mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1314361 - Part 2: Stop using addonId origin attribute for permission checks. r=billm

This commit is contained in:
Kris Maglione 2016-11-04 15:16:50 -07:00
Родитель 7f01119247
Коммит af57bdc417
8 изменённых файлов: 53 добавлений и 43 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

15
caps/BasePrincipal.cpp
Просмотреть файл

@ -615,15 +615,19 @@ BasePrincipal::GetUnknownAppId(bool* aUnknownAppId)
bool
BasePrincipal::AddonHasPermission(const nsAString& aPerm)
{
if (mOriginAttributes.mAddonId.IsEmpty()) {
nsAutoString addonId;
NS_ENSURE_SUCCESS(GetAddonId(addonId), false);
if (addonId.IsEmpty()) {
return false;
}
nsCOMPtr<nsIAddonPolicyService> aps =
do_GetService("@mozilla.org/addons/policy-service;1");
NS_ENSURE_TRUE(aps, false);
bool retval = false;
nsresult rv = aps->AddonHasPermission(mOriginAttributes.mAddonId, aPerm, &retval);
nsresult rv = aps->AddonHasPermission(addonId, aPerm, &retval);
NS_ENSURE_SUCCESS(rv, false);
return retval;
}
@ -702,7 +706,10 @@ BasePrincipal::CloneStrippingUserContextIdAndFirstPartyDomain()
bool
BasePrincipal::AddonAllowsLoad(nsIURI* aURI, bool aExplicit /* = false */)
{
if (mOriginAttributes.mAddonId.IsEmpty()) {
nsAutoString addonId;
NS_ENSURE_SUCCESS(GetAddonId(addonId), false);
if (addonId.IsEmpty()) {
return false;
}
@ -710,7 +717,7 @@ BasePrincipal::AddonAllowsLoad(nsIURI* aURI, bool aExplicit /* = false */)
NS_ENSURE_TRUE(aps, false);
bool allowed = false;
nsresult rv = aps->AddonMayLoadURI(mOriginAttributes.mAddonId, aURI, aExplicit, &allowed);
nsresult rv = aps->AddonMayLoadURI(addonId, aURI, aExplicit, &allowed);
return NS_SUCCEEDED(rv) && allowed;
}

42
caps/tests/mochitest/test_addonMayLoad.html
Просмотреть файл

@ -20,9 +20,11 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1180921
let aps = Cc["@mozilla.org/addons/policy-service;1"].getService(Ci.nsIAddonPolicyService).wrappedJSObject;
SimpleTest.waitForExplicitFinish();
let oldAddonIdCallback = aps.setExtensionURIToAddonIdCallback(uri => uri.host);
SimpleTest.registerCleanupFunction(function() {
aps.setAddonLoadURICallback('addonA', null);
aps.setAddonLoadURICallback('addonB', null);
aps.setAddonLoadURICallback('addona', null);
aps.setAddonLoadURICallback('addonb', null);
aps.setExtensionURIToAddonIdCallback(oldAddonIdCallback);
});
function tryLoad(sb, uri) {
@ -39,42 +41,28 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1180921
return p;
}
let exampleCom_addonA = new Cu.Sandbox(ssm.createCodebasePrincipal(Services.io.newURI('http://example.com'), {addonId: 'addonA'}),
{wantGlobalProperties: ['XMLHttpRequest']});
let nullPrin_addonA = new Cu.Sandbox(ssm.createNullPrincipal({addonId: 'addonA'}),
{wantGlobalProperties: ['XMLHttpRequest']});
let exampleCom_addonB = new Cu.Sandbox(ssm.createCodebasePrincipal(Services.io.newURI('http://example.com'), {addonId: 'addonB'}),
{wantGlobalProperties: ['XMLHttpRequest']});
let addonA = new Cu.Sandbox(ssm.createCodebasePrincipal(Services.io.newURI('moz-extension://addonA/'), {}),
{wantGlobalProperties: ['XMLHttpRequest']});
let addonB = new Cu.Sandbox(ssm.createCodebasePrincipal(Services.io.newURI('moz-extension://addonB/'), {}),
{wantGlobalProperties: ['XMLHttpRequest']});
function uriForDomain(d) { return d + '/tests/caps/tests/mochitest/file_data.txt' }
tryLoad(exampleCom_addonA, uriForDomain('http://example.com'))
tryLoad(addonA, uriForDomain('http://test1.example.org'))
.then(function(success) {
ok(success, "same-origin load should succeed for addon A");
return tryLoad(nullPrin_addonA, uriForDomain('http://example.com'));
}).then(function(success) {
ok(!success, "null-principal load should fail for addon A");
return tryLoad(exampleCom_addonB, uriForDomain('http://example.com'));
}).then(function(success) {
ok(success, "same-origin load should succeed for addon B");
return tryLoad(exampleCom_addonA, uriForDomain('http://test1.example.org'));
}).then(function(success) {
ok(!success, "cross-origin load should fail for addon A");
aps.setAddonLoadURICallback('addonA', function(uri) { return /test1/.test(uri.host); });
aps.setAddonLoadURICallback('addonB', function(uri) { return /test2/.test(uri.host); });
return tryLoad(exampleCom_addonA, uriForDomain('http://test1.example.org'));
aps.setAddonLoadURICallback('addona', function(uri) { return /test1/.test(uri.host); });
aps.setAddonLoadURICallback('addonb', function(uri) { return /test2/.test(uri.host); });
return tryLoad(addonA, uriForDomain('http://test1.example.org'));
}).then(function(success) {
ok(success, "whitelisted cross-origin load of test1 should succeed for addon A");
return tryLoad(nullPrin_addonA, uriForDomain('http://test1.example.org'));
}).then(function(success) {
ok(!success, "whitelisted null principal load of test1 should still fail for addon A");
return tryLoad(exampleCom_addonB, uriForDomain('http://test1.example.org'));
return tryLoad(addonB, uriForDomain('http://test1.example.org'));
}).then(function(success) {
ok(!success, "non-whitelisted cross-origin load of test1 should fail for addon B");
return tryLoad(exampleCom_addonB, uriForDomain('http://test2.example.org'));
return tryLoad(addonB, uriForDomain('http://test2.example.org'));
}).then(function(success) {
ok(success, "whitelisted cross-origin load of test2 should succeed for addon B");
return tryLoad(exampleCom_addonA, uriForDomain('http://test2.example.org'));
return tryLoad(addonA, uriForDomain('http://test2.example.org'));
}).then(function(success) {
ok(!success, "non-whitelisted cross-origin load of test2 should fail for addon A");
SimpleTest.finish();

2
caps/tests/mochitest/test_extensionURL.html
Просмотреть файл

@ -93,7 +93,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1161831
is(stripTrailingSlash(prin.URI.spec), url, 'Principal uri is correct: ' + url);
function stripPath(s) { return s.replace(/(.*\/\/.+)\/.*/, '$1'); };
is(prin.originNoSuffix, stripPath(url), 'Principal origin is correct: ' + prin.originNoSuffix);
is(prin.originAttributes.addonId, 'imaginaryaddon-' + url[url.indexOf('/') + 2], 'addonId is correct');
is(prin.addonId, 'imaginaryaddon-' + url[url.indexOf('/') + 2], 'addonId is correct');
if (/_blank/.test(url)) {
is(SpecialPowers.wrap(ifr.contentWindow).document.documentElement.innerHTML,
'<head></head><body></body>', 'blank document looks right');

2
devtools/server/actors/tab.js
Просмотреть файл

@ -733,7 +733,7 @@ TabActor.prototype = {
}
// Collect the addonID from the document origin attributes.
let addonID = window.document.nodePrincipal.originAttributes.addonId;
let addonID = window.document.nodePrincipal.addonId;
return {
id,

2
devtools/server/actors/webextension.js
Просмотреть файл

@ -309,7 +309,7 @@ WebExtensionActor.prototype._shouldAddNewGlobalAsDebuggee = function (newGlobal)
const global = unwrapDebuggerObjectGlobal(newGlobal);
if (global instanceof Ci.nsIDOMWindow) {
return global.document.nodePrincipal.originAttributes.addonId == this.id;
return global.document.nodePrincipal.addonId == this.id;
}
try {

2
toolkit/components/extensions/ExtensionContent.jsm
Просмотреть файл

@ -366,7 +366,7 @@ class ContentScriptContextChild extends BaseContext {
// the tab holding the content page.
let metadata = {
"inner-window-id": this.innerWindowID,
addonId: attrs.addonId,
addonId: extensionPrincipal.addonId,
};
this.sandbox = Cu.Sandbox(principal, {

8
toolkit/components/extensions/ExtensionManagement.jsm
Просмотреть файл

@ -230,8 +230,8 @@ var Service = {
},
// Finds the add-on ID associated with a given moz-extension:// URI.
// This is used to set the addonId on the originAttributes for the
// nsIPrincipal attached to the URI.
// This is used to set the addonId on the for the nsIPrincipal
// attached to the URI.
extensionURIToAddonID(uri) {
let uuid = uri.host;
let extension = this.uuidMap.get(uuid);
@ -242,11 +242,11 @@ var Service = {
// API Levels Helpers
// Find the add-on associated with this document via the
// principal's originAttributes. This value is computed by
// principal's addonId attribute. This value is computed by
// extensionURIToAddonID, which ensures that we don't inject our
// API into webAccessibleResources or remote web pages.
function getAddonIdForWindow(window) {
return Cu.getObjectPrincipal(window).originAttributes.addonId;
return Cu.getObjectPrincipal(window).addonId;
}
const API_LEVELS = Object.freeze({

23
toolkit/components/extensions/test/xpcshell/test_getAPILevelForWindow.js
Просмотреть файл

@ -1,13 +1,26 @@
"use strict";
Cu.import("resource://gre/modules/ExtensionManagement.jsm");
const {Service} = Cu.import("resource://gre/modules/ExtensionManagement.jsm", {});
Cu.import("resource://gre/modules/Services.jsm");
XPCOMUtils.defineLazyServiceGetter(this, "uuidGen",
"@mozilla.org/uuid-generator;1",
"nsIUUIDGenerator");
function createWindowWithAddonId(addonId) {
let baseURI = Services.io.newURI("about:blank");
let originAttributes = {addonId};
const uuid = uuidGen.generateUUID().number.slice(1, -1);
const url = `moz-extension://${uuid}/`;
// Set the add-on ID for this moz-extensions: URL.
Service.uuidMap.set(uuid, {id: addonId});
do_register_cleanup(() => {
Service.uuidMap.delete(uuid);
});
let baseURI = Services.io.newURI(url);
let principal = Services.scriptSecurityManager
.createCodebasePrincipal(baseURI, originAttributes);
.createCodebasePrincipal(baseURI, {});
let chromeNav = Services.appShell.createWindowlessBrowser(true);
let interfaceRequestor = chromeNav.QueryInterface(Ci.nsIInterfaceRequestor);
let docShell = interfaceRequestor.getInterface(Ci.nsIDocShell);
@ -17,6 +30,8 @@ function createWindowWithAddonId(addonId) {
}
add_task(function* test_eventpages() {
Service.init();
const {getAPILevelForWindow, getAddonIdForWindow} = ExtensionManagement;
const {NO_PRIVILEGES, FULL_PRIVILEGES} = ExtensionManagement.API_LEVELS;
const FAKE_ADDON_ID = "fakeAddonId";