Bug 821671 - Check alarm API parameters in the parent (part 1, provide .AssertAppProcess() with different types). r=sicking
authorGene Lian <clian@mozilla.com>
Sat, 22 Dec 2012 19:53:38 +0800
changeset 117949 275a687a36ce00d8a0eced4db78b629a4c539b2f
parent 117948 d51c189670fcae36284024f314e16b6c9fa8f623
child 117950 eb675de841e9642a09b970624f0908e49c6ea853
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewerssicking
bugs821671
milestone20.0a1
Bug 821671 - Check alarm API parameters in the parent (part 1, provide .AssertAppProcess() with different types). r=sicking
content/base/src/nsFrameLoader.cpp
content/base/src/nsFrameMessageManager.cpp
dom/devicestorage/DeviceStorageRequestParent.cpp
dom/indexedDB/ipc/IndexedDBParent.cpp
dom/ipc/AppProcessChecker.cpp
dom/ipc/AppProcessChecker.h
dom/ipc/AppProcessPermissions.cpp
dom/ipc/AppProcessPermissions.h
dom/ipc/ContentParent.cpp
dom/ipc/Makefile.in
dom/network/src/TCPSocketParent.cpp
hal/sandbox/SandboxHal.cpp
--- a/content/base/src/nsFrameLoader.cpp
+++ b/content/base/src/nsFrameLoader.cpp
@@ -72,17 +72,17 @@
 
 #include "nsThreadUtils.h"
 
 #include "nsIDOMChromeWindow.h"
 #include "nsInProcessTabChildGlobal.h"
 
 #include "Layers.h"
 
-#include "AppProcessPermissions.h"
+#include "AppProcessChecker.h"
 #include "ContentParent.h"
 #include "TabParent.h"
 #include "mozilla/GuardObjects.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/unused.h"
 #include "mozilla/dom/Element.h"
 #include "mozilla/layout/RenderFrameParent.h"
 #include "nsIAppsService.h"
--- a/content/base/src/nsFrameMessageManager.cpp
+++ b/content/base/src/nsFrameMessageManager.cpp
@@ -2,17 +2,17 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "base/basictypes.h"
 
 #include "nsFrameMessageManager.h"
 
-#include "AppProcessPermissions.h"
+#include "AppProcessChecker.h"
 #include "ContentChild.h"
 #include "ContentParent.h"
 #include "nsContentUtils.h"
 #include "nsError.h"
 #include "nsIXPConnect.h"
 #include "jsapi.h"
 #include "nsJSUtils.h"
 #include "nsJSPrincipals.h"
--- a/dom/devicestorage/DeviceStorageRequestParent.cpp
+++ b/dom/devicestorage/DeviceStorageRequestParent.cpp
@@ -6,17 +6,17 @@
 #include "DeviceStorageRequestParent.h"
 #include "nsDOMFile.h"
 #include "nsIMIMEService.h"
 #include "nsCExternalHandlerService.h"
 #include "mozilla/unused.h"
 #include "mozilla/dom/ipc/Blob.h"
 #include "ContentParent.h"
 #include "nsProxyRelease.h"
-#include "AppProcessPermissions.h"
+#include "AppProcessChecker.h"
 #include "mozilla/Preferences.h"
 
 namespace mozilla {
 namespace dom {
 namespace devicestorage {
 
 DeviceStorageRequestParent::DeviceStorageRequestParent(const DeviceStorageParams& aParams)
   : mParams(aParams)
--- a/dom/indexedDB/ipc/IndexedDBParent.cpp
+++ b/dom/indexedDB/ipc/IndexedDBParent.cpp
@@ -7,17 +7,17 @@
 #include "IndexedDBParent.h"
 
 #include "nsIDOMFile.h"
 #include "nsIDOMEvent.h"
 #include "nsIIDBVersionChangeEvent.h"
 #include "nsIJSContextStack.h"
 #include "nsIXPConnect.h"
 
-#include "mozilla/AppProcessPermissions.h"
+#include "mozilla/AppProcessChecker.h"
 #include "mozilla/Assertions.h"
 #include "mozilla/unused.h"
 #include "mozilla/Util.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/dom/TabParent.h"
 #include "mozilla/dom/ipc/Blob.h"
 #include "nsContentUtils.h"
 
new file mode 100644
--- /dev/null
+++ b/dom/ipc/AppProcessChecker.cpp
@@ -0,0 +1,89 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: sw=2 ts=8 et :
+ */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "AppProcessChecker.h"
+#include "ContentParent.h"
+#include "mozIApplication.h"
+#include "mozilla/hal_sandbox/PHalParent.h"
+#include "nsIDOMApplicationRegistry.h"
+#include "TabParent.h"
+
+using namespace mozilla::dom;
+using namespace mozilla::hal_sandbox;
+using namespace mozilla::services;
+
+namespace mozilla {
+
+bool
+AssertAppProcess(PBrowserParent* aActor,
+                 AssertAppProcessType aType,
+                 const char* aCapability)
+{
+  if (!aActor) {
+    NS_WARNING("Testing process capability for null actor");
+    return false;
+  }
+
+  TabParent* tab = static_cast<TabParent*>(aActor);
+  nsCOMPtr<mozIApplication> app = tab->GetOwnOrContainingApp();
+  bool aValid = false;
+
+  // isBrowser frames inherit their app descriptor to identify their
+  // data storage, but they don't inherit the capability associated
+  // with that descriptor.
+  if (app && !tab->IsBrowserElement()) {
+    switch (aType) {
+      case ASSERT_APP_PROCESS_PERMISSION:
+        if (!NS_SUCCEEDED(app->HasPermission(aCapability, &aValid))) {
+          aValid = false;
+        }
+        break;
+      case ASSERT_APP_PROCESS_MANIFEST_URL: {
+        nsAutoString manifestURL;
+        if (NS_SUCCEEDED(app->GetManifestURL(manifestURL)) &&
+            manifestURL.EqualsASCII(aCapability)) {
+          aValid = true;
+        }
+        break;
+      }
+      default:
+        break;
+    }
+  }
+
+  if (!aValid) {
+    printf_stderr("Security problem: Content process does not have `%s'.  It will be killed.\n", aCapability);
+    ContentParent* process = static_cast<ContentParent*>(aActor->Manager());
+    process->KillHard();
+  }
+  return aValid;
+}
+
+bool
+AssertAppProcess(PContentParent* aActor,
+                 AssertAppProcessType aType,
+                 const char* aCapability)
+{
+  const InfallibleTArray<PBrowserParent*>& browsers =
+    aActor->ManagedPBrowserParent();
+  for (uint32_t i = 0; i < browsers.Length(); ++i) {
+    if (AssertAppProcess(browsers[i], aType, aCapability)) {
+      return true;
+    }
+  }
+  return false;
+}
+
+bool
+AssertAppProcess(PHalParent* aActor,
+                 AssertAppProcessType aType,
+                 const char* aCapability)
+{
+  return AssertAppProcess(aActor->Manager(), aType, aCapability);
+}
+
+} // namespace mozilla
new file mode 100644
--- /dev/null
+++ b/dom/ipc/AppProcessChecker.h
@@ -0,0 +1,86 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: sw=2 ts=8 et :
+ */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_AppProcessChecker_h
+#define mozilla_AppProcessChecker_h
+
+namespace mozilla {
+
+namespace dom {
+class PBrowserParent;
+class PContentParent;
+}
+
+namespace hal_sandbox {
+class PHalParent;
+}
+
+enum AssertAppProcessType {
+  ASSERT_APP_PROCESS_PERMISSION,
+  ASSERT_APP_PROCESS_MANIFEST_URL
+};
+
+/**
+ * Return true iff the specified browser has the specified capability.
+ * If this returns false, the browser didn't have the capability and
+ * will be killed.
+ */
+bool
+AssertAppProcess(mozilla::dom::PBrowserParent* aActor,
+                 AssertAppProcessType aType,
+                 const char* aCapability);
+
+/**
+ * Return true iff any of the PBrowsers loaded in this content process
+ * has the specified capability.  If this returns false, the process
+ * didn't have the capability and will be killed.
+ */
+bool
+AssertAppProcess(mozilla::dom::PContentParent* aActor,
+                 AssertAppProcessType aType,
+                 const char* aCapability);
+
+bool
+AssertAppProcess(mozilla::hal_sandbox::PHalParent* aActor,
+                 AssertAppProcessType aType,
+                 const char* aCapability);
+
+// NB: when adding capability checks for other IPDL actors, please add
+// them to this file and have them delegate to the two functions above
+// as appropriate.  For example,
+//
+//   bool AppProcessHasCapability(PNeckoParent* aActor, AssertAppProcessType aType) {
+//     return AssertAppProcess(aActor->Manager(), aType);
+//   }
+
+/**
+ * Inline function for asserting the process's permission.
+ */
+template<typename T>
+inline bool
+AssertAppProcessPermission(T* aActor,
+                           const char* aPermission) {
+  return AssertAppProcess(aActor,
+                          ASSERT_APP_PROCESS_PERMISSION,
+                          aPermission);
+}
+
+/**
+ * Inline function for asserting the process's manifest URL.
+ */
+template<typename T>
+inline bool
+AssertAppProcessManifestURL(T* aActor,
+                            const char* aManifestURL) {
+  return AssertAppProcess(aActor,
+                          ASSERT_APP_PROCESS_MANIFEST_URL,
+                          aManifestURL);
+}
+
+} // namespace mozilla
+
+#endif // mozilla_AppProcessChecker_h
deleted file mode 100644
--- a/dom/ipc/AppProcessPermissions.cpp
+++ /dev/null
@@ -1,69 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- * vim: sw=2 ts=8 et :
- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "AppProcessPermissions.h"
-#include "ContentParent.h"
-#include "mozIApplication.h"
-#include "mozilla/hal_sandbox/PHalParent.h"
-#include "nsIDOMApplicationRegistry.h"
-#include "TabParent.h"
-
-using namespace mozilla::dom;
-using namespace mozilla::hal_sandbox;
-using namespace mozilla::services;
-
-namespace mozilla {
-
-bool
-AssertAppProcessPermission(PBrowserParent* aActor, const char* aPermission)
-{
-  if (!aActor) {
-    NS_WARNING("Testing permissions for null actor");
-    return false;
-  }
-
-  TabParent* tab = static_cast<TabParent*>(aActor);
-  nsCOMPtr<mozIApplication> app = tab->GetOwnOrContainingApp();
-  bool hasPermission = false;
-
-  // isBrowser frames inherit their app descriptor to identify their
-  // data storage, but they don't inherit the permissions associated
-  // with that descriptor.
-  if (app && !tab->IsBrowserElement()) {
-    if (!NS_SUCCEEDED(app->HasPermission(aPermission, &hasPermission))) {
-      hasPermission = false;
-    }
-  }
-
-  if (!hasPermission) {
-    printf_stderr("Security problem: Content process does not have `%s' permission.  It will be killed.\n", aPermission);
-    ContentParent* process = static_cast<ContentParent*>(aActor->Manager());
-    process->KillHard();
-  }
-  return hasPermission;
-}
-
-bool
-AssertAppProcessPermission(PContentParent* aActor, const char* aPermission)
-{
-  const InfallibleTArray<PBrowserParent*>& browsers =
-    aActor->ManagedPBrowserParent();
-  for (uint32_t i = 0; i < browsers.Length(); ++i) {
-    if (AssertAppProcessPermission(browsers[i], aPermission)) {
-      return true;
-    }
-  }
-  return false;
-}
-
-bool
-AssertAppProcessPermission(PHalParent* aActor, const char* aPermission)
-{
-  return AssertAppProcessPermission(aActor->Manager(), aPermission);
-}
-
-} // namespace mozilla
deleted file mode 100644
--- a/dom/ipc/AppProcessPermissions.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- * vim: sw=2 ts=8 et :
- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef mozilla_AppProcessPermissions_h
-#define mozilla_AppProcessPermissions_h
-
-namespace mozilla {
-
-namespace dom {
-class PBrowserParent;
-class PContentParent;
-}
-
-namespace hal_sandbox {
-class PHalParent;
-}
-
-/**
- * Return true iff the specified browser has the specified capability.
- * If this returns false, the browser didn't have the permission and
- * will be killed.
- */
-bool
-AssertAppProcessPermission(mozilla::dom::PBrowserParent* aActor,
-                           const char* aPermission);
-
-/**
- * Return true iff any of the PBrowsers loaded in this content process
- * has the specified capability.  If this returns false, the process
- * didn't have the permission and will be killed.
- */
-bool
-AssertAppProcessPermission(mozilla::dom::PContentParent* aActor,
-                           const char* aPermission);
-
-bool
-AssertAppProcessPermission(mozilla::hal_sandbox::PHalParent* aActor,
-                           const char* aPermission);
-
-// NB: when adding capability checks for other IPDL actors, please add
-// them to this file and have them delegate to the two functions above
-// as appropriate.  For example,
-//
-//   bool AppProcessHasCapability(PNeckoParent* aActor) {
-//     return AssertAppProcessPermission(aActor->Manager());
-//   }
-
-} // namespace mozilla
-
-#endif // mozilla_AppProcessPermissions_h
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -12,17 +12,17 @@
 
 #if defined(ANDROID) || defined(LINUX)
 # include <sys/time.h>
 # include <sys/resource.h>
 #endif
 
 #include "chrome/common/process_watcher.h"
 
-#include "AppProcessPermissions.h"
+#include "AppProcessChecker.h"
 #include "AudioChannelService.h"
 #include "CrashReporterParent.h"
 #include "IHistory.h"
 #include "IDBFactory.h"
 #include "IndexedDBParent.h"
 #include "IndexedDatabaseManager.h"
 #include "mozIApplication.h"
 #include "mozilla/ClearOnShutdown.h"
--- a/dom/ipc/Makefile.in
+++ b/dom/ipc/Makefile.in
@@ -26,17 +26,17 @@ EXPORTS = PCOMContentPermissionRequestCh
 
 EXPORTS_NAMESPACES = \
   mozilla \
   mozilla/dom \
   mozilla/dom/ipc \
   $(NULL)
 
 EXPORTS_mozilla = \
-  AppProcessPermissions.h \
+  AppProcessChecker.h \
   $(NULL)
 
 EXPORTS_mozilla/dom = \
   ContentChild.h \
   ContentParent.h \
   ContentProcess.h \
   CrashReporterChild.h \
   CrashReporterParent.h \
@@ -50,17 +50,17 @@ EXPORTS_mozilla/dom = \
 
 EXPORTS_mozilla/dom/ipc = \
   Blob.h \
   ProcessPriorityManager.h \
   nsIRemoteBlob.h \
   $(NULL)
 
 CPPSRCS = \
-  AppProcessPermissions.cpp \
+  AppProcessChecker.cpp \
   Blob.cpp \
   ContentProcess.cpp \
   ContentParent.cpp \
   ContentChild.cpp \
   CrashReporterParent.cpp \
   CrashReporterChild.cpp \
   PermissionMessageUtils.cpp \
   ProcessPriorityManager.cpp \
--- a/dom/network/src/TCPSocketParent.cpp
+++ b/dom/network/src/TCPSocketParent.cpp
@@ -3,17 +3,17 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "TCPSocketParent.h"
 #include "jsapi.h"
 #include "jsfriendapi.h"
 #include "nsJSUtils.h"
 #include "nsIDOMTCPSocket.h"
 #include "mozilla/unused.h"
-#include "mozilla/AppProcessPermissions.h"
+#include "mozilla/AppProcessChecker.h"
 
 namespace IPC {
 
 //Defined in TCPSocketChild.cpp
 extern bool
 DeserializeUint8Array(JSRawObject aObj,
                       const InfallibleTArray<uint8_t>& aBuffer,
                       jsval* aVal);
--- a/hal/sandbox/SandboxHal.cpp
+++ b/hal/sandbox/SandboxHal.cpp
@@ -1,16 +1,16 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set sw=2 ts=8 et ft=cpp : */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "Hal.h"
-#include "mozilla/AppProcessPermissions.h"
+#include "mozilla/AppProcessChecker.h"
 #include "mozilla/dom/ContentChild.h"
 #include "mozilla/hal_sandbox/PHalChild.h"
 #include "mozilla/hal_sandbox/PHalParent.h"
 #include "mozilla/dom/TabParent.h"
 #include "mozilla/dom/TabChild.h"
 #include "mozilla/dom/battery/Types.h"
 #include "mozilla/dom/network/Types.h"
 #include "mozilla/dom/ScreenOrientation.h"