Bug 838308 - mozKeyboard should require a permission to use r=vingtetun a=tef+
authorFabrice Desré <fabrice@mozilla.com>
Fri, 15 Feb 2013 12:35:18 -0800
changeset 122058 3ef0e08b453067732352cf61164b4e84bcaf6097
parent 122057 c68f8131db6a0232140561c3d45f20913f540bea
child 122059 81c0ba416a3f6fd15ec2ceebc25c98ccc7e8d837
push id24317
push userryanvm@gmail.com
push dateSat, 16 Feb 2013 14:49:39 +0000
treeherdermozilla-central@484dbca61133 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersvingtetun, tef
bugs838308
milestone21.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 838308 - mozKeyboard should require a permission to use r=vingtetun a=tef+
b2g/components/Keyboard.jsm
b2g/components/MozKeyboard.js
dom/apps/src/PermissionsTable.jsm
--- a/b2g/components/Keyboard.jsm
+++ b/b2g/components/Keyboard.jsm
@@ -44,16 +44,40 @@ let Keyboard = {
 
   observe: function keyboardObserve(subject, topic, data) {
     let frameLoader = subject.QueryInterface(Ci.nsIFrameLoader);
     let mm = frameLoader.messageManager;
     mm.addMessageListener('Forms:Input', this);
   },
 
   receiveMessage: function keyboardReceiveMessage(msg) {
+    // If we get a 'Keyboard:XXX' message, check that the sender has the
+    // keyboard permission.
+    if (msg.name != 'Forms:Input') {
+      let mm;
+      try {
+        mm = msg.target.QueryInterface(Ci.nsIFrameLoaderOwner)
+                       .frameLoader.messageManager;
+      } catch(e) {
+        mm = msg.target;
+      }
+
+      // That should never happen.
+      if (!mm) {
+        dump("!! No message manager found for " + msg.name);
+        return;
+      }
+
+      if (!mm.assertPermission("keyboard")) {
+        dump("Keyboard message " + msg.name +
+        " from a content process with no 'keyboard' privileges.");
+        return;
+      }
+    }
+
     switch (msg.name) {
       case 'Forms:Input':
         this.handleFormsInput(msg);
         break;
       case 'Keyboard:SetValue':
         this.setValue(msg);
         break;
       case 'Keyboard:RemoveFocus':
--- a/b2g/components/MozKeyboard.js
+++ b/b2g/components/MozKeyboard.js
@@ -13,17 +13,17 @@ Cu.import("resource://gre/modules/Object
 
 XPCOMUtils.defineLazyServiceGetter(this, "cpmm",
   "@mozilla.org/childprocessmessagemanager;1", "nsIMessageSender");
 
 // -----------------------------------------------------------------------
 // MozKeyboard
 // -----------------------------------------------------------------------
 
-function MozKeyboard() { } 
+function MozKeyboard() { }
 
 MozKeyboard.prototype = {
   classID: Components.ID("{397a7fdf-2254-47be-b74e-76625a1a66d5}"),
 
   QueryInterface: XPCOMUtils.generateQI([
     Ci.nsIB2GKeyboard, Ci.nsIDOMGlobalPropertyInitializer, Ci.nsIObserver
   ]),
 
@@ -31,16 +31,25 @@ MozKeyboard.prototype = {
     "classID": Components.ID("{397a7fdf-2254-47be-b74e-76625a1a66d5}"),
     "contractID": "@mozilla.org/b2g-keyboard;1",
     "interfaces": [Ci.nsIB2GKeyboard],
     "flags": Ci.nsIClassInfo.DOM_OBJECT,
     "classDescription": "B2G Virtual Keyboard"
   }),
 
   init: function mozKeyboardInit(win) {
+    let principal = win.document.nodePrincipal;
+    let perm = Services.perms
+               .testExactPermissionFromPrincipal(principal, "keyboard");
+    if (perm != Ci.nsIPermissionManager.ALLOW_ACTION) {
+      dump("No permission to use the keyboard API for " +
+           principal.origin + "\n");
+      return null;
+    }
+
     Services.obs.addObserver(this, "inner-window-destroyed", false);
     cpmm.addMessageListener('Keyboard:FocusChange', this);
 
     this._window = win;
     this._utils = win.QueryInterface(Ci.nsIInterfaceRequestor)
                      .getInterface(Ci.nsIDOMWindowUtils);
     this.innerWindowID = this._utils.currentInnerWindowID;
     this._focusHandler = null;
--- a/dom/apps/src/PermissionsTable.jsm
+++ b/dom/apps/src/PermissionsTable.jsm
@@ -256,16 +256,21 @@ this.PermissionsTable =  { geolocation: 
                              privileged: DENY_ACTION,
                              certified: ALLOW_ACTION
                            },
                            "open-remote-window": {
                              app: DENY_ACTION,
                              privileged: DENY_ACTION,
                              certified: ALLOW_ACTION
                            },
+                           "keyboard": {
+                             app: DENY_ACTION,
+                             privileged: DENY_ACTION,
+                             certified: ALLOW_ACTION
+                           },
                          };
 
 /**
  * Append access modes to the permission name as suffixes.
  *   e.g. permission name 'contacts' with ['read', 'write'] =
  *   ['contacts-read', contacts-write']
  * @param string aPermName
  * @param array aAccess