Bug 814211 - Need additional security checks for the "fmradio" permission. r=bent
authorGregor Wagner <anygregor@gmail.com>
Mon, 03 Dec 2012 19:12:38 -0800
changeset 120454 b298c038c66194b9f1df749918b0dea6f253dafc
parent 120453 3e2d7adbe497904de9445ea84d470f12d584e631
child 120455 51464a5e7a005bd9eabe5636e226cb762e484fa0
push idunknown
push userunknown
push dateunknown
reviewersbent
bugs814211
milestone20.0a1
Bug 814211 - Need additional security checks for the "fmradio" permission. r=bent
dom/fm/DOMFMRadioChild.js
dom/fm/DOMFMRadioParent.jsm
--- a/dom/fm/DOMFMRadioChild.js
+++ b/dom/fm/DOMFMRadioChild.js
@@ -48,17 +48,18 @@ DOMFMRadioChild.prototype = {
   init: function(aWindow) {
     let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"]
                    .getService(Ci.nsIScriptSecurityManager);
 
     let perm = Services.perms.testExactPermissionFromPrincipal(aWindow.document.nodePrincipal, "fmradio");
     this._hasPrivileges = perm == Ci.nsIPermissionManager.ALLOW_ACTION;
 
     if (!this._hasPrivileges) {
-      throw new Components.Exception("Denied", Cr.NS_ERROR_FAILURE);
+      Cu.reportError("NO FMRADIO PERMISSION FOR: " + aWindow.document.nodePrincipal.origin + "\n");
+      return null;
     }
 
     const messages = ["DOMFMRadio:enable:Return:OK",
                       "DOMFMRadio:enable:Return:NO",
                       "DOMFMRadio:disable:Return:OK",
                       "DOMFMRadio:disable:Return:NO",
                       "DOMFMRadio:setFrequency:Return:OK",
                       "DOMFMRadio:setFrequency:Return:NO",
--- a/dom/fm/DOMFMRadioParent.jsm
+++ b/dom/fm/DOMFMRadioParent.jsm
@@ -388,16 +388,23 @@ this.DOMFMRadioParent = {
   },
 
   receiveMessage: function(aMessage) {
     let msg = aMessage.json || {};
     msg.manager = aMessage.target;
 
     let ret = 0;
     let self = this;
+
+    if (!aMessage.target.assertPermission("fmradio")) {
+      Cu.reportError("FMRadio message " + aMessage.name +
+                     " from a content process with no 'fmradio' privileges.");
+      return null;
+    }
+
     switch (aMessage.name) {
       case "DOMFMRadio:enable":
         self._enableFMRadio(msg);
         break;
       case "DOMFMRadio:disable":
         self._disableFMRadio(msg);
         break;
       case "DOMFMRadio:setFrequency":