gecko-dev/dom/cache/PrincipalVerifier.cpp

222 строки
6.5 KiB
C++
Исходник Обычный вид История

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "mozilla/dom/cache/PrincipalVerifier.h"
#include "mozilla/AppProcessChecker.h"
#include "mozilla/dom/ContentParent.h"
#include "mozilla/dom/cache/ManagerId.h"
#include "mozilla/ipc/BackgroundParent.h"
#include "mozilla/ipc/PBackgroundParent.h"
#include "mozilla/ipc/BackgroundUtils.h"
#include "nsIPrincipal.h"
#include "nsIScriptSecurityManager.h"
#include "nsNetUtil.h"
namespace mozilla {
namespace dom {
namespace cache {
using mozilla::ipc::AssertIsOnBackgroundThread;
using mozilla::ipc::BackgroundParent;
using mozilla::ipc::PBackgroundParent;
using mozilla::ipc::PrincipalInfo;
using mozilla::ipc::PrincipalInfoToPrincipal;
// static
already_AddRefed<PrincipalVerifier>
PrincipalVerifier::CreateAndDispatch(Listener* aListener,
PBackgroundParent* aActor,
const PrincipalInfo& aPrincipalInfo)
{
// We must get the ContentParent actor from the PBackgroundParent. This
// only works on the PBackground thread.
AssertIsOnBackgroundThread();
Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat The bulk of this commit was generated with a script, executed at the top level of a typical source code checkout. The only non-machine-generated part was modifying MFBT's moz.build to reflect the new naming. CLOSED TREE makes big refactorings like this a piece of cake. # The main substitution. find . -name '*.cpp' -o -name '*.cc' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \ xargs perl -p -i -e ' s/nsRefPtr\.h/RefPtr\.h/g; # handle includes s/nsRefPtr ?</RefPtr</g; # handle declarations and variables ' # Handle a special friend declaration in gfx/layers/AtomicRefCountedWithFinalize.h. perl -p -i -e 's/::nsRefPtr;/::RefPtr;/' gfx/layers/AtomicRefCountedWithFinalize.h # Handle nsRefPtr.h itself, a couple places that define constructors # from nsRefPtr, and code generators specially. We do this here, rather # than indiscriminantly s/nsRefPtr/RefPtr/, because that would rename # things like nsRefPtrHashtable. perl -p -i -e 's/nsRefPtr/RefPtr/g' \ mfbt/nsRefPtr.h \ xpcom/glue/nsCOMPtr.h \ xpcom/base/OwningNonNull.h \ ipc/ipdl/ipdl/lower.py \ ipc/ipdl/ipdl/builtin.py \ dom/bindings/Codegen.py \ python/lldbutils/lldbutils/utils.py # In our indiscriminate substitution above, we renamed # nsRefPtrGetterAddRefs, the class behind getter_AddRefs. Fix that up. find . -name '*.cpp' -o -name '*.h' -o -name '*.idl' | \ xargs perl -p -i -e 's/nsRefPtrGetterAddRefs/RefPtrGetterAddRefs/g' if [ -d .git ]; then git mv mfbt/nsRefPtr.h mfbt/RefPtr.h else hg mv mfbt/nsRefPtr.h mfbt/RefPtr.h fi --HG-- rename : mfbt/nsRefPtr.h => mfbt/RefPtr.h
2015-10-18 08:24:48 +03:00
RefPtr<PrincipalVerifier> verifier = new PrincipalVerifier(aListener,
aActor,
aPrincipalInfo);
MOZ_ALWAYS_TRUE(NS_SUCCEEDED(NS_DispatchToMainThread(verifier)));
return verifier.forget();
}
void
PrincipalVerifier::AddListener(Listener* aListener)
{
AssertIsOnBackgroundThread();
MOZ_ASSERT(aListener);
MOZ_ASSERT(!mListenerList.Contains(aListener));
mListenerList.AppendElement(aListener);
}
void
PrincipalVerifier::RemoveListener(Listener* aListener)
{
AssertIsOnBackgroundThread();
MOZ_ASSERT(aListener);
MOZ_ALWAYS_TRUE(mListenerList.RemoveElement(aListener));
}
PrincipalVerifier::PrincipalVerifier(Listener* aListener,
PBackgroundParent* aActor,
const PrincipalInfo& aPrincipalInfo)
: mActor(BackgroundParent::GetContentParent(aActor))
, mPrincipalInfo(aPrincipalInfo)
, mInitiatingThread(NS_GetCurrentThread())
, mResult(NS_OK)
{
AssertIsOnBackgroundThread();
MOZ_ASSERT(mInitiatingThread);
MOZ_ASSERT(aListener);
mListenerList.AppendElement(aListener);
}
PrincipalVerifier::~PrincipalVerifier()
{
// Since the PrincipalVerifier is a Runnable that executes on multiple
// threads, its a race to see which thread de-refs us last. Therefore
// we cannot guarantee which thread we destruct on.
MOZ_ASSERT(mListenerList.IsEmpty());
// We should always be able to explicitly release the actor on the main
// thread.
MOZ_ASSERT(!mActor);
}
NS_IMETHODIMP
PrincipalVerifier::Run()
{
// Executed twice. First, on the main thread and then back on the
// originating thread.
if (NS_IsMainThread()) {
VerifyOnMainThread();
return NS_OK;
}
CompleteOnInitiatingThread();
return NS_OK;
}
void
PrincipalVerifier::VerifyOnMainThread()
{
MOZ_ASSERT(NS_IsMainThread());
// No matter what happens, we need to release the actor before leaving
// this method.
Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat The bulk of this commit was generated with a script, executed at the top level of a typical source code checkout. The only non-machine-generated part was modifying MFBT's moz.build to reflect the new naming. CLOSED TREE makes big refactorings like this a piece of cake. # The main substitution. find . -name '*.cpp' -o -name '*.cc' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \ xargs perl -p -i -e ' s/nsRefPtr\.h/RefPtr\.h/g; # handle includes s/nsRefPtr ?</RefPtr</g; # handle declarations and variables ' # Handle a special friend declaration in gfx/layers/AtomicRefCountedWithFinalize.h. perl -p -i -e 's/::nsRefPtr;/::RefPtr;/' gfx/layers/AtomicRefCountedWithFinalize.h # Handle nsRefPtr.h itself, a couple places that define constructors # from nsRefPtr, and code generators specially. We do this here, rather # than indiscriminantly s/nsRefPtr/RefPtr/, because that would rename # things like nsRefPtrHashtable. perl -p -i -e 's/nsRefPtr/RefPtr/g' \ mfbt/nsRefPtr.h \ xpcom/glue/nsCOMPtr.h \ xpcom/base/OwningNonNull.h \ ipc/ipdl/ipdl/lower.py \ ipc/ipdl/ipdl/builtin.py \ dom/bindings/Codegen.py \ python/lldbutils/lldbutils/utils.py # In our indiscriminate substitution above, we renamed # nsRefPtrGetterAddRefs, the class behind getter_AddRefs. Fix that up. find . -name '*.cpp' -o -name '*.h' -o -name '*.idl' | \ xargs perl -p -i -e 's/nsRefPtrGetterAddRefs/RefPtrGetterAddRefs/g' if [ -d .git ]; then git mv mfbt/nsRefPtr.h mfbt/RefPtr.h else hg mv mfbt/nsRefPtr.h mfbt/RefPtr.h fi --HG-- rename : mfbt/nsRefPtr.h => mfbt/RefPtr.h
2015-10-18 08:24:48 +03:00
RefPtr<ContentParent> actor;
actor.swap(mActor);
nsresult rv;
Bug 1207245 - part 6 - rename nsRefPtr<T> to RefPtr<T>; r=ehsan; a=Tomcat The bulk of this commit was generated with a script, executed at the top level of a typical source code checkout. The only non-machine-generated part was modifying MFBT's moz.build to reflect the new naming. CLOSED TREE makes big refactorings like this a piece of cake. # The main substitution. find . -name '*.cpp' -o -name '*.cc' -o -name '*.h' -o -name '*.mm' -o -name '*.idl'| \ xargs perl -p -i -e ' s/nsRefPtr\.h/RefPtr\.h/g; # handle includes s/nsRefPtr ?</RefPtr</g; # handle declarations and variables ' # Handle a special friend declaration in gfx/layers/AtomicRefCountedWithFinalize.h. perl -p -i -e 's/::nsRefPtr;/::RefPtr;/' gfx/layers/AtomicRefCountedWithFinalize.h # Handle nsRefPtr.h itself, a couple places that define constructors # from nsRefPtr, and code generators specially. We do this here, rather # than indiscriminantly s/nsRefPtr/RefPtr/, because that would rename # things like nsRefPtrHashtable. perl -p -i -e 's/nsRefPtr/RefPtr/g' \ mfbt/nsRefPtr.h \ xpcom/glue/nsCOMPtr.h \ xpcom/base/OwningNonNull.h \ ipc/ipdl/ipdl/lower.py \ ipc/ipdl/ipdl/builtin.py \ dom/bindings/Codegen.py \ python/lldbutils/lldbutils/utils.py # In our indiscriminate substitution above, we renamed # nsRefPtrGetterAddRefs, the class behind getter_AddRefs. Fix that up. find . -name '*.cpp' -o -name '*.h' -o -name '*.idl' | \ xargs perl -p -i -e 's/nsRefPtrGetterAddRefs/RefPtrGetterAddRefs/g' if [ -d .git ]; then git mv mfbt/nsRefPtr.h mfbt/RefPtr.h else hg mv mfbt/nsRefPtr.h mfbt/RefPtr.h fi --HG-- rename : mfbt/nsRefPtr.h => mfbt/RefPtr.h
2015-10-18 08:24:48 +03:00
RefPtr<nsIPrincipal> principal = PrincipalInfoToPrincipal(mPrincipalInfo,
&rv);
if (NS_WARN_IF(NS_FAILED(rv))) {
DispatchToInitiatingThread(rv);
return;
}
// We disallow null principal and unknown app IDs on the client side, but
// double-check here.
if (NS_WARN_IF(principal->GetIsNullPrincipal() ||
principal->GetUnknownAppId())) {
DispatchToInitiatingThread(NS_ERROR_FAILURE);
return;
}
nsCOMPtr<nsIScriptSecurityManager> ssm = nsContentUtils::GetSecurityManager();
if (NS_WARN_IF(!ssm)) {
DispatchToInitiatingThread(NS_ERROR_ILLEGAL_DURING_SHUTDOWN);
return;
}
// Verify if a child process uses system principal, which is not allowed
// to prevent system principal is spoofed.
if (NS_WARN_IF(actor && ssm->IsSystemPrincipal(principal))) {
DispatchToInitiatingThread(NS_ERROR_FAILURE);
return;
}
// Verify that a child process claims to own the app for this principal
if (NS_WARN_IF(actor && !AssertAppPrincipal(actor, principal))) {
DispatchToInitiatingThread(NS_ERROR_FAILURE);
return;
}
actor = nullptr;
#ifdef DEBUG
// Sanity check principal origin by using it to construct a URI and security
// checking it. Don't do this for the system principal, though, as its origin
// is a synthetic [System Principal] string.
if (!ssm->IsSystemPrincipal(principal)) {
nsAutoCString origin;
rv = principal->GetOriginNoSuffix(origin);
if (NS_WARN_IF(NS_FAILED(rv))) {
DispatchToInitiatingThread(rv);
return;
}
nsCOMPtr<nsIURI> uri;
rv = NS_NewURI(getter_AddRefs(uri), origin);
if (NS_WARN_IF(NS_FAILED(rv))) {
DispatchToInitiatingThread(rv);
return;
}
rv = principal->CheckMayLoad(uri, false, false);
if (NS_WARN_IF(NS_FAILED(rv))) {
DispatchToInitiatingThread(rv);
return;
}
}
#endif
rv = ManagerId::Create(principal, getter_AddRefs(mManagerId));
if (NS_WARN_IF(NS_FAILED(rv))) {
DispatchToInitiatingThread(rv);
return;
}
DispatchToInitiatingThread(NS_OK);
}
void
PrincipalVerifier::CompleteOnInitiatingThread()
{
AssertIsOnBackgroundThread();
ListenerList::ForwardIterator iter(mListenerList);
while (iter.HasMore()) {
iter.GetNext()->OnPrincipalVerified(mResult, mManagerId);
}
// The listener must clear its reference in OnPrincipalVerified()
MOZ_ASSERT(mListenerList.IsEmpty());
}
void
PrincipalVerifier::DispatchToInitiatingThread(nsresult aRv)
{
MOZ_ASSERT(NS_IsMainThread());
mResult = aRv;
// The Cache ShutdownObserver does not track all principal verifiers, so we
// cannot ensure this always succeeds. Instead, simply warn on failures.
// This will result in a new CacheStorage object delaying operations until
// shutdown completes and the browser goes away. This is as graceful as
// we can get here.
nsresult rv = mInitiatingThread->Dispatch(this, nsIThread::DISPATCH_NORMAL);
if (NS_FAILED(rv)) {
NS_WARNING("Cache unable to complete principal verification due to shutdown.");
}
}
} // namespace cache
} // namespace dom
} // namespace mozilla