mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1314361 - Part 2: Stop using addonId origin attribute for permission checks. r=billm

This commit is contained in:
Kris Maglione 2016-11-04 15:16:50 -07:00
Родитель 7f01119247
Коммит af57bdc417
8 изменённых файлов: 53 добавлений и 43 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

15
caps/BasePrincipal.cpp
Просмотреть файл

@ -615,15 +615,19 @@ BasePrincipal::GetUnknownAppId(bool* aUnknownAppId)
bool bool
BasePrincipal::AddonHasPermission(const nsAString& aPerm) BasePrincipal::AddonHasPermission(const nsAString& aPerm)
{ {
if (mOriginAttributes.mAddonId.IsEmpty()) { nsAutoString addonId;
NS_ENSURE_SUCCESS(GetAddonId(addonId), false);
if (addonId.IsEmpty()) {
return false; return false;
} }
nsCOMPtr<nsIAddonPolicyService> aps = nsCOMPtr<nsIAddonPolicyService> aps =
do_GetService("@mozilla.org/addons/policy-service;1"); do_GetService("@mozilla.org/addons/policy-service;1");
NS_ENSURE_TRUE(aps, false); NS_ENSURE_TRUE(aps, false);
bool retval = false; bool retval = false;
nsresult rv = aps->AddonHasPermission(mOriginAttributes.mAddonId, aPerm, &retval); nsresult rv = aps->AddonHasPermission(addonId, aPerm, &retval);
NS_ENSURE_SUCCESS(rv, false); NS_ENSURE_SUCCESS(rv, false);
return retval; return retval;
} }
@ -702,7 +706,10 @@ BasePrincipal::CloneStrippingUserContextIdAndFirstPartyDomain()
bool bool
BasePrincipal::AddonAllowsLoad(nsIURI* aURI, bool aExplicit /* = false */) BasePrincipal::AddonAllowsLoad(nsIURI* aURI, bool aExplicit /* = false */)
{ {
if (mOriginAttributes.mAddonId.IsEmpty()) { nsAutoString addonId;
NS_ENSURE_SUCCESS(GetAddonId(addonId), false);
if (addonId.IsEmpty()) {
return false; return false;
} }
@ -710,7 +717,7 @@ BasePrincipal::AddonAllowsLoad(nsIURI* aURI, bool aExplicit /* = false */)
NS_ENSURE_TRUE(aps, false); NS_ENSURE_TRUE(aps, false);
bool allowed = false; bool allowed = false;
nsresult rv = aps->AddonMayLoadURI(mOriginAttributes.mAddonId, aURI, aExplicit, &allowed); nsresult rv = aps->AddonMayLoadURI(addonId, aURI, aExplicit, &allowed);
return NS_SUCCEEDED(rv) && allowed; return NS_SUCCEEDED(rv) && allowed;
} }

42
caps/tests/mochitest/test_addonMayLoad.html
Просмотреть файл

@ -20,9 +20,11 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1180921
let aps = Cc["@mozilla.org/addons/policy-service;1"].getService(Ci.nsIAddonPolicyService).wrappedJSObject; let aps = Cc["@mozilla.org/addons/policy-service;1"].getService(Ci.nsIAddonPolicyService).wrappedJSObject;
SimpleTest.waitForExplicitFinish(); SimpleTest.waitForExplicitFinish();
let oldAddonIdCallback = aps.setExtensionURIToAddonIdCallback(uri => uri.host);
SimpleTest.registerCleanupFunction(function() { SimpleTest.registerCleanupFunction(function() {
aps.setAddonLoadURICallback('addonA', null); aps.setAddonLoadURICallback('addona', null);
aps.setAddonLoadURICallback('addonB', null); aps.setAddonLoadURICallback('addonb', null);
aps.setExtensionURIToAddonIdCallback(oldAddonIdCallback);
}); });
function tryLoad(sb, uri) { function tryLoad(sb, uri) {
@ -39,42 +41,28 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1180921
return p; return p;
} }
let exampleCom_addonA = new Cu.Sandbox(ssm.createCodebasePrincipal(Services.io.newURI('http://example.com'), {addonId: 'addonA'}), let addonA = new Cu.Sandbox(ssm.createCodebasePrincipal(Services.io.newURI('moz-extension://addonA/'), {}),
{wantGlobalProperties: ['XMLHttpRequest']}); {wantGlobalProperties: ['XMLHttpRequest']});
let nullPrin_addonA = new Cu.Sandbox(ssm.createNullPrincipal({addonId: 'addonA'}), let addonB = new Cu.Sandbox(ssm.createCodebasePrincipal(Services.io.newURI('moz-extension://addonB/'), {}),
{wantGlobalProperties: ['XMLHttpRequest']}); {wantGlobalProperties: ['XMLHttpRequest']});
let exampleCom_addonB = new Cu.Sandbox(ssm.createCodebasePrincipal(Services.io.newURI('http://example.com'), {addonId: 'addonB'}),
{wantGlobalProperties: ['XMLHttpRequest']});
function uriForDomain(d) { return d + '/tests/caps/tests/mochitest/file_data.txt' } function uriForDomain(d) { return d + '/tests/caps/tests/mochitest/file_data.txt' }
tryLoad(exampleCom_addonA, uriForDomain('http://example.com')) tryLoad(addonA, uriForDomain('http://test1.example.org'))
.then(function(success) { .then(function(success) {
ok(success, "same-origin load should succeed for addon A");
return tryLoad(nullPrin_addonA, uriForDomain('http://example.com'));
}).then(function(success) {
ok(!success, "null-principal load should fail for addon A");
return tryLoad(exampleCom_addonB, uriForDomain('http://example.com'));
}).then(function(success) {
ok(success, "same-origin load should succeed for addon B");
return tryLoad(exampleCom_addonA, uriForDomain('http://test1.example.org'));
}).then(function(success) {
ok(!success, "cross-origin load should fail for addon A"); ok(!success, "cross-origin load should fail for addon A");
aps.setAddonLoadURICallback('addonA', function(uri) { return /test1/.test(uri.host); }); aps.setAddonLoadURICallback('addona', function(uri) { return /test1/.test(uri.host); });
aps.setAddonLoadURICallback('addonB', function(uri) { return /test2/.test(uri.host); }); aps.setAddonLoadURICallback('addonb', function(uri) { return /test2/.test(uri.host); });
return tryLoad(exampleCom_addonA, uriForDomain('http://test1.example.org')); return tryLoad(addonA, uriForDomain('http://test1.example.org'));
}).then(function(success) { }).then(function(success) {
ok(success, "whitelisted cross-origin load of test1 should succeed for addon A"); ok(success, "whitelisted cross-origin load of test1 should succeed for addon A");
return tryLoad(nullPrin_addonA, uriForDomain('http://test1.example.org')); return tryLoad(addonB, uriForDomain('http://test1.example.org'));
}).then(function(success) {
ok(!success, "whitelisted null principal load of test1 should still fail for addon A");
return tryLoad(exampleCom_addonB, uriForDomain('http://test1.example.org'));
}).then(function(success) { }).then(function(success) {
ok(!success, "non-whitelisted cross-origin load of test1 should fail for addon B"); ok(!success, "non-whitelisted cross-origin load of test1 should fail for addon B");
return tryLoad(exampleCom_addonB, uriForDomain('http://test2.example.org')); return tryLoad(addonB, uriForDomain('http://test2.example.org'));
}).then(function(success) { }).then(function(success) {
ok(success, "whitelisted cross-origin load of test2 should succeed for addon B"); ok(success, "whitelisted cross-origin load of test2 should succeed for addon B");
return tryLoad(exampleCom_addonA, uriForDomain('http://test2.example.org')); return tryLoad(addonA, uriForDomain('http://test2.example.org'));
}).then(function(success) { }).then(function(success) {
ok(!success, "non-whitelisted cross-origin load of test2 should fail for addon A"); ok(!success, "non-whitelisted cross-origin load of test2 should fail for addon A");
SimpleTest.finish(); SimpleTest.finish();

2
caps/tests/mochitest/test_extensionURL.html
Просмотреть файл

@ -93,7 +93,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1161831
is(stripTrailingSlash(prin.URI.spec), url, 'Principal uri is correct: ' + url); is(stripTrailingSlash(prin.URI.spec), url, 'Principal uri is correct: ' + url);
function stripPath(s) { return s.replace(/(.*\/\/.+)\/.*/, '$1'); }; function stripPath(s) { return s.replace(/(.*\/\/.+)\/.*/, '$1'); };
is(prin.originNoSuffix, stripPath(url), 'Principal origin is correct: ' + prin.originNoSuffix); is(prin.originNoSuffix, stripPath(url), 'Principal origin is correct: ' + prin.originNoSuffix);
is(prin.originAttributes.addonId, 'imaginaryaddon-' + url[url.indexOf('/') + 2], 'addonId is correct'); is(prin.addonId, 'imaginaryaddon-' + url[url.indexOf('/') + 2], 'addonId is correct');
if (/_blank/.test(url)) { if (/_blank/.test(url)) {
is(SpecialPowers.wrap(ifr.contentWindow).document.documentElement.innerHTML, is(SpecialPowers.wrap(ifr.contentWindow).document.documentElement.innerHTML,
'<head></head><body></body>', 'blank document looks right'); '<head></head><body></body>', 'blank document looks right');

2
devtools/server/actors/tab.js
Просмотреть файл

@ -733,7 +733,7 @@ TabActor.prototype = {
} }
// Collect the addonID from the document origin attributes. // Collect the addonID from the document origin attributes.
let addonID = window.document.nodePrincipal.originAttributes.addonId; let addonID = window.document.nodePrincipal.addonId;
return { return {
id, id,

2
devtools/server/actors/webextension.js
Просмотреть файл

@ -309,7 +309,7 @@ WebExtensionActor.prototype._shouldAddNewGlobalAsDebuggee = function (newGlobal)
const global = unwrapDebuggerObjectGlobal(newGlobal); const global = unwrapDebuggerObjectGlobal(newGlobal);
if (global instanceof Ci.nsIDOMWindow) { if (global instanceof Ci.nsIDOMWindow) {
return global.document.nodePrincipal.originAttributes.addonId == this.id; return global.document.nodePrincipal.addonId == this.id;
} }
try { try {

2
toolkit/components/extensions/ExtensionContent.jsm
Просмотреть файл

@ -366,7 +366,7 @@ class ContentScriptContextChild extends BaseContext {
// the tab holding the content page. // the tab holding the content page.
let metadata = { let metadata = {
"inner-window-id": this.innerWindowID, "inner-window-id": this.innerWindowID,
addonId: attrs.addonId, addonId: extensionPrincipal.addonId,
}; };
this.sandbox = Cu.Sandbox(principal, { this.sandbox = Cu.Sandbox(principal, {

8
toolkit/components/extensions/ExtensionManagement.jsm
Просмотреть файл

@ -230,8 +230,8 @@ var Service = {
}, },
// Finds the add-on ID associated with a given moz-extension:// URI. // Finds the add-on ID associated with a given moz-extension:// URI.
// This is used to set the addonId on the originAttributes for the // This is used to set the addonId on the for the nsIPrincipal
// nsIPrincipal attached to the URI. // attached to the URI.
extensionURIToAddonID(uri) { extensionURIToAddonID(uri) {
let uuid = uri.host; let uuid = uri.host;
let extension = this.uuidMap.get(uuid); let extension = this.uuidMap.get(uuid);
@ -242,11 +242,11 @@ var Service = {
// API Levels Helpers // API Levels Helpers
// Find the add-on associated with this document via the // Find the add-on associated with this document via the
// principal's originAttributes. This value is computed by // principal's addonId attribute. This value is computed by
// extensionURIToAddonID, which ensures that we don't inject our // extensionURIToAddonID, which ensures that we don't inject our
// API into webAccessibleResources or remote web pages. // API into webAccessibleResources or remote web pages.
function getAddonIdForWindow(window) { function getAddonIdForWindow(window) {
return Cu.getObjectPrincipal(window).originAttributes.addonId; return Cu.getObjectPrincipal(window).addonId;
} }
const API_LEVELS = Object.freeze({ const API_LEVELS = Object.freeze({

23
toolkit/components/extensions/test/xpcshell/test_getAPILevelForWindow.js
Просмотреть файл

@ -1,13 +1,26 @@
"use strict"; "use strict";
Cu.import("resource://gre/modules/ExtensionManagement.jsm"); const {Service} = Cu.import("resource://gre/modules/ExtensionManagement.jsm", {});
Cu.import("resource://gre/modules/Services.jsm"); Cu.import("resource://gre/modules/Services.jsm");
XPCOMUtils.defineLazyServiceGetter(this, "uuidGen",
"@mozilla.org/uuid-generator;1",
"nsIUUIDGenerator");
function createWindowWithAddonId(addonId) { function createWindowWithAddonId(addonId) {
let baseURI = Services.io.newURI("about:blank"); const uuid = uuidGen.generateUUID().number.slice(1, -1);
let originAttributes = {addonId};
const url = `moz-extension://${uuid}/`;
// Set the add-on ID for this moz-extensions: URL.
Service.uuidMap.set(uuid, {id: addonId});
do_register_cleanup(() => {
Service.uuidMap.delete(uuid);
});
let baseURI = Services.io.newURI(url);
let principal = Services.scriptSecurityManager let principal = Services.scriptSecurityManager
.createCodebasePrincipal(baseURI, originAttributes); .createCodebasePrincipal(baseURI, {});
let chromeNav = Services.appShell.createWindowlessBrowser(true); let chromeNav = Services.appShell.createWindowlessBrowser(true);
let interfaceRequestor = chromeNav.QueryInterface(Ci.nsIInterfaceRequestor); let interfaceRequestor = chromeNav.QueryInterface(Ci.nsIInterfaceRequestor);
let docShell = interfaceRequestor.getInterface(Ci.nsIDocShell); let docShell = interfaceRequestor.getInterface(Ci.nsIDocShell);
@ -17,6 +30,8 @@ function createWindowWithAddonId(addonId) {
} }
add_task(function* test_eventpages() { add_task(function* test_eventpages() {
Service.init();
const {getAPILevelForWindow, getAddonIdForWindow} = ExtensionManagement; const {getAPILevelForWindow, getAddonIdForWindow} = ExtensionManagement;
const {NO_PRIVILEGES, FULL_PRIVILEGES} = ExtensionManagement.API_LEVELS; const {NO_PRIVILEGES, FULL_PRIVILEGES} = ExtensionManagement.API_LEVELS;
const FAKE_ADDON_ID = "fakeAddonId"; const FAKE_ADDON_ID = "fakeAddonId";