Bug 1020172 - Patch 4: Replace ManagedPBrowserParent in AppProcessChecker - v2. r=khuey
authorKershaw Chang <kechang@mozilla.com>
Fri, 24 Oct 2014 02:30:00 +0200
changeset 213165 f31a5e752439f20e94b90255f3a5095d319e89d2
parent 213164 f644da9988dc60571721050f5c9d9028064d0493
child 213166 cd5e08af2e43ee726a4081b878b4e280b7f6e564
push id27742
push userryanvm@gmail.com
push dateThu, 30 Oct 2014 20:15:35 +0000
treeherdermozilla-central@e0b505a37b1c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskhuey
bugs1020172
milestone36.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1020172 - Patch 4: Replace ManagedPBrowserParent in AppProcessChecker - v2. r=khuey
dom/ipc/AppProcessChecker.cpp
dom/ipc/AppProcessChecker.h
--- a/dom/ipc/AppProcessChecker.cpp
+++ b/dom/ipc/AppProcessChecker.cpp
@@ -34,89 +34,125 @@ class PContentParent;
 
 class nsIPrincipal;
 #endif
 
 namespace mozilla {
 
 #ifdef MOZ_CHILD_PERMISSIONS
 
+static bool
+CheckAppTypeHelper(mozIApplication* aApp,
+                   AssertAppProcessType aType,
+                   const char* aCapability,
+                   bool aIsBrowserElement)
+{
+  bool aValid = false;
+
+  // isBrowser frames inherit their app descriptor to identify their
+  // data storage, but they don't inherit the capability associated
+  // with that descriptor.
+  if (aApp && (aType == ASSERT_APP_HAS_PERMISSION || !aIsBrowserElement)) {
+    switch (aType) {
+      case ASSERT_APP_HAS_PERMISSION:
+      case ASSERT_APP_PROCESS_PERMISSION:
+        if (!NS_SUCCEEDED(aApp->HasPermission(aCapability, &aValid))) {
+          aValid = false;
+        }
+        break;
+      case ASSERT_APP_PROCESS_MANIFEST_URL: {
+        nsAutoString manifestURL;
+        if (NS_SUCCEEDED(aApp->GetManifestURL(manifestURL)) &&
+            manifestURL.EqualsASCII(aCapability)) {
+          aValid = true;
+        }
+        break;
+      }
+      default:
+        break;
+    }
+  }
+  return aValid;
+}
+
 bool
 AssertAppProcess(PBrowserParent* aActor,
                  AssertAppProcessType aType,
                  const char* aCapability)
 {
   if (!aActor) {
     NS_WARNING("Testing process capability for null actor");
     return false;
   }
 
   TabParent* tab = static_cast<TabParent*>(aActor);
   nsCOMPtr<mozIApplication> app = tab->GetOwnOrContainingApp();
-  bool aValid = false;
+
+  return CheckAppTypeHelper(app, aType, aCapability, tab->IsBrowserElement());
+}
 
-  // isBrowser frames inherit their app descriptor to identify their
-  // data storage, but they don't inherit the capability associated
-  // with that descriptor.
-  if (app && (aType == ASSERT_APP_HAS_PERMISSION || !tab->IsBrowserElement())) {
-    switch (aType) {
-      case ASSERT_APP_HAS_PERMISSION:
-      case ASSERT_APP_PROCESS_PERMISSION:
-        if (!NS_SUCCEEDED(app->HasPermission(aCapability, &aValid))) {
-          aValid = false;
-        }
-        break;
-      case ASSERT_APP_PROCESS_MANIFEST_URL: {
-        nsAutoString manifestURL;
-        if (NS_SUCCEEDED(app->GetManifestURL(manifestURL)) &&
-            manifestURL.EqualsASCII(aCapability)) {
-          aValid = true;
-        }
-        break;
-      }
-      default:
-        break;
+static bool
+CheckAppStatusHelper(mozIApplication* aApp,
+                     unsigned short aStatus)
+{
+  bool valid = false;
+
+  if (aApp) {
+    unsigned short appStatus = 0;
+    if (NS_SUCCEEDED(aApp->GetAppStatus(&appStatus))) {
+      valid = appStatus == aStatus;
     }
   }
-  return aValid;
+
+  return valid;
 }
 
 bool
 AssertAppStatus(PBrowserParent* aActor,
                 unsigned short aStatus)
 {
   if (!aActor) {
     NS_WARNING("Testing process capability for null actor");
     return false;
   }
 
   TabParent* tab = static_cast<TabParent*>(aActor);
   nsCOMPtr<mozIApplication> app = tab->GetOwnOrContainingApp();
 
-  bool valid = false;
+  return CheckAppStatusHelper(app, aStatus);
+}
+
+bool
+AssertAppProcess(TabContext& aContext,
+                 AssertAppProcessType aType,
+                 const char* aCapability)
+{
 
-  if (app) {
-    unsigned short appStatus = 0;
-    if (NS_SUCCEEDED(app->GetAppStatus(&appStatus))) {
-      valid = appStatus == aStatus;
-    }
-  }
+  nsCOMPtr<mozIApplication> app = aContext.GetOwnOrContainingApp();
+  return CheckAppTypeHelper(app, aType, aCapability, aContext.IsBrowserElement());
+}
 
-  return valid;
+bool
+AssertAppStatus(TabContext& aContext,
+                unsigned short aStatus)
+{
+
+  nsCOMPtr<mozIApplication> app = aContext.GetOwnOrContainingApp();
+  return CheckAppStatusHelper(app, aStatus);
 }
 
 bool
 AssertAppProcess(PContentParent* aActor,
                  AssertAppProcessType aType,
                  const char* aCapability)
 {
-  const InfallibleTArray<PBrowserParent*>& browsers =
-    aActor->ManagedPBrowserParent();
-  for (uint32_t i = 0; i < browsers.Length(); ++i) {
-    if (AssertAppProcess(browsers[i], aType, aCapability)) {
+  nsTArray<TabContext> contextArray =
+    static_cast<ContentParent*>(aActor)->GetManagedTabContext();
+  for (uint32_t i = 0; i < contextArray.Length(); ++i) {
+    if (AssertAppProcess(contextArray[i], aType, aCapability)) {
       return true;
     }
   }
 
   NS_ERROR(
     nsPrintfCString(
       "Security problem: Content process does not have `%s'.  It will be killed.\n",
       aCapability).get());
@@ -125,20 +161,20 @@ AssertAppProcess(PContentParent* aActor,
 
   return false;
 }
 
 bool
 AssertAppStatus(PContentParent* aActor,
                 unsigned short aStatus)
 {
-  const InfallibleTArray<PBrowserParent*>& browsers =
-    aActor->ManagedPBrowserParent();
-  for (uint32_t i = 0; i < browsers.Length(); ++i) {
-    if (AssertAppStatus(browsers[i], aStatus)) {
+  nsTArray<TabContext> contextArray =
+    static_cast<ContentParent*>(aActor)->GetManagedTabContext();
+  for (uint32_t i = 0; i < contextArray.Length(); ++i) {
+    if (AssertAppStatus(contextArray[i], aStatus)) {
       return true;
     }
   }
 
   NS_ERROR(
     nsPrintfCString(
       "Security problem: Content process does not have `%d' status.  It will be killed.",
       aStatus).get());
@@ -165,24 +201,23 @@ AssertAppPrincipal(PContentParent* aActo
     static_cast<ContentParent*>(aActor)->KillHard();
     return false;
   }
 
   uint32_t principalAppId = aPrincipal->GetAppId();
   bool inBrowserElement = aPrincipal->GetIsInBrowserElement();
 
   // Check if the permission's appId matches a child we manage.
-  const InfallibleTArray<PBrowserParent*>& browsers =
-    aActor->ManagedPBrowserParent();
-  for (uint32_t i = 0; i < browsers.Length(); ++i) {
-    TabParent* tab = static_cast<TabParent*>(browsers[i]);
-    if (tab->OwnOrContainingAppId() == principalAppId) {
+  nsTArray<TabContext> contextArray =
+    static_cast<ContentParent*>(aActor)->GetManagedTabContext();
+  for (uint32_t i = 0; i < contextArray.Length(); ++i) {
+    if (contextArray[i].OwnOrContainingAppId() == principalAppId) {
       // If the child only runs inBrowserElement content and the principal claims
       // it's not in a browser element, it's lying.
-      if (!tab->IsBrowserElement() || inBrowserElement) {
+      if (!contextArray[i].IsBrowserElement() || inBrowserElement) {
         return true;
       }
       break;
     }
   }
 
   NS_WARNING("Principal is invalid, killing app process");
   static_cast<ContentParent*>(aActor)->KillHard();
@@ -282,16 +317,31 @@ AssertAppProcess(mozilla::dom::PBrowserP
 
 bool
 AssertAppStatus(mozilla::dom::PBrowserParent* aActor,
                 unsigned short aStatus)
 {
   return true;
 }
 
+bool
+AssertAppProcess(const mozilla::dom::TabContext& aContext,
+                 AssertAppProcessType aType,
+                 const char* aCapability)
+{
+  return true;
+}
+
+bool
+AssertAppStatus(const mozilla::dom::TabContext& aContext,
+                unsigned short aStatus)
+{
+  return true;
+}
+
 
 bool
 AssertAppProcess(mozilla::dom::PContentParent* aActor,
                  AssertAppProcessType aType,
                  const char* aCapability)
 {
   return true;
 }
--- a/dom/ipc/AppProcessChecker.h
+++ b/dom/ipc/AppProcessChecker.h
@@ -10,16 +10,17 @@
 
 #include <stdint.h>
 
 class nsIPrincipal;
 
 namespace mozilla {
 
 namespace dom {
+class TabContext;
 class PBrowserParent;
 class PContentParent;
 }
 
 namespace hal_sandbox {
 class PHalParent;
 }
 
@@ -43,16 +44,34 @@ AssertAppProcess(mozilla::dom::PBrowserP
  * Return true if the specified app has the specified status.
  * If this returns false, the browser will be killed.
  */
 bool
 AssertAppStatus(mozilla::dom::PBrowserParent* aActor,
                 unsigned short aStatus);
 
 /**
+ * Return true if the specified browser has the specified capability.
+ * If this returns false, the browser didn't have the capability and
+ * will be killed.
+ */
+bool
+AssertAppProcess(const mozilla::dom::TabContext& aContext,
+                 AssertAppProcessType aType,
+                 const char* aCapability);
+
+/**
+ * Return true if the specified app has the specified status.
+ * If this returns false, the browser will be killed.
+ */
+bool
+AssertAppStatus(const mozilla::dom::TabContext& aContext,
+                unsigned short aStatus);
+
+/**
  * Return true if any of the PBrowsers loaded in this content process
  * has the specified capability.  If this returns false, the process
  * didn't have the capability and will be killed.
  */
 bool
 AssertAppProcess(mozilla::dom::PContentParent* aActor,
                  AssertAppProcessType aType,
                  const char* aCapability);