Bug 923625 - DataStore sends the principal as argument in sendAsyncMessage, r=ehsan

2024-09-13 09:24:08 -07:00 · 2013-11-26 16:31:07 +00:00 · 2013-11-26 16:31:07 +00:00 · dcf5365ef2
commit dcf5365ef2
parent f0c3b189a6
12 changed files with 69 additions and 23 deletions
--- a/dom/datastore/DataStoreService.js
+++ b/dom/datastore/DataStoreService.js
@ -236,8 +236,11 @@ DataStoreService.prototype = {
        // This method can be called in the child so we need to send a request
        // to the parent and create DataStore object here.
        new DataStoreServiceChild(aWindow, aName, function(aStores) {
-          debug("DataStoreServiceChild callback!");
+          debug("DataStoreServiceChild success callback!");
          self.getDataStoreCreate(aWindow, resolve, aStores);
+        }, function() {
+          debug("DataStoreServiceChild error callback!");
+          reject(new aWindow.DOMError("SecurityError", "Access denied"));
        });
      }
    });
@ -425,32 +428,38 @@ DataStoreService.prototype = {

 /* DataStoreServiceChild */

-function DataStoreServiceChild(aWindow, aName, aCallback) {
+function DataStoreServiceChild(aWindow, aName, aSuccessCb, aErrorCb) {
  debug("DataStoreServiceChild created");
-  this.init(aWindow, aName, aCallback);
+  this.init(aWindow, aName, aSuccessCb, aErrorCb);
 }

 DataStoreServiceChild.prototype = {
  __proto__: DOMRequestIpcHelper.prototype,

-  init: function(aWindow, aName, aCallback) {
+  init: function(aWindow, aName, aSuccessCb, aErrorCb) {
    debug("DataStoreServiceChild init");
-    this._callback = aCallback;
+    this._successCb = aSuccessCb;
+    this._errorCb = aErrorCb;

-    this.initDOMRequestHelper(aWindow, [ "DataStore:Get:Return" ]);
+    this.initDOMRequestHelper(aWindow, [ "DataStore:Get:Return:OK",
+                                         "DataStore:Get:Return:KO" ]);

-    // This is a security issue and it will be fixed by Bug 916091
    cpmm.sendAsyncMessage("DataStore:Get",
-                          { name: aName, appId: aWindow.document.nodePrincipal.appId });
+                          { name: aName }, null, aWindow.document.nodePrincipal );
  },

  receiveMessage: function(aMessage) {
    debug("DataStoreServiceChild receiveMessage");
-    if (aMessage.name != 'DataStore:Get:Return') {
-      return;
-    }

-    this._callback(aMessage.data.stores);
+    switch (aMessage.name) {
+      case 'DataStore:Get:Return:OK':
+        this._successCb(aMessage.data.stores);
+        break;
+
+      case 'DataStore:Get:Return:KO':
+        this._errorCb();
+        break;
+    }
  }
 }

--- a/dom/datastore/DataStoreServiceInternal.jsm
+++ b/dom/datastore/DataStoreServiceInternal.jsm
@ -42,9 +42,14 @@ this.DataStoreServiceInternal = {

    let msg = aMessage.data;

-    // This is a security issue and it will be fixed by Bug 916091
-    msg.stores = dataStoreService.getDataStoresInfo(msg.name, msg.appId);
-    aMessage.target.sendAsyncMessage("DataStore:Get:Return", msg);
+    if (!aMessage.principal ||
+        aMessage.principal.appId == Ci.nsIScriptSecurityManager.UNKNOWN_APP_ID) {
+      aMessage.target.sendAsyncMessage("DataStore:Get:Return:KO");
+      return;
+    }
+
+    msg.stores = dataStoreService.getDataStoresInfo(msg.name, aMessage.principal.appId);
+    aMessage.target.sendAsyncMessage("DataStore:Get:Return:OK", msg);
  }
 }

--- a/dom/datastore/tests/test_app_install.html
+++ b/dom/datastore/tests/test_app_install.html
@ -26,7 +26,8 @@
     { "type": "webapps-manage", "allow": 1, "context": document }],
    function() {
      SpecialPowers.pushPrefEnv({"set": [["dom.datastore.enabled", true],
-                                         ["dom.promise.enabled", true]]}, function() {
+                                         ["dom.promise.enabled", true],
+                                         ["geo.testing.ignore_ipc_principal", true]]}, function() {
        gGenerator.next(); });
    });

--- a/dom/datastore/tests/test_arrays.html
+++ b/dom/datastore/tests/test_arrays.html
@ -83,6 +83,10 @@
      SpecialPowers.pushPrefEnv({"set": [["dom.datastore.enabled", true]]}, runTest);
    },

+    function() {
+      SpecialPowers.pushPrefEnv({"set": [["geo.testing.ignore_ipc_principal", true]]}, runTest);
+    },
+
    function() {
      SpecialPowers.setAllAppsLaunchable(true);
      SpecialPowers.setBoolPref("dom.mozBrowserFramesEnabled", true);
--- a/dom/datastore/tests/test_basic.html
+++ b/dom/datastore/tests/test_basic.html
@ -83,6 +83,10 @@
      SpecialPowers.pushPrefEnv({"set": [["dom.datastore.enabled", true]]}, runTest);
    },

+    function() {
+      SpecialPowers.pushPrefEnv({"set": [["geo.testing.ignore_ipc_principal", true]]}, runTest);
+    },
+
    function() {
      SpecialPowers.setAllAppsLaunchable(true);
      SpecialPowers.setBoolPref("dom.mozBrowserFramesEnabled", true);
--- a/dom/datastore/tests/test_bug924104.html
+++ b/dom/datastore/tests/test_bug924104.html
@ -83,6 +83,10 @@
      SpecialPowers.pushPrefEnv({"set": [["dom.datastore.enabled", true]]}, runTest);
    },

+    function() {
+      SpecialPowers.pushPrefEnv({"set": [["geo.testing.ignore_ipc_principal", true]]}, runTest);
+    },
+
    function() {
      SpecialPowers.setAllAppsLaunchable(true);
      SpecialPowers.setBoolPref("dom.mozBrowserFramesEnabled", true);
--- a/dom/datastore/tests/test_changes.html
+++ b/dom/datastore/tests/test_changes.html
@ -127,6 +127,10 @@
      SpecialPowers.pushPrefEnv({"set": [["dom.datastore.enabled", true]]}, runTest);
    },

+    function() {
+      SpecialPowers.pushPrefEnv({"set": [["geo.testing.ignore_ipc_principal", true]]}, runTest);
+    },
+
    // Enabling mozBrowser
    function() {
      SpecialPowers.setAllAppsLaunchable(true);
--- a/dom/datastore/tests/test_oop.html
+++ b/dom/datastore/tests/test_oop.html
@ -83,6 +83,10 @@
      SpecialPowers.pushPrefEnv({"set": [["dom.datastore.enabled", true]]}, runTest);
    },

+    function() {
+      SpecialPowers.pushPrefEnv({"set": [["geo.testing.ignore_ipc_principal", true]]}, runTest);
+    },
+
    function() {
      SpecialPowers.pushPrefEnv({"set": [["dom.ipc.browser_frames.oop_by_default", true]]}, runTest);
    },
--- a/dom/datastore/tests/test_readonly.html
+++ b/dom/datastore/tests/test_readonly.html
@ -101,7 +101,8 @@

  SimpleTest.waitForExplicitFinish();
  SpecialPowers.pushPrefEnv({"set": [["dom.promise.enabled", true],
-                                     ["dom.datastore.enabled", true]]}, runTest);
+                                     ["dom.datastore.enabled", true],
+                                     ["geo.testing.ignore_ipc_principal", true]]}, runTest);
  </script>
 </body>
 </html>
--- a/dom/datastore/tests/test_sync.html
+++ b/dom/datastore/tests/test_sync.html
@ -83,6 +83,10 @@
      SpecialPowers.pushPrefEnv({"set": [["dom.datastore.enabled", true]]}, runTest);
    },

+    function() {
+      SpecialPowers.pushPrefEnv({"set": [["geo.testing.ignore_ipc_principal", true]]}, runTest);
+    },
+
    function() {
      SpecialPowers.setBoolPref("dom.mozBrowserFramesEnabled", true);
      runTest();
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@ -2711,7 +2711,8 @@ ContentParent::RecvSyncMessage(const nsString& aMsg,
                               InfallibleTArray<nsString>* aRetvals)
 {
  nsIPrincipal* principal = aPrincipal;
-  if (principal && !AssertAppPrincipal(this, principal)) {
+  if (!Preferences::GetBool("geo.testing.ignore_ipc_principal", false) &&
+      principal && !AssertAppPrincipal(this, principal)) {
    return false;
  }

@ -2734,7 +2735,8 @@ ContentParent::AnswerRpcMessage(const nsString& aMsg,
                                InfallibleTArray<nsString>* aRetvals)
 {
  nsIPrincipal* principal = aPrincipal;
-  if (principal && !AssertAppPrincipal(this, principal)) {
+  if (!Preferences::GetBool("geo.testing.ignore_ipc_principal", false) &&
+      principal && !AssertAppPrincipal(this, principal)) {
    return false;
  }

@ -2755,7 +2757,8 @@ ContentParent::RecvAsyncMessage(const nsString& aMsg,
                                const IPC::Principal& aPrincipal)
 {
  nsIPrincipal* principal = aPrincipal;
-  if (principal && !AssertAppPrincipal(this, principal)) {
+  if (!Preferences::GetBool("geo.testing.ignore_ipc_principal", false) &&
+      principal && !AssertAppPrincipal(this, principal)) {
    return false;
  }

--- a/dom/ipc/TabParent.cpp
+++ b/dom/ipc/TabParent.cpp
@ -775,7 +775,8 @@ TabParent::RecvSyncMessage(const nsString& aMessage,
 {
  nsIPrincipal* principal = aPrincipal;
  ContentParent* parent = static_cast<ContentParent*>(Manager());
-  if (principal && !AssertAppPrincipal(parent, principal)) {
+  if (!Preferences::GetBool("geo.testing.ignore_ipc_principal", false) &&
+      principal && !AssertAppPrincipal(parent, principal)) {
    return false;
  }

@ -793,7 +794,8 @@ TabParent::AnswerRpcMessage(const nsString& aMessage,
 {
  nsIPrincipal* principal = aPrincipal;
  ContentParent* parent = static_cast<ContentParent*>(Manager());
-  if (principal && !AssertAppPrincipal(parent, principal)) {
+  if (!Preferences::GetBool("geo.testing.ignore_ipc_principal", false) &&
+      principal && !AssertAppPrincipal(parent, principal)) {
    return false;
  }

@ -810,7 +812,8 @@ TabParent::RecvAsyncMessage(const nsString& aMessage,
 {
  nsIPrincipal* principal = aPrincipal;
  ContentParent* parent = static_cast<ContentParent*>(Manager());
-  if (principal && !AssertAppPrincipal(parent, principal)) {
+  if (!Preferences::GetBool("geo.testing.ignore_ipc_principal", false) &&
+      principal && !AssertAppPrincipal(parent, principal)) {
    return false;
  }