Bug 821671 - Check alarm API parameters in the parent (part 1, provide .AssertAppProcess() with different types). r=sicking

content/base/src/nsFrameLoader.cpp

@@ -77,7 +77,7 @@
 
 #include "Layers.h"
 
-#include "AppProcessPermissions.h"
+#include "AppProcessChecker.h"
 #include "ContentParent.h"
 #include "TabParent.h"
 #include "mozilla/GuardObjects.h"

content/base/src/nsFrameMessageManager.cpp

@@ -7,7 +7,7 @@
 
 #include "nsFrameMessageManager.h"
 
-#include "AppProcessPermissions.h"
+#include "AppProcessChecker.h"
 #include "ContentChild.h"
 #include "ContentParent.h"
 #include "nsContentUtils.h"

dom/devicestorage/DeviceStorageRequestParent.cpp

@@ -11,7 +11,7 @@
 #include "mozilla/dom/ipc/Blob.h"
 #include "ContentParent.h"
 #include "nsProxyRelease.h"
-#include "AppProcessPermissions.h"
+#include "AppProcessChecker.h"
 #include "mozilla/Preferences.h"
 
 namespace mozilla {

dom/indexedDB/ipc/IndexedDBParent.cpp

@@ -12,7 +12,7 @@
 #include "nsIJSContextStack.h"
 #include "nsIXPConnect.h"
 
-#include "mozilla/AppProcessPermissions.h"
+#include "mozilla/AppProcessChecker.h"
 #include "mozilla/Assertions.h"
 #include "mozilla/unused.h"
 #include "mozilla/Util.h"

dom/ipc/AppProcessChecker.cpp

@@ -5,7 +5,7 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include "AppProcessPermissions.h"
+#include "AppProcessChecker.h"
 #include "ContentParent.h"
 #include "mozIApplication.h"
 #include "mozilla/hal_sandbox/PHalParent.h"
@@ -19,41 +19,59 @@ using namespace mozilla::services;
 namespace mozilla {
 
 bool
-AssertAppProcessPermission(PBrowserParent* aActor, const char* aPermission)
+AssertAppProcess(PBrowserParent* aActor,
+                 AssertAppProcessType aType,
+                 const char* aCapability)
 {
   if (!aActor) {
-    NS_WARNING("Testing permissions for null actor");
+    NS_WARNING("Testing process capability for null actor");
     return false;
   }
 
   TabParent* tab = static_cast<TabParent*>(aActor);
   nsCOMPtr<mozIApplication> app = tab->GetOwnOrContainingApp();
-  bool hasPermission = false;
+  bool aValid = false;
 
   // isBrowser frames inherit their app descriptor to identify their
-  // data storage, but they don't inherit the permissions associated
+  // data storage, but they don't inherit the capability associated
   // with that descriptor.
   if (app && !tab->IsBrowserElement()) {
-    if (!NS_SUCCEEDED(app->HasPermission(aPermission, &hasPermission))) {
-      hasPermission = false;
+    switch (aType) {
+      case ASSERT_APP_PROCESS_PERMISSION:
+        if (!NS_SUCCEEDED(app->HasPermission(aCapability, &aValid))) {
+          aValid = false;
+        }
+        break;
+      case ASSERT_APP_PROCESS_MANIFEST_URL: {
+        nsAutoString manifestURL;
+        if (NS_SUCCEEDED(app->GetManifestURL(manifestURL)) &&
+            manifestURL.EqualsASCII(aCapability)) {
+          aValid = true;
+        }
+        break;
+      }
+      default:
+        break;
     }
   }
 
-  if (!hasPermission) {
-    printf_stderr("Security problem: Content process does not have `%s' permission.  It will be killed.\n", aPermission);
+  if (!aValid) {
+    printf_stderr("Security problem: Content process does not have `%s'.  It will be killed.\n", aCapability);
     ContentParent* process = static_cast<ContentParent*>(aActor->Manager());
     process->KillHard();
   }
-  return hasPermission;
+  return aValid;
 }
 
 bool
-AssertAppProcessPermission(PContentParent* aActor, const char* aPermission)
+AssertAppProcess(PContentParent* aActor,
+                 AssertAppProcessType aType,
+                 const char* aCapability)
 {
   const InfallibleTArray<PBrowserParent*>& browsers =
     aActor->ManagedPBrowserParent();
   for (uint32_t i = 0; i < browsers.Length(); ++i) {
-    if (AssertAppProcessPermission(browsers[i], aPermission)) {
+    if (AssertAppProcess(browsers[i], aType, aCapability)) {
       return true;
     }
   }
@@ -61,9 +79,11 @@ AssertAppProcessPermission(PContentParent* aActor, const char* aPermission)
 }
 
 bool
-AssertAppProcessPermission(PHalParent* aActor, const char* aPermission)
+AssertAppProcess(PHalParent* aActor,
+                 AssertAppProcessType aType,
+                 const char* aCapability)
 {
-  return AssertAppProcessPermission(aActor->Manager(), aPermission);
+  return AssertAppProcess(aActor->Manager(), aType, aCapability);
 }
 
 } // namespace mozilla

dom/ipc/AppProcessChecker.h

@@ -0,0 +1,86 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: sw=2 ts=8 et :
+ */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_AppProcessChecker_h
+#define mozilla_AppProcessChecker_h
+
+namespace mozilla {
+
+namespace dom {
+class PBrowserParent;
+class PContentParent;
+}
+
+namespace hal_sandbox {
+class PHalParent;
+}
+
+enum AssertAppProcessType {
+  ASSERT_APP_PROCESS_PERMISSION,
+  ASSERT_APP_PROCESS_MANIFEST_URL
+};
+
+/**
+ * Return true iff the specified browser has the specified capability.
+ * If this returns false, the browser didn't have the capability and
+ * will be killed.
+ */
+bool
+AssertAppProcess(mozilla::dom::PBrowserParent* aActor,
+                 AssertAppProcessType aType,
+                 const char* aCapability);
+
+/**
+ * Return true iff any of the PBrowsers loaded in this content process
+ * has the specified capability.  If this returns false, the process
+ * didn't have the capability and will be killed.
+ */
+bool
+AssertAppProcess(mozilla::dom::PContentParent* aActor,
+                 AssertAppProcessType aType,
+                 const char* aCapability);
+
+bool
+AssertAppProcess(mozilla::hal_sandbox::PHalParent* aActor,
+                 AssertAppProcessType aType,
+                 const char* aCapability);
+
+// NB: when adding capability checks for other IPDL actors, please add
+// them to this file and have them delegate to the two functions above
+// as appropriate.  For example,
+//
+//   bool AppProcessHasCapability(PNeckoParent* aActor, AssertAppProcessType aType) {
+//     return AssertAppProcess(aActor->Manager(), aType);
+//   }
+
+/**
+ * Inline function for asserting the process's permission.
+ */
+template<typename T>
+inline bool
+AssertAppProcessPermission(T* aActor,
+                           const char* aPermission) {
+  return AssertAppProcess(aActor,
+                          ASSERT_APP_PROCESS_PERMISSION,
+                          aPermission);
+}
+
+/**
+ * Inline function for asserting the process's manifest URL.
+ */
+template<typename T>
+inline bool
+AssertAppProcessManifestURL(T* aActor,
+                            const char* aManifestURL) {
+  return AssertAppProcess(aActor,
+                          ASSERT_APP_PROCESS_MANIFEST_URL,
+                          aManifestURL);
+}
+
+} // namespace mozilla
+
+#endif // mozilla_AppProcessChecker_h

dom/ipc/AppProcessPermissions.h

@@ -1,54 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- * vim: sw=2 ts=8 et :
- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef mozilla_AppProcessPermissions_h
-#define mozilla_AppProcessPermissions_h
-
-namespace mozilla {
-
-namespace dom {
-class PBrowserParent;
-class PContentParent;
-}
-
-namespace hal_sandbox {
-class PHalParent;
-}
-
-/**
- * Return true iff the specified browser has the specified capability.
- * If this returns false, the browser didn't have the permission and
- * will be killed.
- */
-bool
-AssertAppProcessPermission(mozilla::dom::PBrowserParent* aActor,
-                           const char* aPermission);
-
-/**
- * Return true iff any of the PBrowsers loaded in this content process
- * has the specified capability.  If this returns false, the process
- * didn't have the permission and will be killed.
- */
-bool
-AssertAppProcessPermission(mozilla::dom::PContentParent* aActor,
-                           const char* aPermission);
-
-bool
-AssertAppProcessPermission(mozilla::hal_sandbox::PHalParent* aActor,
-                           const char* aPermission);
-
-// NB: when adding capability checks for other IPDL actors, please add
-// them to this file and have them delegate to the two functions above
-// as appropriate.  For example,
-//
-//   bool AppProcessHasCapability(PNeckoParent* aActor) {
-//     return AssertAppProcessPermission(aActor->Manager());
-//   }
-
-} // namespace mozilla
-
-#endif // mozilla_AppProcessPermissions_h

dom/ipc/ContentParent.cpp

@@ -17,7 +17,7 @@
 
 #include "chrome/common/process_watcher.h"
 
-#include "AppProcessPermissions.h"
+#include "AppProcessChecker.h"
 #include "AudioChannelService.h"
 #include "CrashReporterParent.h"
 #include "IHistory.h"

dom/ipc/Makefile.in

@@ -31,7 +31,7 @@ EXPORTS_NAMESPACES = \
   $(NULL)
 
 EXPORTS_mozilla = \
-  AppProcessPermissions.h \
+  AppProcessChecker.h \
   $(NULL)
 
 EXPORTS_mozilla/dom = \
@@ -55,7 +55,7 @@ EXPORTS_mozilla/dom/ipc = \
   $(NULL)
 
 CPPSRCS = \
-  AppProcessPermissions.cpp \
+  AppProcessChecker.cpp \
   Blob.cpp \
   ContentProcess.cpp \
   ContentParent.cpp \

dom/network/src/TCPSocketParent.cpp

@@ -8,7 +8,7 @@
 #include "nsJSUtils.h"
 #include "nsIDOMTCPSocket.h"
 #include "mozilla/unused.h"
-#include "mozilla/AppProcessPermissions.h"
+#include "mozilla/AppProcessChecker.h"
 
 namespace IPC {
 

hal/sandbox/SandboxHal.cpp

@@ -5,7 +5,7 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "Hal.h"
-#include "mozilla/AppProcessPermissions.h"
+#include "mozilla/AppProcessChecker.h"
 #include "mozilla/dom/ContentChild.h"
 #include "mozilla/hal_sandbox/PHalChild.h"
 #include "mozilla/hal_sandbox/PHalParent.h"