Use correct policy for RequestGuard.blockedObjects

Fixes uses of ns.policy in RequestGuard and LifeCycle

Author: aaronkollasch

src/bg/LifeCycle.js

@@ -104,6 +104,7 @@ var LifeCycle = (() => {
       let {url} = tab;
       let {cypherText, key, iv} = await encrypt(JSON.stringify({
         policy: ns.policy.dry(true),
+        contextStore: ns.contextStore.dry(true),
         allSeen,
         unrestrictedTabs: [...ns.unrestrictedTabs]
       }));
@@ -188,14 +189,15 @@ var LifeCycle = (() => {
             iv
           }, key, cypherText
         );
-        let {policy, allSeen, unrestrictedTabs} = JSON.parse(new TextDecoder().decode(encoded));
+        let {policy, contextStore, allSeen, unrestrictedTabs} = JSON.parse(new TextDecoder().decode(encoded));
         if (!policy) {
           throw new error("Ephemeral policy not found in survival tab %s!", tabId);
         }
         ns.unrestrictedTabs = new Set(unrestrictedTabs);
         destroyIfNeeded();
         if (ns.initializing) await ns.initializing;
         ns.policy = new Policy(policy);
+        ns.contextStore = new ContextStore(contextStore);
         await Promise.all(
           Object.entries(allSeen).map(
             async ([tabId, seen]) => {

src/bg/RequestGuard.js

@@ -247,7 +247,9 @@ var RequestGuard = (() => {
       }
       let key = [siteKey, origin][ret.option || 0];
       if (!key) return;
-      let {siteMatch, contextMatch, perms} = ns.policy.get(key, documentUrl);
+      let cookieStoreId = sender.tab && sender.tab.cookieStoreId;
+      let policy = ns.getPolicy(cookieStoreId);
+      let {siteMatch, contextMatch, perms} = policy.get(key, documentUrl);
       let {capabilities} = perms;
       if (!capabilities.has(policyType)) {
         let temp = sender.tab.incognito; // we don't want to store in PBM
@@ -260,8 +262,9 @@ var RequestGuard = (() => {
           perms = new Permissions(new Set(capabilities), false, contextualSites);
         }
         */
-        ns.policy.set(key, perms);
+        policy.set(key, perms);
         await ns.savePolicy();
+        await ns.saveContextStore();
       }
       return {enable: key};
     },
@@ -335,7 +338,8 @@ var RequestGuard = (() => {
   };
 
   function intersectCapabilities(perms, request) {
-    let {frameId, frameAncestors, tabId} = request;
+    let {frameId, frameAncestors, tabId, cookieStoreId} = request;
+    let policy = ns.getPolicy(cookieStoreId);
     if (frameId !== 0 && ns.sync.cascadeRestrictions) {
       let topUrl = frameAncestors && frameAncestors.length
         && frameAncestors[frameAncestors.length - 1].url;
@@ -344,7 +348,7 @@ var RequestGuard = (() => {
         if (tab) topUrl = tab.url;
       }
       if (topUrl) {
-        return ns.policy.cascadeRestrictions(perms, topUrl).capabilities;
+        return policy.cascadeRestrictions(perms, topUrl).capabilities;
       }
     }
     return perms.capabilities;