Bug 1195942 - System message registration fails for substituted permissions r=gwagner
authorFabrice Desré <fabrice@mozilla.com>
Fri, 21 Aug 2015 10:00:51 -0700
changeset 258680 9b7811028a40a67543d320a4fc3b6642518d32d6
parent 258679 a7933a90d9f06d6da7ceaca2f5cb49806bd08b30
child 258681 de921857f45204056731cf26407ce2d55cbcc9b6
push id17113
push userfdesre@mozilla.com
push dateFri, 21 Aug 2015 19:44:15 +0000
treeherderb2g-inbound@de921857f452 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgwagner
bugs1195942
milestone43.0a1
Bug 1195942 - System message registration fails for substituted permissions r=gwagner
dom/apps/Webapps.jsm
dom/messages/SystemMessagePermissionsChecker.jsm
--- a/dom/apps/Webapps.jsm
+++ b/dom/apps/Webapps.jsm
@@ -896,16 +896,17 @@ this.DOMApplicationRegistry = {
         handlerPageURI = Services.io.newURI(fullHandlerPath, null, null);
       } else {
         messageName = aMessage;
       }
 
       if (SystemMessagePermissionsChecker
             .isSystemMessagePermittedToRegister(messageName,
                                                 aApp.manifestURL,
+                                                aApp.origin,
                                                 aManifest)) {
         msgmgr.registerPage(messageName, handlerPageURI, manifestURI);
       }
     });
   },
 
   // |aEntryPoint| is either the entry_point name or the null in which case we
   // use the root of the manifest.
@@ -951,16 +952,17 @@ this.DOMApplicationRegistry = {
       }
       let handlerPageURI = fullHandlerPath
                            ? Services.io.newURI(fullHandlerPath, null, null)
                            : launchPathURI;
 
       if (SystemMessagePermissionsChecker
             .isSystemMessagePermittedToRegister("connection",
                                                 aApp.manifestURL,
+                                                aApp.origin,
                                                 aManifest)) {
         msgmgr.registerPage("connection", handlerPageURI, manifestURI);
       }
 
       interAppCommService.
         registerConnection(keyword,
                            handlerPageURI,
                            manifestURI,
@@ -1052,16 +1054,17 @@ this.DOMApplicationRegistry = {
         }
 
         let launchPathURI = Services.io.newURI(href, null, null);
         let manifestURI = Services.io.newURI(aApp.manifestURL, null, null);
 
         if (SystemMessagePermissionsChecker
               .isSystemMessagePermittedToRegister("activity",
                                                   aApp.manifestURL,
+                                                  aApp.origin,
                                                   aManifest)) {
           msgmgr.registerPage("activity", launchPathURI, manifestURI);
         }
       }
     }
     return activitiesToRegister;
   },
 
--- a/dom/messages/SystemMessagePermissionsChecker.jsm
+++ b/dom/messages/SystemMessagePermissionsChecker.jsm
@@ -213,101 +213,33 @@ this.SystemMessagePermissionsChecker = {
 
   /**
    * Check if the system message is permitted to be registered for the given
    * app at start-up based on the permissions claimed in the app's manifest.
    * @param string aSysMsgName
    *        The system messsage name.
    * @param string aManifestURL
    *        The app's manifest URL.
+   * @param string aOrigin
+   *        The app's origin.
    * @param object aManifest
    *        The app's manifest.
    * @returns bool
    *        Is permitted or not.
    **/
-  isSystemMessagePermittedToRegister:
-    function isSystemMessagePermittedToRegister(aSysMsgName,
+  isSystemMessagePermittedToRegister: function (aSysMsgName,
                                                 aManifestURL,
+                                                aOrigin,
                                                 aManifest) {
-    debug("isSystemMessagePermittedToRegister(): " +
-          "aSysMsgName: " + aSysMsgName + ", " +
-          "aManifestURL: " + aManifestURL + ", " +
-          "aManifest: " + JSON.stringify(aManifest));
-
-    if (this.isDataStoreSystemMessage(aSysMsgName) &&
-        this.canDeliverDataStoreSystemMessage(aSysMsgName, aManifestURL)) {
-      return true;
-    }
-
-    let permNames = this.getSystemMessagePermissions(aSysMsgName);
-    if (permNames === null) {
-      return false;
-    }
-
-    // Check to see if the 'webapp' is app/privileged/certified.
-    let appStatus;
-    switch (AppsUtils.getAppManifestStatus(aManifest)) {
-    case Ci.nsIPrincipal.APP_STATUS_CERTIFIED:
-      appStatus = "certified";
-      break;
-    case Ci.nsIPrincipal.APP_STATUS_PRIVILEGED:
-      appStatus = "privileged";
-      break;
-    case Ci.nsIPrincipal.APP_STATUS_INSTALLED:
-      appStatus = "app";
-      if (aManifest.type == "trusted") {
-        appStatus = "trusted";
-      }
-      break;
-    default:
-      throw new Error("SystemMessagePermissionsChecker.jsm: " +
-                      "Cannot decide the app's status. Install cancelled.");
-      break;
-    }
-
-    // It's ok here to not pass the origin to ManifestHelper since we only
-    // need the permission property and that doesn't depend on uri resolution.
-    let newManifest = new ManifestHelper(aManifest, aManifestURL, aManifestURL);
-
-    for (let permName in permNames) {
-      // The app doesn't claim valid permissions for this sytem message.
-      if (!newManifest.permissions || !newManifest.permissions[permName]) {
-        debug("'" + aSysMsgName + "' isn't permitted by '" + permName + "'. " +
-              "Please add the permission for app: '" + aManifestURL + "'.");
-        return false;
-      }
-      let permValue = PermissionsTable[permName][appStatus];
-      if (permValue != Ci.nsIPermissionManager.PROMPT_ACTION &&
-          permValue != Ci.nsIPermissionManager.ALLOW_ACTION) {
-        debug("'" + aSysMsgName + "' isn't permitted by '" + permName + "'. " +
-              "Please add the permission for app: '" + aManifestURL + "'.");
-        return false;
-      }
-
-      // Compare the expanded permission names between the ones in
-      // app's manifest and the ones needed for system message.
-      let expandedPermNames =
-        expandPermissions(permName,
-                          newManifest.permissions[permName].access);
-
-      let permNamesWithAccess = permNames[permName];
-
-      // Early return false as soon as any permission is not matched.
-      for (let idx in permNamesWithAccess) {
-        let index = expandedPermNames.indexOf(permNamesWithAccess[idx]);
-        if (index == -1) {
-          debug("'" + aSysMsgName + "' isn't permitted by '" + permName + "'. " +
-                "Please add the permission for app: '" + aOrigin + "'.");
-          return false;
-        }
-      }
-    }
-
-    // All the permissions needed for this system message are matched.
-    return true;
+      // Test if the launch path of the app has the right permission.
+      let newManifest = new ManifestHelper(aManifest, aOrigin, aManifestURL);
+      let launchUrl = newManifest.fullLaunchPath();
+      return this.isSystemMessagePermittedToSend(aSysMsgName,
+                                                 launchUrl,
+                                                 aManifestURL);
   },
 
   /**
    * Check if the system message is permitted to be sent to the given
    * app's page at run-time based on the current app's permissions.
    * @param string aSysMsgName
    *        The system messsage name.
    * @param string aPageURL