Bug 1022229 - Borrow App ID and mozBrowser-ness when creating sandbox null principals. r=bz
☠☠ backed out by d735d53ecce2 ☠ ☠
authorBobby Holley <bobbyholley@gmail.com>
Mon, 28 Jul 2014 10:37:54 -0700
changeset 210760 37fbaf69c6e0767fe9b892dac03f9c5f8477b327
parent 210759 d6111b0603f590ab5c1d023850a47d8c1c1f365d
child 210761 34f9a0e7dbde9e94b8bd6d971c76debc64841055
push id6741
push userraliiev@mozilla.com
push dateTue, 02 Sep 2014 16:57:58 +0000
treeherdermozilla-aurora@aed50d3edf33 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1022229
milestone34.0a1
Bug 1022229 - Borrow App ID and mozBrowser-ness when creating sandbox null principals. r=bz
caps/nsNullPrincipal.cpp
caps/nsNullPrincipal.h
caps/nsScriptSecurityManager.cpp
docshell/base/nsDocShell.cpp
--- a/caps/nsNullPrincipal.cpp
+++ b/caps/nsNullPrincipal.cpp
@@ -61,16 +61,25 @@ nsNullPrincipal::Release()
 nsNullPrincipal::nsNullPrincipal()
 {
 }
 
 nsNullPrincipal::~nsNullPrincipal()
 {
 }
 
+/* static */ already_AddRefed<nsNullPrincipal>
+nsNullPrincipal::CreateWithInheritedAttributes(nsIPrincipal* aInheritFrom)
+{
+  nsRefPtr<nsNullPrincipal> nullPrin = new nsNullPrincipal();
+  nsresult rv = nullPrin->Init(aInheritFrom->GetAppId(),
+                               aInheritFrom->GetIsInBrowserElement());
+  return NS_SUCCEEDED(rv) ? nullPrin.forget() : nullptr;
+}
+
 #define NS_NULLPRINCIPAL_PREFIX NS_NULLPRINCIPAL_SCHEME ":"
 
 nsresult
 nsNullPrincipal::Init(uint32_t aAppId, bool aInMozBrowser)
 {
   MOZ_ASSERT(aAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID);
   mAppId = aAppId;
   mInMozBrowser = aInMozBrowser;
--- a/caps/nsNullPrincipal.h
+++ b/caps/nsNullPrincipal.h
@@ -37,16 +37,18 @@ public:
 
   // FIXME: bug 327245 -- I sorta wish there were a clean way to share the
   // nsJSPrincipals munging code between the various principal classes without
   // giving up the NS_DECL_NSIPRINCIPAL goodness.
   NS_DECL_ISUPPORTS_INHERITED
   NS_DECL_NSIPRINCIPAL
   NS_DECL_NSISERIALIZABLE
 
+  static already_AddRefed<nsNullPrincipal> CreateWithInheritedAttributes(nsIPrincipal *aInheritFrom);
+
   nsresult Init(uint32_t aAppId = nsIScriptSecurityManager::NO_APP_ID,
                 bool aInMozBrowser = false);
 
   virtual void GetScriptLocation(nsACString &aStr) MOZ_OVERRIDE;
 
 #ifdef DEBUG
   virtual void dumpImpl() MOZ_OVERRIDE;
 #endif 
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -317,17 +317,21 @@ nsScriptSecurityManager::GetChannelPrinc
         }
     }
 
     // Check whether we have an nsILoadInfo that says what we should do.
     nsCOMPtr<nsILoadInfo> loadInfo;
     aChannel->GetLoadInfo(getter_AddRefs(loadInfo));
     if (loadInfo) {
         if (loadInfo->GetLoadingSandboxed()) {
-            return CallCreateInstance(NS_NULLPRINCIPAL_CONTRACTID, aPrincipal);
+            nsRefPtr<nsNullPrincipal> prin =
+              nsNullPrincipal::CreateWithInheritedAttributes(loadInfo->LoadingPrincipal());
+            NS_ENSURE_TRUE(prin, NS_ERROR_FAILURE);
+            prin.forget(aPrincipal);
+            return NS_OK;
         }
 
         if (loadInfo->GetForceInheritPrincipal()) {
             NS_ADDREF(*aPrincipal = loadInfo->LoadingPrincipal());
             return NS_OK;
         }
     }
 
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -7410,17 +7410,18 @@ nsDocShell::CreateAboutBlankContentViewe
   mFiredUnloadEvent = false;
 
   nsCOMPtr<nsIDocumentLoaderFactory> docFactory =
       nsContentUtils::FindInternalContentViewer("text/html");
 
   if (docFactory) {
     nsCOMPtr<nsIPrincipal> principal;
     if (mSandboxFlags & SANDBOXED_ORIGIN) {
-      principal = do_CreateInstance("@mozilla.org/nullprincipal;1");
+      principal = nsNullPrincipal::CreateWithInheritedAttributes(aPrincipal);
+      NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
     } else {
       principal = aPrincipal;
     }
     // generate (about:blank) document to load
     docFactory->CreateBlankDocument(mLoadGroup, principal,
                                     getter_AddRefs(blankDoc));
     if (blankDoc) {
       // Hack: set the base URI manually, since this document never
@@ -11141,20 +11142,18 @@ nsDocShell::AddToSessionHistory(nsIURI *
         }
         aChannel->GetOwner(getter_AddRefs(owner));
         if (!owner) {
             nsCOMPtr<nsILoadInfo> loadInfo;
             aChannel->GetLoadInfo(getter_AddRefs(loadInfo));
             if (loadInfo) {
                 // For now keep storing just the principal in the SHEntry.
                 if (loadInfo->GetLoadingSandboxed()) {
-                    owner = do_CreateInstance(NS_NULLPRINCIPAL_CONTRACTID, &rv);
-                    if (NS_WARN_IF(NS_FAILED(rv))) {
-                        return rv;
-                    }
+                    owner = nsNullPrincipal::CreateWithInheritedAttributes(loadInfo->LoadingPrincipal());
+                    NS_ENSURE_TRUE(owner, NS_ERROR_FAILURE);
                 } else if (loadInfo->GetForceInheritPrincipal()) {
                     owner = loadInfo->LoadingPrincipal();
                 }
             }
         }
     }
 
     //Title is set in nsDocShell::SetTitle()