mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1312101 - Part 2: Remove AppProcessChecker and code that depends on it; r=baku

This commit is contained in:
Ehsan Akhgari 2016-10-22 16:50:47 -04:00
Родитель 130dc996d0
Коммит dc33b55d94
27 изменённых файлов: 2 добавлений и 731 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

5
devtools/client/responsive.html/browser/tunnel.js
Просмотреть файл

@ -349,11 +349,6 @@ MessageManagerTunnel.prototype = {
* the outer browser's real message manager.
*/
PASS_THROUGH_METHODS: [
"killChild",
"assertPermission",
"assertContainApp",
"assertAppHasPermission",
"assertAppHasStatus",
"removeDelayedFrameScript",
"getDelayedFrameScripts",
"loadProcessScript",

1
dom/base/nsDOMClassInfo.cpp
Просмотреть файл

@ -594,7 +594,6 @@ nsDOMClassInfo::Init()
DOM_CLASSINFO_MAP_END
DOM_CLASSINFO_MAP_BEGIN_NO_CLASS_IF(ChromeMessageSender, nsISupports)
DOM_CLASSINFO_MAP_ENTRY(nsIProcessChecker)
DOM_CLASSINFO_MAP_ENTRY(nsIFrameScriptLoader)
DOM_CLASSINFO_MAP_ENTRY(nsIProcessScriptLoader)
DOM_CLASSINFO_MAP_ENTRY(nsIMessageListenerManager)

22
dom/base/nsFrameLoader.cpp
Просмотреть файл

@ -75,7 +75,6 @@
#include "Layers.h"
#include "ClientLayerManager.h"
#include "AppProcessChecker.h"
#include "ContentParent.h"
#include "TabParent.h"
#include "mozilla/plugins/PPluginWidgetParent.h"
@ -2840,27 +2839,6 @@ nsFrameLoader::DoSendAsyncMessage(JSContext* aCx,
return NS_ERROR_UNEXPECTED;
}
bool
nsFrameLoader::CheckPermission(const nsAString& aPermission)
{
return AssertAppProcessPermission(GetRemoteBrowser(),
NS_ConvertUTF16toUTF8(aPermission).get());
}
bool
nsFrameLoader::CheckManifestURL(const nsAString& aManifestURL)
{
return AssertAppProcessManifestURL(GetRemoteBrowser(),
NS_ConvertUTF16toUTF8(aManifestURL).get());
}
bool
nsFrameLoader::CheckAppHasPermission(const nsAString& aPermission)
{
return AssertAppHasPermission(GetRemoteBrowser(),
NS_ConvertUTF16toUTF8(aPermission).get());
}
NS_IMETHODIMP
nsFrameLoader::GetMessageManager(nsIMessageSender** aManager)
{

3
dom/base/nsFrameLoader.h
Просмотреть файл

@ -101,9 +101,6 @@ public:
mozilla::dom::ipc::StructuredCloneData& aData,
JS::Handle<JSObject *> aCpows,
nsIPrincipal* aPrincipal) override;
virtual bool CheckPermission(const nsAString& aPermission) override;
virtual bool CheckManifestURL(const nsAString& aManifestURL) override;
virtual bool CheckAppHasPermission(const nsAString& aPermission) override;
/**
* Called from the layout frame associated with this frame loader;

118
dom/base/nsFrameMessageManager.cpp
Просмотреть файл

@ -8,7 +8,6 @@
#include "nsFrameMessageManager.h"
#include "AppProcessChecker.h"
#include "ContentChild.h"
#include "nsContentUtils.h"
#include "nsDOMClassInfoID.h"
@ -194,10 +193,6 @@ NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(nsFrameMessageManager)
NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIGlobalProcessScriptLoader,
mChrome && mIsProcessManager && mIsBroadcaster)
/* Message senders in the chrome process support nsIProcessChecker. */
NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIProcessChecker,
mChrome && !mIsBroadcaster)
NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO_CONDITIONAL(ChromeMessageBroadcaster,
mChrome && mIsBroadcaster)
NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO_CONDITIONAL(ChromeMessageSender,
@ -967,95 +962,6 @@ nsFrameMessageManager::Atob(const nsAString& aAsciiString,
return nsContentUtils::Atob(aAsciiString, aBinaryData);
}
// nsIProcessChecker
NS_IMETHODIMP
nsFrameMessageManager::KillChild(bool *aValid)
{
if (!mCallback) {
*aValid = false;
return NS_ERROR_NOT_AVAILABLE;
}
*aValid = mCallback->KillChild();
return NS_OK;
}
nsresult
nsFrameMessageManager::AssertProcessInternal(ProcessCheckerType aType,
const nsAString& aCapability,
bool* aValid)
{
*aValid = false;
// This API is only supported for message senders in the chrome process.
if (!mChrome || mIsBroadcaster) {
return NS_ERROR_NOT_IMPLEMENTED;
}
if (!mCallback) {
return NS_ERROR_NOT_AVAILABLE;
}
switch (aType) {
case PROCESS_CHECKER_PERMISSION:
*aValid = mCallback->CheckPermission(aCapability);
break;
case PROCESS_CHECKER_MANIFEST_URL:
*aValid = mCallback->CheckManifestURL(aCapability);
break;
case ASSERT_APP_HAS_PERMISSION:
*aValid = mCallback->CheckAppHasPermission(aCapability);
break;
default:
break;
}
return NS_OK;
}
NS_IMETHODIMP
nsFrameMessageManager::AssertPermission(const nsAString& aPermission,
bool* aHasPermission)
{
return AssertProcessInternal(PROCESS_CHECKER_PERMISSION,
aPermission,
aHasPermission);
}
NS_IMETHODIMP
nsFrameMessageManager::AssertContainApp(const nsAString& aManifestURL,
bool* aHasManifestURL)
{
return AssertProcessInternal(PROCESS_CHECKER_MANIFEST_URL,
aManifestURL,
aHasManifestURL);
}
NS_IMETHODIMP
nsFrameMessageManager::AssertAppHasPermission(const nsAString& aPermission,
bool* aHasPermission)
{
return AssertProcessInternal(ASSERT_APP_HAS_PERMISSION,
aPermission,
aHasPermission);
}
NS_IMETHODIMP
nsFrameMessageManager::AssertAppHasStatus(unsigned short aStatus,
bool* aHasStatus)
{
*aHasStatus = false;
// This API is only supported for message senders in the chrome process.
if (!mChrome || mIsBroadcaster) {
return NS_ERROR_NOT_IMPLEMENTED;
}
if (!mCallback) {
return NS_ERROR_NOT_AVAILABLE;
}
*aHasStatus = mCallback->CheckAppHasStatus(aStatus);
return NS_OK;
}
class MMListenerRemover
{
public:
@ -1975,30 +1881,6 @@ public:
}
return NS_OK;
}
bool CheckPermission(const nsAString& aPermission) override
{
// In a single-process scenario, the child always has all capabilities.
return true;
}
bool CheckManifestURL(const nsAString& aManifestURL) override
{
// In a single-process scenario, the child always has all capabilities.
return true;
}
bool CheckAppHasPermission(const nsAString& aPermission) override
{
// In a single-process scenario, the child always has all capabilities.
return true;
}
bool CheckAppHasStatus(unsigned short aStatus) override
{
// In a single-process scenario, the child always has all capabilities.
return true;
}
};

30
dom/base/nsFrameMessageManager.h
Просмотреть файл

@ -83,32 +83,6 @@ public:
return NS_OK;
}
virtual bool CheckPermission(const nsAString& aPermission)
{
return false;
}
virtual bool CheckManifestURL(const nsAString& aManifestURL)
{
return false;
}
virtual bool CheckAppHasPermission(const nsAString& aPermission)
{
return false;
}
virtual bool CheckAppHasStatus(unsigned short aStatus)
{
return false;
}
virtual bool KillChild()
{
// By default, does nothing.
return false;
}
virtual nsIMessageSender* GetProcessMessageManager() const
{
return nullptr;
@ -165,8 +139,7 @@ private:
class nsFrameMessageManager final : public nsIContentFrameMessageManager,
public nsIMessageBroadcaster,
public nsIFrameScriptLoader,
public nsIGlobalProcessScriptLoader,
public nsIProcessChecker
public nsIGlobalProcessScriptLoader
{
friend class mozilla::dom::MessageManagerReporter;
typedef mozilla::dom::ipc::StructuredCloneData StructuredCloneData;
@ -191,7 +164,6 @@ public:
NS_DECL_NSIFRAMESCRIPTLOADER
NS_DECL_NSIPROCESSSCRIPTLOADER
NS_DECL_NSIGLOBALPROCESSSCRIPTLOADER
NS_DECL_NSIPROCESSCHECKER
static nsFrameMessageManager*
NewProcessMessageManager(bool aIsRemote);

65
dom/base/nsIMessageManager.idl
Просмотреть файл

@ -483,68 +483,3 @@ interface nsIGlobalProcessScriptLoader : nsIProcessScriptLoader
[implicit_jscontext]
readonly attribute jsval initialProcessData;
};
[scriptable, builtinclass, uuid(637e8538-4f8f-4a3d-8510-e74386233e19)]
interface nsIProcessChecker : nsISupports
{
bool killChild();
/**
* Return true if the "remote" process has |aPermission|. This is
* intended to be used by JS implementations of cross-process DOM
* APIs, like so
*
* recvFooRequest: function(message) {
* if (!message.target.assertPermission("foo")) {
* return false;
* }
* // service foo request
*
* This interface only returns meaningful data when our content is
* in a separate process. If it shares the same OS process as us,
* then applying this permission check doesn't add any security,
* though it doesn't hurt anything either.
*
* Note: If the remote content process does *not* have |aPermission|,
* it will be killed as a precaution.
*/
boolean assertPermission(in DOMString aPermission);
/**
* Return true if the "remote" process has |aManifestURL|. This is
* intended to be used by JS implementations of cross-process DOM
* APIs, like so
*
* recvFooRequest: function(message) {
* if (!message.target.assertContainApp("foo")) {
* return false;
* }
* // service foo request
*
* This interface only returns meaningful data when our content is
* in a separate process. If it shares the same OS process as us,
* then applying this manifest URL check doesn't add any security,
* though it doesn't hurt anything either.
*
* Note: If the remote content process does *not* contain |aManifestURL|,
* it will be killed as a precaution.
*/
boolean assertContainApp(in DOMString aManifestURL);
boolean assertAppHasPermission(in DOMString aPermission);
/**
* Return true if the "remote" process' principal has an appStatus equal to
* |aStatus|.
*
* This interface only returns meaningful data when our content is
* in a separate process. If it shares the same OS process as us,
* then applying this permission check doesn't add any security,
* though it doesn't hurt anything either.
*
* Note: If the remote content process does *not* has the |aStatus|,
* it will be killed as a precaution.
*/
boolean assertAppHasStatus(in unsigned short aStatus);
};

6
dom/cache/PrincipalVerifier.cpp поставляемый
Просмотреть файл

@ -6,7 +6,6 @@
#include "mozilla/dom/cache/PrincipalVerifier.h"
#include "mozilla/AppProcessChecker.h"
#include "mozilla/dom/ContentParent.h"
#include "mozilla/dom/cache/ManagerId.h"
#include "mozilla/ipc/BackgroundParent.h"
@ -145,11 +144,6 @@ PrincipalVerifier::VerifyOnMainThread()
return;
}
// Verify that a child process claims to own the app for this principal
if (NS_WARN_IF(actor && !AssertAppPrincipal(actor, principal))) {
DispatchToInitiatingThread(NS_ERROR_FAILURE);
return;
}
actor = nullptr;
#ifdef DEBUG

29
dom/devicestorage/DeviceStorageRequestParent.cpp
Просмотреть файл

@ -12,7 +12,6 @@
#include "mozilla/dom/ipc/BlobParent.h"
#include "ContentParent.h"
#include "nsProxyRelease.h"
#include "AppProcessChecker.h"
#include "mozilla/Preferences.h"
#include "nsNetCID.h"
@ -317,34 +316,6 @@ DeviceStorageRequestParent::EnsureRequiredPermissions(
}
}
// The 'apps' type is special. We only want this exposed
// if the caller has the "webapps-manage" permission.
if (type.EqualsLiteral("apps")) {
if (!AssertAppProcessPermission(aParent, "webapps-manage")) {
return false;
}
}
nsAutoCString permissionName;
nsresult rv = DeviceStorageTypeChecker::GetPermissionForType(type,
permissionName);
if (NS_FAILED(rv)) {
return false;
}
nsCString access;
rv = DeviceStorageTypeChecker::GetAccessForRequest(requestType, access);
if (NS_FAILED(rv)) {
return false;
}
permissionName.Append('-');
permissionName.Append(access);
if (!AssertAppProcessPermission(aParent, permissionName.get())) {
return false;
}
return true;
}

1
dom/filesystem/FileSystemRequestParent.cpp
Просмотреть файл

@ -11,7 +11,6 @@
#include "GetFileOrDirectoryTask.h"
#include "RemoveTask.h"
#include "mozilla/AppProcessChecker.h"
#include "mozilla/dom/FileSystemBase.h"
namespace mozilla {

1
dom/indexedDB/ActorsParent.cpp
Просмотреть файл

@ -19,7 +19,6 @@
#include "jsapi.h"
#include "KeyPath.h"
#include "mozilla/Attributes.h"
#include "mozilla/AppProcessChecker.h"
#include "mozilla/AutoRestore.h"
#include "mozilla/Casting.h"
#include "mozilla/EndianUtils.h"

95
dom/ipc/AppProcessChecker.cpp
Просмотреть файл

@ -1,95 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "AppProcessChecker.h"
#include "nsIPermissionManager.h"
namespace mozilla {
namespace dom {
class PContentParent;
} // namespace dom
} // namespace mozilla
class nsIPrincipal;
namespace mozilla {
#if DEBUG
#define LOG(...) printf_stderr(__VA_ARGS__)
#else
#define LOG(...)
#endif
bool
AssertAppProcess(mozilla::dom::PBrowserParent* aActor,
AssertAppProcessType aType,
const char* aCapability)
{
return true;
}
bool
AssertAppStatus(mozilla::dom::PBrowserParent* aActor,
unsigned short aStatus)
{
return true;
}
bool
AssertAppProcess(const mozilla::dom::TabContext& aContext,
AssertAppProcessType aType,
const char* aCapability)
{
return true;
}
bool
AssertAppStatus(const mozilla::dom::TabContext& aContext,
unsigned short aStatus)
{
return true;
}
bool
AssertAppProcess(mozilla::dom::PContentParent* aActor,
AssertAppProcessType aType,
const char* aCapability)
{
return true;
}
bool
AssertAppStatus(mozilla::dom::PContentParent* aActor,
unsigned short aStatus)
{
return true;
}
bool
AssertAppProcess(mozilla::hal_sandbox::PHalParent* aActor,
AssertAppProcessType aType,
const char* aCapability)
{
return true;
}
bool
AssertAppPrincipal(mozilla::dom::PContentParent* aActor,
nsIPrincipal* aPrincipal)
{
return true;
}
uint32_t
CheckPermission(mozilla::dom::PContentParent* aActor,
nsIPrincipal* aPrincipal,
const char* aPermission)
{
return nsIPermissionManager::ALLOW_ACTION;
}
} // namespace mozilla

160
dom/ipc/AppProcessChecker.h
Просмотреть файл

@ -1,160 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef mozilla_AppProcessChecker_h
#define mozilla_AppProcessChecker_h
#include <stdint.h>
class nsIPrincipal;
namespace mozilla {
namespace dom {
class TabContext;
class PBrowserParent;
class PContentParent;
} // namespace dom
namespace hal_sandbox {
class PHalParent;
} // namespace hal_sandbox
enum AssertAppProcessType {
ASSERT_APP_PROCESS_PERMISSION,
ASSERT_APP_PROCESS_MANIFEST_URL,
ASSERT_APP_HAS_PERMISSION
};
/**
* Return true if the specified browser has the specified capability.
* If this returns false, the browser didn't have the capability and
* will be killed.
*/
bool
AssertAppProcess(mozilla::dom::PBrowserParent* aActor,
AssertAppProcessType aType,
const char* aCapability);
/**
* Return true if the specified app has the specified status.
* If this returns false, the browser will be killed.
*/
bool
AssertAppStatus(mozilla::dom::PBrowserParent* aActor,
unsigned short aStatus);
/**
* Return true if the specified browser has the specified capability.
* If this returns false, the browser didn't have the capability and
* will be killed.
*/
bool
AssertAppProcess(const mozilla::dom::TabContext& aContext,
AssertAppProcessType aType,
const char* aCapability);
/**
* Return true if the specified app has the specified status.
* If this returns false, the browser will be killed.
*/
bool
AssertAppStatus(const mozilla::dom::TabContext& aContext,
unsigned short aStatus);
/**
* Return true if any of the PBrowsers loaded in this content process
* has the specified capability. If this returns false, the process
* didn't have the capability and will be killed.
*/
bool
AssertAppProcess(mozilla::dom::PContentParent* aActor,
AssertAppProcessType aType,
const char* aCapability);
/**
* Return true if any of the PBrowsers loaded in this content process
* has an app with the specified status. If this returns false, the process
* didn't have the status and will be killed.
*/
bool
AssertAppStatus(mozilla::dom::PContentParent* aActor,
unsigned short aStatus);
bool
AssertAppProcess(mozilla::hal_sandbox::PHalParent* aActor,
AssertAppProcessType aType,
const char* aCapability);
// NB: when adding capability checks for other IPDL actors, please add
// them to this file and have them delegate to the two functions above
// as appropriate. For example,
//
// bool AppProcessHasCapability(PNeckoParent* aActor, AssertAppProcessType aType) {
// return AssertAppProcess(aActor->Manager(), aType);
// }
bool
AssertAppPrincipal(mozilla::dom::PContentParent* aParent,
nsIPrincipal* aPrincipal);
/**
* Check if the specified principal is valid, and return the saved permission
* value for permission `aPermission' on that principal.
* See nsIPermissionManager.idl for possible return values.
*
* nsIPermissionManager::UNKNOWN_ACTION is retuned if the principal is invalid.
*/
uint32_t
CheckPermission(mozilla::dom::PContentParent* aParent,
nsIPrincipal* aPrincipal, const char* aPermission);
/**
* Inline function for asserting the process's permission.
*/
template<typename T>
inline bool
AssertAppProcessPermission(T* aActor,
const char* aPermission) {
return AssertAppProcess(aActor,
ASSERT_APP_PROCESS_PERMISSION,
aPermission);
}
/**
* Inline function for asserting the process's manifest URL.
*/
template<typename T>
inline bool
AssertAppProcessManifestURL(T* aActor,
const char* aManifestURL) {
return AssertAppProcess(aActor,
ASSERT_APP_PROCESS_MANIFEST_URL,
aManifestURL);
}
/**
* Inline function for asserting the process's manifest URL.
*/
template<typename T>
inline bool
AssertAppHasPermission(T* aActor,
const char* aPermission) {
return AssertAppProcess(aActor,
ASSERT_APP_HAS_PERMISSION,
aPermission);
}
template<typename T>
inline bool
AssertAppHasStatus(T* aActor,
unsigned short aStatus) {
return AssertAppStatus(aActor, aStatus);
}
} // namespace mozilla
#endif // mozilla_AppProcessChecker_h

32
dom/ipc/ContentParent.cpp
Просмотреть файл

@ -24,7 +24,6 @@
#include "chrome/common/process_watcher.h"
#include "mozilla/a11y/PDocAccessible.h"
#include "AppProcessChecker.h"
#include "AudioChannelService.h"
#include "BlobParent.h"
#include "CrashReporterParent.h"
@ -3696,37 +3695,6 @@ ContentParent::DoSendAsyncMessage(JSContext* aCx,
return NS_OK;
}
bool
ContentParent::CheckPermission(const nsAString& aPermission)
{
return AssertAppProcessPermission(this, NS_ConvertUTF16toUTF8(aPermission).get());
}
bool
ContentParent::CheckManifestURL(const nsAString& aManifestURL)
{
return AssertAppProcessManifestURL(this, NS_ConvertUTF16toUTF8(aManifestURL).get());
}
bool
ContentParent::CheckAppHasPermission(const nsAString& aPermission)
{
return AssertAppHasPermission(this, NS_ConvertUTF16toUTF8(aPermission).get());
}
bool
ContentParent::CheckAppHasStatus(unsigned short aStatus)
{
return AssertAppHasStatus(this, aStatus);
}
bool
ContentParent::KillChild()
{
KillHard("KillChild");
return true;
}
PBlobParent*
ContentParent::SendPBlobConstructor(PBlobParent* aActor,
const BlobConstructorParams& aParams)

10
dom/ipc/ContentParent.h
Просмотреть файл

@ -278,16 +278,6 @@ public:
JS::Handle<JSObject *> aCpows,
nsIPrincipal* aPrincipal) override;
virtual bool CheckPermission(const nsAString& aPermission) override;
virtual bool CheckManifestURL(const nsAString& aManifestURL) override;
virtual bool CheckAppHasPermission(const nsAString& aPermission) override;
virtual bool CheckAppHasStatus(unsigned short aStatus) override;
virtual bool KillChild() override;
/** Notify that a tab is beginning its destruction sequence. */
static void NotifyTabDestroying(const TabId& aTabId,
const ContentParentId& aCpId);

1
dom/ipc/ContentProcessManager.h
Просмотреть файл

@ -98,7 +98,6 @@ public:
/**
* Get all TabContext which are inside the given content process.
* Used for AppProcessChecker to cehck app status.
*/
nsTArray<TabContext>
GetTabContextByContentProcess(const ContentParentId& aChildCpId);

38
dom/ipc/TabParent.cpp
Просмотреть файл

@ -9,7 +9,6 @@
#include "TabParent.h"
#include "AudioChannelService.h"
#include "AppProcessChecker.h"
#ifdef ACCESSIBILITY
#include "mozilla/a11y/DocAccessibleParent.h"
#include "nsAccessibilityService.h"
@ -996,12 +995,7 @@ TabParent::AllocPIndexedDBPermissionRequestParent(const Principal& aPrincipal)
}
nsCOMPtr<nsIContentParent> manager = Manager();
if (manager->IsContentParent()) {
if (NS_WARN_IF(!AssertAppPrincipal(manager->AsContentParent(),
principal))) {
return nullptr;
}
} else {
if (!manager->IsContentParent()) {
MOZ_CRASH("Figure out security checks for bridged content!");
}
@ -1496,16 +1490,6 @@ TabParent::RecvSyncMessage(const nsString& aMessage,
const IPC::Principal& aPrincipal,
nsTArray<StructuredCloneData>* aRetVal)
{
// FIXME Permission check for TabParent in Content process
nsIPrincipal* principal = aPrincipal;
if (Manager()->IsContentParent()) {
ContentParent* parent = Manager()->AsContentParent();
if (!ContentParent::IgnoreIPCPrincipal() &&
parent && principal && !AssertAppPrincipal(parent, principal)) {
return IPC_FAIL_NO_REASON(this);
}
}
StructuredCloneData data;
ipc::UnpackClonedMessageDataForParent(aData, data);
@ -1523,16 +1507,6 @@ TabParent::RecvRpcMessage(const nsString& aMessage,
const IPC::Principal& aPrincipal,
nsTArray<StructuredCloneData>* aRetVal)
{
// FIXME Permission check for TabParent in Content process
nsIPrincipal* principal = aPrincipal;
if (Manager()->IsContentParent()) {
ContentParent* parent = Manager()->AsContentParent();
if (!ContentParent::IgnoreIPCPrincipal() &&
parent && principal && !AssertAppPrincipal(parent, principal)) {
return IPC_FAIL_NO_REASON(this);
}
}
StructuredCloneData data;
ipc::UnpackClonedMessageDataForParent(aData, data);
@ -1549,16 +1523,6 @@ TabParent::RecvAsyncMessage(const nsString& aMessage,
const IPC::Principal& aPrincipal,
const ClonedMessageData& aData)
{
// FIXME Permission check for TabParent in Content process
nsIPrincipal* principal = aPrincipal;
if (Manager()->IsContentParent()) {
ContentParent* parent = Manager()->AsContentParent();
if (!ContentParent::IgnoreIPCPrincipal() &&
parent && principal && !AssertAppPrincipal(parent, principal)) {
return IPC_FAIL_NO_REASON(this);
}
}
StructuredCloneData data;
ipc::UnpackClonedMessageDataForParent(aData, data);

2
dom/ipc/moz.build
Просмотреть файл

@ -39,14 +39,12 @@ EXPORTS.mozilla.dom += [
]
EXPORTS.mozilla += [
'AppProcessChecker.h',
'ProcessHangMonitor.h',
'ProcessHangMonitorIPC.h',
'ProcessPriorityManager.h',
]
UNIFIED_SOURCES += [
'AppProcessChecker.cpp',
'ColorPickerParent.cpp',
'ContentBridgeChild.cpp',
'ContentBridgeParent.cpp',

31
dom/ipc/nsIContentParent.cpp
Просмотреть файл

@ -6,7 +6,6 @@
#include "nsIContentParent.h"
#include "mozilla/AppProcessChecker.h"
#include "mozilla/Preferences.h"
#include "mozilla/dom/File.h"
#include "mozilla/dom/ContentParent.h"
@ -217,16 +216,6 @@ nsIContentParent::RecvSyncMessage(const nsString& aMsg,
const IPC::Principal& aPrincipal,
nsTArray<ipc::StructuredCloneData>* aRetvals)
{
// FIXME Permission check in Content process
nsIPrincipal* principal = aPrincipal;
if (IsContentParent()) {
ContentParent* parent = AsContentParent();
if (!ContentParent::IgnoreIPCPrincipal() &&
parent && principal && !AssertAppPrincipal(parent, principal)) {
return IPC_FAIL_NO_REASON(parent);
}
}
RefPtr<nsFrameMessageManager> ppm = mMessageManager;
if (ppm) {
ipc::StructuredCloneData data;
@ -246,16 +235,6 @@ nsIContentParent::RecvRpcMessage(const nsString& aMsg,
const IPC::Principal& aPrincipal,
nsTArray<ipc::StructuredCloneData>* aRetvals)
{
// FIXME Permission check in Content process
nsIPrincipal* principal = aPrincipal;
if (IsContentParent()) {
ContentParent* parent = AsContentParent();
if (!ContentParent::IgnoreIPCPrincipal() &&
parent && principal && !AssertAppPrincipal(parent, principal)) {
return IPC_FAIL_NO_REASON(parent);
}
}
RefPtr<nsFrameMessageManager> ppm = mMessageManager;
if (ppm) {
ipc::StructuredCloneData data;
@ -300,16 +279,6 @@ nsIContentParent::RecvAsyncMessage(const nsString& aMsg,
const IPC::Principal& aPrincipal,
const ClonedMessageData& aData)
{
// FIXME Permission check in Content process
nsIPrincipal* principal = aPrincipal;
if (IsContentParent()) {
ContentParent* parent = AsContentParent();
if (!ContentParent::IgnoreIPCPrincipal() &&
parent && principal && !AssertAppPrincipal(parent, principal)) {
return IPC_FAIL_NO_REASON(parent);
}
}
RefPtr<nsFrameMessageManager> ppm = mMessageManager;
if (ppm) {
ipc::StructuredCloneData data;

1
dom/network/TCPServerSocketParent.cpp
Просмотреть файл

@ -10,7 +10,6 @@
#include "nsJSUtils.h"
#include "TCPSocketParent.h"
#include "mozilla/Unused.h"
#include "mozilla/AppProcessChecker.h"
#include "mozilla/dom/ContentParent.h"
#include "mozilla/dom/TabParent.h"

15
dom/network/TCPSocketParent.cpp
Просмотреть файл

@ -9,7 +9,6 @@
#include "jsfriendapi.h"
#include "nsJSUtils.h"
#include "mozilla/Unused.h"
#include "mozilla/AppProcessChecker.h"
#include "mozilla/net/NeckoCommon.h"
#include "mozilla/net/PNeckoParent.h"
#include "mozilla/dom/ContentParent.h"
@ -118,14 +117,6 @@ mozilla::ipc::IPCResult
TCPSocketParent::RecvOpen(const nsString& aHost, const uint16_t& aPort, const bool& aUseSSL,
const bool& aUseArrayBuffers)
{
// We don't have browser actors in xpcshell, and hence can't run automated
// tests without this loophole.
if (net::UsingNeckoIPCSecurity() &&
!AssertAppProcessPermission(Manager()->Manager(), "tcp-socket")) {
FireInteralError(this, __LINE__);
return IPC_OK();
}
// Obtain App ID
uint32_t appId = GetAppId();
bool inIsolatedMozBrowser = GetInIsolatedMozBrowser();
@ -146,12 +137,6 @@ TCPSocketParent::RecvOpenBind(const nsCString& aRemoteHost,
const bool& aUseArrayBuffers,
const nsCString& aFilter)
{
if (net::UsingNeckoIPCSecurity() &&
!AssertAppProcessPermission(Manager()->Manager(), "tcp-socket")) {
FireInteralError(this, __LINE__);
return IPC_OK();
}
nsresult rv;
nsCOMPtr<nsISocketTransportService> sts =
do_GetService("@mozilla.org/network/socket-transport-service;1", &rv);

12
dom/network/UDPSocketParent.cpp
Просмотреть файл

@ -9,7 +9,6 @@
#include "nsComponentManagerUtils.h"
#include "nsIUDPSocket.h"
#include "nsINetAddr.h"
#include "mozilla/AppProcessChecker.h"
#include "mozilla/Unused.h"
#include "mozilla/ipc/InputStreamUtils.h"
#include "mozilla/net/DNS.h"
@ -27,14 +26,12 @@ NS_IMPL_ISUPPORTS(UDPSocketParent, nsIUDPSocketListener)
UDPSocketParent::UDPSocketParent(PBackgroundParent* aManager)
: mBackgroundManager(aManager)
, mNeckoManager(nullptr)
, mIPCOpen(true)
{
}
UDPSocketParent::UDPSocketParent(PNeckoParent* aManager)
: mBackgroundManager(nullptr)
, mNeckoManager(aManager)
, mIPCOpen(true)
{
}
@ -56,15 +53,6 @@ UDPSocketParent::Init(const IPC::Principal& aPrincipal,
if (net::UsingNeckoIPCSecurity() &&
mPrincipal &&
!ContentParent::IgnoreIPCPrincipal()) {
if (mNeckoManager) {
if (!AssertAppPrincipal(mNeckoManager->Manager(), mPrincipal)) {
return false;
}
} else {
// PBackground is (for now) using a STUN filter for verification
// it's not being used for DoS
}
nsCOMPtr<nsIPermissionManager> permMgr =
services::GetPermissionManager();
if (!permMgr) {

2
dom/network/UDPSocketParent.h
Просмотреть файл

@ -68,9 +68,7 @@ private:
void SendInternalError(nsIEventTarget *aThread,
uint32_t aLineNo);
// One of these will be null and the other non-null.
PBackgroundParent* mBackgroundManager;
PNeckoParent* mNeckoManager;
bool mIPCOpen;
nsCOMPtr<nsIUDPSocket> mSocket;

3
dom/workers/ServiceWorkerManagerParent.cpp
Просмотреть файл

@ -6,7 +6,6 @@
#include "ServiceWorkerManagerParent.h"
#include "ServiceWorkerManagerService.h"
#include "mozilla/AppProcessChecker.h"
#include "mozilla/dom/ContentParent.h"
#include "mozilla/dom/ServiceWorkerRegistrar.h"
#include "mozilla/ipc/BackgroundParent.h"
@ -128,8 +127,6 @@ public:
NS_IMETHOD Run() override
{
if (NS_IsMainThread()) {
nsCOMPtr<nsIPrincipal> principal = PrincipalInfoToPrincipal(mPrincipalInfo);
AssertAppPrincipal(mContentParent, principal);
mContentParent = nullptr;
mBackgroundThread->Dispatch(this, NS_DISPATCH_NORMAL);

41
hal/sandbox/SandboxHal.cpp
Просмотреть файл

@ -6,7 +6,6 @@
#include "Hal.h"
#include "HalLog.h"
#include "mozilla/AppProcessChecker.h"
#include "mozilla/dom/ContentChild.h"
#include "mozilla/dom/ContentParent.h"
#include "mozilla/hal_sandbox/PHalChild.h"
@ -568,9 +567,6 @@ public:
virtual mozilla::ipc::IPCResult
RecvGetScreenEnabled(bool* aEnabled) override
{
if (!AssertAppProcessPermission(this, "power")) {
return IPC_FAIL_NO_REASON(this);
}
*aEnabled = hal::GetScreenEnabled();
return IPC_OK();
}
@ -578,9 +574,6 @@ public:
virtual mozilla::ipc::IPCResult
RecvSetScreenEnabled(const bool& aEnabled) override
{
if (!AssertAppProcessPermission(this, "power")) {
return IPC_FAIL_NO_REASON(this);
}
hal::SetScreenEnabled(aEnabled);
return IPC_OK();
}
@ -588,9 +581,6 @@ public:
virtual mozilla::ipc::IPCResult
RecvGetKeyLightEnabled(bool* aEnabled) override
{
if (!AssertAppProcessPermission(this, "power")) {
return IPC_FAIL_NO_REASON(this);
}
*aEnabled = hal::GetKeyLightEnabled();
return IPC_OK();
}
@ -598,9 +588,6 @@ public:
virtual mozilla::ipc::IPCResult
RecvSetKeyLightEnabled(const bool& aEnabled) override
{
if (!AssertAppProcessPermission(this, "power")) {
return IPC_FAIL_NO_REASON(this);
}
hal::SetKeyLightEnabled(aEnabled);
return IPC_OK();
}
@ -608,9 +595,6 @@ public:
virtual mozilla::ipc::IPCResult
RecvGetCpuSleepAllowed(bool* aAllowed) override
{
if (!AssertAppProcessPermission(this, "power")) {
return IPC_FAIL_NO_REASON(this);
}
*aAllowed = hal::GetCpuSleepAllowed();
return IPC_OK();
}
@ -618,9 +602,6 @@ public:
virtual mozilla::ipc::IPCResult
RecvSetCpuSleepAllowed(const bool& aAllowed) override
{
if (!AssertAppProcessPermission(this, "power")) {
return IPC_FAIL_NO_REASON(this);
}
hal::SetCpuSleepAllowed(aAllowed);
return IPC_OK();
}
@ -628,9 +609,6 @@ public:
virtual mozilla::ipc::IPCResult
RecvGetScreenBrightness(double* aBrightness) override
{
if (!AssertAppProcessPermission(this, "power")) {
return IPC_FAIL_NO_REASON(this);
}
*aBrightness = hal::GetScreenBrightness();
return IPC_OK();
}
@ -638,9 +616,6 @@ public:
virtual mozilla::ipc::IPCResult
RecvSetScreenBrightness(const double& aBrightness) override
{
if (!AssertAppProcessPermission(this, "power")) {
return IPC_FAIL_NO_REASON(this);
}
hal::SetScreenBrightness(aBrightness);
return IPC_OK();
}
@ -648,9 +623,6 @@ public:
virtual mozilla::ipc::IPCResult
RecvAdjustSystemClock(const int64_t &aDeltaMilliseconds) override
{
if (!AssertAppProcessPermission(this, "time")) {
return IPC_FAIL_NO_REASON(this);
}
hal::AdjustSystemClock(aDeltaMilliseconds);
return IPC_OK();
}
@ -658,9 +630,6 @@ public:
virtual mozilla::ipc::IPCResult
RecvSetTimezone(const nsCString& aTimezoneSpec) override
{
if (!AssertAppProcessPermission(this, "time")) {
return IPC_FAIL_NO_REASON(this);
}
hal::SetTimezone(aTimezoneSpec);
return IPC_OK();
}
@ -668,9 +637,6 @@ public:
virtual mozilla::ipc::IPCResult
RecvGetTimezone(nsCString *aTimezoneSpec) override
{
if (!AssertAppProcessPermission(this, "time")) {
return IPC_FAIL_NO_REASON(this);
}
*aTimezoneSpec = hal::GetTimezone();
return IPC_OK();
}
@ -678,9 +644,6 @@ public:
virtual mozilla::ipc::IPCResult
RecvGetTimezoneOffset(int32_t *aTimezoneOffset) override
{
if (!AssertAppProcessPermission(this, "time")) {
return IPC_FAIL_NO_REASON(this);
}
*aTimezoneOffset = hal::GetTimezoneOffset();
return IPC_OK();
}
@ -812,10 +775,6 @@ public:
virtual mozilla::ipc::IPCResult
RecvFactoryReset(const nsString& aReason) override
{
if (!AssertAppProcessPermission(this, "power")) {
return IPC_FAIL_NO_REASON(this);
}
FactoryResetReason reason = FactoryResetReason::Normal;
if (aReason.EqualsLiteral("normal")) {
reason = FactoryResetReason::Normal;

8
ipc/glue/BackgroundParentImpl.cpp
Просмотреть файл

@ -12,7 +12,6 @@
#include "CamerasParent.h"
#endif
#include "mozilla/media/MediaParent.h"
#include "mozilla/AppProcessChecker.h"
#include "mozilla/Assertions.h"
#include "mozilla/dom/ContentParent.h"
#include "mozilla/dom/DOMTypes.h"
@ -522,7 +521,6 @@ public:
NullifyContentParentRAII raii(mContentParent);
nsCOMPtr<nsIPrincipal> principal = PrincipalInfoToPrincipal(mPrincipalInfo);
AssertAppPrincipal(mContentParent, principal);
if (principal->GetIsNullPrincipal()) {
mContentParent->KillHard("BroadcastChannel killed: no null principal.");
@ -612,12 +610,6 @@ private:
return true;
}
if (!AssertAppProcessPermission(mContentParent.get(),
mPermissionName.get())) {
mContentParent->KillHard("PBackground actor killed: permission denied.");
return false;
}
return true;
}

1
netwerk/ipc/NeckoParent.cpp
Просмотреть файл

@ -32,7 +32,6 @@
#include "mozilla/dom/network/UDPSocketParent.h"
#include "mozilla/dom/workers/ServiceWorkerManager.h"
#include "mozilla/LoadContext.h"
#include "mozilla/AppProcessChecker.h"
#include "nsPrintfCString.h"
#include "nsHTMLDNSPrefetch.h"
#include "nsIAppsService.h"