From dc33b55d942e41a863cd1587c5da04c433deb327 Mon Sep 17 00:00:00 2001 From: Ehsan Akhgari Date: Sat, 22 Oct 2016 16:50:47 -0400 Subject: [PATCH] Bug 1312101 - Part 2: Remove AppProcessChecker and code that depends on it; r=baku --- .../client/responsive.html/browser/tunnel.js | 5 - dom/base/nsDOMClassInfo.cpp | 1 - dom/base/nsFrameLoader.cpp | 22 --- dom/base/nsFrameLoader.h | 3 - dom/base/nsFrameMessageManager.cpp | 118 ------------- dom/base/nsFrameMessageManager.h | 30 +--- dom/base/nsIMessageManager.idl | 65 ------- dom/cache/PrincipalVerifier.cpp | 6 - .../DeviceStorageRequestParent.cpp | 29 ---- dom/filesystem/FileSystemRequestParent.cpp | 1 - dom/indexedDB/ActorsParent.cpp | 1 - dom/ipc/AppProcessChecker.cpp | 95 ----------- dom/ipc/AppProcessChecker.h | 160 ------------------ dom/ipc/ContentParent.cpp | 32 ---- dom/ipc/ContentParent.h | 10 -- dom/ipc/ContentProcessManager.h | 1 - dom/ipc/TabParent.cpp | 38 +---- dom/ipc/moz.build | 2 - dom/ipc/nsIContentParent.cpp | 31 ---- dom/network/TCPServerSocketParent.cpp | 1 - dom/network/TCPSocketParent.cpp | 15 -- dom/network/UDPSocketParent.cpp | 12 -- dom/network/UDPSocketParent.h | 2 - dom/workers/ServiceWorkerManagerParent.cpp | 3 - hal/sandbox/SandboxHal.cpp | 41 ----- ipc/glue/BackgroundParentImpl.cpp | 8 - netwerk/ipc/NeckoParent.cpp | 1 - 27 files changed, 2 insertions(+), 731 deletions(-) delete mode 100644 dom/ipc/AppProcessChecker.cpp delete mode 100644 dom/ipc/AppProcessChecker.h diff --git a/devtools/client/responsive.html/browser/tunnel.js b/devtools/client/responsive.html/browser/tunnel.js index 3a911b3b837b..8e82d9d27236 100644 --- a/devtools/client/responsive.html/browser/tunnel.js +++ b/devtools/client/responsive.html/browser/tunnel.js @@ -349,11 +349,6 @@ MessageManagerTunnel.prototype = { * the outer browser's real message manager. */ PASS_THROUGH_METHODS: [ - "killChild", - "assertPermission", - "assertContainApp", - "assertAppHasPermission", - "assertAppHasStatus", "removeDelayedFrameScript", "getDelayedFrameScripts", "loadProcessScript", diff --git a/dom/base/nsDOMClassInfo.cpp b/dom/base/nsDOMClassInfo.cpp index c4f50bfa99d6..045bfa939316 100644 --- a/dom/base/nsDOMClassInfo.cpp +++ b/dom/base/nsDOMClassInfo.cpp @@ -594,7 +594,6 @@ nsDOMClassInfo::Init() DOM_CLASSINFO_MAP_END DOM_CLASSINFO_MAP_BEGIN_NO_CLASS_IF(ChromeMessageSender, nsISupports) - DOM_CLASSINFO_MAP_ENTRY(nsIProcessChecker) DOM_CLASSINFO_MAP_ENTRY(nsIFrameScriptLoader) DOM_CLASSINFO_MAP_ENTRY(nsIProcessScriptLoader) DOM_CLASSINFO_MAP_ENTRY(nsIMessageListenerManager) diff --git a/dom/base/nsFrameLoader.cpp b/dom/base/nsFrameLoader.cpp index 2ba00211e4a3..f9b0744a4796 100644 --- a/dom/base/nsFrameLoader.cpp +++ b/dom/base/nsFrameLoader.cpp @@ -75,7 +75,6 @@ #include "Layers.h" #include "ClientLayerManager.h" -#include "AppProcessChecker.h" #include "ContentParent.h" #include "TabParent.h" #include "mozilla/plugins/PPluginWidgetParent.h" @@ -2840,27 +2839,6 @@ nsFrameLoader::DoSendAsyncMessage(JSContext* aCx, return NS_ERROR_UNEXPECTED; } -bool -nsFrameLoader::CheckPermission(const nsAString& aPermission) -{ - return AssertAppProcessPermission(GetRemoteBrowser(), - NS_ConvertUTF16toUTF8(aPermission).get()); -} - -bool -nsFrameLoader::CheckManifestURL(const nsAString& aManifestURL) -{ - return AssertAppProcessManifestURL(GetRemoteBrowser(), - NS_ConvertUTF16toUTF8(aManifestURL).get()); -} - -bool -nsFrameLoader::CheckAppHasPermission(const nsAString& aPermission) -{ - return AssertAppHasPermission(GetRemoteBrowser(), - NS_ConvertUTF16toUTF8(aPermission).get()); -} - NS_IMETHODIMP nsFrameLoader::GetMessageManager(nsIMessageSender** aManager) { diff --git a/dom/base/nsFrameLoader.h b/dom/base/nsFrameLoader.h index 3292b17302f9..2438338ea1a1 100644 --- a/dom/base/nsFrameLoader.h +++ b/dom/base/nsFrameLoader.h @@ -101,9 +101,6 @@ public: mozilla::dom::ipc::StructuredCloneData& aData, JS::Handle aCpows, nsIPrincipal* aPrincipal) override; - virtual bool CheckPermission(const nsAString& aPermission) override; - virtual bool CheckManifestURL(const nsAString& aManifestURL) override; - virtual bool CheckAppHasPermission(const nsAString& aPermission) override; /** * Called from the layout frame associated with this frame loader; diff --git a/dom/base/nsFrameMessageManager.cpp b/dom/base/nsFrameMessageManager.cpp index 5f0c3b37ae4d..ca7465438b8b 100644 --- a/dom/base/nsFrameMessageManager.cpp +++ b/dom/base/nsFrameMessageManager.cpp @@ -8,7 +8,6 @@ #include "nsFrameMessageManager.h" -#include "AppProcessChecker.h" #include "ContentChild.h" #include "nsContentUtils.h" #include "nsDOMClassInfoID.h" @@ -194,10 +193,6 @@ NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(nsFrameMessageManager) NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIGlobalProcessScriptLoader, mChrome && mIsProcessManager && mIsBroadcaster) - /* Message senders in the chrome process support nsIProcessChecker. */ - NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIProcessChecker, - mChrome && !mIsBroadcaster) - NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO_CONDITIONAL(ChromeMessageBroadcaster, mChrome && mIsBroadcaster) NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO_CONDITIONAL(ChromeMessageSender, @@ -967,95 +962,6 @@ nsFrameMessageManager::Atob(const nsAString& aAsciiString, return nsContentUtils::Atob(aAsciiString, aBinaryData); } -// nsIProcessChecker - -NS_IMETHODIMP -nsFrameMessageManager::KillChild(bool *aValid) -{ - if (!mCallback) { - *aValid = false; - return NS_ERROR_NOT_AVAILABLE; - } - - *aValid = mCallback->KillChild(); - return NS_OK; -} - -nsresult -nsFrameMessageManager::AssertProcessInternal(ProcessCheckerType aType, - const nsAString& aCapability, - bool* aValid) -{ - *aValid = false; - - // This API is only supported for message senders in the chrome process. - if (!mChrome || mIsBroadcaster) { - return NS_ERROR_NOT_IMPLEMENTED; - } - if (!mCallback) { - return NS_ERROR_NOT_AVAILABLE; - } - switch (aType) { - case PROCESS_CHECKER_PERMISSION: - *aValid = mCallback->CheckPermission(aCapability); - break; - case PROCESS_CHECKER_MANIFEST_URL: - *aValid = mCallback->CheckManifestURL(aCapability); - break; - case ASSERT_APP_HAS_PERMISSION: - *aValid = mCallback->CheckAppHasPermission(aCapability); - break; - default: - break; - } - return NS_OK; -} - -NS_IMETHODIMP -nsFrameMessageManager::AssertPermission(const nsAString& aPermission, - bool* aHasPermission) -{ - return AssertProcessInternal(PROCESS_CHECKER_PERMISSION, - aPermission, - aHasPermission); -} - -NS_IMETHODIMP -nsFrameMessageManager::AssertContainApp(const nsAString& aManifestURL, - bool* aHasManifestURL) -{ - return AssertProcessInternal(PROCESS_CHECKER_MANIFEST_URL, - aManifestURL, - aHasManifestURL); -} - -NS_IMETHODIMP -nsFrameMessageManager::AssertAppHasPermission(const nsAString& aPermission, - bool* aHasPermission) -{ - return AssertProcessInternal(ASSERT_APP_HAS_PERMISSION, - aPermission, - aHasPermission); -} - -NS_IMETHODIMP -nsFrameMessageManager::AssertAppHasStatus(unsigned short aStatus, - bool* aHasStatus) -{ - *aHasStatus = false; - - // This API is only supported for message senders in the chrome process. - if (!mChrome || mIsBroadcaster) { - return NS_ERROR_NOT_IMPLEMENTED; - } - if (!mCallback) { - return NS_ERROR_NOT_AVAILABLE; - } - *aHasStatus = mCallback->CheckAppHasStatus(aStatus); - - return NS_OK; -} - class MMListenerRemover { public: @@ -1975,30 +1881,6 @@ public: } return NS_OK; } - - bool CheckPermission(const nsAString& aPermission) override - { - // In a single-process scenario, the child always has all capabilities. - return true; - } - - bool CheckManifestURL(const nsAString& aManifestURL) override - { - // In a single-process scenario, the child always has all capabilities. - return true; - } - - bool CheckAppHasPermission(const nsAString& aPermission) override - { - // In a single-process scenario, the child always has all capabilities. - return true; - } - - bool CheckAppHasStatus(unsigned short aStatus) override - { - // In a single-process scenario, the child always has all capabilities. - return true; - } }; diff --git a/dom/base/nsFrameMessageManager.h b/dom/base/nsFrameMessageManager.h index 077389a4979a..360ebb07a672 100644 --- a/dom/base/nsFrameMessageManager.h +++ b/dom/base/nsFrameMessageManager.h @@ -83,32 +83,6 @@ public: return NS_OK; } - virtual bool CheckPermission(const nsAString& aPermission) - { - return false; - } - - virtual bool CheckManifestURL(const nsAString& aManifestURL) - { - return false; - } - - virtual bool CheckAppHasPermission(const nsAString& aPermission) - { - return false; - } - - virtual bool CheckAppHasStatus(unsigned short aStatus) - { - return false; - } - - virtual bool KillChild() - { - // By default, does nothing. - return false; - } - virtual nsIMessageSender* GetProcessMessageManager() const { return nullptr; @@ -165,8 +139,7 @@ private: class nsFrameMessageManager final : public nsIContentFrameMessageManager, public nsIMessageBroadcaster, public nsIFrameScriptLoader, - public nsIGlobalProcessScriptLoader, - public nsIProcessChecker + public nsIGlobalProcessScriptLoader { friend class mozilla::dom::MessageManagerReporter; typedef mozilla::dom::ipc::StructuredCloneData StructuredCloneData; @@ -191,7 +164,6 @@ public: NS_DECL_NSIFRAMESCRIPTLOADER NS_DECL_NSIPROCESSSCRIPTLOADER NS_DECL_NSIGLOBALPROCESSSCRIPTLOADER - NS_DECL_NSIPROCESSCHECKER static nsFrameMessageManager* NewProcessMessageManager(bool aIsRemote); diff --git a/dom/base/nsIMessageManager.idl b/dom/base/nsIMessageManager.idl index 7c64bd2221e4..375f92abd448 100644 --- a/dom/base/nsIMessageManager.idl +++ b/dom/base/nsIMessageManager.idl @@ -483,68 +483,3 @@ interface nsIGlobalProcessScriptLoader : nsIProcessScriptLoader [implicit_jscontext] readonly attribute jsval initialProcessData; }; - -[scriptable, builtinclass, uuid(637e8538-4f8f-4a3d-8510-e74386233e19)] -interface nsIProcessChecker : nsISupports -{ - bool killChild(); - - /** - * Return true if the "remote" process has |aPermission|. This is - * intended to be used by JS implementations of cross-process DOM - * APIs, like so - * - * recvFooRequest: function(message) { - * if (!message.target.assertPermission("foo")) { - * return false; - * } - * // service foo request - * - * This interface only returns meaningful data when our content is - * in a separate process. If it shares the same OS process as us, - * then applying this permission check doesn't add any security, - * though it doesn't hurt anything either. - * - * Note: If the remote content process does *not* have |aPermission|, - * it will be killed as a precaution. - */ - boolean assertPermission(in DOMString aPermission); - - /** - * Return true if the "remote" process has |aManifestURL|. This is - * intended to be used by JS implementations of cross-process DOM - * APIs, like so - * - * recvFooRequest: function(message) { - * if (!message.target.assertContainApp("foo")) { - * return false; - * } - * // service foo request - * - * This interface only returns meaningful data when our content is - * in a separate process. If it shares the same OS process as us, - * then applying this manifest URL check doesn't add any security, - * though it doesn't hurt anything either. - * - * Note: If the remote content process does *not* contain |aManifestURL|, - * it will be killed as a precaution. - */ - boolean assertContainApp(in DOMString aManifestURL); - - boolean assertAppHasPermission(in DOMString aPermission); - - /** - * Return true if the "remote" process' principal has an appStatus equal to - * |aStatus|. - * - * This interface only returns meaningful data when our content is - * in a separate process. If it shares the same OS process as us, - * then applying this permission check doesn't add any security, - * though it doesn't hurt anything either. - * - * Note: If the remote content process does *not* has the |aStatus|, - * it will be killed as a precaution. - */ - boolean assertAppHasStatus(in unsigned short aStatus); - -}; diff --git a/dom/cache/PrincipalVerifier.cpp b/dom/cache/PrincipalVerifier.cpp index 25a693779109..57026b8707ae 100644 --- a/dom/cache/PrincipalVerifier.cpp +++ b/dom/cache/PrincipalVerifier.cpp @@ -6,7 +6,6 @@ #include "mozilla/dom/cache/PrincipalVerifier.h" -#include "mozilla/AppProcessChecker.h" #include "mozilla/dom/ContentParent.h" #include "mozilla/dom/cache/ManagerId.h" #include "mozilla/ipc/BackgroundParent.h" @@ -145,11 +144,6 @@ PrincipalVerifier::VerifyOnMainThread() return; } - // Verify that a child process claims to own the app for this principal - if (NS_WARN_IF(actor && !AssertAppPrincipal(actor, principal))) { - DispatchToInitiatingThread(NS_ERROR_FAILURE); - return; - } actor = nullptr; #ifdef DEBUG diff --git a/dom/devicestorage/DeviceStorageRequestParent.cpp b/dom/devicestorage/DeviceStorageRequestParent.cpp index 7c262eba8e4a..b57defc8ffc6 100644 --- a/dom/devicestorage/DeviceStorageRequestParent.cpp +++ b/dom/devicestorage/DeviceStorageRequestParent.cpp @@ -12,7 +12,6 @@ #include "mozilla/dom/ipc/BlobParent.h" #include "ContentParent.h" #include "nsProxyRelease.h" -#include "AppProcessChecker.h" #include "mozilla/Preferences.h" #include "nsNetCID.h" @@ -317,34 +316,6 @@ DeviceStorageRequestParent::EnsureRequiredPermissions( } } - // The 'apps' type is special. We only want this exposed - // if the caller has the "webapps-manage" permission. - if (type.EqualsLiteral("apps")) { - if (!AssertAppProcessPermission(aParent, "webapps-manage")) { - return false; - } - } - - nsAutoCString permissionName; - nsresult rv = DeviceStorageTypeChecker::GetPermissionForType(type, - permissionName); - if (NS_FAILED(rv)) { - return false; - } - - nsCString access; - rv = DeviceStorageTypeChecker::GetAccessForRequest(requestType, access); - if (NS_FAILED(rv)) { - return false; - } - - permissionName.Append('-'); - permissionName.Append(access); - - if (!AssertAppProcessPermission(aParent, permissionName.get())) { - return false; - } - return true; } diff --git a/dom/filesystem/FileSystemRequestParent.cpp b/dom/filesystem/FileSystemRequestParent.cpp index 36d3735c5c14..f9d017fad7b6 100644 --- a/dom/filesystem/FileSystemRequestParent.cpp +++ b/dom/filesystem/FileSystemRequestParent.cpp @@ -11,7 +11,6 @@ #include "GetFileOrDirectoryTask.h" #include "RemoveTask.h" -#include "mozilla/AppProcessChecker.h" #include "mozilla/dom/FileSystemBase.h" namespace mozilla { diff --git a/dom/indexedDB/ActorsParent.cpp b/dom/indexedDB/ActorsParent.cpp index 58d0dcb1236e..0162870e90e4 100644 --- a/dom/indexedDB/ActorsParent.cpp +++ b/dom/indexedDB/ActorsParent.cpp @@ -19,7 +19,6 @@ #include "jsapi.h" #include "KeyPath.h" #include "mozilla/Attributes.h" -#include "mozilla/AppProcessChecker.h" #include "mozilla/AutoRestore.h" #include "mozilla/Casting.h" #include "mozilla/EndianUtils.h" diff --git a/dom/ipc/AppProcessChecker.cpp b/dom/ipc/AppProcessChecker.cpp deleted file mode 100644 index fa91c94ff00d..000000000000 --- a/dom/ipc/AppProcessChecker.cpp +++ /dev/null @@ -1,95 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=8 sts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include "AppProcessChecker.h" -#include "nsIPermissionManager.h" - -namespace mozilla { -namespace dom { -class PContentParent; -} // namespace dom -} // namespace mozilla - -class nsIPrincipal; - -namespace mozilla { - -#if DEBUG - #define LOG(...) printf_stderr(__VA_ARGS__) -#else - #define LOG(...) -#endif - -bool -AssertAppProcess(mozilla::dom::PBrowserParent* aActor, - AssertAppProcessType aType, - const char* aCapability) -{ - return true; -} - -bool -AssertAppStatus(mozilla::dom::PBrowserParent* aActor, - unsigned short aStatus) -{ - return true; -} - -bool -AssertAppProcess(const mozilla::dom::TabContext& aContext, - AssertAppProcessType aType, - const char* aCapability) -{ - return true; -} - -bool -AssertAppStatus(const mozilla::dom::TabContext& aContext, - unsigned short aStatus) -{ - return true; -} - - -bool -AssertAppProcess(mozilla::dom::PContentParent* aActor, - AssertAppProcessType aType, - const char* aCapability) -{ - return true; -} - -bool -AssertAppStatus(mozilla::dom::PContentParent* aActor, - unsigned short aStatus) -{ - return true; -} - -bool -AssertAppProcess(mozilla::hal_sandbox::PHalParent* aActor, - AssertAppProcessType aType, - const char* aCapability) -{ - return true; -} - -bool -AssertAppPrincipal(mozilla::dom::PContentParent* aActor, - nsIPrincipal* aPrincipal) -{ - return true; -} - -uint32_t -CheckPermission(mozilla::dom::PContentParent* aActor, - nsIPrincipal* aPrincipal, - const char* aPermission) -{ - return nsIPermissionManager::ALLOW_ACTION; -} - -} // namespace mozilla diff --git a/dom/ipc/AppProcessChecker.h b/dom/ipc/AppProcessChecker.h deleted file mode 100644 index e5e7a90ba727..000000000000 --- a/dom/ipc/AppProcessChecker.h +++ /dev/null @@ -1,160 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=8 sts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef mozilla_AppProcessChecker_h -#define mozilla_AppProcessChecker_h - -#include - -class nsIPrincipal; - -namespace mozilla { - -namespace dom { -class TabContext; -class PBrowserParent; -class PContentParent; -} // namespace dom - -namespace hal_sandbox { -class PHalParent; -} // namespace hal_sandbox - -enum AssertAppProcessType { - ASSERT_APP_PROCESS_PERMISSION, - ASSERT_APP_PROCESS_MANIFEST_URL, - ASSERT_APP_HAS_PERMISSION -}; - -/** - * Return true if the specified browser has the specified capability. - * If this returns false, the browser didn't have the capability and - * will be killed. - */ -bool -AssertAppProcess(mozilla::dom::PBrowserParent* aActor, - AssertAppProcessType aType, - const char* aCapability); - -/** - * Return true if the specified app has the specified status. - * If this returns false, the browser will be killed. - */ -bool -AssertAppStatus(mozilla::dom::PBrowserParent* aActor, - unsigned short aStatus); - -/** - * Return true if the specified browser has the specified capability. - * If this returns false, the browser didn't have the capability and - * will be killed. - */ -bool -AssertAppProcess(const mozilla::dom::TabContext& aContext, - AssertAppProcessType aType, - const char* aCapability); - -/** - * Return true if the specified app has the specified status. - * If this returns false, the browser will be killed. - */ -bool -AssertAppStatus(const mozilla::dom::TabContext& aContext, - unsigned short aStatus); - -/** - * Return true if any of the PBrowsers loaded in this content process - * has the specified capability. If this returns false, the process - * didn't have the capability and will be killed. - */ -bool -AssertAppProcess(mozilla::dom::PContentParent* aActor, - AssertAppProcessType aType, - const char* aCapability); - -/** - * Return true if any of the PBrowsers loaded in this content process - * has an app with the specified status. If this returns false, the process - * didn't have the status and will be killed. - */ -bool -AssertAppStatus(mozilla::dom::PContentParent* aActor, - unsigned short aStatus); - -bool -AssertAppProcess(mozilla::hal_sandbox::PHalParent* aActor, - AssertAppProcessType aType, - const char* aCapability); - -// NB: when adding capability checks for other IPDL actors, please add -// them to this file and have them delegate to the two functions above -// as appropriate. For example, -// -// bool AppProcessHasCapability(PNeckoParent* aActor, AssertAppProcessType aType) { -// return AssertAppProcess(aActor->Manager(), aType); -// } - -bool -AssertAppPrincipal(mozilla::dom::PContentParent* aParent, - nsIPrincipal* aPrincipal); - -/** - * Check if the specified principal is valid, and return the saved permission - * value for permission `aPermission' on that principal. - * See nsIPermissionManager.idl for possible return values. - * - * nsIPermissionManager::UNKNOWN_ACTION is retuned if the principal is invalid. - */ -uint32_t -CheckPermission(mozilla::dom::PContentParent* aParent, - nsIPrincipal* aPrincipal, const char* aPermission); - -/** - * Inline function for asserting the process's permission. - */ -template -inline bool -AssertAppProcessPermission(T* aActor, - const char* aPermission) { - return AssertAppProcess(aActor, - ASSERT_APP_PROCESS_PERMISSION, - aPermission); -} - -/** - * Inline function for asserting the process's manifest URL. - */ -template -inline bool -AssertAppProcessManifestURL(T* aActor, - const char* aManifestURL) { - return AssertAppProcess(aActor, - ASSERT_APP_PROCESS_MANIFEST_URL, - aManifestURL); -} - -/** - * Inline function for asserting the process's manifest URL. - */ -template -inline bool -AssertAppHasPermission(T* aActor, - const char* aPermission) { - return AssertAppProcess(aActor, - ASSERT_APP_HAS_PERMISSION, - aPermission); -} - -template -inline bool -AssertAppHasStatus(T* aActor, - unsigned short aStatus) { - return AssertAppStatus(aActor, aStatus); -} - -} // namespace mozilla - -#endif // mozilla_AppProcessChecker_h diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp index 576ae343e8f7..882eddd793c7 100644 --- a/dom/ipc/ContentParent.cpp +++ b/dom/ipc/ContentParent.cpp @@ -24,7 +24,6 @@ #include "chrome/common/process_watcher.h" #include "mozilla/a11y/PDocAccessible.h" -#include "AppProcessChecker.h" #include "AudioChannelService.h" #include "BlobParent.h" #include "CrashReporterParent.h" @@ -3696,37 +3695,6 @@ ContentParent::DoSendAsyncMessage(JSContext* aCx, return NS_OK; } -bool -ContentParent::CheckPermission(const nsAString& aPermission) -{ - return AssertAppProcessPermission(this, NS_ConvertUTF16toUTF8(aPermission).get()); -} - -bool -ContentParent::CheckManifestURL(const nsAString& aManifestURL) -{ - return AssertAppProcessManifestURL(this, NS_ConvertUTF16toUTF8(aManifestURL).get()); -} - -bool -ContentParent::CheckAppHasPermission(const nsAString& aPermission) -{ - return AssertAppHasPermission(this, NS_ConvertUTF16toUTF8(aPermission).get()); -} - -bool -ContentParent::CheckAppHasStatus(unsigned short aStatus) -{ - return AssertAppHasStatus(this, aStatus); -} - -bool -ContentParent::KillChild() -{ - KillHard("KillChild"); - return true; -} - PBlobParent* ContentParent::SendPBlobConstructor(PBlobParent* aActor, const BlobConstructorParams& aParams) diff --git a/dom/ipc/ContentParent.h b/dom/ipc/ContentParent.h index 60b0f0300579..e45ccd519660 100644 --- a/dom/ipc/ContentParent.h +++ b/dom/ipc/ContentParent.h @@ -278,16 +278,6 @@ public: JS::Handle aCpows, nsIPrincipal* aPrincipal) override; - virtual bool CheckPermission(const nsAString& aPermission) override; - - virtual bool CheckManifestURL(const nsAString& aManifestURL) override; - - virtual bool CheckAppHasPermission(const nsAString& aPermission) override; - - virtual bool CheckAppHasStatus(unsigned short aStatus) override; - - virtual bool KillChild() override; - /** Notify that a tab is beginning its destruction sequence. */ static void NotifyTabDestroying(const TabId& aTabId, const ContentParentId& aCpId); diff --git a/dom/ipc/ContentProcessManager.h b/dom/ipc/ContentProcessManager.h index be92f4cd874c..e5f9b67e72f3 100644 --- a/dom/ipc/ContentProcessManager.h +++ b/dom/ipc/ContentProcessManager.h @@ -98,7 +98,6 @@ public: /** * Get all TabContext which are inside the given content process. - * Used for AppProcessChecker to cehck app status. */ nsTArray GetTabContextByContentProcess(const ContentParentId& aChildCpId); diff --git a/dom/ipc/TabParent.cpp b/dom/ipc/TabParent.cpp index cbaa4dd5e457..5ad2efa25913 100644 --- a/dom/ipc/TabParent.cpp +++ b/dom/ipc/TabParent.cpp @@ -9,7 +9,6 @@ #include "TabParent.h" #include "AudioChannelService.h" -#include "AppProcessChecker.h" #ifdef ACCESSIBILITY #include "mozilla/a11y/DocAccessibleParent.h" #include "nsAccessibilityService.h" @@ -996,12 +995,7 @@ TabParent::AllocPIndexedDBPermissionRequestParent(const Principal& aPrincipal) } nsCOMPtr manager = Manager(); - if (manager->IsContentParent()) { - if (NS_WARN_IF(!AssertAppPrincipal(manager->AsContentParent(), - principal))) { - return nullptr; - } - } else { + if (!manager->IsContentParent()) { MOZ_CRASH("Figure out security checks for bridged content!"); } @@ -1496,16 +1490,6 @@ TabParent::RecvSyncMessage(const nsString& aMessage, const IPC::Principal& aPrincipal, nsTArray* aRetVal) { - // FIXME Permission check for TabParent in Content process - nsIPrincipal* principal = aPrincipal; - if (Manager()->IsContentParent()) { - ContentParent* parent = Manager()->AsContentParent(); - if (!ContentParent::IgnoreIPCPrincipal() && - parent && principal && !AssertAppPrincipal(parent, principal)) { - return IPC_FAIL_NO_REASON(this); - } - } - StructuredCloneData data; ipc::UnpackClonedMessageDataForParent(aData, data); @@ -1523,16 +1507,6 @@ TabParent::RecvRpcMessage(const nsString& aMessage, const IPC::Principal& aPrincipal, nsTArray* aRetVal) { - // FIXME Permission check for TabParent in Content process - nsIPrincipal* principal = aPrincipal; - if (Manager()->IsContentParent()) { - ContentParent* parent = Manager()->AsContentParent(); - if (!ContentParent::IgnoreIPCPrincipal() && - parent && principal && !AssertAppPrincipal(parent, principal)) { - return IPC_FAIL_NO_REASON(this); - } - } - StructuredCloneData data; ipc::UnpackClonedMessageDataForParent(aData, data); @@ -1549,16 +1523,6 @@ TabParent::RecvAsyncMessage(const nsString& aMessage, const IPC::Principal& aPrincipal, const ClonedMessageData& aData) { - // FIXME Permission check for TabParent in Content process - nsIPrincipal* principal = aPrincipal; - if (Manager()->IsContentParent()) { - ContentParent* parent = Manager()->AsContentParent(); - if (!ContentParent::IgnoreIPCPrincipal() && - parent && principal && !AssertAppPrincipal(parent, principal)) { - return IPC_FAIL_NO_REASON(this); - } - } - StructuredCloneData data; ipc::UnpackClonedMessageDataForParent(aData, data); diff --git a/dom/ipc/moz.build b/dom/ipc/moz.build index 70b95a0114ed..818057ef5bd3 100644 --- a/dom/ipc/moz.build +++ b/dom/ipc/moz.build @@ -39,14 +39,12 @@ EXPORTS.mozilla.dom += [ ] EXPORTS.mozilla += [ - 'AppProcessChecker.h', 'ProcessHangMonitor.h', 'ProcessHangMonitorIPC.h', 'ProcessPriorityManager.h', ] UNIFIED_SOURCES += [ - 'AppProcessChecker.cpp', 'ColorPickerParent.cpp', 'ContentBridgeChild.cpp', 'ContentBridgeParent.cpp', diff --git a/dom/ipc/nsIContentParent.cpp b/dom/ipc/nsIContentParent.cpp index bd2fe10207b3..8b71f30beb86 100644 --- a/dom/ipc/nsIContentParent.cpp +++ b/dom/ipc/nsIContentParent.cpp @@ -6,7 +6,6 @@ #include "nsIContentParent.h" -#include "mozilla/AppProcessChecker.h" #include "mozilla/Preferences.h" #include "mozilla/dom/File.h" #include "mozilla/dom/ContentParent.h" @@ -217,16 +216,6 @@ nsIContentParent::RecvSyncMessage(const nsString& aMsg, const IPC::Principal& aPrincipal, nsTArray* aRetvals) { - // FIXME Permission check in Content process - nsIPrincipal* principal = aPrincipal; - if (IsContentParent()) { - ContentParent* parent = AsContentParent(); - if (!ContentParent::IgnoreIPCPrincipal() && - parent && principal && !AssertAppPrincipal(parent, principal)) { - return IPC_FAIL_NO_REASON(parent); - } - } - RefPtr ppm = mMessageManager; if (ppm) { ipc::StructuredCloneData data; @@ -246,16 +235,6 @@ nsIContentParent::RecvRpcMessage(const nsString& aMsg, const IPC::Principal& aPrincipal, nsTArray* aRetvals) { - // FIXME Permission check in Content process - nsIPrincipal* principal = aPrincipal; - if (IsContentParent()) { - ContentParent* parent = AsContentParent(); - if (!ContentParent::IgnoreIPCPrincipal() && - parent && principal && !AssertAppPrincipal(parent, principal)) { - return IPC_FAIL_NO_REASON(parent); - } - } - RefPtr ppm = mMessageManager; if (ppm) { ipc::StructuredCloneData data; @@ -300,16 +279,6 @@ nsIContentParent::RecvAsyncMessage(const nsString& aMsg, const IPC::Principal& aPrincipal, const ClonedMessageData& aData) { - // FIXME Permission check in Content process - nsIPrincipal* principal = aPrincipal; - if (IsContentParent()) { - ContentParent* parent = AsContentParent(); - if (!ContentParent::IgnoreIPCPrincipal() && - parent && principal && !AssertAppPrincipal(parent, principal)) { - return IPC_FAIL_NO_REASON(parent); - } - } - RefPtr ppm = mMessageManager; if (ppm) { ipc::StructuredCloneData data; diff --git a/dom/network/TCPServerSocketParent.cpp b/dom/network/TCPServerSocketParent.cpp index e0c203160d47..b838dd18240d 100644 --- a/dom/network/TCPServerSocketParent.cpp +++ b/dom/network/TCPServerSocketParent.cpp @@ -10,7 +10,6 @@ #include "nsJSUtils.h" #include "TCPSocketParent.h" #include "mozilla/Unused.h" -#include "mozilla/AppProcessChecker.h" #include "mozilla/dom/ContentParent.h" #include "mozilla/dom/TabParent.h" diff --git a/dom/network/TCPSocketParent.cpp b/dom/network/TCPSocketParent.cpp index 1cacc89be6ac..a6fce7bad13b 100644 --- a/dom/network/TCPSocketParent.cpp +++ b/dom/network/TCPSocketParent.cpp @@ -9,7 +9,6 @@ #include "jsfriendapi.h" #include "nsJSUtils.h" #include "mozilla/Unused.h" -#include "mozilla/AppProcessChecker.h" #include "mozilla/net/NeckoCommon.h" #include "mozilla/net/PNeckoParent.h" #include "mozilla/dom/ContentParent.h" @@ -118,14 +117,6 @@ mozilla::ipc::IPCResult TCPSocketParent::RecvOpen(const nsString& aHost, const uint16_t& aPort, const bool& aUseSSL, const bool& aUseArrayBuffers) { - // We don't have browser actors in xpcshell, and hence can't run automated - // tests without this loophole. - if (net::UsingNeckoIPCSecurity() && - !AssertAppProcessPermission(Manager()->Manager(), "tcp-socket")) { - FireInteralError(this, __LINE__); - return IPC_OK(); - } - // Obtain App ID uint32_t appId = GetAppId(); bool inIsolatedMozBrowser = GetInIsolatedMozBrowser(); @@ -146,12 +137,6 @@ TCPSocketParent::RecvOpenBind(const nsCString& aRemoteHost, const bool& aUseArrayBuffers, const nsCString& aFilter) { - if (net::UsingNeckoIPCSecurity() && - !AssertAppProcessPermission(Manager()->Manager(), "tcp-socket")) { - FireInteralError(this, __LINE__); - return IPC_OK(); - } - nsresult rv; nsCOMPtr sts = do_GetService("@mozilla.org/network/socket-transport-service;1", &rv); diff --git a/dom/network/UDPSocketParent.cpp b/dom/network/UDPSocketParent.cpp index 98663bc76442..61548f400e8e 100644 --- a/dom/network/UDPSocketParent.cpp +++ b/dom/network/UDPSocketParent.cpp @@ -9,7 +9,6 @@ #include "nsComponentManagerUtils.h" #include "nsIUDPSocket.h" #include "nsINetAddr.h" -#include "mozilla/AppProcessChecker.h" #include "mozilla/Unused.h" #include "mozilla/ipc/InputStreamUtils.h" #include "mozilla/net/DNS.h" @@ -27,14 +26,12 @@ NS_IMPL_ISUPPORTS(UDPSocketParent, nsIUDPSocketListener) UDPSocketParent::UDPSocketParent(PBackgroundParent* aManager) : mBackgroundManager(aManager) - , mNeckoManager(nullptr) , mIPCOpen(true) { } UDPSocketParent::UDPSocketParent(PNeckoParent* aManager) : mBackgroundManager(nullptr) - , mNeckoManager(aManager) , mIPCOpen(true) { } @@ -56,15 +53,6 @@ UDPSocketParent::Init(const IPC::Principal& aPrincipal, if (net::UsingNeckoIPCSecurity() && mPrincipal && !ContentParent::IgnoreIPCPrincipal()) { - if (mNeckoManager) { - if (!AssertAppPrincipal(mNeckoManager->Manager(), mPrincipal)) { - return false; - } - } else { - // PBackground is (for now) using a STUN filter for verification - // it's not being used for DoS - } - nsCOMPtr permMgr = services::GetPermissionManager(); if (!permMgr) { diff --git a/dom/network/UDPSocketParent.h b/dom/network/UDPSocketParent.h index a56a9b1b4f44..26894d584968 100644 --- a/dom/network/UDPSocketParent.h +++ b/dom/network/UDPSocketParent.h @@ -68,9 +68,7 @@ private: void SendInternalError(nsIEventTarget *aThread, uint32_t aLineNo); - // One of these will be null and the other non-null. PBackgroundParent* mBackgroundManager; - PNeckoParent* mNeckoManager; bool mIPCOpen; nsCOMPtr mSocket; diff --git a/dom/workers/ServiceWorkerManagerParent.cpp b/dom/workers/ServiceWorkerManagerParent.cpp index 70e849583af4..5e60085565ca 100644 --- a/dom/workers/ServiceWorkerManagerParent.cpp +++ b/dom/workers/ServiceWorkerManagerParent.cpp @@ -6,7 +6,6 @@ #include "ServiceWorkerManagerParent.h" #include "ServiceWorkerManagerService.h" -#include "mozilla/AppProcessChecker.h" #include "mozilla/dom/ContentParent.h" #include "mozilla/dom/ServiceWorkerRegistrar.h" #include "mozilla/ipc/BackgroundParent.h" @@ -128,8 +127,6 @@ public: NS_IMETHOD Run() override { if (NS_IsMainThread()) { - nsCOMPtr principal = PrincipalInfoToPrincipal(mPrincipalInfo); - AssertAppPrincipal(mContentParent, principal); mContentParent = nullptr; mBackgroundThread->Dispatch(this, NS_DISPATCH_NORMAL); diff --git a/hal/sandbox/SandboxHal.cpp b/hal/sandbox/SandboxHal.cpp index 154799511339..a2d733044055 100644 --- a/hal/sandbox/SandboxHal.cpp +++ b/hal/sandbox/SandboxHal.cpp @@ -6,7 +6,6 @@ #include "Hal.h" #include "HalLog.h" -#include "mozilla/AppProcessChecker.h" #include "mozilla/dom/ContentChild.h" #include "mozilla/dom/ContentParent.h" #include "mozilla/hal_sandbox/PHalChild.h" @@ -568,9 +567,6 @@ public: virtual mozilla::ipc::IPCResult RecvGetScreenEnabled(bool* aEnabled) override { - if (!AssertAppProcessPermission(this, "power")) { - return IPC_FAIL_NO_REASON(this); - } *aEnabled = hal::GetScreenEnabled(); return IPC_OK(); } @@ -578,9 +574,6 @@ public: virtual mozilla::ipc::IPCResult RecvSetScreenEnabled(const bool& aEnabled) override { - if (!AssertAppProcessPermission(this, "power")) { - return IPC_FAIL_NO_REASON(this); - } hal::SetScreenEnabled(aEnabled); return IPC_OK(); } @@ -588,9 +581,6 @@ public: virtual mozilla::ipc::IPCResult RecvGetKeyLightEnabled(bool* aEnabled) override { - if (!AssertAppProcessPermission(this, "power")) { - return IPC_FAIL_NO_REASON(this); - } *aEnabled = hal::GetKeyLightEnabled(); return IPC_OK(); } @@ -598,9 +588,6 @@ public: virtual mozilla::ipc::IPCResult RecvSetKeyLightEnabled(const bool& aEnabled) override { - if (!AssertAppProcessPermission(this, "power")) { - return IPC_FAIL_NO_REASON(this); - } hal::SetKeyLightEnabled(aEnabled); return IPC_OK(); } @@ -608,9 +595,6 @@ public: virtual mozilla::ipc::IPCResult RecvGetCpuSleepAllowed(bool* aAllowed) override { - if (!AssertAppProcessPermission(this, "power")) { - return IPC_FAIL_NO_REASON(this); - } *aAllowed = hal::GetCpuSleepAllowed(); return IPC_OK(); } @@ -618,9 +602,6 @@ public: virtual mozilla::ipc::IPCResult RecvSetCpuSleepAllowed(const bool& aAllowed) override { - if (!AssertAppProcessPermission(this, "power")) { - return IPC_FAIL_NO_REASON(this); - } hal::SetCpuSleepAllowed(aAllowed); return IPC_OK(); } @@ -628,9 +609,6 @@ public: virtual mozilla::ipc::IPCResult RecvGetScreenBrightness(double* aBrightness) override { - if (!AssertAppProcessPermission(this, "power")) { - return IPC_FAIL_NO_REASON(this); - } *aBrightness = hal::GetScreenBrightness(); return IPC_OK(); } @@ -638,9 +616,6 @@ public: virtual mozilla::ipc::IPCResult RecvSetScreenBrightness(const double& aBrightness) override { - if (!AssertAppProcessPermission(this, "power")) { - return IPC_FAIL_NO_REASON(this); - } hal::SetScreenBrightness(aBrightness); return IPC_OK(); } @@ -648,9 +623,6 @@ public: virtual mozilla::ipc::IPCResult RecvAdjustSystemClock(const int64_t &aDeltaMilliseconds) override { - if (!AssertAppProcessPermission(this, "time")) { - return IPC_FAIL_NO_REASON(this); - } hal::AdjustSystemClock(aDeltaMilliseconds); return IPC_OK(); } @@ -658,9 +630,6 @@ public: virtual mozilla::ipc::IPCResult RecvSetTimezone(const nsCString& aTimezoneSpec) override { - if (!AssertAppProcessPermission(this, "time")) { - return IPC_FAIL_NO_REASON(this); - } hal::SetTimezone(aTimezoneSpec); return IPC_OK(); } @@ -668,9 +637,6 @@ public: virtual mozilla::ipc::IPCResult RecvGetTimezone(nsCString *aTimezoneSpec) override { - if (!AssertAppProcessPermission(this, "time")) { - return IPC_FAIL_NO_REASON(this); - } *aTimezoneSpec = hal::GetTimezone(); return IPC_OK(); } @@ -678,9 +644,6 @@ public: virtual mozilla::ipc::IPCResult RecvGetTimezoneOffset(int32_t *aTimezoneOffset) override { - if (!AssertAppProcessPermission(this, "time")) { - return IPC_FAIL_NO_REASON(this); - } *aTimezoneOffset = hal::GetTimezoneOffset(); return IPC_OK(); } @@ -812,10 +775,6 @@ public: virtual mozilla::ipc::IPCResult RecvFactoryReset(const nsString& aReason) override { - if (!AssertAppProcessPermission(this, "power")) { - return IPC_FAIL_NO_REASON(this); - } - FactoryResetReason reason = FactoryResetReason::Normal; if (aReason.EqualsLiteral("normal")) { reason = FactoryResetReason::Normal; diff --git a/ipc/glue/BackgroundParentImpl.cpp b/ipc/glue/BackgroundParentImpl.cpp index 0589cf2dc5b8..f910a90832fb 100644 --- a/ipc/glue/BackgroundParentImpl.cpp +++ b/ipc/glue/BackgroundParentImpl.cpp @@ -12,7 +12,6 @@ #include "CamerasParent.h" #endif #include "mozilla/media/MediaParent.h" -#include "mozilla/AppProcessChecker.h" #include "mozilla/Assertions.h" #include "mozilla/dom/ContentParent.h" #include "mozilla/dom/DOMTypes.h" @@ -522,7 +521,6 @@ public: NullifyContentParentRAII raii(mContentParent); nsCOMPtr principal = PrincipalInfoToPrincipal(mPrincipalInfo); - AssertAppPrincipal(mContentParent, principal); if (principal->GetIsNullPrincipal()) { mContentParent->KillHard("BroadcastChannel killed: no null principal."); @@ -612,12 +610,6 @@ private: return true; } - if (!AssertAppProcessPermission(mContentParent.get(), - mPermissionName.get())) { - mContentParent->KillHard("PBackground actor killed: permission denied."); - return false; - } - return true; } diff --git a/netwerk/ipc/NeckoParent.cpp b/netwerk/ipc/NeckoParent.cpp index a549d72c068c..c333146987ea 100644 --- a/netwerk/ipc/NeckoParent.cpp +++ b/netwerk/ipc/NeckoParent.cpp @@ -32,7 +32,6 @@ #include "mozilla/dom/network/UDPSocketParent.h" #include "mozilla/dom/workers/ServiceWorkerManager.h" #include "mozilla/LoadContext.h" -#include "mozilla/AppProcessChecker.h" #include "nsPrintfCString.h" #include "nsHTMLDNSPrefetch.h" #include "nsIAppsService.h"