зеркало из https://github.com/mozilla/gecko-dev.git
Bug 777467 - Update the same-origin policy for principals to include appid/isinbrowserelement. r=bholley
This commit is contained in:
Родитель
69f9db0f82
Коммит
90d903b98e
|
@ -184,17 +184,47 @@ interface nsIPrincipal : nsISerializable
|
||||||
*/
|
*/
|
||||||
readonly attribute unsigned long appId;
|
readonly attribute unsigned long appId;
|
||||||
|
|
||||||
|
%{C++
|
||||||
|
uint32_t GetAppId()
|
||||||
|
{
|
||||||
|
uint32_t appId;
|
||||||
|
mozilla::DebugOnly<nsresult> rv = GetAppId(&appId);
|
||||||
|
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
||||||
|
return appId;
|
||||||
|
}
|
||||||
|
%}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns true iif the principal is inside a browser element.
|
* Returns true iif the principal is inside a browser element.
|
||||||
*/
|
*/
|
||||||
readonly attribute boolean isInBrowserElement;
|
readonly attribute boolean isInBrowserElement;
|
||||||
|
|
||||||
|
%{C++
|
||||||
|
bool GetIsInBrowserElement()
|
||||||
|
{
|
||||||
|
bool isInBrowserElement;
|
||||||
|
mozilla::DebugOnly<nsresult> rv = GetIsInBrowserElement(&isInBrowserElement);
|
||||||
|
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
||||||
|
return isInBrowserElement;
|
||||||
|
}
|
||||||
|
%}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns true if this principal has an unknown appId. This shouldn't
|
* Returns true if this principal has an unknown appId. This shouldn't
|
||||||
* generally be used. We only expose it due to not providing the correct
|
* generally be used. We only expose it due to not providing the correct
|
||||||
* appId everywhere where we construct principals.
|
* appId everywhere where we construct principals.
|
||||||
*/
|
*/
|
||||||
readonly attribute boolean unknownAppId;
|
readonly attribute boolean unknownAppId;
|
||||||
|
|
||||||
|
%{C++
|
||||||
|
bool GetUnknownAppId()
|
||||||
|
{
|
||||||
|
bool unkwnownAppId;
|
||||||
|
mozilla::DebugOnly<nsresult> rv = GetIsInBrowserElement(&unkwnownAppId);
|
||||||
|
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
||||||
|
return unkwnownAppId;
|
||||||
|
}
|
||||||
|
%}
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -348,6 +348,22 @@ public:
|
||||||
return sStrictFileOriginPolicy;
|
return sStrictFileOriginPolicy;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns true if the two principals share the same app attributes.
|
||||||
|
*
|
||||||
|
* App attributes are appId and the inBrowserElement flag.
|
||||||
|
* Two principals have the same app attributes if those information are
|
||||||
|
* equals.
|
||||||
|
* This method helps keeping principals from different apps isolated from
|
||||||
|
* each other. Also, it helps making sure mozbrowser (web views) and their
|
||||||
|
* parent are isolated from each other. All those entities do not share the
|
||||||
|
* same data (cookies, IndexedDB, localStorage, etc.) so we shouldn't allow
|
||||||
|
* violating that principle.
|
||||||
|
*/
|
||||||
|
static bool
|
||||||
|
AppAttributesEqual(nsIPrincipal* aFirst,
|
||||||
|
nsIPrincipal* aSecond);
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
|
||||||
// GetScriptSecurityManager is the only call that can make one
|
// GetScriptSecurityManager is the only call that can make one
|
||||||
|
|
|
@ -263,34 +263,42 @@ nsPrincipal::GetOrigin(char **aOrigin)
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsPrincipal::Equals(nsIPrincipal *aOther, bool *aResult)
|
nsPrincipal::Equals(nsIPrincipal *aOther, bool *aResult)
|
||||||
{
|
{
|
||||||
|
*aResult = false;
|
||||||
|
|
||||||
if (!aOther) {
|
if (!aOther) {
|
||||||
NS_WARNING("Need a principal to compare this to!");
|
NS_WARNING("Need a principal to compare this to!");
|
||||||
*aResult = false;
|
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (this != aOther) {
|
if (aOther == this) {
|
||||||
|
*aResult = true;
|
||||||
// Codebases are equal if they have the same origin.
|
|
||||||
*aResult =
|
|
||||||
NS_SUCCEEDED(nsScriptSecurityManager::CheckSameOriginPrincipal(this,
|
|
||||||
aOther));
|
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
*aResult = true;
|
// Codebases are equal if they have the same origin.
|
||||||
|
*aResult = NS_SUCCEEDED(
|
||||||
|
nsScriptSecurityManager::CheckSameOriginPrincipal(this, aOther));
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsPrincipal::EqualsIgnoringDomain(nsIPrincipal *aOther, bool *aResult)
|
nsPrincipal::EqualsIgnoringDomain(nsIPrincipal *aOther, bool *aResult)
|
||||||
{
|
{
|
||||||
if (this == aOther) {
|
*aResult = false;
|
||||||
|
|
||||||
|
if (!aOther) {
|
||||||
|
NS_WARNING("Need a principal to compare this to!");
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (aOther == this) {
|
||||||
*aResult = true;
|
*aResult = true;
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
*aResult = false;
|
if (!nsScriptSecurityManager::AppAttributesEqual(this, aOther)) {
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
nsCOMPtr<nsIURI> otherURI;
|
nsCOMPtr<nsIURI> otherURI;
|
||||||
nsresult rv = aOther->GetURI(getter_AddRefs(otherURI));
|
nsresult rv = aOther->GetURI(getter_AddRefs(otherURI));
|
||||||
|
|
|
@ -890,6 +890,10 @@ nsScriptSecurityManager::CheckSameOriginPrincipal(nsIPrincipal* aSubject,
|
||||||
if (aSubject == aObject)
|
if (aSubject == aObject)
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
|
|
||||||
|
if (!AppAttributesEqual(aSubject, aObject)) {
|
||||||
|
return NS_ERROR_DOM_PROP_ACCESS_DENIED;
|
||||||
|
}
|
||||||
|
|
||||||
// Default to false, and change if that turns out wrong.
|
// Default to false, and change if that turns out wrong.
|
||||||
bool subjectSetDomain = false;
|
bool subjectSetDomain = false;
|
||||||
bool objectSetDomain = false;
|
bool objectSetDomain = false;
|
||||||
|
@ -950,6 +954,26 @@ nsScriptSecurityManager::HashPrincipalByOrigin(nsIPrincipal* aPrincipal)
|
||||||
return SecurityHashURI(uri);
|
return SecurityHashURI(uri);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* static */ bool
|
||||||
|
nsScriptSecurityManager::AppAttributesEqual(nsIPrincipal* aFirst,
|
||||||
|
nsIPrincipal* aSecond)
|
||||||
|
{
|
||||||
|
MOZ_ASSERT(aFirst && aSecond, "Don't pass null pointers!");
|
||||||
|
|
||||||
|
uint32_t firstAppId = nsIScriptSecurityManager::UNKNOWN_APP_ID;
|
||||||
|
if (!aFirst->GetUnknownAppId()) {
|
||||||
|
firstAppId = aFirst->GetAppId();
|
||||||
|
}
|
||||||
|
|
||||||
|
uint32_t secondAppId = nsIScriptSecurityManager::UNKNOWN_APP_ID;
|
||||||
|
if (!aSecond->GetUnknownAppId()) {
|
||||||
|
secondAppId = aSecond->GetAppId();
|
||||||
|
}
|
||||||
|
|
||||||
|
return ((firstAppId == secondAppId) &&
|
||||||
|
(aFirst->GetIsInBrowserElement() == aSecond->GetIsInBrowserElement()));
|
||||||
|
}
|
||||||
|
|
||||||
nsresult
|
nsresult
|
||||||
nsScriptSecurityManager::CheckSameOriginDOMProp(nsIPrincipal* aSubject,
|
nsScriptSecurityManager::CheckSameOriginDOMProp(nsIPrincipal* aSubject,
|
||||||
nsIPrincipal* aObject,
|
nsIPrincipal* aObject,
|
||||||
|
|
|
@ -16,6 +16,7 @@ MOCHITEST_FILES = test_bug423375.html \
|
||||||
test_bug292789.html \
|
test_bug292789.html \
|
||||||
test_bug470804.html \
|
test_bug470804.html \
|
||||||
test_disallowInheritPrincipal.html \
|
test_disallowInheritPrincipal.html \
|
||||||
|
test_app_principal_equality.html \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
|
|
||||||
# extendedOrigin test doesn't work on Windows, see bug 776296.
|
# extendedOrigin test doesn't work on Windows, see bug 776296.
|
||||||
|
|
|
@ -0,0 +1,85 @@
|
||||||
|
<!DOCTYPE HTML>
|
||||||
|
<html>
|
||||||
|
<!--
|
||||||
|
https://bugzilla.mozilla.org/show_bug.cgi?id=777467
|
||||||
|
-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<title>Test app principal's equality</title>
|
||||||
|
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||||
|
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=777467">Mozilla Bug 777467</a>
|
||||||
|
<p id="display"></p>
|
||||||
|
<script>
|
||||||
|
// Initialization.
|
||||||
|
SpecialPowers.addPermission("browser", true, document);
|
||||||
|
SpecialPowers.addPermission("embed-apps", true, document);
|
||||||
|
|
||||||
|
var previousPrefs = {
|
||||||
|
mozBrowserFramesEnabled: undefined,
|
||||||
|
oop_by_default: undefined,
|
||||||
|
};
|
||||||
|
try {
|
||||||
|
previousPrefs.mozBrowserFramesEnabled = SpecialPowers.getBoolPref('dom.mozBrowserFramesEnabled');
|
||||||
|
} catch(e) {}
|
||||||
|
|
||||||
|
try {
|
||||||
|
previousPrefs.oop_by_default = SpecialPowers.getBoolPref('dom.ipc.browser_frames.oop_by_default');
|
||||||
|
} catch(e) {}
|
||||||
|
|
||||||
|
SpecialPowers.setBoolPref('dom.mozBrowserFramesEnabled', true);
|
||||||
|
SpecialPowers.setBoolPref("dom.ipc.browser_frames.oop_by_default", false);
|
||||||
|
</script>
|
||||||
|
<div id="content" style="display: none;">
|
||||||
|
<iframe src="error404"></iframe>
|
||||||
|
<iframe mozbrowser src="error404"></iframe>
|
||||||
|
<iframe mozapp="http://example.org/manifest.webapp" mozbrowser src="error404"></iframe>
|
||||||
|
</div>
|
||||||
|
<pre id="test">
|
||||||
|
<script type="application/javascript">
|
||||||
|
|
||||||
|
/** Test for app principal's equality **/
|
||||||
|
|
||||||
|
SimpleTest.waitForExplicitFinish();
|
||||||
|
|
||||||
|
function canAccessDocument(win) {
|
||||||
|
var result = true;
|
||||||
|
try {
|
||||||
|
win.document;
|
||||||
|
} catch(e) {
|
||||||
|
result = false;
|
||||||
|
}
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
addLoadEvent(function() {
|
||||||
|
// Test the witness frame (we can access same-origin frame).
|
||||||
|
is(canAccessDocument(frames[0]), true,
|
||||||
|
"should be able to access the first frame");
|
||||||
|
|
||||||
|
// Test different app/browserElement frames.
|
||||||
|
for (var i=1; i<frames.length; ++i) {
|
||||||
|
is(canAccessDocument(frames[i]), false,
|
||||||
|
"should not be able to access the other frames");
|
||||||
|
}
|
||||||
|
|
||||||
|
// Cleanup.
|
||||||
|
if (previousPrefs.mozBrowserFramesEnabled !== undefined) {
|
||||||
|
SpecialPowers.setBoolPref('dom.mozBrowserFramesEnabled', previousPrefs.mozBrowserFramesEnabled);
|
||||||
|
}
|
||||||
|
if (previousPrefs.oop_by_default !== undefined) {
|
||||||
|
SpecialPowers.setBoolPref("dom.ipc.browser_frames.oop_by_default", previousPrefs.oop_by_default);
|
||||||
|
}
|
||||||
|
|
||||||
|
SpecialPowers.removePermission("browser", window.document);
|
||||||
|
SpecialPowers.removePermission("embed-apps", window.document);
|
||||||
|
|
||||||
|
SimpleTest.finish();
|
||||||
|
});
|
||||||
|
|
||||||
|
</script>
|
||||||
|
</pre>
|
||||||
|
</body>
|
||||||
|
</html>
|
Загрузка…
Ссылка в новой задаче