Bug 1525245 - Stabilize cookiePolicy/cookiePermission for live documents - part 1 - information stored into loadInfo, r=Ehsan,ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D18949

--HG--
extra : moz-landing-system : lando

dom/base/Document.cpp

@@ -78,6 +78,7 @@
 #include "mozilla/dom/ShadowIncludingTreeIterator.h"
 #include "mozilla/dom/StyleSheetList.h"
 #include "mozilla/dom/SVGUseElement.h"
+#include "mozilla/net/CookieSettings.h"
 #include "nsGenericHTMLElement.h"
 #include "mozilla/dom/CDATASection.h"
 #include "mozilla/dom/ProcessingInstruction.h"
@@ -128,6 +129,7 @@
 #include "nsIDOMWindow.h"
 #include "nsPIDOMWindow.h"
 #include "nsFocusManager.h"
+#include "nsICookiePermission.h"
 #include "nsICookieService.h"
 
 #include "nsBidiUtils.h"
@@ -2559,6 +2561,18 @@ nsresult Document::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
     aChannel->Cancel(NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION);
   }
 
+  // Let's take the CookieSettings from the loadInfo or from the parent
+  // document.
+  if (loadInfo) {
+    rv = loadInfo->GetCookieSettings(getter_AddRefs(mCookieSettings));
+    NS_ENSURE_SUCCESS(rv, rv);
+  } else {
+    nsCOMPtr<Document> parentDocument = GetParentDocument();
+    if (parentDocument) {
+      mCookieSettings = parentDocument->CookieSettings();
+    }
+  }
+
   return NS_OK;
 }
 
@@ -12618,5 +12632,15 @@ void Document::RecomputeLanguageFromCharset() {
   mLanguageFromCharset = language.forget();
 }
 
+nsICookieSettings* Document::CookieSettings() {
+  // If we are here, this is probably a javascript: URL document. In any case,
+  // we must have a nsCookieSettings. Let's create it.
+  if (!mCookieSettings) {
+    mCookieSettings = net::CookieSettings::Create();
+  }
+
+  return mCookieSettings;
+}
+
 }  // namespace dom
 }  // namespace mozilla

dom/base/Document.h

@@ -12,7 +12,8 @@
 #include "nsCOMArray.h"         // for member
 #include "nsCompatibility.h"    // for member
 #include "nsCOMPtr.h"           // for member
-#include "nsGkAtoms.h"          // for static class members
+#include "nsICookieSettings.h"
+#include "nsGkAtoms.h"  // for static class members
 #include "nsIApplicationCache.h"
 #include "nsIApplicationCacheContainer.h"
 #include "nsIContentViewer.h"
@@ -1488,6 +1489,9 @@ class Document : public nsINode,
   // flag.
   bool StorageAccessSandboxed() const;
 
+  // Returns the cookie settings for this and sub contexts.
+  nsICookieSettings* CookieSettings();
+
   // Increments the document generation.
   inline void Changed() { ++mGeneration; }
 
@@ -4690,6 +4694,8 @@ class Document : public nsINode,
 
   bool mPendingInitialTranslation;
 
+  nsCOMPtr<nsICookieSettings> mCookieSettings;
+
   // Document generation. Gets incremented everytime it changes.
   int32_t mGeneration;
 

dom/base/nsContentUtils.cpp

@@ -8226,31 +8226,30 @@ nsContentUtils::StorageAccess nsContentUtils::StorageAllowedForServiceWorker(
 }
 
 // static, private
-void nsContentUtils::GetCookieLifetimePolicyForPrincipal(
+void nsContentUtils::GetCookieLifetimePolicyFromCookieSettings(
-    nsIPrincipal* aPrincipal, uint32_t* aLifetimePolicy) {
+    nsICookieSettings* aCookieSettings, nsIPrincipal* aPrincipal,
+    uint32_t* aLifetimePolicy) {
   *aLifetimePolicy = sCookiesLifetimePolicy;
 
-  // Any permissions set for the given principal will override our default
+  if (aCookieSettings) {
-  // settings from preferences.
+    uint32_t cookiePermission = 0;
-  nsCOMPtr<nsIPermissionManager> permissionManager =
+    nsresult rv =
-      services::GetPermissionManager();
+        aCookieSettings->CookiePermission(aPrincipal, &cookiePermission);
-  if (!permissionManager) {
+    if (NS_WARN_IF(NS_FAILED(rv))) {
-    return;
+      return;
-  }
+    }
 
-  uint32_t perm;
+    switch (cookiePermission) {
-  permissionManager->TestPermissionFromPrincipal(
+      case nsICookiePermission::ACCESS_ALLOW:
-      aPrincipal, NS_LITERAL_CSTRING("cookie"), &perm);
+        *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
-  switch (perm) {
+        break;
-    case nsICookiePermission::ACCESS_ALLOW:
+      case nsICookiePermission::ACCESS_DENY:
-      *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
+        *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
-      break;
+        break;
-    case nsICookiePermission::ACCESS_DENY:
+      case nsICookiePermission::ACCESS_SESSION:
-      *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
+        *aLifetimePolicy = nsICookieService::ACCEPT_SESSION;
-      break;
+        break;
-    case nsICookiePermission::ACCESS_SESSION:
+    }
-      *aLifetimePolicy = nsICookieService::ACCEPT_SESSION;
-      break;
   }
 }
 
@@ -8421,6 +8420,7 @@ nsContentUtils::StorageAccess nsContentUtils::InternalStorageAllowedCheck(
   aRejectedReason = 0;
 
   StorageAccess access = StorageAccess::eAllow;
+  nsCOMPtr<nsICookieSettings> cookieSettings;
 
   // We don't allow storage on the null principal, in general. Even if the
   // calling context is chrome.
@@ -8439,6 +8439,15 @@ nsContentUtils::StorageAccess nsContentUtils::InternalStorageAllowedCheck(
     if (IsInPrivateBrowsing(document)) {
       access = StorageAccess::ePrivateBrowsing;
     }
+
+    if (document) {
+      cookieSettings = document->CookieSettings();
+    }
+  }
+
+  if (aChannel) {
+    nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
+    loadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
   }
 
   uint32_t lifetimePolicy;
@@ -8450,7 +8459,8 @@ nsContentUtils::StorageAccess nsContentUtils::InternalStorageAllowedCheck(
   if (policy) {
     lifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
   } else {
-    GetCookieLifetimePolicyForPrincipal(aPrincipal, &lifetimePolicy);
+    GetCookieLifetimePolicyFromCookieSettings(cookieSettings, aPrincipal,
+                                              &lifetimePolicy);
   }
 
   // Check if we should only allow storage for the session, and record that fact

dom/base/nsContentUtils.h

@@ -3383,13 +3383,14 @@ class nsContentUtils {
       CallOnRemoteChildFunction aCallback, void* aArg);
 
   /**
-   * Gets the current cookie lifetime policy for a given principal by checking
+   * Gets the cookie lifetime policy for a given cookieSettings and a given
-   * with preferences and the permission manager.
+   * principal by checking the permission value.
    *
    * Used in the implementation of InternalStorageAllowedCheck.
    */
-  static void GetCookieLifetimePolicyForPrincipal(nsIPrincipal* aPrincipal,
+  static void GetCookieLifetimePolicyFromCookieSettings(
-                                                  uint32_t* aLifetimePolicy);
+      nsICookieSettings* aCookieSettings, nsIPrincipal* aPrincipal,
+      uint32_t* aLifetimePolicy);
 
   /*
    * Checks if storage for a given principal is permitted by the user's

ipc/glue/BackgroundUtils.cpp

@@ -12,6 +12,7 @@
 #include "mozilla/NullPrincipal.h"
 #include "mozilla/ipc/PBackgroundSharedTypes.h"
 #include "mozilla/ipc/URIUtils.h"
+#include "mozilla/net/CookieSettings.h"
 #include "mozilla/net/NeckoChannelParams.h"
 #include "ExpandedPrincipal.h"
 #include "nsIScriptSecurityManager.h"
@@ -502,6 +503,14 @@ nsresult LoadInfoToLoadInfoArgs(nsILoadInfo* aLoadInfo,
   nsAutoString cspNonce;
   Unused << NS_WARN_IF(NS_FAILED(aLoadInfo->GetCspNonce(cspNonce)));
 
+  nsCOMPtr<nsICookieSettings> cookieSettings;
+  rv = aLoadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  CookieSettingsArgs cookieSettingsArgs;
+  static_cast<CookieSettings*>(cookieSettings.get())
+      ->Serialize(cookieSettingsArgs);
+
   *aOptionalLoadInfoArgs = Some(LoadInfoArgs(
       loadingPrincipalInfo, triggeringPrincipalInfo, principalToInheritInfo,
       sandboxedLoadingPrincipalInfo, topLevelPrincipalInfo,
@@ -532,7 +541,7 @@ nsresult LoadInfoToLoadInfoArgs(nsILoadInfo* aLoadInfo,
       aLoadInfo->GetDocumentHasUserInteracted(),
       aLoadInfo->GetDocumentHasLoaded(), cspNonce,
       aLoadInfo->GetIsFromProcessingFrameAttributes(),
-      aLoadInfo->GetOpenerPolicy()));
+      aLoadInfo->GetOpenerPolicy(), cookieSettingsArgs));
 
   return NS_OK;
 }
@@ -653,11 +662,15 @@ nsresult LoadInfoArgsToLoadInfo(
         loadInfoArgs.controller().get_IPCServiceWorkerDescriptor()));
   }
 
+  nsCOMPtr<nsICookieSettings> cookieSettings;
+  CookieSettings::Deserialize(loadInfoArgs.cookieSettings(),
+                              getter_AddRefs(cookieSettings));
+
   RefPtr<mozilla::LoadInfo> loadInfo = new mozilla::LoadInfo(
       loadingPrincipal, triggeringPrincipal, principalToInherit,
       sandboxedLoadingPrincipal, topLevelPrincipal,
-      topLevelStorageAreaPrincipal, resultPrincipalURI, clientInfo,
+      topLevelStorageAreaPrincipal, resultPrincipalURI, cookieSettings,
-      reservedClientInfo, initialClientInfo, controller,
+      clientInfo, reservedClientInfo, initialClientInfo, controller,
       loadInfoArgs.securityFlags(), loadInfoArgs.contentPolicyType(),
       static_cast<LoadTainting>(loadInfoArgs.tainting()),
       loadInfoArgs.upgradeInsecureRequests(),
@@ -700,7 +713,7 @@ void LoadInfoToParentLoadInfoForwarder(
         false,  // serviceWorkerTaintingSynthesized
         false,  // documentHasUserInteracted
         false,  // documentHasLoaded
-        nsILoadInfo::OPENER_POLICY_NULL);
+        nsILoadInfo::OPENER_POLICY_NULL, Maybe<CookieSettingsArgs>());
     return;
   }
 
@@ -716,11 +729,21 @@ void LoadInfoToParentLoadInfoForwarder(
   nsILoadInfo::CrossOriginOpenerPolicy openerPolicy =
       aLoadInfo->GetOpenerPolicy();
 
+  Maybe<CookieSettingsArgs> cookieSettingsArgs;
+
+  nsCOMPtr<nsICookieSettings> cookieSettings;
+  nsresult rv = aLoadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
+  if (NS_SUCCEEDED(rv) && cookieSettings) {
+    CookieSettingsArgs args;
+    static_cast<CookieSettings*>(cookieSettings.get())->Serialize(args);
+    cookieSettingsArgs = Some(args);
+  }
+
   *aForwarderArgsOut = ParentLoadInfoForwarderArgs(
       aLoadInfo->GetAllowInsecureRedirectToDataURI(), ipcController, tainting,
       aLoadInfo->GetServiceWorkerTaintingSynthesized(),
       aLoadInfo->GetDocumentHasUserInteracted(),
-      aLoadInfo->GetDocumentHasLoaded(), openerPolicy);
+      aLoadInfo->GetDocumentHasLoaded(), openerPolicy, cookieSettingsArgs);
 }
 
 nsresult MergeParentLoadInfoForwarder(
@@ -757,6 +780,17 @@ nsresult MergeParentLoadInfoForwarder(
   MOZ_ALWAYS_SUCCEEDS(
       aLoadInfo->SetDocumentHasLoaded(aForwarderArgs.documentHasLoaded()));
 
+  const Maybe<CookieSettingsArgs>& cookieSettingsArgs =
+      aForwarderArgs.cookieSettings();
+  if (cookieSettingsArgs.isSome()) {
+    nsCOMPtr<nsICookieSettings> cookieSettings;
+    nsresult rv = aLoadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
+    if (NS_SUCCEEDED(rv) && cookieSettings) {
+      static_cast<CookieSettings*>(cookieSettings.get())
+          ->Merge(cookieSettingsArgs.ref());
+    }
+  }
+
   return NS_OK;
 }
 

modules/libpref/init/StaticPrefList.h

@@ -1815,6 +1815,14 @@ VARCACHE_PREF(
   bool, true
 )
 
+// Allow CookieSettings to be unblocked for channels without a document.
+// This is for testing only.
+VARCACHE_PREF(
+  "network.cookieSettings.unblocked_for_testing",
+   network_cookieSettings_unblocked_for_testing,
+  bool, false
+)
+
 VARCACHE_PREF(
   "network.predictor.enable-hover-on-ssl",
    network_predictor_enable_hover_on_ssl,

netwerk/base/LoadInfo.cpp

@@ -13,13 +13,17 @@
 #include "mozilla/dom/TabChild.h"
 #include "mozilla/dom/ToJSValue.h"
 #include "mozilla/dom/BrowsingContext.h"
+#include "mozilla/net/CookieSettings.h"
 #include "mozilla/NullPrincipal.h"
+#include "mozilla/StaticPrefs.h"
 #include "mozIThirdPartyUtil.h"
 #include "nsFrameLoader.h"
 #include "nsFrameLoaderOwner.h"
 #include "nsIContentSecurityPolicy.h"
 #include "nsIDocShell.h"
 #include "mozilla/dom/Document.h"
+#include "nsCookiePermission.h"
+#include "nsICookieService.h"
 #include "nsIInterfaceRequestorUtils.h"
 #include "nsISupportsImpl.h"
 #include "nsISupportsUtils.h"
@@ -205,6 +209,10 @@ LoadInfo::LoadInfo(
           }
         }
       }
+
+      // Let's inherit the cookie behavior and permission from the parent
+      // document.
+      mCookieSettings = aLoadingContext->OwnerDoc()->CookieSettings();
     }
 
     mInnerWindowID = aLoadingContext->OwnerDoc()->InnerWindowID();
@@ -426,6 +434,11 @@ LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow,
                "chrome docshell shouldn't have mPrivateBrowsingId set.");
   }
 #endif
+
+  // Let's take the current cookie behavior and current cookie permission
+  // for the documents' loadInfo. Note that for any other loadInfos,
+  // cookieBehavior will be BEHAVIOR_REJECT for security reasons.
+  mCookieSettings = CookieSettings::Create();
 }
 
 LoadInfo::LoadInfo(const LoadInfo& rhs)
@@ -436,6 +449,7 @@ LoadInfo::LoadInfo(const LoadInfo& rhs)
       mTopLevelPrincipal(rhs.mTopLevelPrincipal),
       mTopLevelStorageAreaPrincipal(rhs.mTopLevelStorageAreaPrincipal),
       mResultPrincipalURI(rhs.mResultPrincipalURI),
+      mCookieSettings(rhs.mCookieSettings),
       mClientInfo(rhs.mClientInfo),
       // mReservedClientSource must be handled specially during redirect
       // mReservedClientInfo must be handled specially during redirect
@@ -494,7 +508,7 @@ LoadInfo::LoadInfo(
     nsIPrincipal* aPrincipalToInherit, nsIPrincipal* aSandboxedLoadingPrincipal,
     nsIPrincipal* aTopLevelPrincipal,
     nsIPrincipal* aTopLevelStorageAreaPrincipal, nsIURI* aResultPrincipalURI,
-    const Maybe<ClientInfo>& aClientInfo,
+    nsICookieSettings* aCookieSettings, const Maybe<ClientInfo>& aClientInfo,
     const Maybe<ClientInfo>& aReservedClientInfo,
     const Maybe<ClientInfo>& aInitialClientInfo,
     const Maybe<ServiceWorkerDescriptor>& aController,
@@ -526,6 +540,7 @@ LoadInfo::LoadInfo(
       mTopLevelPrincipal(aTopLevelPrincipal),
       mTopLevelStorageAreaPrincipal(aTopLevelStorageAreaPrincipal),
       mResultPrincipalURI(aResultPrincipalURI),
+      mCookieSettings(aCookieSettings),
       mClientInfo(aClientInfo),
       mReservedClientInfo(aReservedClientInfo),
       mInitialClientInfo(aInitialClientInfo),
@@ -771,6 +786,21 @@ LoadInfo::GetCookiePolicy(uint32_t* aResult) {
   return NS_OK;
 }
 
+NS_IMETHODIMP
+LoadInfo::GetCookieSettings(nsICookieSettings** aCookieSettings) {
+  if (!mCookieSettings) {
+    if (StaticPrefs::network_cookieSettings_unblocked_for_testing()) {
+      mCookieSettings = CookieSettings::Create();
+    } else {
+      mCookieSettings = CookieSettings::CreateBlockingAll();
+    }
+  }
+
+  nsCOMPtr<nsICookieSettings> cookieSettings = mCookieSettings;
+  cookieSettings.forget(aCookieSettings);
+  return NS_OK;
+}
+
 void LoadInfo::SetIncludeCookiesSecFlag() {
   MOZ_ASSERT((mSecurityFlags & sCookiePolicyMask) ==
              nsILoadInfo::SEC_COOKIES_DEFAULT);

netwerk/base/LoadInfo.h

@@ -19,6 +19,7 @@
 #include "mozilla/dom/ClientInfo.h"
 #include "mozilla/dom/ServiceWorkerDescriptor.h"
 
+class nsICookieSettings;
 class nsINode;
 class nsPIDOMWindowOuter;
 
@@ -70,6 +71,7 @@ class LoadInfo final : public nsILoadInfo {
 
   // create an exact copy of the loadinfo
   already_AddRefed<nsILoadInfo> Clone() const;
+
   // hands off!!! don't use CloneWithNewSecFlags unless you know
   // exactly what you are doing - it should only be used within
   // nsBaseChannel::Redirect()
@@ -96,7 +98,7 @@ class LoadInfo final : public nsILoadInfo {
            nsIPrincipal* aSandboxedLoadingPrincipal,
            nsIPrincipal* aTopLevelPrincipal,
            nsIPrincipal* aTopLevelStorageAreaPrincipal,
-           nsIURI* aResultPrincipalURI,
+           nsIURI* aResultPrincipalURI, nsICookieSettings* aCookieSettings,
            const Maybe<mozilla::dom::ClientInfo>& aClientInfo,
            const Maybe<mozilla::dom::ClientInfo>& aReservedClientInfo,
            const Maybe<mozilla::dom::ClientInfo>& aInitialClientInfo,
@@ -155,6 +157,7 @@ class LoadInfo final : public nsILoadInfo {
   nsCOMPtr<nsIPrincipal> mTopLevelStorageAreaPrincipal;
   nsCOMPtr<nsIURI> mResultPrincipalURI;
   nsCOMPtr<nsICSPEventListener> mCSPEventListener;
+  nsCOMPtr<nsICookieSettings> mCookieSettings;
 
   Maybe<mozilla::dom::ClientInfo> mClientInfo;
   UniquePtr<mozilla::dom::ClientSource> mReservedClientSource;

netwerk/base/nsILoadInfo.idl

@@ -8,6 +8,7 @@
 #include "nsIContentPolicy.idl"
 
 interface nsIChannel;
+interface nsICookieSettings;
 interface nsICSPEventListener;
 interface nsINode;
 interface nsIPrincipal;
@@ -426,6 +427,12 @@ interface nsILoadInfo : nsISupports
    */
   [infallible] readonly attribute unsigned long cookiePolicy;
 
+  /**
+   * The cookie settings inherited from the top-level document's loadInfo.
+   * It cannot be null.
+   */
+  readonly attribute nsICookieSettings cookieSettings;
+
   /**
    * If forceInheritPrincipal is true, the data coming from the channel should
    * inherit its principal, even when the data is loaded over http:// or another

netwerk/cookie/CookieSettings.cpp

@@ -0,0 +1,206 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/net/CookieSettings.h"
+#include "mozilla/Unused.h"
+#include "nsGlobalWindowInner.h"
+#include "nsPermission.h"
+#include "nsPermissionManager.h"
+
+namespace mozilla {
+namespace net {
+
+namespace {
+
+class PermissionComparator {
+ public:
+  bool Equals(nsIPermission* aA, nsIPermission* aB) const {
+    nsCOMPtr<nsIPrincipal> principalA;
+    nsresult rv = aA->GetPrincipal(getter_AddRefs(principalA));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return false;
+    }
+
+    nsCOMPtr<nsIPrincipal> principalB;
+    rv = aB->GetPrincipal(getter_AddRefs(principalB));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return false;
+    }
+
+    bool equals = false;
+    rv = principalA->Equals(principalB, &equals);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return false;
+    }
+
+    return equals;
+  }
+};
+
+}  // namespace
+
+// static
+already_AddRefed<nsICookieSettings> CookieSettings::CreateBlockingAll() {
+  RefPtr<CookieSettings> cookieSettings =
+      new CookieSettings(nsICookieService::BEHAVIOR_REJECT, eFixed);
+  return cookieSettings.forget();
+}
+
+// static
+already_AddRefed<nsICookieSettings> CookieSettings::Create() {
+  RefPtr<CookieSettings> cookieSettings = new CookieSettings(
+      StaticPrefs::network_cookie_cookieBehavior(), eProgressive);
+  return cookieSettings.forget();
+}
+
+CookieSettings::CookieSettings(uint32_t aCookieBehavior, State aState)
+    : mCookieBehavior(aCookieBehavior), mState(aState) {}
+
+CookieSettings::~CookieSettings() = default;
+
+NS_IMETHODIMP
+CookieSettings::GetCookieBehavior(uint32_t* aCookieBehavior) {
+  *aCookieBehavior = mCookieBehavior;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+CookieSettings::CookiePermission(nsIPrincipal* aPrincipal,
+                                 uint32_t* aCookiePermission) {
+  NS_ENSURE_ARG_POINTER(aPrincipal);
+  NS_ENSURE_ARG_POINTER(aCookiePermission);
+
+  *aCookiePermission = nsIPermissionManager::UNKNOWN_ACTION;
+
+  nsresult rv;
+
+  // Let's see if we know this permission.
+  for (const RefPtr<nsIPermission>& permission : mCookiePermissions) {
+    bool match = false;
+    rv = permission->Matches(aPrincipal, false, &match);
+    if (NS_WARN_IF(NS_FAILED(rv)) || !match) {
+      continue;
+    }
+
+    rv = permission->GetCapability(aCookiePermission);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+
+    return NS_OK;
+  }
+
+  // Let's ask the permission manager.
+  nsPermissionManager* pm = nsPermissionManager::GetInstance();
+  if (NS_WARN_IF(!pm)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  rv = pm->TestPermissionFromPrincipal(aPrincipal, NS_LITERAL_CSTRING("cookie"),
+                                       aCookiePermission);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  // Let's store the permission, also if the result is UNKNOWN in order to avoid
+  // race conditions.
+
+  nsCOMPtr<nsIPermission> permission = nsPermission::Create(
+      aPrincipal, NS_LITERAL_CSTRING("cookie"), *aCookiePermission, 0, 0);
+  if (permission) {
+    mCookiePermissions.AppendElement(permission);
+  }
+
+  return NS_OK;
+}
+
+void CookieSettings::Serialize(CookieSettingsArgs& aData) {
+  aData.isFixed() = mState == eFixed;
+  aData.cookieBehavior() = mCookieBehavior;
+
+  for (const RefPtr<nsIPermission>& permission : mCookiePermissions) {
+    nsCOMPtr<nsIPrincipal> principal;
+    nsresult rv = permission->GetPrincipal(getter_AddRefs(principal));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      continue;
+    }
+
+    PrincipalInfo principalInfo;
+    rv = PrincipalToPrincipalInfo(principal, &principalInfo);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      continue;
+    }
+
+    uint32_t cookiePermission = 0;
+    rv = permission->GetCapability(&cookiePermission);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      continue;
+    }
+
+    aData.cookiePermissions().AppendElement(
+        CookiePermissionData(principalInfo, cookiePermission));
+  }
+}
+
+/* static */ void CookieSettings::Deserialize(
+    const CookieSettingsArgs& aData, nsICookieSettings** aCookieSettings) {
+  CookiePermissionList list;
+  for (const CookiePermissionData& data : aData.cookiePermissions()) {
+    nsCOMPtr<nsIPrincipal> principal =
+        PrincipalInfoToPrincipal(data.principalInfo());
+    if (NS_WARN_IF(!principal)) {
+      continue;
+    }
+
+    nsCOMPtr<nsIPermission> permission = nsPermission::Create(
+        principal, NS_LITERAL_CSTRING("cookie"), data.cookiePermission(), 0, 0);
+    if (NS_WARN_IF(!permission)) {
+      continue;
+    }
+
+    list.AppendElement(permission);
+  }
+
+  RefPtr<CookieSettings> cookieSettings = new CookieSettings(
+      aData.cookieBehavior(), aData.isFixed() ? eFixed : eProgressive);
+
+  cookieSettings->mCookiePermissions.SwapElements(list);
+
+  cookieSettings.forget(aCookieSettings);
+}
+
+void CookieSettings::Merge(const CookieSettingsArgs& aData) {
+  MOZ_ASSERT(mCookieBehavior == aData.cookieBehavior());
+
+  if (mState == eFixed) {
+    return;
+  }
+
+  PermissionComparator comparator;
+
+  for (const CookiePermissionData& data : aData.cookiePermissions()) {
+    nsCOMPtr<nsIPrincipal> principal =
+        PrincipalInfoToPrincipal(data.principalInfo());
+    if (NS_WARN_IF(!principal)) {
+      continue;
+    }
+
+    nsCOMPtr<nsIPermission> permission = nsPermission::Create(
+        principal, NS_LITERAL_CSTRING("cookie"), data.cookiePermission(), 0, 0);
+    if (NS_WARN_IF(!permission)) {
+      continue;
+    }
+
+    if (!mCookiePermissions.Contains(permission, comparator)) {
+      mCookiePermissions.AppendElement(permission);
+    }
+  }
+}
+
+NS_IMPL_ISUPPORTS(CookieSettings, nsICookieSettings)
+
+}  // namespace net
+}  // namespace mozilla

netwerk/cookie/CookieSettings.h

@@ -0,0 +1,63 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_net_CookieSettings_h
+#define mozilla_net_CookieSettings_h
+
+#include "nsICookieSettings.h"
+#include "nsDataHashtable.h"
+
+class nsIPermission;
+
+namespace mozilla {
+namespace net {
+
+class CookieSettingsArgs;
+
+/**
+ * Class that provides an nsICookieSettings implementation.
+ */
+class CookieSettings final : public nsICookieSettings {
+ public:
+  typedef nsTArray<RefPtr<nsIPermission>> CookiePermissionList;
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSICOOKIESETTINGS
+
+  static already_AddRefed<nsICookieSettings> CreateBlockingAll();
+
+  static already_AddRefed<nsICookieSettings> Create();
+
+  void Serialize(CookieSettingsArgs& aData);
+
+  static void Deserialize(const CookieSettingsArgs& aData,
+                          nsICookieSettings** aCookieSettings);
+
+  void Merge(const CookieSettingsArgs& aData);
+
+ private:
+  enum State {
+    // No cookie permissions are allowed to be stored in this object.
+    eFixed,
+
+    // Cookie permissions can be stored in case they are unknown when they are
+    // asked or when they are sent from the parent process.
+    eProgressive,
+  };
+
+  CookieSettings(uint32_t aCookieBehavior, State aState);
+  ~CookieSettings();
+
+  uint32_t mCookieBehavior;
+  CookiePermissionList mCookiePermissions;
+
+  State mState;
+};
+
+}  // namespace net
+}  // namespace mozilla
+
+#endif  // mozilla_net_CookieSettings_h

netwerk/cookie/moz.build

@@ -14,6 +14,7 @@ XPIDL_SOURCES += [
     'nsICookieManager.idl',
     'nsICookiePermission.idl',
     'nsICookieService.idl',
+    'nsICookieSettings.idl',
 ]
 
 XPIDL_MODULE = 'necko_cookie'
@@ -22,11 +23,13 @@ if CONFIG['NECKO_COOKIES']:
     EXPORTS.mozilla.net = [
         'CookieServiceChild.h',
         'CookieServiceParent.h',
+        'CookieSettings.h',
         'nsCookieKey.h',
     ]
     UNIFIED_SOURCES += [
         'CookieServiceChild.cpp',
         'CookieServiceParent.cpp',
+        'CookieSettings.cpp',
         'nsCookie.cpp',
     ]
     # nsCookieService.cpp can't be unified because of symbol conflicts
@@ -34,6 +37,7 @@ if CONFIG['NECKO_COOKIES']:
         'nsCookieService.cpp',
     ]
     LOCAL_INCLUDES += [
+        '/extensions/cookie',
         '/intl/uconv',
     ]
 

netwerk/cookie/nsICookieSettings.idl

@@ -0,0 +1,30 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: ft=cpp tw=78 sw=2 et ts=2 sts=2 cin
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPrincipal;
+
+/**
+ * Cookie settings for top-level documents.
+ */
+[builtinclass, uuid(3ec40331-7cf0-4b71-ba2a-2265aab8f6bc)]
+interface nsICookieSettings : nsISupports
+{
+  /**
+   * CookieBehavior at the loading of the document. Any other loadInfo
+   * inherits it from its document's loadInfo. If there is not a document
+   * involved, cookieBehavior is reject.
+   */
+  [infallible] readonly attribute unsigned long cookieBehavior;
+
+  /**
+   * CookiePermission at the loading of the document for a particular
+   * principal. It returns the same cookiePermission also in case it changes
+   * during the life-time of the top document.
+   */
+  unsigned long cookiePermission(in nsIPrincipal aPrincipal);
+};

netwerk/ipc/NeckoChannelParams.ipdlh

@@ -27,6 +27,24 @@ using nsILoadInfo::CrossOriginOpenerPolicy from "ipc/IPCMessageUtils.h";
 namespace mozilla {
 namespace net {
 
+//-----------------------------------------------------------------------------
+// CookieSettings IPDL structs
+//-----------------------------------------------------------------------------
+
+struct CookiePermissionData
+{
+  PrincipalInfo principalInfo;
+  uint32_t cookiePermission;
+};
+
+struct CookieSettingsArgs
+{
+  // Copy of the cookie behavior and permissions for the top-level document.
+  uint32_t cookieBehavior;
+  CookiePermissionData[] cookiePermissions;
+  bool isFixed;
+};
+
 //-----------------------------------------------------------------------------
 // Preferrer alternative data type
 //-----------------------------------------------------------------------------
@@ -125,6 +143,8 @@ struct LoadInfoArgs
   nsString                    cspNonce;
   bool                        isFromProcessingFrameAttributes;
   CrossOriginOpenerPolicy     openerPolicy;
+
+  CookieSettingsArgs cookieSettings;
 };
 
 /**
@@ -158,6 +178,8 @@ struct ParentLoadInfoForwarderArgs
 
   CrossOriginOpenerPolicy openerPolicy;
 
+  CookieSettingsArgs? cookieSettings;
+
   // IMPORTANT: when you add new properites here you must also update
   // LoadInfoToParentLoadInfoForwarder and MergeParentLoadInfoForwarder
   // in BackgroundUtils.cpp/.h!