IPPExceptionsManager.sys.mjs

Enable keyboard shortcuts

/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

const PERM_NAME = "ipp-vpn";

/**

 * Manages site exceptions for IP Protection.

 * It communicates with Services.perms to update the ipp-vpn permission type.

 * Site exclusions are marked as permissions with DENY capabilities.

 * While permissions related UI (eg. panels and dialogs) already handle changes to ipp-vpn,

 * the intention of this class is to abstract methods for updating ipp-vpn as needed

 * from other non-permissions related UI.

*/

class ExceptionsManager extends EventTarget {

  #inited = false;

  #observer = null;

  init() {

    if (this.#inited) {

      return;

    // ES6 classes that extend EventTarget cannot be coerced into nsIObserver.

    // Work around this by using a function as the observer.

    this.#observer = (subject, topic, data) => {

      this.observe(subject, topic, data);

};

    Services.obs.addObserver(this.#observer, "perm-changed");

    this.#inited = true;

  uninit() {

    if (!this.#inited) {

      return;

    Services.obs.removeObserver(this.#observer, "perm-changed");

    this.#observer = null;

    this.#inited = false;

  observe(subject, topic, data) {

    if (topic !== "perm-changed") {

      return;

    let permission = subject.QueryInterface(Ci.nsIPermission);

    if (permission.type !== PERM_NAME) {

      return;

    const isExclusion =

      permission.capability === Ci.nsIPermissionManager.DENY_ACTION;

    const added = data === "added" && isExclusion;

    const removed = data === "deleted" && isExclusion;

    if (added || removed) {

      if (added) {

        Glean.ipprotection.exclusionAdded.add(1);

      this.dispatchEvent(

        new CustomEvent("IPPExceptionsManager:ExclusionChanged")

);

/**

   * Adds a principal to ipp-vpn with capability DENY_ACTION

   * for site exclusions.

   * @param {nsIPrincipal} principal

   *  The principal that we want to add as a site exception.

*/

  addExclusion(principal) {

    Services.perms.addFromPrincipal(

      principal,

      PERM_NAME,

      Ci.nsIPermissionManager.DENY_ACTION

);

/**

   * Removes an existing principal from ipp-vpn.

   * @param {nsIPrincipal} principal

   *  The principal that we want to remove as a site exception.

*/

  removeExclusion(principal) {

    Services.perms.removeFromPrincipal(principal, PERM_NAME);

/**

   * Returns true if the principal already exists in ipp-vpn

   * and is registered as a permission with a DENY_ACTION

   * capability (site exclusions).

   * Else returns false if no such principal exists.

   * @param {nsIPrincipal} principal

   *  The principal that we want to check is saved in ipp-vpn

   *  as a site exclusion.

   * @returns {boolean}

   *  True if the principal exists as a site exclusion.

*/

  hasExclusion(principal) {

    let permission = this.getExceptionPermissionObject(principal);

    return permission?.capability === Ci.nsIPermissionManager.DENY_ACTION;

/**

   * Get the permission object for a site exception if it exists in ipp-vpn.

   * Use exactHost=true to only match the specific origin, not the base domain.

   * This ensures that subdomains aren't implicitly excluded when entering

   * a site in the about:preferences dialog. It also avoids an issue where we

   * try to remove a subdomain as an exclusion when the site doesn't exist in ipp-vpn

   * (see Bug 2016676).

   * Eg. if we enter "example.com" in the dialog, "www.example.com" and

   * "subdomain.example.com" won't be considered exclusions.

   * @param {nsIPrincipal} principal

   *  The principal that we want to check is saved in ipp-vpn.

   * @returns {nsIPermission}

   *  The permission object for a site exception, or null if unavailable.

*/

  getExceptionPermissionObject(principal) {

    let permissionObject = Services.perms.getPermissionObject(

      principal,

      PERM_NAME,

      true /* exactHost */

);

    return permissionObject;

/**

   * Gets the total number of site exclusions added to ipp-vpn.

   * @returns {number}

   *  The count of site exclusions in ipp-vpn.

*/

  getExclusionCount() {

    let count = 0;

    for (let perm of Services.perms.getAllByTypes([PERM_NAME])) {

      if (perm.capability === Ci.nsIPermissionManager.DENY_ACTION) {

        count++;

    return count;

/**

   * Sets the given principal as an exclusion or non exclusion.

   * @param {nsIPrincipal} principal

   *  The principal we want to update for the exclusion state.

   * @param {boolean} shouldExclude

   *  True to set the principal as an exclusion. Otherwise false.

   * @example

   * // Assuming the principal represents a site https://www.example.com,

   * // this line sets https://www.example.com as an exclusion

   * // in ipp-vpn.

   * IPPExceptionsManager.setExclusion(nsIPrincipal, true);

*/

  setExclusion(principal, shouldExclude) {

    if (!principal) {

      return;

    const isExclusion = this.hasExclusion(principal);

    // Early return if already in desired state

    if ((shouldExclude && isExclusion) || (!shouldExclude && !isExclusion)) {

      return;

    if (shouldExclude) {

      this.addExclusion(principal);

    } else {

      this.removeExclusion(principal);

const IPPExceptionsManager = new ExceptionsManager();

export { IPPExceptionsManager };