Bug 791715 - Device Storage - Ensure 'apps' device storage is only used by webapps. r=sicking
authorDoug Turner <dougt@dougt.org>
Tue, 18 Sep 2012 13:46:52 -0700
changeset 107533 58003f3c3fb535b35472fe968101f260889e5295
parent 107532 a19948eb6c26ef83cc8a9c6b6023d94d17a48110
child 107534 20f683bc1ce7f8826c2ba355625db3eeeffc257e
push id82
push usershu@rfrn.org
push dateFri, 05 Oct 2012 13:20:22 +0000
reviewerssicking
bugs791715
milestone18.0a1
Bug 791715 - Device Storage - Ensure 'apps' device storage is only used by webapps. r=sicking
dom/devicestorage/nsDeviceStorage.cpp
--- a/dom/devicestorage/nsDeviceStorage.cpp
+++ b/dom/devicestorage/nsDeviceStorage.cpp
@@ -35,17 +35,17 @@
 #include "nsIDOMDeviceStorageChangeEvent.h"
 #include "nsCRT.h"
 #include "mozilla/Services.h"
 #include "nsIObserverService.h"
 #include "GeneratedEvents.h"
 #include "mozilla/dom/PermissionMessageUtils.h"
 #include "nsIMIMEService.h"
 #include "nsCExternalHandlerService.h"
-
+#include "nsIPermissionManager.h"
 #include "nsIStringBundle.h"
 
 // Microsoft's API Name hackery sucks
 #undef CreateEvent
 
 #ifdef MOZ_WIDGET_GONK
 #include "nsIVolume.h"
 #include "nsIVolumeService.h"
@@ -1650,16 +1650,33 @@ nsDOMDeviceStorage::Init(nsPIDOMWindow* 
   // Grab the principal of the document
   nsCOMPtr<nsIDOMDocument> domdoc;
   aWindow->GetDocument(getter_AddRefs(domdoc));
   nsCOMPtr<nsIDocument> doc = do_QueryInterface(domdoc);
   if (!doc) {
     return NS_ERROR_FAILURE;
   }
   mPrincipal = doc->NodePrincipal();
+
+  // the 'apps' type is special.  We only want this exposed
+  // if the caller has the "webapps-manage" permission.
+  if (aType.EqualsLiteral("apps")) {
+    nsCOMPtr<nsIPermissionManager> permissionManager = do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
+    NS_ENSURE_TRUE(permissionManager, NS_ERROR_FAILURE);
+
+    uint32_t permission;
+    nsresult rv = permissionManager->TestPermissionFromPrincipal(mPrincipal,
+                                                                 "webapps-manage",
+                                                                 &permission);
+
+    if (NS_FAILED(rv) || permission != nsIPermissionManager::ALLOW_ACTION) {
+      return NS_ERROR_NOT_AVAILABLE;
+    }
+  }
+
   return NS_OK;
 }
 
 nsDOMDeviceStorage::~nsDOMDeviceStorage()
 {
 }
 
 void
@@ -2070,17 +2087,17 @@ nsDOMDeviceStorage::Observe(nsISupports 
 #ifdef MOZ_WIDGET_GONK
   else if (!strcmp(aTopic, NS_VOLUME_STATE_CHANGED)) {
     nsCOMPtr<nsIVolume> vol = do_QueryInterface(aSubject);
     if (!vol) {
       return NS_OK;
     }
     nsString volName;
     vol->GetName(volName);
-    if (!volName.Equals(NS_LITERAL_STRING("sdcard"))) {
+    if (!volName.EqualsLiteral("sdcard")) {
       return NS_OK;
     }
 
     int32_t state;
     nsresult rv = vol->GetState(&state);
     if (NS_FAILED(rv)) {
       return NS_OK;
     }