Bug 1468213 Propagate nsILoadInfo.serviceWorkerTaintingSynthesized and tainting values from parent process to child process. r=valentin
authorBen Kelly <ben@wanderview.com>
Mon, 11 Jun 2018 12:54:22 -0700
changeset 422303 d241a10ff148bd9a9f913dcc12f5c0154eeade8f
parent 422302 9948ffb9dc033658ac0e5820887bea449bd34837
child 422304 90d7fb47fbe987dda90c95d5ad431f7376607a72
push id104209
push userbkelly@mozilla.com
push dateMon, 11 Jun 2018 19:54:31 +0000
treeherdermozilla-inbound@d241a10ff148 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersvalentin
bugs1468213
milestone62.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1468213 Propagate nsILoadInfo.serviceWorkerTaintingSynthesized and tainting values from parent process to child process. r=valentin
ipc/glue/BackgroundUtils.cpp
netwerk/base/nsILoadInfo.idl
netwerk/ipc/NeckoChannelParams.ipdlh
--- a/ipc/glue/BackgroundUtils.cpp
+++ b/ipc/glue/BackgroundUtils.cpp
@@ -585,29 +585,36 @@ LoadInfoArgsToLoadInfo(const OptionalLoa
    return NS_OK;
 }
 
 void
 LoadInfoToParentLoadInfoForwarder(nsILoadInfo* aLoadInfo,
                                   ParentLoadInfoForwarderArgs* aForwarderArgsOut)
 {
   if (!aLoadInfo) {
-    *aForwarderArgsOut = ParentLoadInfoForwarderArgs(false, void_t());
+    *aForwarderArgsOut = ParentLoadInfoForwarderArgs(false, void_t(),
+                                                     nsILoadInfo::TAINTING_BASIC,
+                                                     false);
     return;
   }
 
   OptionalIPCServiceWorkerDescriptor ipcController = void_t();
   Maybe<ServiceWorkerDescriptor> controller(aLoadInfo->GetController());
   if (controller.isSome()) {
     ipcController = controller.ref().ToIPC();
   }
 
+  uint32_t tainting = nsILoadInfo::TAINTING_BASIC;
+  Unused << aLoadInfo->GetTainting(&tainting);
+
   *aForwarderArgsOut = ParentLoadInfoForwarderArgs(
     aLoadInfo->GetAllowInsecureRedirectToDataURI(),
-    ipcController
+    ipcController,
+    tainting,
+    aLoadInfo->GetServiceWorkerTaintingSynthesized()
   );
 }
 
 nsresult
 MergeParentLoadInfoForwarder(ParentLoadInfoForwarderArgs const& aForwarderArgs,
                              nsILoadInfo* aLoadInfo)
 {
   if (!aLoadInfo) {
@@ -622,16 +629,23 @@ MergeParentLoadInfoForwarder(ParentLoadI
 
   aLoadInfo->ClearController();
   auto& controller = aForwarderArgs.controller();
   if (controller.type() != OptionalIPCServiceWorkerDescriptor::Tvoid_t) {
     aLoadInfo->SetController(
       ServiceWorkerDescriptor(controller.get_IPCServiceWorkerDescriptor()));
   }
 
+  if (aForwarderArgs.serviceWorkerTaintingSynthesized()) {
+    aLoadInfo->SynthesizeServiceWorkerTainting(
+      static_cast<LoadTainting>(aForwarderArgs.tainting()));
+  } else {
+    aLoadInfo->MaybeIncreaseTainting(aForwarderArgs.tainting());
+  }
+
   return NS_OK;
 }
 
 void
 LoadInfoToChildLoadInfoForwarder(nsILoadInfo* aLoadInfo,
                                  ChildLoadInfoForwarderArgs* aForwarderArgsOut)
 {
   if (!aLoadInfo) {
--- a/netwerk/base/nsILoadInfo.idl
+++ b/netwerk/base/nsILoadInfo.idl
@@ -988,18 +988,19 @@ interface nsILoadInfo : nsISupports
   void SetPerformanceStorage(in PerformanceStoragePtr aPerformanceStorage);
 
   /**
    * Get the PerformanceStorage.
    */
   [noscript, nostdcall, notxpcom]
   PerformanceStoragePtr GetPerformanceStorage();
 
-  /* The service worker and fetch specifications require returning the
-   * exact tainting level of the Response passed to FetchEvent.respondWith().
-   * This method allows us to override the tainting level in that case.
-   *
-   * NOTE: This should not be used outside of service worker code! Use
-   *       nsILoadInfo::MaybeIncreaseTainting() instead.
+  /**
+    * The service worker and fetch specifications require returning the
+    * exact tainting level of the Response passed to FetchEvent.respondWith().
+    * This method allows us to override the tainting level in that case.
+    *
+    * NOTE: This should not be used outside of service worker code! Use
+    *       nsILoadInfo::MaybeIncreaseTainting() instead.
    */
   [noscript, nostdcall, notxpcom]
   void SynthesizeServiceWorkerTainting(in LoadTainting aTainting);
 };
--- a/netwerk/ipc/NeckoChannelParams.ipdlh
+++ b/netwerk/ipc/NeckoChannelParams.ipdlh
@@ -127,16 +127,24 @@ struct ParentLoadInfoForwarderArgs
   // the parent and needs to be mirrored to the child so that security
   // checks can pass.
   bool allowInsecureRedirectToDataURI;
 
   // The ServiceWorker controller that may be set in the parent when
   // interception occurs.
   OptionalIPCServiceWorkerDescriptor controller;
 
+  // The service worker may synthesize a Response with a particular
+  // tainting value.
+  uint32_t tainting;
+
+  // We must also note that the tainting value was explicitly set
+  // by the service worker.
+  bool serviceWorkerTaintingSynthesized;
+
   // IMPORTANT: when you add new properites here you must also update
   // LoadInfoToParentLoadInfoForwarder and MergeParentLoadInfoForwarder
   // in BackgroundUtils.cpp/.h!
 };
 
 /**
  * This structure is used to carry selected properties of a LoadInfo
  * object to the parent process that might have changed in the child