Bug 1319881 - Remove UsingNeckoIPCSecurity r=valentin,necko-reviewers
authorsagudev <samo.golez@outlook.com>
Wed, 29 Apr 2020 12:00:01 +0000
changeset 526660 62baa75c624135a9e5fb5c4946ae9339fa86b7de
parent 526659 035ce4dce72f2b9161dd9d4691ee58cafb476d00
child 526661 3762f151cab2d54d4db9268cf14d91e0bdd8a1f7
push id114424
push uservalentin.gosu@gmail.com
push dateWed, 29 Apr 2020 12:00:38 +0000
treeherderautoland@62baa75c6241 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersvalentin, necko-reviewers
bugs1319881
milestone77.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1319881 - Remove UsingNeckoIPCSecurity r=valentin,necko-reviewers Differential Revision: https://phabricator.services.mozilla.com/D72534
dom/network/UDPSocketParent.cpp
netwerk/ipc/NeckoCommon.cpp
netwerk/ipc/NeckoCommon.h
netwerk/ipc/NeckoParent.cpp
netwerk/ipc/moz.build
netwerk/protocol/ftp/FTPChannelChild.cpp
netwerk/protocol/http/HttpChannelChild.cpp
netwerk/protocol/websocket/WebSocketChannelChild.cpp
uriloader/prefetch/OfflineCacheUpdateChild.cpp
--- a/dom/network/UDPSocketParent.cpp
+++ b/dom/network/UDPSocketParent.cpp
@@ -37,31 +37,16 @@ UDPSocketParent::~UDPSocketParent() = de
 bool UDPSocketParent::Init(nsIPrincipal* aPrincipal,
                            const nsACString& aFilter) {
   MOZ_ASSERT_IF(mBackgroundManager, !aPrincipal);
   // will be used once we move all UDPSocket to PBackground, or
   // if we add in Principal checking for mtransport
   Unused << mBackgroundManager;
 
   mPrincipal = aPrincipal;
-  if (net::UsingNeckoIPCSecurity() && mPrincipal &&
-      !ContentParent::IgnoreIPCPrincipal()) {
-    nsCOMPtr<nsIPermissionManager> permMgr = services::GetPermissionManager();
-    if (!permMgr) {
-      NS_WARNING("No PermissionManager available!");
-      return false;
-    }
-
-    uint32_t permission = nsIPermissionManager::DENY_ACTION;
-    permMgr->TestExactPermissionFromPrincipal(
-        mPrincipal, NS_LITERAL_CSTRING("udp-socket"), &permission);
-    if (permission != nsIPermissionManager::ALLOW_ACTION) {
-      return false;
-    }
-  }
 
   if (!aFilter.IsEmpty()) {
     nsAutoCString contractId(NS_NETWORK_UDP_SOCKET_FILTER_HANDLER_PREFIX);
     contractId.Append(aFilter);
     nsCOMPtr<nsISocketFilterHandler> filterHandler =
         do_GetService(contractId.get());
     if (filterHandler) {
       nsresult rv = filterHandler->NewFilter(getter_AddRefs(mFilter));
@@ -75,22 +60,17 @@ bool UDPSocketParent::Init(nsIPrincipal*
     } else {
       printf_stderr(
           "Content doesn't have a valid filter. "
           "filter name: %s.",
           aFilter.BeginReading());
       return false;
     }
   }
-  // We don't have browser actors in xpcshell, and hence can't run automated
-  // tests without this loophole.
-  if (net::UsingNeckoIPCSecurity() && !mFilter &&
-      (!mPrincipal || ContentParent::IgnoreIPCPrincipal())) {
-    return false;
-  }
+
   return true;
 }
 
 // PUDPSocketParent methods
 
 mozilla::ipc::IPCResult UDPSocketParent::RecvBind(
     const UDPAddressInfo& aAddressInfo, const bool& aAddressReuse,
     const bool& aLoopback, const uint32_t& recvBufferSize,
deleted file mode 100644
--- a/netwerk/ipc/NeckoCommon.cpp
+++ /dev/null
@@ -1,18 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set sw=2 ts=8 et tw=80 : */
-
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "NeckoCommon.h"
-
-namespace mozilla {
-namespace net {
-
-namespace NeckoCommonInternal {
-bool gSecurityDisabled = true;
-}  // namespace NeckoCommonInternal
-
-}  // namespace net
-}  // namespace mozilla
--- a/netwerk/ipc/NeckoCommon.h
+++ b/netwerk/ipc/NeckoCommon.h
@@ -94,39 +94,16 @@ inline bool IsNeckoChild() {
   return amChild;
 }
 
 inline bool IsSocketProcessChild() {
   static bool amChild = (XRE_GetProcessType() == GeckoProcessType_Socket);
   return amChild;
 }
 
-namespace NeckoCommonInternal {
-extern bool gSecurityDisabled;
-}  // namespace NeckoCommonInternal
-
-// This should always return true unless xpcshell tests are being used
-inline bool UsingNeckoIPCSecurity() {
-  return !NeckoCommonInternal::gSecurityDisabled;
-}
-
-inline bool MissingRequiredBrowserChild(
-    mozilla::dom::BrowserChild* browserChild, const char* context) {
-  if (UsingNeckoIPCSecurity()) {
-    if (!browserChild) {
-      printf_stderr(
-          "WARNING: child tried to open %s IPDL channel w/o "
-          "security info\n",
-          context);
-      return true;
-    }
-  }
-  return false;
-}
-
 class HttpChannelSecurityWarningReporter : public nsISupports {
  public:
   [[nodiscard]] virtual nsresult ReportSecurityMessage(
       const nsAString& aMessageTag, const nsAString& aMessageCategory) = 0;
   [[nodiscard]] virtual nsresult LogBlockedCORSRequest(
       const nsAString& aMessage, const nsACString& aCategory) = 0;
   [[nodiscard]] virtual nsresult LogMimeTypeMismatch(
       const nsACString& aMessageName, bool aWarning, const nsAString& aURL,
--- a/netwerk/ipc/NeckoParent.cpp
+++ b/netwerk/ipc/NeckoParent.cpp
@@ -128,98 +128,27 @@ static already_AddRefed<nsIPrincipal> Ge
   if (aArgs.type() != FTPChannelCreationArgs::TFTPChannelOpenArgs) {
     return nullptr;
   }
 
   const FTPChannelOpenArgs& args = aArgs.get_FTPChannelOpenArgs();
   return GetRequestingPrincipal(args.loadInfo());
 }
 
-// Bug 1289001 - If GetValidatedOriginAttributes returns an error string, that
-// usually leads to a content crash with very little info about the cause.
-// We prefer to crash on the parent, so we get the reason in the crash report.
-static MOZ_COLD void CrashWithReason(const char* reason) {
-#ifndef RELEASE_OR_BETA
-  MOZ_CRASH_UNSAFE(reason);
-#endif
-}
-
 const char* NeckoParent::GetValidatedOriginAttributes(
     const SerializedLoadContext& aSerialized, PContentParent* aContent,
     nsIPrincipal* aRequestingPrincipal, OriginAttributes& aAttrs) {
-  if (!UsingNeckoIPCSecurity()) {
-    if (!aSerialized.IsNotNull()) {
-      // If serialized is null, we cannot validate anything. We have to assume
-      // that this requests comes from a SystemPrincipal.
-      aAttrs = OriginAttributes(false);
-    } else {
-      aAttrs = aSerialized.mOriginAttributes;
-    }
-    return nullptr;
-  }
-
   if (!aSerialized.IsNotNull()) {
-    CrashWithReason(
-        "GetValidatedOriginAttributes | SerializedLoadContext from child is "
-        "null");
-    return "SerializedLoadContext from child is null";
+    // If serialized is null, we cannot validate anything. We have to assume
+    // that this requests comes from a SystemPrincipal.
+    aAttrs = OriginAttributes(false);
+  } else {
+    aAttrs = aSerialized.mOriginAttributes;
   }
-
-  nsAutoCString serializedSuffix;
-  aSerialized.mOriginAttributes.CreateAnonymizedSuffix(serializedSuffix);
-
-  nsAutoCString debugString;
-  const auto& browsers = aContent->ManagedPBrowserParent();
-  for (auto iter = browsers.ConstIter(); !iter.Done(); iter.Next()) {
-    auto* browserParent = BrowserParent::GetFrom(iter.Get()->GetKey());
-
-    if (!ChromeUtils::IsOriginAttributesEqual(
-            aSerialized.mOriginAttributes,
-            browserParent->OriginAttributesRef())) {
-      debugString.AppendLiteral("(");
-      debugString.Append(serializedSuffix);
-      debugString.AppendLiteral(",");
-
-      nsAutoCString tabSuffix;
-      browserParent->OriginAttributesRef().CreateAnonymizedSuffix(tabSuffix);
-      debugString.Append(tabSuffix);
-
-      debugString.AppendLiteral(")");
-      continue;
-    }
-
-    aAttrs = aSerialized.mOriginAttributes;
-    return nullptr;
-  }
-
-  // This may be a ServiceWorker: when a push notification is received, FF wakes
-  // up the corrisponding service worker so that it can manage the PushEvent. At
-  // that time we probably don't have any valid tabcontext, but still, we want
-  // to support http channel requests coming from that ServiceWorker.
-  if (aRequestingPrincipal) {
-    RefPtr<ServiceWorkerManager> swm = ServiceWorkerManager::GetInstance();
-    if (swm &&
-        swm->MayHaveActiveServiceWorkerInstance(
-            static_cast<ContentParent*>(aContent), aRequestingPrincipal)) {
-      aAttrs = aSerialized.mOriginAttributes;
-      return nullptr;
-    }
-  }
-
-  nsAutoCString errorString;
-  errorString.AppendLiteral(
-      "GetValidatedOriginAttributes | App does not have permission -");
-  errorString.Append(debugString);
-
-  // Leak the buffer on the heap to make sure that it lives long enough, as
-  // MOZ_CRASH_ANNOTATE expects the pointer passed to it to live to the end of
-  // the program.
-  char* error = strdup(errorString.BeginReading());
-  CrashWithReason(error);
-  return "App does not have permission";
+  return nullptr;
 }
 
 const char* NeckoParent::CreateChannelLoadContext(
     const PBrowserOrId& aBrowser, PContentParent* aContent,
     const SerializedLoadContext& aSerialized,
     nsIPrincipal* aRequestingPrincipal, nsCOMPtr<nsILoadContext>& aResult) {
   OriginAttributes attrs;
   const char* error = GetValidatedOriginAttributes(aSerialized, aContent,
--- a/netwerk/ipc/moz.build
+++ b/netwerk/ipc/moz.build
@@ -31,17 +31,16 @@ UNIFIED_SOURCES += [
     'ChannelEventQueue.cpp',
     'DocumentChannel.cpp',
     'DocumentChannelChild.cpp',
     'DocumentChannelParent.cpp',
     'DocumentLoadListener.cpp',
     'InputChannelThrottleQueueChild.cpp',
     'InputChannelThrottleQueueParent.cpp',
     'NeckoChild.cpp',
-    'NeckoCommon.cpp',
     'NeckoParent.cpp',
     'NeckoTargetHolder.cpp',
     'ParentProcessDocumentChannel.cpp',
     'SocketProcessBridgeChild.cpp',
     'SocketProcessBridgeParent.cpp',
     'SocketProcessChild.cpp',
     'SocketProcessHost.cpp',
     'SocketProcessImpl.cpp',
--- a/netwerk/protocol/ftp/FTPChannelChild.cpp
+++ b/netwerk/protocol/ftp/FTPChannelChild.cpp
@@ -163,19 +163,16 @@ FTPChannelChild::AsyncOpen(nsIStreamList
   NS_QueryNotificationCallbacks(mCallbacks, mLoadGroup,
                                 NS_GET_IID(nsIBrowserChild),
                                 getter_AddRefs(iBrowserChild));
   GetCallback(iBrowserChild);
   if (iBrowserChild) {
     browserChild =
         static_cast<mozilla::dom::BrowserChild*>(iBrowserChild.get());
   }
-  if (MissingRequiredBrowserChild(browserChild, "ftp")) {
-    return NS_ERROR_ILLEGAL_VALUE;
-  }
 
   mListener = listener;
 
   // add ourselves to the load group.
   if (mLoadGroup) mLoadGroup->AddRequest(this, nullptr);
 
   mozilla::ipc::AutoIPCStream autoStream;
   autoStream.Serialize(mUploadStream,
--- a/netwerk/protocol/http/HttpChannelChild.cpp
+++ b/netwerk/protocol/http/HttpChannelChild.cpp
@@ -2016,19 +2016,16 @@ HttpChannelChild::ConnectParent(uint32_t
   MOZ_ASSERT(NS_IsMainThread());
   mozilla::dom::BrowserChild* browserChild = nullptr;
   nsCOMPtr<nsIBrowserChild> iBrowserChild;
   GetCallback(iBrowserChild);
   if (iBrowserChild) {
     browserChild =
         static_cast<mozilla::dom::BrowserChild*>(iBrowserChild.get());
   }
-  if (MissingRequiredBrowserChild(browserChild, "http")) {
-    return NS_ERROR_ILLEGAL_VALUE;
-  }
 
   if (browserChild && !browserChild->IPCOpen()) {
     return NS_ERROR_FAILURE;
   }
 
   ContentChild* cc = static_cast<ContentChild*>(gNeckoChild->Manager());
   if (cc->IsShuttingDown()) {
     return NS_ERROR_FAILURE;
@@ -2646,19 +2643,16 @@ nsresult HttpChannelChild::ContinueAsync
 
   mozilla::dom::BrowserChild* browserChild = nullptr;
   nsCOMPtr<nsIBrowserChild> iBrowserChild;
   GetCallback(iBrowserChild);
   if (iBrowserChild) {
     browserChild =
         static_cast<mozilla::dom::BrowserChild*>(iBrowserChild.get());
   }
-  if (MissingRequiredBrowserChild(browserChild, "http")) {
-    return NS_ERROR_ILLEGAL_VALUE;
-  }
 
   // This id identifies the inner window's top-level document,
   // which changes on every new load or navigation.
   uint64_t contentWindowId = 0;
   TimeStamp navigationStartTimeStamp;
   if (browserChild) {
     MOZ_ASSERT(browserChild->WebNavigation());
     if (RefPtr<Document> document = browserChild->GetTopLevelDocument()) {
--- a/netwerk/protocol/websocket/WebSocketChannelChild.cpp
+++ b/netwerk/protocol/websocket/WebSocketChannelChild.cpp
@@ -438,19 +438,16 @@ WebSocketChannelChild::AsyncOpen(nsIURI*
   nsCOMPtr<nsIBrowserChild> iBrowserChild;
   NS_QueryNotificationCallbacks(mCallbacks, mLoadGroup,
                                 NS_GET_IID(nsIBrowserChild),
                                 getter_AddRefs(iBrowserChild));
   if (iBrowserChild) {
     browserChild =
         static_cast<mozilla::dom::BrowserChild*>(iBrowserChild.get());
   }
-  if (MissingRequiredBrowserChild(browserChild, "websocket")) {
-    return NS_ERROR_ILLEGAL_VALUE;
-  }
 
   ContentChild* cc = static_cast<ContentChild*>(gNeckoChild->Manager());
   if (cc->IsShuttingDown()) {
     return NS_ERROR_FAILURE;
   }
 
   // Corresponding release in DeallocPWebSocket
   AddIPDLReference();
--- a/uriloader/prefetch/OfflineCacheUpdateChild.cpp
+++ b/uriloader/prefetch/OfflineCacheUpdateChild.cpp
@@ -351,26 +351,16 @@ OfflineCacheUpdateChild::Schedule() {
 
   nsCOMPtr<nsPIDOMWindowInner> window = std::move(mWindow);
   nsCOMPtr<nsIDocShell> docshell = window->GetDocShell();
   if (!docshell) {
     NS_WARNING("doc shell tree item is null");
     return NS_ERROR_FAILURE;
   }
 
-  nsCOMPtr<nsIBrowserChild> tabchild = docshell->GetBrowserChild();
-  // because owner implements nsIBrowserChild, we can assume that it is
-  // the one and only BrowserChild.
-  BrowserChild* child =
-      tabchild ? static_cast<BrowserChild*>(tabchild.get()) : nullptr;
-
-  if (MissingRequiredBrowserChild(child, "offlinecacheupdate")) {
-    return NS_ERROR_FAILURE;
-  }
-
   nsresult rv = NS_OK;
   PrincipalInfo loadingPrincipalInfo;
   rv = PrincipalToPrincipalInfo(mLoadingPrincipal, &loadingPrincipalInfo);
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIObserverService> observerService =
       mozilla::services::GetObserverService();
   if (observerService) {