Source code

Revision control

Other Tools

1
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2
/* This Source Code Form is subject to the terms of the Mozilla Public
3
* License, v. 2.0. If a copy of the MPL was not distributed with this
4
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5
6
/**
7
* This file contains an interface to the Permission Manager,
8
* used to persistenly store permissions for different object types (cookies,
9
* images etc) on a site-by-site basis.
10
*
11
* This service broadcasts the following notification when the permission list
12
* is changed:
13
*
14
* topic : "perm-changed" (PERM_CHANGE_NOTIFICATION)
15
* broadcast whenever the permission list changes in some way. there
16
* are four possible data strings for this notification; one
17
* notification will be broadcast for each change, and will involve
18
* a single permission.
19
* subject: an nsIPermission interface pointer representing the permission object
20
* that changed.
21
* data : "deleted"
22
* a permission was deleted. the subject is the deleted permission.
23
* "added"
24
* a permission was added. the subject is the added permission.
25
* "changed"
26
* a permission was changed. the subject is the new permission.
27
* "cleared"
28
* the entire permission list was cleared. the subject is null.
29
*/
30
31
#include "nsISupports.idl"
32
33
interface nsIURI;
34
interface nsIObserver;
35
interface nsIPrincipal;
36
interface mozIDOMWindow;
37
interface nsIPermission;
38
interface nsISimpleEnumerator;
39
interface nsIRunnable;
40
41
%{ C++
42
namespace IPC {
43
struct Permission;
44
}
45
#include "nsTArrayForwardDeclare.h"
46
%}
47
[ref] native IPCPermissionArrayRef(nsTArray<IPC::Permission>);
48
49
[scriptable, builtinclass, uuid(4dcb3851-eba2-4e42-b236-82d2596fca22)]
50
interface nsIPermissionManager : nsISupports
51
{
52
/**
53
* Predefined return values for the testPermission method and for
54
* the permission param of the add method
55
* NOTE: UNKNOWN_ACTION (0) is reserved to represent the
56
* default permission when no entry is found for a host, and
57
* should not be used by consumers to indicate otherwise.
58
*/
59
const uint32_t UNKNOWN_ACTION = 0;
60
const uint32_t ALLOW_ACTION = 1;
61
const uint32_t DENY_ACTION = 2;
62
const uint32_t PROMPT_ACTION = 3;
63
64
/**
65
* Predefined expiration types for permissions. Permissions can be permanent
66
* (never expire), expire at the end of the session, or expire at a specified
67
* time. Permissions that expire at the end of a session may also have a
68
* specified expiration time.
69
*
70
* EXPIRE_POLICY is a special expiration status. It is set when the permission
71
* is set by reading an enterprise policy. These permissions cannot be overridden.
72
*/
73
const uint32_t EXPIRE_NEVER = 0;
74
const uint32_t EXPIRE_SESSION = 1;
75
const uint32_t EXPIRE_TIME = 2;
76
const uint32_t EXPIRE_POLICY = 3;
77
78
/**
79
* Add permission information for a given URI and permission type. This
80
* operation will cause the type string to be registered if it does not
81
* currently exist. If a permission already exists for a given type, it
82
* will be modified.
83
*
84
* @param uri the uri to add the permission for
85
* @param type a case-sensitive ASCII string, identifying the consumer.
86
* Consumers should choose this string to be unique, with
87
* respect to other consumers.
88
* @param permission an integer representing the desired action (e.g. allow
89
* or deny). The interpretation of this number is up to the
90
* consumer, and may represent different actions for different
91
* types. Consumers may use one of the enumerated permission
92
* actions defined above, for convenience.
93
* NOTE: UNKNOWN_ACTION (0) is reserved to represent the
94
* default permission when no entry is found for a host, and
95
* should not be used by consumers to indicate otherwise.
96
* @param expiretype a constant defining whether this permission should
97
* never expire (EXPIRE_NEVER), expire at the end of the
98
* session (EXPIRE_SESSION), or expire at a specified time
99
* (EXPIRE_TIME).
100
* @param expiretime an integer representation of when this permission
101
* should be forgotten (milliseconds since Jan 1 1970 0:00:00).
102
*/
103
void add(in nsIURI uri,
104
in ACString type,
105
in uint32_t permission,
106
[optional] in uint32_t expireType,
107
[optional] in int64_t expireTime);
108
109
/**
110
* Deprecated! Use getAllForPrincipal!
111
* Get all custom permissions for a given URI. This will return
112
* an enumerator of all permissions which are not set to default
113
* and which belong to the matching principal of the given URI.
114
*
115
* @param uri the URI to get all permissions for
116
*/
117
nsISimpleEnumerator getAllForURI(in nsIURI uri);
118
119
/**
120
* Get all custom permissions for a given nsIPrincipal. This will return an
121
* enumerator of all permissions which are not set to default and which
122
* belong to the matching principal of the given nsIPrincipal.
123
*
124
* @param principal the URI to get all permissions for
125
*/
126
nsISimpleEnumerator getAllForPrincipal(in nsIPrincipal principal);
127
128
/**
129
* Get all custom permissions of a specific type, specified with a prefix
130
* string. This will return an array of all permissions which are not set to
131
* default. Also the passed type argument is either equal to or a prefix of
132
* the type of the returned permissions.
133
*
134
* @param prefix the type prefix string
135
*/
136
Array<nsIPermission> getAllWithTypePrefix(in ACString prefix);
137
138
/**
139
* Add permission information for a given principal.
140
* It is internally calling the other add() method using the nsIURI from the
141
* principal.
142
* Passing a system principal will be a no-op because they will always be
143
* granted permissions.
144
*/
145
void addFromPrincipal(in nsIPrincipal principal, in ACString type,
146
in uint32_t permission,
147
[optional] in uint32_t expireType,
148
[optional] in int64_t expireTime);
149
150
/**
151
* Remove permission information for a given URI and permission type. This will
152
* remove the permission for the entire host described by the uri, acting as the
153
* opposite operation to the add() method.
154
*
155
* @param uri the uri to remove the permission for
156
* @param type a case-sensitive ASCII string, identifying the consumer.
157
* The type must have been previously registered using the
158
* add() method.
159
*/
160
void remove(in nsIURI uri,
161
in ACString type);
162
163
/**
164
* Remove permission information for a given principal.
165
* This is internally calling remove() with the host from the principal's URI.
166
* Passing system principal will be a no-op because we never add them to the
167
* database.
168
*/
169
void removeFromPrincipal(in nsIPrincipal principal, in ACString type);
170
171
/**
172
* Remove the given permission from the permission manager.
173
*
174
* @param perm a permission obtained from the permission manager.
175
*/
176
void removePermission(in nsIPermission perm);
177
178
/**
179
* Clear permission information for all websites.
180
*/
181
void removeAll();
182
183
/**
184
* Clear all permission information added since the specified time.
185
*/
186
void removeAllSince(in int64_t since);
187
188
/**
189
* Clear all permissions of the passed type.
190
*/
191
void removeByType(in ACString type);
192
193
/**
194
* Clear all permissions of the passed type added since the specified time.
195
* @param type a case-sensitive ASCII string, identifying the permission.
196
* @param since a unix timestamp representing the number of milliseconds from
197
* Jan 1, 1970 00:00:00 UTC.
198
*/
199
void removeByTypeSince(in ACString type, in int64_t since);
200
201
/**
202
* Test whether a website has permission to perform the given action.
203
* This function will perform a pref lookup to permissions.default.<type>
204
* if the specific permission type is part of the whitelist for that functionality.
205
* @param uri the uri to be tested
206
* @param type a case-sensitive ASCII string, identifying the consumer
207
* @param return see add(), param permission. returns UNKNOWN_ACTION when
208
* there is no stored permission for this uri and / or type.
209
*/
210
uint32_t testPermission(in nsIURI uri,
211
in ACString type);
212
213
/**
214
* Test whether the principal has the permission to perform a given action.
215
* System principals will always have permissions granted.
216
* This function will perform a pref lookup to permissions.default.<type>
217
* if the specific permission type is part of the whitelist for that functionality.
218
*/
219
uint32_t testPermissionFromPrincipal(in nsIPrincipal principal,
220
in ACString type);
221
222
/**
223
* Test whether the principal associated with the window's document has the
224
* permission to perform a given action. System principals will always
225
* have permissions granted.
226
* This function will perform a pref lookup to permissions.default.<type>
227
* if the specific permission type is part of the whitelist for that functionality.
228
*/
229
uint32_t testPermissionFromWindow(in mozIDOMWindow window,
230
in ACString type);
231
232
/**
233
* Test whether a website has permission to perform the given action.
234
* This requires an exact hostname match, subdomains are not a match.
235
* This function will perform a pref lookup to permissions.default.<type>
236
* if the specific permission type is part of the whitelist for that functionality.
237
* @param uri the uri to be tested
238
* @param type a case-sensitive ASCII string, identifying the consumer
239
* @param return see add(), param permission. returns UNKNOWN_ACTION when
240
* there is no stored permission for this uri and / or type.
241
*/
242
uint32_t testExactPermission(in nsIURI uri,
243
in ACString type);
244
245
/**
246
* See testExactPermission() above.
247
* System principals will always have permissions granted.
248
* This function will perform a pref lookup to permissions.default.<type>
249
* if the specific permission type is part of the whitelist for that functionality.
250
*/
251
uint32_t testExactPermissionFromPrincipal(in nsIPrincipal principal,
252
in ACString type);
253
254
/**
255
* Test whether a website has permission to perform the given action
256
* ignoring active sessions.
257
* System principals will always have permissions granted.
258
* This function will perform a pref lookup to permissions.default.<type>
259
* if the specific permission type is part of the whitelist for that functionality.
260
*
261
* @param principal the principal
262
* @param type a case-sensitive ASCII string, identifying the consumer
263
* @param return see add(), param permission. returns UNKNOWN_ACTION when
264
* there is no stored permission for this uri and / or type.
265
*/
266
uint32_t testExactPermanentPermission(in nsIPrincipal principal,
267
in ACString type);
268
269
/**
270
* Get the permission object associated with the given URI and action.
271
* @param uri The URI
272
* @param type A case-sensitive ASCII string identifying the consumer
273
* @param exactHost If true, only the specific host will be matched,
274
* @see testExactPermission. If false, subdomains will
275
* also be searched, @see testPermission.
276
* @returns The matching permission object, or null if no matching object
277
* was found. No matching object is equivalent to UNKNOWN_ACTION.
278
* @note Clients in general should prefer the test* methods unless they
279
* need to know the specific stored details.
280
* @note This method will always return null for the system principal.
281
*/
282
nsIPermission getPermissionObjectForURI(in nsIURI uri,
283
in ACString type,
284
in boolean exactHost);
285
286
/**
287
* Get the permission object associated with the given principal and action.
288
* @param principal The principal
289
* @param type A case-sensitive ASCII string identifying the consumer
290
* @param exactHost If true, only the specific host will be matched,
291
* @see testExactPermission. If false, subdomains will
292
* also be searched, @see testPermission.
293
* @returns The matching permission object, or null if no matching object
294
* was found. No matching object is equivalent to UNKNOWN_ACTION.
295
* @note Clients in general should prefer the test* methods unless they
296
* need to know the specific stored details.
297
* @note This method will always return null for the system principal.
298
*/
299
nsIPermission getPermissionObject(in nsIPrincipal principal,
300
in ACString type,
301
in boolean exactHost);
302
303
/**
304
* Allows enumeration of all stored permissions
305
* @return an nsISimpleEnumerator interface that allows access to
306
* nsIPermission objects
307
*/
308
readonly attribute nsISimpleEnumerator enumerator;
309
310
/**
311
* Remove all permissions that will match the origin pattern.
312
*/
313
void removePermissionsWithAttributes(in AString patternAsJSON);
314
315
/**
316
* If the current permission is set to expire, reset the expiration time. If
317
* there is no permission or the current permission does not expire, this
318
* method will silently return.
319
*
320
* @param sessionExpiretime an integer representation of when this permission
321
* should be forgotten (milliseconds since
322
* Jan 1 1970 0:00:00), if it is currently
323
* EXPIRE_SESSION.
324
* @param sessionExpiretime an integer representation of when this permission
325
* should be forgotten (milliseconds since
326
* Jan 1 1970 0:00:00), if it is currently
327
* EXPIRE_TIME.
328
*/
329
void updateExpireTime(in nsIPrincipal principal,
330
in ACString type,
331
in boolean exactHost,
332
in uint64_t sessionExpireTime,
333
in uint64_t persistentExpireTime);
334
335
/**
336
* The content process doesn't have access to every permission. Instead, when
337
* LOAD_DOCUMENT_URI channels for http://, https://, and ftp:// URIs are
338
* opened, the permissions for those channels are sent down to the content
339
* process before the OnStartRequest message. Permissions for principals with
340
* other schemes are sent down at process startup.
341
*
342
* Permissions are keyed and grouped by "Permission Key"s.
343
* `nsPermissionManager::GetKeyForPrincipal` provides the mechanism for
344
* determining the permission key for a given principal.
345
*
346
* This method may only be called in the parent process. It fills the nsTArray
347
* argument with the IPC::Permission objects which have a matching permission
348
* key.
349
*
350
* @param permissionKey The key to use to find the permissions of interest.
351
* @param perms An array which will be filled with the permissions which
352
* match the given permission key.
353
*/
354
void getPermissionsWithKey(in ACString permissionKey, out IPCPermissionArrayRef perms);
355
356
/**
357
* See `nsIPermissionManager::GetPermissionsWithKey` for more info on
358
* Permission keys.
359
*
360
* `SetPermissionsWithKey` may only be called in the Child process, and
361
* initializes the permission manager with the permissions for a given
362
* Permission key. marking permissions with that key as available.
363
*
364
* @param permissionKey The key for the permissions which have been sent over.
365
* @param perms An array with the permissions which match the given key.
366
*/
367
void setPermissionsWithKey(in ACString permissionKey, in IPCPermissionArrayRef perms);
368
369
/**
370
* Broadcasts permissions for the given principal to all content processes.
371
*
372
* DO NOT USE THIS METHOD if you can avoid it. It was added in bug XXX to
373
* handle the current temporary implementation of ServiceWorker debugging. It
374
* will be removed when service worker debugging is fixed.
375
*
376
* @param aPrincipal The principal to broadcast permissions for.
377
*/
378
void broadcastPermissionsForPrincipalToAllContentProcesses(in nsIPrincipal aPrincipal);
379
380
/**
381
* Add a callback which should be run when all permissions are available for
382
* the given nsIPrincipal. This method invokes the callback runnable
383
* synchronously when the permissions are already available. Otherwise the
384
* callback will be run asynchronously in SystemGroup when all permissions
385
* are available in the future.
386
*
387
* NOTE: This method will not request the permissions be sent by the parent
388
* process. This should only be used to wait for permissions which may not
389
* have arrived yet in order to ensure they are present.
390
*
391
* @param aPrincipal The principal to wait for permissions to be available for.
392
* @param aRunnable The runnable to run when permissions are available for the
393
* given principal.
394
*/
395
void whenPermissionsAvailable(in nsIPrincipal aPrincipal,
396
in nsIRunnable aRunnable);
397
398
/**
399
* True if any "preload" permissions are present. This is used to avoid making
400
* potentially expensive permissions checks in nsContentBlocker.
401
*/
402
[infallible] readonly attribute boolean hasPreloadPermissions;
403
};
404
405
%{ C++
406
#define NS_PERMISSIONMANAGER_CONTRACTID "@mozilla.org/permissionmanager;1"
407
408
#define PERM_CHANGE_NOTIFICATION "perm-changed"
409
%}