist for that functionality.
161
*/
162
uint32_t testPermissionFromWindow(in mozIDOMWindow window,
163
in ACString type);
164
165
/**
166
* See testExactPermission() above.
167
* System principals will always have permissions granted.
168
* This function will perform a pref lookup to permissions.default.<type>
169
* if the specific permission type is part of the whitelist for that functionality.
170
*/
171
uint32_t testExactPermissionFromPrincipal(in nsIPrincipal principal,
172
in ACString type);
173
174
/**
175
* Test whether a website has permission to perform the given action
176
* ignoring active sessions.
177
* System principals will always have permissions granted.
178
* This function will perform a pref lookup to permissions.default.<type>
179
* if the specific permission type is part of the whitelist for that functionality.
180
*
181
* @param principal the principal
182
* @param type a case-sensitive ASCII string, identifying the consumer
183
* @param return see add(), param permission. returns UNKNOWN_ACTION when
184
* there is no stored permission for this uri and / or type.
185
*/
186
uint32_t testExactPermanentPermission(in nsIPrincipal principal,
187
in ACString type);
188
189
/**
190
* Get the permission object associated with the given principal and action.
191
* @param principal The principal
192
* @param type A case-sensitive ASCII string identifying the consumer
193
* @param exactHost If true, only the specific host will be matched,
194
* @see testExactPermission. If false, subdomains will
195
* also be searched, @see testPermission.
196
* @returns The matching permission object, or null if no matching object
197
* was found. No matching object is equivalent to UNKNOWN_ACTION.
198
* @note Clients in general should prefer the test* methods unless they
199
* need to know the specific stored details.
200
* @note This method will always return null for the system principal.
201
*/
202
nsIPermission getPermissionObject(in nsIPrincipal principal,
203
in ACString type,
204
in boolean exactHost);
205
206
/**
207
* Returns all stored permissions.
208
* @return an array of nsIPermission objects
209
*/
210
readonly attribute Array<nsIPermission> all;
211
212
/**
213
* Remove all permissions that will match the origin pattern.
214
*/
215
void removePermissionsWithAttributes(in AString patternAsJSON);
216
217
/**
218
* If the current permission is set to expire, reset the expiration time. If
219
* there is no permission or the current permission does not expire, this
220
* method will silently return.
221
*
222
* @param sessionExpiretime an integer representation of when this permission
223
* should be forgotten (milliseconds since
224
* Jan 1 1970 0:00:00), if it is currently
225
* EXPIRE_SESSION.
226
* @param sessionExpiretime an integer representation of when this permission
227
* should be forgotten (milliseconds since
228
* Jan 1 1970 0:00:00), if it is currently
229
* EXPIRE_TIME.
230
*/
231
void updateExpireTime(in nsIPrincipal principal,
232
in ACString type,
233
in boolean exactHost,
234
in uint64_t sessionExpireTime,
235
in uint64_t persistentExpireTime);
236
237
/**
238
* The content process doesn't have access to every permission. Instead, when
239
* LOAD_DOCUMENT_URI channels for http://, https://, and ftp:// URIs are
240
* opened, the permissions for those channels are sent down to the content
241
* process before the OnStartRequest message. Permissions for principals with
242
* other schemes are sent down at process startup.
243
*
244
* Permissions are keyed and grouped by "Permission Key"s.
245
* `nsPermissionManager::GetKeyForPrincipal` provides the mechanism for
246
* determining the permission key for a given principal.
247
*
248
* This method may only be called in the parent process. It fills the nsTArray
249
* argument with the IPC::Permission objects which have a matching permission
250
* key.
251
*
252
* @param permissionKey The key to use to find the permissions of interest.
253
* @param perms An array which will be filled with the permissions which
254
* match the given permission key.
255
*/
256
void getPermissionsWithKey(in ACString permissionKey, out IPCPermissionArrayRef perms);
257
258
/**
259
* See `nsIPermissionManager::GetPermissionsWithKey` for more info on
260
* Permission keys.
261
*
262
* `SetPermissionsWithKey` may only be called in the Child process, and
263
* initializes the permission manager with the permissions for a given
264
* Permission key. marking permissions with that key as available.
265
*
266
* @param permissionKey The key for the permissions which have been sent over.
267
* @param perms An array with the permissions which match the given key.
268
*/
269
void setPermissionsWithKey(in ACString permissionKey, in IPCPermissionArrayRef perms);
270
271
/**
272
* Broadcasts permissions for the given principal to all content processes.
273
*
274
* DO NOT USE THIS METHOD if you can avoid it. It was added in bug XXX to
275
* handle the current temporary implementation of ServiceWorker debugging. It
276
* will be removed when service worker debugging is fixed.
277
*
278
* @param aPrincipal The principal to broadcast permissions for.
279
*/
280
void broadcastPermissionsForPrincipalToAllContentProcesses(in nsIPrincipal aPrincipal);
281
282
/**
283
* Add a callback which should be run when all permissions are available for
284
* the given nsIPrincipal. This method invokes the callback runnable
285
* synchronously when the permissions are already available. Otherwise the
286
* callback will be run asynchronously in SystemGroup when all permissions
287
* are available in the future.
288
*
289
* NOTE: This method will not request the permissions be sent by the parent
290
* process. This should only be used to wait for permissions which may not
291
* have arrived yet in order to ensure they are present.
292
*
293
* @param aPrincipal The principal to wait for permissions to be available for.
294
* @param aRunnable The runnable to run when permissions are available for the
295
* given principal.
296
*/
297
void whenPermissionsAvailable(in nsIPrincipal aPrincipal,
298
in nsIRunnable aRunnable);
299
300
/**
301
* True if any "preload" permissions are present. This is used to avoid making
302
* potentially expensive permissions checks in nsContentBlocker.
303
*/
304
[infallible] readonly attribute boolean hasPreloadPermissions;
305
};
306
307
%{ C++
308
#define NS_PERMISSIONMANAGER_CONTRACTID "@mozilla.org/permissionmanager;1"
309
310
#define PERM_CHANGE_NOTIFICATION "perm-changed"
311
%}