Backed out changeset c32539fd746a (bug 1162772)
authorSebastian Hengst <archaeopteryx@coole-files.de>
Sat, 30 Apr 2016 09:54:01 +0200
changeset 295602 2e73a4d863d497211a681d4ec09a1e3390ea2dae
parent 295601 9e920902fcca6cb2b70e7174a69c8124e9d88799
child 295603 5e4f1107cd17a9809d18234f4a7c2da5420ea9ab
push id30226
push usercbook@mozilla.com
push dateMon, 02 May 2016 09:26:03 +0000
treeherdermozilla-central@77cead2cd203 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1162772
milestone49.0a1
backs outc32539fd746a21ebef7f0d2e601c20ad6acd0640
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset c32539fd746a (bug 1162772)
caps/nsIScriptSecurityManager.idl
caps/nsScriptSecurityManager.cpp
caps/nsScriptSecurityManager.h
--- a/caps/nsIScriptSecurityManager.idl
+++ b/caps/nsIScriptSecurityManager.idl
@@ -21,17 +21,17 @@ class DomainPolicyClone;
 }
 }
 %}
 
 [ptr] native JSContextPtr(JSContext);
 [ptr] native JSObjectPtr(JSObject);
 [ptr] native DomainPolicyClonePtr(mozilla::dom::DomainPolicyClone);
 
-[scriptable, uuid(da831650-4241-4892-806c-cce8465a2ba8)]
+[scriptable, uuid(b7ae2310-576e-11e5-a837-0800200c9a66)]
 interface nsIScriptSecurityManager : nsISupports
 {
     /**
      * For each of these hooks returning NS_OK means 'let the action continue'.
      * Returning an error code means 'veto the action'. XPConnect will return
      * false to the js engine if the action is vetoed. The implementor of this
      * interface is responsible for setting a JS exception into the JSContext
      * if that is appropriate.
@@ -238,34 +238,16 @@ interface nsIScriptSecurityManager : nsI
     /**
      * Get the principal for the given channel.  This will typically be the
      * channel owner if there is one, and the codebase principal for the
      * channel's URI otherwise.  aChannel must not be null.
      */
     nsIPrincipal getChannelResultPrincipal(in nsIChannel aChannel);
 
     /**
-     * Temporary API until bug 1220687 is fixed.
-     *
-     * Returns the same value as getChannelResultPrincipal, but ignoring
-     * sandboxing.  Specifically, if sandboxing would have prevented the
-     * channel's triggering principal from being returned by
-     * getChannelResultPrincipal, the triggering principal will be returned
-     * by this method.
-     *
-     * Note that this method only ignores sandboxing of the channel in
-     * question, it does not ignore sandboxing of any channels further up a
-     * document chain.  The triggering principal itself may still be the null
-     * principal due to sandboxing further up a document chain.  In that regard
-     * the ignoring of sandboxing is limited.
-     */
-    [noscript, nostdcall]
-    nsIPrincipal getChannelResultPrincipalIfNotSandboxed(in nsIChannel aChannel);
-
-    /**
      * Get the codebase principal for the channel's URI.
      * aChannel must not be null.
      */
     nsIPrincipal getChannelURIPrincipal(in nsIChannel aChannel);
 
     /**
      * Check whether a given principal is a system principal.  This allows us
      * to avoid handing back the system principal to script while allowing
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -6,17 +6,16 @@
 
 #include "nsScriptSecurityManager.h"
 
 #include "mozilla/ArrayUtils.h"
 
 #include "xpcprivate.h"
 #include "XPCWrapper.h"
 #include "nsIAppsService.h"
-#include "nsIInputStreamChannel.h"
 #include "nsILoadContext.h"
 #include "nsIServiceManager.h"
 #include "nsIScriptObjectPrincipal.h"
 #include "nsIScriptContext.h"
 #include "nsIURL.h"
 #include "nsINestedURI.h"
 #include "nspr.h"
 #include "nsJSPrincipals.h"
@@ -325,74 +324,47 @@ nsScriptSecurityManager::AppStatusForPri
  * the load doesn't require sandboxing or inheriting, it will return the same
  * principal as GetChannelURIPrincipal. Namely the principal of the URI
  * that is being loaded.
  */
 NS_IMETHODIMP
 nsScriptSecurityManager::GetChannelResultPrincipal(nsIChannel* aChannel,
                                                    nsIPrincipal** aPrincipal)
 {
-  return GetChannelResultPrincipal(aChannel, aPrincipal,
-                                   /*aIgnoreSandboxing*/ false);
-}
-
-nsresult
-nsScriptSecurityManager::GetChannelResultPrincipalIfNotSandboxed(nsIChannel* aChannel,
-                                                                 nsIPrincipal** aPrincipal)
-{
-  return GetChannelResultPrincipal(aChannel, aPrincipal,
-                                   /*aIgnoreSandboxing*/ true);
-}
-
-nsresult
-nsScriptSecurityManager::GetChannelResultPrincipal(nsIChannel* aChannel,
-                                                   nsIPrincipal** aPrincipal,
-                                                   bool aIgnoreSandboxing)
-{
     NS_PRECONDITION(aChannel, "Must have channel!");
     nsCOMPtr<nsISupports> owner;
     aChannel->GetOwner(getter_AddRefs(owner));
     if (owner) {
         CallQueryInterface(owner, aPrincipal);
         if (*aPrincipal) {
             return NS_OK;
         }
     }
 
     // Check whether we have an nsILoadInfo that says what we should do.
     nsCOMPtr<nsILoadInfo> loadInfo;
     aChannel->GetLoadInfo(getter_AddRefs(loadInfo));
     if (loadInfo) {
-        if (!aIgnoreSandboxing && loadInfo->GetLoadingSandboxed()) {
+        if (loadInfo->GetLoadingSandboxed()) {
             RefPtr<nsNullPrincipal> prin;
             if (loadInfo->LoadingPrincipal()) {
               prin =
                 nsNullPrincipal::CreateWithInheritedAttributes(loadInfo->LoadingPrincipal());
             } else {
               NeckoOriginAttributes nAttrs;
               loadInfo->GetOriginAttributes(&nAttrs);
               PrincipalOriginAttributes pAttrs;
               pAttrs.InheritFromNecko(nAttrs);
               prin = nsNullPrincipal::Create(pAttrs);
             }
             prin.forget(aPrincipal);
             return NS_OK;
         }
 
-        bool forceInterit = loadInfo->GetForceInheritPrincipal();
-        if (aIgnoreSandboxing && !forceInterit) {
-          // Check if SEC_FORCE_INHERIT_PRINCIPAL was dropped because of
-          // sandboxing:
-          if (loadInfo->GetLoadingSandboxed() &&
-              (loadInfo->GetSecurityFlags() &
-               nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL_WAS_DROPPED)) {
-            forceInterit = true;
-          }
-        }
-        if (forceInterit) {
+        if (loadInfo->GetForceInheritPrincipal()) {
             NS_ADDREF(*aPrincipal = loadInfo->TriggeringPrincipal());
             return NS_OK;
         }
 
         nsSecurityFlags securityFlags = loadInfo->GetSecurityMode();
         if (securityFlags == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS ||
             securityFlags == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS ||
             securityFlags == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
--- a/caps/nsScriptSecurityManager.h
+++ b/caps/nsScriptSecurityManager.h
@@ -115,20 +115,16 @@ private:
     ScriptSecurityPrefChanged();
 
     inline void
     AddSitesToFileURIWhitelist(const nsCString& aSiteList);
 
     // If aURI is a moz-extension:// URI, set mAddonId to the associated addon.
     nsresult MaybeSetAddonIdFromURI(mozilla::PrincipalOriginAttributes& aAttrs, nsIURI* aURI);
 
-    nsresult GetChannelResultPrincipal(nsIChannel* aChannel,
-                                       nsIPrincipal** aPrincipal,
-                                       bool aIgnoreSandboxing);
-
     nsCOMPtr<nsIPrincipal> mSystemPrincipal;
     bool mPrefInitialized;
     bool mIsJavaScriptEnabled;
     nsTArray<nsCOMPtr<nsIURI>> mFileURIWhitelist;
 
     // This machinery controls new-style domain policies. The old-style
     // policy machinery will be removed soon.
     nsCOMPtr<nsIDomainPolicy> mDomainPolicy;