bug 1606317: security: allow remote agent to disable security checks;…

… r=keeler

The remote agent is an implementation of a subset of
the Chromium Remote Debugging Protocol (CDP) for Gecko.
For similar reasons as Marionette it needs the ability to call
nsCertOverrideService::SetDisableAllSecurityChecksAndLetAttackersInterceptMyData().

It calls this method from remote/domains/parent/Security.jsm which
implements the Security.setIgnoreCertificateErrors protocol method.

The remote agent is slated to replace Marionette, but there is
currently no timeline for this.

Differential Revision: https://phabricator.services.mozilla.com/D58435

--HG--
extra : moz-landing-system : lando

security/manager/ssl/nsCertOverrideService.cpp

@@ -20,6 +20,9 @@
 #include "nsIObserver.h"
 #include "nsIObserverService.h"
 #include "nsIOutputStream.h"
+#ifdef ENABLE_REMOTE_AGENT
+#  include "nsIRemoteAgent.h"
+#endif
 #include "nsISafeOutputStream.h"
 #include "nsIX509Cert.h"
 #include "nsNSSCertHelper.h"
@@ -609,21 +612,29 @@ nsCertOverrideService::IsCertUsedForOverrides(nsIX509Cert* aCert,
   return NS_OK;
 }
 
-static bool IsMarionetteRunning() {
+static bool IsDebugger() {
   bool marionetteRunning = false;
+  bool remoteAgentListening = false;
 
   nsCOMPtr<nsIMarionette> marionette = do_GetService(NS_MARIONETTE_CONTRACTID);
   if (marionette) {
     marionette->GetRunning(&marionetteRunning);
   }
 
-  return marionetteRunning;
+#ifdef ENABLE_REMOTE_AGENT
+  nsCOMPtr<nsIRemoteAgent> agent = do_GetService(NS_REMOTEAGENT_CONTRACTID);
+  if (agent) {
+    agent->GetListening(&remoteAgentListening);
+  }
+#endif
+
+  return marionetteRunning || remoteAgentListening;
 }
 
 NS_IMETHODIMP
 nsCertOverrideService::
     SetDisableAllSecurityChecksAndLetAttackersInterceptMyData(bool aDisable) {
-  if (!(PR_GetEnv("XPCSHELL_TEST_PROFILE_DIR") || IsMarionetteRunning())) {
+  if (!(PR_GetEnv("XPCSHELL_TEST_PROFILE_DIR") || IsDebugger())) {
     return NS_ERROR_NOT_AVAILABLE;
   }