Bug 890570: Stop using PBrowser for all other protocols r=jduell
authorDavid Zbarsky <dzbarsky@gmail.com>
Wed, 21 Aug 2013 02:49:44 -0400
changeset 143659 3faa29e53ac0f406eb2a74e47a158669b734e6ad
parent 143658 ab5c94e63711e9d1a5a399bfd9b19deb296cd62b
child 143660 8ab3659863d7d2d97f4e4a5a40a028938be53327
push id25133
push useremorley@mozilla.com
push dateWed, 21 Aug 2013 12:07:38 +0000
treeherdermozilla-central@ba6c02fc1fe6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjduell
bugs890570
milestone26.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 890570: Stop using PBrowser for all other protocols r=jduell
netwerk/ipc/NeckoParent.cpp
netwerk/ipc/NeckoParent.h
netwerk/protocol/wyciwyg/WyciwygChannelParent.cpp
--- a/netwerk/ipc/NeckoParent.cpp
+++ b/netwerk/ipc/NeckoParent.cpp
@@ -89,107 +89,70 @@ NeckoParent::GetValidatedAppInfo(const S
   if (UsingNeckoIPCSecurity()) {
     if (!aSerialized.IsNotNull()) {
       return "SerializedLoadContext from child is null";
     }
   }
 
   const InfallibleTArray<PBrowserParent*>& browsers = aContent->ManagedPBrowserParent();
   for (uint32_t i = 0; i < browsers.Length(); i++) {
-    // GetValidatedAppInfo returning null means we passed security checks.
-    if (!GetValidatedAppInfo(aSerialized, browsers[i], aAppId, aInBrowserElement)) {
-      return nullptr;
+    nsRefPtr<TabParent> tabParent = static_cast<TabParent*>(browsers[i]);
+    uint32_t appId = tabParent->OwnOrContainingAppId();
+    bool inBrowserElement = aSerialized.IsNotNull() ? aSerialized.mIsInBrowserElement
+                                                    : tabParent->IsBrowserElement();
+
+    if (appId == NECKO_UNKNOWN_APP_ID) {
+      continue;
     }
+    // We may get appID=NO_APP if child frame is neither a browser nor an app
+    if (appId == NECKO_NO_APP_ID) {
+      if (tabParent->HasOwnApp()) {
+        continue;
+      }
+      if (UsingNeckoIPCSecurity() && tabParent->IsBrowserElement()) {
+        // <iframe mozbrowser> which doesn't have an <iframe mozapp> above it.
+        // This is not supported now, and we'll need to do a code audit to make
+        // sure we can handle it (i.e don't short-circuit using separate
+        // namespace if just appID==0)
+        continue;
+      }
+    }
+    *aAppId = appId;
+    *aInBrowserElement = inBrowserElement;
+    return nullptr;
   }
 
-  if (browsers.Length() == 0) {
-    if (UsingNeckoIPCSecurity()) {
-      return "ContentParent does not have any PBrowsers";
-    }
+  if (browsers.Length() != 0) {
+    return "App does not have permission";
+  }
+
+  if (!UsingNeckoIPCSecurity()) {
+    // We are running xpcshell tests
     if (aSerialized.IsNotNull()) {
       *aAppId = aSerialized.mAppId;
       *aInBrowserElement = aSerialized.mIsInBrowserElement;
     } else {
       *aAppId = NECKO_NO_APP_ID;
     }
     return nullptr;
   }
 
-  // If we reached this point, we failed the security check.
-  // Try to return a reasonable error message.
-  return GetValidatedAppInfo(aSerialized, browsers[0], aAppId, aInBrowserElement);
-}
-
-const char*
-NeckoParent::GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
-                                 PBrowserParent* aBrowser,
-                                 uint32_t* aAppId,
-                                 bool* aInBrowserElement)
-{
-  if (UsingNeckoIPCSecurity()) {
-    if (!aBrowser) {
-      return "missing required PBrowser argument";
-    }
-    if (!aSerialized.IsNotNull()) {
-      return "SerializedLoadContext from child is null";
-    }
-  }
-
-  *aAppId = NECKO_UNKNOWN_APP_ID;
-  *aInBrowserElement = false;
-
-  if (aBrowser) {
-    nsRefPtr<TabParent> tabParent = static_cast<TabParent*>(aBrowser);
-
-    *aAppId = tabParent->OwnOrContainingAppId();
-    *aInBrowserElement = aSerialized.IsNotNull() ? aSerialized.mIsInBrowserElement
-                                                 : tabParent->IsBrowserElement();
-
-    if (*aAppId == NECKO_UNKNOWN_APP_ID) {
-      return "TabParent reports appId=NECKO_UNKNOWN_APP_ID!";
-    }
-    // We may get appID=NO_APP if child frame is neither a browser nor an app
-    if (*aAppId == NECKO_NO_APP_ID) {
-      if (tabParent->HasOwnApp()) {
-        return "TabParent reports NECKO_NO_APP_ID but also is an app";
-      }
-      if (UsingNeckoIPCSecurity() && tabParent->IsBrowserElement()) {
-        // <iframe mozbrowser> which doesn't have an <iframe mozapp> above it.
-        // This is not supported now, and we'll need to do a code audit to make
-        // sure we can handle it (i.e don't short-circuit using separate
-        // namespace if just appID==0)
-        return "TabParent reports appId=NECKO_NO_APP_ID but is a mozbrowser";
-      }
-    }
-  } else {
-    // Only trust appId/inBrowser from child-side loadcontext if we're in
-    // testing mode: allows xpcshell tests to masquerade as apps
-    MOZ_ASSERT(!UsingNeckoIPCSecurity());
-    if (UsingNeckoIPCSecurity()) {
-      return "internal error";
-    }
-    if (aSerialized.IsNotNull()) {
-      *aAppId = aSerialized.mAppId;
-      *aInBrowserElement = aSerialized.mIsInBrowserElement;
-    } else {
-      *aAppId = NECKO_NO_APP_ID;
-    }
-  }
-  return nullptr;
+  return "ContentParent does not have any PBrowsers";
 }
 
 const char *
 NeckoParent::CreateChannelLoadContext(PBrowserParent* aBrowser,
+                                      PContentParent* aContent,
                                       const SerializedLoadContext& aSerialized,
                                       nsCOMPtr<nsILoadContext> &aResult)
 {
   uint32_t appId = NECKO_UNKNOWN_APP_ID;
   bool inBrowser = false;
   dom::Element* topFrameElement = nullptr;
-  const char* error = GetValidatedAppInfo(aSerialized, aBrowser, &appId, &inBrowser);
+  const char* error = GetValidatedAppInfo(aSerialized, aContent, &appId, &inBrowser);
   if (error) {
     return error;
   }
 
   if (aBrowser) {
     nsRefPtr<TabParent> tabParent = static_cast<TabParent*>(aBrowser);
     topFrameElement = tabParent->GetOwnerElement();
   }
@@ -204,18 +167,18 @@ NeckoParent::CreateChannelLoadContext(PB
 }
 
 PHttpChannelParent*
 NeckoParent::AllocPHttpChannelParent(PBrowserParent* aBrowser,
                                      const SerializedLoadContext& aSerialized,
                                      const HttpChannelCreationArgs& aOpenArgs)
 {
   nsCOMPtr<nsILoadContext> loadContext;
-  const char *error = CreateChannelLoadContext(aBrowser, aSerialized,
-                                               loadContext);
+  const char *error = CreateChannelLoadContext(aBrowser, Manager(),
+                                               aSerialized, loadContext);
   if (error) {
     printf_stderr("NeckoParent::AllocPHttpChannelParent: "
                   "FATAL error: %s: KILLING CHILD PROCESS\n",
                   error);
     return nullptr;
   }
   PBOverrideStatus overrideStatus = PBOverrideStatusFromLoadContext(aSerialized);
   HttpChannelParent *p = new HttpChannelParent(aBrowser, loadContext, overrideStatus);
@@ -243,18 +206,18 @@ NeckoParent::RecvPHttpChannelConstructor
 }
 
 PFTPChannelParent*
 NeckoParent::AllocPFTPChannelParent(PBrowserParent* aBrowser,
                                     const SerializedLoadContext& aSerialized,
                                     const FTPChannelCreationArgs& aOpenArgs)
 {
   nsCOMPtr<nsILoadContext> loadContext;
-  const char *error = CreateChannelLoadContext(aBrowser, aSerialized,
-                                               loadContext);
+  const char *error = CreateChannelLoadContext(aBrowser, Manager(),
+                                               aSerialized, loadContext);
   if (error) {
     printf_stderr("NeckoParent::AllocPFTPChannelParent: "
                   "FATAL error: %s: KILLING CHILD PROCESS\n",
                   error);
     return nullptr;
   }
   PBOverrideStatus overrideStatus = PBOverrideStatusFromLoadContext(aSerialized);
   FTPChannelParent *p = new FTPChannelParent(loadContext, overrideStatus);
@@ -310,18 +273,18 @@ NeckoParent::DeallocPWyciwygChannelParen
   return true;
 }
 
 PWebSocketParent*
 NeckoParent::AllocPWebSocketParent(PBrowserParent* browser,
                                    const SerializedLoadContext& serialized)
 {
   nsCOMPtr<nsILoadContext> loadContext;
-  const char *error = CreateChannelLoadContext(browser, serialized,
-                                               loadContext);
+  const char *error = CreateChannelLoadContext(browser, Manager(),
+                                               serialized, loadContext);
   if (error) {
     printf_stderr("NeckoParent::AllocPWebSocketParent: "
                   "FATAL error: %s: KILLING CHILD PROCESS\n",
                   error);
     return nullptr;
   }
 
   TabParent* tabParent = static_cast<TabParent*>(browser);
--- a/netwerk/ipc/NeckoParent.h
+++ b/netwerk/ipc/NeckoParent.h
@@ -41,24 +41,24 @@ public:
   GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
                       PContentParent* aBrowser,
                       uint32_t* aAppId,
                       bool* aInBrowserElement);
 
   /*
    * Creates LoadContext for parent-side of an e10s channel.
    *
-   * Values from PBrowserParent are more secure, and override those set in
-   * SerializedLoadContext.
+   * PContentParent corresponds to the process that is requesting the load.
    *
    * Returns null if successful, or an error string if failed.
    */
   MOZ_WARN_UNUSED_RESULT
   static const char*
   CreateChannelLoadContext(PBrowserParent* aBrowser,
+                           PContentParent* aContent,
                            const SerializedLoadContext& aSerialized,
                            nsCOMPtr<nsILoadContext> &aResult);
 
 protected:
   virtual PHttpChannelParent*
     AllocPHttpChannelParent(PBrowserParent*, const SerializedLoadContext&,
                             const HttpChannelCreationArgs& aOpenArgs);
   virtual bool
--- a/netwerk/protocol/wyciwyg/WyciwygChannelParent.cpp
+++ b/netwerk/protocol/wyciwyg/WyciwygChannelParent.cpp
@@ -102,17 +102,19 @@ WyciwygChannelParent::RecvAppData(const 
 
 bool
 WyciwygChannelParent::SetupAppData(const IPC::SerializedLoadContext& loadContext,
                                    PBrowserParent* aParent)
 {
   if (!mChannel)
     return true;
 
-  const char* error = NeckoParent::CreateChannelLoadContext(aParent, loadContext,
+  const char* error = NeckoParent::CreateChannelLoadContext(aParent,
+                                                            Manager()->Manager(),
+                                                            loadContext,
                                                             mLoadContext);
   if (error) {
     printf_stderr(nsPrintfCString("WyciwygChannelParent::SetupAppData: FATAL ERROR: %s\n",
                                   error).get());
     return false;
   }
 
   if (!mLoadContext && loadContext.IsPrivateBitValid()) {