From 386d23bfe734b76eea85c5339c70f171ba3034fb Mon Sep 17 00:00:00 2001
From: Bogdan Tara <btara@mozilla.com>
Date: Fri, 3 May 2019 06:12:25 +0300
Subject: [PATCH] Backed out 4 changesets (bug 1320404) for
 test_permmanager_load_invalid_entries.js failures

Backed out changeset 7c2f4e64d38e (bug 1320404)
Backed out changeset a7e7c0251179 (bug 1320404)
Backed out changeset dd741b25a244 (bug 1320404)
Backed out changeset de9073c57d20 (bug 1320404)
---
 ...browser_principalSerialization_version1.js |   6 +
 ...wser_restore_cookies_noOriginAttributes.js |   1 +
 caps/BasePrincipal.cpp                        |  12 +
 caps/BasePrincipal.h                          |   2 +
 caps/OriginAttributes.cpp                     |  17 +-
 caps/OriginAttributes.h                       |  18 +-
 caps/nsIPrincipal.idl                         |  18 ++
 caps/nsIScriptSecurityManager.idl             |   3 +
 caps/tests/gtest/TestOriginAttributes.cpp     |  10 +-
 caps/tests/unit/test_origin.js                |  89 ++++++-
 docshell/base/LoadContext.h                   |   7 +-
 docshell/base/nsDocShell.h                    |   2 +-
 dom/base/ChromeUtils.h                        |   3 +-
 dom/base/Document.cpp                         |   4 +
 dom/base/PostMessageEvent.cpp                 |   3 +
 dom/base/nsFrameLoader.cpp                    |   5 +
 .../test/test_messagemanager_principal.html   |   3 +
 .../test_messagemanager_send_principal.html   |   3 +
 .../test/test_messagemanager_targetchain.html |   5 +-
 .../mochitest/browserElement_Auth.js          |   4 +-
 .../mochitest/browserElement_CopyPaste.js     |   1 +
 dom/chrome-webidl/ChromeUtils.webidl          |   2 +
 dom/ipc/BrowserBridgeParent.cpp               |   1 +
 dom/ipc/PTabContext.ipdlh                     |   6 +-
 dom/ipc/TabContext.cpp                        |   5 +
 ..._presentation_mixed_security_contexts.html |   1 +
 .../test/xpcshell/test_clear_origin_data.js   |  44 +++-
 .../test/xpcshell/test_notification_http2.js  |   8 +-
 .../test/xpcshell/test_reconnect_retry.js     |   4 +-
 .../xpcshell/test_register_5xxCode_http2.js   |   1 +
 dom/push/test/xpcshell/test_register_case.js  |   2 +-
 .../xpcshell/test_register_error_http2.js     |  12 +-
 .../xpcshell/test_register_invalid_channel.js |   2 +-
 .../test_register_invalid_endpoint.js         |   2 +-
 .../xpcshell/test_register_invalid_json.js    |   2 +-
 dom/push/test/xpcshell/test_register_no_id.js |   2 +-
 .../xpcshell/test_register_request_queue.js   |   4 +-
 .../test/xpcshell/test_register_rollback.js   |   2 +-
 .../test/xpcshell/test_register_success.js    |   2 +-
 .../xpcshell/test_register_success_http2.js   |   4 +-
 .../test/xpcshell/test_register_timeout.js    |   2 +-
 .../test/xpcshell/test_register_wrong_id.js   |   2 +-
 .../test/xpcshell/test_register_wrong_type.js |   2 +-
 .../test/xpcshell/test_registration_error.js  |   2 +-
 .../xpcshell/test_registration_error_http2.js |   2 +-
 .../test/xpcshell/test_registration_none.js   |   2 +-
 .../xpcshell/test_registration_success.js     |  16 ++
 .../test_registration_success_http2.js        |   8 +-
 .../xpcshell/test_unregister_empty_scope.js   |   2 +-
 .../xpcshell/test_unregister_invalid_json.js  |   2 +-
 .../xpcshell/test_unregister_not_found.js     |   2 +-
 .../xpcshell/test_unregister_success_http2.js |   4 +-
 .../test_updateRecordNoEncryptionKeys_ws.js   |   2 +-
 dom/quota/ActorsParent.cpp                    |  54 ++++-
 dom/quota/SerializationHelpers.h              |   4 +-
 dom/quota/nsIQuotaManagerService.idl          |  14 +-
 dom/quota/test/gtest/TestQuotaManager.cpp     |  24 ++
 .../test/unit/removeAppsUpgrade_profile.zip   | Bin 0 -> 3145 bytes
 dom/quota/test/unit/test_removeAppsUpgrade.js |  66 ++++++
 dom/quota/test/unit/xpcshell.ini              |   2 +
 dom/serviceworkers/ServiceWorkerManager.cpp   |   6 +
 dom/serviceworkers/ServiceWorkerManager.h     |   5 +-
 .../test/gtest/TestReadWrite.cpp              |  46 ++--
 dom/storage/StorageDBUpdater.cpp              |   3 +-
 dom/storage/StorageUtils.cpp                  |   6 +-
 dom/workers/WorkerLoadInfo.cpp                |   2 +-
 .../permissions/nsPermissionManager.cpp       | 112 +++------
 .../test/unit/test_permmanager_cleardata.js   |  12 +-
 .../test/unit/test_permmanager_defaults.js    |   4 +-
 .../test_permmanager_load_invalid_entries.js  |  43 ++--
 .../test/unit/test_permmanager_matches.js     | 146 +++++++++---
 .../test/unit/test_permmanager_matchesuri.js  |   6 +-
 .../test/unit/test_permmanager_migrate_4-7.js |  15 +-
 ...test_permmanager_migrate_4-7_no_history.js |  12 +-
 .../unit/test_permmanager_migrate_5-7a.js     |  17 +-
 .../unit/test_permmanager_migrate_5-7b.js     |   7 +-
 .../unit/test_permmanager_migrate_6-7a.js     |  17 +-
 .../unit/test_permmanager_migrate_6-7b.js     |   7 +-
 .../test/unit/test_permmanager_migrate_7-8.js |   4 +-
 .../unit/test_permmanager_migrate_9-10.js     | 217 ------------------
 .../unit/test_permmanager_removeforapp.js     |  99 ++++++++
 extensions/permissions/test/unit/xpcshell.ini |   2 +-
 ipc/glue/BackgroundUtils.cpp                  |   6 +-
 ipc/glue/ProtocolUtils.h                      |   3 +
 .../components/ContentPermissionPrompt.js     |  14 +-
 netwerk/base/nsILoadContextInfo.idl           |   3 +
 netwerk/base/nsNetUtil.h                      |  13 +-
 netwerk/cache2/CacheFileUtils.cpp             |   3 +-
 netwerk/cache2/CacheStorageService.cpp        |   2 +-
 netwerk/cookie/nsCookieService.cpp            |   5 +-
 netwerk/ipc/NeckoParent.cpp                   |   2 +-
 netwerk/protocol/about/nsAboutCache.cpp       |   8 +-
 netwerk/protocol/http/nsHttpChannel.h         |   4 +-
 netwerk/test/unit/head_channels.js            |   4 +-
 netwerk/test/unit/test_auth_jar.js            |  22 +-
 netwerk/test/unit/test_cache_jar.js           |  47 +++-
 .../content/SpecialPowersObserver.jsm         |   4 +-
 .../specialpowers/content/specialpowersAPI.js |   1 +
 .../talos/talos/xtalos/xperf_whitelist.json   |   6 -
 .../aboutcache/content/aboutCache.js          |   8 +-
 toolkit/content/aboutServiceWorkers.js        |   7 +
 .../toolkit/about/aboutServiceWorkers.ftl     |   7 +
 102 files changed, 944 insertions(+), 547 deletions(-)
 create mode 100644 dom/quota/test/unit/removeAppsUpgrade_profile.zip
 create mode 100644 dom/quota/test/unit/test_removeAppsUpgrade.js
 delete mode 100644 extensions/permissions/test/unit/test_permmanager_migrate_9-10.js
 create mode 100644 extensions/permissions/test/unit/test_permmanager_removeforapp.js

diff --git a/browser/base/content/test/caps/browser_principalSerialization_version1.js b/browser/base/content/test/caps/browser_principalSerialization_version1.js
index 51c54b270bfd3..e93c0fb75747d 100644
--- a/browser/base/content/test/caps/browser_principalSerialization_version1.js
+++ b/browser/base/content/test/caps/browser_principalSerialization_version1.js
@@ -113,6 +113,7 @@ add_task(async function test_realHistoryCheck() {
       "output": {
         "URI": false,
         "originAttributes": {
+          "appId": 0,
           "firstPartyDomain": "",
           "inIsolatedMozBrowser": false,
           "privateBrowsingId": 0,
@@ -127,6 +128,7 @@ add_task(async function test_realHistoryCheck() {
         "cspJSON": "{\"csp-policies\":[{\"child-src\":[\"https://www.googletagmanager.com\",\"https://www.google-analytics.com\",\"https://www.youtube-nocookie.com\",\"https://trackertest.org\",\"https://www.surveygizmo.com\",\"https://accounts.firefox.com\",\"https://accounts.firefox.com.cn\",\"https://www.youtube.com\"],\"connect-src\":[\"'self'\",\"https://*.mozilla.net\",\"https://*.mozilla.org\",\"https://*.mozilla.com\",\"https://www.googletagmanager.com\",\"https://www.google-analytics.com\",\"https://accounts.firefox.com/\",\"https://accounts.firefox.com.cn/\"],\"default-src\":[\"'self'\",\"https://*.mozilla.net\",\"https://*.mozilla.org\",\"https://*.mozilla.com\"],\"frame-src\":[\"https://www.googletagmanager.com\",\"https://www.google-analytics.com\",\"https://www.youtube-nocookie.com\",\"https://trackertest.org\",\"https://www.surveygizmo.com\",\"https://accounts.firefox.com\",\"https://accounts.firefox.com.cn\",\"https://www.youtube.com\"],\"img-src\":[\"'self'\",\"https://*.mozilla.net\",\"https://*.mozilla.org\",\"https://*.mozilla.com\",\"data:\",\"https://mozilla.org\",\"https://www.googletagmanager.com\",\"https://www.google-analytics.com\",\"https://adservice.google.com\",\"https://adservice.google.de\",\"https://adservice.google.dk\",\"https://creativecommons.org\",\"https://ad.doubleclick.net\"],\"report-only\":false,\"script-src\":[\"'self'\",\"https://*.mozilla.net\",\"https://*.mozilla.org\",\"https://*.mozilla.com\",\"'unsafe-inline'\",\"'unsafe-eval'\",\"https://www.googletagmanager.com\",\"https://www.google-analytics.com\",\"https://tagmanager.google.com\",\"https://www.youtube.com\",\"https://s.ytimg.com\"],\"style-src\":[\"'self'\",\"https://*.mozilla.net\",\"https://*.mozilla.org\",\"https://*.mozilla.com\",\"'unsafe-inline'\"]}]}",
         "URISpec": "https://www.mozilla.org/en-US/",
         "originAttributes": {
+          "appId": 0,
           "firstPartyDomain": "",
           "inIsolatedMozBrowser": false,
           "privateBrowsingId": 0,
@@ -139,6 +141,7 @@ add_task(async function test_realHistoryCheck() {
       "output": {
         "URISpec": "https://www.mozilla.org/en-US/firefox/accounts/",
         "originAttributes": {
+          "appId": 0,
           "firstPartyDomain": "",
           "inIsolatedMozBrowser": false,
           "privateBrowsingId": 0,
@@ -152,6 +155,7 @@ add_task(async function test_realHistoryCheck() {
       "output": {
         "URISpec": "https://developer.mozilla.org/en-US/?utm_source=www.mozilla.org&utm_medium=referral&utm_campaign=nav&utm_content=developers",
         "originAttributes": {
+          "appId": 0,
           "firstPartyDomain": "",
           "inIsolatedMozBrowser": false,
           "privateBrowsingId": 0,
@@ -165,6 +169,7 @@ add_task(async function test_realHistoryCheck() {
       "output": {
         "URI": false,
         "originAttributes": {
+          "appId": 0,
           "firstPartyDomain": "",
           "inIsolatedMozBrowser": false,
           "privateBrowsingId": 0,
@@ -178,6 +183,7 @@ add_task(async function test_realHistoryCheck() {
       "output": {
         "URISpec": "moz-nullprincipal:{045ca18d-436c-4744-bbb6-b1a15366df79}",
         "originAttributes": {
+          "appId": 0,
           "firstPartyDomain": "",
           "inIsolatedMozBrowser": false,
           "privateBrowsingId": 0,
diff --git a/browser/components/sessionstore/test/browser_restore_cookies_noOriginAttributes.js b/browser/components/sessionstore/test/browser_restore_cookies_noOriginAttributes.js
index a05c01aeb1bd1..3e4a3d0fe5b08 100644
--- a/browser/components/sessionstore/test/browser_restore_cookies_noOriginAttributes.js
+++ b/browser/components/sessionstore/test/browser_restore_cookies_noOriginAttributes.js
@@ -107,6 +107,7 @@ const SESSION_DATA_OA = JSON.stringify(
       name: "test1",
       originAttributes: {
         addonId: "",
+        appId: 0,
         inIsolatedMozBrowser: false,
         userContextId: 0,
       },
diff --git a/caps/BasePrincipal.cpp b/caps/BasePrincipal.cpp
index d0e99bbaa6455..c4fe508e934f6 100644
--- a/caps/BasePrincipal.cpp
+++ b/caps/BasePrincipal.cpp
@@ -293,6 +293,18 @@ BasePrincipal::GetOriginSuffix(nsACString& aOriginAttributes) {
   return NS_OK;
 }
 
+NS_IMETHODIMP
+BasePrincipal::GetAppId(uint32_t* aAppId) {
+  if (AppId() == nsIScriptSecurityManager::UNKNOWN_APP_ID) {
+    MOZ_ASSERT(false);
+    *aAppId = nsIScriptSecurityManager::NO_APP_ID;
+    return NS_OK;
+  }
+
+  *aAppId = AppId();
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 BasePrincipal::GetUserContextId(uint32_t* aUserContextId) {
   *aUserContextId = UserContextId();
diff --git a/caps/BasePrincipal.h b/caps/BasePrincipal.h
index d228505763ba3..15d5ad03053c9 100644
--- a/caps/BasePrincipal.h
+++ b/caps/BasePrincipal.h
@@ -122,6 +122,7 @@ class BasePrincipal : public nsJSPrincipals {
   NS_IMETHOD GetOriginAttributes(JSContext* aCx,
                                  JS::MutableHandle<JS::Value> aVal) final;
   NS_IMETHOD GetOriginSuffix(nsACString& aOriginSuffix) final;
+  NS_IMETHOD GetAppId(uint32_t* aAppId) final;
   NS_IMETHOD GetIsInIsolatedMozBrowserElement(
       bool* aIsInIsolatedMozBrowserElement) final;
   NS_IMETHOD GetUserContextId(uint32_t* aUserContextId) final;
@@ -153,6 +154,7 @@ class BasePrincipal : public nsJSPrincipals {
   const OriginAttributes& OriginAttributesRef() final {
     return mOriginAttributes;
   }
+  uint32_t AppId() const { return mOriginAttributes.mAppId; }
   extensions::WebExtensionPolicy* AddonPolicy();
   uint32_t UserContextId() const { return mOriginAttributes.mUserContextId; }
   uint32_t PrivateBrowsingId() const {
diff --git a/caps/OriginAttributes.cpp b/caps/OriginAttributes.cpp
index 7f40e6549310b..bc4abe31a9654 100644
--- a/caps/OriginAttributes.cpp
+++ b/caps/OriginAttributes.cpp
@@ -133,6 +133,11 @@ void OriginAttributes::CreateSuffix(nsACString& aStr) const {
   // naming.
   //
 
+  if (mAppId != nsIScriptSecurityManager::NO_APP_ID) {
+    value.AppendInt(mAppId);
+    params.Set(NS_LITERAL_STRING("appId"), value);
+  }
+
   if (mInIsolatedMozBrowser) {
     params.Set(NS_LITERAL_STRING("inBrowser"), NS_LITERAL_STRING("1"));
   }
@@ -202,6 +207,16 @@ class MOZ_STACK_CLASS PopulateFromSuffixIterator final
 
   bool URLParamsIterator(const nsAString& aName,
                          const nsAString& aValue) override {
+    if (aName.EqualsLiteral("appId")) {
+      nsresult rv;
+      int64_t val = aValue.ToInteger64(&rv);
+      NS_ENSURE_SUCCESS(rv, false);
+      NS_ENSURE_TRUE(val <= UINT32_MAX, false);
+      mOriginAttributes->mAppId = static_cast<uint32_t>(val);
+
+      return true;
+    }
+
     if (aName.EqualsLiteral("inBrowser")) {
       if (!aValue.EqualsLiteral("1")) {
         return false;
@@ -211,7 +226,7 @@ class MOZ_STACK_CLASS PopulateFromSuffixIterator final
       return true;
     }
 
-    if (aName.EqualsLiteral("addonId") || aName.EqualsLiteral("appId")) {
+    if (aName.EqualsLiteral("addonId")) {
       // No longer supported. Silently ignore so that legacy origin strings
       // don't cause failures.
       return true;
diff --git a/caps/OriginAttributes.h b/caps/OriginAttributes.h
index 9b36b797f0a2b..582265b290060 100644
--- a/caps/OriginAttributes.h
+++ b/caps/OriginAttributes.h
@@ -17,7 +17,8 @@ class OriginAttributes : public dom::OriginAttributesDictionary {
  public:
   OriginAttributes() {}
 
-  explicit OriginAttributes(bool aInIsolatedMozBrowser) {
+  OriginAttributes(uint32_t aAppId, bool aInIsolatedMozBrowser) {
+    mAppId = aAppId;
     mInIsolatedMozBrowser = aInIsolatedMozBrowser;
   }
 
@@ -45,7 +46,8 @@ class OriginAttributes : public dom::OriginAttributesDictionary {
   }
 
   bool operator==(const OriginAttributes& aOther) const {
-    return mInIsolatedMozBrowser == aOther.mInIsolatedMozBrowser &&
+    return mAppId == aOther.mAppId &&
+           mInIsolatedMozBrowser == aOther.mInIsolatedMozBrowser &&
            mUserContextId == aOther.mUserContextId &&
            mPrivateBrowsingId == aOther.mPrivateBrowsingId &&
            mFirstPartyDomain == aOther.mFirstPartyDomain;
@@ -56,7 +58,8 @@ class OriginAttributes : public dom::OriginAttributesDictionary {
   }
 
   MOZ_MUST_USE bool EqualsIgnoringFPD(const OriginAttributes& aOther) const {
-    return mInIsolatedMozBrowser == aOther.mInIsolatedMozBrowser &&
+    return mAppId == aOther.mAppId &&
+           mInIsolatedMozBrowser == aOther.mInIsolatedMozBrowser &&
            mUserContextId == aOther.mUserContextId &&
            mPrivateBrowsingId == aOther.mPrivateBrowsingId;
   }
@@ -126,6 +129,10 @@ class OriginAttributesPattern : public dom::OriginAttributesPatternDictionary {
 
   // Performs a match of |aAttrs| against this pattern.
   bool Matches(const OriginAttributes& aAttrs) const {
+    if (mAppId.WasPassed() && mAppId.Value() != aAttrs.mAppId) {
+      return false;
+    }
+
     if (mInIsolatedMozBrowser.WasPassed() &&
         mInIsolatedMozBrowser.Value() != aAttrs.mInIsolatedMozBrowser) {
       return false;
@@ -150,6 +157,11 @@ class OriginAttributesPattern : public dom::OriginAttributesPatternDictionary {
   }
 
   bool Overlaps(const OriginAttributesPattern& aOther) const {
+    if (mAppId.WasPassed() && aOther.mAppId.WasPassed() &&
+        mAppId.Value() != aOther.mAppId.Value()) {
+      return false;
+    }
+
     if (mInIsolatedMozBrowser.WasPassed() &&
         aOther.mInIsolatedMozBrowser.WasPassed() &&
         mInIsolatedMozBrowser.Value() != aOther.mInIsolatedMozBrowser.Value()) {
diff --git a/caps/nsIPrincipal.idl b/caps/nsIPrincipal.idl
index 6c062c403822e..609cf4069185c 100644
--- a/caps/nsIPrincipal.idl
+++ b/caps/nsIPrincipal.idl
@@ -267,6 +267,24 @@ interface nsIPrincipal : nsISerializable
      */
     readonly attribute ACString baseDomain;
 
+    /**
+     * Gets the id of the app this principal is inside.  If this principal is
+     * not inside an app, returns nsIScriptSecurityManager::NO_APP_ID.
+     *
+     * Note that this principal does not necessarily have the permissions of
+     * the app identified by appId.  For example, this principal might
+     * correspond to an iframe whose origin differs from that of the app frame
+     * containing it.  In this case, the iframe will have the appId of its
+     * containing app frame, but the iframe must not run with the app's
+     * permissions.
+     *
+     * Similarly, this principal might correspond to an <iframe mozbrowser>
+     * inside an app frame; in this case, the content inside the iframe should
+     * not have any of the app's permissions, even if the iframe is at the same
+     * origin as the app.
+     */
+    [infallible] readonly attribute unsigned long appId;
+
     /**
      * Gets the ID of the add-on this principal belongs to.
      */
diff --git a/caps/nsIScriptSecurityManager.idl b/caps/nsIScriptSecurityManager.idl
index 8b44a2885c927..ccf8a8fa747b7 100644
--- a/caps/nsIScriptSecurityManager.idl
+++ b/caps/nsIScriptSecurityManager.idl
@@ -246,6 +246,9 @@ interface nsIScriptSecurityManager : nsISupports
      */
     nsIPrincipal getChannelURIPrincipal(in nsIChannel aChannel);
 
+    const unsigned long NO_APP_ID = 0;
+    const unsigned long UNKNOWN_APP_ID = 4294967295; // UINT32_MAX
+
     const unsigned long DEFAULT_USER_CONTEXT_ID = 0;
 
     /**
diff --git a/caps/tests/gtest/TestOriginAttributes.cpp b/caps/tests/gtest/TestOriginAttributes.cpp
index 582de8c1c9d38..69bd1cf47fbc2 100644
--- a/caps/tests/gtest/TestOriginAttributes.cpp
+++ b/caps/tests/gtest/TestOriginAttributes.cpp
@@ -34,9 +34,15 @@ TEST(OriginAttributes, Suffix_default)
   TestSuffix(attrs);
 }
 
-TEST(OriginAttributes, Suffix_inIsolatedMozBrowser)
+TEST(OriginAttributes, Suffix_appId_inIsolatedMozBrowser)
 {
-  OriginAttributes attrs(true);
+  OriginAttributes attrs(1, true);
+  TestSuffix(attrs);
+}
+
+TEST(OriginAttributes, Suffix_maxAppId_inIsolatedMozBrowser)
+{
+  OriginAttributes attrs(4294967295, true);
   TestSuffix(attrs);
 }
 
diff --git a/caps/tests/unit/test_origin.js b/caps/tests/unit/test_origin.js
index e2b2a06cb1af3..660c91d463550 100644
--- a/caps/tests/unit/test_origin.js
+++ b/caps/tests/unit/test_origin.js
@@ -19,6 +19,7 @@ function checkCrossOrigin(a, b) {
 
 function checkOriginAttributes(prin, attrs, suffix) {
   attrs = attrs || {};
+  Assert.equal(prin.originAttributes.appId, attrs.appId || 0);
   Assert.equal(prin.originAttributes.inIsolatedMozBrowser, attrs.inIsolatedMozBrowser || false);
   Assert.equal(prin.originSuffix, suffix || "");
   Assert.equal(ChromeUtils.originAttributesToSuffix(attrs), suffix || "");
@@ -40,6 +41,7 @@ function checkSandboxOriginAttributes(arr, attrs, options) {
 // utility function useful for debugging
 function printAttrs(name, attrs) {
   info(name + " {\n" +
+       "\tappId: " + attrs.appId + ",\n" +
        "\tuserContextId: " + attrs.userContextId + ",\n" +
        "\tinIsolatedMozBrowser: " + attrs.inIsolatedMozBrowser + ",\n" +
        "\tprivateBrowsingId: '" + attrs.privateBrowsingId + "',\n" +
@@ -51,6 +53,7 @@ function checkValues(attrs, values) {
   values = values || {};
   // printAttrs("attrs", attrs);
   // printAttrs("values", values);
+  Assert.equal(attrs.appId, values.appId || 0);
   Assert.equal(attrs.userContextId, values.userContextId || 0);
   Assert.equal(attrs.inIsolatedMozBrowser, values.inIsolatedMozBrowser || false);
   Assert.equal(attrs.privateBrowsingId, values.privateBrowsingId || "");
@@ -91,6 +94,13 @@ function run_test() {
   // Test origin attributes.
   //
 
+  // Just app.
+  var exampleOrg_app = ssm.createCodebasePrincipal(makeURI("http://example.org"), {appId: 42});
+  var nullPrin_app = ssm.createNullPrincipal({appId: 42});
+  checkOriginAttributes(exampleOrg_app, {appId: 42}, "^appId=42");
+  checkOriginAttributes(nullPrin_app, {appId: 42}, "^appId=42");
+  Assert.equal(exampleOrg_app.origin, "http://example.org^appId=42");
+
   // Just browser.
   var exampleOrg_browser = ssm.createCodebasePrincipal(makeURI("http://example.org"), {inIsolatedMozBrowser: true});
   var nullPrin_browser = ssm.createNullPrincipal({inIsolatedMozBrowser: true});
@@ -98,26 +108,68 @@ function run_test() {
   checkOriginAttributes(nullPrin_browser, {inIsolatedMozBrowser: true}, "^inBrowser=1");
   Assert.equal(exampleOrg_browser.origin, "http://example.org^inBrowser=1");
 
+  // App and browser.
+  var exampleOrg_appBrowser = ssm.createCodebasePrincipal(makeURI("http://example.org"), {inIsolatedMozBrowser: true, appId: 42});
+  var nullPrin_appBrowser = ssm.createNullPrincipal({inIsolatedMozBrowser: true, appId: 42});
+  checkOriginAttributes(exampleOrg_appBrowser, {appId: 42, inIsolatedMozBrowser: true}, "^appId=42&inBrowser=1");
+  checkOriginAttributes(nullPrin_appBrowser, {appId: 42, inIsolatedMozBrowser: true}, "^appId=42&inBrowser=1");
+  Assert.equal(exampleOrg_appBrowser.origin, "http://example.org^appId=42&inBrowser=1");
+
+  // App and browser, different domain.
+  var exampleCom_appBrowser = ssm.createCodebasePrincipal(makeURI("https://www.example.com:123"), {appId: 42, inIsolatedMozBrowser: true});
+  checkOriginAttributes(exampleCom_appBrowser, {appId: 42, inIsolatedMozBrowser: true}, "^appId=42&inBrowser=1");
+  Assert.equal(exampleCom_appBrowser.origin, "https://www.example.com:123^appId=42&inBrowser=1");
+
   // First party Uri
   var exampleOrg_firstPartyDomain = ssm.createCodebasePrincipal(makeURI("http://example.org"), {firstPartyDomain: "example.org"});
   checkOriginAttributes(exampleOrg_firstPartyDomain, { firstPartyDomain: "example.org" }, "^firstPartyDomain=example.org");
   Assert.equal(exampleOrg_firstPartyDomain.origin, "http://example.org^firstPartyDomain=example.org");
 
+  // Make sure we don't crash when serializing principals with UNKNOWN_APP_ID.
+  try {
+    let binaryStream = Cc["@mozilla.org/binaryoutputstream;1"].
+                       createInstance(Ci.nsIObjectOutputStream);
+    let pipe = Cc["@mozilla.org/pipe;1"].createInstance(Ci.nsIPipe);
+    pipe.init(false, false, 0, 0xffffffff, null);
+    binaryStream.setOutputStream(pipe.outputStream);
+    binaryStream.writeCompoundObject(simplePrin, Ci.nsISupports, true); // eslint-disable-line no-undef
+    binaryStream.close();
+  } catch (e) {
+    Assert.ok(true);
+  }
+
+
   // Just userContext.
   var exampleOrg_userContext = ssm.createCodebasePrincipal(makeURI("http://example.org"), {userContextId: 42});
   checkOriginAttributes(exampleOrg_userContext, { userContextId: 42 }, "^userContextId=42");
   Assert.equal(exampleOrg_userContext.origin, "http://example.org^userContextId=42");
 
+  // UserContext and App.
+  var exampleOrg_userContextApp = ssm.createCodebasePrincipal(makeURI("http://example.org"), {appId: 24, userContextId: 42});
+  var nullPrin_userContextApp = ssm.createNullPrincipal({appId: 24, userContextId: 42});
+  checkOriginAttributes(exampleOrg_userContextApp, {appId: 24, userContextId: 42}, "^appId=24&userContextId=42");
+  checkOriginAttributes(nullPrin_userContextApp, {appId: 24, userContextId: 42}, "^appId=24&userContextId=42");
+  Assert.equal(exampleOrg_userContextApp.origin, "http://example.org^appId=24&userContextId=42");
+
   checkSandboxOriginAttributes(null, {});
   checkSandboxOriginAttributes("http://example.org", {});
   checkSandboxOriginAttributes("http://example.org", {}, {originAttributes: {}});
+  checkSandboxOriginAttributes("http://example.org", {appId: 42}, {originAttributes: {appId: 42}});
   checkSandboxOriginAttributes(["http://example.org"], {});
   checkSandboxOriginAttributes(["http://example.org"], {}, {originAttributes: {}});
+  checkSandboxOriginAttributes(["http://example.org"], {appId: 42}, {originAttributes: {appId: 42}});
 
   // Check that all of the above are cross-origin.
+  checkCrossOrigin(exampleOrg_app, exampleOrg);
+  checkCrossOrigin(exampleOrg_app, nullPrin_app);
+  checkCrossOrigin(exampleOrg_browser, exampleOrg_app);
   checkCrossOrigin(exampleOrg_browser, nullPrin_browser);
+  checkCrossOrigin(exampleOrg_appBrowser, exampleOrg_app);
+  checkCrossOrigin(exampleOrg_appBrowser, nullPrin_appBrowser);
+  checkCrossOrigin(exampleOrg_appBrowser, exampleCom_appBrowser);
   checkCrossOrigin(exampleOrg_firstPartyDomain, exampleOrg);
   checkCrossOrigin(exampleOrg_userContext, exampleOrg);
+  checkCrossOrigin(exampleOrg_userContext, exampleOrg_userContextApp);
 
   // Check Principal kinds.
   function checkKind(prin, kind) {
@@ -143,9 +195,12 @@ function run_test() {
   var uri = "http://example.org";
   var tests = [
     [ "", {} ],
+    [ "^appId=5", {appId: 5} ],
     [ "^userContextId=3", {userContextId: 3} ],
     [ "^inBrowser=1", {inIsolatedMozBrowser: true} ],
-    [ "^firstPartyDomain=example.org", {firstPartyDomain: "example.org"} ] ];
+    [ "^firstPartyDomain=example.org", {firstPartyDomain: "example.org"} ],
+    [ "^appId=3&inBrowser=1&userContextId=6",
+      {appId: 3, userContextId: 6, inIsolatedMozBrowser: true} ] ];
 
   // check that we can create an origin attributes from an origin properly
   tests.forEach(t => {
@@ -161,6 +216,30 @@ function run_test() {
     Assert.equal(ChromeUtils.originAttributesToSuffix(attrs), t[0]);
   });
 
+  // each row in the set_tests array has these values:
+  // [0] - the suffix used to create an origin attribute from
+  // [1] - the expected result of creating an origin attribute from [0]
+  // [2] - the pattern to set on the origin attributes
+  // [3] - the expected result of setting [2] values on [1]
+  // [4] - the expected result of creating a suffix from [3]
+  var set_tests = [
+    [ "", {}, {appId: 5}, {appId: 5}, "^appId=5" ],
+    [ "^appId=5", {appId: 5}, {appId: 3}, {appId: 3}, "^appId=3" ],
+    [ "^appId=5", {appId: 5}, {userContextId: 3}, {appId: 5, userContextId: 3}, "^appId=5&userContextId=3" ],
+    [ "^appId=5", {appId: 5}, {appId: 3, userContextId: 7}, {appId: 3, userContextId: 7}, "^appId=3&userContextId=7" ] ];
+
+  // check that we can set origin attributes values properly
+  set_tests.forEach(t => {
+    let orig = ChromeUtils.createOriginAttributesFromOrigin(uri + t[0]);
+    checkValues(orig, t[1]);
+    let mod = orig;
+    for (var key in t[2]) {
+      mod[key] = t[2][key];
+    }
+    checkValues(mod, t[3]);
+    Assert.equal(ChromeUtils.originAttributesToSuffix(mod), t[4]);
+  });
+
   // each row in the dflt_tests array has these values:
   // [0] - the suffix used to create an origin attribute from
   // [1] - the expected result of creating an origin attributes from [0]
@@ -168,7 +247,9 @@ function run_test() {
   // [3] - the expected result of creating a suffix from [2]
   var dflt_tests = [
     [ "", {}, {}, "" ],
-    [ "^userContextId=3", {userContextId: 3}, {}, "" ] ];
+    [ "^userContextId=3", {userContextId: 3}, {}, "" ],
+    [ "^appId=5", {appId: 5}, {appId: 5}, "^appId=5" ],
+    [ "^appId=5&userContextId=3", {appId: 5, userContextId: 3}, {appId: 5}, "^appId=5" ] ];
 
   // check that we can set the userContextId to default properly
   dflt_tests.forEach(t => {
@@ -187,7 +268,9 @@ function run_test() {
   // [3] - the expected result of creating a suffix from [2]
   var dflt2_tests = [
     [ "", {}, {}, "" ],
-    [ "^firstPartyDomain=foo.com", {firstPartyDomain: "foo.com"}, {}, "" ] ];
+    [ "^firstPartyDomain=foo.com", {firstPartyDomain: "foo.com"}, {}, "" ],
+    [ "^appId=5", {appId: 5}, {appId: 5}, "^appId=5" ],
+    [ "^appId=5&firstPartyDomain=foo.com", {appId: 5, firstPartyDomain: "foo.com"}, {appId: 5}, "^appId=5" ] ];
 
   // check that we can set the userContextId to default properly
   dflt2_tests.forEach(t => {
diff --git a/docshell/base/LoadContext.h b/docshell/base/LoadContext.h
index c19624ba458cd..6095eefd63410 100644
--- a/docshell/base/LoadContext.h
+++ b/docshell/base/LoadContext.h
@@ -33,7 +33,7 @@ class LoadContext final : public nsILoadContext, public nsIInterfaceRequestor {
   NS_DECL_NSILOADCONTEXT
   NS_DECL_NSIINTERFACEREQUESTOR
 
-  // inIsolatedMozBrowser argumentsoverrides that in
+  // appId/inIsolatedMozBrowser arguments override those in
   // SerializedLoadContext provided by child process.
   LoadContext(const IPC::SerializedLoadContext& aToCopy,
               dom::Element* aTopFrameElement, OriginAttributes& aAttrs)
@@ -49,7 +49,7 @@ class LoadContext final : public nsILoadContext, public nsIInterfaceRequestor {
         mOriginAttributes(aAttrs) {
   }
 
-  // inIsolatedMozBrowser argument overrides that in
+  // appId/inIsolatedMozBrowser arguments override those in
   // SerializedLoadContext provided by child process.
   LoadContext(const IPC::SerializedLoadContext& aToCopy,
               uint64_t aNestedFrameId, OriginAttributes& aAttrs)
@@ -97,7 +97,8 @@ class LoadContext final : public nsILoadContext, public nsIInterfaceRequestor {
         mOriginAttributes(aAttrs) {
   }
 
-  // Constructor for creating a LoadContext with a given browser flag.
+  // Constructor for creating a LoadContext with a given principal's appId and
+  // browser flag.
   explicit LoadContext(nsIPrincipal* aPrincipal,
                        nsILoadContext* aOptionalBase = nullptr);
 
diff --git a/docshell/base/nsDocShell.h b/docshell/base/nsDocShell.h
index cd073b2762b4b..be40c31b89e12 100644
--- a/docshell/base/nsDocShell.h
+++ b/docshell/base/nsDocShell.h
@@ -232,7 +232,7 @@ class nsDocShell final : public nsDocLoader,
   NS_IMETHOD OnLeaveLink() override;
 
   // Don't use NS_DECL_NSILOADCONTEXT because some of nsILoadContext's methods
-  // are shared with nsIDocShell and can't be declared twice.
+  // are shared with nsIDocShell (appID, etc.) and can't be declared twice.
   NS_IMETHOD GetAssociatedWindow(mozIDOMWindowProxy**) override;
   NS_IMETHOD GetTopWindow(mozIDOMWindowProxy**) override;
   NS_IMETHOD GetTopFrameElement(mozilla::dom::Element**) override;
diff --git a/dom/base/ChromeUtils.h b/dom/base/ChromeUtils.h
index bc6a2c1c9b983..4efe62c446c78 100644
--- a/dom/base/ChromeUtils.h
+++ b/dom/base/ChromeUtils.h
@@ -100,7 +100,8 @@ class ChromeUtils {
   static bool IsOriginAttributesEqualIgnoringFPD(
       const dom::OriginAttributesDictionary& aA,
       const dom::OriginAttributesDictionary& aB) {
-    return aA.mInIsolatedMozBrowser == aB.mInIsolatedMozBrowser &&
+    return aA.mAppId == aB.mAppId &&
+           aA.mInIsolatedMozBrowser == aB.mInIsolatedMozBrowser &&
            aA.mUserContextId == aB.mUserContextId &&
            aA.mPrivateBrowsingId == aB.mPrivateBrowsingId;
   }
diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp
index 6f76c2979d5e9..21fbbd07bd987 100644
--- a/dom/base/Document.cpp
+++ b/dom/base/Document.cpp
@@ -2590,6 +2590,10 @@ nsresult Document::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
              uri ? uri->GetSpecOrDefault().get() : ""));
   }
 
+  MOZ_ASSERT(
+      NodePrincipal()->GetAppId() != nsIScriptSecurityManager::UNKNOWN_APP_ID,
+      "Document should never have UNKNOWN_APP_ID");
+
   MOZ_ASSERT(GetReadyStateEnum() == Document::READYSTATE_UNINITIALIZED,
              "Bad readyState");
   SetReadyStateInternal(READYSTATE_LOADING);
diff --git a/dom/base/PostMessageEvent.cpp b/dom/base/PostMessageEvent.cpp
index c01507153cb06..47d651f5c31ae 100644
--- a/dom/base/PostMessageEvent.cpp
+++ b/dom/base/PostMessageEvent.cpp
@@ -98,6 +98,9 @@ PostMessageEvent::Run() {
       OriginAttributes sourceAttrs = mProvidedPrincipal->OriginAttributesRef();
       OriginAttributes targetAttrs = targetPrin->OriginAttributesRef();
 
+      MOZ_DIAGNOSTIC_ASSERT(
+          sourceAttrs.mAppId == targetAttrs.mAppId,
+          "Target and source should have the same mAppId attribute.");
       MOZ_DIAGNOSTIC_ASSERT(
           sourceAttrs.mUserContextId == targetAttrs.mUserContextId,
           "Target and source should have the same userContextId attribute.");
diff --git a/dom/base/nsFrameLoader.cpp b/dom/base/nsFrameLoader.cpp
index 840caca8e6970..80471ab6f0e1e 100644
--- a/dom/base/nsFrameLoader.cpp
+++ b/dom/base/nsFrameLoader.cpp
@@ -2218,6 +2218,8 @@ nsresult nsFrameLoader::MaybeCreateDocShell() {
 
     // So far we want to make sure Inherit doesn't override any other origin
     // attribute than firstPartyDomain.
+    MOZ_ASSERT(attrs.mAppId == oa.mAppId,
+               "docshell and document should have the same appId attribute.");
     MOZ_ASSERT(
         attrs.mUserContextId == oa.mUserContextId,
         "docshell and document should have the same userContextId attribute.");
@@ -2232,6 +2234,7 @@ nsresult nsFrameLoader::MaybeCreateDocShell() {
   }
 
   if (OwnerIsMozBrowserFrame()) {
+    attrs.mAppId = nsIScriptSecurityManager::NO_APP_ID;
     attrs.mInIsolatedMozBrowser = OwnerIsIsolatedMozBrowserFrame();
     docShell->SetFrameType(nsIDocShell::FRAME_TYPE_BROWSER);
   } else {
@@ -3376,6 +3379,8 @@ nsresult nsFrameLoader::GetNewTabContext(MutableTabContext* aTabContext,
   attrs.mInIsolatedMozBrowser = OwnerIsIsolatedMozBrowserFrame();
   nsresult rv;
 
+  attrs.mAppId = nsIScriptSecurityManager::NO_APP_ID;
+
   // set the userContextId on the attrs before we pass them into
   // the tab context
   rv = PopulateUserContextIdFromAttribute(attrs);
diff --git a/dom/base/test/test_messagemanager_principal.html b/dom/base/test/test_messagemanager_principal.html
index 0915485d27151..d7376466bb6f8 100644
--- a/dom/base/test/test_messagemanager_principal.html
+++ b/dom/base/test/test_messagemanager_principal.html
@@ -24,6 +24,9 @@
       addMessageListener("test:ipcMessage", function(message) {
         sendAsyncMessage(message.name, "principal: " + (message.principal ? "OK" : "KO"));
 
+        sendAsyncMessage(message.name, "principal.appId: " +
+                         ("appId" in message.principal ? "OK" : "KO"));
+
         sendAsyncMessage(message.name, "principal.origin: " +
                          ("origin" in message.principal ? "OK" : "KO"));
 
diff --git a/dom/base/test/test_messagemanager_send_principal.html b/dom/base/test/test_messagemanager_send_principal.html
index 8e139357b9d7a..6aad8173954cd 100644
--- a/dom/base/test/test_messagemanager_send_principal.html
+++ b/dom/base/test/test_messagemanager_send_principal.html
@@ -26,6 +26,9 @@
         sendAsyncMessage("test:result", "is nsIPrincipal: " +
                          (message.data instanceof Ci.nsIPrincipal ? "OK" : "KO"));
 
+        sendAsyncMessage("test:result", "principal.appId: " +
+                         ("appId" in message.data ? "OK" : "KO"));
+
         sendAsyncMessage("test:result", "principal.origin: " +
                          ("origin" in message.data ? "OK" : "KO"));
 
diff --git a/dom/base/test/test_messagemanager_targetchain.html b/dom/base/test/test_messagemanager_targetchain.html
index f7e056b7d728c..15e5daf94b384 100644
--- a/dom/base/test/test_messagemanager_targetchain.html
+++ b/dom/base/test/test_messagemanager_targetchain.html
@@ -102,9 +102,12 @@
       var principal = SpecialPowers.wrap(document).nodePrincipal;
       SpecialPowers.pushPermissions([
         { type: "browser", allow: 1, context: { url: principal.URI.spec,
-                                                originAttributes: {}}},
+                                                originAttributes: {
+                                                  appId: principal.appId
+                                                }}},
         { type: "browser", allow: 1, context: { url: principal.URI.spec,
                                                 originAttributes: {
+                                                  appId: principal.appId,
                                                   inIsolatedMozBrowser: true }}}
       ], () => {
         SpecialPowers.pushPrefEnv({
diff --git a/dom/browser-element/mochitest/browserElement_Auth.js b/dom/browser-element/mochitest/browserElement_Auth.js
index b1b065d63cb84..8ffaf71f622bc 100644
--- a/dom/browser-element/mochitest/browserElement_Auth.js
+++ b/dom/browser-element/mochitest/browserElement_Auth.js
@@ -159,12 +159,12 @@ function testAuthJarNoInterfere(e) {
 
   // Set a bunch of auth data that should not conflict with the correct auth data already
   // stored in the cache.
-  var attrs = {userContextId: 1};
+  var attrs = {appId: 1};
   var principal = secMan.createCodebasePrincipal(uri, attrs);
   authMgr.setAuthIdentity("http", "test", -1, "basic", "http_realm",
                           "tests/dom/browser-element/mochitest/file_http_401_response.sjs",
                           "", "httpuser", "wrongpass", false, principal);
-  attrs = {userContextId: 1, inIsolatedMozBrowser: true};
+  attrs = {appId: 1, inIsolatedMozBrowser: true};
   principal = secMan.createCodebasePrincipal(uri, attrs);
   authMgr.setAuthIdentity("http", "test", -1, "basic", "http_realm",
                           "tests/dom/browser-element/mochitest/file_http_401_response.sjs",
diff --git a/dom/browser-element/mochitest/browserElement_CopyPaste.js b/dom/browser-element/mochitest/browserElement_CopyPaste.js
index 1d17ed954e22a..3d6e0570596f5 100644
--- a/dom/browser-element/mochitest/browserElement_CopyPaste.js
+++ b/dom/browser-element/mochitest/browserElement_CopyPaste.js
@@ -328,6 +328,7 @@ function testCut2(e) {
 var principal = SpecialPowers.wrap(document).nodePrincipal;
 var context = { url: SpecialPowers.wrap(principal.URI).spec,
                 originAttributes: {
+                  appId: principal.appId,
                   inIsolatedMozBrowser: true }};
 
 addEventListener("testready", function() {
diff --git a/dom/chrome-webidl/ChromeUtils.webidl b/dom/chrome-webidl/ChromeUtils.webidl
index c3a467c8069ce..3c9b6dcb6913c 100644
--- a/dom/chrome-webidl/ChromeUtils.webidl
+++ b/dom/chrome-webidl/ChromeUtils.webidl
@@ -520,12 +520,14 @@ dictionary IOActivityDataDictionary {
  * (3) Update the methods on mozilla::OriginAttributesPattern, including matching.
  */
 dictionary OriginAttributesDictionary {
+  unsigned long appId = 0;
   unsigned long userContextId = 0;
   boolean inIsolatedMozBrowser = false;
   unsigned long privateBrowsingId = 0;
   DOMString firstPartyDomain = "";
 };
 dictionary OriginAttributesPatternDictionary {
+  unsigned long appId;
   unsigned long userContextId;
   boolean inIsolatedMozBrowser;
   unsigned long privateBrowsingId;
diff --git a/dom/ipc/BrowserBridgeParent.cpp b/dom/ipc/BrowserBridgeParent.cpp
index c356a3e04d178..58926ab1c786e 100644
--- a/dom/ipc/BrowserBridgeParent.cpp
+++ b/dom/ipc/BrowserBridgeParent.cpp
@@ -31,6 +31,7 @@ nsresult BrowserBridgeParent::Init(const nsString& aPresentationURL,
   // from our Manager().
   OriginAttributes attrs;
   attrs.mInIsolatedMozBrowser = false;
+  attrs.mAppId = nsIScriptSecurityManager::NO_APP_ID;
   attrs.SyncAttributesWithPrivateBrowsing(false);
   MutableTabContext tabContext;
   tabContext.SetTabContext(false, 0, UIStateChangeType_Set,
diff --git a/dom/ipc/PTabContext.ipdlh b/dom/ipc/PTabContext.ipdlh
index 97e926f1c4b82..d32b18221de51 100644
--- a/dom/ipc/PTabContext.ipdlh
+++ b/dom/ipc/PTabContext.ipdlh
@@ -20,7 +20,11 @@ namespace dom {
 //
 // If isMozBrowserElement is false, this PopupIPCTabContext is either a
 // <xul:browser> or an app frame.  The frame's app-id and app-frame-owner-app-id
-// will be equal to the opener's values.
+// will be equal to the opener's values.  For a <xul:browser>, those app IDs
+// will be NO_APP_ID.
+//
+// If isMozBrowserElement is true, the frame's browserFrameOwnerAppId will be
+// equal to the opener's app-id.
 //
 // It's an error to set isMozBrowserElement == false if opener is a mozbrowser
 // element.  Such a PopupIPCTabContext should be rejected by code which receives
diff --git a/dom/ipc/TabContext.cpp b/dom/ipc/TabContext.cpp
index ced3e37caf772..91350919df3dd 100644
--- a/dom/ipc/TabContext.cpp
+++ b/dom/ipc/TabContext.cpp
@@ -12,6 +12,8 @@
 #include "nsIScriptSecurityManager.h"
 #include "nsServiceManagerUtils.h"
 
+#define NO_APP_ID (nsIScriptSecurityManager::NO_APP_ID)
+
 using namespace mozilla::dom::ipc;
 using namespace mozilla::layout;
 
@@ -93,6 +95,9 @@ bool TabContext::SetTabContext(bool aIsMozBrowserElement,
                                const nsAString& aPresentationURL) {
   NS_ENSURE_FALSE(mInitialized, false);
 
+  // Veryify that app id matches mAppId passed in originAttributes
+  MOZ_RELEASE_ASSERT(aOriginAttributes.mAppId == NO_APP_ID);
+
   mInitialized = true;
   mIsMozBrowserElement = aIsMozBrowserElement;
   mChromeOuterWindowID = aChromeOuterWindowID;
diff --git a/dom/presentation/tests/mochitest/test_presentation_mixed_security_contexts.html b/dom/presentation/tests/mochitest/test_presentation_mixed_security_contexts.html
index 4ad4aa99ad1cb..bd04f9a966d10 100644
--- a/dom/presentation/tests/mochitest/test_presentation_mixed_security_contexts.html
+++ b/dom/presentation/tests/mochitest/test_presentation_mixed_security_contexts.html
@@ -23,6 +23,7 @@
   SpecialPowers.addPermission("presentation",
                               true, { url: "https://example.com/tests/dom/presentation/tests/mochitest/file_presentation_mixed_security_contexts.html",
                                       originAttributes: {
+                                        appId: SpecialPowers.Ci.nsIScriptSecurityManager.NO_APP_ID,
                                         inIsolatedMozBrowser: false }});
 
   return new Promise(function(aResolve, aReject) {
diff --git a/dom/push/test/xpcshell/test_clear_origin_data.js b/dom/push/test/xpcshell/test_clear_origin_data.js
index d7a30b59f18fc..2f31eed10821f 100644
--- a/dom/push/test/xpcshell/test_clear_origin_data.js
+++ b/dom/push/test/xpcshell/test_clear_origin_data.js
@@ -50,12 +50,32 @@ add_task(async function test_webapps_cleardata() {
 
   let testRecords = [{
     scope: "https://example.org/1",
-    originAttributes: {},
-    clearIf: { inIsolatedMozBrowser: false },
+    originAttributes: { appId: 1 },
+    clearIf: { appId: 1, inIsolatedMozBrowser: false },
   }, {
     scope: "https://example.org/1",
-    originAttributes: { inIsolatedMozBrowser: true },
-    clearIf: {},
+    originAttributes: { appId: 1, inIsolatedMozBrowser: true },
+    clearIf: { appId: 1 },
+  }, {
+    scope: "https://example.org/1",
+    originAttributes: { appId: 2, inIsolatedMozBrowser: true },
+    clearIf: { appId: 2, inIsolatedMozBrowser: true },
+  }, {
+    scope: "https://example.org/2",
+    originAttributes: { appId: 1 },
+    clearIf: { appId: 1, inIsolatedMozBrowser: false },
+  }, {
+    scope: "https://example.org/2",
+    originAttributes: { appId: 2, inIsolatedMozBrowser: true },
+    clearIf: { appId: 2, inIsolatedMozBrowser: true },
+  }, {
+    scope: "https://example.org/3",
+    originAttributes: { appId: 3, inIsolatedMozBrowser: true },
+    clearIf: { inIsolatedMozBrowser: true },
+  }, {
+    scope: "https://example.org/3",
+    originAttributes: { appId: 4, inIsolatedMozBrowser: true },
+    clearIf: { inIsolatedMozBrowser: true },
   }];
 
   let unregisterDone;
@@ -102,11 +122,19 @@ add_task(async function test_webapps_cleardata() {
     })
   ));
 
-  // Removes all the records, Excluding where `inIsolatedMozBrowser` is true.
-  await clearForPattern(testRecords, { inIsolatedMozBrowser: false });
+  // Removes records for all scopes with the same app ID. Excludes records
+  // where `inIsolatedMozBrowser` is true.
+  await clearForPattern(testRecords, { appId: 1, inIsolatedMozBrowser: false });
+
+  // Removes the remaining record for app ID 1, where `inIsolatedMozBrowser` is true.
+  await clearForPattern(testRecords, { appId: 1 });
+
+  // Removes all records for all scopes with the same app ID, where
+  // `inIsolatedMozBrowser` is true.
+  await clearForPattern(testRecords, { appId: 2, inIsolatedMozBrowser: true });
 
-  // Removes the all the remaining records where `inIsolatedMozBrowser` is true.
-  await clearForPattern(testRecords, {});
+  // Removes all records where `inIsolatedMozBrowser` is true.
+  await clearForPattern(testRecords, { inIsolatedMozBrowser: true });
 
   equal(testRecords.length, 0, "Should remove all test records");
   await unregisterPromise;
diff --git a/dom/push/test/xpcshell/test_notification_http2.js b/dom/push/test/xpcshell/test_notification_http2.js
index e9e65e5bb9687..36cc6b4cbcfac 100644
--- a/dom/push/test/xpcshell/test_notification_http2.js
+++ b/dom/push/test/xpcshell/test_notification_http2.js
@@ -60,7 +60,7 @@ add_task(async function test_pushNotifications() {
       y: "26jk0IFbqcK6-JxhHAm-rsHEwy0CyVJjtnfOcqc1tgA",
     },
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     quota: Infinity,
     systemRecord: true,
   }, {
@@ -79,7 +79,7 @@ add_task(async function test_pushNotifications() {
       y: "5TZ1rK8Ldih6ljyxVwnBA-nygQHGRpEmu1jV5K8437E",
     },
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     quota: Infinity,
     systemRecord: true,
   }, {
@@ -98,7 +98,7 @@ add_task(async function test_pushNotifications() {
       y: "Ja6n3YH8TOcH8narDF6t8mKVvg2ioLW-8MH5O4dzGcI",
     },
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     quota: Infinity,
     systemRecord: true,
   }, {
@@ -122,7 +122,7 @@ add_task(async function test_pushNotifications() {
       padding: "reject",
     }),
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     quota: Infinity,
     systemRecord: true,
   }];
diff --git a/dom/push/test/xpcshell/test_reconnect_retry.js b/dom/push/test/xpcshell/test_reconnect_retry.js
index 74ab61c61361b..6747dc38da892 100644
--- a/dom/push/test/xpcshell/test_reconnect_retry.js
+++ b/dom/push/test/xpcshell/test_reconnect_retry.js
@@ -57,7 +57,7 @@ add_task(async function test_reconnect_retry() {
   let registration = await PushService.register({
     scope: "https://example.com/page/1",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
   });
   let retryEndpoint = "https://example.org/push/" + channelID;
   equal(registration.endpoint, retryEndpoint, "Wrong endpoint for retried request");
@@ -65,7 +65,7 @@ add_task(async function test_reconnect_retry() {
   registration = await PushService.register({
     scope: "https://example.com/page/2",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
   });
   notEqual(registration.endpoint, retryEndpoint, "Wrong endpoint for new request");
 
diff --git a/dom/push/test/xpcshell/test_register_5xxCode_http2.js b/dom/push/test/xpcshell/test_register_5xxCode_http2.js
index 78a51642521fb..4c72e741ae76f 100644
--- a/dom/push/test/xpcshell/test_register_5xxCode_http2.js
+++ b/dom/push/test/xpcshell/test_register_5xxCode_http2.js
@@ -78,6 +78,7 @@ add_task(async function test1() {
   });
 
   let originAttributes = ChromeUtils.originAttributesToSuffix({
+    appId: Ci.nsIScriptSecurityManager.NO_APP_ID,
     inIsolatedMozBrowser: false,
   });
   let newRecord = await PushService.register({
diff --git a/dom/push/test/xpcshell/test_register_case.js b/dom/push/test/xpcshell/test_register_case.js
index e5b5e620b8e30..10765bae7f02f 100644
--- a/dom/push/test/xpcshell/test_register_case.js
+++ b/dom/push/test/xpcshell/test_register_case.js
@@ -45,7 +45,7 @@ add_task(async function test_register_case() {
   let newRecord = await PushService.register({
     scope: "https://example.net/case",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
   });
   equal(newRecord.endpoint, "https://example.com/update/case",
     "Wrong push endpoint in registration record");
diff --git a/dom/push/test/xpcshell/test_register_error_http2.js b/dom/push/test/xpcshell/test_register_error_http2.js
index d59c0acdf32bc..9651cefa5160e 100644
--- a/dom/push/test/xpcshell/test_register_error_http2.js
+++ b/dom/push/test/xpcshell/test_register_error_http2.js
@@ -35,7 +35,7 @@ add_task(async function test_pushSubscriptionNoConnection() {
     PushService.register({
       scope: "https://example.net/page/invalid-response",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Registration error/,
     "Expected error for not being able to establish connecion."
@@ -71,7 +71,7 @@ add_task(async function test_pushSubscriptionMissingLocation() {
     PushService.register({
       scope: "https://example.net/page/invalid-response",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Registration error/,
     "Expected error for the missing location header."
@@ -97,7 +97,7 @@ add_task(async function test_pushSubscriptionMissingLink() {
     PushService.register({
       scope: "https://example.net/page/invalid-response",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Registration error/,
     "Expected error for the missing link header."
@@ -123,7 +123,7 @@ add_task(async function test_pushSubscriptionMissingLink1() {
     PushService.register({
       scope: "https://example.net/page/invalid-response",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Registration error/,
     "Expected error for the missing push endpoint."
@@ -149,7 +149,7 @@ add_task(async function test_pushSubscriptionLocationBogus() {
     PushService.register({
       scope: "https://example.net/page/invalid-response",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Registration error/,
     "Expected error for the bogus location"
@@ -175,7 +175,7 @@ add_task(async function test_pushSubscriptionNot2xxCode() {
     PushService.register({
       scope: "https://example.net/page/invalid-response",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Registration error/,
     "Expected error for not 201 responce code."
diff --git a/dom/push/test/xpcshell/test_register_invalid_channel.js b/dom/push/test/xpcshell/test_register_invalid_channel.js
index cda792f8b4a9a..897039ce40812 100644
--- a/dom/push/test/xpcshell/test_register_invalid_channel.js
+++ b/dom/push/test/xpcshell/test_register_invalid_channel.js
@@ -47,7 +47,7 @@ add_task(async function test_register_invalid_channel() {
     PushService.register({
       scope: "https://example.com/invalid-channel",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Registration error/,
     "Expected error for invalid channel ID"
diff --git a/dom/push/test/xpcshell/test_register_invalid_endpoint.js b/dom/push/test/xpcshell/test_register_invalid_endpoint.js
index 74e85d4f399bb..a3f9fc60f09fe 100644
--- a/dom/push/test/xpcshell/test_register_invalid_endpoint.js
+++ b/dom/push/test/xpcshell/test_register_invalid_endpoint.js
@@ -48,7 +48,7 @@ add_task(async function test_register_invalid_endpoint() {
     PushService.register({
       scope: "https://example.net/page/invalid-endpoint",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Registration error/,
     "Expected error for invalid endpoint"
diff --git a/dom/push/test/xpcshell/test_register_invalid_json.js b/dom/push/test/xpcshell/test_register_invalid_json.js
index 2be258f56882e..62990ca8f8609 100644
--- a/dom/push/test/xpcshell/test_register_invalid_json.js
+++ b/dom/push/test/xpcshell/test_register_invalid_json.js
@@ -48,7 +48,7 @@ add_task(async function test_register_invalid_json() {
     PushService.register({
       scope: "https://example.net/page/invalid-json",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Registration error/,
     "Expected error for invalid JSON response"
diff --git a/dom/push/test/xpcshell/test_register_no_id.js b/dom/push/test/xpcshell/test_register_no_id.js
index cfaa9f36cf3e1..1b2dc77d44d86 100644
--- a/dom/push/test/xpcshell/test_register_no_id.js
+++ b/dom/push/test/xpcshell/test_register_no_id.js
@@ -52,7 +52,7 @@ add_task(async function test_register_no_id() {
     PushService.register({
       scope: "https://example.com/incomplete",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Registration error/,
     "Expected error for incomplete register response"
diff --git a/dom/push/test/xpcshell/test_register_request_queue.js b/dom/push/test/xpcshell/test_register_request_queue.js
index 5fa34e1f25193..2e563a1ee3fd5 100644
--- a/dom/push/test/xpcshell/test_register_request_queue.js
+++ b/dom/push/test/xpcshell/test_register_request_queue.js
@@ -44,12 +44,12 @@ add_task(async function test_register_request_queue() {
   let firstRegister = PushService.register({
     scope: "https://example.com/page/1",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
   });
   let secondRegister = PushService.register({
     scope: "https://example.com/page/1",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
   });
 
   await Promise.all([
diff --git a/dom/push/test/xpcshell/test_register_rollback.js b/dom/push/test/xpcshell/test_register_rollback.js
index 6058de89bae5c..6f9340778aa86 100644
--- a/dom/push/test/xpcshell/test_register_rollback.js
+++ b/dom/push/test/xpcshell/test_register_rollback.js
@@ -75,7 +75,7 @@ add_task(async function test_register_rollback() {
     PushService.register({
       scope: "https://example.com/storage-error",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /universe has imploded/,
     "Expected error for unregister database failure"
diff --git a/dom/push/test/xpcshell/test_register_success.js b/dom/push/test/xpcshell/test_register_success.js
index 86910dea67e59..419d14d0e0bb3 100644
--- a/dom/push/test/xpcshell/test_register_success.js
+++ b/dom/push/test/xpcshell/test_register_success.js
@@ -58,7 +58,7 @@ add_task(async function test_register_success() {
   let newRecord = await PushService.register({
     scope: "https://example.org/1",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
   });
   equal(newRecord.endpoint, "https://example.com/update/1",
     "Wrong push endpoint in registration record");
diff --git a/dom/push/test/xpcshell/test_register_success_http2.js b/dom/push/test/xpcshell/test_register_success_http2.js
index d24d18ee83ac0..32d9896c39e58 100644
--- a/dom/push/test/xpcshell/test_register_success_http2.js
+++ b/dom/push/test/xpcshell/test_register_success_http2.js
@@ -49,7 +49,7 @@ add_task(async function test_pushSubscriptionSuccess() {
   let newRecord = await PushService.register({
     scope: "https://example.org/1",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
   });
 
   var subscriptionUri = serverURL + "/pushSubscriptionSuccesss";
@@ -83,7 +83,7 @@ add_task(async function test_pushSubscriptionMissingLink2() {
   let newRecord = await PushService.register({
     scope: "https://example.org/no_receiptEndpoint",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
   });
 
   var subscriptionUri = serverURL + "/subscriptionMissingLink2";
diff --git a/dom/push/test/xpcshell/test_register_timeout.js b/dom/push/test/xpcshell/test_register_timeout.js
index decd87321818b..652d102008e98 100644
--- a/dom/push/test/xpcshell/test_register_timeout.js
+++ b/dom/push/test/xpcshell/test_register_timeout.js
@@ -75,7 +75,7 @@ add_task(async function test_register_timeout() {
     PushService.register({
       scope: "https://example.net/page/timeout",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Registration error/,
     "Expected error for request timeout"
diff --git a/dom/push/test/xpcshell/test_register_wrong_id.js b/dom/push/test/xpcshell/test_register_wrong_id.js
index 52ed25fd2dbf0..dab0b8f30946c 100644
--- a/dom/push/test/xpcshell/test_register_wrong_id.js
+++ b/dom/push/test/xpcshell/test_register_wrong_id.js
@@ -58,7 +58,7 @@ add_task(async function test_register_wrong_id() {
     PushService.register({
       scope: "https://example.com/mismatched",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Registration error/,
     "Expected error for mismatched register reply"
diff --git a/dom/push/test/xpcshell/test_register_wrong_type.js b/dom/push/test/xpcshell/test_register_wrong_type.js
index eb5ad300c9dd1..0174dc59c7a86 100644
--- a/dom/push/test/xpcshell/test_register_wrong_type.js
+++ b/dom/push/test/xpcshell/test_register_wrong_type.js
@@ -52,7 +52,7 @@ add_task(async function test_register_wrong_type() {
     PushService.register({
       scope: "https://example.com/mistyped",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Registration error/,
     "Expected error for non-string channel ID"
diff --git a/dom/push/test/xpcshell/test_registration_error.js b/dom/push/test/xpcshell/test_registration_error.js
index fcecca67b413e..fe5f7068b36c8 100644
--- a/dom/push/test/xpcshell/test_registration_error.js
+++ b/dom/push/test/xpcshell/test_registration_error.js
@@ -33,7 +33,7 @@ add_task(async function test_registrations_error() {
     PushService.registration({
       scope: "https://example.net/1",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     function(error) {
       return error == "Database error";
diff --git a/dom/push/test/xpcshell/test_registration_error_http2.js b/dom/push/test/xpcshell/test_registration_error_http2.js
index 7ef49fd7282e3..34a201f7572a2 100644
--- a/dom/push/test/xpcshell/test_registration_error_http2.js
+++ b/dom/push/test/xpcshell/test_registration_error_http2.js
@@ -27,7 +27,7 @@ add_task(async function test_registrations_error() {
     PushService.registration({
       scope: "https://example.net/1",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     function(error) {
       return error == "Database error";
diff --git a/dom/push/test/xpcshell/test_registration_none.js b/dom/push/test/xpcshell/test_registration_none.js
index b1c294230c290..f60cd937ba785 100644
--- a/dom/push/test/xpcshell/test_registration_none.js
+++ b/dom/push/test/xpcshell/test_registration_none.js
@@ -25,7 +25,7 @@ add_task(async function test_registration_none() {
   let registration = await PushService.registration({
     scope: "https://example.net/1",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
   });
   ok(!registration, "Should not open a connection without registration");
 });
diff --git a/dom/push/test/xpcshell/test_registration_success.js b/dom/push/test/xpcshell/test_registration_success.js
index b3e1f8537b050..a179d256ed39a 100644
--- a/dom/push/test/xpcshell/test_registration_success.js
+++ b/dom/push/test/xpcshell/test_registration_success.js
@@ -23,6 +23,22 @@ add_task(async function test_registration_success() {
     originAttributes: "",
     version: 5,
     quota: Infinity,
+  }, {
+    channelID: "f6edfbcd-79d6-49b8-9766-48b9dcfeff0f",
+    pushEndpoint: "https://example.com/update/same-manifest/2",
+    scope: "https://example.net/b",
+    originAttributes: ChromeUtils.originAttributesToSuffix(
+      { appId: 42 }),
+    version: 10,
+    quota: Infinity,
+  }, {
+    channelID: "b1cf38c9-6836-4d29-8a30-a3e98d59b728",
+    pushEndpoint: "https://example.org/update/different-manifest",
+    scope: "https://example.org/c",
+    originAttributes: ChromeUtils.originAttributesToSuffix(
+      { appId: 42, inIsolatedMozBrowser: true }),
+    version: 15,
+    quota: Infinity,
   }];
   for (let record of records) {
     await db.put(record);
diff --git a/dom/push/test/xpcshell/test_registration_success_http2.js b/dom/push/test/xpcshell/test_registration_success_http2.js
index 8d40ac04792ff..81c7f4e4025a7 100644
--- a/dom/push/test/xpcshell/test_registration_success_http2.js
+++ b/dom/push/test/xpcshell/test_registration_success_http2.js
@@ -29,7 +29,7 @@ add_task(async function test_pushNotifications() {
     pushReceiptEndpoint: serverURL + "/pushReceiptEndpointA",
     scope: "https://example.net/a",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     quota: Infinity,
   }, {
     subscriptionUri: serverURL + "/subscriptionB",
@@ -37,7 +37,7 @@ add_task(async function test_pushNotifications() {
     pushReceiptEndpoint: serverURL + "/pushReceiptEndpointB",
     scope: "https://example.net/b",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     quota: Infinity,
   }, {
     subscriptionUri: serverURL + "/subscriptionC",
@@ -45,7 +45,7 @@ add_task(async function test_pushNotifications() {
     pushReceiptEndpoint: serverURL + "/pushReceiptEndpointC",
     scope: "https://example.net/c",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     quota: Infinity,
   }];
 
@@ -61,7 +61,7 @@ add_task(async function test_pushNotifications() {
   let registration = await PushService.registration({
     scope: "https://example.net/a",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
   });
   equal(
     registration.endpoint,
diff --git a/dom/push/test/xpcshell/test_unregister_empty_scope.js b/dom/push/test/xpcshell/test_unregister_empty_scope.js
index deca7e1e04883..65187887f64f2 100644
--- a/dom/push/test/xpcshell/test_unregister_empty_scope.js
+++ b/dom/push/test/xpcshell/test_unregister_empty_scope.js
@@ -31,7 +31,7 @@ add_task(async function test_unregister_empty_scope() {
     PushService.unregister({
       scope: "",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Invalid page record/,
     "Expected error for empty endpoint"
diff --git a/dom/push/test/xpcshell/test_unregister_invalid_json.js b/dom/push/test/xpcshell/test_unregister_invalid_json.js
index 0d20b637b7c8c..7c18ebddb9472 100644
--- a/dom/push/test/xpcshell/test_unregister_invalid_json.js
+++ b/dom/push/test/xpcshell/test_unregister_invalid_json.js
@@ -79,7 +79,7 @@ add_task(async function test_unregister_invalid_json() {
     PushService.unregister({
       scope: "https://example.net/page/1",
       originAttributes: ChromeUtils.originAttributesToSuffix(
-        { inIsolatedMozBrowser: false }),
+        { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     }),
     /Request timed out/,
     "Expected error for second invalid JSON response"
diff --git a/dom/push/test/xpcshell/test_unregister_not_found.js b/dom/push/test/xpcshell/test_unregister_not_found.js
index c0823b84f7bfa..e5481637ca368 100644
--- a/dom/push/test/xpcshell/test_unregister_not_found.js
+++ b/dom/push/test/xpcshell/test_unregister_not_found.js
@@ -30,7 +30,7 @@ add_task(async function test_unregister_not_found() {
   let result = await PushService.unregister({
     scope: "https://example.net/nonexistent",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
   });
   ok(result === false, "unregister should resolve with false for nonexistent scope");
 });
diff --git a/dom/push/test/xpcshell/test_unregister_success_http2.js b/dom/push/test/xpcshell/test_unregister_success_http2.js
index 1fc31ec88f807..c15cab539b424 100644
--- a/dom/push/test/xpcshell/test_unregister_success_http2.js
+++ b/dom/push/test/xpcshell/test_unregister_success_http2.js
@@ -44,7 +44,7 @@ add_task(async function test_pushUnsubscriptionSuccess() {
     pushReceiptEndpoint: serverURL + "/receiptPushEndpointUnsubscriptionSuccess",
     scope: "https://example.com/page/unregister-success",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
     quota: Infinity,
   });
 
@@ -56,7 +56,7 @@ add_task(async function test_pushUnsubscriptionSuccess() {
   await PushService.unregister({
     scope: "https://example.com/page/unregister-success",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
   });
   let record = await db.getByKeyID(serverURL + "/subscriptionUnsubscriptionSuccess");
   ok(!record, "Unregister did not remove record");
diff --git a/dom/push/test/xpcshell/test_updateRecordNoEncryptionKeys_ws.js b/dom/push/test/xpcshell/test_updateRecordNoEncryptionKeys_ws.js
index 2e066bd466d4f..02dfb30eca0ee 100644
--- a/dom/push/test/xpcshell/test_updateRecordNoEncryptionKeys_ws.js
+++ b/dom/push/test/xpcshell/test_updateRecordNoEncryptionKeys_ws.js
@@ -70,7 +70,7 @@ add_task(async function test_with_data_enabled() {
   let newRecord = await PushService.register({
     scope: "https://example.com/page/3",
     originAttributes: ChromeUtils.originAttributesToSuffix(
-      { inIsolatedMozBrowser: false }),
+      { appId: Ci.nsIScriptSecurityManager.NO_APP_ID, inIsolatedMozBrowser: false }),
   });
   ok(newRecord.p256dhKey, "Should generate public keys for new records");
 
diff --git a/dom/quota/ActorsParent.cpp b/dom/quota/ActorsParent.cpp
index 30eaaa4d0110d..fbaa64aee0157 100644
--- a/dom/quota/ActorsParent.cpp
+++ b/dom/quota/ActorsParent.cpp
@@ -204,6 +204,11 @@ const char kResourceOriginPrefix[] = "resource://";
 #define TEMPORARY_DIRECTORY_NAME "temporary"
 #define DEFAULT_DIRECTORY_NAME "default"
 
+enum AppId {
+  kNoAppId = nsIScriptSecurityManager::NO_APP_ID,
+  kUnknownAppId = nsIScriptSecurityManager::UNKNOWN_APP_ID
+};
+
 #define STORAGE_FILE_NAME "storage.sqlite"
 
 // The name of the file that we use to load/save the last access time of an
@@ -1651,6 +1656,7 @@ class MOZ_STACK_CLASS OriginParser final {
   const OriginAttributes mOriginAttributes;
   Tokenizer mTokenizer;
 
+  uint32_t mAppId;
   nsCString mScheme;
   nsCString mHost;
   Nullable<uint32_t> mPort;
@@ -1674,6 +1680,7 @@ class MOZ_STACK_CLASS OriginParser final {
       : mOrigin(aOrigin),
         mOriginAttributes(aOriginAttributes),
         mTokenizer(aOrigin, '+'),
+        mAppId(kNoAppId),
         mPort(),
         mSchemeType(eNone),
         mState(eExpectingAppIdOrScheme),
@@ -2023,18 +2030,23 @@ nsresult GetBinaryOutputStream(nsIFile* aFile, FileFlag aFileFlag,
   return NS_OK;
 }
 
-void GetJarPrefix(bool aInIsolatedMozBrowser, nsACString& aJarPrefix) {
+void GetJarPrefix(uint32_t aAppId, bool aInIsolatedMozBrowser,
+                  nsACString& aJarPrefix) {
+  MOZ_ASSERT(aAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID);
+
+  if (aAppId == nsIScriptSecurityManager::UNKNOWN_APP_ID) {
+    aAppId = nsIScriptSecurityManager::NO_APP_ID;
+  }
+
   aJarPrefix.Truncate();
 
   // Fallback.
-  if (!aInIsolatedMozBrowser) {
+  if (aAppId == nsIScriptSecurityManager::NO_APP_ID && !aInIsolatedMozBrowser) {
     return;
   }
 
-  // AppId is an unused b2g identifier. Let's set it to 0 all the time (see bug
-  // 1320404).
   // aJarPrefix = appId + "+" + { 't', 'f' } + "+";
-  aJarPrefix.AppendInt(0);  // TODO: this is the appId, to be removed.
+  aJarPrefix.AppendInt(aAppId);
   aJarPrefix.Append('+');
   aJarPrefix.Append(aInIsolatedMozBrowser ? 't' : 'f');
   aJarPrefix.Append('+');
@@ -2055,7 +2067,8 @@ nsresult CreateDirectoryMetadata(nsIFile* aDirectory, int64_t aTimestamp,
   }
 
   nsCString groupPrefix;
-  GetJarPrefix(groupAttributes.mInIsolatedMozBrowser, groupPrefix);
+  GetJarPrefix(groupAttributes.mAppId, groupAttributes.mInIsolatedMozBrowser,
+               groupPrefix);
 
   nsCString group = groupPrefix + groupNoSuffix;
 
@@ -2068,7 +2081,8 @@ nsresult CreateDirectoryMetadata(nsIFile* aDirectory, int64_t aTimestamp,
   }
 
   nsCString originPrefix;
-  GetJarPrefix(originAttributes.mInIsolatedMozBrowser, originPrefix);
+  GetJarPrefix(originAttributes.mAppId, originAttributes.mInIsolatedMozBrowser,
+               originPrefix);
 
   nsCString origin = originPrefix + originNoSuffix;
 
@@ -9015,7 +9029,14 @@ auto OriginParser::Parse(nsACString& aSpec, OriginAttributes* aAttrs)
   // For IPv6 URL, it should at least have three groups.
   MOZ_ASSERT_IF(mIPGroup > 0, mIPGroup >= 3);
 
-  *aAttrs = mOriginAttributes;
+  if (mAppId == kNoAppId) {
+    *aAttrs = mOriginAttributes;
+  } else {
+    MOZ_ASSERT(mOriginAttributes.mAppId == kNoAppId);
+
+    *aAttrs = OriginAttributes(mAppId, mInIsolatedMozBrowser);
+  }
+
   nsAutoCString spec(mScheme);
 
   if (mSchemeType == eFile) {
@@ -9131,8 +9152,9 @@ void OriginParser::HandleToken(const nsDependentCSubstring& aToken) {
         nsCString token(aToken);
 
         nsresult rv;
-        Unused << token.ToInteger(&rv);
+        uint32_t appId = token.ToInteger(&rv);
         if (NS_SUCCEEDED(rv)) {
+          mAppId = appId;
           mState = eExpectingInMozBrowser;
           return;
         }
@@ -9907,6 +9929,20 @@ nsresult UpgradeStorageFrom1_0To2_0Helper::MaybeRemoveMorgueDirectory(
 nsresult UpgradeStorageFrom1_0To2_0Helper::MaybeRemoveAppsData(
     const OriginProps& aOriginProps, bool* aRemoved) {
   AssertIsOnIOThread();
+
+  // XXX This will need to be reworked as part of bug 1320404 (appId is
+  //     going to be removed from origin attributes).
+  if (aOriginProps.mAttrs.mAppId != kNoAppId &&
+      aOriginProps.mAttrs.mAppId != kUnknownAppId) {
+    nsresult rv = RemoveObsoleteOrigin(aOriginProps);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+
+    *aRemoved = true;
+    return NS_OK;
+  }
+
   *aRemoved = false;
   return NS_OK;
 }
diff --git a/dom/quota/SerializationHelpers.h b/dom/quota/SerializationHelpers.h
index 68e2c613cc054..17959ff0fe234 100644
--- a/dom/quota/SerializationHelpers.h
+++ b/dom/quota/SerializationHelpers.h
@@ -33,6 +33,7 @@ struct ParamTraits<mozilla::OriginAttributesPattern> {
   typedef mozilla::OriginAttributesPattern paramType;
 
   static void Write(Message* aMsg, const paramType& aParam) {
+    WriteParam(aMsg, aParam.mAppId);
     WriteParam(aMsg, aParam.mFirstPartyDomain);
     WriteParam(aMsg, aParam.mInIsolatedMozBrowser);
     WriteParam(aMsg, aParam.mPrivateBrowsingId);
@@ -41,7 +42,8 @@ struct ParamTraits<mozilla::OriginAttributesPattern> {
 
   static bool Read(const Message* aMsg, PickleIterator* aIter,
                    paramType* aResult) {
-    return ReadParam(aMsg, aIter, &aResult->mFirstPartyDomain) &&
+    return ReadParam(aMsg, aIter, &aResult->mAppId) &&
+           ReadParam(aMsg, aIter, &aResult->mFirstPartyDomain) &&
            ReadParam(aMsg, aIter, &aResult->mInIsolatedMozBrowser) &&
            ReadParam(aMsg, aIter, &aResult->mPrivateBrowsingId) &&
            ReadParam(aMsg, aIter, &aResult->mUserContextId);
diff --git a/dom/quota/nsIQuotaManagerService.idl b/dom/quota/nsIQuotaManagerService.idl
index 9e94ac0486821..bfd0f12a6ebd7 100644
--- a/dom/quota/nsIQuotaManagerService.idl
+++ b/dom/quota/nsIQuotaManagerService.idl
@@ -109,14 +109,12 @@ interface nsIQuotaManagerService : nsISupports
 
   /**
    * Removes all storages stored for the given pattern. The files may not be
-   * deleted immediately depending on prohibitive concurrent operations.  In
-   * terms of locks, it will get an exclusive multi directory lock for given
-   * pattern.  For example, given pattern {"userContextId":1007} and set of 3
-   * origins ["http://www.mozilla.org^userContextId=1007",
-   * "http://www.example.org^userContextId=1007",
-   * "http://www.example.org^userContextId=1008"], the method will only lock 2
-   * origins ["http://www.mozilla.org^userContextId=1007",
-   * "http://www.example.org^userContextId=1007"].
+   * deleted immediately depending on prohibitive concurrent operations.
+   * In terms of locks, it will get an exclusive multi directory lock for given
+   * pattern.  For example, given pattern {"appId":1007} and set of 3 origins
+   * ["http://www.mozilla.org^appId=1007", "http://www.example.org^appId=1007",
+   * "http://www.example.org^appId=1008"], the method will only lock 2 origins
+   * ["http://www.mozilla.org^appId=1007", "http://www.example.org^appId=1007"].
    *
    * @param aPattern
    *        A pattern for the origins whose storages are to be cleared.
diff --git a/dom/quota/test/gtest/TestQuotaManager.cpp b/dom/quota/test/gtest/TestQuotaManager.cpp
index 51f40b7973382..948da37cbf626 100644
--- a/dom/quota/test/gtest/TestQuotaManager.cpp
+++ b/dom/quota/test/gtest/TestQuotaManager.cpp
@@ -48,6 +48,13 @@ TEST(QuotaManager, OriginScope)
     EXPECT_TRUE(originScope.GetOriginNoSuffix().Equals(prefix));
   }
 
+  {
+    NS_NAMED_LITERAL_STRING(pattern, "{\"appId\":1007}");
+    originScope.SetFromJSONPattern(pattern);
+    EXPECT_TRUE(originScope.IsPattern());
+    EXPECT_TRUE(originScope.GetJSONPattern().Equals(pattern));
+  }
+
   {
     originScope.SetFromNull();
     EXPECT_TRUE(originScope.IsNull());
@@ -82,6 +89,20 @@ TEST(QuotaManager, OriginScope)
     }
   }
 
+  {
+    originScope.SetFromJSONPattern(NS_LITERAL_STRING("{\"appId\":1007}"));
+
+    static const OriginTest tests[] = {
+        {"http+++www.mozilla.org^appId=1007", true},
+        {"http+++www.example.org^appId=1007", true},
+        {"http+++www.example.org^appId=1008", false},
+    };
+
+    for (const auto& test : tests) {
+      CheckOriginScopeMatchesOrigin(originScope, test.mOrigin, test.mMatch);
+    }
+  }
+
   {
     originScope.SetFromNull();
 
@@ -89,6 +110,9 @@ TEST(QuotaManager, OriginScope)
         {"http://www.mozilla.org", true},
         {"http://www.mozilla.org^userContextId=1", true},
         {"http://www.example.org^userContextId=1", true},
+        {"http+++www.mozilla.org^appId=1007", true},
+        {"http+++www.example.org^appId=1007", true},
+        {"http+++www.example.org^appId=1008", true},
     };
 
     for (const auto& test : tests) {
diff --git a/dom/quota/test/unit/removeAppsUpgrade_profile.zip b/dom/quota/test/unit/removeAppsUpgrade_profile.zip
new file mode 100644
index 0000000000000000000000000000000000000000..582edb43af082bc2b9ceed98b02eb6418f149a81
GIT binary patch
literal 3145
zcmWIWW@h1H0D)@(eqLY(l;B{HVJI%iFG@^L)ejBfWME!=Vo}6<ATF)oW?*Fb%E-XL
zA_7z!05kzab1*ap`gt8U+4Rl`WC9Zd10TW!z2d^0%#u{FIgd^*iU46WbGZ4woYe6Q
z^*F76%2y}QAT1#&Atj|CARqw<T9WQC?ALK=m0K;W-*MC>;H`!P)Mkj=x%<OV+%ABy
zSwAH;EwMDG1mcISht@`bFq+*UKR`@6ISth$b1Wt$78Gb}YZq4*m!#(Er6*=4=H@45
z=A`Q77p2Dm<vdet4Gj#;Ar^XFSQ`PtSS*AD8py)QLZ`o)13lyc#17<JsF#~sl9-ZM
zk_ZlF95yE>d=0tu`QOb02M#D?Wh5l5o4ai8ycsiR%$`4G=Hyk=<EQXV325?C5fh1c
z`C2?&Z2FRCuNJOkLW*UOgCCfh`C9=Un*qemRB*6vnGr!ZcW<vc*TAylu@E<xO>hn`
zFVC6An3G?QoH=sm&yq89LiYYyR1)H8s&L*be*cb5J5)@=`L}z4oehcDg$qz4RvnA8
zGfGN8F<V|<u9ur%m6?;12#QlkMBaU{HUflkMkL4ry*F3yX#&FplmiTiw*WQbaM+Zb
zQ2Jw0VL=ujGc$8}UR`LKpWmXmx<IQ5+S3Aqf)bXlkB^I6*RI2i6jdN6ZNF!ptO0b6
zJrEm{;Urkp5OkH)gL7xspE`5W^U7&`FZQCNMqXZAYrcFvefsp*38_dCk-r!<B0O<8
zsu&m(DXC?tIr#;tMS968dGI*NOD#dlXKI;wPDT0U#i>QMhLEUIdbTzKgmFd{$O#tg
zc7JSvVd4$MLDX~tYGmSY3nVf%6q_0w9Zy_1a3E&4i?#WFEn{`{Kz;qKEE=mAMbBzz
zYHDn|blu-m*Zb^AeGlDB-hL-9JBM*2MQ{PoBTIJ$iueIN(GSF-H1P;52`B@@6ok>j
z748>C&W_`%Vj>mGZb(T<%vhcJ%u@8}bn)e4H>H@CPAU4l+Niil=<BB-?}F8vPGI$%
zvXeg0bBs)K%#b{bStWsreGm{}c<TtF5fv0Gq=G_o8^knR)f3D#28M=4CxmJ6$_i*E
zmWm45g_so&%uE4>1CDzTW+GKXKvS_+K?r|iRzk?8vH@#en7?6_8_`t~&~mKR5y)~}
z6%x#HP%xE~Z#h!NAkG!2wG6T=G=QxOGJ^o_3UI2%=MY@=2FxL#7`~6iAvkLhpk-KV
z5JcEx)*&#<Kw<B|jOl9}mce})8bX|{sMQ3rt(VEL6&AKQy$cCj%&GupF(_;^Sg?DS
z%!&aR4p=J%MCfBy3oz$^LjN^2or4-b1l)yL$|JjL3o8|a3GOaf3}Pwo1H4(;KxHov
M5H12*J`v0V0N^lqLI3~&

literal 0
HcmV?d00001

diff --git a/dom/quota/test/unit/test_removeAppsUpgrade.js b/dom/quota/test/unit/test_removeAppsUpgrade.js
new file mode 100644
index 0000000000000..87fad9214e075
--- /dev/null
+++ b/dom/quota/test/unit/test_removeAppsUpgrade.js
@@ -0,0 +1,66 @@
+/**
+ * Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+
+var testGenerator = testSteps();
+
+function* testSteps()
+{
+  const origins = [
+    {
+      path: "storage/default/http+++www.mozilla.org",
+      obsolete: false
+    },
+
+    {
+      path: "storage/default/app+++system.gaiamobile.org^appId=1007",
+      obsolete: true
+    },
+
+    {
+      path: "storage/default/https+++developer.cdn.mozilla.net^appId=1007&inBrowser=1",
+      obsolete: true
+    }
+  ];
+
+  info("Clearing");
+
+  clear(continueToNextStepSync);
+  yield undefined;
+
+  info("Installing package");
+
+  installPackage("removeAppsUpgrade_profile");
+
+  info("Checking origin directories");
+
+  for (let origin of origins) {
+    let originDir = getRelativeFile(origin.path);
+
+    let exists = originDir.exists();
+    ok(exists, "Origin directory does exist");
+  }
+
+  info("Initializing");
+
+  let request = init(continueToNextStepSync);
+  yield undefined;
+
+  ok(request.resultCode == NS_OK, "Initialization succeeded");
+
+  info("Checking origin directories");
+
+  for (let origin of origins) {
+    let originDir = getRelativeFile(origin.path);
+
+    let exists = originDir.exists();
+    if (origin.obsolete) {
+      ok(!exists, "Origin directory doesn't exist");
+    } else {
+      ok(exists, "Origin directory does exist");
+    }
+  }
+
+  finishTest();
+}
diff --git a/dom/quota/test/unit/xpcshell.ini b/dom/quota/test/unit/xpcshell.ini
index 0f23d9777d417..d9fbefd42e7ec 100644
--- a/dom/quota/test/unit/xpcshell.ini
+++ b/dom/quota/test/unit/xpcshell.ini
@@ -18,6 +18,7 @@ support-files =
   morgueCleanup_profile.zip
   obsoleteOriginAttributes_profile.zip
   originAttributesUpgrade_profile.zip
+  removeAppsUpgrade_profile.zip
   removeLocalStorage1_profile.zip
   removeLocalStorage2_profile.zip
   storagePersistentUpgrade_profile.zip
@@ -45,6 +46,7 @@ support-files =
 [test_persist_eviction.js]
 [test_persist_globalLimit.js]
 [test_persist_groupLimit.js]
+[test_removeAppsUpgrade.js]
 [test_removeLocalStorage.js]
 [test_simpledb.js]
 [test_specialOrigins.js]
diff --git a/dom/serviceworkers/ServiceWorkerManager.cpp b/dom/serviceworkers/ServiceWorkerManager.cpp
index be60a85ecb3f9..0d3be76e1f9f7 100644
--- a/dom/serviceworkers/ServiceWorkerManager.cpp
+++ b/dom/serviceworkers/ServiceWorkerManager.cpp
@@ -1504,6 +1504,12 @@ ServiceWorkerManager::GetServiceWorkerRegistrationInfo(nsIPrincipal* aPrincipal,
   MOZ_ASSERT(aPrincipal);
   MOZ_ASSERT(aURI);
 
+  // XXXnsm Temporary fix until Bug 1171432 is fixed.
+  if (NS_WARN_IF(BasePrincipal::Cast(aPrincipal)->AppId() ==
+                 nsIScriptSecurityManager::UNKNOWN_APP_ID)) {
+    return nullptr;
+  }
+
   nsAutoCString scopeKey;
   nsresult rv = PrincipalToScopeKey(aPrincipal, scopeKey);
   if (NS_FAILED(rv)) {
diff --git a/dom/serviceworkers/ServiceWorkerManager.h b/dom/serviceworkers/ServiceWorkerManager.h
index 8340d7e0a34a3..cb4c7753624e4 100644
--- a/dom/serviceworkers/ServiceWorkerManager.h
+++ b/dom/serviceworkers/ServiceWorkerManager.h
@@ -328,8 +328,9 @@ class ServiceWorkerManager final : public nsIServiceWorkerManager,
   GetServiceWorkerRegistrationInfo(const nsACString& aScopeKey,
                                    nsIURI* aURI) const;
 
-  // This method generates a key using isInElementBrowser from the principal. We
-  // don't use the origin because it can change during the loading.
+  // This method generates a key using appId and isInElementBrowser from the
+  // principal. We don't use the origin because it can change during the
+  // loading.
   static nsresult PrincipalToScopeKey(nsIPrincipal* aPrincipal,
                                       nsACString& aKey);
 
diff --git a/dom/serviceworkers/test/gtest/TestReadWrite.cpp b/dom/serviceworkers/test/gtest/TestReadWrite.cpp
index 6830d2a21ebf3..f59b0f10a4f44 100644
--- a/dom/serviceworkers/test/gtest/TestReadWrite.cpp
+++ b/dom/serviceworkers/test/gtest/TestReadWrite.cpp
@@ -159,7 +159,7 @@ TEST(ServiceWorkerRegistrar, TestReadData)
 {
   nsAutoCString buffer(SERVICEWORKERREGISTRAR_VERSION "\n");
 
-  buffer.AppendLiteral("^inBrowser=1\n");
+  buffer.AppendLiteral("^appId=123&inBrowser=1\n");
   buffer.AppendLiteral("https://scope_0.org\ncurrentWorkerURL 0\n");
   buffer.Append(SERVICEWORKERREGISTRAR_TRUE "\n");
   buffer.AppendLiteral("cacheName 0\n");
@@ -208,7 +208,7 @@ TEST(ServiceWorkerRegistrar, TestReadData)
   nsAutoCString suffix0;
   cInfo0.attrs().CreateSuffix(suffix0);
 
-  ASSERT_STREQ("^inBrowser=1", suffix0.get());
+  ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
   ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
   ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
   ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@@ -265,7 +265,7 @@ TEST(ServiceWorkerRegistrar, TestWriteData)
   {
     RefPtr<ServiceWorkerRegistrarTest> swr = new ServiceWorkerRegistrarTest;
 
-    for (int i = 0; i < 2; ++i) {
+    for (int i = 0; i < 10; ++i) {
       ServiceWorkerRegistrationData reg;
 
       reg.scope() = nsPrintfCString("https://scope_write_%d.org", i);
@@ -285,7 +285,7 @@ TEST(ServiceWorkerRegistrar, TestWriteData)
 
       nsTArray<mozilla::ipc::ContentSecurityPolicy> policies;
       reg.principal() = mozilla::ipc::ContentPrincipalInfo(
-          mozilla::OriginAttributes(i % 2), spec, spec, mozilla::Nothing(),
+          mozilla::OriginAttributes(i, i % 2), spec, spec, mozilla::Nothing(),
           std::move(policies), spec);
 
       swr->TestRegisterServiceWorker(reg);
@@ -301,16 +301,16 @@ TEST(ServiceWorkerRegistrar, TestWriteData)
   ASSERT_EQ(NS_OK, rv) << "ReadData() should not fail";
 
   const nsTArray<ServiceWorkerRegistrationData>& data = swr->TestGetData();
-  ASSERT_EQ((uint32_t)2, data.Length()) << "2 entries should be found";
+  ASSERT_EQ((uint32_t)10, data.Length()) << "10 entries should be found";
 
-  for (int i = 0; i < 2; ++i) {
+  for (int i = 0; i < 10; ++i) {
     nsAutoCString test;
 
     ASSERT_EQ(data[i].principal().type(),
               mozilla::ipc::PrincipalInfo::TContentPrincipalInfo);
     const mozilla::ipc::ContentPrincipalInfo& cInfo = data[i].principal();
 
-    mozilla::OriginAttributes attrs(i % 2);
+    mozilla::OriginAttributes attrs(i, i % 2);
     nsAutoCString suffix, expectSuffix;
     attrs.CreateSuffix(expectSuffix);
     cInfo.attrs().CreateSuffix(suffix);
@@ -380,7 +380,7 @@ TEST(ServiceWorkerRegistrar, TestVersion2Migration)
   nsAutoCString suffix0;
   cInfo0.attrs().CreateSuffix(suffix0);
 
-  ASSERT_STREQ("^inBrowser=1", suffix0.get());
+  ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
   ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
   ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
   ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@@ -450,7 +450,7 @@ TEST(ServiceWorkerRegistrar, TestVersion3Migration)
   nsAutoCString suffix0;
   cInfo0.attrs().CreateSuffix(suffix0);
 
-  ASSERT_STREQ("^inBrowser=1", suffix0.get());
+  ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
   ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
   ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
   ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@@ -518,7 +518,7 @@ TEST(ServiceWorkerRegistrar, TestVersion4Migration)
   nsAutoCString suffix0;
   cInfo0.attrs().CreateSuffix(suffix0);
 
-  ASSERT_STREQ("^inBrowser=1", suffix0.get());
+  ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
   ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
   ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
   ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@@ -590,7 +590,7 @@ TEST(ServiceWorkerRegistrar, TestVersion5Migration)
   nsAutoCString suffix0;
   cInfo0.attrs().CreateSuffix(suffix0);
 
-  ASSERT_STREQ("^inBrowser=1", suffix0.get());
+  ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
   ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
   ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
   ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@@ -664,7 +664,7 @@ TEST(ServiceWorkerRegistrar, TestVersion6Migration)
   nsAutoCString suffix0;
   cInfo0.attrs().CreateSuffix(suffix0);
 
-  ASSERT_STREQ("^inBrowser=1", suffix0.get());
+  ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
   ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
   ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
   ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@@ -751,7 +751,7 @@ TEST(ServiceWorkerRegistrar, TestVersion7Migration)
   nsAutoCString suffix0;
   cInfo0.attrs().CreateSuffix(suffix0);
 
-  ASSERT_STREQ("^inBrowser=1", suffix0.get());
+  ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
   ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
   ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
   ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@@ -791,7 +791,7 @@ TEST(ServiceWorkerRegistrar, TestDedupeRead)
       "\n");
 
   // unique entries
-  buffer.AppendLiteral("^inBrowser=1\n");
+  buffer.AppendLiteral("^appId=123&inBrowser=1\n");
   buffer.AppendLiteral(
       "spec 0\nhttps://scope_0.org\ncurrentWorkerURL 0\ncacheName 0\n");
   buffer.AppendLiteral(SERVICEWORKERREGISTRAR_TERMINATOR "\n");
@@ -802,12 +802,12 @@ TEST(ServiceWorkerRegistrar, TestDedupeRead)
   buffer.AppendLiteral(SERVICEWORKERREGISTRAR_TERMINATOR "\n");
 
   // dupe entries
-  buffer.AppendLiteral("^inBrowser=1\n");
+  buffer.AppendLiteral("^appId=123&inBrowser=1\n");
   buffer.AppendLiteral(
       "spec 1\nhttps://scope_0.org\ncurrentWorkerURL 0\ncacheName 0\n");
   buffer.AppendLiteral(SERVICEWORKERREGISTRAR_TERMINATOR "\n");
 
-  buffer.AppendLiteral("^inBrowser=1\n");
+  buffer.AppendLiteral("^appId=123&inBrowser=1\n");
   buffer.AppendLiteral(
       "spec 2\nhttps://scope_0.org\ncurrentWorkerURL 0\ncacheName 0\n");
   buffer.AppendLiteral(SERVICEWORKERREGISTRAR_TERMINATOR "\n");
@@ -836,7 +836,7 @@ TEST(ServiceWorkerRegistrar, TestDedupeRead)
   nsAutoCString suffix0;
   cInfo0.attrs().CreateSuffix(suffix0);
 
-  ASSERT_STREQ("^inBrowser=1", suffix0.get());
+  ASSERT_STREQ("^appId=123&inBrowser=1", suffix0.get());
   ASSERT_STREQ("https://scope_0.org", cInfo0.spec().get());
   ASSERT_STREQ("https://scope_0.org", data[0].scope().get());
   ASSERT_STREQ("currentWorkerURL 0", data[0].currentWorkerURL().get());
@@ -874,7 +874,7 @@ TEST(ServiceWorkerRegistrar, TestDedupeWrite)
   {
     RefPtr<ServiceWorkerRegistrarTest> swr = new ServiceWorkerRegistrarTest;
 
-    for (int i = 0; i < 2; ++i) {
+    for (int i = 0; i < 10; ++i) {
       ServiceWorkerRegistrationData reg;
 
       reg.scope() = NS_LITERAL_CSTRING("https://scope_write.dedupe");
@@ -890,7 +890,7 @@ TEST(ServiceWorkerRegistrar, TestDedupeWrite)
 
       nsTArray<mozilla::ipc::ContentSecurityPolicy> policies;
       reg.principal() = mozilla::ipc::ContentPrincipalInfo(
-          mozilla::OriginAttributes(false), spec, spec, mozilla::Nothing(),
+          mozilla::OriginAttributes(0, false), spec, spec, mozilla::Nothing(),
           std::move(policies), spec);
 
       swr->TestRegisterServiceWorker(reg);
@@ -913,19 +913,19 @@ TEST(ServiceWorkerRegistrar, TestDedupeWrite)
             mozilla::ipc::PrincipalInfo::TContentPrincipalInfo);
   const mozilla::ipc::ContentPrincipalInfo& cInfo = data[0].principal();
 
-  mozilla::OriginAttributes attrs(false);
+  mozilla::OriginAttributes attrs(0, false);
   nsAutoCString suffix, expectSuffix;
   attrs.CreateSuffix(expectSuffix);
   cInfo.attrs().CreateSuffix(suffix);
 
   // Last entry passed to RegisterServiceWorkerInternal() should overwrite
-  // previous values.  So expect "1" in values here.
+  // previous values.  So expect "9" in values here.
   ASSERT_STREQ(expectSuffix.get(), suffix.get());
   ASSERT_STREQ("https://scope_write.dedupe", cInfo.spec().get());
   ASSERT_STREQ("https://scope_write.dedupe", data[0].scope().get());
-  ASSERT_STREQ("currentWorkerURL write 1", data[0].currentWorkerURL().get());
+  ASSERT_STREQ("currentWorkerURL write 9", data[0].currentWorkerURL().get());
   ASSERT_EQ(true, data[0].currentWorkerHandlesFetch());
-  ASSERT_STREQ("cacheName write 1",
+  ASSERT_STREQ("cacheName write 9",
                NS_ConvertUTF16toUTF8(data[0].cacheName()).get());
   ASSERT_EQ(nsIServiceWorkerRegistrationInfo::UPDATE_VIA_CACHE_IMPORTS,
             data[0].updateViaCache());
diff --git a/dom/storage/StorageDBUpdater.cpp b/dom/storage/StorageDBUpdater.cpp
index 01f892cd25a72..0121ff3453ae7 100644
--- a/dom/storage/StorageDBUpdater.cpp
+++ b/dom/storage/StorageDBUpdater.cpp
@@ -70,7 +70,6 @@ class ExtractOriginData : protected mozilla::Tokenizer {
     origin.Assign(scope);
 
     // Bail out if it isn't appId.
-    // AppId doesn't exist any more but we could have old storage data...
     uint32_t appId;
     if (!ReadInteger(&appId)) {
       return;
@@ -131,7 +130,7 @@ class ExtractOriginData : protected mozilla::Tokenizer {
         }
       }
     } else {
-      OriginAttributes attrs(inIsolatedMozBrowser);
+      OriginAttributes attrs(appId, inIsolatedMozBrowser);
       attrs.CreateSuffix(suffix);
     }
 
diff --git a/dom/storage/StorageUtils.cpp b/dom/storage/StorageUtils.cpp
index 283fbb1852c77..8fc37d5b204d1 100644
--- a/dom/storage/StorageUtils.cpp
+++ b/dom/storage/StorageUtils.cpp
@@ -118,8 +118,9 @@ nsCString Scheme0Scope(const nsACString& aOriginSuffix,
     MOZ_ASSERT(success);
   }
 
-  if (oa.mInIsolatedMozBrowser) {
-    result.AppendInt(0);  // This is the appId to be removed.
+  if (oa.mAppId != nsIScriptSecurityManager::NO_APP_ID ||
+      oa.mInIsolatedMozBrowser) {
+    result.AppendInt(oa.mAppId);
     result.Append(':');
     result.Append(oa.mInIsolatedMozBrowser ? 't' : 'f');
     result.Append(':');
@@ -131,6 +132,7 @@ nsCString Scheme0Scope(const nsACString& aOriginSuffix,
   // with originAttributes and originKey columns) so that switch between
   // schema 1 and 0 always works in both ways.
   nsAutoCString remaining;
+  oa.mAppId = 0;
   oa.mInIsolatedMozBrowser = false;
   oa.CreateSuffix(remaining);
   if (!remaining.IsEmpty()) {
diff --git a/dom/workers/WorkerLoadInfo.cpp b/dom/workers/WorkerLoadInfo.cpp
index 3b73a4499b24c..f7b9b80a0443e 100644
--- a/dom/workers/WorkerLoadInfo.cpp
+++ b/dom/workers/WorkerLoadInfo.cpp
@@ -213,7 +213,7 @@ nsresult WorkerLoadInfo::GetPrincipalsAndLoadGroupFromChannel(
   }
 
   // The principal can change, but it should still match the original
-  // load group's browser element flag.
+  // load group's appId and browser element flag.
   MOZ_ASSERT(NS_LoadGroupMatchesPrincipal(channelLoadGroup, channelPrincipal));
 
   channelPrincipal.forget(aPrincipalOut);
diff --git a/extensions/permissions/nsPermissionManager.cpp b/extensions/permissions/nsPermissionManager.cpp
index 2d20ab39c286b..fbb31b54d1cd1 100644
--- a/extensions/permissions/nsPermissionManager.cpp
+++ b/extensions/permissions/nsPermissionManager.cpp
@@ -199,9 +199,10 @@ nsresult GetPrincipalFromOrigin(const nsACString& aOrigin,
   return NS_OK;
 }
 
-nsresult GetPrincipal(nsIURI* aURI, bool aIsInIsolatedMozBrowserElement,
+nsresult GetPrincipal(nsIURI* aURI, uint32_t aAppId,
+                      bool aIsInIsolatedMozBrowserElement,
                       nsIPrincipal** aPrincipal) {
-  mozilla::OriginAttributes attrs(aIsInIsolatedMozBrowserElement);
+  mozilla::OriginAttributes attrs(aAppId, aIsInIsolatedMozBrowserElement);
   nsCOMPtr<nsIPrincipal> principal =
       mozilla::BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
@@ -464,7 +465,8 @@ class MOZ_STACK_CLASS UpgradeIPHostToOriginDB final
 nsresult UpgradeHostToOriginAndInsert(
     const nsACString& aHost, const nsCString& aType, uint32_t aPermission,
     uint32_t aExpireType, int64_t aExpireTime, int64_t aModificationTime,
-    bool aIsInIsolatedMozBrowserElement, UpgradeHostToOriginHelper* aHelper) {
+    uint32_t aAppId, bool aIsInIsolatedMozBrowserElement,
+    UpgradeHostToOriginHelper* aHelper) {
   if (aHost.EqualsLiteral("<file>")) {
     // We no longer support the magic host <file>
     NS_WARNING(
@@ -489,7 +491,7 @@ nsresult UpgradeHostToOriginAndInsert(
     }
 
     nsCOMPtr<nsIPrincipal> principal;
-    rv = GetPrincipal(uri, aIsInIsolatedMozBrowserElement,
+    rv = GetPrincipal(uri, aAppId, aIsInIsolatedMozBrowserElement,
                       getter_AddRefs(principal));
     NS_ENSURE_SUCCESS(rv, rv);
 
@@ -604,7 +606,7 @@ nsresult UpgradeHostToOriginAndInsert(
 
       // We now have a URI which we can make a nsIPrincipal out of
       nsCOMPtr<nsIPrincipal> principal;
-      rv = GetPrincipal(uri, aIsInIsolatedMozBrowserElement,
+      rv = GetPrincipal(uri, aAppId, aIsInIsolatedMozBrowserElement,
                         getter_AddRefs(principal));
       if (NS_WARN_IF(NS_FAILED(rv))) continue;
 
@@ -652,7 +654,7 @@ nsresult UpgradeHostToOriginAndInsert(
                    NS_LITERAL_CSTRING("http://") + hostSegment);
     NS_ENSURE_SUCCESS(rv, rv);
 
-    rv = GetPrincipal(uri, aIsInIsolatedMozBrowserElement,
+    rv = GetPrincipal(uri, aAppId, aIsInIsolatedMozBrowserElement,
                       getter_AddRefs(principal));
     NS_ENSURE_SUCCESS(rv, rv);
 
@@ -667,7 +669,7 @@ nsresult UpgradeHostToOriginAndInsert(
                    NS_LITERAL_CSTRING("https://") + hostSegment);
     NS_ENSURE_SUCCESS(rv, rv);
 
-    rv = GetPrincipal(uri, aIsInIsolatedMozBrowserElement,
+    rv = GetPrincipal(uri, aAppId, aIsInIsolatedMozBrowserElement,
                       getter_AddRefs(principal));
     NS_ENSURE_SUCCESS(rv, rv);
 
@@ -887,7 +889,7 @@ void nsPermissionManager::Startup() {
 // nsPermissionManager Implementation
 
 #define PERMISSIONS_FILE_NAME "permissions.sqlite"
-#define HOSTS_SCHEMA_VERSION 10
+#define HOSTS_SCHEMA_VERSION 9
 
 #define HOSTPERM_FILE_NAME "hostperm.1"
 
@@ -1303,7 +1305,7 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
           rv = mDBConn->CreateStatement(
               NS_LITERAL_CSTRING(
                   "SELECT host, type, permission, expireType, expireTime, "
-                  "modificationTime, isInBrowserElement FROM moz_hosts"),
+                  "modificationTime, appId, isInBrowserElement FROM moz_hosts"),
               getter_AddRefs(stmt));
           NS_ENSURE_SUCCESS(rv, rv);
 
@@ -1313,6 +1315,7 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
           uint32_t expireType;
           int64_t expireTime;
           int64_t modificationTime;
+          uint32_t appId;
           bool isInBrowserElement;
           bool hasResult;
 
@@ -1332,14 +1335,19 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
             expireType = stmt->AsInt32(3);
             expireTime = stmt->AsInt64(4);
             modificationTime = stmt->AsInt64(5);
-            isInBrowserElement = static_cast<bool>(stmt->AsInt32(6));
+            if (NS_WARN_IF(stmt->AsInt64(6) < 0)) {
+              migrationError = true;
+              continue;
+            }
+            appId = static_cast<uint32_t>(stmt->AsInt64(6));
+            isInBrowserElement = static_cast<bool>(stmt->AsInt32(7));
 
             // Perform the meat of the migration by deferring to the
             // UpgradeHostToOriginAndInsert function.
             UpgradeHostToOriginDBMigration upHelper(mDBConn, &id);
             rv = UpgradeHostToOriginAndInsert(
                 host, type, permission, expireType, expireTime,
-                modificationTime, isInBrowserElement, &upHelper);
+                modificationTime, appId, isInBrowserElement, &upHelper);
             if (NS_FAILED(rv)) {
               NS_WARNING(
                   "Unexpected failure when upgrading migrating permission "
@@ -1476,7 +1484,7 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
           rv = mDBConn->CreateStatement(
               NS_LITERAL_CSTRING(
                   "SELECT host, type, permission, expireType, expireTime, "
-                  "modificationTime, isInBrowserElement FROM moz_hosts"),
+                  "modificationTime, appId, isInBrowserElement FROM moz_hosts"),
               getter_AddRefs(stmt));
           NS_ENSURE_SUCCESS(rv, rv);
 
@@ -1496,6 +1504,7 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
           uint32_t expireType;
           int64_t expireTime;
           int64_t modificationTime;
+          uint32_t appId;
           bool isInBrowserElement;
 
           while (NS_SUCCEEDED(stmt->ExecuteStep(&hasResult)) && hasResult) {
@@ -1521,14 +1530,18 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
             expireType = stmt->AsInt32(3);
             expireTime = stmt->AsInt64(4);
             modificationTime = stmt->AsInt64(5);
-            isInBrowserElement = static_cast<bool>(stmt->AsInt32(6));
+            if (NS_WARN_IF(stmt->AsInt64(6) < 0)) {
+              continue;
+            }
+            appId = static_cast<uint32_t>(stmt->AsInt64(6));
+            isInBrowserElement = static_cast<bool>(stmt->AsInt32(7));
 
             // Perform the meat of the migration by deferring to the
             // UpgradeHostToOriginAndInsert function.
             UpgradeIPHostToOriginDB upHelper(mDBConn, &id);
             rv = UpgradeHostToOriginAndInsert(
                 host, type, permission, expireType, expireTime,
-                modificationTime, isInBrowserElement, &upHelper);
+                modificationTime, appId, isInBrowserElement, &upHelper);
             if (NS_FAILED(rv)) {
               NS_WARNING(
                   "Unexpected failure when upgrading migrating permission "
@@ -1575,64 +1588,6 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
         // fall through to the next upgrade
         MOZ_FALLTHROUGH;
 
-      // Version 10 removes appId from moz_hosts. SQLite doesn't support the
-      // dropping of columns from existing tables. We need to create a temporary
-      // table, copy the data, drop the old table, rename the new one.
-      case 9: {
-        rv = mDBConn->BeginTransaction();
-        NS_ENSURE_SUCCESS(rv, rv);
-
-        bool tableExists = false;
-        mDBConn->TableExists(NS_LITERAL_CSTRING("moz_hosts_v9"), &tableExists);
-        if (tableExists) {
-          NS_WARNING(
-              "The temporary database moz_hosts_v9 already exists, dropping "
-              "it.");
-          rv = mDBConn->ExecuteSimpleSQL(
-              NS_LITERAL_CSTRING("DROP TABLE moz_hosts_v9"));
-          NS_ENSURE_SUCCESS(rv, rv);
-        }
-
-        rv = mDBConn->ExecuteSimpleSQL(
-            NS_LITERAL_CSTRING("CREATE TABLE moz_hosts_v9 ("
-                               " id INTEGER PRIMARY KEY"
-                               ",host TEXT"
-                               ",type TEXT"
-                               ",permission INTEGER"
-                               ",expireType INTEGER"
-                               ",expireTime INTEGER"
-                               ",modificationTime INTEGER"
-                               ",isInBrowserElement INTEGER"
-                               ")"));
-        NS_ENSURE_SUCCESS(rv, rv);
-
-        rv = mDBConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
-            "INSERT INTO moz_hosts_v9 "
-            "(id, host, type, permission, expireType, "
-            "expireTime, modificationTime, isInBrowserElement) "
-            "SELECT id, host, type, permission, expireType, expireTime, "
-            "modificationTime, isInBrowserElement FROM moz_hosts WHERE appId = "
-            "0"));
-        NS_ENSURE_SUCCESS(rv, rv);
-
-        rv = mDBConn->ExecuteSimpleSQL(
-            NS_LITERAL_CSTRING("DROP TABLE moz_hosts"));
-        NS_ENSURE_SUCCESS(rv, rv);
-
-        rv = mDBConn->ExecuteSimpleSQL(
-            NS_LITERAL_CSTRING("ALTER TABLE moz_hosts_v9 RENAME TO moz_hosts"));
-        NS_ENSURE_SUCCESS(rv, rv);
-
-        rv = mDBConn->SetSchemaVersion(10);
-        NS_ENSURE_SUCCESS(rv, rv);
-
-        rv = mDBConn->CommitTransaction();
-        NS_ENSURE_SUCCESS(rv, rv);
-      }
-
-        // fall through to the next upgrade
-        MOZ_FALLTHROUGH;
-
       // current version.
       case HOSTS_SCHEMA_VERSION:
         break;
@@ -1725,6 +1680,7 @@ nsresult nsPermissionManager::CreateTable() {
                          ",expireType INTEGER"
                          ",expireTime INTEGER"
                          ",modificationTime INTEGER"
+                         ",appId INTEGER"
                          ",isInBrowserElement INTEGER"
                          ")"));
 }
@@ -2460,7 +2416,7 @@ nsresult nsPermissionManager::CommonTestPermissionInternal(
   return NS_OK;
 }
 
-// Returns PermissionHashKey for a given { host, isInBrowserElement }
+// Returns PermissionHashKey for a given { host, appId, isInBrowserElement }
 // tuple. This is not simply using PermissionKey because we will walk-up domains
 // in case of |host| contains sub-domains. Returns null if nothing found. Also
 // accepts host on the format "<foo>". This will perform an exact match lookup
@@ -2513,7 +2469,7 @@ nsPermissionManager::GetPermissionHashKey(nsIPrincipal* aPrincipal,
   return nullptr;
 }
 
-// Returns PermissionHashKey for a given { host, isInBrowserElement }
+// Returns PermissionHashKey for a given { host, appId, isInBrowserElement }
 // tuple. This is not simply using PermissionKey because we will walk-up domains
 // in case of |host| contains sub-domains. Returns null if nothing found. Also
 // accepts host on the format "<foo>". This will perform an exact match lookup
@@ -3048,10 +3004,10 @@ nsresult nsPermissionManager::_DoImport(nsIInputStream* inputStream,
       int64_t modificationTime = 0;
 
       UpgradeHostToOriginHostfileImport upHelper(this, operation, id);
-      error =
-          UpgradeHostToOriginAndInsert(lineArray[3], lineArray[1], permission,
-                                       nsIPermissionManager::EXPIRE_NEVER, 0,
-                                       modificationTime, false, &upHelper);
+      error = UpgradeHostToOriginAndInsert(
+          lineArray[3], lineArray[1], permission,
+          nsIPermissionManager::EXPIRE_NEVER, 0, modificationTime,
+          nsIScriptSecurityManager::NO_APP_ID, false, &upHelper);
       if (NS_FAILED(error)) {
         NS_WARNING("There was a problem importing a host permission");
       }
diff --git a/extensions/permissions/test/unit/test_permmanager_cleardata.js b/extensions/permissions/test/unit/test_permmanager_cleardata.js
index af13917a67c88..f710b819644cc 100644
--- a/extensions/permissions/test/unit/test_permmanager_cleardata.js
+++ b/extensions/permissions/test/unit/test_permmanager_cleardata.js
@@ -53,14 +53,16 @@ function run_test()
          .getService(Ci.nsIPermissionManager);
 
   let entries = [
+    { origin: 'http://example.com', originAttributes: { appId: 1 } },
+    { origin: 'http://example.com', originAttributes: { appId: 1, inIsolatedMozBrowser: true } },
     { origin: 'http://example.com', originAttributes: {} },
-    { origin: 'http://example.com', originAttributes: { inIsolatedMozBrowser: true } },
+    { origin: 'http://example.com', originAttributes: { appId: 2 } },
   ];
 
-  // In that case, all permissions should be removed.
-  test(entries, getData({}), [ pm.UNKNOWN_ACTION, pm.UNKNOWN_ACTION, pm.ALLOW_ACTION, pm.ALLOW_ACTION ]);
+  // In that case, all permissions from app 1 should be removed but not the other ones.
+  test(entries, getData({appId: 1}), [ pm.UNKNOWN_ACTION, pm.UNKNOWN_ACTION, pm.ALLOW_ACTION, pm.ALLOW_ACTION ]);
 
-  // In that case, only the permissions related to a browserElement should be removed.
+  // In that case, only the permissions of app 1 related to a browserElement should be removed.
   // All the other permissions should stay.
-  test(entries, getData({ inIsolatedMozBrowser: true}), [ pm.ALLOW_ACTION, pm.UNKNOWN_ACTION, pm.ALLOW_ACTION, pm.ALLOW_ACTION ]);
+  test(entries, getData({appId: 1, inIsolatedMozBrowser: true}), [ pm.ALLOW_ACTION, pm.UNKNOWN_ACTION, pm.ALLOW_ACTION, pm.ALLOW_ACTION ]);
 }
diff --git a/extensions/permissions/test/unit/test_permmanager_defaults.js b/extensions/permissions/test/unit/test_permmanager_defaults.js
index 08fe8dbf8cd7e..34914ca46467f 100644
--- a/extensions/permissions/test/unit/test_permmanager_defaults.js
+++ b/extensions/permissions/test/unit/test_permmanager_defaults.js
@@ -39,7 +39,7 @@ add_task(async function do_test() {
   conv.writeString("host\t" + TEST_PERMISSION + "\t1\t" + TEST_ORIGIN.host + "\n");
   conv.writeString("host\t" + TEST_PERMISSION + "\t1\t" + TEST_ORIGIN_2.host + "\n");
   conv.writeString("origin\t" + TEST_PERMISSION + "\t1\t" + TEST_ORIGIN_3.spec + "\n");
-  conv.writeString("origin\t" + TEST_PERMISSION + "\t1\t" + TEST_ORIGIN.spec + "^inBrowser=1\n");
+  conv.writeString("origin\t" + TEST_PERMISSION + "\t1\t" + TEST_ORIGIN.spec + "^appId=1000&inBrowser=1\n");
   ostream.close();
 
   // Set the preference used by the permission manager so the file is read.
@@ -57,7 +57,7 @@ add_task(async function do_test() {
   let principal2 = Services.scriptSecurityManager.createCodebasePrincipal(TEST_ORIGIN_2, {});
   let principal3 = Services.scriptSecurityManager.createCodebasePrincipal(TEST_ORIGIN_3, {});
 
-  let attrs = {inIsolatedMozBrowser: true};
+  let attrs = {appId: 1000, inIsolatedMozBrowser: true};
   let principal4 = Services.scriptSecurityManager.createCodebasePrincipal(TEST_ORIGIN, attrs);
   let principal5 = Services.scriptSecurityManager.createCodebasePrincipal(TEST_ORIGIN_3, attrs);
 
diff --git a/extensions/permissions/test/unit/test_permmanager_load_invalid_entries.js b/extensions/permissions/test/unit/test_permmanager_load_invalid_entries.js
index 3bcb7412cd450..37a3a6ed644db 100644
--- a/extensions/permissions/test/unit/test_permmanager_load_invalid_entries.js
+++ b/extensions/permissions/test/unit/test_permmanager_load_invalid_entries.js
@@ -37,63 +37,67 @@ function run_test() {
   var garbadge = [
     // Regular entry.
     { host: '42', type: '0', permission: 1, expireType: 0, expireTime: 0,
-      isInBrowserElement: 0 },
+      appId: 0, isInBrowserElement: 0 },
 
     // Special values in host (some being invalid).
     { host: 'scheme:file', type: '1', permission: 0, expireType: 0,
-      expireTime: 0, isInBrowserElement: 0 },
+      expireTime: 0, appId: 0, isInBrowserElement: 0 },
     { host: '192.168.0.1', type: '2', permission: 0, expireType: 0,
-      expireTime: 0, isInBrowserElement: 0 },
+      expireTime: 0, appId: 0, isInBrowserElement: 0 },
     { host: '2001:0db8:0000:0000:0000:ff00:0042:8329', type: '3', permission: 0,
-      expireType: 0, expireTime: 0, isInBrowserElement: 0 },
+      expireType: 0, expireTime: 0, appId: 0, isInBrowserElement: 0 },
     { host: '::1', type: '4', permission: 0, expireType: 0, expireTime: 0,
-      isInBrowserElement: 0 },
+      appId: 0, isInBrowserElement: 0 },
 
     // Permission is UNKNOWN_ACTION.
     { host: '42', type: '5', permission: Ci.nsIPermissionManager.UNKNOWN_ACTION,
-      expireType: 0, expireTime: 0, isInBrowserElement: 0 },
+      expireType: 0, expireTime: 0, appId: 0, isInBrowserElement: 0 },
 
     // Permission is out of range.
     { host: '42', type: '6', permission: 100, expireType: 0, expireTime: 0,
-      isInBrowserElement: 0 },
+      appId: 0, isInBrowserElement: 0 },
     { host: '42', type: '7', permission: -100, expireType: 0, expireTime: 0,
-      isInBrowserElement: 0 },
+      appId: 0, isInBrowserElement: 0 },
 
     // ExpireType is out of range.
     { host: '42', type: '8', permission: 1, expireType: -100, expireTime: 0,
-      isInBrowserElement: 0 },
+      appId: 0, isInBrowserElement: 0 },
     { host: '42', type: '9', permission: 1, expireType: 100, expireTime: 0,
-      isInBrowserElement: 0 },
+      appId: 0, isInBrowserElement: 0 },
 
     // ExpireTime is at 0 with ExpireType = Time.
     { host: '42', type: '10', permission: 1,
-      expireType: Ci.nsIPermissionManager.EXPIRE_TIME, expireTime: 0,
+      expireType: Ci.nsIPermissionManager.EXPIRE_TIME, expireTime: 0, appId: 0,
       isInBrowserElement: 0 },
 
     // ExpireTime has a value with ExpireType != Time
     { host: '42', type: '11', permission: 1,
       expireType: Ci.nsIPermissionManager.EXPIRE_SESSION, expireTime: 1000,
-      isInBrowserElement: 0 },
+      appId: 0, isInBrowserElement: 0 },
     { host: '42', type: '12', permission: 1,
       expireType: Ci.nsIPermissionManager.EXPIRE_NEVER, expireTime: 1000,
-      isInBrowserElement: 0 },
+      appId: 0, isInBrowserElement: 0 },
 
     // ExpireTime is negative.
     { host: '42', type: '13', permission: 1,
       expireType: Ci.nsIPermissionManager.EXPIRE_TIME, expireTime: -1,
-      isInBrowserElement: 0 },
+      appId: 0, isInBrowserElement: 0 },
+
+    // AppId is negative.
+    { host: '42', type: '14', permission: 1, expireType: 0, expireTime: 0,
+      appId: -1, isInBrowserElement: 0 },
 
     // IsInBrowserElement is negative or higher than 1.
     { host: '42', type: '15', permission: 1, expireType: 0, expireTime: 0,
-      isInBrowserElement: -1 },
+      appId: 0, isInBrowserElement: -1 },
     { host: '42', type: '16', permission: 1, expireType: 0, expireTime: 0,
-      isInBrowserElement: 10 },
+      appId: 0, isInBrowserElement: 10 },
 
     // This insertion should be the last one. It is used to make sure we always
     // load it regardless of the previous entries validities.
     { host: 'example.org', type: 'test-load-invalid-entries',
       permission: Ci.nsIPermissionManager.ALLOW_ACTION, expireType: 0,
-      expireTime: 0, isInBrowserElement: 0 },
+      expireTime: 0, appId: 0, isInBrowserElement: 0 },
   ];
 
   for (var i=0; i<garbadge.length; ++i) {
@@ -103,10 +107,11 @@ function run_test() {
     var data = garbadge[i];
     connection.executeSimpleSQL(
       "INSERT INTO moz_hosts " +
-      " (id, host, type, permission, expireType, expireTime, isInBrowserElement, appId) " +
+      " (id, host, type, permission, expireType, expireTime, appId, isInBrowserElement) " +
       "VALUES (" + i + ", '" + data.host + "', '" + data.type + "', "
                  + data.permission + ", " + data.expireType + ", "
-                 + data.expireTime + ", " + data.isInBrowserElement + ", 0)"
+                 + data.expireTime + ", " + data.appId + ", "
+                 + data.isInBrowserElement + ")"
     );
   }
 
diff --git a/extensions/permissions/test/unit/test_permmanager_matches.js b/extensions/permissions/test/unit/test_permmanager_matches.js
index 9d96daea2bd47..f0bccc75db674 100644
--- a/extensions/permissions/test/unit/test_permmanager_matches.js
+++ b/extensions/permissions/test/unit/test_permmanager_matches.js
@@ -38,20 +38,44 @@ function run_test() {
   let uri4 = NetUtil.newURI("https://hangouts.google.com/#!/hangout");
   let uri5 = NetUtil.newURI("http://google.com:8096/");
 
-  let uri0_n = secMan.createCodebasePrincipal(uri0, {});
-  let uri1_n = secMan.createCodebasePrincipal(uri1, {});
-  let uri2_n = secMan.createCodebasePrincipal(uri2, {});
-  let uri3_n = secMan.createCodebasePrincipal(uri3, {});
-  let uri4_n = secMan.createCodebasePrincipal(uri4, {});
-  let uri5_n = secMan.createCodebasePrincipal(uri5, {});
-
-  attrs = {inIsolatedMozBrowser: true};
-  let uri0_y_ = secMan.createCodebasePrincipal(uri0, attrs);
-  let uri1_y_ = secMan.createCodebasePrincipal(uri1, attrs);
-  let uri2_y_ = secMan.createCodebasePrincipal(uri2, attrs);
-  let uri3_y_ = secMan.createCodebasePrincipal(uri3, attrs);
-  let uri4_y_ = secMan.createCodebasePrincipal(uri4, attrs);
-  let uri5_y_ = secMan.createCodebasePrincipal(uri5, attrs);
+  let uri0_n_n = secMan.createCodebasePrincipal(uri0, {});
+  let uri1_n_n = secMan.createCodebasePrincipal(uri1, {});
+  let uri2_n_n = secMan.createCodebasePrincipal(uri2, {});
+  let uri3_n_n = secMan.createCodebasePrincipal(uri3, {});
+  let uri4_n_n = secMan.createCodebasePrincipal(uri4, {});
+  let uri5_n_n = secMan.createCodebasePrincipal(uri5, {});
+
+  let attrs = {appId: 1000};
+  let uri0_1000_n = secMan.createCodebasePrincipal(uri0, attrs);
+  let uri1_1000_n = secMan.createCodebasePrincipal(uri1, attrs);
+  let uri2_1000_n = secMan.createCodebasePrincipal(uri2, attrs);
+  let uri3_1000_n = secMan.createCodebasePrincipal(uri3, attrs);
+  let uri4_1000_n = secMan.createCodebasePrincipal(uri4, attrs);
+  let uri5_1000_n = secMan.createCodebasePrincipal(uri5, attrs);
+
+  attrs = {appId: 1000, inIsolatedMozBrowser: true};
+  let uri0_1000_y = secMan.createCodebasePrincipal(uri0, attrs);
+  let uri1_1000_y = secMan.createCodebasePrincipal(uri1, attrs);
+  let uri2_1000_y = secMan.createCodebasePrincipal(uri2, attrs);
+  let uri3_1000_y = secMan.createCodebasePrincipal(uri3, attrs);
+  let uri4_1000_y = secMan.createCodebasePrincipal(uri4, attrs);
+  let uri5_1000_y = secMan.createCodebasePrincipal(uri5, attrs);
+
+  attrs = {appId: 2000};
+  let uri0_2000_n = secMan.createCodebasePrincipal(uri0, attrs);
+  let uri1_2000_n = secMan.createCodebasePrincipal(uri1, attrs);
+  let uri2_2000_n = secMan.createCodebasePrincipal(uri2, attrs);
+  let uri3_2000_n = secMan.createCodebasePrincipal(uri3, attrs);
+  let uri4_2000_n = secMan.createCodebasePrincipal(uri4, attrs);
+  let uri5_2000_n = secMan.createCodebasePrincipal(uri5, attrs);
+
+  attrs = {appId: 2000, inIsolatedMozBrowser: true};
+  let uri0_2000_y = secMan.createCodebasePrincipal(uri0, attrs);
+  let uri1_2000_y = secMan.createCodebasePrincipal(uri1, attrs);
+  let uri2_2000_y = secMan.createCodebasePrincipal(uri2, attrs);
+  let uri3_2000_y = secMan.createCodebasePrincipal(uri3, attrs);
+  let uri4_2000_y = secMan.createCodebasePrincipal(uri4, attrs);
+  let uri5_2000_y = secMan.createCodebasePrincipal(uri5, attrs);
 
   attrs = {userContextId: 1};
   let uri0_1 = secMan.createCodebasePrincipal(uri0, attrs);
@@ -69,40 +93,88 @@ function run_test() {
   let uri4_cnn = secMan.createCodebasePrincipal(uri4, attrs);
   let uri5_cnn = secMan.createCodebasePrincipal(uri5, attrs);
 
-  pm.addFromPrincipal(uri0_n, "test/matches", pm.ALLOW_ACTION);
-  let perm_n = pm.getPermissionObject(uri0_n, "test/matches", true);
-  pm.addFromPrincipal(uri0_y_, "test/matches", pm.ALLOW_ACTION);
-  let perm_y_ = pm.getPermissionObject(uri0_y_, "test/matches", true);
+  pm.addFromPrincipal(uri0_n_n, "test/matches", pm.ALLOW_ACTION);
+  let perm_n_n = pm.getPermissionObject(uri0_n_n, "test/matches", true);
+  pm.addFromPrincipal(uri0_1000_n, "test/matches", pm.ALLOW_ACTION);
+  let perm_1000_n = pm.getPermissionObject(uri0_1000_n, "test/matches", true);
+  pm.addFromPrincipal(uri0_1000_y, "test/matches", pm.ALLOW_ACTION);
+  let perm_1000_y = pm.getPermissionObject(uri0_1000_y, "test/matches", true);
+  pm.addFromPrincipal(uri0_2000_n, "test/matches", pm.ALLOW_ACTION);
+  let perm_2000_n = pm.getPermissionObject(uri0_2000_n, "test/matches", true);
+  pm.addFromPrincipal(uri0_2000_y, "test/matches", pm.ALLOW_ACTION);
+  let perm_2000_y = pm.getPermissionObject(uri0_2000_y, "test/matches", true);
   pm.addFromPrincipal(uri0_1, "test/matches", pm.ALLOW_ACTION);
-  let perm_1 = pm.getPermissionObject(uri0_n, "test/matches", true);
+  let perm_1 = pm.getPermissionObject(uri0_n_n, "test/matches", true);
   pm.addFromPrincipal(uri0_cnn, "test/matches", pm.ALLOW_ACTION);
-  let perm_cnn = pm.getPermissionObject(uri0_n, "test/matches", true);
-
-  matches_always(perm_n, [uri0_n, uri0_1, uri0_cnn]);
-  matches_weak(perm_n, [uri1_n, uri1_1, uri1_cnn]);
-  matches_never(perm_n, [uri2_n, uri3_n, uri4_n, uri5_n,
-                           uri0_y_, uri1_y_, uri2_y_, uri3_y_, uri4_y_, uri5_y_,
+  let perm_cnn = pm.getPermissionObject(uri0_n_n, "test/matches", true);
+
+  matches_always(perm_n_n, [uri0_n_n, uri0_1, uri0_cnn]);
+  matches_weak(perm_n_n, [uri1_n_n, uri1_1, uri1_cnn]);
+  matches_never(perm_n_n, [uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
+                           uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
+                           uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
+                           uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
+                           uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
                            uri2_1, uri3_1, uri4_1, uri5_1,
                            uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
 
-  matches_always(perm_y_, [uri0_y_]);
-  matches_weak(perm_y_, [uri1_y_]);
-  matches_never(perm_y_, [uri2_y_, uri3_y_, uri4_y_, uri5_y_,
-                              uri0_n, uri1_n, uri2_n, uri3_n, uri4_n, uri5_n,
+  matches_always(perm_1000_n, [uri0_1000_n]);
+  matches_weak(perm_1000_n, [uri1_1000_n]);
+  matches_never(perm_1000_n, [uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
+                              uri0_n_n, uri1_n_n, uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
+                              uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
+                              uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
+                              uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
+                              uri0_1, uri1_1, uri2_1, uri3_1, uri4_1, uri5_1,
+                              uri0_cnn, uri1_cnn, uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
+
+  matches_always(perm_1000_y, [uri0_1000_y]);
+  matches_weak(perm_1000_y, [uri1_1000_y]);
+  matches_never(perm_1000_y, [uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
+                              uri0_n_n, uri1_n_n, uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
+                              uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
+                              uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
+                              uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
+                              uri0_1, uri1_1, uri2_1, uri3_1, uri4_1, uri5_1,
+                              uri0_cnn, uri1_cnn, uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
+
+  matches_always(perm_2000_n, [uri0_2000_n]);
+  matches_weak(perm_2000_n, [uri1_2000_n]);
+  matches_never(perm_2000_n, [uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
+                              uri0_n_n, uri1_n_n, uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
+                              uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
+                              uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
+                              uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
+                              uri0_1, uri1_1, uri2_1, uri3_1, uri4_1, uri5_1,
+                              uri0_cnn, uri1_cnn, uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
+
+  matches_always(perm_2000_y, [uri0_2000_y]);
+  matches_weak(perm_2000_y, [uri1_2000_y]);
+  matches_never(perm_2000_y, [uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
+                              uri0_n_n, uri1_n_n, uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
+                              uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
+                              uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
+                              uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
                               uri0_1, uri1_1, uri2_1, uri3_1, uri4_1, uri5_1,
                               uri0_cnn, uri1_cnn, uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
 
-  matches_always(perm_1, [uri0_n, uri0_1, uri0_cnn]);
-  matches_weak(perm_1, [uri1_n, uri1_1, uri1_cnn]);
-  matches_never(perm_1, [uri2_n, uri3_n, uri4_n, uri5_n,
-                         uri0_y_, uri1_y_, uri2_y_, uri3_y_, uri4_y_, uri5_y_,
+  matches_always(perm_1, [uri0_n_n, uri0_1, uri0_cnn]);
+  matches_weak(perm_1, [uri1_n_n, uri1_1, uri1_cnn]);
+  matches_never(perm_1, [uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
+                         uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
+                         uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
+                         uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
+                         uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
                          uri2_1, uri3_1, uri4_1, uri5_1,
                          uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
 
-  matches_always(perm_cnn, [uri0_n, uri0_1, uri0_cnn]);
-  matches_weak(perm_cnn, [uri1_n, uri1_1, uri1_cnn]);
-  matches_never(perm_cnn, [uri2_n, uri3_n, uri4_n, uri5_n,
-                           uri0_y_, uri1_y_, uri2_y_, uri3_y_, uri4_y_, uri5_y_,
+  matches_always(perm_cnn, [uri0_n_n, uri0_1, uri0_cnn]);
+  matches_weak(perm_cnn, [uri1_n_n, uri1_1, uri1_cnn]);
+  matches_never(perm_cnn, [uri2_n_n, uri3_n_n, uri4_n_n, uri5_n_n,
+                           uri0_1000_n, uri1_1000_n, uri2_1000_n, uri3_1000_n, uri4_1000_n, uri5_1000_n,
+                           uri0_1000_y, uri1_1000_y, uri2_1000_y, uri3_1000_y, uri4_1000_y, uri5_1000_y,
+                           uri0_2000_n, uri1_2000_n, uri2_2000_n, uri3_2000_n, uri4_2000_n, uri5_2000_n,
+                           uri0_2000_y, uri1_2000_y, uri2_2000_y, uri3_2000_y, uri4_2000_y, uri5_2000_y,
                            uri2_1, uri3_1, uri4_1, uri5_1,
                            uri2_cnn, uri3_cnn, uri4_cnn, uri5_cnn]);
 
diff --git a/extensions/permissions/test/unit/test_permmanager_matchesuri.js b/extensions/permissions/test/unit/test_permmanager_matchesuri.js
index be60510a59d1f..d7eedf29f8d37 100644
--- a/extensions/permissions/test/unit/test_permmanager_matchesuri.js
+++ b/extensions/permissions/test/unit/test_permmanager_matchesuri.js
@@ -22,7 +22,7 @@ function matches_never(perm, uris) {
   });
 }
 
-function mk_permission(uri) {
+function mk_permission(uri, isAppPermission = false) {
   let pm = Cc["@mozilla.org/permissionmanager;1"].
         getService(Ci.nsIPermissionManager);
 
@@ -30,7 +30,9 @@ function mk_permission(uri) {
         .getService(Ci.nsIScriptSecurityManager);
 
   // Get the permission from the principal!
-  let principal = secMan.createCodebasePrincipal(uri, {});
+  let attrs = {appId: 1000};
+  let principal =
+    secMan.createCodebasePrincipal(uri, isAppPermission ? attrs : {});
 
   pm.addFromPrincipal(principal, "test/matchesuri", pm.ALLOW_ACTION);
   let permission = pm.getPermissionObject(principal, "test/matchesuri", true);
diff --git a/extensions/permissions/test/unit/test_permmanager_migrate_4-7.js b/extensions/permissions/test/unit/test_permmanager_migrate_4-7.js
index 9ad7d61cecd60..43bcb406b4cb5 100644
--- a/extensions/permissions/test/unit/test_permmanager_migrate_4-7.js
+++ b/extensions/permissions/test/unit/test_permmanager_migrate_4-7.js
@@ -109,7 +109,8 @@ add_task(async function test() {
     // The http:// entries under foo.com won't be inserted, as there are history entries for foo.com,
     // and http://foo.com or a subdomain are never visited.
     // ["http://foo.com", "A", 1, 0, 0],
-    // ["http://foo.com^inBrowser=1", "A", 1, 0, 0],
+    // ["http://foo.com^appId=1000", "A", 1, 0, 0],
+    // ["http://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
     //
     // Because we search for port/scheme combinations under eTLD+1, we should not have http:// entries
     // for subdomains of foo.com either
@@ -118,15 +119,18 @@ add_task(async function test() {
 
     ["https://foo.com", "A", 1, 0, 0],
     ["https://foo.com", "C", 1, 0, 0],
-    ["https://foo.com^inBrowser=1", "A", 1, 0, 0],
+    ["https://foo.com^appId=1000", "A", 1, 0, 0],
+    ["https://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
     ["https://sub.foo.com", "B", 1, 0, 0],
     ["https://subber.sub.foo.com", "B", 1, 0, 0],
 
     // bar.ca will have both http:// and https:// for all entries, because there are no associated history entries
     ["http://bar.ca", "B", 1, 0, 0],
     ["https://bar.ca", "B", 1, 0, 0],
-    ["http://bar.ca^inBrowser=1", "A", 1, 0, 0],
-    ["https://bar.ca^inBrowser=1", "A", 1, 0, 0],
+    ["http://bar.ca^appId=1000", "B", 1, 0, 0],
+    ["https://bar.ca^appId=1000", "B", 1, 0, 0],
+    ["http://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
+    ["https://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
     ["file:///some/path/to/file.html", "A", 1, 0, 0],
     ["file:///another/file.html", "A", 1, 0, 0],
 
@@ -134,7 +138,8 @@ add_task(async function test() {
     // also have these entries
     ["ftp://foo.com:8000", "A", 1, 0, 0],
     ["ftp://foo.com:8000", "C", 1, 0, 0],
-    ["ftp://foo.com:8000^inBrowser=1", "A", 1, 0, 0],
+    ["ftp://foo.com:8000^appId=1000", "A", 1, 0, 0],
+    ["ftp://foo.com:8000^appId=2000&inBrowser=1", "A", 1, 0, 0],
 
     // In addition, because we search for port/scheme combinations under eTLD+1, we should have the
     // following entries
diff --git a/extensions/permissions/test/unit/test_permmanager_migrate_4-7_no_history.js b/extensions/permissions/test/unit/test_permmanager_migrate_4-7_no_history.js
index dd8ec21049e45..c4d4c2f0cf7f7 100644
--- a/extensions/permissions/test/unit/test_permmanager_migrate_4-7_no_history.js
+++ b/extensions/permissions/test/unit/test_permmanager_migrate_4-7_no_history.js
@@ -144,21 +144,25 @@ add_task(function test() {
   let expected = [
     ["http://foo.com", "A", 1, 0, 0],
     ["http://foo.com", "C", 1, 0, 0],
-    ["http://foo.com^inBrowser=1", "A", 1, 0, 0],
+    ["http://foo.com^appId=1000", "A", 1, 0, 0],
+    ["http://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
     ["http://sub.foo.com", "B", 1, 0, 0],
     ["http://subber.sub.foo.com", "B", 1, 0, 0],
 
     ["https://foo.com", "A", 1, 0, 0],
     ["https://foo.com", "C", 1, 0, 0],
-    ["https://foo.com^inBrowser=1", "A", 1, 0, 0],
+    ["https://foo.com^appId=1000", "A", 1, 0, 0],
+    ["https://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
     ["https://sub.foo.com", "B", 1, 0, 0],
     ["https://subber.sub.foo.com", "B", 1, 0, 0],
 
     // bar.ca will have both http:// and https:// for all entries, because there are no associated history entries
     ["http://bar.ca", "B", 1, 0, 0],
     ["https://bar.ca", "B", 1, 0, 0],
-    ["http://bar.ca^inBrowser=1", "A", 1, 0, 0],
-    ["https://bar.ca^inBrowser=1", "A", 1, 0, 0],
+    ["http://bar.ca^appId=1000", "B", 1, 0, 0],
+    ["https://bar.ca^appId=1000", "B", 1, 0, 0],
+    ["http://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
+    ["https://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
     ["file:///some/path/to/file.html", "A", 1, 0, 0],
     ["file:///another/file.html", "A", 1, 0, 0],
 
diff --git a/extensions/permissions/test/unit/test_permmanager_migrate_5-7a.js b/extensions/permissions/test/unit/test_permmanager_migrate_5-7a.js
index a0afa45db42dd..68ad126ec1514 100644
--- a/extensions/permissions/test/unit/test_permmanager_migrate_5-7a.js
+++ b/extensions/permissions/test/unit/test_permmanager_migrate_5-7a.js
@@ -132,7 +132,7 @@ add_task(async function test() {
   let created5 = [
     insertOrigin("https://foo.com", "A", 2, 0, 0, 0),
     insertOrigin("http://foo.com", "A", 2, 0, 0, 0),
-    insertOrigin("http://foo.com^inBrowser=1", "A", 2, 0, 0, 0),
+    insertOrigin("http://foo.com^appId=1000&inBrowser=1", "A", 2, 0, 0, 0),
   ];
 
   // Add some rows to the database
@@ -168,7 +168,8 @@ add_task(async function test() {
     // The http:// entries under foo.com won't be inserted, as there are history entries for foo.com,
     // and http://foo.com or a subdomain are never visited.
     // ["http://foo.com", "A", 1, 0, 0],
-    // ["http://foo.com^inBrowser=1", "A", 1, 0, 0],
+    // ["http://foo.com^appId=1000", "A", 1, 0, 0],
+    // ["http://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
     //
     // Because we search for port/scheme combinations under eTLD+1, we should not have http:// entries
     // for subdomains of foo.com either
@@ -177,15 +178,18 @@ add_task(async function test() {
 
     ["https://foo.com", "A", 1, 0, 0],
     ["https://foo.com", "C", 1, 0, 0],
-    ["https://foo.com^inBrowser=1", "A", 1, 0, 0],
+    ["https://foo.com^appId=1000", "A", 1, 0, 0],
+    ["https://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
     ["https://sub.foo.com", "B", 1, 0, 0],
     ["https://subber.sub.foo.com", "B", 1, 0, 0],
 
     // bar.ca will have both http:// and https:// for all entries, because there are no associated history entries
     ["http://bar.ca", "B", 1, 0, 0],
     ["https://bar.ca", "B", 1, 0, 0],
-    ["http://bar.ca^inBrowser=1", "A", 1, 0, 0],
-    ["https://bar.ca^inBrowser=1", "A", 1, 0, 0],
+    ["http://bar.ca^appId=1000", "B", 1, 0, 0],
+    ["https://bar.ca^appId=1000", "B", 1, 0, 0],
+    ["http://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
+    ["https://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
     ["file:///some/path/to/file.html", "A", 1, 0, 0],
     ["file:///another/file.html", "A", 1, 0, 0],
 
@@ -193,7 +197,8 @@ add_task(async function test() {
     // also have these entries
     ["ftp://foo.com:8000", "A", 1, 0, 0],
     ["ftp://foo.com:8000", "C", 1, 0, 0],
-    ["ftp://foo.com:8000^inBrowser=1", "A", 1, 0, 0],
+    ["ftp://foo.com:8000^appId=1000", "A", 1, 0, 0],
+    ["ftp://foo.com:8000^appId=2000&inBrowser=1", "A", 1, 0, 0],
 
     // In addition, because we search for port/scheme combinations under eTLD+1, we should have the
     // following entries
diff --git a/extensions/permissions/test/unit/test_permmanager_migrate_5-7b.js b/extensions/permissions/test/unit/test_permmanager_migrate_5-7b.js
index c2081406c09dd..8e81558d283e5 100644
--- a/extensions/permissions/test/unit/test_permmanager_migrate_5-7b.js
+++ b/extensions/permissions/test/unit/test_permmanager_migrate_5-7b.js
@@ -94,7 +94,7 @@ add_task(function test() {
   let expected = [
     ["https://foo.com", "A", 2, 0, 0, 0],
     ["http://foo.com", "A", 2, 0, 0, 0],
-    ["http://foo.com^inBrowser=1", "A", 2, 0, 0, 0],
+    ["http://foo.com^appId=1000&inBrowser=1", "A", 2, 0, 0, 0],
 
     ["http://127.0.0.1", "B", 2, 0, 0, 0],
     ["http://localhost", "B", 2, 0, 0, 0],
@@ -144,7 +144,7 @@ add_task(function test() {
 
     let mozHostsStmt = db.createStatement("SELECT " +
                                           "host, type, permission, expireType, expireTime, " +
-                                          "modificationTime, isInBrowserElement " +
+                                          "modificationTime, appId, isInBrowserElement " +
                                           "FROM moz_hosts WHERE id = :id");
     try {
       // Check that the moz_hosts table still contains the correct values.
@@ -158,7 +158,8 @@ add_task(function test() {
         Assert.equal(mozHostsStmt.getInt64(3), it.expireType);
         Assert.equal(mozHostsStmt.getInt64(4), it.expireTime);
         Assert.equal(mozHostsStmt.getInt64(5), it.modificationTime);
-        Assert.equal(mozHostsStmt.getInt64(6), it.isInBrowserElement);
+        Assert.equal(mozHostsStmt.getInt64(6), it.appId);
+        Assert.equal(mozHostsStmt.getInt64(7), it.isInBrowserElement);
       });
     } finally {
       mozHostsStmt.finalize();
diff --git a/extensions/permissions/test/unit/test_permmanager_migrate_6-7a.js b/extensions/permissions/test/unit/test_permmanager_migrate_6-7a.js
index a5fa6b61aac85..197dc6ff96e0f 100644
--- a/extensions/permissions/test/unit/test_permmanager_migrate_6-7a.js
+++ b/extensions/permissions/test/unit/test_permmanager_migrate_6-7a.js
@@ -132,7 +132,7 @@ add_task(async function test() {
   let created6 = [
     insertOrigin("https://foo.com", "A", 2, 0, 0, 0),
     insertOrigin("http://foo.com", "A", 2, 0, 0, 0),
-    insertOrigin("http://foo.com^inBrowser=1", "A", 2, 0, 0, 0),
+    insertOrigin("http://foo.com^appId=1000&inBrowser=1", "A", 2, 0, 0, 0),
   ];
 
   // Add some rows to the database
@@ -168,7 +168,8 @@ add_task(async function test() {
     // The http:// entries under foo.com won't be inserted, as there are history entries for foo.com,
     // and http://foo.com or a subdomain are never visited.
     // ["http://foo.com", "A", 1, 0, 0],
-    // ["http://foo.com^inBrowser=1", "A", 1, 0, 0],
+    // ["http://foo.com^appId=1000", "A", 1, 0, 0],
+    // ["http://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
     //
     // Because we search for port/scheme combinations under eTLD+1, we should not have http:// entries
     // for subdomains of foo.com either
@@ -177,15 +178,18 @@ add_task(async function test() {
 
     ["https://foo.com", "A", 1, 0, 0],
     ["https://foo.com", "C", 1, 0, 0],
-    ["https://foo.com^inBrowser=1", "A", 1, 0, 0],
+    ["https://foo.com^appId=1000", "A", 1, 0, 0],
+    ["https://foo.com^appId=2000&inBrowser=1", "A", 1, 0, 0],
     ["https://sub.foo.com", "B", 1, 0, 0],
     ["https://subber.sub.foo.com", "B", 1, 0, 0],
 
     // bar.ca will have both http:// and https:// for all entries, because there are no associated history entries
     ["http://bar.ca", "B", 1, 0, 0],
     ["https://bar.ca", "B", 1, 0, 0],
-    ["http://bar.ca^inBrowser=1", "A", 1, 0, 0],
-    ["https://bar.ca^inBrowser=1", "A", 1, 0, 0],
+    ["http://bar.ca^appId=1000", "B", 1, 0, 0],
+    ["https://bar.ca^appId=1000", "B", 1, 0, 0],
+    ["http://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
+    ["https://bar.ca^appId=1000&inBrowser=1", "A", 1, 0, 0],
     ["file:///some/path/to/file.html", "A", 1, 0, 0],
     ["file:///another/file.html", "A", 1, 0, 0],
 
@@ -193,7 +197,8 @@ add_task(async function test() {
     // also have these entries
     ["ftp://foo.com:8000", "A", 1, 0, 0],
     ["ftp://foo.com:8000", "C", 1, 0, 0],
-    ["ftp://foo.com:8000^inBrowser=1", "A", 1, 0, 0],
+    ["ftp://foo.com:8000^appId=1000", "A", 1, 0, 0],
+    ["ftp://foo.com:8000^appId=2000&inBrowser=1", "A", 1, 0, 0],
 
     // In addition, because we search for port/scheme combinations under eTLD+1, we should have the
     // following entries
diff --git a/extensions/permissions/test/unit/test_permmanager_migrate_6-7b.js b/extensions/permissions/test/unit/test_permmanager_migrate_6-7b.js
index 9682989bf9f10..d652c51452a10 100644
--- a/extensions/permissions/test/unit/test_permmanager_migrate_6-7b.js
+++ b/extensions/permissions/test/unit/test_permmanager_migrate_6-7b.js
@@ -91,7 +91,7 @@ add_task(function test() {
   let expected = [
     ["https://foo.com", "A", 2, 0, 0, 0],
     ["http://foo.com", "A", 2, 0, 0, 0],
-    ["http://foo.com^inBrowser=1", "A", 2, 0, 0, 0]
+    ["http://foo.com^appId=1000&inBrowser=1", "A", 2, 0, 0, 0]
   ];
 
   let found = expected.map((it) => 0);
@@ -138,7 +138,7 @@ add_task(function test() {
 
     let mozHostsStmt = db.createStatement("SELECT " +
                                           "host, type, permission, expireType, expireTime, " +
-                                          "modificationTime, isInBrowserElement " +
+                                          "modificationTime, appId, isInBrowserElement " +
                                           "FROM moz_hosts WHERE id = :id");
     try {
       // Check that the moz_hosts table still contains the correct values.
@@ -152,7 +152,8 @@ add_task(function test() {
         Assert.equal(mozHostsStmt.getInt64(3), it.expireType);
         Assert.equal(mozHostsStmt.getInt64(4), it.expireTime);
         Assert.equal(mozHostsStmt.getInt64(5), it.modificationTime);
-        Assert.equal(mozHostsStmt.getInt64(6), it.isInBrowserElement);
+        Assert.equal(mozHostsStmt.getInt64(6), it.appId);
+        Assert.equal(mozHostsStmt.getInt64(7), it.isInBrowserElement);
       });
     } finally {
       mozHostsStmt.finalize();
diff --git a/extensions/permissions/test/unit/test_permmanager_migrate_7-8.js b/extensions/permissions/test/unit/test_permmanager_migrate_7-8.js
index 57ae7f88651d2..4e8b18e512c8c 100644
--- a/extensions/permissions/test/unit/test_permmanager_migrate_7-8.js
+++ b/extensions/permissions/test/unit/test_permmanager_migrate_7-8.js
@@ -137,7 +137,7 @@ add_task(async function test() {
   let created7 = [
     insertOrigin("https://foo.com", "A", 2, 0, 0, 0),
     insertOrigin("http://foo.com", "A", 2, 0, 0, 0),
-    insertOrigin("http://foo.com^inBrowser=1", "A", 2, 0, 0, 0),
+    insertOrigin("http://foo.com^appId=1000&inBrowser=1", "A", 2, 0, 0, 0),
     insertOrigin("https://192.0.2.235", "A", 2, 0, 0),
   ];
 
@@ -178,7 +178,7 @@ add_task(async function test() {
     // We should have kept the previously migrated entries
     ["https://foo.com", "A", 2, 0, 0, 0],
     ["http://foo.com", "A", 2, 0, 0, 0],
-    ["http://foo.com^inBrowser=1", "A", 2, 0, 0, 0],
+    ["http://foo.com^appId=1000&inBrowser=1", "A", 2, 0, 0, 0],
 
     // Make sure that we also support localhost, and IP addresses
     ["https://localhost:8080", "A", 1, 0, 0],
diff --git a/extensions/permissions/test/unit/test_permmanager_migrate_9-10.js b/extensions/permissions/test/unit/test_permmanager_migrate_9-10.js
deleted file mode 100644
index 0e16879fdaab5..0000000000000
--- a/extensions/permissions/test/unit/test_permmanager_migrate_9-10.js
+++ /dev/null
@@ -1,217 +0,0 @@
-/* Any copyright is dedicated to the Public Domain.
-   http://creativecommons.org/publicdomain/zero/1.0/ */
-
-ChromeUtils.defineModuleGetter(this, "PlacesTestUtils",
-                               "resource://testing-common/PlacesTestUtils.jsm");
-
-var PERMISSIONS_FILE_NAME = "permissions.sqlite";
-
-function GetPermissionsFile(profile)
-{
-  let file = profile.clone();
-  file.append(PERMISSIONS_FILE_NAME);
-  return file;
-}
-
-add_task(async function test() {
-  /* Create and set up the permissions database */
-  let profile = do_get_profile();
-  Services.prefs.setCharPref("permissions.manager.defaultsUrl", "");
-
-  let db = Services.storage.openDatabase(GetPermissionsFile(profile));
-  db.schemaVersion = 9;
-  db.executeSimpleSQL("DROP TABLE moz_perms");
-  db.executeSimpleSQL("DROP TABLE moz_hosts");
-
-  db.executeSimpleSQL(
-    "CREATE TABLE moz_perms (" +
-      " id INTEGER PRIMARY KEY" +
-      ",origin TEXT" +
-      ",type TEXT" +
-      ",permission INTEGER" +
-      ",expireType INTEGER" +
-      ",expireTime INTEGER" +
-      ",modificationTime INTEGER" +
-    ")");
-
-  let stmt6Insert = db.createStatement(
-    "INSERT INTO moz_perms (" +
-      "id, origin, type, permission, expireType, expireTime, modificationTime" +
-    ") VALUES (" +
-      ":id, :origin, :type, :permission, :expireType, :expireTime, :modificationTime" +
-    ")");
-
-  db.executeSimpleSQL(
-    "CREATE TABLE moz_hosts (" +
-      " id INTEGER PRIMARY KEY" +
-      ",host TEXT" +
-      ",type TEXT" +
-      ",permission INTEGER" +
-      ",expireType INTEGER" +
-      ",expireTime INTEGER" +
-      ",modificationTime INTEGER" +
-      ",appId INTEGER" +
-      ",isInBrowserElement INTEGER" +
-    ")");
-
-  let stmtInsert = db.createStatement(
-    "INSERT INTO moz_hosts (" +
-      "id, host, type, permission, expireType, expireTime, modificationTime, appId, isInBrowserElement" +
-    ") VALUES (" +
-      ":id, :host, :type, :permission, :expireType, :expireTime, :modificationTime, :appId, :isInBrowserElement" +
-    ")");
-
-  let id = 0;
-
-  function insertOrigin(origin, type, permission, expireType, expireTime, modificationTime) {
-    let thisId = id++;
-
-    stmt6Insert.bindByName("id", thisId);
-    stmt6Insert.bindByName("origin", origin);
-    stmt6Insert.bindByName("type", type);
-    stmt6Insert.bindByName("permission", permission);
-    stmt6Insert.bindByName("expireType", expireType);
-    stmt6Insert.bindByName("expireTime", expireTime);
-    stmt6Insert.bindByName("modificationTime", modificationTime);
-
-    try {
-      stmt6Insert.execute();
-    } finally {
-      stmt6Insert.reset();
-    }
-
-    return {
-      id: thisId,
-      origin: origin,
-      type: type,
-      permission: permission,
-      expireType: expireType,
-      expireTime: expireTime,
-      modificationTime: modificationTime
-    };
-  }
-
-  function insertHost(host, type, permission, expireType, expireTime, modificationTime, appId, isInBrowserElement) {
-    let thisId = id++;
-
-    stmtInsert.bindByName("id", thisId);
-    stmtInsert.bindByName("host", host);
-    stmtInsert.bindByName("type", type);
-    stmtInsert.bindByName("permission", permission);
-    stmtInsert.bindByName("expireType", expireType);
-    stmtInsert.bindByName("expireTime", expireTime);
-    stmtInsert.bindByName("modificationTime", modificationTime);
-    stmtInsert.bindByName("appId", appId);
-    stmtInsert.bindByName("isInBrowserElement", isInBrowserElement);
-
-    try {
-      stmtInsert.execute();
-    } finally {
-      stmtInsert.reset();
-    }
-
-    return {
-      id: thisId,
-      host: host,
-      type: type,
-      permission: permission,
-      expireType: expireType,
-      expireTime: expireTime,
-      modificationTime: modificationTime,
-      appId: appId,
-      isInBrowserElement: isInBrowserElement
-    };
-  }
-
-  let created7 = [
-    insertOrigin("https://foo.com", "A", 2, 0, 0, 0),
-    insertOrigin("http://foo.com", "A", 2, 0, 0, 0),
-    insertOrigin("http://foo.com^inBrowser=1", "A", 2, 0, 0, 0),
-  ];
-
-  // Add some rows to the database
-  let created = [
-    insertHost("foo.com", "A", 1, 0, 0, 0, 0, false),
-    insertHost("foo.com", "B", 1, 0, 0, 0, 1000, false),
-    insertHost("foo.com", "C", 1, 0, 0, 0, 2000, true),
-  ];
-
-  // CLose the db connection
-  stmt6Insert.finalize();
-  stmtInsert.finalize();
-  db.close();
-  stmtInsert = null;
-  db = null;
-
-  let expected = [
-    ["https://foo.com", "A", 2, 0, 0, 0],
-    ["http://foo.com", "A", 2, 0, 0, 0],
-    ["http://foo.com^inBrowser=1", "A", 2, 0, 0, 0],
-  ];
-
-  let found = expected.map((it) => 0);
-
-  // Add some places to the places database
-  await PlacesTestUtils.addVisits(Services.io.newURI("https://foo.com/some/other/subdirectory"));
-  await PlacesTestUtils.addVisits(Services.io.newURI("ftp://some.subdomain.of.foo.com:8000/some/subdirectory"));
-  await PlacesTestUtils.addVisits(Services.io.newURI("ftp://127.0.0.1:8080"));
-  await PlacesTestUtils.addVisits(Services.io.newURI("https://localhost:8080"));
-
-  // This will force the permission-manager to reload the data.
-  Services.obs.notifyObservers(null, "testonly-reload-permissions-from-disk", "");
-
-  // Force initialization of the nsPermissionManager
-  for (let permission of Services.perms.enumerator) {
-    let isExpected = false;
-
-    expected.forEach((it, i) => {
-      if (permission.principal.origin == it[0] &&
-          permission.type == it[1] &&
-          permission.capability == it[2] &&
-          permission.expireType == it[3] &&
-          permission.expireTime == it[4]) {
-        isExpected = true;
-        found[i]++;
-      }
-    });
-
-    Assert.ok(isExpected,
-              "Permission " + (isExpected ? "should" : "shouldn't") +
-              " be in permission database: " +
-              permission.principal.origin + ", " +
-              permission.type + ", " +
-              permission.capability + ", " +
-              permission.expireType + ", " +
-              permission.expireTime);
-  }
-
-  found.forEach((count, i) => {
-    Assert.ok(count == 1, "Expected count = 1, got count = " + count + " for permission " + expected[i]);
-  });
-
-  // Check to make sure that all of the tables which we care about are present
-  {
-    let db = Services.storage.openDatabase(GetPermissionsFile(profile));
-    Assert.ok(db.tableExists("moz_perms"));
-    Assert.ok(db.tableExists("moz_hosts"));
-    Assert.ok(!db.tableExists("moz_perms_v6"));
-
-    let mozHostsCount = db.createStatement("SELECT count(*) FROM moz_hosts");
-    try {
-      mozHostsCount.executeStep();
-      Assert.equal(mozHostsCount.getInt64(0), 1);
-    } finally {
-      mozHostsCount.finalize();
-    }
-
-    let mozPermsCount = db.createStatement("SELECT count(*) FROM moz_perms");
-    try {
-      mozPermsCount.executeStep();
-      Assert.equal(mozPermsCount.getInt64(0), expected.length);
-    } finally {
-      mozPermsCount.finalize();
-    }
-
-    db.close();
-  }
-});
diff --git a/extensions/permissions/test/unit/test_permmanager_removeforapp.js b/extensions/permissions/test/unit/test_permmanager_removeforapp.js
new file mode 100644
index 0000000000000..0505e998bad14
--- /dev/null
+++ b/extensions/permissions/test/unit/test_permmanager_removeforapp.js
@@ -0,0 +1,99 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+function run_test() {
+  // initialize the permission manager service
+  let ssm = Services.scriptSecurityManager;
+  let pm = Services.perms;
+
+  function mkPrin(uri, appId, inIsolatedMozBrowser) {
+    return ssm.createCodebasePrincipal(Services.io.newURI(uri),
+                                       {appId: appId, inIsolatedMozBrowser: inIsolatedMozBrowser});
+  }
+
+  function checkPerms(perms) {
+    perms.forEach((perm) => {
+      // Look up the expected permission
+      Assert.equal(pm.getPermissionObject(mkPrin(perm[0],  perm[1], perm[2]),
+                                          perm[3], true).capability,
+                   perm[4], "Permission is expected in the permission database");
+    });
+
+    // Count the entries
+    let count = 0;
+    let enumerator = Services.perms.enumerator;
+    while (enumerator.hasMoreElements()) { enumerator.getNext(); count++; }
+
+    Assert.equal(count, perms.length, "There should be the right number of permissions in the DB");
+  }
+
+  checkPerms([]);
+
+  let permissions = [
+    ['http://google.com',  1001, false, 'a', 1],
+    ['http://google.com',  1001, false, 'b', 1],
+    ['http://mozilla.com', 1001, false, 'b', 1],
+    ['http://mozilla.com', 1001, false, 'a', 1],
+
+    ['http://google.com',  1001, true, 'a', 1],
+    ['http://google.com',  1001, true, 'b', 1],
+    ['http://mozilla.com', 1001, true, 'b', 1],
+    ['http://mozilla.com', 1001, true, 'a', 1],
+
+    ['http://google.com',  1011, false, 'a', 1],
+    ['http://google.com',  1011, false, 'b', 1],
+    ['http://mozilla.com', 1011, false, 'b', 1],
+    ['http://mozilla.com', 1011, false, 'a', 1],
+  ];
+
+  permissions.forEach((perm) => {
+    pm.addFromPrincipal(mkPrin(perm[0], perm[1], perm[2]), perm[3], perm[4]);
+  });
+
+  checkPerms(permissions);
+
+  let remove_false_perms = [
+    ['http://google.com',  1011, false, 'a', 1],
+    ['http://google.com',  1011, false, 'b', 1],
+    ['http://mozilla.com', 1011, false, 'b', 1],
+    ['http://mozilla.com', 1011, false, 'a', 1],
+  ];
+
+  let attrs = { appId: 1001 };
+  pm.removePermissionsWithAttributes(JSON.stringify(attrs));
+  checkPerms(remove_false_perms);
+
+  let restore = [
+    ['http://google.com',  1001, false, 'a', 1],
+    ['http://google.com',  1001, false, 'b', 1],
+    ['http://mozilla.com', 1001, false, 'b', 1],
+    ['http://mozilla.com', 1001, false, 'a', 1],
+
+    ['http://google.com',  1001, true, 'a', 1],
+    ['http://google.com',  1001, true, 'b', 1],
+    ['http://mozilla.com', 1001, true, 'b', 1],
+    ['http://mozilla.com', 1001, true, 'a', 1],
+  ];
+
+  restore.forEach((perm) => {
+    pm.addFromPrincipal(mkPrin(perm[0],  perm[1], perm[2]), perm[3], perm[4]);
+  });
+  checkPerms(permissions);
+
+  let remove_true_perms = [
+    ['http://google.com',  1001, false, 'a', 1],
+    ['http://google.com',  1001, false, 'b', 1],
+    ['http://mozilla.com', 1001, false, 'b', 1],
+    ['http://mozilla.com', 1001, false, 'a', 1],
+
+    ['http://google.com',  1011, false, 'a', 1],
+    ['http://google.com',  1011, false, 'b', 1],
+    ['http://mozilla.com', 1011, false, 'b', 1],
+    ['http://mozilla.com', 1011, false, 'a', 1],
+  ];
+
+  attrs = { appId: 1001,
+            inIsolatedMozBrowser: true };
+  pm.removePermissionsWithAttributes(JSON.stringify(attrs));
+  checkPerms(remove_true_perms);
+}
diff --git a/extensions/permissions/test/unit/xpcshell.ini b/extensions/permissions/test/unit/xpcshell.ini
index ef38f485dc797..5148bdd69f59b 100644
--- a/extensions/permissions/test/unit/xpcshell.ini
+++ b/extensions/permissions/test/unit/xpcshell.ini
@@ -13,6 +13,7 @@ skip-if = toolkit == 'android'
 [test_permmanager_removebytype.js]
 [test_permmanager_removebytypesince.js]
 [test_permmanager_removesince.js]
+[test_permmanager_removeforapp.js]
 [test_permmanager_load_invalid_entries.js]
 skip-if = debug == true
 [test_permmanager_idn.js]
@@ -29,4 +30,3 @@ skip-if = debug == true
 [test_permmanager_migrate_6-7b.js]
 [test_permmanager_migrate_4-7_no_history.js]
 [test_permmanager_migrate_7-8.js]
-[test_permmanager_migrate_9-10.js]
diff --git a/ipc/glue/BackgroundUtils.cpp b/ipc/glue/BackgroundUtils.cpp
index d13102fe9c18b..76e0b08c32f40 100644
--- a/ipc/glue/BackgroundUtils.cpp
+++ b/ipc/glue/BackgroundUtils.cpp
@@ -85,7 +85,11 @@ already_AddRefed<nsIPrincipal> PrincipalInfoToPrincipal(
         return nullptr;
       }
 
-      principal = BasePrincipal::CreateCodebasePrincipal(uri, info.attrs());
+      OriginAttributes attrs;
+      if (info.attrs().mAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID) {
+        attrs = info.attrs();
+      }
+      principal = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
       if (NS_WARN_IF(!principal)) {
         return nullptr;
       }
diff --git a/ipc/glue/ProtocolUtils.h b/ipc/glue/ProtocolUtils.h
index a3ca2a92e7c7e..3b5304d9c31d0 100644
--- a/ipc/glue/ProtocolUtils.h
+++ b/ipc/glue/ProtocolUtils.h
@@ -969,6 +969,9 @@ Protocol* LoneManagedOrNullAsserts(
   return aManagees.ConstIter().Get()->GetKey();
 }
 
+// appId's are for B2G only currently, where managees.Count() == 1. This is
+// not guaranteed currently in Desktop, so for paths used for desktop,
+// don't assert there's one managee.
 template <typename Protocol>
 Protocol* SingleManagedOrNull(const ManagedContainer<Protocol>& aManagees) {
   if (aManagees.Count() != 1) {
diff --git a/mobile/android/components/ContentPermissionPrompt.js b/mobile/android/components/ContentPermissionPrompt.js
index 0a740053fcf94..07b2fa5e99350 100644
--- a/mobile/android/components/ContentPermissionPrompt.js
+++ b/mobile/android/components/ContentPermissionPrompt.js
@@ -24,7 +24,7 @@ ContentPermissionPrompt.prototype = {
 
   QueryInterface: ChromeUtils.generateQI([Ci.nsIContentPermissionPrompt]),
 
-  handleExistingPermission: function handleExistingPermission(request, type, callback) {
+  handleExistingPermission: function handleExistingPermission(request, type, isApp, callback) {
     let result = Services.perms.testExactPermissionFromPrincipal(request.principal, type);
     if (result == Ci.nsIPermissionManager.ALLOW_ACTION) {
       callback(/* allow */ true);
@@ -36,6 +36,11 @@ ContentPermissionPrompt.prototype = {
       return true;
     }
 
+    if (isApp && result == Ci.nsIPermissionManager.UNKNOWN_ACTION) {
+      callback(/* allow */ false);
+      return true;
+    }
+
     return false;
   },
 
@@ -54,6 +59,8 @@ ContentPermissionPrompt.prototype = {
   },
 
   prompt: function(request) {
+    let isApp = request.principal.appId !== Ci.nsIScriptSecurityManager.NO_APP_ID && request.principal.appId !== Ci.nsIScriptSecurityManager.UNKNOWN_APP_ID;
+
     // Only allow exactly one permission rquest here.
     let types = request.types.QueryInterface(Ci.nsIArray);
     if (types.length != 1) {
@@ -79,7 +86,7 @@ ContentPermissionPrompt.prototype = {
     };
 
     // Returns true if the request was handled
-    if (this.handleExistingPermission(request, perm.type, callback)) {
+    if (this.handleExistingPermission(request, perm.type, isApp, callback)) {
        return;
     }
 
@@ -109,6 +116,9 @@ ContentPermissionPrompt.prototype = {
         // If the user checked "Don't ask again" or this is a desktopNotification, make a permanent exception
         if (aChecked || entityName == "desktopNotification2") {
           Services.perms.addFromPrincipal(request.principal, perm.type, Ci.nsIPermissionManager.ALLOW_ACTION);
+        } else if (isApp) {
+          // Otherwise allow the permission for the current session if the request comes from an app
+          Services.perms.addFromPrincipal(request.principal, perm.type, Ci.nsIPermissionManager.ALLOW_ACTION, Ci.nsIPermissionManager.EXPIRE_SESSION);
         }
 
         callback(/* allow */ true);
diff --git a/netwerk/base/nsILoadContextInfo.idl b/netwerk/base/nsILoadContextInfo.idl
index bbf2b5d48ac5e..fe59ac08ec649 100644
--- a/netwerk/base/nsILoadContextInfo.idl
+++ b/netwerk/base/nsILoadContextInfo.idl
@@ -23,6 +23,9 @@ interface nsIDOMWindow;
 [scriptable, builtinclass, uuid(555e2f8a-a1f6-41dd-88ca-ed4ed6b98a22)]
 interface nsILoadContextInfo : nsISupports
 {
+  const unsigned long NO_APP_ID = 0;
+  const unsigned long UNKNOWN_APP_ID = 4294967295; // UINT32_MAX
+
   /**
    * Whether the context is in a Private Browsing mode
    */
diff --git a/netwerk/base/nsNetUtil.h b/netwerk/base/nsNetUtil.h
index ef612f6068b99..d1b68e9b1bc51 100644
--- a/netwerk/base/nsNetUtil.h
+++ b/netwerk/base/nsNetUtil.h
@@ -351,7 +351,7 @@ nsresult NS_NewLoadGroup(nsILoadGroup** aResult, nsIPrincipal* aPrincipal);
 
 // Determine if the given loadGroup/principal pair will produce a principal
 // with similar permissions when passed to NS_NewChannel().  This checks for
-// things like making sure the browser element flag matches.  Without
+// things like making sure the appId and browser element flags match.  Without
 // an appropriate load group these values can be lost when getting the result
 // principal back out of the channel.  Null principals are also always allowed
 // as they do not have permissions to actually use the load group.
@@ -631,6 +631,11 @@ bool NS_IsSafeTopLevelNav(nsIChannel* aChannel);
  */
 bool NS_IsSameSiteForeign(nsIChannel* aChannel, nsIURI* aHostURI);
 
+// Constants duplicated from nsIScriptSecurityManager so we avoid having necko
+// know about script security manager.
+#define NECKO_NO_APP_ID 0
+#define NECKO_UNKNOWN_APP_ID UINT32_MAX
+
 // Unique first-party domain for separating the safebrowsing cookie.
 // Note if this value is changed, code in test_cookiejars_safebrowsing.js and
 // nsUrlClassifierHashCompleter.js should also be changed.
@@ -924,9 +929,9 @@ bool NS_ShouldClassifyChannel(nsIChannel* aChannel);
 /**
  * Helper to set the blocking reason on loadinfo of the channel.
  */
-nsresult NS_SetRequestBlockingReason(nsIChannel* channel, uint32_t reason);
-nsresult NS_SetRequestBlockingReason(nsILoadInfo* loadInfo, uint32_t reason);
-nsresult NS_SetRequestBlockingReasonIfNull(nsILoadInfo* loadInfo,
+nsresult NS_SetRequestBlockingReason(nsIChannel *channel, uint32_t reason);
+nsresult NS_SetRequestBlockingReason(nsILoadInfo *loadInfo, uint32_t reason);
+nsresult NS_SetRequestBlockingReasonIfNull(nsILoadInfo *loadInfo,
                                            uint32_t reason);
 
 namespace mozilla {
diff --git a/netwerk/cache2/CacheFileUtils.cpp b/netwerk/cache2/CacheFileUtils.cpp
index 116181d2d8d65..f8a5fb17f7f2b 100644
--- a/netwerk/cache2/CacheFileUtils.cpp
+++ b/netwerk/cache2/CacheFileUtils.cpp
@@ -100,8 +100,7 @@ class KeyParser : protected Tokenizer {
         break;
       case 'i': {
         // Leaving to be able to read and understand oldformatted entries
-        uint32_t deprecatedAppId = 0;
-        if (!ReadInteger(&deprecatedAppId)) {
+        if (!ReadInteger(&originAttribs.mAppId)) {
           return false;  // not a valid 32-bit integer
         }
         break;
diff --git a/netwerk/cache2/CacheStorageService.cpp b/netwerk/cache2/CacheStorageService.cpp
index f58509b285a65..e514dd4483c5e 100644
--- a/netwerk/cache2/CacheStorageService.cpp
+++ b/netwerk/cache2/CacheStorageService.cpp
@@ -57,7 +57,7 @@ typedef nsClassHashtable<nsCStringHashKey, CacheEntryTable> GlobalEntryTables;
 /**
  * Keeps tables of entries.  There is one entries table for each distinct load
  * context type.  The distinction is based on following load context info
- * states: <isPrivate|isAnon|inIsolatedMozBrowser> which builds a mapping
+ * states: <isPrivate|isAnon|appId|inIsolatedMozBrowser> which builds a mapping
  * key.
  *
  * Thread-safe to access, protected by the service mutex.
diff --git a/netwerk/cookie/nsCookieService.cpp b/netwerk/cookie/nsCookieService.cpp
index debf936038ee8..4225b16c8419a 100644
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -741,7 +741,8 @@ ConvertAppIdToOriginAttrsSQLFunction::OnFunctionCall(
 
   // Create an originAttributes object by inIsolatedMozBrowser.
   // Then create the originSuffix string from this object.
-  OriginAttributes attrs(inIsolatedMozBrowser ? true : false);
+  OriginAttributes attrs(nsIScriptSecurityManager::NO_APP_ID,
+                         (inIsolatedMozBrowser ? true : false));
   nsAutoCString suffix;
   attrs.CreateSuffix(suffix);
 
@@ -776,7 +777,7 @@ SetAppIdFromOriginAttributesSQLFunction::OnFunctionCall(
   NS_ENSURE_TRUE(success, NS_ERROR_FAILURE);
 
   RefPtr<nsVariant> outVar(new nsVariant());
-  rv = outVar->SetAsInt32(0);  // deprecated appId!
+  rv = outVar->SetAsInt32(attrs.mAppId);
   NS_ENSURE_SUCCESS(rv, rv);
 
   outVar.forget(aResult);
diff --git a/netwerk/ipc/NeckoParent.cpp b/netwerk/ipc/NeckoParent.cpp
index 150a96e165cc8..b0c1a222378f1 100644
--- a/netwerk/ipc/NeckoParent.cpp
+++ b/netwerk/ipc/NeckoParent.cpp
@@ -157,7 +157,7 @@ const char* NeckoParent::GetValidatedOriginAttributes(
     if (!aSerialized.IsNotNull()) {
       // If serialized is null, we cannot validate anything. We have to assume
       // that this requests comes from a SystemPrincipal.
-      aAttrs = OriginAttributes(false);
+      aAttrs = OriginAttributes(NECKO_NO_APP_ID, false);
     } else {
       aAttrs = aSerialized.mOriginAttributes;
     }
diff --git a/netwerk/protocol/about/nsAboutCache.cpp b/netwerk/protocol/about/nsAboutCache.cpp
index 4d53b6b76b3e4..495b04ab71388 100644
--- a/netwerk/protocol/about/nsAboutCache.cpp
+++ b/netwerk/protocol/about/nsAboutCache.cpp
@@ -100,10 +100,12 @@ nsresult nsAboutCache::Channel::Init(nsIURI* aURI, nsILoadInfo* aLoadInfo) {
       "<label><input id='priv' type='checkbox'/> Private</label>\n"
       "<label><input id='anon' type='checkbox'/> Anonymous</label>\n");
 
-  // Visit scoping by browseris not implemented for the old cache, simply don't
-  // add these controls.  The inbrowser entries are already mixed in the
-  // default view anyway.
+  // Visit scoping by browser and appid is not implemented for
+  // the old cache, simply don't add these controls.
+  // The appid/inbrowser entries are already mixed in the default
+  // view anyway.
   mBuffer.AppendLiteral(
+      "<label><input id='appid' type='text' size='6'/> AppID</label>\n"
       "<label><input id='inbrowser' type='checkbox'/> In Browser "
       "Element</label>\n");
 
diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h
index 96e7a44a4d3a2..b55db7176bc61 100644
--- a/netwerk/protocol/http/nsHttpChannel.h
+++ b/netwerk/protocol/http/nsHttpChannel.h
@@ -548,7 +548,7 @@ class nsHttpChannel final : public HttpBaseChannel,
 
   bool IsIsolated();
 
-  const nsCString& GetTopWindowOrigin();
+  const nsCString &GetTopWindowOrigin();
 
   already_AddRefed<nsChannelClassifier> GetOrCreateChannelClassifier();
 
@@ -697,7 +697,7 @@ class nsHttpChannel final : public HttpBaseChannel,
   // true iff there is AutoRedirectVetoNotifier on the stack
   uint32_t mHasAutoRedirectVetoNotifier : 1;
   // consumers set this to true to use cache pinning, this has effect
-  // only when the channel is in an app context
+  // only when the channel is in an app context (load context has an appid)
   uint32_t mPinCacheContent : 1;
   // True if CORS preflight has been performed
   uint32_t mIsCorsPreflightDone : 1;
diff --git a/netwerk/test/unit/head_channels.js b/netwerk/test/unit/head_channels.js
index 0eb4085f49dc0..4358ff600afeb 100644
--- a/netwerk/test/unit/head_channels.js
+++ b/netwerk/test/unit/head_channels.js
@@ -227,11 +227,13 @@ ChannelEventSink.prototype = {
 /**
  * A helper class to construct origin attributes.
  */
-function OriginAttributes(inIsolatedMozBrowser, privateId) {
+function OriginAttributes(appId, inIsolatedMozBrowser, privateId) {
+  this.appId = appId;
   this.inIsolatedMozBrowser = inIsolatedMozBrowser;
   this.privateBrowsingId = privateId;
 }
 OriginAttributes.prototype = {
+  appId: 0,
   inIsolatedMozBrowser: false,
   privateBrowsingId: 0
 };
diff --git a/netwerk/test/unit/test_auth_jar.js b/netwerk/test/unit/test_auth_jar.js
index d97e8b07b12b0..55b659e43adfd 100644
--- a/netwerk/test/unit/test_auth_jar.js
+++ b/netwerk/test/unit/test_auth_jar.js
@@ -10,19 +10,21 @@ function run_test() {
 
   var secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(Ci.nsIScriptSecurityManager);
   const kURI1 = "http://example.com";
-  var app = secMan.createCodebasePrincipal(createURI(kURI1), {});
-  var appbrowser = secMan.createCodebasePrincipal(createURI(kURI1), {inIsolatedMozBrowser: true});
+  var app1 = secMan.createCodebasePrincipal(createURI(kURI1), {appId: 1});
+  var app10 = secMan.createCodebasePrincipal(createURI(kURI1),{appId: 10});
+  var app1browser = secMan.createCodebasePrincipal(createURI(kURI1), {appId: 1, inIsolatedMozBrowser: true});
 
   var am = Cc["@mozilla.org/network/http-auth-manager;1"].
            getService(Ci.nsIHttpAuthManager);
-  am.setAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", "example.com", "user", "pass", false, app);
-  am.setAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", "example.com", "user3", "pass3", false, appbrowser);
+  am.setAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", "example.com", "user", "pass", false, app1);
+  am.setAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", "example.com", "user3", "pass3", false, app1browser);
+  am.setAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", "example.com", "user2", "pass2", false, app10);
 
-  Services.clearData.deleteDataFromOriginAttributesPattern({ inIsolatedMozBrowser:true });
+  Services.clearData.deleteDataFromOriginAttributesPattern({ appId:1, inIsolatedMozBrowser:true });
   
   var domain = {value: ""}, user = {value: ""}, pass = {value: ""};
   try {
-    am.getAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", domain, user, pass, false, appbrowser);
+    am.getAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", domain, user, pass, false, app1browser);
     Assert.equal(false, true); // no identity should be present
   } catch (x) {
     Assert.equal(domain.value, "");
@@ -30,8 +32,14 @@ function run_test() {
     Assert.equal(pass.value, "");
   }
 
-  am.getAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", domain, user, pass, false, app);
+  am.getAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", domain, user, pass, false, app1);
   Assert.equal(domain.value, "example.com");
   Assert.equal(user.value, "user");
   Assert.equal(pass.value, "pass");
+
+
+  am.getAuthIdentity("http", "a.example.com", -1, "basic", "realm", "", domain, user, pass, false, app10);
+  Assert.equal(domain.value, "example.com");
+  Assert.equal(user.value, "user2");
+  Assert.equal(pass.value, "pass2");
 }
diff --git a/netwerk/test/unit/test_cache_jar.js b/netwerk/test/unit/test_cache_jar.js
index 23c079d9016ae..7e2367728a5f2 100644
--- a/netwerk/test/unit/test_cache_jar.js
+++ b/netwerk/test/unit/test_cache_jar.js
@@ -16,21 +16,32 @@ function cached_handler(metadata, response) {
   handlers_called++;
 }
 
-function makeChan(url, inIsolatedMozBrowser, userContextId) {
+function makeChan(url, appId, inIsolatedMozBrowser, userContextId) {
   var chan = NetUtil.newChannel({uri: url, loadUsingSystemPrincipal: true})
                     .QueryInterface(Ci.nsIHttpChannel);
-  chan.loadInfo.originAttributes = { inIsolatedMozBrowser: inIsolatedMozBrowser,
+  chan.loadInfo.originAttributes = { appId: appId,
+                                     inIsolatedMozBrowser: inIsolatedMozBrowser,
                                      userContextId: userContextId,
                                    };
   return chan;
 }
 
-// [inIsolatedMozBrowser, userContextId, expected_handlers_called]
+// [appId, inIsolatedMozBrowser, userContextId, expected_handlers_called]
 var firstTests = [
-  [false, 0, 1], [true, 0, 1], [false, 1, 1], [true, 1, 1],
+  [0, false, 0, 1], [0, true, 0, 1], [1, false, 0, 1], [1, true, 0, 1],
+  [0, false, 1, 1], [0, true, 1, 1], [1, false, 1, 1], [1, true, 1, 1]
 ];
 var secondTests = [
-  [false, 0, 0], [true, 0, 0], [false, 1, 1], [true, 1, 0],
+  [0, false, 0, 0], [0, true, 0, 0], [1, false, 0, 0], [1, true, 0, 1],
+  [0, false, 1, 0], [0, true, 1, 0], [1, false, 1, 0], [1, true, 1, 0]
+];
+var thirdTests = [
+  [0, false, 0, 0], [0, true, 0, 0], [1, false, 0, 1], [1, true, 0, 1],
+  [0, false, 1, 0], [0, true, 1, 0], [1, false, 1, 0], [1, true, 1, 0]
+];
+var fourthTests = [
+  [0, false, 0, 0], [0, true, 0, 0], [1, false, 0, 0], [1, true, 0, 0],
+  [0, false, 1, 1], [0, true, 1, 0], [1, false, 1, 0], [1, true, 1, 0]
 ];
 
 async function run_all_tests() {
@@ -45,12 +56,30 @@ async function run_all_tests() {
   if (procType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT)
     return;
 
-  Services.clearData.deleteDataFromOriginAttributesPattern({ userContextId: 1 });
+  let attrs_inBrowser = { appId:1, inIsolatedMozBrowser:true };
+  let attrs_notInBrowser = { appId:1 };
+
+  Services.clearData.deleteDataFromOriginAttributesPattern(attrs_inBrowser);
 
   for (let test of secondTests) {
     handlers_called = 0;
     await test_channel(...test);
   }
+
+  Services.clearData.deleteDataFromOriginAttributesPattern(attrs_notInBrowser);
+  Services.clearData.deleteDataFromOriginAttributesPattern(attrs_inBrowser);
+
+  for (let test of thirdTests) {
+    handlers_called = 0;
+    await test_channel(...test);
+  }
+
+  Services.clearData.deleteDataFromOriginAttributesPattern({ userContextId: 1 });
+
+  for (let test of fourthTests) {
+    handlers_called = 0;
+    await test_channel(...test);
+  }
 }
 
 function run_test() {
@@ -68,9 +97,9 @@ function run_test() {
   });
 }
 
-function test_channel(inIsolatedMozBrowser, userContextId, expected) {
+function test_channel(appId, inIsolatedMozBrowser, userContextId, expected) {
   return new Promise(resolve => {
-    var chan = makeChan(URL, inIsolatedMozBrowser, userContextId);
+    var chan = makeChan(URL, appId, inIsolatedMozBrowser, userContextId);
     chan.asyncOpen(new ChannelListener(doneFirstLoad.bind(null, resolve), expected));
   });
 }
@@ -78,7 +107,7 @@ function test_channel(inIsolatedMozBrowser, userContextId, expected) {
 function doneFirstLoad(resolve, req, buffer, expected) {
   // Load it again, make sure it hits the cache
   var oa = req.loadInfo.originAttributes;
-  var chan = makeChan(URL, oa.isInIsolatedMozBrowserElement, oa.userContextId);
+  var chan = makeChan(URL, oa.appId, oa.isInIsolatedMozBrowserElement, oa.userContextId);
   chan.asyncOpen(new ChannelListener(doneSecondLoad.bind(null, resolve), expected));
 }
 
diff --git a/testing/specialpowers/content/SpecialPowersObserver.jsm b/testing/specialpowers/content/SpecialPowersObserver.jsm
index adbfbe6e2dde6..3b06e271da33c 100644
--- a/testing/specialpowers/content/SpecialPowersObserver.jsm
+++ b/testing/specialpowers/content/SpecialPowersObserver.jsm
@@ -219,13 +219,13 @@ SpecialPowersObserver.prototype._registerObservers = {
         var permission = aSubject.QueryInterface(Ci.nsIPermission);
 
         // specialPowersAPI will consume this value, and it is used as a
-        // fake permission, but only type will be used.
+        // fake permission, but only type and principal.appId will be used.
         //
         // We need to ensure that it looks the same as a real permission,
         // so we fake these properties.
         msg.permission = {
           principal: {
-            originAttributes: {},
+            originAttributes: {appId: permission.principal.appId},
           },
           type: permission.type,
         };
diff --git a/testing/specialpowers/content/specialpowersAPI.js b/testing/specialpowers/content/specialpowersAPI.js
index a1cd4d26d6f82..389ccf72220d0 100644
--- a/testing/specialpowers/content/specialpowersAPI.js
+++ b/testing/specialpowers/content/specialpowersAPI.js
@@ -979,6 +979,7 @@ SpecialPowersAPI.prototype = {
           for (var j = 0; j < undos.length; j++) {
             var undo = undos[j];
             if (undo.op == this._obsDataMap[aData] &&
+                undo.principal.originAttributes.appId == permission.principal.originAttributes.appId &&
                 undo.type == permission.type) {
               // Remove this undo item if it has been done by others(not
               // specialpowers itself.)
diff --git a/testing/talos/talos/xtalos/xperf_whitelist.json b/testing/talos/talos/xtalos/xperf_whitelist.json
index 65e88ea076b37..b22b934b8c54e 100644
--- a/testing/talos/talos/xtalos/xperf_whitelist.json
+++ b/testing/talos/talos/xtalos/xperf_whitelist.json
@@ -464,12 +464,6 @@
     "minbytes": 4424,
     "maxbytes": 4424
   },
-  "{profile}\\permissions.sqlite-journal": {
-    "mincount": 0,
-    "maxcount": 18,
-    "minbytes": 0,
-    "maxbytes": 7208
-  },
   "{profile}\\pkcs11.txt": {
     "mincount": 0,
     "maxcount": 4,
diff --git a/toolkit/components/aboutcache/content/aboutCache.js b/toolkit/components/aboutcache/content/aboutCache.js
index c1e3ed5ff064c..6f60eecfc1ee2 100644
--- a/toolkit/components/aboutcache/content/aboutCache.js
+++ b/toolkit/components/aboutcache/content/aboutCache.js
@@ -11,7 +11,10 @@ var cacheContext = searchParams.get("context");
 
 // The context is in a format as used by the HTTP cache v2 back end
 if (cacheContext)
-  var [context, isAnon, isInBrowser, isPrivate] = cacheContext.match(/(a,)?(b,)?(p,)?/);
+  var [context, isAnon, isInBrowser, appId, isPrivate] = cacheContext.match(/(a,)?(b,)?(i\d+,)?(p,)?/);
+if (appId)
+  appId = appId.match(/i(\d+),/)[1];
+
 
 function $(id) { return document.getElementById(id) || {}; }
 
@@ -19,6 +22,7 @@ function $(id) { return document.getElementById(id) || {}; }
 addEventListener("DOMContentLoaded", function() {
   $("anon").checked = !!isAnon;
   $("inbrowser").checked = !!isInBrowser;
+  $("appid").value = appId || "";
   $("priv").checked = !!isPrivate;
 }, false);
 
@@ -30,6 +34,8 @@ function navigate() {
     context += "a,";
   if ($("inbrowser").checked)
     context += "b,";
+  if ($("appid").value)
+    context += "i" + $("appid").value + ",";
   if ($("priv").checked)
     context += "p,";
 
diff --git a/toolkit/content/aboutServiceWorkers.js b/toolkit/content/aboutServiceWorkers.js
index b6f37d8a19445..8613d68d78151 100644
--- a/toolkit/content/aboutServiceWorkers.js
+++ b/toolkit/content/aboutServiceWorkers.js
@@ -66,6 +66,13 @@ async function display(info, pushService) {
   document.l10n.setAttributes(title, "origin-title", { originTitle: info.principal.origin });
   div.appendChild(title);
 
+  if (info.principal.appId) {
+    let b2gtitle = document.createElement("h3");
+    let trueFalse = info.principal.isInIsolatedMozBrowserElement ? "true" : "false";
+    document.l10n.setAttributes(b2gtitle, "app-title", { appId: info.principal.appId, isInIsolatedElement: trueFalse });
+    div.appendChild(b2gtitle);
+  }
+
   let list = document.createElement("ul");
   div.appendChild(list);
 
diff --git a/toolkit/locales/en-US/toolkit/about/aboutServiceWorkers.ftl b/toolkit/locales/en-US/toolkit/about/aboutServiceWorkers.ftl
index 73217f24a38aa..cf959e9a420bd 100644
--- a/toolkit/locales/en-US/toolkit/about/aboutServiceWorkers.ftl
+++ b/toolkit/locales/en-US/toolkit/about/aboutServiceWorkers.ftl
@@ -15,6 +15,13 @@ about-service-workers-warning-no-service-workers = No Service Workers registered
 #   $originTitle: original title
 origin-title = Origin: { $originTitle }
 
+# Show if app id is in isolated browser element, the term "InBrowserElement" should not be translated
+#
+# Variables:
+#   $appId: the application ID
+#   $isInIsolatedElement: "true" or "false" based on if the app id is in isolate element
+app-title = { -brand-short-name } Application ID { $appId } - InBrowserElement { $isInIsolatedElement }
+
 ## These strings are for showing the information of workers.
 ##
 ## Variables: