Bug 923625 - DataStore sends the principal as argument in sendAsyncMessage, r=ehsan
☠☠ backed out by db2f368bf999 ☠ ☠
authorAndrea Marchesini <amarchesini@mozilla.com>
Fri, 08 Nov 2013 23:05:39 +0000
changeset 154250 6da206d64b498094eabf05cb71140023ff843a52
parent 154249 2590f19a00463f138c9a59458ad913c3d6593bce
child 154251 593f1ea908dcaca6fabc4bae6c14b7934a100eb2
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewersehsan
bugs923625
milestone28.0a1
Bug 923625 - DataStore sends the principal as argument in sendAsyncMessage, r=ehsan
dom/datastore/DataStoreService.js
dom/datastore/DataStoreServiceInternal.jsm
--- a/dom/datastore/DataStoreService.js
+++ b/dom/datastore/DataStoreService.js
@@ -231,18 +231,21 @@ DataStoreService.prototype = {
       // window, so we can skip the ipc communication.
       if (self.inParent) {
         let stores = self.getDataStoresInfo(aName, aWindow.document.nodePrincipal.appId);
         self.getDataStoreCreate(aWindow, resolve, stores);
       } else {
         // This method can be called in the child so we need to send a request
         // to the parent and create DataStore object here.
         new DataStoreServiceChild(aWindow, aName, function(aStores) {
-          debug("DataStoreServiceChild callback!");
+          debug("DataStoreServiceChild success callback!");
           self.getDataStoreCreate(aWindow, resolve, aStores);
+        }, function() {
+          debug("DataStoreServiceChild error callback!");
+          reject(new aWindow.DOMError("SecurityError", "Access denied"));
         });
       }
     });
   },
 
   getDataStoresInfo: function(aName, aAppId) {
     debug('GetDataStoresInfo');
 
@@ -420,38 +423,45 @@ DataStoreService.prototype = {
     contractID: '@mozilla.org/datastore-service;1',
     interfaces: [Ci.nsIDataStoreService, Ci.nsIObserver],
     flags: Ci.nsIClassInfo.SINGLETON
   })
 };
 
 /* DataStoreServiceChild */
 
-function DataStoreServiceChild(aWindow, aName, aCallback) {
+function DataStoreServiceChild(aWindow, aName, aSuccessCb, aErrorCb) {
   debug("DataStoreServiceChild created");
-  this.init(aWindow, aName, aCallback);
+  this.init(aWindow, aName, aSuccessCb, aErrorCb);
 }
 
 DataStoreServiceChild.prototype = {
   __proto__: DOMRequestIpcHelper.prototype,
 
-  init: function(aWindow, aName, aCallback) {
+  init: function(aWindow, aName, aSuccessCb, aErrorCb) {
     debug("DataStoreServiceChild init");
-    this._callback = aCallback;
+    this._successCb = aSuccessCb;
+    this._errorCb = aErrorCb;
 
-    this.initDOMRequestHelper(aWindow, [ "DataStore:Get:Return" ]);
+    this.initDOMRequestHelper(aWindow, [ "DataStore:Get:Return:OK",
+                                         "DataStore:Get:Return:KO" ]);
 
     // This is a security issue and it will be fixed by Bug 916091
     cpmm.sendAsyncMessage("DataStore:Get",
-                          { name: aName, appId: aWindow.document.nodePrincipal.appId });
+                          { name: aName }, null, aWindow.document.nodePrincipal );
   },
 
   receiveMessage: function(aMessage) {
     debug("DataStoreServiceChild receiveMessage");
-    if (aMessage.name != 'DataStore:Get:Return') {
-      return;
+
+    switch (aMessage.name) {
+      case 'DataStore:Get:Return:OK':
+        this._successCb(aMessage.data.stores);
+        break;
+
+      case 'DataStore:Get:Return:KO':
+        this._errorCb();
+        break;
     }
-
-    this._callback(aMessage.data.stores);
   }
 }
 
 this.NSGetFactory = XPCOMUtils.generateNSGetFactory([DataStoreService]);
--- a/dom/datastore/DataStoreServiceInternal.jsm
+++ b/dom/datastore/DataStoreServiceInternal.jsm
@@ -37,15 +37,20 @@ this.DataStoreServiceInternal = {
     debug("receiveMessage");
 
     if (aMessage.name != 'DataStore:Get') {
       return;
     }
 
     let msg = aMessage.data;
 
-    // This is a security issue and it will be fixed by Bug 916091
-    msg.stores = dataStoreService.getDataStoresInfo(msg.name, msg.appId);
-    aMessage.target.sendAsyncMessage("DataStore:Get:Return", msg);
+    if (!aMessage.principal ||
+        aMessage.principal.appId == Ci.nsIScriptSecurityManager.UNKNOWN_APP_ID) {
+      aMessage.target.sendAsyncMessage("DataStore:Get:Return:KO");
+      return;
+    }
+
+    msg.stores = dataStoreService.getDataStoresInfo(msg.name, aMessage.principal.appId);
+    aMessage.target.sendAsyncMessage("DataStore:Get:Return:OK", msg);
   }
 }
 
 DataStoreServiceInternal.init();