Bug 1459206 - Use FileSystemSecurity in ContentParent::RecvGetFilesRequest. r=ehsan, a=RyanVM
authorAndrea Marchesini <amarchesini@mozilla.com>
Thu, 10 May 2018 11:24:25 +0200
changeset 473253 5779de6a7028dc5ec93bc1436d1bc686b76732a5
parent 473252 2b5d49309695f5ffd78dcf7063f39bcdab90e6a9
child 473254 ee62b33ebe5290d5b27ab75e53aedae57dd2a8b3
push id1728
push userjlund@mozilla.com
push dateMon, 18 Jun 2018 21:12:27 +0000
treeherdermozilla-release@c296fde26f5f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersehsan, RyanVM
bugs1459206
milestone61.0
Bug 1459206 - Use FileSystemSecurity in ContentParent::RecvGetFilesRequest. r=ehsan, a=RyanVM
dom/filesystem/tests/test_webkitdirectory.html
dom/ipc/ContentParent.cpp
--- a/dom/filesystem/tests/test_webkitdirectory.html
+++ b/dom/filesystem/tests/test_webkitdirectory.html
@@ -146,16 +146,17 @@ function test_changeDataWhileWorking() {
 
   .then(function() {
     test_fileList('inputFileWebkitDirectory', testDirData);
   });
 }
 
 function test_setup() {
   SpecialPowers.pushPrefEnv({"set": [["dom.input.dirpicker", true],
+                                     ["dom.filesystem.pathcheck.disabled", true],
                                      ["dom.webkitBlink.dirPicker.enabled", true]]}, next);
 }
 
 var testDirData = [ { name: 'foo.txt', path: '/foo.txt' },
                     { name: 'bar.txt', path: '/subdir/bar.txt' }];
 
 var tests = [
   test_setup,
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -5236,16 +5236,24 @@ ContentParent::HandleWindowsMessages(con
 
 mozilla::ipc::IPCResult
 ContentParent::RecvGetFilesRequest(const nsID& aUUID,
                                    const nsString& aDirectoryPath,
                                    const bool& aRecursiveFlag)
 {
   MOZ_ASSERT(!mGetFilesPendingRequests.GetWeak(aUUID));
 
+  if (!mozilla::Preferences::GetBool("dom.filesystem.pathcheck.disabled", false)) {
+    RefPtr<FileSystemSecurity> fss = FileSystemSecurity::Get();
+    if (NS_WARN_IF(!fss ||
+                   !fss->ContentProcessHasAccessTo(ChildID(), aDirectoryPath))) {
+      return IPC_FAIL_NO_REASON(this);
+    }
+  }
+
   ErrorResult rv;
   RefPtr<GetFilesHelper> helper =
     GetFilesHelperParent::Create(aUUID, aDirectoryPath, aRecursiveFlag, this,
                                  rv);
 
   if (NS_WARN_IF(rv.Failed())) {
     if (!SendGetFilesResponse(aUUID,
                               GetFilesResponseFailure(rv.StealNSResult()))) {