Bug 833935 - Centralize UsingNeckoIPDLSecurity function. r=jdm a=blocking-b2g
authorJason Duell <jduell.mcbugs@gmail.com>
Thu, 24 Jan 2013 19:22:00 +0000
changeset 118336 b69e1466e761
parent 118335 1be54f370d04
child 118337 94a2d6fcdfde
push id360
push userjosh@joshmatthews.net
push dateFri, 25 Jan 2013 10:38:33 +0000
reviewersjdm, blocking-b2g
bugs833935
milestone18.0
Bug 833935 - Centralize UsingNeckoIPDLSecurity function. r=jdm a=blocking-b2g
netwerk/ipc/NeckoChild.cpp
netwerk/ipc/NeckoCommon.h
netwerk/ipc/NeckoParent.cpp
--- a/netwerk/ipc/NeckoChild.cpp
+++ b/netwerk/ipc/NeckoChild.cpp
@@ -10,32 +10,27 @@
 #include "mozilla/dom/ContentChild.h"
 #include "mozilla/net/HttpChannelChild.h"
 #include "mozilla/net/CookieServiceChild.h"
 #include "mozilla/net/WyciwygChannelChild.h"
 #include "mozilla/net/FTPChannelChild.h"
 #include "mozilla/net/WebSocketChannelChild.h"
 #include "mozilla/net/RemoteOpenFileChild.h"
 #include "mozilla/dom/network/TCPSocketChild.h"
-#include "mozilla/Preferences.h"
 
 using mozilla::dom::TCPSocketChild;
 
 namespace mozilla {
 namespace net {
 
-static bool gDisableIPCSecurity = false;
-static const char kPrefDisableIPCSecurity[] = "network.disable.ipc.security";
-
 PNeckoChild *gNeckoChild = nullptr;
 
 // C++ file contents
 NeckoChild::NeckoChild()
 {
-  Preferences::AddBoolVarCache(&gDisableIPCSecurity, kPrefDisableIPCSecurity);
 }
 
 NeckoChild::~NeckoChild()
 {
 }
 
 void NeckoChild::InitNeckoChild()
 {
--- a/netwerk/ipc/NeckoCommon.h
+++ b/netwerk/ipc/NeckoCommon.h
@@ -6,16 +6,17 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef mozilla_net_NeckoCommon_h
 #define mozilla_net_NeckoCommon_h
 
 #include "nsXULAppAPI.h"
 #include "prenv.h"
 #include "nsPrintfCString.h"
+#include "mozilla/Preferences.h"
 
 #if defined(DEBUG) || defined(ENABLE_TESTS)
 # define NECKO_ERRORS_ARE_FATAL_DEFAULT true
 #else
 # define NECKO_ERRORS_ARE_FATAL_DEFAULT false
 #endif 
 
 // TODO: Eventually remove NECKO_MAYBE_ABORT and DROP_DEAD (bug 575494).
@@ -72,14 +73,30 @@ IsNeckoChild()
     const char * e = PR_GetEnv("NECKO_SEPARATE_STACKS");
     if (!e) 
       amChild = (XRE_GetProcessType() == GeckoProcessType_Content);
     didCheck = true;
   }
   return amChild;
 }
 
+// This should always return true unless xpcshell tests are being used
+inline bool
+UsingNeckoIPCSecurity()
+{
+  static bool securityDisabled = true;
+  static bool registeredBool = false;
+
+  if (!registeredBool) {
+    Preferences::AddBoolVarCache(&securityDisabled,
+                                 "network.disable.ipc.security");
+    registeredBool = true;
+  }
+  return !securityDisabled;
+}
+
+
 
 } // namespace net
 } // namespace mozilla
 
 #endif // mozilla_net_NeckoCommon_h
 
--- a/netwerk/ipc/NeckoParent.cpp
+++ b/netwerk/ipc/NeckoParent.cpp
@@ -11,40 +11,34 @@
 #include "mozilla/net/CookieServiceParent.h"
 #include "mozilla/net/WyciwygChannelParent.h"
 #include "mozilla/net/FTPChannelParent.h"
 #include "mozilla/net/WebSocketChannelParent.h"
 #include "mozilla/net/RemoteOpenFileParent.h"
 #include "mozilla/dom/TabParent.h"
 #include "mozilla/dom/network/TCPSocketParent.h"
 #include "mozilla/ipc/URIUtils.h"
-#include "mozilla/Preferences.h"
 #include "mozilla/LoadContext.h"
 #include "nsPrintfCString.h"
 #include "nsHTMLDNSPrefetch.h"
 #include "nsIAppsService.h"
 #include "nsEscape.h"
 
 using mozilla::dom::TabParent;
 using mozilla::net::PTCPSocketParent;
 using mozilla::dom::TCPSocketParent;
 using IPC::SerializedLoadContext;
 
 namespace mozilla {
 namespace net {
 
-static bool gDisableIPCSecurity = false;
-static const char kPrefDisableIPCSecurity[] = "network.disable.ipc.security";
-
 // C++ file contents
 NeckoParent::NeckoParent()
 {
-  Preferences::AddBoolVarCache(&gDisableIPCSecurity, kPrefDisableIPCSecurity);
-
-  if (!gDisableIPCSecurity) {
+  if (UsingNeckoIPCSecurity()) {
     // cache values for core/packaged apps basepaths
     nsAutoString corePath, webPath;
     nsCOMPtr<nsIAppsService> appsService = do_GetService(APPS_SERVICE_CONTRACTID);
     if (appsService) {
       appsService->GetCoreAppsBasePath(corePath);
       appsService->GetWebAppsBasePath(webPath);
     }
     // corePath may be empty: we don't use it for all build types
@@ -71,17 +65,17 @@ PBOverrideStatusFromLoadContext(const Se
 }
 
 const char*
 NeckoParent::GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
                                  PBrowserParent* aBrowser,
                                  uint32_t* aAppId,
                                  bool* aInBrowserElement)
 {
-  if (!gDisableIPCSecurity) {
+  if (UsingNeckoIPCSecurity()) {
     if (!aBrowser) {
       return "missing required PBrowser argument";
     }
     if (!aSerialized.IsNotNull()) {
       return "SerializedLoadContext from child is null";
     }
   }
 
@@ -97,29 +91,29 @@ NeckoParent::GetValidatedAppInfo(const S
     if (*aAppId == NECKO_UNKNOWN_APP_ID) {
       return "TabParent reports appId=NECKO_UNKNOWN_APP_ID!";
     }
     // We may get appID=NO_APP if child frame is neither a browser nor an app
     if (*aAppId == NECKO_NO_APP_ID) {
       if (tabParent->HasOwnApp()) {
         return "TabParent reports NECKO_NO_APP_ID but also is an app";
       }
-      if (!gDisableIPCSecurity && tabParent->IsBrowserElement()) {
+      if (UsingNeckoIPCSecurity() && tabParent->IsBrowserElement()) {
         // <iframe mozbrowser> which doesn't have an <iframe mozapp> above it.
         // This is not supported now, and we'll need to do a code audit to make
         // sure we can handle it (i.e don't short-circuit using separate
         // namespace if just appID==0)
         return "TabParent reports appId=NECKO_NO_APP_ID but is a mozbrowser";
       }
     }
   } else {
     // Only trust appId/inBrowser from child-side loadcontext if we're in
     // testing mode: allows xpcshell tests to masquerade as apps
-    MOZ_ASSERT(gDisableIPCSecurity);
-    if (!gDisableIPCSecurity) {
+    MOZ_ASSERT(!UsingNeckoIPCSecurity());
+    if (UsingNeckoIPCSecurity()) {
       return "internal error";
     }
     if (aSerialized.IsNotNull()) {
       *aAppId = aSerialized.mAppId;
       *aInBrowserElement = aSerialized.mIsInBrowserElement;
     } else {
       *aAppId = NECKO_NO_APP_ID;
     }
@@ -140,17 +134,17 @@ NeckoParent::CreateChannelLoadContext(PB
     return error;
   }
 
   if (aBrowser) {
     nsRefPtr<TabParent> tabParent = static_cast<TabParent*>(aBrowser);
     topFrameElement = tabParent->GetOwnerElement();
   }
 
-  // if gDisableIPCSecurity, we may not have a LoadContext to set. This is
+  // if !UsingNeckoIPCSecurity(), we may not have a LoadContext to set. This is
   // the common case for most xpcshell tests.
   if (aSerialized.IsNotNull()) {
     aResult = new LoadContext(aSerialized, topFrameElement, appId, inBrowser);
   }
 
   return nullptr;
 }
 
@@ -305,17 +299,17 @@ NeckoParent::AllocPRemoteOpenFile(const 
 {
   nsCOMPtr<nsIURI> uri = DeserializeURI(aURI);
   nsCOMPtr<nsIFileURL> fileURL = do_QueryInterface(uri);
   if (!fileURL) {
     return nullptr;
   }
 
   // security checks
-  if (!gDisableIPCSecurity) {
+  if (UsingNeckoIPCSecurity()) {
     if (!aBrowser) {
       printf_stderr("NeckoParent::AllocPRemoteOpenFile: "
                     "FATAL error: missing TabParent: KILLING CHILD PROCESS\n");
       return nullptr;
     }
     nsRefPtr<TabParent> tabParent = static_cast<TabParent*>(aBrowser);
     uint32_t appId = tabParent->OwnOrContainingAppId();
     nsCOMPtr<nsIAppsService> appsService =