Bug 1624266 - Use IsSharedMemoryAllowed to decide whether should the CTOR SharedArrayBuffer be defined for Window; r=nika

We set opener policy from the channel of the new document when creating a WindowGlobalChild. However, we need to check if it's crossOriginIsolated even when the WindowGlobalChild hasn't been created for the new inner window in some cases. To avoid checking the unset value of opener policy from the BrowsingContext, this patch moves the setting the opener policy right before creating a native global for a new inner window. So that the value of opener policy should always be correct when validating it (IsSharedMemoryAllowed). Differential Revision: https://phabricator.services.mozilla.com/D71534
2020-05-01 11:36:03 +00:00 · 2020-05-01 11:36:03 +00:00 · 66326fe6f1
--- a/dom/base/Document.cpp
+++ b/dom/base/Document.cpp
@ -3146,6 +3146,16 @@ nsresult Document::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
    WarnIfSandboxIneffective(docShell, mSandboxFlags, GetChannel());
  }

+  // Set the opener policy for the top level content document.
+  nsCOMPtr<nsIHttpChannelInternal> httpChan = do_QueryInterface(mChannel);
+  nsILoadInfo::CrossOriginOpenerPolicy policy =
+      nsILoadInfo::OPENER_POLICY_UNSAFE_NONE;
+  if (IsTopLevelContentDocument() && httpChan &&
+      NS_SUCCEEDED(httpChan->GetCrossOriginOpenerPolicy(&policy)) && docShell &&
+      docShell->GetBrowsingContext()) {
+    docShell->GetBrowsingContext()->SetOpenerPolicy(policy);
+  }
+
  // The CSP directives upgrade-insecure-requests as well as
  // block-all-mixed-content not only apply to the toplevel document,
  // but also to nested documents. The loadInfo of a subdocument
--- a/dom/base/nsGlobalWindowInner.cpp
+++ b/dom/base/nsGlobalWindowInner.cpp
@ -1561,10 +1561,7 @@ void nsGlobalWindowInner::InitDocumentDependentState(JSContext* aCx) {
  // out of sync.
  ClearDocumentDependentSlots(aCx);

-  // FIXME: Currently, devtools can crete a fallback webextension window global
-  // in the content process which does not have a corresponding BrowserChild
-  // actor. This means we have no actor to be our parent. (Bug 1498293)
-  if (!mWindowGlobalChild && (XRE_IsParentProcess() || mBrowserChild)) {
+  if (!mWindowGlobalChild) {
    mWindowGlobalChild = WindowGlobalChild::Create(this);
  }

--- a/dom/base/nsGlobalWindowOuter.cpp
+++ b/dom/base/nsGlobalWindowOuter.cpp
@ -2224,15 +2224,8 @@ nsresult nsGlobalWindowOuter::SetNewDocument(Document* aDocument,
      // in a fresh global object when shared memory objects aren't allowed
      // (because COOP/COEP support isn't enabled, or because COOP/COEP don't
      // act to isolate this page to a separate process).
-      //
-      // We set this value to |true| to replicate pre-existing behavior.  In the
-      // future, bug 1624266 will assign the correct COOP/COEP-respecting value
-      // here.  When that change is made, corresponding code for workers in
-      // WorkerPrivate.cpp must also be updated.  (Ideally both paint and audio
-      // worklets -- bug 1630876 and bug 1630877 -- would be fixed at the same
-      // time, but fixing them has lower priorit because they're not shipping
-      // yet.)
-      bool aDefineSharedArrayBufferConstructor = true;
+
+      // XXX worker and worklet will be updated in the follow up patches.

      // Every script context we are initialized with must create a
      // new global.
@ -2240,7 +2233,7 @@ nsresult nsGlobalWindowOuter::SetNewDocument(Document* aDocument,
          cx, newInnerWindow, aDocument->GetDocumentURI(),
          aDocument->NodePrincipal(), &newInnerGlobal,
          ComputeIsSecureContext(aDocument),
-          aDefineSharedArrayBufferConstructor);
+          newInnerWindow->IsSharedMemoryAllowed());
      NS_ASSERTION(
          NS_SUCCEEDED(rv) && newInnerGlobal &&
              newInnerWindow->GetWrapperPreserveColor() == newInnerGlobal,
--- a/dom/ipc/WindowGlobalChild.cpp
+++ b/dom/ipc/WindowGlobalChild.cpp
@ -75,9 +75,10 @@ already_AddRefed<WindowGlobalChild> WindowGlobalChild::Create(
  // Initalize our WindowGlobalChild object.
  RefPtr<dom::BrowsingContext> bc = docshell->GetBrowsingContext();

-  // When creating a new window global child we also need to look at the
-  // channel's Cross-Origin-Opener-Policy and set it on the browsing context
-  // so it's available in the parent process.
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+  // Opener policy is set when we start to load a document. Here, we ensure we
+  // have set the correct Opener policy so that it will be available in the
+  // parent process through window global child.
  nsCOMPtr<nsIChannel> chan = aWindow->GetDocument()->GetChannel();
  nsCOMPtr<nsILoadInfo> loadInfo = chan ? chan->LoadInfo() : nullptr;
  nsCOMPtr<nsIHttpChannelInternal> httpChan = do_QueryInterface(chan);
@ -86,8 +87,9 @@ already_AddRefed<WindowGlobalChild> WindowGlobalChild::Create(
      loadInfo->GetExternalContentPolicyType() ==
          nsIContentPolicy::TYPE_DOCUMENT &&
      NS_SUCCEEDED(httpChan->GetCrossOriginOpenerPolicy(&policy))) {
-    bc->SetOpenerPolicy(policy);
+    MOZ_DIAGNOSTIC_ASSERT(policy == bc->GetOpenerPolicy());
  }
+#endif

  WindowGlobalInit init(principal,
                        aWindow->GetDocumentContentBlockingAllowListPrincipal(),