Bug 1312101 - Part 1: Remove permission assertions through the message manager; r=baku
authorEhsan Akhgari <ehsan@mozilla.com>
Wed, 16 Nov 2016 09:58:55 -0500
changeset 322888 ba4af4705e58896c43a51b5f608d9466c8f415c7
parent 322887 37dce5270b23f6cd9357109fc6408db0453c38da
child 322889 ad3f41ebb1a2b31c39b082b15d827befe2bc70de
push id21
push usermaklebus@msu.edu
push dateThu, 01 Dec 2016 06:22:08 +0000
reviewersbaku
bugs1312101
milestone53.0a1
Bug 1312101 - Part 1: Remove permission assertions through the message manager; r=baku Since AddProcessChecker is going away, there's no point in these permission checks any more.
b2g/components/AlertsHelper.jsm
dom/downloads/DownloadsAPI.jsm
dom/inputmethod/Keyboard.jsm
dom/network/NetworkStatsService.jsm
dom/permission/PermissionSettings.jsm
dom/presentation/PresentationDeviceInfoManager.jsm
dom/push/PushComponents.js
dom/secureelement/gonk/SecureElement.js
dom/settings/SettingsRequestManager.jsm
dom/system/SystemUpdateService.jsm
--- a/b2g/components/AlertsHelper.jsm
+++ b/b2g/components/AlertsHelper.jsm
@@ -35,18 +35,16 @@ XPCOMUtils.defineLazyGetter(this, "ppmm"
 });
 
 function debug(str) {
   //dump("=*= AlertsHelper.jsm : " + str + "\n");
 }
 
 const kNotificationIconSize = 128;
 
-const kDesktopNotificationPerm = "desktop-notification";
-
 const kNotificationSystemMessageName = "notification";
 
 const kDesktopNotification      = "desktop-notification";
 const kDesktopNotificationShow  = "desktop-notification-show";
 const kDesktopNotificationClick = "desktop-notification-click";
 const kDesktopNotificationClose = "desktop-notification-close";
 
 const kTopicAlertClickCallback = "alertclickcallback";
@@ -251,23 +249,16 @@ var AlertsHelper = {
   closeAlert: function(name) {
     SystemAppProxy._sendCustomEvent(kMozChromeNotificationEvent, {
       type: kDesktopNotificationClose,
       id: name
     });
   },
 
   receiveMessage: function(aMessage) {
-    if (!aMessage.target.assertAppHasPermission(kDesktopNotificationPerm)) {
-      Cu.reportError("Desktop-notification message " + aMessage.name +
-                     " from a content process with no " + kDesktopNotificationPerm +
-                     " privileges.");
-      return;
-    }
-
     switch(aMessage.name) {
       case kMessageAlertNotificationSend:
         this.showAlertNotification(aMessage);
         break;
 
       case kMessageAlertNotificationClose:
         this.closeAlert(aMessage.data.name);
         break;
--- a/dom/downloads/DownloadsAPI.jsm
+++ b/dom/downloads/DownloadsAPI.jsm
@@ -148,21 +148,16 @@ var DownloadsAPI = {
 
   onDownloadChanged: function(aDownload) {
     let download = this.jsonDownload(aDownload);
     debug("onDownloadChanged " + uneval(download));
     ppmm.broadcastAsyncMessage("Downloads:Changed", download);
   },
 
   receiveMessage: function(aMessage) {
-    if (!aMessage.target.assertPermission("downloads")) {
-      debug("No 'downloads' permission!");
-      return;
-    }
-
     debug("message: " + aMessage.name);
 
     switch (aMessage.name) {
     case "Downloads:GetList":
       this.getList(aMessage.data, aMessage.target);
       break;
     case "Downloads:ClearAllDone":
       this.clearAllDone(aMessage.data, aMessage.target);
--- a/dom/inputmethod/Keyboard.jsm
+++ b/dom/inputmethod/Keyboard.jsm
@@ -38,19 +38,16 @@ var Utils = {
     try {
       mm = msg.target.QueryInterface(Ci.nsIFrameLoaderOwner)
                      .frameLoader.messageManager;
     } catch(e) {
       mm = msg.target;
     }
 
     return mm;
-  },
-  checkPermissionForMM: function u_checkPermissionForMM(mm, permName) {
-    return mm.assertPermission(permName);
   }
 };
 
 this.Keyboard = {
 #ifdef MOZ_B2G
   // For receving keyboard event fired from hardware before it's dispatched,
   // |this| object is used to be the listener to get the forwarded event.
   // As the listener, |this| object must implement nsIHardwareKeyEventListener
@@ -210,42 +207,17 @@ this.Keyboard = {
     mm.addMessageListener('Forms:SendKey:Result:Error', this);
     mm.addMessageListener('Forms:SequenceError', this);
     mm.addMessageListener('Forms:GetContext:Result:OK', this);
     mm.addMessageListener('Forms:SetComposition:Result:OK', this);
     mm.addMessageListener('Forms:EndComposition:Result:OK', this);
   },
 
   receiveMessage: function keyboardReceiveMessage(msg) {
-    // If we get a 'Keyboard:XXX'/'System:XXX' message, check that the sender
-    // has the required permission.
-    let mm;
-
-    // Assert the permission based on the prefix of the message.
-    let permName;
-    if (msg.name.startsWith("Keyboard:")) {
-      permName = "input";
-    } else if (msg.name.startsWith("System:")) {
-      permName = "input-manage";
-    }
-
-    // There is no permission to check (nor we need to get the mm)
-    // for Form: messages.
-    if (permName) {
-      mm = Utils.getMMFromMessage(msg);
-      if (!mm) {
-        dump("Keyboard.jsm: Message " + msg.name + " has no message manager.");
-        return;
-      }
-      if (!Utils.checkPermissionForMM(mm, permName)) {
-        dump("Keyboard.jsm: Message " + msg.name +
-          " from a content process with no '" + permName + "' privileges.\n");
-        return;
-      }
-    }
+    let mm = Utils.getMMFromMessage(msg);
 
     // we don't process kb messages (other than register)
     // if they come from a kb that we're currently not regsitered for.
     // this decision is made with the kbID kept by us and kb app
     let kbID = null;
     if ('kbID' in msg.data) {
       kbID = msg.data.kbID;
     }
@@ -533,23 +505,16 @@ function InputRegistryGlue() {
   ppmm.addMessageListener('InputRegistry:Remove', this);
   ppmm.addMessageListener('System:InputRegistry:Add:Done', this);
   ppmm.addMessageListener('System:InputRegistry:Remove:Done', this);
 };
 
 InputRegistryGlue.prototype.receiveMessage = function(msg) {
   let mm = Utils.getMMFromMessage(msg);
 
-  let permName = msg.name.startsWith("System:") ? "input-mgmt" : "input";
-  if (!Utils.checkPermissionForMM(mm, permName)) {
-    dump("InputRegistryGlue message " + msg.name +
-      " from a content process with no " + permName + " privileges.");
-    return;
-  }
-
   switch (msg.name) {
     case 'InputRegistry:Add':
       this.addInput(msg, mm);
 
       break;
 
     case 'InputRegistry:Remove':
       this.removeInput(msg, mm);
--- a/dom/network/NetworkStatsService.jsm
+++ b/dom/network/NetworkStatsService.jsm
@@ -136,20 +136,16 @@ this.NetworkStatsService = {
     this.updateQueue = [];
     this.isQueueRunning = false;
 
     this._currentAlarms = {};
     this.initAlarms();
   },
 
   receiveMessage: function(aMessage) {
-    if (!aMessage.target.assertPermission("networkstats-manage")) {
-      return;
-    }
-
     debug("receiveMessage " + aMessage.name);
 
     let mm = aMessage.target;
     let msg = aMessage.json;
 
     switch (aMessage.name) {
       case "NetworkStats:Get":
         this.getSamples(mm, msg);
--- a/dom/permission/PermissionSettings.jsm
+++ b/dom/permission/PermissionSettings.jsm
@@ -171,30 +171,15 @@ this.PermissionSettingsModule = {
   receiveMessage: function receiveMessage(aMessage) {
     debug("PermissionSettings::receiveMessage " + aMessage.name);
     let mm = aMessage.target;
     let msg = aMessage.data;
 
     let result;
     switch (aMessage.name) {
       case "PermissionSettings:AddPermission":
-        let success = false;
-        let errorMsg =
-              " from a content process with no 'permissions' privileges.";
-        if (mm.assertPermission("permissions")) {
-          success = this._internalAddPermission(msg, false);
-          if (!success) {
-            // Just kill the calling process
-            mm.assertPermission("permissions-modify-implicit");
-            errorMsg = " had an implicit permission change. Child process killed.";
-          }
-        }
-
-        if (!success) {
-          Cu.reportError("PermissionSettings message " + msg.type + errorMsg);
-          return null;
-        }
+        this._internalAddPermission(msg, false);
         break;
     }
   }
 }
 
 PermissionSettingsModule.init();
--- a/dom/presentation/PresentationDeviceInfoManager.jsm
+++ b/dom/presentation/PresentationDeviceInfoManager.jsm
@@ -73,22 +73,16 @@ this.PresentationDeviceInfoService = {
         name: device.name,
         type: device.type,
       },
     };
     ppmm.broadcastAsyncMessage("PresentationDeviceInfoManager:OnDeviceChange", data);
   },
 
   receiveMessage: function(aMessage) {
-    if (!aMessage.target.assertPermission("presentation-device-manage")) {
-      debug("receive message " + aMessage.name +
-            " from a content process with no 'presentation-device-manage' privileges.");
-      return null;
-    }
-
     let msg = aMessage.data || {};
     let mm = aMessage.target;
 
     log("receiveMessage: " + aMessage.name);
     switch (aMessage.name) {
       case "PresentationDeviceInfoManager:GetAll": {
         this.getAll(msg, mm);
         break;
--- a/dom/push/PushComponents.js
+++ b/dom/push/PushComponents.js
@@ -205,19 +205,16 @@ Object.assign(PushServiceParent.prototyp
     if (name === "Push:NotificationForOriginShown") {
       this.notificationForOriginShown(data);
       return;
     }
     if (name === "Push:NotificationForOriginClosed") {
       this.notificationForOriginClosed(data);
       return;
     }
-    if (!target.assertPermission("push")) {
-      return;
-    }
     if (name === "Push:ReportError") {
       this.reportDeliveryError(data.messageId, data.reason);
       return;
     }
     let sender = target.QueryInterface(Ci.nsIMessageSender);
     return this._handleRequest(name, principal, data).then(result => {
       sender.sendAsyncMessage(this._getResponseName(name, "OK"), {
         requestID: data.requestID,
--- a/dom/secureelement/gonk/SecureElement.js
+++ b/dom/secureelement/gonk/SecureElement.js
@@ -460,23 +460,17 @@ SecureElementManager.prototype = {
     DEBUG && debug("Received '" + msg.name + "' message from content process" +
                    ": " + JSON.stringify(msg.data));
 
     if (msg.name === "child-process-shutdown") {
       this._handleChildProcessShutdown(msg.target);
       return null;
     }
 
-    if (SE_IPC_SECUREELEMENT_MSG_NAMES.indexOf(msg.name) !== -1) {
-      if (!msg.target.assertPermission("secureelement-manage")) {
-        debug("SecureElement message " + msg.name + " from a content process " +
-              "with no 'secureelement-manage' privileges.");
-        return null;
-      }
-    } else {
+    if (SE_IPC_SECUREELEMENT_MSG_NAMES.indexOf(msg.name) === -1) {
       debug("Ignoring unknown message type: " + msg.name);
       return null;
     }
 
     let callback = (result) => this._sendSEResponse(msg, result);
     if (!this._isValidMessage(msg)) {
       debug("Message not valid");
       callback({ error: SE.ERROR_GENERIC });
--- a/dom/settings/SettingsRequestManager.jsm
+++ b/dom/settings/SettingsRequestManager.jsm
@@ -1071,67 +1071,57 @@ var SettingsRequestManager = {
     // CreateLock check below.
     switch (aMessage.name) {
       case "Settings:Get":
       case "Settings:Set":
       case "Settings:Clear":
       case "Settings:Run":
       case "Settings:Finalize":
         this.checkSoftLockup();
-        let kill_process = false;
         if (!msg.lockID) {
           Cu.reportError("Process sending request for lock that does not exist. Killing.");
-          kill_process = true;
         }
         else if (!this.lockInfo[msg.lockID]) {
           if (DEBUG) debug("Cannot find lock ID " + msg.lockID);
           // This doesn't kill, because we can have things that file
           // finalize, then die, and we may get the observer
           // notification before we get the IPC messages.
           return;
         }
         else if (mm != this.lockInfo[msg.lockID]._mm) {
           Cu.reportError("Process trying to access settings lock from another process. Killing.");
-          kill_process = true;
-        }
-        if (kill_process) {
-          // Kill the app by checking for a non-existent permission
-          aMessage.target.assertPermission("message-manager-mismatch-kill");
-          return;
         }
       default:
       break;
     }
 
     switch (aMessage.name) {
       case "child-process-shutdown":
         if (VERBOSE) debug("Child process shutdown received.");
         this.forceFinalizeChildLocksOOP(mm);
         this.removeObserver(mm);
         break;
       case "Settings:RegisterForMessages":
         if (!SettingsPermissions.hasSomeReadPermission(aMessage.principal)) {
           Cu.reportError("Settings message " + aMessage.name +
                          " from a content process with no 'settings-api-read' privileges.");
-          aMessage.target.assertPermission("message-manager-no-read-kill");
           return;
         }
         this.addObserver(mm, aMessage.principal);
         break;
       case "Settings:UnregisterForMessages":
         this.removeObserver(mm);
         break;
       case "Settings:CreateLock":
         if (VERBOSE) debug("Received CreateLock for " + msg.lockID + " from " + aMessage.principal.origin + " window: " + msg.windowID);
         // If we try to create a lock ID that collides with one
         // already in the system, consider it a security violation and
         // kill.
         if (msg.lockID in this.settingsLockQueue) {
           Cu.reportError("Trying to queue a lock with the same ID as an already queued lock. Killing app.");
-          aMessage.target.assertPermission("lock-id-duplicate-kill");
           return;
         }
 
         if (this.softLockup.lockId === null) {
           this.updateSoftLockup(msg.lockID);
         }
 
         this.settingsLockQueue.push(msg.lockID);
--- a/dom/system/SystemUpdateService.jsm
+++ b/dom/system/SystemUpdateService.jsm
@@ -311,22 +311,16 @@ this.SystemUpdateService = {
     aData.provider = {
       name: selectedProvider.name,
       uuid: selectedProvider.id
     };
     aMm.sendAsyncMessage("SystemUpdate:SetActiveProvider:Result:OK", aData);
   },
 
   receiveMessage: function(aMessage) {
-    if (!aMessage.target.assertPermission("system-update")) {
-      debug("receive message " + aMessage.name +
-            " from a content process with no 'system-update' privileges.");
-      return null;
-    }
-
     let msg = aMessage.data || {};
     let mm = aMessage.target;
 
     switch (aMessage.name) {
       case "SystemUpdate:GetProviders": {
         this.getProviders(msg, mm);
         break;
       }