| author | Kershaw Chang <kechang@mozilla.com> |
| Fri, 24 Oct 2014 02:30:00 +0200 | |
| changeset 213165 | f31a5e752439f20e94b90255f3a5095d319e89d2 |
| parent 213164 | f644da9988dc60571721050f5c9d9028064d0493 |
| child 213166 | cd5e08af2e43ee726a4081b878b4e280b7f6e564 |
| push id | 27742 |
| push user | ryanvm@gmail.com |
| push date | Thu, 30 Oct 2014 20:15:35 +0000 |
| treeherder | mozilla-central@e0b505a37b1c [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | khuey |
| bugs | 1020172 |
| milestone | 36.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| dom/ipc/AppProcessChecker.cpp | file | annotate | diff | comparison | revisions | |
| dom/ipc/AppProcessChecker.h | file | annotate | diff | comparison | revisions |
--- a/dom/ipc/AppProcessChecker.cpp +++ b/dom/ipc/AppProcessChecker.cpp @@ -34,89 +34,125 @@ class PContentParent; class nsIPrincipal; #endif namespace mozilla { #ifdef MOZ_CHILD_PERMISSIONS +static bool +CheckAppTypeHelper(mozIApplication* aApp, + AssertAppProcessType aType, + const char* aCapability, + bool aIsBrowserElement) +{ + bool aValid = false; + + // isBrowser frames inherit their app descriptor to identify their + // data storage, but they don't inherit the capability associated + // with that descriptor. + if (aApp && (aType == ASSERT_APP_HAS_PERMISSION || !aIsBrowserElement)) { + switch (aType) { + case ASSERT_APP_HAS_PERMISSION: + case ASSERT_APP_PROCESS_PERMISSION: + if (!NS_SUCCEEDED(aApp->HasPermission(aCapability, &aValid))) { + aValid = false; + } + break; + case ASSERT_APP_PROCESS_MANIFEST_URL: { + nsAutoString manifestURL; + if (NS_SUCCEEDED(aApp->GetManifestURL(manifestURL)) && + manifestURL.EqualsASCII(aCapability)) { + aValid = true; + } + break; + } + default: + break; + } + } + return aValid; +} + bool AssertAppProcess(PBrowserParent* aActor, AssertAppProcessType aType, const char* aCapability) { if (!aActor) { NS_WARNING("Testing process capability for null actor"); return false; } TabParent* tab = static_cast<TabParent*>(aActor); nsCOMPtr<mozIApplication> app = tab->GetOwnOrContainingApp(); - bool aValid = false; + + return CheckAppTypeHelper(app, aType, aCapability, tab->IsBrowserElement()); +} - // isBrowser frames inherit their app descriptor to identify their - // data storage, but they don't inherit the capability associated - // with that descriptor. - if (app && (aType == ASSERT_APP_HAS_PERMISSION || !tab->IsBrowserElement())) { - switch (aType) { - case ASSERT_APP_HAS_PERMISSION: - case ASSERT_APP_PROCESS_PERMISSION: - if (!NS_SUCCEEDED(app->HasPermission(aCapability, &aValid))) { - aValid = false; - } - break; - case ASSERT_APP_PROCESS_MANIFEST_URL: { - nsAutoString manifestURL; - if (NS_SUCCEEDED(app->GetManifestURL(manifestURL)) && - manifestURL.EqualsASCII(aCapability)) { - aValid = true; - } - break; - } - default: - break; +static bool +CheckAppStatusHelper(mozIApplication* aApp, + unsigned short aStatus) +{ + bool valid = false; + + if (aApp) { + unsigned short appStatus = 0; + if (NS_SUCCEEDED(aApp->GetAppStatus(&appStatus))) { + valid = appStatus == aStatus; } } - return aValid; + + return valid; } bool AssertAppStatus(PBrowserParent* aActor, unsigned short aStatus) { if (!aActor) { NS_WARNING("Testing process capability for null actor"); return false; } TabParent* tab = static_cast<TabParent*>(aActor); nsCOMPtr<mozIApplication> app = tab->GetOwnOrContainingApp(); - bool valid = false; + return CheckAppStatusHelper(app, aStatus); +} + +bool +AssertAppProcess(TabContext& aContext, + AssertAppProcessType aType, + const char* aCapability) +{ - if (app) { - unsigned short appStatus = 0; - if (NS_SUCCEEDED(app->GetAppStatus(&appStatus))) { - valid = appStatus == aStatus; - } - } + nsCOMPtr<mozIApplication> app = aContext.GetOwnOrContainingApp(); + return CheckAppTypeHelper(app, aType, aCapability, aContext.IsBrowserElement()); +} - return valid; +bool +AssertAppStatus(TabContext& aContext, + unsigned short aStatus) +{ + + nsCOMPtr<mozIApplication> app = aContext.GetOwnOrContainingApp(); + return CheckAppStatusHelper(app, aStatus); } bool AssertAppProcess(PContentParent* aActor, AssertAppProcessType aType, const char* aCapability) { - const InfallibleTArray<PBrowserParent*>& browsers = - aActor->ManagedPBrowserParent(); - for (uint32_t i = 0; i < browsers.Length(); ++i) { - if (AssertAppProcess(browsers[i], aType, aCapability)) { + nsTArray<TabContext> contextArray = + static_cast<ContentParent*>(aActor)->GetManagedTabContext(); + for (uint32_t i = 0; i < contextArray.Length(); ++i) { + if (AssertAppProcess(contextArray[i], aType, aCapability)) { return true; } } NS_ERROR( nsPrintfCString( "Security problem: Content process does not have `%s'. It will be killed.\n", aCapability).get()); @@ -125,20 +161,20 @@ AssertAppProcess(PContentParent* aActor, return false; } bool AssertAppStatus(PContentParent* aActor, unsigned short aStatus) { - const InfallibleTArray<PBrowserParent*>& browsers = - aActor->ManagedPBrowserParent(); - for (uint32_t i = 0; i < browsers.Length(); ++i) { - if (AssertAppStatus(browsers[i], aStatus)) { + nsTArray<TabContext> contextArray = + static_cast<ContentParent*>(aActor)->GetManagedTabContext(); + for (uint32_t i = 0; i < contextArray.Length(); ++i) { + if (AssertAppStatus(contextArray[i], aStatus)) { return true; } } NS_ERROR( nsPrintfCString( "Security problem: Content process does not have `%d' status. It will be killed.", aStatus).get()); @@ -165,24 +201,23 @@ AssertAppPrincipal(PContentParent* aActo static_cast<ContentParent*>(aActor)->KillHard(); return false; } uint32_t principalAppId = aPrincipal->GetAppId(); bool inBrowserElement = aPrincipal->GetIsInBrowserElement(); // Check if the permission's appId matches a child we manage. - const InfallibleTArray<PBrowserParent*>& browsers = - aActor->ManagedPBrowserParent(); - for (uint32_t i = 0; i < browsers.Length(); ++i) { - TabParent* tab = static_cast<TabParent*>(browsers[i]); - if (tab->OwnOrContainingAppId() == principalAppId) { + nsTArray<TabContext> contextArray = + static_cast<ContentParent*>(aActor)->GetManagedTabContext(); + for (uint32_t i = 0; i < contextArray.Length(); ++i) { + if (contextArray[i].OwnOrContainingAppId() == principalAppId) { // If the child only runs inBrowserElement content and the principal claims // it's not in a browser element, it's lying. - if (!tab->IsBrowserElement() || inBrowserElement) { + if (!contextArray[i].IsBrowserElement() || inBrowserElement) { return true; } break; } } NS_WARNING("Principal is invalid, killing app process"); static_cast<ContentParent*>(aActor)->KillHard(); @@ -282,16 +317,31 @@ AssertAppProcess(mozilla::dom::PBrowserP bool AssertAppStatus(mozilla::dom::PBrowserParent* aActor, unsigned short aStatus) { return true; } +bool +AssertAppProcess(const mozilla::dom::TabContext& aContext, + AssertAppProcessType aType, + const char* aCapability) +{ + return true; +} + +bool +AssertAppStatus(const mozilla::dom::TabContext& aContext, + unsigned short aStatus) +{ + return true; +} + bool AssertAppProcess(mozilla::dom::PContentParent* aActor, AssertAppProcessType aType, const char* aCapability) { return true; }
--- a/dom/ipc/AppProcessChecker.h +++ b/dom/ipc/AppProcessChecker.h @@ -10,16 +10,17 @@ #include <stdint.h> class nsIPrincipal; namespace mozilla { namespace dom { +class TabContext; class PBrowserParent; class PContentParent; } namespace hal_sandbox { class PHalParent; } @@ -43,16 +44,34 @@ AssertAppProcess(mozilla::dom::PBrowserP * Return true if the specified app has the specified status. * If this returns false, the browser will be killed. */ bool AssertAppStatus(mozilla::dom::PBrowserParent* aActor, unsigned short aStatus); /** + * Return true if the specified browser has the specified capability. + * If this returns false, the browser didn't have the capability and + * will be killed. + */ +bool +AssertAppProcess(const mozilla::dom::TabContext& aContext, + AssertAppProcessType aType, + const char* aCapability); + +/** + * Return true if the specified app has the specified status. + * If this returns false, the browser will be killed. + */ +bool +AssertAppStatus(const mozilla::dom::TabContext& aContext, + unsigned short aStatus); + +/** * Return true if any of the PBrowsers loaded in this content process * has the specified capability. If this returns false, the process * didn't have the capability and will be killed. */ bool AssertAppProcess(mozilla::dom::PContentParent* aActor, AssertAppProcessType aType, const char* aCapability);