Bug 1195942 - System message registration fails for substituted permissions r=gwagner
--- a/dom/apps/Webapps.jsm
+++ b/dom/apps/Webapps.jsm
@@ -896,16 +896,17 @@ this.DOMApplicationRegistry = {
handlerPageURI = Services.io.newURI(fullHandlerPath, null, null);
} else {
messageName = aMessage;
}
if (SystemMessagePermissionsChecker
.isSystemMessagePermittedToRegister(messageName,
aApp.manifestURL,
+ aApp.origin,
aManifest)) {
msgmgr.registerPage(messageName, handlerPageURI, manifestURI);
}
});
},
// |aEntryPoint| is either the entry_point name or the null in which case we
// use the root of the manifest.
@@ -951,16 +952,17 @@ this.DOMApplicationRegistry = {
}
let handlerPageURI = fullHandlerPath
? Services.io.newURI(fullHandlerPath, null, null)
: launchPathURI;
if (SystemMessagePermissionsChecker
.isSystemMessagePermittedToRegister("connection",
aApp.manifestURL,
+ aApp.origin,
aManifest)) {
msgmgr.registerPage("connection", handlerPageURI, manifestURI);
}
interAppCommService.
registerConnection(keyword,
handlerPageURI,
manifestURI,
@@ -1052,16 +1054,17 @@ this.DOMApplicationRegistry = {
}
let launchPathURI = Services.io.newURI(href, null, null);
let manifestURI = Services.io.newURI(aApp.manifestURL, null, null);
if (SystemMessagePermissionsChecker
.isSystemMessagePermittedToRegister("activity",
aApp.manifestURL,
+ aApp.origin,
aManifest)) {
msgmgr.registerPage("activity", launchPathURI, manifestURI);
}
}
}
return activitiesToRegister;
},
--- a/dom/messages/SystemMessagePermissionsChecker.jsm
+++ b/dom/messages/SystemMessagePermissionsChecker.jsm
@@ -213,101 +213,33 @@ this.SystemMessagePermissionsChecker = {
/**
* Check if the system message is permitted to be registered for the given
* app at start-up based on the permissions claimed in the app's manifest.
* @param string aSysMsgName
* The system messsage name.
* @param string aManifestURL
* The app's manifest URL.
+ * @param string aOrigin
+ * The app's origin.
* @param object aManifest
* The app's manifest.
* @returns bool
* Is permitted or not.
**/
- isSystemMessagePermittedToRegister:
- function isSystemMessagePermittedToRegister(aSysMsgName,
+ isSystemMessagePermittedToRegister: function (aSysMsgName,
aManifestURL,
+ aOrigin,
aManifest) {
- debug("isSystemMessagePermittedToRegister(): " +
- "aSysMsgName: " + aSysMsgName + ", " +
- "aManifestURL: " + aManifestURL + ", " +
- "aManifest: " + JSON.stringify(aManifest));
-
- if (this.isDataStoreSystemMessage(aSysMsgName) &&
- this.canDeliverDataStoreSystemMessage(aSysMsgName, aManifestURL)) {
- return true;
- }
-
- let permNames = this.getSystemMessagePermissions(aSysMsgName);
- if (permNames === null) {
- return false;
- }
-
- // Check to see if the 'webapp' is app/privileged/certified.
- let appStatus;
- switch (AppsUtils.getAppManifestStatus(aManifest)) {
- case Ci.nsIPrincipal.APP_STATUS_CERTIFIED:
- appStatus = "certified";
- break;
- case Ci.nsIPrincipal.APP_STATUS_PRIVILEGED:
- appStatus = "privileged";
- break;
- case Ci.nsIPrincipal.APP_STATUS_INSTALLED:
- appStatus = "app";
- if (aManifest.type == "trusted") {
- appStatus = "trusted";
- }
- break;
- default:
- throw new Error("SystemMessagePermissionsChecker.jsm: " +
- "Cannot decide the app's status. Install cancelled.");
- break;
- }
-
- // It's ok here to not pass the origin to ManifestHelper since we only
- // need the permission property and that doesn't depend on uri resolution.
- let newManifest = new ManifestHelper(aManifest, aManifestURL, aManifestURL);
-
- for (let permName in permNames) {
- // The app doesn't claim valid permissions for this sytem message.
- if (!newManifest.permissions || !newManifest.permissions[permName]) {
- debug("'" + aSysMsgName + "' isn't permitted by '" + permName + "'. " +
- "Please add the permission for app: '" + aManifestURL + "'.");
- return false;
- }
- let permValue = PermissionsTable[permName][appStatus];
- if (permValue != Ci.nsIPermissionManager.PROMPT_ACTION &&
- permValue != Ci.nsIPermissionManager.ALLOW_ACTION) {
- debug("'" + aSysMsgName + "' isn't permitted by '" + permName + "'. " +
- "Please add the permission for app: '" + aManifestURL + "'.");
- return false;
- }
-
- // Compare the expanded permission names between the ones in
- // app's manifest and the ones needed for system message.
- let expandedPermNames =
- expandPermissions(permName,
- newManifest.permissions[permName].access);
-
- let permNamesWithAccess = permNames[permName];
-
- // Early return false as soon as any permission is not matched.
- for (let idx in permNamesWithAccess) {
- let index = expandedPermNames.indexOf(permNamesWithAccess[idx]);
- if (index == -1) {
- debug("'" + aSysMsgName + "' isn't permitted by '" + permName + "'. " +
- "Please add the permission for app: '" + aOrigin + "'.");
- return false;
- }
- }
- }
-
- // All the permissions needed for this system message are matched.
- return true;
+ // Test if the launch path of the app has the right permission.
+ let newManifest = new ManifestHelper(aManifest, aOrigin, aManifestURL);
+ let launchUrl = newManifest.fullLaunchPath();
+ return this.isSystemMessagePermittedToSend(aSysMsgName,
+ launchUrl,
+ aManifestURL);
},
/**
* Check if the system message is permitted to be sent to the given
* app's page at run-time based on the current app's permissions.
* @param string aSysMsgName
* The system messsage name.
* @param string aPageURL