зеркало из https://github.com/mozilla/gecko-dev.git
Bug 890570: Stop using PBrowser for all other protocols r=jduell
This commit is contained in:
Родитель
f1e7141d40
Коммит
472a1d84cd
|
@ -94,16 +94,38 @@ NeckoParent::GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
|
|||
|
||||
const InfallibleTArray<PBrowserParent*>& browsers = aContent->ManagedPBrowserParent();
|
||||
for (uint32_t i = 0; i < browsers.Length(); i++) {
|
||||
// GetValidatedAppInfo returning null means we passed security checks.
|
||||
if (!GetValidatedAppInfo(aSerialized, browsers[i], aAppId, aInBrowserElement)) {
|
||||
return nullptr;
|
||||
nsRefPtr<TabParent> tabParent = static_cast<TabParent*>(browsers[i]);
|
||||
uint32_t appId = tabParent->OwnOrContainingAppId();
|
||||
bool inBrowserElement = aSerialized.IsNotNull() ? aSerialized.mIsInBrowserElement
|
||||
: tabParent->IsBrowserElement();
|
||||
|
||||
if (appId == NECKO_UNKNOWN_APP_ID) {
|
||||
continue;
|
||||
}
|
||||
// We may get appID=NO_APP if child frame is neither a browser nor an app
|
||||
if (appId == NECKO_NO_APP_ID) {
|
||||
if (tabParent->HasOwnApp()) {
|
||||
continue;
|
||||
}
|
||||
if (UsingNeckoIPCSecurity() && tabParent->IsBrowserElement()) {
|
||||
// <iframe mozbrowser> which doesn't have an <iframe mozapp> above it.
|
||||
// This is not supported now, and we'll need to do a code audit to make
|
||||
// sure we can handle it (i.e don't short-circuit using separate
|
||||
// namespace if just appID==0)
|
||||
continue;
|
||||
}
|
||||
}
|
||||
*aAppId = appId;
|
||||
*aInBrowserElement = inBrowserElement;
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
if (browsers.Length() == 0) {
|
||||
if (UsingNeckoIPCSecurity()) {
|
||||
return "ContentParent does not have any PBrowsers";
|
||||
}
|
||||
if (browsers.Length() != 0) {
|
||||
return "App does not have permission";
|
||||
}
|
||||
|
||||
if (!UsingNeckoIPCSecurity()) {
|
||||
// We are running xpcshell tests
|
||||
if (aSerialized.IsNotNull()) {
|
||||
*aAppId = aSerialized.mAppId;
|
||||
*aInBrowserElement = aSerialized.mIsInBrowserElement;
|
||||
|
@ -113,78 +135,19 @@ NeckoParent::GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
|
|||
return nullptr;
|
||||
}
|
||||
|
||||
// If we reached this point, we failed the security check.
|
||||
// Try to return a reasonable error message.
|
||||
return GetValidatedAppInfo(aSerialized, browsers[0], aAppId, aInBrowserElement);
|
||||
}
|
||||
|
||||
const char*
|
||||
NeckoParent::GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
|
||||
PBrowserParent* aBrowser,
|
||||
uint32_t* aAppId,
|
||||
bool* aInBrowserElement)
|
||||
{
|
||||
if (UsingNeckoIPCSecurity()) {
|
||||
if (!aBrowser) {
|
||||
return "missing required PBrowser argument";
|
||||
}
|
||||
if (!aSerialized.IsNotNull()) {
|
||||
return "SerializedLoadContext from child is null";
|
||||
}
|
||||
}
|
||||
|
||||
*aAppId = NECKO_UNKNOWN_APP_ID;
|
||||
*aInBrowserElement = false;
|
||||
|
||||
if (aBrowser) {
|
||||
nsRefPtr<TabParent> tabParent = static_cast<TabParent*>(aBrowser);
|
||||
|
||||
*aAppId = tabParent->OwnOrContainingAppId();
|
||||
*aInBrowserElement = aSerialized.IsNotNull() ? aSerialized.mIsInBrowserElement
|
||||
: tabParent->IsBrowserElement();
|
||||
|
||||
if (*aAppId == NECKO_UNKNOWN_APP_ID) {
|
||||
return "TabParent reports appId=NECKO_UNKNOWN_APP_ID!";
|
||||
}
|
||||
// We may get appID=NO_APP if child frame is neither a browser nor an app
|
||||
if (*aAppId == NECKO_NO_APP_ID) {
|
||||
if (tabParent->HasOwnApp()) {
|
||||
return "TabParent reports NECKO_NO_APP_ID but also is an app";
|
||||
}
|
||||
if (UsingNeckoIPCSecurity() && tabParent->IsBrowserElement()) {
|
||||
// <iframe mozbrowser> which doesn't have an <iframe mozapp> above it.
|
||||
// This is not supported now, and we'll need to do a code audit to make
|
||||
// sure we can handle it (i.e don't short-circuit using separate
|
||||
// namespace if just appID==0)
|
||||
return "TabParent reports appId=NECKO_NO_APP_ID but is a mozbrowser";
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// Only trust appId/inBrowser from child-side loadcontext if we're in
|
||||
// testing mode: allows xpcshell tests to masquerade as apps
|
||||
MOZ_ASSERT(!UsingNeckoIPCSecurity());
|
||||
if (UsingNeckoIPCSecurity()) {
|
||||
return "internal error";
|
||||
}
|
||||
if (aSerialized.IsNotNull()) {
|
||||
*aAppId = aSerialized.mAppId;
|
||||
*aInBrowserElement = aSerialized.mIsInBrowserElement;
|
||||
} else {
|
||||
*aAppId = NECKO_NO_APP_ID;
|
||||
}
|
||||
}
|
||||
return nullptr;
|
||||
return "ContentParent does not have any PBrowsers";
|
||||
}
|
||||
|
||||
const char *
|
||||
NeckoParent::CreateChannelLoadContext(PBrowserParent* aBrowser,
|
||||
PContentParent* aContent,
|
||||
const SerializedLoadContext& aSerialized,
|
||||
nsCOMPtr<nsILoadContext> &aResult)
|
||||
{
|
||||
uint32_t appId = NECKO_UNKNOWN_APP_ID;
|
||||
bool inBrowser = false;
|
||||
dom::Element* topFrameElement = nullptr;
|
||||
const char* error = GetValidatedAppInfo(aSerialized, aBrowser, &appId, &inBrowser);
|
||||
const char* error = GetValidatedAppInfo(aSerialized, aContent, &appId, &inBrowser);
|
||||
if (error) {
|
||||
return error;
|
||||
}
|
||||
|
@ -209,8 +172,8 @@ NeckoParent::AllocPHttpChannelParent(PBrowserParent* aBrowser,
|
|||
const HttpChannelCreationArgs& aOpenArgs)
|
||||
{
|
||||
nsCOMPtr<nsILoadContext> loadContext;
|
||||
const char *error = CreateChannelLoadContext(aBrowser, aSerialized,
|
||||
loadContext);
|
||||
const char *error = CreateChannelLoadContext(aBrowser, Manager(),
|
||||
aSerialized, loadContext);
|
||||
if (error) {
|
||||
printf_stderr("NeckoParent::AllocPHttpChannelParent: "
|
||||
"FATAL error: %s: KILLING CHILD PROCESS\n",
|
||||
|
@ -248,8 +211,8 @@ NeckoParent::AllocPFTPChannelParent(PBrowserParent* aBrowser,
|
|||
const FTPChannelCreationArgs& aOpenArgs)
|
||||
{
|
||||
nsCOMPtr<nsILoadContext> loadContext;
|
||||
const char *error = CreateChannelLoadContext(aBrowser, aSerialized,
|
||||
loadContext);
|
||||
const char *error = CreateChannelLoadContext(aBrowser, Manager(),
|
||||
aSerialized, loadContext);
|
||||
if (error) {
|
||||
printf_stderr("NeckoParent::AllocPFTPChannelParent: "
|
||||
"FATAL error: %s: KILLING CHILD PROCESS\n",
|
||||
|
@ -315,8 +278,8 @@ NeckoParent::AllocPWebSocketParent(PBrowserParent* browser,
|
|||
const SerializedLoadContext& serialized)
|
||||
{
|
||||
nsCOMPtr<nsILoadContext> loadContext;
|
||||
const char *error = CreateChannelLoadContext(browser, serialized,
|
||||
loadContext);
|
||||
const char *error = CreateChannelLoadContext(browser, Manager(),
|
||||
serialized, loadContext);
|
||||
if (error) {
|
||||
printf_stderr("NeckoParent::AllocPWebSocketParent: "
|
||||
"FATAL error: %s: KILLING CHILD PROCESS\n",
|
||||
|
|
|
@ -46,14 +46,14 @@ public:
|
|||
/*
|
||||
* Creates LoadContext for parent-side of an e10s channel.
|
||||
*
|
||||
* Values from PBrowserParent are more secure, and override those set in
|
||||
* SerializedLoadContext.
|
||||
* PContentParent corresponds to the process that is requesting the load.
|
||||
*
|
||||
* Returns null if successful, or an error string if failed.
|
||||
*/
|
||||
MOZ_WARN_UNUSED_RESULT
|
||||
static const char*
|
||||
CreateChannelLoadContext(PBrowserParent* aBrowser,
|
||||
PContentParent* aContent,
|
||||
const SerializedLoadContext& aSerialized,
|
||||
nsCOMPtr<nsILoadContext> &aResult);
|
||||
|
||||
|
|
|
@ -107,7 +107,9 @@ WyciwygChannelParent::SetupAppData(const IPC::SerializedLoadContext& loadContext
|
|||
if (!mChannel)
|
||||
return true;
|
||||
|
||||
const char* error = NeckoParent::CreateChannelLoadContext(aParent, loadContext,
|
||||
const char* error = NeckoParent::CreateChannelLoadContext(aParent,
|
||||
Manager()->Manager(),
|
||||
loadContext,
|
||||
mLoadContext);
|
||||
if (error) {
|
||||
printf_stderr(nsPrintfCString("WyciwygChannelParent::SetupAppData: FATAL ERROR: %s\n",
|
||||
|
|
Загрузка…
Ссылка в новой задаче