Bug 777384 - Prevent unprivileged code from embedding apps. r=jlebar

--HG-- extra : rebase_source : 5d93aeaf1a69d7609b914a207ed7f63b3d3545ad
2024-09-13 09:24:08 -07:00 · 2012-09-27 01:47:18 +08:00 · 2012-09-27 01:47:18 +08:00 · 30e3ec5d36
commit 30e3ec5d36
parent d37007e0cd
2 changed files with 30 additions and 19 deletions
--- a/content/base/src/nsFrameLoader.cpp
+++ b/content/base/src/nsFrameLoader.cpp
@ -1487,22 +1487,22 @@ nsFrameLoader::MaybeCreateDocShell()
  mDocShell = do_CreateInstance("@mozilla.org/docshell;1");
  NS_ENSURE_TRUE(mDocShell, NS_ERROR_FAILURE);

-  if (OwnerIsBrowserFrame() &&
-      mOwnerContent->HasAttr(kNameSpaceID_None, nsGkAtoms::mozapp)) {
-    nsCOMPtr<nsIAppsService> appsService =
-      do_GetService(APPS_SERVICE_CONTRACTID);
-    if (!appsService) {
-      NS_ERROR("Apps Service is not available!");
-      return NS_ERROR_FAILURE;
-    }
-
+  if (OwnerIsBrowserFrame()) {
    nsAutoString manifest;
-    mOwnerContent->GetAttr(kNameSpaceID_None, nsGkAtoms::mozapp, manifest);
+    GetOwnerAppManifestURL(manifest);
+    if (!manifest.IsEmpty()) {
+      nsCOMPtr<nsIAppsService> appsService =
+        do_GetService(APPS_SERVICE_CONTRACTID);
+      if (!appsService) {
+        NS_ERROR("Apps Service is not available!");
+        return NS_ERROR_FAILURE;
+      }

-    uint32_t appId;
-    appsService->GetAppLocalIdByManifestURL(manifest, &appId);
+      uint32_t appId;
+      appsService->GetAppLocalIdByManifestURL(manifest, &appId);

-    mDocShell->SetAppId(appId);
+      mDocShell->SetAppId(appId);
+    }
  }

  if (!mNetworkCreated) {
@ -1981,10 +1981,9 @@ nsFrameLoader::TryRemoteBrowser()
  if (OwnerIsBrowserFrame()) {
    isBrowserElement = true;

-    if (mOwnerContent->HasAttr(kNameSpaceID_None, nsGkAtoms::mozapp)) {
-      nsAutoString manifest;
-      mOwnerContent->GetAttr(kNameSpaceID_None, nsGkAtoms::mozapp, manifest);
-
+    nsAutoString manifest;
+    GetOwnerAppManifestURL(manifest);
+    if (!manifest.IsEmpty()) {
      nsCOMPtr<nsIAppsService> appsService = do_GetService(APPS_SERVICE_CONTRACTID);
      if (!appsService) {
        NS_ERROR("Apps Service is not available!");
--- a/content/html/content/src/nsGenericHTMLFrameElement.cpp
+++ b/content/html/content/src/nsGenericHTMLFrameElement.cpp
@ -325,8 +325,20 @@ nsGenericHTMLFrameElement::GetAppManifestURL(nsAString& aOut)
    return NS_OK;
  }

-  // TODO: We surely need a permissions check here, particularly once we no
-  // longer rely on the mozbrowser permission check.
+  // Check permission.
+  nsIPrincipal *principal = NodePrincipal();
+  nsCOMPtr<nsIPermissionManager> permMgr =
+    do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
+  NS_ENSURE_STATE(permMgr);
+
+  uint32_t permission = nsIPermissionManager::DENY_ACTION;
+  nsresult rv = permMgr->TestPermissionFromPrincipal(principal,
+                                                     "embed-apps",
+                                                     &permission);
+  NS_ENSURE_SUCCESS(rv, NS_OK);
+  if (permission != nsIPermissionManager::ALLOW_ACTION) {
+    return NS_OK;
+  }

  nsAutoString manifestURL;
  GetAttr(kNameSpaceID_None, nsGkAtoms::mozapp, manifestURL);