mirror of
https://github.com/servo/servo.git
synced 2025-08-03 04:30:10 +01:00
libservo: Flesh out permissions API (#35396)
- Update the script crate to better reflect the modern Permission specifcation -- removing the necessity for an `Insecure` variant of the permissions prompt. - Have all allow/deny type requests in the internal API use an `AllowOrDeny` enum for clarity. - Expose `PermissionsRequest` and `PermissionFeature` data types to the API and use them in the delegate method. - Update both servoshell implementations to use the API. Signed-off-by: Martin Robinson <mrobinson@igalia.com> Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
This commit is contained in:
parent
b72932bc88
commit
f51a5661f8
11 changed files with 211 additions and 207 deletions
|
@ -29,7 +29,7 @@ use crate::dom::bluetoothpermissionresult::BluetoothPermissionResult;
|
|||
use crate::dom::bluetoothuuid::{BluetoothServiceUUID, BluetoothUUID, UUID};
|
||||
use crate::dom::eventtarget::EventTarget;
|
||||
use crate::dom::globalscope::GlobalScope;
|
||||
use crate::dom::permissions::{get_descriptor_permission_state, PermissionAlgorithm};
|
||||
use crate::dom::permissions::{descriptor_permission_state, PermissionAlgorithm};
|
||||
use crate::dom::promise::Promise;
|
||||
use crate::script_runtime::{CanGc, JSContext};
|
||||
use crate::task::TaskOnce;
|
||||
|
@ -227,7 +227,7 @@ impl Bluetooth {
|
|||
|
||||
// Step 4 - 5.
|
||||
if let PermissionState::Denied =
|
||||
get_descriptor_permission_state(PermissionName::Bluetooth, None)
|
||||
descriptor_permission_state(PermissionName::Bluetooth, None)
|
||||
{
|
||||
return p.reject_error(Error::NotFound);
|
||||
}
|
||||
|
@ -649,7 +649,7 @@ impl PermissionAlgorithm for Bluetooth {
|
|||
// Step 1: We are not using the `global` variable.
|
||||
|
||||
// Step 2.
|
||||
status.set_state(get_descriptor_permission_state(status.get_query(), None));
|
||||
status.set_state(descriptor_permission_state(status.get_query(), None));
|
||||
|
||||
// Step 3.
|
||||
if let PermissionState::Denied = status.get_state() {
|
||||
|
|
|
@ -24,8 +24,8 @@ use cssparser::match_ignore_ascii_case;
|
|||
use devtools_traits::ScriptToDevtoolsControlMsg;
|
||||
use dom_struct::dom_struct;
|
||||
use embedder_traits::{
|
||||
ClipboardEventType, EmbedderMsg, LoadStatus, MouseButton, MouseEventType, TouchEventType,
|
||||
TouchId, WheelDelta,
|
||||
AllowOrDeny, ClipboardEventType, EmbedderMsg, LoadStatus, MouseButton, MouseEventType,
|
||||
TouchEventType, TouchId, WheelDelta,
|
||||
};
|
||||
use encoding_rs::{Encoding, UTF_8};
|
||||
use euclid::default::{Point2D, Rect, Size2D};
|
||||
|
@ -94,6 +94,7 @@ use crate::dom::bindings::codegen::Bindings::NavigatorBinding::Navigator_Binding
|
|||
use crate::dom::bindings::codegen::Bindings::NodeBinding::NodeMethods;
|
||||
use crate::dom::bindings::codegen::Bindings::NodeFilterBinding::NodeFilter;
|
||||
use crate::dom::bindings::codegen::Bindings::PerformanceBinding::PerformanceMethods;
|
||||
use crate::dom::bindings::codegen::Bindings::PermissionStatusBinding::PermissionName;
|
||||
use crate::dom::bindings::codegen::Bindings::ShadowRootBinding::ShadowRootMethods;
|
||||
use crate::dom::bindings::codegen::Bindings::TouchBinding::TouchMethods;
|
||||
use crate::dom::bindings::codegen::Bindings::WindowBinding::{
|
||||
|
@ -2492,7 +2493,7 @@ impl Document {
|
|||
let (chan, port) = ipc::channel().expect("Failed to create IPC channel!");
|
||||
let msg = EmbedderMsg::AllowUnload(self.webview_id(), chan);
|
||||
self.send_to_embedder(msg);
|
||||
can_unload = port.recv().unwrap();
|
||||
can_unload = port.recv().unwrap() == AllowOrDeny::Allow;
|
||||
}
|
||||
// Step 9
|
||||
if !recursive_flag {
|
||||
|
@ -3309,6 +3310,26 @@ impl Document {
|
|||
.parse(url)
|
||||
.map(ServoUrl::from)
|
||||
}
|
||||
|
||||
/// <https://html.spec.whatwg.org/multipage/#allowed-to-use>
|
||||
pub(crate) fn allowed_to_use_feature(&self, _feature: PermissionName) -> bool {
|
||||
// Step 1. If document's browsing context is null, then return false.
|
||||
if !self.has_browsing_context {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Step 2. If document is not fully active, then return false.
|
||||
if !self.is_fully_active() {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Step 3. If the result of running is feature enabled in document for origin on
|
||||
// feature, document, and document's origin is "Enabled", then return true.
|
||||
// Step 4. Return false.
|
||||
// TODO: All features are currently enabled for `Document`s because we do not
|
||||
// implement the Permissions Policy specification.
|
||||
true
|
||||
}
|
||||
}
|
||||
|
||||
fn is_character_value_key(key: &Key) -> bool {
|
||||
|
|
|
@ -81,7 +81,9 @@ use crate::dom::bindings::codegen::Bindings::ImageBitmapBinding::{
|
|||
};
|
||||
use crate::dom::bindings::codegen::Bindings::NavigatorBinding::NavigatorMethods;
|
||||
use crate::dom::bindings::codegen::Bindings::PerformanceBinding::Performance_Binding::PerformanceMethods;
|
||||
use crate::dom::bindings::codegen::Bindings::PermissionStatusBinding::PermissionState;
|
||||
use crate::dom::bindings::codegen::Bindings::PermissionStatusBinding::{
|
||||
PermissionName, PermissionState,
|
||||
};
|
||||
use crate::dom::bindings::codegen::Bindings::VoidFunctionBinding::VoidFunction;
|
||||
use crate::dom::bindings::codegen::Bindings::WindowBinding::WindowMethods;
|
||||
use crate::dom::bindings::codegen::Bindings::WorkerGlobalScopeBinding::WorkerGlobalScopeMethods;
|
||||
|
@ -273,7 +275,7 @@ pub(crate) struct GlobalScope {
|
|||
creation_url: Option<ServoUrl>,
|
||||
|
||||
/// A map for storing the previous permission state read results.
|
||||
permission_state_invocation_results: DomRefCell<HashMap<String, PermissionState>>,
|
||||
permission_state_invocation_results: DomRefCell<HashMap<PermissionName, PermissionState>>,
|
||||
|
||||
/// The microtask queue associated with this global.
|
||||
///
|
||||
|
@ -1965,7 +1967,7 @@ impl GlobalScope {
|
|||
|
||||
pub(crate) fn permission_state_invocation_results(
|
||||
&self,
|
||||
) -> &DomRefCell<HashMap<String, PermissionState>> {
|
||||
) -> &DomRefCell<HashMap<PermissionName, PermissionState>> {
|
||||
&self.permission_state_invocation_results
|
||||
}
|
||||
|
||||
|
@ -2918,7 +2920,12 @@ impl GlobalScope {
|
|||
self.https_state.set(https_state);
|
||||
}
|
||||
|
||||
/// <https://html.spec.whatwg.org/multipage/#secure-context>
|
||||
pub(crate) fn is_secure_context(&self) -> bool {
|
||||
// This differs from the specification, but it seems that
|
||||
// `inherited_secure_context` implements more-or-less the exact same logic, in a
|
||||
// different manner. Workers inherit whether or not their in a secure context and
|
||||
// worklets do as well (they can only be created in secure contexts).
|
||||
if Some(false) == self.inherited_secure_context {
|
||||
return false;
|
||||
}
|
||||
|
|
|
@ -5,18 +5,21 @@
|
|||
use std::rc::Rc;
|
||||
|
||||
use dom_struct::dom_struct;
|
||||
use embedder_traits::{self, EmbedderMsg, PermissionPrompt, PermissionRequest};
|
||||
use embedder_traits::{self, AllowOrDeny, EmbedderMsg, PermissionFeature};
|
||||
use ipc_channel::ipc;
|
||||
use js::conversions::ConversionResult;
|
||||
use js::jsapi::JSObject;
|
||||
use js::jsval::{ObjectValue, UndefinedValue};
|
||||
use script_bindings::inheritance::Castable;
|
||||
use servo_config::pref;
|
||||
|
||||
use super::window::Window;
|
||||
use crate::conversions::Convert;
|
||||
use crate::dom::bindings::codegen::Bindings::PermissionStatusBinding::{
|
||||
PermissionDescriptor, PermissionName, PermissionState, PermissionStatusMethods,
|
||||
};
|
||||
use crate::dom::bindings::codegen::Bindings::PermissionsBinding::PermissionsMethods;
|
||||
use crate::dom::bindings::codegen::Bindings::WindowBinding::Window_Binding::WindowMethods;
|
||||
use crate::dom::bindings::error::Error;
|
||||
use crate::dom::bindings::reflector::{reflect_dom_object, DomGlobal, Reflector};
|
||||
use crate::dom::bindings::root::DomRoot;
|
||||
|
@ -142,7 +145,7 @@ impl Permissions {
|
|||
globalscope
|
||||
.permission_state_invocation_results()
|
||||
.borrow_mut()
|
||||
.remove(&root_desc.name.to_string());
|
||||
.remove(&root_desc.name);
|
||||
|
||||
// (Revoke) Step 4.
|
||||
Bluetooth::permission_revoke(&bluetooth_desc, &result, can_gc)
|
||||
|
@ -174,7 +177,7 @@ impl Permissions {
|
|||
globalscope
|
||||
.permission_state_invocation_results()
|
||||
.borrow_mut()
|
||||
.remove(&root_desc.name.to_string());
|
||||
.remove(&root_desc.name);
|
||||
|
||||
// (Revoke) Step 4.
|
||||
Permissions::permission_revoke(&root_desc, &status, can_gc);
|
||||
|
@ -231,15 +234,25 @@ impl PermissionAlgorithm for Permissions {
|
|||
}
|
||||
}
|
||||
|
||||
// https://w3c.github.io/permissions/#boolean-permission-query-algorithm
|
||||
/// <https://w3c.github.io/permissions/#dfn-permission-query-algorithm>
|
||||
///
|
||||
/// > permission query algorithm:
|
||||
/// > Takes an instance of the permission descriptor type and a new or existing instance of
|
||||
/// > the permission result type, and updates the permission result type instance with the
|
||||
/// > query result. Used by Permissions' query(permissionDesc) method and the
|
||||
/// > PermissionStatus update steps. If unspecified, this defaults to the default permission
|
||||
/// > query algorithm.
|
||||
///
|
||||
/// > The default permission query algorithm, given a PermissionDescriptor
|
||||
/// > permissionDesc and a PermissionStatus status, runs the following steps:
|
||||
fn permission_query(
|
||||
_cx: JSContext,
|
||||
_promise: &Rc<Promise>,
|
||||
_descriptor: &PermissionDescriptor,
|
||||
status: &PermissionStatus,
|
||||
) {
|
||||
// Step 1.
|
||||
status.set_state(get_descriptor_permission_state(status.get_query(), None));
|
||||
// Step 1. Set status's state to permissionDesc's permission state.
|
||||
status.set_state(descriptor_permission_state(status.get_query(), None));
|
||||
}
|
||||
|
||||
// https://w3c.github.io/permissions/#boolean-permission-request-algorithm
|
||||
|
@ -255,16 +268,14 @@ impl PermissionAlgorithm for Permissions {
|
|||
match status.State() {
|
||||
// Step 3.
|
||||
PermissionState::Prompt => {
|
||||
let perm_name = status.get_query();
|
||||
let prompt = PermissionPrompt::Request(perm_name.convert());
|
||||
|
||||
// https://w3c.github.io/permissions/#request-permission-to-use (Step 3 - 4)
|
||||
let permission_name = status.get_query();
|
||||
let globalscope = GlobalScope::current().expect("No current global object");
|
||||
let state = prompt_user_from_embedder(prompt, &globalscope);
|
||||
let state = prompt_user_from_embedder(permission_name, &globalscope);
|
||||
globalscope
|
||||
.permission_state_invocation_results()
|
||||
.borrow_mut()
|
||||
.insert(perm_name.to_string(), state);
|
||||
.insert(permission_name, state);
|
||||
},
|
||||
|
||||
// Step 2.
|
||||
|
@ -283,95 +294,73 @@ impl PermissionAlgorithm for Permissions {
|
|||
}
|
||||
}
|
||||
|
||||
// https://w3c.github.io/permissions/#permission-state
|
||||
pub(crate) fn get_descriptor_permission_state(
|
||||
permission_name: PermissionName,
|
||||
/// <https://w3c.github.io/permissions/#dfn-permission-state>
|
||||
pub(crate) fn descriptor_permission_state(
|
||||
feature: PermissionName,
|
||||
env_settings_obj: Option<&GlobalScope>,
|
||||
) -> PermissionState {
|
||||
// Step 1.
|
||||
let globalscope = match env_settings_obj {
|
||||
// Step 1. If settings wasn't passed, set it to the current settings object.
|
||||
let global_scope = match env_settings_obj {
|
||||
Some(env_settings_obj) => DomRoot::from_ref(env_settings_obj),
|
||||
None => GlobalScope::current().expect("No current global object"),
|
||||
};
|
||||
|
||||
// Step 2.
|
||||
// TODO: The `is the environment settings object a non-secure context` check is missing.
|
||||
// The current solution is a workaround with a message box to warn about this,
|
||||
// if the feature is not allowed in non-secure contexcts,
|
||||
// and let the user decide to grant the permission or not.
|
||||
let state = if allowed_in_nonsecure_contexts(&permission_name) {
|
||||
PermissionState::Prompt
|
||||
} else if pref!(dom_permissions_testing_allowed_in_nonsecure_contexts) {
|
||||
PermissionState::Granted
|
||||
} else {
|
||||
globalscope
|
||||
.permission_state_invocation_results()
|
||||
.borrow_mut()
|
||||
.remove(&permission_name.to_string());
|
||||
prompt_user_from_embedder(
|
||||
PermissionPrompt::Insecure(permission_name.convert()),
|
||||
&globalscope,
|
||||
)
|
||||
};
|
||||
// Step 2. If settings is a non-secure context, return "denied".
|
||||
if !global_scope.is_secure_context() {
|
||||
if pref!(dom_permissions_testing_allowed_in_nonsecure_contexts) {
|
||||
return PermissionState::Granted;
|
||||
}
|
||||
return PermissionState::Denied;
|
||||
}
|
||||
|
||||
// Step 3.
|
||||
if let Some(prev_result) = globalscope
|
||||
// Step 3. Let feature be descriptor's name.
|
||||
// The caller has already converted the descriptor into a name.
|
||||
|
||||
// Step 4. If there exists a policy-controlled feature for feature and settings'
|
||||
// relevant global object has an associated Document run the following step:
|
||||
// 1. Let document be settings' relevant global object's associated Document.
|
||||
// 2. If document is not allowed to use feature, return "denied".
|
||||
if let Some(window) = global_scope.downcast::<Window>() {
|
||||
if !window.Document().allowed_to_use_feature(feature) {
|
||||
return PermissionState::Denied;
|
||||
}
|
||||
}
|
||||
|
||||
// Step 5. Let key be the result of generating a permission key for descriptor with settings.
|
||||
// Step 6. Let entry be the result of getting a permission store entry with descriptor and key.
|
||||
// Step 7. If entry is not null, return a PermissionState enum value from entry's state.
|
||||
//
|
||||
// TODO: We aren't making a key based on the descriptor, but on the descriptor's name. This really
|
||||
// only matters for WebBluetooth, which adds more fields to the descriptor beyond the name.
|
||||
if let Some(entry) = global_scope
|
||||
.permission_state_invocation_results()
|
||||
.borrow()
|
||||
.get(&permission_name.to_string())
|
||||
.get(&feature)
|
||||
{
|
||||
return *prev_result;
|
||||
return *entry;
|
||||
}
|
||||
|
||||
// Store the invocation result
|
||||
globalscope
|
||||
.permission_state_invocation_results()
|
||||
.borrow_mut()
|
||||
.insert(permission_name.to_string(), state);
|
||||
|
||||
// Step 4.
|
||||
state
|
||||
// Step 8. Return the PermissionState enum value that represents the permission state
|
||||
// of feature, taking into account any permission state constraints for descriptor's
|
||||
// name.
|
||||
PermissionState::Prompt
|
||||
}
|
||||
|
||||
// https://w3c.github.io/permissions/#allowed-in-non-secure-contexts
|
||||
fn allowed_in_nonsecure_contexts(permission_name: &PermissionName) -> bool {
|
||||
match *permission_name {
|
||||
// https://w3c.github.io/permissions/#dom-permissionname-geolocation
|
||||
PermissionName::Geolocation => true,
|
||||
// https://w3c.github.io/permissions/#dom-permissionname-notifications
|
||||
PermissionName::Notifications => true,
|
||||
// https://w3c.github.io/permissions/#dom-permissionname-push
|
||||
PermissionName::Push => false,
|
||||
// https://w3c.github.io/permissions/#dom-permissionname-midi
|
||||
PermissionName::Midi => true,
|
||||
// https://w3c.github.io/permissions/#dom-permissionname-camera
|
||||
PermissionName::Camera => false,
|
||||
// https://w3c.github.io/permissions/#dom-permissionname-microphone
|
||||
PermissionName::Microphone => false,
|
||||
// https://w3c.github.io/permissions/#dom-permissionname-speaker
|
||||
PermissionName::Speaker => false,
|
||||
// https://w3c.github.io/permissions/#dom-permissionname-device-info
|
||||
PermissionName::Device_info => false,
|
||||
// https://w3c.github.io/permissions/#dom-permissionname-background-sync
|
||||
PermissionName::Background_sync => false,
|
||||
// https://webbluetoothcg.github.io/web-bluetooth/#dom-permissionname-bluetooth
|
||||
PermissionName::Bluetooth => false,
|
||||
// https://storage.spec.whatwg.org/#dom-permissionname-persistent-storage
|
||||
PermissionName::Persistent_storage => false,
|
||||
}
|
||||
}
|
||||
|
||||
fn prompt_user_from_embedder(prompt: PermissionPrompt, gs: &GlobalScope) -> PermissionState {
|
||||
let Some(webview_id) = gs.webview_id() else {
|
||||
fn prompt_user_from_embedder(name: PermissionName, global_scope: &GlobalScope) -> PermissionState {
|
||||
let Some(webview_id) = global_scope.webview_id() else {
|
||||
warn!("Requesting permissions from non-webview-associated global scope");
|
||||
return PermissionState::Denied;
|
||||
};
|
||||
let (sender, receiver) = ipc::channel().expect("Failed to create IPC channel!");
|
||||
gs.send_to_embedder(EmbedderMsg::PromptPermission(webview_id, prompt, sender));
|
||||
global_scope.send_to_embedder(EmbedderMsg::PromptPermission(
|
||||
webview_id,
|
||||
name.convert(),
|
||||
sender,
|
||||
));
|
||||
|
||||
match receiver.recv() {
|
||||
Ok(PermissionRequest::Granted) => PermissionState::Granted,
|
||||
Ok(PermissionRequest::Denied) => PermissionState::Denied,
|
||||
Ok(AllowOrDeny::Allow) => PermissionState::Granted,
|
||||
Ok(AllowOrDeny::Deny) => PermissionState::Denied,
|
||||
Err(e) => {
|
||||
warn!(
|
||||
"Failed to receive permission state from embedder ({:?}).",
|
||||
|
@ -382,22 +371,20 @@ fn prompt_user_from_embedder(prompt: PermissionPrompt, gs: &GlobalScope) -> Perm
|
|||
}
|
||||
}
|
||||
|
||||
impl Convert<embedder_traits::PermissionName> for PermissionName {
|
||||
fn convert(self) -> embedder_traits::PermissionName {
|
||||
impl Convert<PermissionFeature> for PermissionName {
|
||||
fn convert(self) -> PermissionFeature {
|
||||
match self {
|
||||
PermissionName::Geolocation => embedder_traits::PermissionName::Geolocation,
|
||||
PermissionName::Notifications => embedder_traits::PermissionName::Notifications,
|
||||
PermissionName::Push => embedder_traits::PermissionName::Push,
|
||||
PermissionName::Midi => embedder_traits::PermissionName::Midi,
|
||||
PermissionName::Camera => embedder_traits::PermissionName::Camera,
|
||||
PermissionName::Microphone => embedder_traits::PermissionName::Microphone,
|
||||
PermissionName::Speaker => embedder_traits::PermissionName::Speaker,
|
||||
PermissionName::Device_info => embedder_traits::PermissionName::DeviceInfo,
|
||||
PermissionName::Background_sync => embedder_traits::PermissionName::BackgroundSync,
|
||||
PermissionName::Bluetooth => embedder_traits::PermissionName::Bluetooth,
|
||||
PermissionName::Persistent_storage => {
|
||||
embedder_traits::PermissionName::PersistentStorage
|
||||
},
|
||||
PermissionName::Geolocation => PermissionFeature::Geolocation,
|
||||
PermissionName::Notifications => PermissionFeature::Notifications,
|
||||
PermissionName::Push => PermissionFeature::Push,
|
||||
PermissionName::Midi => PermissionFeature::Midi,
|
||||
PermissionName::Camera => PermissionFeature::Camera,
|
||||
PermissionName::Microphone => PermissionFeature::Microphone,
|
||||
PermissionName::Speaker => PermissionFeature::Speaker,
|
||||
PermissionName::Device_info => PermissionFeature::DeviceInfo,
|
||||
PermissionName::Background_sync => PermissionFeature::BackgroundSync,
|
||||
PermissionName::Bluetooth => PermissionFeature::Bluetooth,
|
||||
PermissionName::Persistent_storage => PermissionFeature::PersistentStorage,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue