Bug 1020172 - Part 4: Replace ManagedPBrowserParent in AppProcessChecker. r=khuey
authorKershaw Chang <kechang@mozilla.com>
Fri, 24 Oct 2014 02:30:00 -0400
changeset 212246 176ca43635179fb52125f79e38ff89ee076e5a8c
parent 212245 90714be8e68933f4a7393b4cbe20bb5ce794def4
child 212247 5a514513e3e6b43e1de91c5e965a57df1d827ce5
push id27702
push userkwierso@gmail.com
push dateFri, 24 Oct 2014 22:05:50 +0000
treeherdermozilla-central@c70f62375f7d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskhuey
bugs1020172
milestone36.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1020172 - Part 4: Replace ManagedPBrowserParent in AppProcessChecker. r=khuey
dom/ipc/AppProcessChecker.cpp
dom/ipc/AppProcessChecker.h
--- a/dom/ipc/AppProcessChecker.cpp
+++ b/dom/ipc/AppProcessChecker.cpp
@@ -34,89 +34,125 @@ class PContentParent;
 
 class nsIPrincipal;
 #endif
 
 namespace mozilla {
 
 #ifdef MOZ_CHILD_PERMISSIONS
 
+static bool
+CheckAppTypeHelper(mozIApplication* aApp,
+                   AssertAppProcessType aType,
+                   const char* aCapability,
+                   bool aIsBrowserElement)
+{
+  bool aValid = false;
+
+  // isBrowser frames inherit their app descriptor to identify their
+  // data storage, but they don't inherit the capability associated
+  // with that descriptor.
+  if (aApp && (aType == ASSERT_APP_HAS_PERMISSION || !aIsBrowserElement)) {
+    switch (aType) {
+      case ASSERT_APP_HAS_PERMISSION:
+      case ASSERT_APP_PROCESS_PERMISSION:
+        if (!NS_SUCCEEDED(aApp->HasPermission(aCapability, &aValid))) {
+          aValid = false;
+        }
+        break;
+      case ASSERT_APP_PROCESS_MANIFEST_URL: {
+        nsAutoString manifestURL;
+        if (NS_SUCCEEDED(aApp->GetManifestURL(manifestURL)) &&
+            manifestURL.EqualsASCII(aCapability)) {
+          aValid = true;
+        }
+        break;
+      }
+      default:
+        break;
+    }
+  }
+  return aValid;
+}
+
 bool
 AssertAppProcess(PBrowserParent* aActor,
                  AssertAppProcessType aType,
                  const char* aCapability)
 {
   if (!aActor) {
     NS_WARNING("Testing process capability for null actor");
     return false;
   }
 
   TabParent* tab = static_cast<TabParent*>(aActor);
   nsCOMPtr<mozIApplication> app = tab->GetOwnOrContainingApp();
-  bool aValid = false;
+
+  return CheckAppTypeHelper(app, aType, aCapability, tab->IsBrowserElement());
+}
 
-  // isBrowser frames inherit their app descriptor to identify their
-  // data storage, but they don't inherit the capability associated
-  // with that descriptor.
-  if (app && (aType == ASSERT_APP_HAS_PERMISSION || !tab->IsBrowserElement())) {
-    switch (aType) {
-      case ASSERT_APP_HAS_PERMISSION:
-      case ASSERT_APP_PROCESS_PERMISSION:
-        if (!NS_SUCCEEDED(app->HasPermission(aCapability, &aValid))) {
-          aValid = false;
-        }
-        break;
-      case ASSERT_APP_PROCESS_MANIFEST_URL: {
-        nsAutoString manifestURL;
-        if (NS_SUCCEEDED(app->GetManifestURL(manifestURL)) &&
-            manifestURL.EqualsASCII(aCapability)) {
-          aValid = true;
-        }
-        break;
-      }
-      default:
-        break;
+static bool
+CheckAppStatusHelper(mozIApplication* aApp,
+                     unsigned short aStatus)
+{
+  bool valid = false;
+
+  if (aApp) {
+    unsigned short appStatus = 0;
+    if (NS_SUCCEEDED(aApp->GetAppStatus(&appStatus))) {
+      valid = appStatus == aStatus;
     }
   }
-  return aValid;
+
+  return valid;
 }
 
 bool
 AssertAppStatus(PBrowserParent* aActor,
                 unsigned short aStatus)
 {
   if (!aActor) {
     NS_WARNING("Testing process capability for null actor");
     return false;
   }
 
   TabParent* tab = static_cast<TabParent*>(aActor);
   nsCOMPtr<mozIApplication> app = tab->GetOwnOrContainingApp();
 
-  bool valid = false;
+  return CheckAppStatusHelper(app, aStatus);
+}
+
+bool
+AssertAppProcess(TabContext& aContext,
+                 AssertAppProcessType aType,
+                 const char* aCapability)
+{
 
-  if (app) {
-    unsigned short appStatus = 0;
-    if (NS_SUCCEEDED(app->GetAppStatus(&appStatus))) {
-      valid = appStatus == aStatus;
-    }
-  }
+  nsCOMPtr<mozIApplication> app = aContext.GetOwnOrContainingApp();
+  return CheckAppTypeHelper(app, aType, aCapability, aContext.IsBrowserElement());
+}
 
-  return valid;
+bool
+AssertAppStatus(TabContext& aContext,
+                unsigned short aStatus)
+{
+
+  nsCOMPtr<mozIApplication> app = aContext.GetOwnOrContainingApp();
+  return CheckAppStatusHelper(app, aStatus);
 }
 
 bool
 AssertAppProcess(PContentParent* aActor,
                  AssertAppProcessType aType,
                  const char* aCapability)
 {
-  const InfallibleTArray<PBrowserParent*>& browsers =
-    aActor->ManagedPBrowserParent();
-  for (uint32_t i = 0; i < browsers.Length(); ++i) {
-    if (AssertAppProcess(browsers[i], aType, aCapability)) {
+  nsTArray<TabContext> contextArray =
+    static_cast<ContentParent*>(aActor)->GetManagedTabContext();
+  for (uint32_t i = 0; i < contextArray.Length(); ++i) {
+    if (AssertAppProcess(contextArray[i], aType, aCapability)) {
       return true;
     }
   }
 
   NS_ERROR(
     nsPrintfCString(
       "Security problem: Content process does not have `%s'.  It will be killed.\n",
       aCapability).get());
@@ -125,20 +161,20 @@ AssertAppProcess(PContentParent* aActor,
 
   return false;
 }
 
 bool
 AssertAppStatus(PContentParent* aActor,
                 unsigned short aStatus)
 {
-  const InfallibleTArray<PBrowserParent*>& browsers =
-    aActor->ManagedPBrowserParent();
-  for (uint32_t i = 0; i < browsers.Length(); ++i) {
-    if (AssertAppStatus(browsers[i], aStatus)) {
+  nsTArray<TabContext> contextArray =
+    static_cast<ContentParent*>(aActor)->GetManagedTabContext();
+  for (uint32_t i = 0; i < contextArray.Length(); ++i) {
+    if (AssertAppStatus(contextArray[i], aStatus)) {
       return true;
     }
   }
 
   NS_ERROR(
     nsPrintfCString(
       "Security problem: Content process does not have `%d' status.  It will be killed.",
       aStatus).get());
@@ -165,24 +201,23 @@ AssertAppPrincipal(PContentParent* aActo
     static_cast<ContentParent*>(aActor)->KillHard();
     return false;
   }
 
   uint32_t principalAppId = aPrincipal->GetAppId();
   bool inBrowserElement = aPrincipal->GetIsInBrowserElement();
 
   // Check if the permission's appId matches a child we manage.
-  const InfallibleTArray<PBrowserParent*>& browsers =
-    aActor->ManagedPBrowserParent();
-  for (uint32_t i = 0; i < browsers.Length(); ++i) {
-    TabParent* tab = static_cast<TabParent*>(browsers[i]);
-    if (tab->OwnOrContainingAppId() == principalAppId) {
+  nsTArray<TabContext> contextArray =
+    static_cast<ContentParent*>(aActor)->GetManagedTabContext();
+  for (uint32_t i = 0; i < contextArray.Length(); ++i) {
+    if (contextArray[i].OwnOrContainingAppId() == principalAppId) {
       // If the child only runs inBrowserElement content and the principal claims
       // it's not in a browser element, it's lying.
-      if (!tab->IsBrowserElement() || inBrowserElement) {
+      if (!contextArray[i].IsBrowserElement() || inBrowserElement) {
         return true;
       }
       break;
     }
   }
 
   NS_WARNING("Principal is invalid, killing app process");
   static_cast<ContentParent*>(aActor)->KillHard();
@@ -282,16 +317,31 @@ AssertAppProcess(mozilla::dom::PBrowserP
 
 bool
 AssertAppStatus(mozilla::dom::PBrowserParent* aActor,
                 unsigned short aStatus)
 {
   return true;
 }
 
+bool
+AssertAppProcess(const mozilla::dom::TabContext& aContext,
+                 AssertAppProcessType aType,
+                 const char* aCapability)
+{
+  return true;
+}
+
+bool
+AssertAppStatus(const mozilla::dom::TabContext& aContext,
+                unsigned short aStatus)
+{
+  return true;
+}
+
 
 bool
 AssertAppProcess(mozilla::dom::PContentParent* aActor,
                  AssertAppProcessType aType,
                  const char* aCapability)
 {
   return true;
 }
--- a/dom/ipc/AppProcessChecker.h
+++ b/dom/ipc/AppProcessChecker.h
@@ -10,16 +10,17 @@
 
 #include <stdint.h>
 
 class nsIPrincipal;
 
 namespace mozilla {
 
 namespace dom {
+class TabContext;
 class PBrowserParent;
 class PContentParent;
 }
 
 namespace hal_sandbox {
 class PHalParent;
 }
 
@@ -43,16 +44,34 @@ AssertAppProcess(mozilla::dom::PBrowserP
  * Return true if the specified app has the specified status.
  * If this returns false, the browser will be killed.
  */
 bool
 AssertAppStatus(mozilla::dom::PBrowserParent* aActor,
                 unsigned short aStatus);
 
 /**
+ * Return true if the specified browser has the specified capability.
+ * If this returns false, the browser didn't have the capability and
+ * will be killed.
+ */
+bool
+AssertAppProcess(const mozilla::dom::TabContext& aContext,
+                 AssertAppProcessType aType,
+                 const char* aCapability);
+
+/**
+ * Return true if the specified app has the specified status.
+ * If this returns false, the browser will be killed.
+ */
+bool
+AssertAppStatus(const mozilla::dom::TabContext& aContext,
+                unsigned short aStatus);
+
+/**
  * Return true if any of the PBrowsers loaded in this content process
  * has the specified capability.  If this returns false, the process
  * didn't have the capability and will be killed.
  */
 bool
 AssertAppProcess(mozilla::dom::PContentParent* aActor,
                  AssertAppProcessType aType,
                  const char* aCapability);