Bug 1312101 - Part 1: Remove permission assertions through the message manager; r=baku
authorEhsan Akhgari <ehsan@mozilla.com>
Wed, 16 Nov 2016 09:58:55 -0500
changeset 367851 ba4af4705e58896c43a51b5f608d9466c8f415c7
parent 367850 37dce5270b23f6cd9357109fc6408db0453c38da
child 367852 ad3f41ebb1a2b31c39b082b15d827befe2bc70de
push id6996
push userjlorenzo@mozilla.com
push dateMon, 06 Mar 2017 20:48:21 +0000
treeherdermozilla-beta@d89512dab048 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku
bugs1312101
milestone53.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1312101 - Part 1: Remove permission assertions through the message manager; r=baku Since AddProcessChecker is going away, there's no point in these permission checks any more.
b2g/components/AlertsHelper.jsm
dom/downloads/DownloadsAPI.jsm
dom/inputmethod/Keyboard.jsm
dom/network/NetworkStatsService.jsm
dom/permission/PermissionSettings.jsm
dom/presentation/PresentationDeviceInfoManager.jsm
dom/push/PushComponents.js
dom/secureelement/gonk/SecureElement.js
dom/settings/SettingsRequestManager.jsm
dom/system/SystemUpdateService.jsm
--- a/b2g/components/AlertsHelper.jsm
+++ b/b2g/components/AlertsHelper.jsm
@@ -35,18 +35,16 @@ XPCOMUtils.defineLazyGetter(this, "ppmm"
 });
 
 function debug(str) {
   //dump("=*= AlertsHelper.jsm : " + str + "\n");
 }
 
 const kNotificationIconSize = 128;
 
-const kDesktopNotificationPerm = "desktop-notification";
-
 const kNotificationSystemMessageName = "notification";
 
 const kDesktopNotification      = "desktop-notification";
 const kDesktopNotificationShow  = "desktop-notification-show";
 const kDesktopNotificationClick = "desktop-notification-click";
 const kDesktopNotificationClose = "desktop-notification-close";
 
 const kTopicAlertClickCallback = "alertclickcallback";
@@ -251,23 +249,16 @@ var AlertsHelper = {
   closeAlert: function(name) {
     SystemAppProxy._sendCustomEvent(kMozChromeNotificationEvent, {
       type: kDesktopNotificationClose,
       id: name
     });
   },
 
   receiveMessage: function(aMessage) {
-    if (!aMessage.target.assertAppHasPermission(kDesktopNotificationPerm)) {
-      Cu.reportError("Desktop-notification message " + aMessage.name +
-                     " from a content process with no " + kDesktopNotificationPerm +
-                     " privileges.");
-      return;
-    }
-
     switch(aMessage.name) {
       case kMessageAlertNotificationSend:
         this.showAlertNotification(aMessage);
         break;
 
       case kMessageAlertNotificationClose:
         this.closeAlert(aMessage.data.name);
         break;
--- a/dom/downloads/DownloadsAPI.jsm
+++ b/dom/downloads/DownloadsAPI.jsm
@@ -148,21 +148,16 @@ var DownloadsAPI = {
 
   onDownloadChanged: function(aDownload) {
     let download = this.jsonDownload(aDownload);
     debug("onDownloadChanged " + uneval(download));
     ppmm.broadcastAsyncMessage("Downloads:Changed", download);
   },
 
   receiveMessage: function(aMessage) {
-    if (!aMessage.target.assertPermission("downloads")) {
-      debug("No 'downloads' permission!");
-      return;
-    }
-
     debug("message: " + aMessage.name);
 
     switch (aMessage.name) {
     case "Downloads:GetList":
       this.getList(aMessage.data, aMessage.target);
       break;
     case "Downloads:ClearAllDone":
       this.clearAllDone(aMessage.data, aMessage.target);
--- a/dom/inputmethod/Keyboard.jsm
+++ b/dom/inputmethod/Keyboard.jsm
@@ -38,19 +38,16 @@ var Utils = {
     try {
       mm = msg.target.QueryInterface(Ci.nsIFrameLoaderOwner)
                      .frameLoader.messageManager;
     } catch(e) {
       mm = msg.target;
     }
 
     return mm;
-  },
-  checkPermissionForMM: function u_checkPermissionForMM(mm, permName) {
-    return mm.assertPermission(permName);
   }
 };
 
 this.Keyboard = {
 #ifdef MOZ_B2G
   // For receving keyboard event fired from hardware before it's dispatched,
   // |this| object is used to be the listener to get the forwarded event.
   // As the listener, |this| object must implement nsIHardwareKeyEventListener
@@ -210,42 +207,17 @@ this.Keyboard = {
     mm.addMessageListener('Forms:SendKey:Result:Error', this);
     mm.addMessageListener('Forms:SequenceError', this);
     mm.addMessageListener('Forms:GetContext:Result:OK', this);
     mm.addMessageListener('Forms:SetComposition:Result:OK', this);
     mm.addMessageListener('Forms:EndComposition:Result:OK', this);
   },
 
   receiveMessage: function keyboardReceiveMessage(msg) {
-    // If we get a 'Keyboard:XXX'/'System:XXX' message, check that the sender
-    // has the required permission.
-    let mm;
-
-    // Assert the permission based on the prefix of the message.
-    let permName;
-    if (msg.name.startsWith("Keyboard:")) {
-      permName = "input";
-    } else if (msg.name.startsWith("System:")) {
-      permName = "input-manage";
-    }
-
-    // There is no permission to check (nor we need to get the mm)
-    // for Form: messages.
-    if (permName) {
-      mm = Utils.getMMFromMessage(msg);
-      if (!mm) {
-        dump("Keyboard.jsm: Message " + msg.name + " has no message manager.");
-        return;
-      }
-      if (!Utils.checkPermissionForMM(mm, permName)) {
-        dump("Keyboard.jsm: Message " + msg.name +
-          " from a content process with no '" + permName + "' privileges.\n");
-        return;
-      }
-    }
+    let mm = Utils.getMMFromMessage(msg);
 
     // we don't process kb messages (other than register)
     // if they come from a kb that we're currently not regsitered for.
     // this decision is made with the kbID kept by us and kb app
     let kbID = null;
     if ('kbID' in msg.data) {
       kbID = msg.data.kbID;
     }
@@ -533,23 +505,16 @@ function InputRegistryGlue() {
   ppmm.addMessageListener('InputRegistry:Remove', this);
   ppmm.addMessageListener('System:InputRegistry:Add:Done', this);
   ppmm.addMessageListener('System:InputRegistry:Remove:Done', this);
 };
 
 InputRegistryGlue.prototype.receiveMessage = function(msg) {
   let mm = Utils.getMMFromMessage(msg);
 
-  let permName = msg.name.startsWith("System:") ? "input-mgmt" : "input";
-  if (!Utils.checkPermissionForMM(mm, permName)) {
-    dump("InputRegistryGlue message " + msg.name +
-      " from a content process with no " + permName + " privileges.");
-    return;
-  }
-
   switch (msg.name) {
     case 'InputRegistry:Add':
       this.addInput(msg, mm);
 
       break;
 
     case 'InputRegistry:Remove':
       this.removeInput(msg, mm);
--- a/dom/network/NetworkStatsService.jsm
+++ b/dom/network/NetworkStatsService.jsm
@@ -136,20 +136,16 @@ this.NetworkStatsService = {
     this.updateQueue = [];
     this.isQueueRunning = false;
 
     this._currentAlarms = {};
     this.initAlarms();
   },
 
   receiveMessage: function(aMessage) {
-    if (!aMessage.target.assertPermission("networkstats-manage")) {
-      return;
-    }
-
     debug("receiveMessage " + aMessage.name);
 
     let mm = aMessage.target;
     let msg = aMessage.json;
 
     switch (aMessage.name) {
       case "NetworkStats:Get":
         this.getSamples(mm, msg);
--- a/dom/permission/PermissionSettings.jsm
+++ b/dom/permission/PermissionSettings.jsm
@@ -171,30 +171,15 @@ this.PermissionSettingsModule = {
   receiveMessage: function receiveMessage(aMessage) {
     debug("PermissionSettings::receiveMessage " + aMessage.name);
     let mm = aMessage.target;
     let msg = aMessage.data;
 
     let result;
     switch (aMessage.name) {
       case "PermissionSettings:AddPermission":
-        let success = false;
-        let errorMsg =
-              " from a content process with no 'permissions' privileges.";
-        if (mm.assertPermission("permissions")) {
-          success = this._internalAddPermission(msg, false);
-          if (!success) {
-            // Just kill the calling process
-            mm.assertPermission("permissions-modify-implicit");
-            errorMsg = " had an implicit permission change. Child process killed.";
-          }
-        }
-
-        if (!success) {
-          Cu.reportError("PermissionSettings message " + msg.type + errorMsg);
-          return null;
-        }
+        this._internalAddPermission(msg, false);
         break;
     }
   }
 }
 
 PermissionSettingsModule.init();
--- a/dom/presentation/PresentationDeviceInfoManager.jsm
+++ b/dom/presentation/PresentationDeviceInfoManager.jsm
@@ -73,22 +73,16 @@ this.PresentationDeviceInfoService = {
         name: device.name,
         type: device.type,
       },
     };
     ppmm.broadcastAsyncMessage("PresentationDeviceInfoManager:OnDeviceChange", data);
   },
 
   receiveMessage: function(aMessage) {
-    if (!aMessage.target.assertPermission("presentation-device-manage")) {
-      debug("receive message " + aMessage.name +
-            " from a content process with no 'presentation-device-manage' privileges.");
-      return null;
-    }
-
     let msg = aMessage.data || {};
     let mm = aMessage.target;
 
     log("receiveMessage: " + aMessage.name);
     switch (aMessage.name) {
       case "PresentationDeviceInfoManager:GetAll": {
         this.getAll(msg, mm);
         break;
--- a/dom/push/PushComponents.js
+++ b/dom/push/PushComponents.js
@@ -205,19 +205,16 @@ Object.assign(PushServiceParent.prototyp
     if (name === "Push:NotificationForOriginShown") {
       this.notificationForOriginShown(data);
       return;
     }
     if (name === "Push:NotificationForOriginClosed") {
       this.notificationForOriginClosed(data);
       return;
     }
-    if (!target.assertPermission("push")) {
-      return;
-    }
     if (name === "Push:ReportError") {
       this.reportDeliveryError(data.messageId, data.reason);
       return;
     }
     let sender = target.QueryInterface(Ci.nsIMessageSender);
     return this._handleRequest(name, principal, data).then(result => {
       sender.sendAsyncMessage(this._getResponseName(name, "OK"), {
         requestID: data.requestID,
--- a/dom/secureelement/gonk/SecureElement.js
+++ b/dom/secureelement/gonk/SecureElement.js
@@ -460,23 +460,17 @@ SecureElementManager.prototype = {
     DEBUG && debug("Received '" + msg.name + "' message from content process" +
                    ": " + JSON.stringify(msg.data));
 
     if (msg.name === "child-process-shutdown") {
       this._handleChildProcessShutdown(msg.target);
       return null;
     }
 
-    if (SE_IPC_SECUREELEMENT_MSG_NAMES.indexOf(msg.name) !== -1) {
-      if (!msg.target.assertPermission("secureelement-manage")) {
-        debug("SecureElement message " + msg.name + " from a content process " +
-              "with no 'secureelement-manage' privileges.");
-        return null;
-      }
-    } else {
+    if (SE_IPC_SECUREELEMENT_MSG_NAMES.indexOf(msg.name) === -1) {
       debug("Ignoring unknown message type: " + msg.name);
       return null;
     }
 
     let callback = (result) => this._sendSEResponse(msg, result);
     if (!this._isValidMessage(msg)) {
       debug("Message not valid");
       callback({ error: SE.ERROR_GENERIC });
--- a/dom/settings/SettingsRequestManager.jsm
+++ b/dom/settings/SettingsRequestManager.jsm
@@ -1071,67 +1071,57 @@ var SettingsRequestManager = {
     // CreateLock check below.
     switch (aMessage.name) {
       case "Settings:Get":
       case "Settings:Set":
       case "Settings:Clear":
       case "Settings:Run":
       case "Settings:Finalize":
         this.checkSoftLockup();
-        let kill_process = false;
         if (!msg.lockID) {
           Cu.reportError("Process sending request for lock that does not exist. Killing.");
-          kill_process = true;
         }
         else if (!this.lockInfo[msg.lockID]) {
           if (DEBUG) debug("Cannot find lock ID " + msg.lockID);
           // This doesn't kill, because we can have things that file
           // finalize, then die, and we may get the observer
           // notification before we get the IPC messages.
           return;
         }
         else if (mm != this.lockInfo[msg.lockID]._mm) {
           Cu.reportError("Process trying to access settings lock from another process. Killing.");
-          kill_process = true;
-        }
-        if (kill_process) {
-          // Kill the app by checking for a non-existent permission
-          aMessage.target.assertPermission("message-manager-mismatch-kill");
-          return;
         }
       default:
       break;
     }
 
     switch (aMessage.name) {
       case "child-process-shutdown":
         if (VERBOSE) debug("Child process shutdown received.");
         this.forceFinalizeChildLocksOOP(mm);
         this.removeObserver(mm);
         break;
       case "Settings:RegisterForMessages":
         if (!SettingsPermissions.hasSomeReadPermission(aMessage.principal)) {
           Cu.reportError("Settings message " + aMessage.name +
                          " from a content process with no 'settings-api-read' privileges.");
-          aMessage.target.assertPermission("message-manager-no-read-kill");
           return;
         }
         this.addObserver(mm, aMessage.principal);
         break;
       case "Settings:UnregisterForMessages":
         this.removeObserver(mm);
         break;
       case "Settings:CreateLock":
         if (VERBOSE) debug("Received CreateLock for " + msg.lockID + " from " + aMessage.principal.origin + " window: " + msg.windowID);
         // If we try to create a lock ID that collides with one
         // already in the system, consider it a security violation and
         // kill.
         if (msg.lockID in this.settingsLockQueue) {
           Cu.reportError("Trying to queue a lock with the same ID as an already queued lock. Killing app.");
-          aMessage.target.assertPermission("lock-id-duplicate-kill");
           return;
         }
 
         if (this.softLockup.lockId === null) {
           this.updateSoftLockup(msg.lockID);
         }
 
         this.settingsLockQueue.push(msg.lockID);
--- a/dom/system/SystemUpdateService.jsm
+++ b/dom/system/SystemUpdateService.jsm
@@ -311,22 +311,16 @@ this.SystemUpdateService = {
     aData.provider = {
       name: selectedProvider.name,
       uuid: selectedProvider.id
     };
     aMm.sendAsyncMessage("SystemUpdate:SetActiveProvider:Result:OK", aData);
   },
 
   receiveMessage: function(aMessage) {
-    if (!aMessage.target.assertPermission("system-update")) {
-      debug("receive message " + aMessage.name +
-            " from a content process with no 'system-update' privileges.");
-      return null;
-    }
-
     let msg = aMessage.data || {};
     let mm = aMessage.target;
 
     switch (aMessage.name) {
       case "SystemUpdate:GetProviders": {
         this.getProviders(msg, mm);
         break;
       }