Bug 793479: Update C++ permission-checking API to match that of the message-manager one. r=jlebar
authorChris Jones <jones.chris.g@gmail.com>
Tue, 25 Sep 2012 11:52:30 -0700
changeset 108160 5337b1d6fcb9846cf2c2562b5bc2a7ab5792e80f
parent 108159 ceec86729302ed1145322bf25f3a12c9cabbe5b4
child 108161 d82c59029dcbf79260d3221395bb4057b41f4cae
push id82
push usershu@rfrn.org
push dateFri, 05 Oct 2012 13:20:22 +0000
reviewersjlebar
bugs793479
milestone18.0a1
Bug 793479: Update C++ permission-checking API to match that of the message-manager one. r=jlebar
dom/ipc/AppProcessPermissions.cpp
dom/ipc/AppProcessPermissions.h
dom/ipc/ContentParent.cpp
hal/sandbox/SandboxHal.cpp
--- a/dom/ipc/AppProcessPermissions.cpp
+++ b/dom/ipc/AppProcessPermissions.cpp
@@ -14,17 +14,17 @@
 
 using namespace mozilla::dom;
 using namespace mozilla::hal_sandbox;
 using namespace mozilla::services;
 
 namespace mozilla {
 
 bool
-AppProcessHasPermission(PBrowserParent* aActor, const char* aPermission)
+AssertAppProcessPermission(PBrowserParent* aActor, const char* aPermission)
 {
   if (!aActor) {
     NS_WARNING("Testing permissions for null actor");
     return false;
   }
 
   TabParent* tab = static_cast<TabParent*>(aActor);
   nsCOMPtr<mozIApplication> app = tab->GetApp();
@@ -41,27 +41,27 @@ AppProcessHasPermission(PBrowserParent* 
     printf_stderr("Security problem: App process does not have `%s' permission.  It will be killed.", aPermission);
     ContentParent* process = static_cast<ContentParent*>(aActor->Manager());
     process->KillHard();
   }
   return hasPermission;
 }
 
 bool
-AppProcessHasPermission(PContentParent* aActor, const char* aPermission)
+AssertAppProcessPermission(PContentParent* aActor, const char* aPermission)
 {
   const InfallibleTArray<PBrowserParent*>& browsers =
     aActor->ManagedPBrowserParent();
   for (uint32_t i = 0; i < browsers.Length(); ++i) {
-    if (AppProcessHasPermission(browsers[i], aPermission)) {
+    if (AssertAppProcessPermission(browsers[i], aPermission)) {
       return true;
     }
   }
   return false;
 }
 
 bool
-AppProcessHasPermission(PHalParent* aActor, const char* aPermission)
+AssertAppProcessPermission(PHalParent* aActor, const char* aPermission)
 {
-  return AppProcessHasPermission(aActor->Manager(), aPermission);
+  return AssertAppProcessPermission(aActor->Manager(), aPermission);
 }
 
 } // namespace mozilla
--- a/dom/ipc/AppProcessPermissions.h
+++ b/dom/ipc/AppProcessPermissions.h
@@ -1,51 +1,54 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  * vim: sw=2 ts=8 et :
  */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#ifndef mozilla_Capabilities_h
-#define mozilla_Capabilities_h
+#ifndef mozilla_AppProcessPermissions_h
+#define mozilla_AppProcessPermissions_h
 
 namespace mozilla {
 
 namespace dom {
 class PBrowserParent;
 class PContentParent;
 }
 
 namespace hal_sandbox {
 class PHalParent;
 }
 
 /**
  * Return true iff the specified browser has the specified capability.
+ * If this returns false, the browser didn't have the permission and
+ * will be killed.
  */
 bool
-AppProcessHasPermissions(mozilla::dom::PBrowserParent* aActor,
-                         const char* aPermission);
+AssertAppProcessPermission(mozilla::dom::PBrowserParent* aActor,
+                           const char* aPermission);
 
 /**
  * Return true iff any of the PBrowsers loaded in this content process
- * has the specified capability.
+ * has the specified capability.  If this returns false, the process
+ * didn't have the permission and will be killed.
  */
 bool
-AppProcessHasPermission(mozilla::dom::PContentParent* aActor,
-                        const char* aPermission);
+AssertAppProcessPermission(mozilla::dom::PContentParent* aActor,
+                           const char* aPermission);
 
 bool
-AppProcessHasPermission(mozilla::hal_sandbox::PHalParent* aActor,
-                        const char* aPermission);
+AssertAppProcessPermission(mozilla::hal_sandbox::PHalParent* aActor,
+                           const char* aPermission);
 
 // NB: when adding capability checks for other IPDL actors, please add
 // them to this file and have them delegate to the two functions above
 // as appropriate.  For example,
 //
 //   bool AppProcessHasCapability(PNeckoParent* aActor) {
-//     return AppProcessHasCapability(aActor->Manager());
+//     return AssertAppProcessPermission(aActor->Manager());
 //   }
 
 } // namespace mozilla
 
-#endif // mozilla_Capabilities_h
+#endif // mozilla_AppProcessPermissions_h
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -1445,17 +1445,17 @@ ContentParent::DeallocPExternalHelperApp
     ExternalHelperAppParent *parent = static_cast<ExternalHelperAppParent *>(aService);
     parent->Release();
     return true;
 }
 
 PSmsParent*
 ContentParent::AllocPSms()
 {
-    if (!AppProcessHasPermission(this, "sms")) {
+    if (!AssertAppProcessPermission(this, "sms")) {
         return nullptr;
     }
     return new SmsParent();
 }
 
 bool
 ContentParent::DeallocPSms(PSmsParent* aSms)
 {
@@ -1475,17 +1475,17 @@ ContentParent::DeallocPStorage(PStorageP
     delete aActor;
     return true;
 }
 
 PBluetoothParent*
 ContentParent::AllocPBluetooth()
 {
 #ifdef MOZ_B2G_BT
-    if (!AppProcessHasPermission(this, "bluetooth")) {
+    if (!AssertAppProcessPermission(this, "bluetooth")) {
         return nullptr;
     }
     return new mozilla::dom::bluetooth::BluetoothParent();
 #else
     MOZ_NOT_REACHED("No support for bluetooth on this platform!");
     return nullptr;
 #endif
 }
--- a/hal/sandbox/SandboxHal.cpp
+++ b/hal/sandbox/SandboxHal.cpp
@@ -505,121 +505,121 @@ public:
 
   void Notify(const ScreenConfiguration& aScreenConfiguration) {
     unused << SendNotifyScreenConfigurationChange(aScreenConfiguration);
   }
 
   virtual bool
   RecvGetScreenEnabled(bool *enabled) MOZ_OVERRIDE
   {
-    if (!AppProcessHasPermission(this, "power")) {
+    if (!AssertAppProcessPermission(this, "power")) {
       return false;
     }
     *enabled = hal::GetScreenEnabled();
     return true;
   }
 
   virtual bool
   RecvSetScreenEnabled(const bool &enabled) MOZ_OVERRIDE
   {
-    if (!AppProcessHasPermission(this, "power")) {
+    if (!AssertAppProcessPermission(this, "power")) {
       return false;
     }
     hal::SetScreenEnabled(enabled);
     return true;
   }
 
   virtual bool
   RecvGetCpuSleepAllowed(bool *allowed) MOZ_OVERRIDE
   {
-    if (!AppProcessHasPermission(this, "power")) {
+    if (!AssertAppProcessPermission(this, "power")) {
       return false;
     }
     *allowed = hal::GetCpuSleepAllowed();
     return true;
   }
 
   virtual bool
   RecvSetCpuSleepAllowed(const bool &allowed) MOZ_OVERRIDE
   {
-    if (!AppProcessHasPermission(this, "power")) {
+    if (!AssertAppProcessPermission(this, "power")) {
       return false;
     }
     hal::SetCpuSleepAllowed(allowed);
     return true;
   }
 
   virtual bool
   RecvGetScreenBrightness(double *brightness) MOZ_OVERRIDE
   {
-    if (!AppProcessHasPermission(this, "power")) {
+    if (!AssertAppProcessPermission(this, "power")) {
       return false;
     }
     *brightness = hal::GetScreenBrightness();
     return true;
   }
 
   virtual bool
   RecvSetScreenBrightness(const double &brightness) MOZ_OVERRIDE
   {
-    if (!AppProcessHasPermission(this, "power")) {
+    if (!AssertAppProcessPermission(this, "power")) {
       return false;
     }
     hal::SetScreenBrightness(brightness);
     return true;
   }
 
   virtual bool
   RecvSetLight(const LightType& aLight,  const hal::LightConfiguration& aConfig, bool *status) MOZ_OVERRIDE
   {
     // XXX currently, the hardware key light and screen backlight are
     // controlled as a unit.  Those are set through the power API, and
     // there's no other way to poke lights currently, so we require
     // "power" privileges here.
-    if (!AppProcessHasPermission(this, "power")) {
+    if (!AssertAppProcessPermission(this, "power")) {
       return false;
     }
     *status = hal::SetLight(aLight, aConfig);
     return true;
   }
 
   virtual bool
   RecvGetLight(const LightType& aLight, LightConfiguration* aConfig, bool* status) MOZ_OVERRIDE
   {
-    if (!AppProcessHasPermission(this, "power")) {
+    if (!AssertAppProcessPermission(this, "power")) {
       return false;
     }
     *status = hal::GetLight(aLight, aConfig);
     return true;
   }
 
   virtual bool
   RecvAdjustSystemClock(const int32_t &aDeltaMilliseconds) MOZ_OVERRIDE
   {
-    if (!AppProcessHasPermission(this, "time")) {
+    if (!AssertAppProcessPermission(this, "time")) {
       return false;
     }
     hal::AdjustSystemClock(aDeltaMilliseconds);
     return true;
   }
 
   virtual bool 
   RecvSetTimezone(const nsCString& aTimezoneSpec) MOZ_OVERRIDE
   {
-    if (!AppProcessHasPermission(this, "time")) {
+    if (!AssertAppProcessPermission(this, "time")) {
       return false;
     }
     hal::SetTimezone(aTimezoneSpec);
     return true;  
   }
 
   virtual bool
   RecvGetTimezone(nsCString *aTimezoneSpec) MOZ_OVERRIDE
   {
-    if (!AppProcessHasPermission(this, "time")) {
+    if (!AssertAppProcessPermission(this, "time")) {
       return false;
     }
     *aTimezoneSpec = hal::GetTimezone();
     return true;
   }
 
   virtual bool
   RecvEnableSystemTimeChangeNotifications() MOZ_OVERRIDE
@@ -633,27 +633,27 @@ public:
   {
     hal::UnregisterSystemTimeChangeObserver(this);
     return true;
   }
 
   virtual bool
   RecvReboot() MOZ_OVERRIDE
   {
-    if (!AppProcessHasPermission(this, "power")) {
+    if (!AssertAppProcessPermission(this, "power")) {
       return false;
     }
     hal::Reboot();
     return true;
   }
 
   virtual bool
   RecvPowerOff() MOZ_OVERRIDE
   {
-    if (!AppProcessHasPermission(this, "power")) {
+    if (!AssertAppProcessPermission(this, "power")) {
       return false;
     }
     hal::PowerOff();
     return true;
   }
 
   virtual bool
   RecvEnableSensorNotifications(const SensorType &aSensor) MOZ_OVERRIDE {
@@ -696,17 +696,17 @@ public:
   {
     hal::UnregisterWakeLockObserver(this);
     return true;
   }
 
   virtual bool
   RecvGetWakeLockInfo(const nsString &aTopic, WakeLockInformation *aWakeLockInfo) MOZ_OVERRIDE
   {
-    if (!AppProcessHasPermission(this, "power")) {
+    if (!AssertAppProcessPermission(this, "power")) {
       return false;
     }
     hal::GetWakeLockInfo(aTopic, aWakeLockInfo);
     return true;
   }
   
   void Notify(const WakeLockInformation& aWakeLockInfo)
   {