dom/ipc/PTabContext.ipdlh
author J. Ryan Stinnett <jryans@gmail.com>
Wed, 17 Feb 2016 22:35:45 -0600
changeset 324714 76944f0d24abc3e3d968f324f18a8a3835e535dc
parent 306321 ccc1d3d2d2a72c4e2ccc6938ad2fbf8a40149d86
child 339142 7cf300dda85ae7435db346b46c109a4ba6c5edae
permissions -rw-r--r--
Bug 1238160 - Set frame type on TabContext. r=billm,mayhemer This change renames TabContext::IsBrowserElement to IsIsolatedMozBrowserElement. Other methods that pass these values around also have name changes. Adds TabContext::IsMozBrowserElement which is set by the frame loader for all browser frames. This is in contrast to its previous implementation, which has since been renamed IsIsolatedMozBrowserElement, since it checks isolated state in OriginAttributes. TabContext methods related to browser elements (and their callers) are updated to use IsIsolatedMozBrowserElement when check isolation / origins and IsMozBrowserElement when checking frame types. MozReview-Commit-ID: DDMZTkSn5yd

/* -*- Mode: C++; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 8 -*- */
/* vim: set sw=4 ts=8 et tw=80 ft=cpp : */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

include protocol PBrowser;
include PBrowserOrId;

namespace mozilla {
namespace dom {

// An IPCTabContext which corresponds to a PBrowser opened by a child when it
// receives window.open().
//
// If isMozBrowserElement is false, this PopupIPCTabContext is either a
// <xul:browser> or an app frame.  The frame's app-id and app-frame-owner-app-id
// will be equal to the opener's values.  For a <xul:browser>, those app IDs
// will be NO_APP_ID.
//
// If isMozBrowserElement is true, the frame's browserFrameOwnerAppId will be
// equal to the opener's app-id.
//
// It's an error to set isMozBrowserElement == false if opener is a mozbrowser
// element.  Such a PopupIPCTabContext should be rejected by code which receives
// it.
struct PopupIPCTabContext
{
  PBrowserOrId opener;
  bool isMozBrowserElement;
};

// An IPCTabContext which corresponds to an app, browser, or normal frame.
struct FrameIPCTabContext
{
  // The stringified originAttributes dictionary.
  nsCString originSuffix;

  // The ID of the app containing this app/browser frame, if applicable.
  uint32_t frameOwnerAppId;

  // The origin without originAttribute suffix for a signed package.
  // This value would be empty if the TabContext doesn't own a signed
  // package.
  nsCString signedPkgOriginNoSuffix;

  // Whether this is a mozbrowser frame.  <iframe mozbrowser mozapp> and
  // <xul:browser> are not considered to be mozbrowser frames.
  bool isMozBrowserElement;
};

// XXXcatalinb: This is only used by ServiceWorkerClients::OpenWindow.
// Because service workers don't have an associated TabChild
// we can't satisfy the security constraints on b2g. As such, the parent
// process will accept this tab context only on desktop.
struct UnsafeIPCTabContext
{ };

// IPCTabContext is an analog to mozilla::dom::TabContext.  Both specify an
// iframe/PBrowser's own and containing app-ids and tell you whether the
// iframe/PBrowser is a browser frame.  But only IPCTabContext is allowed to
// travel over IPC.
//
// We need IPCTabContext (specifically, PopupIPCTabContext) to prevent a
// privilege escalation attack by a compromised child process.
union IPCTabContext
{
  PopupIPCTabContext;
  FrameIPCTabContext;
  UnsafeIPCTabContext;
};

}
}