Bug 1445551: Part 3 - Remove AllowCPOWsInAddon machinery. r=mccr8
This is all dead code now that the add-on manager support for shimmed add-ons
has been removed.
MozReview-Commit-ID: J6aRQDqEahs
--- a/js/ipc/JavaScriptParent.cpp
+++ b/js/ipc/JavaScriptParent.cpp
@@ -53,89 +53,39 @@ ForbidUnsafeBrowserCPOWs()
static bool cached = false;
if (!cached) {
cached = true;
Preferences::AddBoolVarCache(&result, "dom.ipc.cpows.forbid-unsafe-from-browser", false);
}
return result;
}
-// Should we allow CPOWs in aAddonId, even though it's marked as multiprocess
-// compatible? This is controlled by two prefs:
-// If dom.ipc.cpows.forbid-cpows-in-compat-addons is false, then we allow the CPOW.
-// If dom.ipc.cpows.forbid-cpows-in-compat-addons is true:
-// We check if aAddonId is listed in dom.ipc.cpows.allow-cpows-in-compat-addons
-// (which should be a comma-separated string). If it's present there, we allow
-// the CPOW. Otherwise we forbid the CPOW.
-static bool
-ForbidCPOWsInCompatibleAddon(const nsACString& aAddonId)
-{
- bool forbid = Preferences::GetBool("dom.ipc.cpows.forbid-cpows-in-compat-addons", false);
- if (!forbid) {
- return false;
- }
-
- nsAutoCString allow;
- allow.Assign(',');
- nsAutoCString pref;
- Preferences::GetCString("dom.ipc.cpows.allow-cpows-in-compat-addons", pref);
- allow.Append(pref);
- allow.Append(',');
-
- nsCString searchString(",");
- searchString.Append(aAddonId);
- searchString.Append(',');
- return allow.Find(searchString) == kNotFound;
-}
-
bool
JavaScriptParent::allowMessage(JSContext* cx)
{
// If we're running browser code, then we allow all safe CPOWs and forbid
// unsafe CPOWs based on a pref (which defaults to forbidden). We also allow
// CPOWs unconditionally in selected globals (based on
// Cu.permitCPOWsInScope).
- //
- // If we're running add-on code, then we check if the add-on is multiprocess
- // compatible (which eventually translates to a given setting of allowCPOWs
- // on the scopw). If it's not compatible, then we allow the CPOW but
- // warn. If it is marked as compatible, then we check the
- // ForbidCPOWsInCompatibleAddon; see the comment there.
MessageChannel* channel = GetIPCChannel();
bool isSafe = channel->IsInTransaction();
bool warn = !isSafe;
nsIGlobalObject* global = dom::GetIncumbentGlobal();
JS::Rooted<JSObject*> jsGlobal(cx, global ? global->GetGlobalJSObject() : nullptr);
if (jsGlobal) {
JSAutoCompartment ac(cx, jsGlobal);
- JSAddonId* addonId = JS::AddonIdOfObject(jsGlobal);
if (!xpc::CompartmentPrivate::Get(jsGlobal)->allowCPOWs) {
- if (!addonId && ForbidUnsafeBrowserCPOWs() && !isSafe) {
+ if (ForbidUnsafeBrowserCPOWs() && !isSafe) {
Telemetry::Accumulate(Telemetry::BROWSER_SHIM_USAGE_BLOCKED, 1);
JS_ReportErrorASCII(cx, "unsafe CPOW usage forbidden");
return false;
}
-
- if (addonId) {
- JSFlatString* flat = JS_ASSERT_STRING_IS_FLAT(JS::StringOfAddonId(addonId));
- nsString addonIdString;
- AssignJSFlatString(addonIdString, flat);
- NS_ConvertUTF16toUTF8 addonIdCString(addonIdString);
- Telemetry::Accumulate(Telemetry::ADDON_FORBIDDEN_CPOW_USAGE, addonIdCString);
-
- if (ForbidCPOWsInCompatibleAddon(addonIdCString)) {
- JS_ReportErrorASCII(cx, "CPOW usage forbidden in this add-on");
- return false;
- }
-
- warn = true;
- }
}
}
if (!warn)
return true;
static bool disableUnsafeCPOWWarnings = PR_GetEnv("DISABLE_UNSAFE_CPOW_WARNINGS");
if (!disableUnsafeCPOWWarnings) {
--- a/js/xpconnect/idl/xpccomponents.idl
+++ b/js/xpconnect/idl/xpccomponents.idl
@@ -685,19 +685,16 @@ interface nsIXPCComponents_Utils : nsISu
* Unwraps cross-compartment wrappers first.
*
* The string formats and values may change at any time. Do not depend on
* this from addon code.
*/
[implicit_jscontext]
ACString getCompartmentLocation(in jsval obj);
- [implicit_jscontext]
- void allowCPOWsInAddon(in ACString addonId, in bool allow);
-
/*
* Return a fractional number of milliseconds from process
* startup, measured with a monotonic clock.
*/
double now();
/*
* Reads the given file and returns its contents. If called during early
--- a/js/xpconnect/src/XPCComponents.cpp
+++ b/js/xpconnect/src/XPCComponents.cpp
@@ -3101,30 +3101,16 @@ nsXPCComponents_Utils::GetCompartmentLoc
obj = js::CheckedUnwrap(obj);
MOZ_ASSERT(obj);
result = xpc::CompartmentPrivate::Get(obj)->GetLocation();
return NS_OK;
}
NS_IMETHODIMP
-nsXPCComponents_Utils::AllowCPOWsInAddon(const nsACString& addonIdStr,
- bool allow,
- JSContext* cx)
-{
- JSAddonId* addonId = xpc::NewAddonId(cx, addonIdStr);
- if (!addonId)
- return NS_ERROR_FAILURE;
- if (!XPCWrappedNativeScope::AllowCPOWsInAddon(cx, addonId, allow))
- return NS_ERROR_FAILURE;
-
- return NS_OK;
-}
-
-NS_IMETHODIMP
nsXPCComponents_Utils::ReadUTF8File(nsIFile* aFile, nsACString& aResult)
{
NS_ENSURE_TRUE(aFile, NS_ERROR_INVALID_ARG);
MOZ_TRY_VAR(aResult, URLPreloader::ReadFile(aFile));
return NS_OK;
}
--- a/js/xpconnect/src/XPCWrappedNativeScope.cpp
+++ b/js/xpconnect/src/XPCWrappedNativeScope.cpp
@@ -21,36 +21,16 @@
using namespace mozilla;
using namespace xpc;
using namespace JS;
/***************************************************************************/
XPCWrappedNativeScope* XPCWrappedNativeScope::gScopes = nullptr;
XPCWrappedNativeScope* XPCWrappedNativeScope::gDyingScopes = nullptr;
-bool XPCWrappedNativeScope::gShutdownObserverInitialized = false;
-XPCWrappedNativeScope::AddonSet* XPCWrappedNativeScope::gAllowCPOWAddonSet = nullptr;
-
-NS_IMPL_ISUPPORTS(XPCWrappedNativeScope::ClearInterpositionsObserver, nsIObserver)
-
-NS_IMETHODIMP
-XPCWrappedNativeScope::ClearInterpositionsObserver::Observe(nsISupports* subject,
- const char* topic,
- const char16_t* data)
-{
- MOZ_ASSERT(strcmp(topic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0);
-
- if (gAllowCPOWAddonSet) {
- delete gAllowCPOWAddonSet;
- gAllowCPOWAddonSet = nullptr;
- }
-
- nsContentUtils::UnregisterShutdownObserver(this);
- return NS_OK;
-}
static bool
RemoteXULForbidsXBLScope(nsIPrincipal* aPrincipal, HandleObject aGlobal)
{
MOZ_ASSERT(aPrincipal);
// Certain singleton sandoxes are created very early in startup - too early
// to call into AllowXULXBLForPrincipal. We never create XBL scopes for
@@ -121,23 +101,16 @@ XPCWrappedNativeScope::XPCWrappedNativeS
mUseContentXBLScope = mAllowContentXBLScope;
if (mUseContentXBLScope) {
const js::Class* clasp = js::GetObjectClass(mGlobalJSObject);
mUseContentXBLScope = !strcmp(clasp->name, "Window");
}
if (mUseContentXBLScope) {
mUseContentXBLScope = principal && !nsContentUtils::IsSystemPrincipal(principal);
}
-
- if (JSAddonId* addonId = JS::AddonIdOfObject(aGlobal)) {
- // We forbid CPOWs unless they're specifically allowed.
- priv->allowCPOWs = gAllowCPOWAddonSet ? gAllowCPOWAddonSet->has(addonId) : false;
- MOZ_ASSERT(!mozJSComponentLoader::Get()->IsLoaderGlobal(aGlobal),
- "Don't load addons into the shared JSM global");
- }
}
// static
bool
XPCWrappedNativeScope::IsDyingScope(XPCWrappedNativeScope* scope)
{
for (XPCWrappedNativeScope* cur = gDyingScopes; cur; cur = cur->mNext) {
if (scope == cur)
@@ -728,40 +701,16 @@ XPCWrappedNativeScope::SetExpandoChain(J
MOZ_ASSERT(ObjectScope(target) == this);
MOZ_ASSERT(js::IsObjectInContextCompartment(target, cx));
MOZ_ASSERT_IF(chain, ObjectScope(chain) == this);
if (!mXrayExpandos.initialized() && !mXrayExpandos.init(cx))
return false;
return mXrayExpandos.put(cx, target, chain);
}
-/* static */ bool
-XPCWrappedNativeScope::AllowCPOWsInAddon(JSContext* cx,
- JSAddonId* addonId,
- bool allow)
-{
- if (!gAllowCPOWAddonSet) {
- gAllowCPOWAddonSet = new AddonSet();
- bool ok = gAllowCPOWAddonSet->init();
- NS_ENSURE_TRUE(ok, false);
-
- if (!gShutdownObserverInitialized) {
- gShutdownObserverInitialized = true;
- nsContentUtils::RegisterShutdownObserver(new ClearInterpositionsObserver());
- }
- }
- if (allow) {
- bool ok = gAllowCPOWAddonSet->put(addonId);
- NS_ENSURE_TRUE(ok, false);
- } else {
- gAllowCPOWAddonSet->remove(addonId);
- }
- return true;
-}
-
/***************************************************************************/
// static
void
XPCWrappedNativeScope::DebugDumpAllScopes(int16_t depth)
{
#ifdef DEBUG
--- a/js/xpconnect/src/nsXPConnect.cpp
+++ b/js/xpconnect/src/nsXPConnect.cpp
@@ -1186,31 +1186,16 @@ JSAddonId*
NewAddonId(JSContext* cx, const nsACString& id)
{
JS::RootedString str(cx, JS_NewStringCopyN(cx, id.BeginReading(), id.Length()));
if (!str)
return nullptr;
return JS::NewAddonId(cx, str);
}
-bool
-AllowCPOWsInAddon(const nsACString& addonIdStr, bool allow)
-{
- JSAddonId* addonId;
- // We enter the junk scope just to allocate a string, which actually will go
- // in the system zone.
- AutoJSAPI jsapi;
- if (!jsapi.Init(xpc::PrivilegedJunkScope()))
- return false;
- addonId = NewAddonId(jsapi.cx(), addonIdStr);
- if (!addonId)
- return false;
- return XPCWrappedNativeScope::AllowCPOWsInAddon(jsapi.cx(), addonId, allow);
-}
-
} // namespace xpc
namespace mozilla {
namespace dom {
bool
IsChromeOrXBL(JSContext* cx, JSObject* /* unused */)
{
--- a/js/xpconnect/src/xpcprivate.h
+++ b/js/xpconnect/src/xpcprivate.h
@@ -969,20 +969,16 @@ public:
AddSizeOfAllScopesIncludingThis(ScopeSizeInfo* scopeSizeInfo);
void
AddSizeOfIncludingThis(ScopeSizeInfo* scopeSizeInfo);
static bool
IsDyingScope(XPCWrappedNativeScope* scope);
- typedef js::HashSet<JSAddonId*,
- js::PointerHasher<JSAddonId*>,
- js::SystemAllocPolicy> AddonSet;
-
// Gets the appropriate scope object for XBL in this scope. The context
// must be same-compartment with the global upon entering, and the scope
// object is wrapped into the compartment of the global.
JSObject* EnsureContentXBLScope(JSContext* cx);
JSObject* EnsureAddonScope(JSContext* cx, JSAddonId* addonId);
XPCWrappedNativeScope(JSContext* cx, JS::HandleObject aGlobal);
@@ -992,39 +988,25 @@ public:
JSCompartment* Compartment() const { return js::GetObjectCompartment(mGlobalJSObject); }
bool IsContentXBLScope() { return xpc::IsContentXBLCompartment(Compartment()); }
bool AllowContentXBLScope();
bool UseContentXBLScope() { return mUseContentXBLScope; }
void ClearContentXBLScope() { mContentXBLScope = nullptr; }
bool IsAddonScope() { return xpc::IsAddonCompartment(Compartment()); }
-
- static bool AllowCPOWsInAddon(JSContext* cx, JSAddonId* addonId, bool allow);
-
protected:
virtual ~XPCWrappedNativeScope();
XPCWrappedNativeScope() = delete;
private:
- class ClearInterpositionsObserver final : public nsIObserver {
- ~ClearInterpositionsObserver() {}
-
- public:
- NS_DECL_ISUPPORTS
- NS_DECL_NSIOBSERVER
- };
-
static XPCWrappedNativeScope* gScopes;
static XPCWrappedNativeScope* gDyingScopes;
- static bool gShutdownObserverInitialized;
- static AddonSet* gAllowCPOWAddonSet;
-
Native2WrappedNativeMap* mWrappedNativeMap;
ClassInfo2WrappedNativeProtoMap* mWrappedNativeProtoMap;
RefPtr<nsXPCComponentsBase> mComponents;
XPCWrappedNativeScope* mNext;
// The JS global object for this scope. If non-null, this will be the
// default parent for the XPCWrappedNatives that have us as the scope,
// unless a PreCreate hook overrides it. Note that this _may_ be null (see
// constructor).
--- a/js/xpconnect/src/xpcpublic.h
+++ b/js/xpconnect/src/xpcpublic.h
@@ -544,22 +544,16 @@ SimulateActivityCallback(bool aActive);
// racey.
bool
ShouldDiscardSystemSource();
bool
SharedMemoryEnabled();
bool
-SetAddonInterposition(const nsACString& addonId, nsIAddonInterposition* interposition);
-
-bool
-AllowCPOWsInAddon(const nsACString& addonId, bool allow);
-
-bool
ExtraWarningsForSystemJS();
class ErrorBase {
public:
nsString mErrorMsg;
nsString mFileName;
uint32_t mLineNumber;
uint32_t mColumn;