Bug 1989609 - Create protocol handler to allow New Tabs in containers to use custom wallpapers. r=home-newtab-reviewers,necko-reviewers,mconley,kershaw,ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D269466

Author: ireneni

caps/nsScriptSecurityManager.cpp

@@ -1073,7 +1073,8 @@ nsresult nsScriptSecurityManager::CheckLoadURIFlags(
  }
  }
  } else if (targetScheme.EqualsLiteral("moz-page-thumb") ||
- targetScheme.EqualsLiteral("page-icon")) {
+ targetScheme.EqualsLiteral("page-icon") ||
+ targetScheme.EqualsLiteral("moz-newtab-wallpaper")) {
  if (XRE_IsParentProcess()) {
  return NS_OK;
  }

netwerk/base/nsNetUtil.cpp

@@ -107,6 +107,7 @@
 #include "mozilla/net/CookieJarSettings.h"
 #include "mozilla/net/MozSrcProtocolHandler.h"
 #include "mozilla/net/ExtensionProtocolHandler.h"
+#include "mozilla/net/MozNewTabWallpaperProtocolHandler.h"
 #include "mozilla/net/PageThumbProtocolHandler.h"
 #include "mozilla/net/SFVService.h"
 #include "nsICookieService.h"
@@ -1993,6 +1994,15 @@ nsresult NS_NewURI(nsIURI** aURI, const nsACString& aSpec,
  return handler->NewURI(aSpec, aCharset, aBaseURI, aURI);
  }
 
+ if (scheme.EqualsLiteral("moz-newtab-wallpaper")) {
+ RefPtr<mozilla::net::MozNewTabWallpaperProtocolHandler> handler =
+ mozilla::net::MozNewTabWallpaperProtocolHandler::GetSingleton();
+ if (!handler) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+ return handler->NewURI(aSpec, aCharset, aBaseURI, aURI);
+ }
+
  if (scheme.EqualsLiteral("about")) {
  return nsAboutProtocolHandler::CreateNewURI(aSpec, aCharset, aBaseURI,
  aURI);

netwerk/build/components.conf

@@ -434,6 +434,25 @@ Classes = [
  ],
  },
  },
+ {
+ 'cid': '{64095195-aa8a-4d17-8ec8-c470d85b609b}',
+ 'contract_ids': ['@mozilla.org/network/protocol;1?name=moz-newtab-wallpaper'],
+ 'singleton': True,
+ 'type': 'mozilla::net::MozNewTabWallpaperProtocolHandler',
+ 'headers': ['mozilla/net/MozNewTabWallpaperProtocolHandler.h'],
+ 'constructor': 'mozilla::net::MozNewTabWallpaperProtocolHandler::GetSingleton',
+ 'protocol_config': {
+ 'scheme': 'moz-newtab-wallpaper',
+ 'flags': [
+ 'URI_STD',
+ 'URI_IS_UI_RESOURCE',
+ 'URI_IS_LOCAL_RESOURCE',
+ 'URI_NORELATIVE',
+ 'URI_NOAUTH',
+ ],
+ 'default_port': -1,
+ },
+ },
  {
  'cid': '{1423e739-782c-4081-b5d8-fe6fba68c0ef}',
  'contract_ids': ['@mozilla.org/network/protocol;1?name=moz-safe-about'],

netwerk/ipc/NeckoParent.cpp

@@ -13,6 +13,7 @@
 #include "mozilla/ipc/IPCStreamUtils.h"
 #include "mozilla/net/ExtensionProtocolHandler.h"
 #include "mozilla/net/PageThumbProtocolHandler.h"
+#include "mozilla/net/MozNewTabWallpaperProtocolHandler.h"
 #include "mozilla/net/NeckoParent.h"
 #include "mozilla/net/HttpChannelParent.h"
 #include "mozilla/net/CookieServiceParent.h"
@@ -801,6 +802,52 @@ mozilla::ipc::IPCResult NeckoParent::RecvGetPageThumbStream(
  return IPC_OK();
 }
 
+mozilla::ipc::IPCResult NeckoParent::RecvGetMozNewTabWallpaperStream(
+ nsIURI* aURI, const LoadInfoArgs& aLoadInfoArgs,
+ GetMozNewTabWallpaperStreamResolver&& aResolver) {
+ // Only the privileged about content process is allowed to access
+ // things over the moz-newtab-wallpaper protocol. Any other content process
+ // that tries to send this should have been blocked via the
+ // ScriptSecurityManager, but if somehow the process has been tricked into
+ // sending this message, we send IPC_FAIL in order to crash that
+ // likely-compromised content process.
+ if (static_cast<ContentParent*>(Manager())->GetRemoteType() !=
+ PRIVILEGEDABOUT_REMOTE_TYPE) {
+ return IPC_FAIL(this, "Wrong process type");
+ }
+
+ RefPtr<net::MozNewTabWallpaperProtocolHandler> ph(
+ net::MozNewTabWallpaperProtocolHandler::GetSingleton());
+ MOZ_ASSERT(ph);
+
+ // Ask the MozNewTabWallpaperProtocolHandler to give us a new input stream for
+ // this URI. The request comes from a MozNewTabWallpaperProtocolHandler in the
+ // child process, but is not guaranteed to be a valid moz-newtab-wallpaper
+ // URI, and not guaranteed to represent a resource that the child should be
+ // allowed to access. The MozNewTabWallpaperProtocolHandler is responsible for
+ // validating the request.
+ nsCOMPtr<nsIInputStream> inputStream;
+ bool terminateSender = true;
+ auto inputStreamPromise = ph->NewStream(aURI, &terminateSender);
+
+ if (terminateSender) {
+ return IPC_FAIL(this, "Malformed moz-newtab-wallpaper request");
+ }
+
+ inputStreamPromise->Then(
+ GetMainThreadSerialEventTarget(), __func__,
+ [aResolver](const RemoteStreamInfo& aInfo) { aResolver(Some(aInfo)); },
+ [aResolver](nsresult aRv) {
+ // If NewStream failed, we send back an invalid stream to the child so
+ // it can handle the error. MozPromise rejection is reserved for channel
+ // errors/disconnects.
+ (void)NS_WARN_IF(NS_FAILED(aRv));
+ aResolver(Nothing());
+ });
+
+ return IPC_OK();
+}
+
 mozilla::ipc::IPCResult NeckoParent::RecvGetPageIconStream(
  nsIURI* aURI, const LoadInfoArgs& aLoadInfoArgs,
  GetPageIconStreamResolver&& aResolver) {
@@ -853,5 +900,109 @@ mozilla::ipc::IPCResult NeckoParent::RecvGetPageIconStream(
 #endif
 }
 
+/* static */
+RefPtr<RemoteStreamPromise> NeckoParent::CreateRemoteStreamForResolvedURI(
+ nsIURI* aChildURI, const nsACString& aResolvedSpec,
+ const nsACString& aDefaultMimeType) {
+ MOZ_ASSERT(NS_IsMainThread());
+ MOZ_ASSERT(XRE_IsParentProcess());
+
+ nsresult rv;
+
+ nsAutoCString resolvedScheme;
+ rv = net_ExtractURLScheme(aResolvedSpec, resolvedScheme);
+ if (NS_FAILED(rv) || !resolvedScheme.EqualsLiteral("file")) {
+ return RemoteStreamPromise::CreateAndReject(NS_ERROR_UNEXPECTED, __func__);
+ }
+
+ MOZ_ASSERT(resolvedScheme.EqualsLiteral("file"),
+ "CreateRemoteStreamForResolvedURI requires file:// URI");
+
+ nsCOMPtr<nsIIOService> ioService = do_GetIOService(&rv);
+ if (NS_FAILED(rv)) {
+ return RemoteStreamPromise::CreateAndReject(rv, __func__);
+ }
+
+ nsCOMPtr<nsIURI> resolvedURI;
+ rv = ioService->NewURI(aResolvedSpec, nullptr, nullptr,
+ getter_AddRefs(resolvedURI));
+ if (NS_FAILED(rv)) {
+ return RemoteStreamPromise::CreateAndReject(rv, __func__);
+ }
+
+ // Load local file resources for internal protocol handlers (moz-page-thumb,
+ // moz-newtab-wallpaper). resolvedURI must be file:// scheme pointing to the
+ // profile directory. Callers validate the original URI scheme/host and use
+ // internal path resolution (PageThumbsStorageService, profile/wallpaper/)
+ // before calling this method.
+ nsCOMPtr<nsIChannel> channel;
+ nsCOMPtr<nsIPrincipal> nullPrincipal =
+ NullPrincipal::CreateWithoutOriginAttributes();
+ rv = NS_NewChannel(getter_AddRefs(channel), resolvedURI, nullPrincipal,
+ nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+ nsIContentPolicy::TYPE_IMAGE);
+ if (NS_FAILED(rv)) {
+ return RemoteStreamPromise::CreateAndReject(rv, __func__);
+ }
+
+ auto promiseHolder = MakeUnique<MozPromiseHolder<RemoteStreamPromise>>();
+ RefPtr<RemoteStreamPromise> promise = promiseHolder->Ensure(__func__);
+
+ nsCOMPtr<nsIMIMEService> mime = do_GetService("@mozilla.org/mime;1", &rv);
+ if (NS_FAILED(rv)) {
+ return RemoteStreamPromise::CreateAndReject(rv, __func__);
+ }
+
+ nsAutoCString contentType;
+ rv = mime->GetTypeFromURI(aChildURI, contentType);
+ if (NS_FAILED(rv)) {
+ if (!aDefaultMimeType.IsEmpty()) {
+ contentType = aDefaultMimeType;
+ } else {
+ return RemoteStreamPromise::CreateAndReject(rv, __func__);
+ }
+ }
+
+ rv = NS_DispatchBackgroundTask(
+ NS_NewRunnableFunction(
+ "NeckoParent::CreateRemoteStreamForResolvedURI",
+ [contentType, channel, holder = std::move(promiseHolder)]() {
+ nsresult rv;
+
+ nsCOMPtr<nsIFileChannel> fileChannel =
+ do_QueryInterface(channel, &rv);
+ if (NS_FAILED(rv)) {
+ holder->Reject(rv, __func__);
+ return;
+ }
+
+ nsCOMPtr<nsIFile> requestedFile;
+ rv = fileChannel->GetFile(getter_AddRefs(requestedFile));
+ if (NS_FAILED(rv)) {
+ holder->Reject(rv, __func__);
+ return;
+ }
+
+ nsCOMPtr<nsIInputStream> inputStream;
+ rv = NS_NewLocalFileInputStream(getter_AddRefs(inputStream),
+ requestedFile, PR_RDONLY, -1);
+ if (NS_FAILED(rv)) {
+ holder->Reject(rv, __func__);
+ return;
+ }
+
+ RemoteStreamInfo info(inputStream, contentType, -1);
+
+ holder->Resolve(std::move(info), __func__);
+ }),
+ NS_DISPATCH_EVENT_MAY_BLOCK);
+
+ if (NS_FAILED(rv)) {
+ return RemoteStreamPromise::CreateAndReject(rv, __func__);
+ }
+
+ return promise;
+}
+
 } // namespace net
 } // namespace mozilla

netwerk/ipc/NeckoParent.h

@@ -8,6 +8,7 @@
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/net/PNeckoParent.h"
 #include "mozilla/net/NeckoCommon.h"
+#include "mozilla/MozPromise.h"
 #include "nsIAuthPrompt2.h"
 #include "nsNetUtil.h"
 
@@ -17,6 +18,10 @@
 namespace mozilla {
 namespace net {
 
+class RemoteStreamInfo;
+using RemoteStreamPromise =
+ mozilla::MozPromise<RemoteStreamInfo, nsresult, false>;
+
 // Used to override channel Private Browsing status if needed.
 enum PBOverrideStatus {
  kPBOverride_Unset = 0,
@@ -55,6 +60,14 @@ class NeckoParent : public PNeckoParent {
  return PNeckoParent::RecvPCookieServiceConstructor(aActor);
  }
 
+ /*
+ * Helper method to create a remote stream from a resolved file URI.
+ * Shared by PageThumbProtocolHandler and MozNewTabWallpaperProtocolHandler.
+ */
+ static RefPtr<RemoteStreamPromise> CreateRemoteStreamForResolvedURI(
+ nsIURI* aChildURI, const nsACString& aResolvedSpec,
+ const nsACString& aDefaultMimeType);
+
  protected:
  virtual ~NeckoParent() = default;
 
@@ -196,6 +209,11 @@ class NeckoParent : public PNeckoParent {
  nsIURI* aURI, const LoadInfoArgs& aLoadInfoArgs,
  GetPageIconStreamResolver&& aResolve);
 
+ /* New Tab wallpaper remote resource loading */
+ mozilla::ipc::IPCResult RecvGetMozNewTabWallpaperStream(
+ nsIURI* aURI, const LoadInfoArgs& aLoadInfoArgs,
+ GetMozNewTabWallpaperStreamResolver&& aResolve);
+
  mozilla::ipc::IPCResult RecvInitSocketProcessBridge(
  InitSocketProcessBridgeResolver&& aResolver);
  mozilla::ipc::IPCResult RecvResetSocketProcessBridge();

netwerk/ipc/PNecko.ipdl

@@ -158,6 +158,11 @@ parent:
  async GetPageThumbStream(nullable nsIURI uri, LoadInfoArgs loadInfo) returns (RemoteStreamInfo? info);
  async GetPageIconStream(nullable nsIURI uri, LoadInfoArgs loadInfo) returns (RemoteStreamInfo? info);
 
+ /**
+ * New Tab wallpaper remote resource loading
+ */
+ async GetMozNewTabWallpaperStream(nullable nsIURI uri, LoadInfoArgs loadInfo) returns (RemoteStreamInfo? info);
+
 child:
  async SpeculativeConnectRequest();