wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 813994 - Alarm API - Need additional security checks for the "alarms" permission. r=bent

Browse Source
This commit is contained in:
Gene Lian 2012-11-28 19:13:58 +08:00
parent d3c5f9848d
commit 6523951e3d
2 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
dom/alarm/AlarmService.jsm
View File

@ -84,6 +84,16 @@ this.AlarmService = {
receiveMessage: function receiveMessage(aMessage) {
debug("receiveMessage(): " + aMessage.name);
// To prevent hacked child processes from sending commands to parent
// to schedule alarms, we need to check their installed permissions.
if (["AlarmsManager:GetAll", "AlarmsManager:Add", "AlarmsManager:Remove"]
.indexOf(aMessage.name) != -1) {
if (!aMessage.target.assertPermission("alarms")) {
debug("Got message from a child process with no 'alarms' permission.");
return null;
}
}
let mm = aMessage.target.QueryInterface(Ci.nsIMessageSender);
let json = aMessage.json;
switch (aMessage.name) {

11
dom/alarm/AlarmsManager.js
View File

@ -141,15 +141,10 @@ AlarmsManager.prototype = {
if (!Services.prefs.getBoolPref("dom.mozAlarms.enabled"))
return null;
let principal = aWindow.document.nodePrincipal;
let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(Ci.nsIScriptSecurityManager);
let perm = Services.perms.testExactPermissionFromPrincipal(principal, "alarms");
// Only pages with perm set can use the alarms.
this.hasPrivileges = perm == Ci.nsIPermissionManager.ALLOW_ACTION;
if (!this.hasPrivileges)
let principal = aWindow.document.nodePrincipal;
let perm = Services.perms.testExactPermissionFromPrincipal(principal, "alarms");
if (perm != Ci.nsIPermissionManager.ALLOW_ACTION)
return null;
this._cpmm = Cc["@mozilla.org/childprocessmessagemanager;1"].getService(Ci.nsISyncMessageSender);