mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1697271: Change most LegacyCheckOnlyOwningProcessCanSet users to revert on failure. r=nika 

Note that this does not change `AllowPlugins` (because it is going away soon)
or `HasMainMediaController` (because don't know the code well enough to be
confident that reverting it would be safe), but does fix all other callers.

Differential Revision: https://phabricator.services.mozilla.com/D107704
This commit is contained in:
Kris Maglione 2021-03-15 20:34:30 +00:00
Родитель 0d92b293c4
Коммит c1ec5fce61
2 изменённых файлов: 61 добавлений и 35 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

65
docshell/base/BrowsingContext.cpp
Просмотреть файл

@ -2579,11 +2579,15 @@ void BrowsingContext::DidSet(FieldIndex<IDX_Muted>) {
}); });
} }
bool BrowsingContext::CanSet(FieldIndex<IDX_OverrideDPPX>, const float& aValue, auto BrowsingContext::CanSet(FieldIndex<IDX_OverrideDPPX>, const float& aValue,
ContentParent* aSource) { ContentParent* aSource) -> CanSetResult {
// FIXME: Should only be settable by the parent process, but devtools code // FIXME: Should only be settable by the parent process, but devtools code
// currently sets it from the child. // currently sets it from the child.
return IsTop() && LegacyCheckOnlyOwningProcessCanSet(aSource); if (!IsTop()) {
return CanSetResult::Deny;
}
return LegacyRevertIfNotOwningOrParentProcess(aSource);
} }
void BrowsingContext::DidSet(FieldIndex<IDX_OverrideDPPX>, float aOldValue) { void BrowsingContext::DidSet(FieldIndex<IDX_OverrideDPPX>, float aOldValue) {
@ -2675,6 +2679,23 @@ bool BrowsingContext::LegacyCheckOnlyOwningProcessCanSet(
return true; return true;
} }
auto BrowsingContext::LegacyRevertIfNotOwningOrParentProcess(ContentParent* aSource)
-> CanSetResult {
if (aSource) {
MOZ_ASSERT(XRE_IsParentProcess());
if (!Canonical()->IsOwnedByProcess(aSource->ChildID())) {
return CanSetResult::Revert;
}
} else if (!IsInProcess() && !XRE_IsParentProcess()) {
// Don't allow this to be set from content processes that
// don't own the BrowsingContext.
return CanSetResult::Deny;
}
return CanSetResult::Allow;
}
bool BrowsingContext::CanSet(FieldIndex<IDX_IsActiveBrowserWindowInternal>, bool BrowsingContext::CanSet(FieldIndex<IDX_IsActiveBrowserWindowInternal>,
const bool& aValue, ContentParent* aSource) { const bool& aValue, ContentParent* aSource) {
// Should only be set in the parent process. // Should only be set in the parent process.
@ -2705,16 +2726,16 @@ void BrowsingContext::DidSet(FieldIndex<IDX_IsActiveBrowserWindowInternal>,
}); });
} }
bool BrowsingContext::CanSet(FieldIndex<IDX_AllowContentRetargeting>, auto BrowsingContext::CanSet(FieldIndex<IDX_AllowContentRetargeting>,
const bool& aAllowContentRetargeting, const bool& aAllowContentRetargeting,
ContentParent* aSource) { ContentParent* aSource) -> CanSetResult {
return LegacyCheckOnlyOwningProcessCanSet(aSource); return LegacyRevertIfNotOwningOrParentProcess(aSource);
} }
bool BrowsingContext::CanSet(FieldIndex<IDX_AllowContentRetargetingOnChildren>, auto BrowsingContext::CanSet(FieldIndex<IDX_AllowContentRetargetingOnChildren>,
const bool& aAllowContentRetargetingOnChildren, const bool& aAllowContentRetargetingOnChildren,
ContentParent* aSource) { ContentParent* aSource) -> CanSetResult {
return LegacyCheckOnlyOwningProcessCanSet(aSource); return LegacyRevertIfNotOwningOrParentProcess(aSource);
} }
bool BrowsingContext::CanSet(FieldIndex<IDX_AllowPlugins>, bool BrowsingContext::CanSet(FieldIndex<IDX_AllowPlugins>,
@ -2777,12 +2798,12 @@ void BrowsingContext::SetWatchedByDevTools(bool aWatchedByDevTools,
SetWatchedByDevToolsInternal(aWatchedByDevTools, aRv); SetWatchedByDevToolsInternal(aWatchedByDevTools, aRv);
} }
bool BrowsingContext::CanSet(FieldIndex<IDX_DefaultLoadFlags>, auto BrowsingContext::CanSet(FieldIndex<IDX_DefaultLoadFlags>,
const uint32_t& aDefaultLoadFlags, const uint32_t& aDefaultLoadFlags,
ContentParent* aSource) { ContentParent* aSource) -> CanSetResult {
// Bug 1623565 - Are these flags only used by the debugger, which makes it // Bug 1623565 - Are these flags only used by the debugger, which makes it
// possible that this field can only be settable by the parent process? // possible that this field can only be settable by the parent process?
return LegacyCheckOnlyOwningProcessCanSet(aSource); return LegacyRevertIfNotOwningOrParentProcess(aSource);
} }
void BrowsingContext::DidSet(FieldIndex<IDX_DefaultLoadFlags>) { void BrowsingContext::DidSet(FieldIndex<IDX_DefaultLoadFlags>) {
@ -2809,24 +2830,24 @@ bool BrowsingContext::CanSet(FieldIndex<IDX_UseGlobalHistory>,
return true; return true;
} }
bool BrowsingContext::CanSet(FieldIndex<IDX_UserAgentOverride>, auto BrowsingContext::CanSet(FieldIndex<IDX_UserAgentOverride>,
const nsString& aUserAgent, const nsString& aUserAgent, ContentParent* aSource)
ContentParent* aSource) { -> CanSetResult {
if (!IsTop()) { if (!IsTop()) {
return false; return CanSetResult::Deny;
} }
return LegacyCheckOnlyOwningProcessCanSet(aSource); return LegacyRevertIfNotOwningOrParentProcess(aSource);
} }
bool BrowsingContext::CanSet(FieldIndex<IDX_PlatformOverride>, auto BrowsingContext::CanSet(FieldIndex<IDX_PlatformOverride>,
const nsString& aPlatform, const nsString& aPlatform, ContentParent* aSource)
ContentParent* aSource) { -> CanSetResult {
if (!IsTop()) { if (!IsTop()) {
return false; return CanSetResult::Deny;
} }
return LegacyCheckOnlyOwningProcessCanSet(aSource); return LegacyRevertIfNotOwningOrParentProcess(aSource);
} }
bool BrowsingContext::CheckOnlyEmbedderCanSet(ContentParent* aSource) { bool BrowsingContext::CheckOnlyEmbedderCanSet(ContentParent* aSource) {

31
docshell/base/BrowsingContext.h
Просмотреть файл

@ -948,8 +948,8 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache {
// volume of all media elements. // volume of all media elements.
void DidSet(FieldIndex<IDX_Muted>); void DidSet(FieldIndex<IDX_Muted>);
bool CanSet(FieldIndex<IDX_OverrideDPPX>, const float& aValue, CanSetResult CanSet(FieldIndex<IDX_OverrideDPPX>, const float& aValue,
ContentParent* aSource); ContentParent* aSource);
void DidSet(FieldIndex<IDX_OverrideDPPX>, float aOldValue); void DidSet(FieldIndex<IDX_OverrideDPPX>, float aOldValue);
bool CanSet(FieldIndex<IDX_EmbedderInnerWindowId>, const uint64_t& aValue, bool CanSet(FieldIndex<IDX_EmbedderInnerWindowId>, const uint64_t& aValue,
@ -973,12 +973,13 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache {
void DidSet(FieldIndex<IDX_AncestorLoading>); void DidSet(FieldIndex<IDX_AncestorLoading>);
void DidSet(FieldIndex<IDX_PlatformOverride>); void DidSet(FieldIndex<IDX_PlatformOverride>);
bool CanSet(FieldIndex<IDX_PlatformOverride>, CanSetResult CanSet(FieldIndex<IDX_PlatformOverride>,
const nsString& aPlatformOverride, ContentParent* aSource); const nsString& aPlatformOverride,
ContentParent* aSource);
void DidSet(FieldIndex<IDX_UserAgentOverride>); void DidSet(FieldIndex<IDX_UserAgentOverride>);
bool CanSet(FieldIndex<IDX_UserAgentOverride>, const nsString& aUserAgent, CanSetResult CanSet(FieldIndex<IDX_UserAgentOverride>,
ContentParent* aSource); const nsString& aUserAgent, ContentParent* aSource);
bool CanSet(FieldIndex<IDX_OrientationLock>, bool CanSet(FieldIndex<IDX_OrientationLock>,
const mozilla::hal::ScreenOrientation& aOrientationLock, const mozilla::hal::ScreenOrientation& aOrientationLock,
ContentParent* aSource); ContentParent* aSource);
@ -989,11 +990,12 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache {
bool CanSet(FieldIndex<IDX_MessageManagerGroup>, bool CanSet(FieldIndex<IDX_MessageManagerGroup>,
const nsString& aMessageManagerGroup, ContentParent* aSource); const nsString& aMessageManagerGroup, ContentParent* aSource);
bool CanSet(FieldIndex<IDX_AllowContentRetargeting>, CanSetResult CanSet(FieldIndex<IDX_AllowContentRetargeting>,
const bool& aAllowContentRetargeting, ContentParent* aSource); const bool& aAllowContentRetargeting,
bool CanSet(FieldIndex<IDX_AllowContentRetargetingOnChildren>, ContentParent* aSource);
const bool& aAllowContentRetargetingOnChildren, CanSetResult CanSet(FieldIndex<IDX_AllowContentRetargetingOnChildren>,
ContentParent* aSource); const bool& aAllowContentRetargetingOnChildren,
ContentParent* aSource);
bool CanSet(FieldIndex<IDX_AllowPlugins>, const bool& aAllowPlugins, bool CanSet(FieldIndex<IDX_AllowPlugins>, const bool& aAllowPlugins,
ContentParent* aSource); ContentParent* aSource);
bool CanSet(FieldIndex<IDX_FullscreenAllowedByOwner>, const bool&, bool CanSet(FieldIndex<IDX_FullscreenAllowedByOwner>, const bool&,
@ -1001,8 +1003,9 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache {
bool CanSet(FieldIndex<IDX_WatchedByDevToolsInternal>, bool CanSet(FieldIndex<IDX_WatchedByDevToolsInternal>,
const bool& aWatchedByDevToolsInternal, ContentParent* aSource); const bool& aWatchedByDevToolsInternal, ContentParent* aSource);
bool CanSet(FieldIndex<IDX_DefaultLoadFlags>, CanSetResult CanSet(FieldIndex<IDX_DefaultLoadFlags>,
const uint32_t& aDefaultLoadFlags, ContentParent* aSource); const uint32_t& aDefaultLoadFlags,
ContentParent* aSource);
void DidSet(FieldIndex<IDX_DefaultLoadFlags>); void DidSet(FieldIndex<IDX_DefaultLoadFlags>);
bool CanSet(FieldIndex<IDX_UseGlobalHistory>, const bool& aUseGlobalHistory, bool CanSet(FieldIndex<IDX_UseGlobalHistory>, const bool& aUseGlobalHistory,
@ -1048,6 +1051,8 @@ class BrowsingContext : public nsILoadContext, public nsWrapperCache {
// to WindowContext or be settable only by the parent process. // to WindowContext or be settable only by the parent process.
bool LegacyCheckOnlyOwningProcessCanSet(ContentParent* aSource); bool LegacyCheckOnlyOwningProcessCanSet(ContentParent* aSource);
CanSetResult LegacyRevertIfNotOwningOrParentProcess(ContentParent* aSource);
// True if the process attempting to set field is the same as the embedder's // True if the process attempting to set field is the same as the embedder's
// process. // process.
bool CheckOnlyEmbedderCanSet(ContentParent* aSource); bool CheckOnlyEmbedderCanSet(ContentParent* aSource);