Bug 1554260 - Send WebExtension Page messages to GeckoSession. r=snorp

WebExtension pages introduce a case that was previously not possible: a script with full WebExtension privileges that runs on a page with a GeckoSession associated to it. This breaks the assumption that all messages from a privileged context don't have a GeckoSession associated to it. We fix this by checking if we can find an eventDispatcher for the given window. This also fixes the test which had the same wrong assumption. Differential Revision: https://phabricator.services.mozilla.com/D32512 --HG-- extra : moz-landing-system : lando
2019-06-10 20:09:25 +00:00 · 2019-06-10 20:09:25 +00:00 · a641bc8da0
--- a/mobile/android/geckoview/src/androidTest/java/org/mozilla/geckoview/test/WebExtensionTest.kt
+++ b/mobile/android/geckoview/src/androidTest/java/org/mozilla/geckoview/test/WebExtensionTest.kt
@ -481,9 +481,9 @@ class WebExtensionTest : BaseSessionTest() {
        }

        extension = WebExtension("resource://android/assets/web_extensions/extension-page-update/")
-        extension.setMessageDelegate(messageDelegate, "browser")

        sessionRule.waitForResult(sessionRule.runtime.registerWebExtension(extension))
+        mainSession.setMessageDelegate(messageDelegate, "browser")

        mainSession.loadUri("http://example.com");

--- a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebExtensionEventDispatcher.java
+++ b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebExtensionEventDispatcher.java
@ -73,12 +73,7 @@ import java.util.Map;
        if ("content_child".equals(envType)) {
            environmentType = WebExtension.MessageSender.ENV_TYPE_CONTENT_SCRIPT;
        } else if ("addon_child".equals(envType)) {
-            if (session != null) {
-                // This message came from a content process but it claims to be from an extension
-                // environment, which can't be true. This maybe caused by a compromised content process.
-                // TODO: Bug 1534640, we need to check for extension process here too.
-                return null;
-            }
+            // TODO Bug 1554277: check that this message is coming from the right process
            environmentType = WebExtension.MessageSender.ENV_TYPE_EXTENSION;
        } else {
            environmentType = WebExtension.MessageSender.ENV_TYPE_UNKNOWN;
--- a/mobile/android/modules/geckoview/GeckoViewWebExtension.jsm
+++ b/mobile/android/modules/geckoview/GeckoViewWebExtension.jsm
@ -78,7 +78,15 @@ class GeckoViewConnection {

  get dispatcher() {
    if (this.sender.envType === "addon_child") {
-      // For background scripts, use the global event handler
+      // If this is a WebExtension Page we will have a GeckoSession associated
+      // to it and thus a dispatcher.
+      const dispatcher = GeckoViewUtils.getDispatcherForWindow(this.target.ownerGlobal);
+      if (dispatcher) {
+        return dispatcher;
+      }
+
+      // No dispatcher means this message is coming from a background script,
+      // use the global event handler
      return EventDispatcher.instance;
    } else if (this.sender.envType === "content_child"
        && this.allowContentMessaging) {