Bug 1908664 - Add nsIPrincipal::GetIsInPrivateBrowsing r=media-playback-reviewers,anti-tracking-reviewers,dom-storage-reviewers,padenot,asuth,pbz

Differential Revision: https://phabricator.services.mozilla.com/D216993

caps/BasePrincipal.cpp

@@ -1183,6 +1183,12 @@ BasePrincipal::GetPrivateBrowsingId(uint32_t* aPrivateBrowsingId) {
   return NS_OK;
 }
 
+NS_IMETHODIMP
+BasePrincipal::GetIsInPrivateBrowsing(bool* aIsInPrivateBrowsing) {
+  *aIsInPrivateBrowsing = mOriginAttributes.IsPrivateBrowsing();
+  return NS_OK;
+}
+
 nsresult BasePrincipal::GetAddonPolicy(
     extensions::WebExtensionPolicy** aResult) {
   AssertIsOnMainThread();

caps/BasePrincipal.h

@@ -165,6 +165,7 @@ class BasePrincipal : public nsJSPrincipals {
   NS_IMETHOD GetIsOnion(bool* aIsOnion) override;
   NS_IMETHOD GetUserContextId(uint32_t* aUserContextId) final;
   NS_IMETHOD GetPrivateBrowsingId(uint32_t* aPrivateBrowsingId) final;
+  NS_IMETHOD GetIsInPrivateBrowsing(bool* aIsInPrivateBrowsing) final;
   NS_IMETHOD GetSiteOrigin(nsACString& aSiteOrigin) final;
   NS_IMETHOD GetSiteOriginNoSuffix(nsACString& aSiteOrigin) override;
   NS_IMETHOD IsThirdPartyURI(nsIURI* uri, bool* aRes) override;

caps/nsIPrincipal.idl

@@ -587,6 +587,14 @@ interface nsIPrincipal : nsISupports
      */
     [infallible] readonly attribute unsigned long privateBrowsingId;
 
+    /**
+     * Retuns true if it is in private browsing based on privateBrowsingId
+     * being non-zero.
+     *
+     * May be called from any thread.
+     */
+    [infallible] readonly attribute boolean isInPrivateBrowsing;
+
     /**
      * Returns true iff this is a null principal (corresponding to an
      * unknown, hence assumed minimally privileged, security context).

dom/base/nsGlobalWindowOuter.cpp

@@ -2601,7 +2601,7 @@ void nsGlobalWindowOuter::PreloadLocalStorage() {
 
   // private browsing windows do not persist local storage to disk so we should
   // only try to precache storage when we're not a private browsing window.
-  if (principal->GetPrivateBrowsingId() == 0) {
+  if (!principal->GetIsInPrivateBrowsing()) {
     RefPtr<Storage> storage;
     rv = storageManager->PrecacheStorage(principal, storagePrincipal,
                                          getter_AddRefs(storage));

dom/html/HTMLMediaElement.cpp

@@ -5154,7 +5154,7 @@ nsresult HTMLMediaElement::InitializeDecoderForChannel(
   }
 
   reportCanPlay(true);
-  bool isPrivateBrowsing = NodePrincipal()->GetPrivateBrowsingId() > 0;
+  bool isPrivateBrowsing = NodePrincipal()->GetIsInPrivateBrowsing();
   return SetupDecoder(decoder.get(), aChannel, isPrivateBrowsing, aListener);
 }
 

dom/indexedDB/IDBFactory.cpp

@@ -689,7 +689,7 @@ RefPtr<IDBOpenDBRequest> IDBFactory::OpenInternal(
     }
     MOZ_ASSERT(aCallerType == CallerType::System);
     MOZ_DIAGNOSTIC_ASSERT(mPrivateBrowsingMode ==
-                          (aPrincipal->GetPrivateBrowsingId() > 0));
+                          aPrincipal->GetIsInPrivateBrowsing());
 
     if (NS_WARN_IF(
             NS_FAILED(PrincipalToPrincipalInfo(aPrincipal, &principalInfo)))) {

dom/media/eme/MediaKeySystemAccessManager.cpp

@@ -520,7 +520,7 @@ void MediaKeySystemAccessManager::RequestMediaKeySystemAccess(
 
   bool isPrivateBrowsing =
       mWindow->GetExtantDoc() &&
-      mWindow->GetExtantDoc()->NodePrincipal()->GetPrivateBrowsingId() > 0;
+      mWindow->GetExtantDoc()->NodePrincipal()->GetIsInPrivateBrowsing();
   //   2. Let implementation be the implementation of keySystem.
   //   3. For each value in supportedConfigurations:
   //     1. Let candidate configuration be the value.

dom/notification/Notification.cpp

@@ -491,7 +491,7 @@ NotificationPermissionRequest::Run() {
   bool blocked = false;
   if (isSystem) {
     mPermission = NotificationPermission::Granted;
-  } else if (mPrincipal->GetPrivateBrowsingId() != 0 &&
+  } else if (mPrincipal->GetIsInPrivateBrowsing() &&
              !StaticPrefs::dom_webnotifications_privateBrowsing_enabled()) {
     mPermission = NotificationPermission::Denied;
     blocked = true;
@@ -1263,7 +1263,7 @@ ServiceWorkerNotificationObserver::Observe(nsISupports* aSubject,
 
     // Remove closed or dismissed persistent notifications.
     nsCOMPtr<nsINotificationStorage> notificationStorage =
-        GetNotificationStorage(mPrincipal->GetPrivateBrowsingId() != 0);
+        GetNotificationStorage(mPrincipal->GetIsInPrivateBrowsing());
     if (notificationStorage) {
       notificationStorage->Delete(origin, mID);
     }
@@ -1557,7 +1557,7 @@ NotificationPermission Notification::GetPermissionInternal(
     return NotificationPermission::Denied;
   }
 
-  if (principal->GetPrivateBrowsingId() != 0 &&
+  if (principal->GetIsInPrivateBrowsing() &&
       !StaticPrefs::dom_webnotifications_privateBrowsing_enabled()) {
     return NotificationPermission::Denied;
   }
@@ -1810,7 +1810,7 @@ class WorkerGetRunnable final : public Runnable {
     }
 
     auto* principal = mPromiseProxy->GetWorkerPrivate()->GetPrincipal();
-    auto isPrivate = principal->GetPrivateBrowsingId() != 0;
+    auto isPrivate = principal->GetIsInPrivateBrowsing();
 
     nsCOMPtr<nsINotificationStorageCallback> callback =
         new WorkerGetCallback(mPromiseProxy, mScope);

dom/privateattribution/PrivateAttribution.cpp

@@ -48,10 +48,7 @@ bool PrivateAttribution::GetSourceHostIfNonPrivate(nsACString& aSourceHost,
     aRv.ThrowInvalidStateError("Couldn't get source host");
     return false;
   }
-  if (prin->GetPrivateBrowsingId() > 0) {
+  return !prin->GetIsInPrivateBrowsing();
-    return false;  // Do not throw.
-  }
-  return true;
 }
 
 [[nodiscard]] static bool ValidateHost(const nsACString& aHost,

dom/quota/ActorsParent.cpp

@@ -6168,7 +6168,7 @@ Result<PrincipalMetadata, nsresult> QuotaManager::GetInfoFromPrincipal(
 
   principalMetadata.mStorageOrigin = principalMetadata.mOrigin;
 
-  principalMetadata.mIsPrivate = aPrincipal->GetPrivateBrowsingId() != 0;
+  principalMetadata.mIsPrivate = aPrincipal->GetIsInPrivateBrowsing();
 
   return principalMetadata;
 }

dom/serviceworkers/ServiceWorkerUtils.cpp

@@ -36,7 +36,7 @@ static bool IsServiceWorkersTestingEnabledInWindow(JSObject* const aGlobal) {
 static bool IsInPrivateBrowsing(JSContext* const aCx) {
   if (const nsCOMPtr<nsIGlobalObject> global = xpc::CurrentNativeGlobal(aCx)) {
     if (const nsCOMPtr<nsIPrincipal> principal = global->PrincipalOrNull()) {
-      return principal->GetPrivateBrowsingId() > 0;
+      return principal->GetIsInPrivateBrowsing();
     }
   }
   return false;

dom/workers/WorkerNavigator.cpp

@@ -97,7 +97,7 @@ bool WorkerNavigator::GlobalPrivacyControl() const {
     JSObject* jso = GetWrapper();
     if (const nsCOMPtr<nsIGlobalObject> global = xpc::NativeGlobal(jso)) {
       if (const nsCOMPtr<nsIPrincipal> principal = global->PrincipalOrNull()) {
-        gpcStatus = principal->GetPrivateBrowsingId() > 0 &&
+        gpcStatus = principal->GetIsInPrivateBrowsing() &&
                     StaticPrefs::privacy_globalprivacycontrol_pbmode_enabled();
       }
     }

layout/style/FontFaceSetWorkerImpl.cpp

@@ -122,7 +122,7 @@ void FontFaceSetWorkerImpl::InitializeOnMainThread() {
 
   // Same for the "private browsing" flag.
   if (defaultPrincipal) {
-    mPrivateBrowsing = defaultPrincipal->GetPrivateBrowsingId() > 0;
+    mPrivateBrowsing = defaultPrincipal->GetIsInPrivateBrowsing();
   }
 
   mStandardFontLoadPrincipal =

toolkit/components/antitracking/StorageAccess.cpp

@@ -274,7 +274,7 @@ StorageAccess StorageAllowedForWindow(nsPIDOMWindowInner* aWindow,
   // No document? Try checking Private Browsing Mode without document
   if (const nsCOMPtr<nsIGlobalObject> global = aWindow->AsGlobal()) {
     if (const nsCOMPtr<nsIPrincipal> principal = global->PrincipalOrNull()) {
-      if (principal->GetPrivateBrowsingId() > 0) {
+      if (principal->GetIsInPrivateBrowsing()) {
         return StorageAccess::ePrivateBrowsing;
       }
     }