toolkit/components/antitracking/StorageAccess.h

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
   3 /* This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
   5  * You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #ifndef mozilla_StorageAccess_h
   8 #define mozilla_StorageAccess_h
   9
  10 #include <cstdint>
  11
  12 #include "mozilla/MozPromise.h"
  13 #include "mozilla/RefPtr.h"
  14
  15 #include "mozilla/dom/BrowsingContext.h"
  16
  17 class nsIChannel;
  18 class nsICookieJarSettings;
  19 class nsIPrincipal;
  20 class nsIURI;
  21 class nsPIDOMWindowInner;
  22
  23 namespace mozilla {
  24 namespace dom {
  25 class Document;
  26 }
  27
  28 // The order of these entries matters, as we use std::min for total ordering
  29 // of permissions. Private Browsing is considered to be more limiting
  30 // then session scoping
  31 enum class StorageAccess {
  32   // The storage should be partitioned for third-party resources. if the
  33   // caller is unable to do it, deny the storage access.
  34   ePartitionForeignOrDeny = -2,
  35   // The storage should be partitioned for third-party trackers. if the caller
  36   // is unable to do it, deny the storage access.
  37   ePartitionTrackersOrDeny = -1,
  38   // Don't allow access to the storage
  39   eDeny = 0,
  40   // Allow access to the storage, but only if it is secure to do so in a
  41   // private browsing context.
  42   ePrivateBrowsing = 1,
  43   // Allow access to the storage
  44   eAllow = 3,
  45   // Keep this at the end.  Used for serialization, but not a valid value.
  46   eNumValues = 4,
  47 };
  48
  49 /*
  50  * Checks if storage for the given window is permitted by a combination of
  51  * the user's preferences, and whether the window is a third-party iframe.
  52  *
  53  * This logic is intended to be shared between the different forms of
  54  * persistent storage which are available to web pages. Cookies don't use
  55  * this logic, and security logic related to them must be updated separately.
  56  */
  57 StorageAccess StorageAllowedForWindow(nsPIDOMWindowInner* aWindow,
  58                                       uint32_t* aRejectedReason = nullptr);
  59
  60 /*
  61  * Checks if storage for the given document is permitted by a combination of
  62  * the user's preferences, and whether the document's window is a third-party
  63  * iframe.
  64  *
  65  * Note, this may be used on documents during the loading process where
  66  * the window's extant document has not been set yet.  The code in
  67  * StorageAllowedForWindow(), however, will not work in these cases.
  68  */
  69 StorageAccess StorageAllowedForDocument(const dom::Document* aDoc);
  70
  71 StorageAccess CookieAllowedForDocument(const dom::Document* aDoc);
  72
  73 /*
  74  * Checks if storage should be allowed for a new window with the given
  75  * principal, load URI, and parent.
  76  */
  77 StorageAccess StorageAllowedForNewWindow(nsIPrincipal* aPrincipal, nsIURI* aURI,
  78                                          nsPIDOMWindowInner* aParent);
  79
  80 /*
  81  * Checks if storage should be allowed for the given channel.  The check will
  82  * be based on the channel result principal and, depending on preferences and
  83  * permissions, mozIThirdPartyUtil.isThirdPartyChannel().
  84  */
  85 StorageAccess StorageAllowedForChannel(nsIChannel* aChannel);
  86
  87 /*
  88  * Checks if storage for the given principal is permitted by the user's
  89  * preferences. This method should be used only by ServiceWorker loading.
  90  */
  91 StorageAccess StorageAllowedForServiceWorker(
  92     nsIPrincipal* aPrincipal, nsICookieJarSettings* aCookieJarSettings);
  93
  94 bool ShouldPartitionStorage(StorageAccess aAccess);
  95
  96 bool ShouldPartitionStorage(uint32_t aRejectedReason);
  97
  98 bool StoragePartitioningEnabled(StorageAccess aAccess,
  99                                 nsICookieJarSettings* aCookieJarSettings);
 100
 101 bool StoragePartitioningEnabled(uint32_t aRejectedReason,
 102                                 nsICookieJarSettings* aCookieJarSettings);
 103
 104 // This method returns true if the URI has first party storage access when
 105 // loaded inside the passed 3rd party context tracking resource window.
 106 // If the window is first party context, please use
 107 // ApproximateAllowAccessForWithoutChannel();
 108 //
 109 // aRejectedReason could be set to one of these values if passed and if the
 110 // storage permission is not granted:
 111 //  * nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION
 112 //  * nsIWebProgressListener::STATE_COOKIES_BLOCKED_TRACKER
 113 //  * nsIWebProgressListener::STATE_COOKIES_BLOCKED_SOCIALTRACKER
 114 //  * nsIWebProgressListener::STATE_COOKIES_BLOCKED_ALL
 115 //  * nsIWebProgressListener::STATE_COOKIES_BLOCKED_FOREIGN
 116 //
 117 // If you update this function, you almost certainly want to consider
 118 // updating the other overloaded functions
 119 // (and ApproximateAllowAccessForWithoutChannel).
 120 bool ShouldAllowAccessFor(nsPIDOMWindowInner* a3rdPartyTrackingWindow,
 121                           nsIURI* aURI, uint32_t* aRejectedReason);
 122
 123 // Note: you should use ShouldAllowAccessFor() passing the nsIChannel! Use
 124 // this method _only_ if the channel is not available.  For first party
 125 // window, it's impossible to know if the aURI is a tracking resource
 126 // synchronously, so here we return the best guest: if we are sure that the
 127 // permission is granted for the origin of aURI, this method returns true,
 128 // otherwise false.
 129 //
 130 // If you update this function, you almost certainly want to consider
 131 // updating the ShouldAllowAccessFor functions.
 132 bool ApproximateAllowAccessForWithoutChannel(
 133     nsPIDOMWindowInner* aFirstPartyWindow, nsIURI* aURI);
 134
 135 // It returns true if the URI has access to the first party storage.
 136 // aChannel can be a 3rd party channel, or not.
 137 // See ShouldAllowAccessFor(window) to see the possible values of
 138 // aRejectedReason.
 139 //
 140 // If you update this function, you almost certainly want to consider
 141 // updating the other overloaded functions
 142 // (and ApproximateAllowAccessForWithoutChannel).
 143 bool ShouldAllowAccessFor(nsIChannel* aChannel, nsIURI* aURI,
 144                           uint32_t* aRejectedReason);
 145
 146 // This method checks if the principal has the permission to access to the
 147 // first party storage.
 148 // Warning: only use this function when aPrincipal is first-party.
 149 //
 150 // If you update this function, you almost certainly want to consider
 151 // updating the other overloaded functions
 152 // (and ApproximateAllowAccessForWithoutChannel).
 153 bool ShouldAllowAccessFor(nsIPrincipal* aPrincipal,
 154                           nsICookieJarSettings* aCookieJarSettings);
 155
 156 namespace detail {
 157 uint32_t CheckCookiePermissionForPrincipal(
 158     nsICookieJarSettings* aCookieJarSettings, nsIPrincipal* aPrincipal);
 159 }
 160
 161 }  // namespace mozilla
 162
 163 #endif  // mozilla_StorageAccess_h