deleted file mode 100644
--- a/dom/base/test/mochitest-child-permissions.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[test_messagemanager_assertpermission.html]
-skip-if = buildapp == 'mulet' || buildapp == 'b2g' #b2g(specialpowers.wrap issue, NS_ERROR_XPC_GS_RETURNED_FAILURE) b2g-debug(specialpowers.wrap issue, NS_ERROR_XPC_GS_RETURNED_FAILURE) b2g-desktop(specialpowers.wrap issue, NS_ERROR_XPC_GS_RETURNED_FAILURE)
-[test_child_process_shutdown_message.html]
-skip-if = buildapp == 'mulet' || buildapp == 'b2g' #b2g(specialpowers.wrap issue, NS_ERROR_XPC_GS_RETURNED_FAILURE) b2g-debug(specialpowers.wrap issue, NS_ERROR_XPC_GS_RETURNED_FAILURE) b2g-desktop(specialpowers.wrap issue, NS_ERROR_XPC_GS_RETURNED_FAILURE)
--- a/dom/base/test/moz.build
+++ b/dom/base/test/moz.build
@@ -14,23 +14,16 @@ GeckoCppUnitTests([
'TestNativeXMLHttpRequest',
'TestPlainTextSerializer',
])
MOCHITEST_MANIFESTS += [
'mochitest.ini',
'websocket_hybi/mochitest.ini',
]
-# OOP tests don't work on Windows (bug 763081) or native-fennec
-# (see Bug 774939). App permission checks are also disabled on
-# anything but B2G (Bug 900707).
-if CONFIG['MOZ_CHILD_PERMISSIONS']:
- MOCHITEST_MANIFESTS += [
- 'mochitest-child-permissions.ini',
- ]
MOCHITEST_CHROME_MANIFESTS += [
'chrome.ini',
'chrome/chrome.ini',
]
BROWSER_CHROME_MANIFESTS += [
'browser.ini',
deleted file mode 100644
--- a/dom/base/test/test_child_process_shutdown_message.html
+++ /dev/null
@@ -1,171 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <title>Test that processes that are shutdown send a 'process-shutdown'
- message to their process message manager.</title>
- <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
- <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-</head>
-<body onload="runTests();">
-<p id="display">
-</p>
-<div id="content" style="display: none">
-
-</div>
-<pre id="test">
-<script class="testbody" type="application/javascript;version=1.8">
-
-const APP_URL = "http://example.org";
-const APP_MANIFEST = "http://example.org/manifest.webapp";
-const CHILD_PROCESS_SHUTDOWN_MESSAGE = "child-process-shutdown";
-
-let ppmm = SpecialPowers.Cc["@mozilla.org/parentprocessmessagemanager;1"]
- .getService(SpecialPowers.Ci.nsIMessageBroadcaster);
-let obs = SpecialPowers.Cc["@mozilla.org/observer-service;1"]
- .getService(SpecialPowers.Ci.nsIObserverService);
-
-/**
- * Load the example.org site in an <iframe mozbrowser>
- *
- * @param isApp
- * If true, the example.org site will be loaded as an app.
- */
-function loadBrowser(isApp, callback) {
- let iframe = document.createElement("iframe");
- if (isApp) {
- iframe.setAttribute("mozapp", APP_MANIFEST);
- }
- SpecialPowers.wrap(iframe).mozbrowser = true;
- iframe.src = APP_URL;
- document.getElementById("content").appendChild(iframe);
-
- iframe.addEventListener("mozbrowserloadend", function onloadend() {
- iframe.removeEventListener("mozbrowserloadend", onloadend);
- callback(iframe);
- });
-}
-
-/**
- * Prepare the child process for an intentional crash. This is to keep
- * the leak automation tools happy.
- *
- * This also allows us to acquire the process message manaager that
- * corresponds to the process by sending a message to a frame script
- * in the content process and having it reply to us via the child
- * process message manager.
- */
-function prepareProcess(frameMM, callback) {
- let frameScript = 'data:,\
- privateNoteIntentionalCrash();\
- var cpmm = Components.classes["@mozilla.org/childprocessmessagemanager;1"]\
- .getService(Components.interfaces.nsISyncMessageSender);\
- addMessageListener("TestChild:Ohai", function receiveMessage(msg) {\
- cpmm.sendAsyncMessage("TestChild:Ohai");\
- });';
- frameMM.loadFrameScript(frameScript, false);
- frameMM.sendAsyncMessage("TestChild:Ohai");
- ppmm.addMessageListener("TestChild:Ohai", function receiveMessage(msg) {
- ppmm.removeMessageListener("TestChild:Ohai", receiveMessage);
- msg = SpecialPowers.wrap(msg);
- callback(msg.target);
- });
-}
-
-/**
- * Expects an OOP frame's process to shut down and report four
- * events/messages: an error event on the browser element, and a
- * 'child-process-shutdown' message on both the frame and process
- * message managers.
- */
-function expectFrameProcessShutdown(iframe, frameMM, processMM, callback) {
- let msgCount = 0;
- function countMessage() {
- msgCount += 1;
- if (msgCount == 4) {
- ok(true, "Observed all four expected events.");
- callback();
- }
- };
-
- iframe.addEventListener("mozbrowsererror", function onerror(event) {
- iframe.removeEventListener("mozbrowsererror", onerror);
- is(event.detail.type, "fatal", "Observed expected event.");
- countMessage();
- });
-
- processMM.addMessageListener(CHILD_PROCESS_SHUTDOWN_MESSAGE, function receiveMessage() {
- processMM.removeMessageListener(CHILD_PROCESS_SHUTDOWN_MESSAGE, receiveMessage);
- ok(true, "Received 'child-process-shutdown' message from process message manager.");
- countMessage();
- });
-
- frameMM.addMessageListener(CHILD_PROCESS_SHUTDOWN_MESSAGE, function receiveMessage() {
- frameMM.removeMessageListener(CHILD_PROCESS_SHUTDOWN_MESSAGE, receiveMessage);
- ok(true, "Received 'child-process-shutdown' message from frame message manager.");
- countMessage();
- });
-
- obs.addObserver(function observe(subject, type, data) {
- if (subject == SpecialPowers.unwrap(processMM)) {
- obs.removeObserver(observe, "message-manager-disconnect");
- ok(true, "Received 'message-manager-disconnect' notification with " +
- "frame message manager");
- countMessage();
- }
- }, "message-manager-disconnect", false);
-}
-
-function setUp() {
- SpecialPowers.addPermission("browser", true, window.document);
- SpecialPowers.addPermission("embed-apps", true, window.document);
- // TODO: remove network.disable.ipc.security in bug 820712
- SpecialPowers.pushPrefEnv({
- "set": [['dom.mozBrowserFramesEnabled', true],
- ['dom.ipc.browser_frames.oop_by_default', true],
- ['network.disable.ipc.security', true]]}, runNextTest);
-}
-
-function makeKillTest(isApp) {
- return function testKill() {
- loadBrowser(isApp, function (iframe) {
- // We want to make sure we get notified on both the frame and
- // process message managers.
- let frameMM = SpecialPowers.getBrowserFrameMessageManager(iframe);
- prepareProcess(frameMM, function (processMM) {
- // Let's kill the content process by asking for a permission
- // that it doesn't have.
- ok(!processMM.assertPermission("frobnaz"),
- "Content child should not have this permission");
- expectFrameProcessShutdown(iframe, frameMM, processMM, function () {
- iframe.parentNode.removeChild(iframe);
- runNextTest();
- });
- });
- });
- };
-}
-
-function tearDown() {
- SimpleTest.finish();
-}
-
-let _tests = [
- setUp,
- makeKillTest(false),
- makeKillTest(true),
- tearDown
-]
-function runNextTest() {
- SimpleTest.executeSoon(_tests.shift());
-}
-
-function runTests() {
- SimpleTest.waitForExplicitFinish();
- runNextTest();
-}
-
-</script>
-</pre>
-</body>
-</html>
deleted file mode 100644
--- a/dom/base/test/test_messagemanager_assertpermission.html
+++ /dev/null
@@ -1,192 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <title>Test for the nsIProcessChecker part of Message Managers</title>
- <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
- <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-</head>
-<body onload="runTests();">
-<p id="display">
-</p>
-<div id="content" style="display: none">
-
-</div>
-<pre id="test">
-<script class="testbody" type="application/javascript;version=1.8">
-
-const APP_URL = "http://example.org";
-const APP_MANIFEST = "http://example.org/manifest.webapp";
-const CHILD_PROCESS_SHUTDOWN_MESSAGE = "child-process-shutdown";
-
-let ppmm = SpecialPowers.Cc["@mozilla.org/parentprocessmessagemanager;1"]
- .getService(SpecialPowers.Ci.nsIMessageBroadcaster);
-let cpmm = SpecialPowers.Cc["@mozilla.org/childprocessmessagemanager;1"]
- .getService(SpecialPowers.Ci.nsISyncMessageSender);
-let gAppsService = SpecialPowers.Cc["@mozilla.org/AppsService;1"]
- .getService(SpecialPowers.Ci.nsIAppsService);
-
-function setUp() {
- SpecialPowers.addPermission("browser", true, window.document);
- SpecialPowers.addPermission("embed-apps", true, window.document);
-
- let appId = gAppsService.getAppLocalIdByManifestURL(APP_MANIFEST);
- SpecialPowers.addPermission("foobar", true, { url: APP_URL,
- originAttributes: { appId: appId }
- });
- SpecialPowers.pushPrefEnv({"set":[['dom.mozBrowserFramesEnabled', true],
- ['dom.ipc.browser_frames.oop_by_default', true]]}, runNextTest);
-}
-
-/**
- * Load the example.org app in an <iframe mozbrowser mozapp>
- */
-function loadApp(callback) {
- let iframe = document.createElement("iframe");
- iframe.setAttribute("mozapp", APP_MANIFEST);
- SpecialPowers.wrap(iframe).mozbrowser = true;
- iframe.src = APP_URL;
- document.getElementById("content").appendChild(iframe);
-
- iframe.addEventListener("mozbrowserloadend", function onloadend() {
- iframe.removeEventListener("mozbrowserloadend", onloadend);
- callback(iframe);
- });
-}
-
-/**
- * Prepare the child process for an intentional crash. This is to keep
- * the leak automation tools happy.
- *
- * This also allows us to acquire the process message manaager that
- * corresponds to the process by sending a message to a frame script
- * in the content process and having it reply to us via the child
- * process message manager.
- */
-function prepareProcess(frameMM, callback) {
- let frameScript = 'data:,\
- privateNoteIntentionalCrash();\
- var cpmm = Components.classes["@mozilla.org/childprocessmessagemanager;1"]\
- .getService(Components.interfaces.nsISyncMessageSender);\
- addMessageListener("TestChild:Ohai", function receiveMessage(msg) {\
- cpmm.sendAsyncMessage("TestChild:Ohai");\
- });';
- frameMM.loadFrameScript(frameScript, false);
- frameMM.sendAsyncMessage("TestChild:Ohai");
- ppmm.addMessageListener("TestChild:Ohai", function receiveMessage(msg) {
- ppmm.removeMessageListener("TestChild:Ohai", receiveMessage);
- msg = SpecialPowers.wrap(msg);
- callback(msg.target);
- });
-}
-
-/**
- * Expects an OOP frame's process to shut down and report three
- * events/messages: an error event on the browser element, and a
- * 'child-process-shutdown' message on both the frame and process
- * message managers.
- */
-function expectFrameProcessShutdown(iframe, frameMM, processMM, callback) {
- let msgCount = 0;
- function countMessage() {
- msgCount += 1;
- if (msgCount == 3) {
- ok(true, "Observed all three expected events.");
- callback();
- }
- };
-
- iframe.addEventListener("mozbrowsererror", function onerror(event) {
- iframe.removeEventListener("mozbrowsererror", onerror);
- is(event.detail.type, "fatal", "Observed expected event.");
- countMessage();
- });
-
- processMM.addMessageListener(CHILD_PROCESS_SHUTDOWN_MESSAGE, function receiveMessage() {
- processMM.removeMessageListener(CHILD_PROCESS_SHUTDOWN_MESSAGE, receiveMessage);
- ok(true, "Received 'child-process-shutdown' message from process message manager.");
- countMessage();
- });
-
- frameMM.addMessageListener(CHILD_PROCESS_SHUTDOWN_MESSAGE, function receiveMessage() {
- frameMM.removeMessageListener(CHILD_PROCESS_SHUTDOWN_MESSAGE, receiveMessage);
- ok(true, "Received 'child-process-shutdown' message from frame message manager.");
- countMessage();
- });
-}
-
-function testSameProcess() {
- // Assert permissions on the in-process child process message manager.
- // It always has all permissions, including ones that were never
- // assigned to anybody.
-
- cpmm.sendAsyncMessage("TestPermission:InProcess");
- ppmm.addMessageListener("TestPermission:InProcess", function receiveMessage(msg) {
- ppmm.removeMessageListener("TestPermission:InProcess", receiveMessage);
- msg = SpecialPowers.wrap(msg);
-
- ok(msg.target.assertPermission("frobnaz"), "in-process cpmm always has all capabilities");
- runNextTest();
- });
-}
-
-function testFrameMessageManager() {
- // Assert permissions on the frame message manager.
-
- loadApp(function (iframe) {
- let frameMM = SpecialPowers.getBrowserFrameMessageManager(iframe);
- prepareProcess(frameMM, function (processMM) {
- ok(frameMM.assertPermission("foobar"),
- "Frame mm has assigned permission.");
- ok(!frameMM.assertPermission("frobnaz"),
- "Frame mm doesn't have non-existing permission.");
- expectFrameProcessShutdown(iframe, frameMM, processMM, function () {
- iframe.parentNode.removeChild(iframe);
- runNextTest();
- });
- });
- });
-}
-
-function testChildProcessMessageManager() {
- // Assert permissions on the child process message manager.
-
- loadApp(function (iframe) {
- let frameMM = SpecialPowers.getBrowserFrameMessageManager(iframe);
- prepareProcess(frameMM, function (processMM) {
- ok(processMM.assertPermission("foobar"),
- "Process mm has assigned permission.");
- ok(!processMM.assertPermission("frobnaz"),
- "Process mm doesn't have non-existing permission.");
- expectFrameProcessShutdown(iframe, frameMM, processMM, function () {
- iframe.parentNode.removeChild(iframe);
- runNextTest();
- });
- });
- });
-}
-
-function tearDown() {
- SimpleTest.finish();
-}
-
-let _tests = [
- setUp,
- testSameProcess,
- testFrameMessageManager,
- testChildProcessMessageManager,
- tearDown
-]
-function runNextTest() {
- SimpleTest.executeSoon(_tests.shift());
-}
-
-function runTests() {
- SimpleTest.waitForExplicitFinish();
- runNextTest();
-}
-
-</script>
-</pre>
-</body>
-</html>
--- a/dom/html/HTMLInputElement.cpp
+++ b/dom/html/HTMLInputElement.cpp
@@ -2160,33 +2160,17 @@ HTMLInputElement::GetValueInternal(nsASt
mInputData.mState->GetValue(aValue, true);
} else if (!aValue.Assign(mInputData.mValue, fallible)) {
return NS_ERROR_OUT_OF_MEMORY;
}
return NS_OK;
case VALUE_MODE_FILENAME:
if (nsContentUtils::LegacyIsCallerChromeOrNativeCode()) {
-#ifndef MOZ_CHILD_PERMISSIONS
aValue.Assign(mFirstFilePath);
-#else
- // XXX We'd love to assert that this can't happen, but some mochitests
- // use SpecialPowers to circumvent our more sane security model.
- if (!mFilesOrDirectories.IsEmpty()) {
- ErrorResult rv;
- GetDOMFileOrDirectoryPath(mFilesOrDirectories[0], aValue, rv);
- if (NS_WARN_IF(rv.Failed())) {
- return rv.StealNSResult();
- }
- return NS_OK;
- }
- else {
- aValue.Truncate();
- }
-#endif
} else {
// Just return the leaf name
if (mFilesOrDirectories.IsEmpty()) {
aValue.Truncate();
} else {
GetDOMFileOrDirectoryName(mFilesOrDirectories[0], aValue);
}
}
@@ -3345,32 +3329,30 @@ HTMLInputElement::AfterSetFilesOrDirecto
// new value. We just want the display to update as needed.
nsIFormControlFrame* formControlFrame = GetFormControlFrame(false);
if (formControlFrame) {
nsAutoString readableValue;
GetDisplayFileName(readableValue);
formControlFrame->SetFormProperty(nsGkAtoms::value, readableValue);
}
-#ifndef MOZ_CHILD_PERMISSIONS
// Grab the full path here for any chrome callers who access our .value via a
// CPOW. This path won't be called from a CPOW meaning the potential sync IPC
// call under GetMozFullPath won't be rejected for not being urgent.
// XXX Protected by the ifndef because the blob code doesn't allow us to send
// this message in b2g.
if (mFilesOrDirectories.IsEmpty()) {
mFirstFilePath.Truncate();
} else {
ErrorResult rv;
GetDOMFileOrDirectoryPath(mFilesOrDirectories[0], mFirstFilePath, rv);
if (NS_WARN_IF(rv.Failed())) {
rv.SuppressException();
}
}
-#endif
UpdateFileList();
if (aSetValueChanged) {
SetValueChanged(true);
}
UpdateAllValidityStates(true);
--- a/dom/html/HTMLInputElement.h
+++ b/dom/html/HTMLInputElement.h
@@ -1385,22 +1385,20 @@ protected:
* this member, never by the frame. Whenever the frame wants to change the
* filename it has to call SetFilesOrDirectories to update this member.
*/
nsTArray<OwningFileOrDirectory> mFilesOrDirectories;
RefPtr<GetFilesHelper> mGetFilesRecursiveHelper;
RefPtr<GetFilesHelper> mGetFilesNonRecursiveHelper;
-#ifndef MOZ_CHILD_PERMISSIONS
/**
* Hack for bug 1086684: Stash the .value when we're a file picker.
*/
nsString mFirstFilePath;
-#endif
RefPtr<FileList> mFileList;
Sequence<RefPtr<Entry>> mEntries;
nsString mStaticDocFileList;
/**
* The value of the input element when first initialized and it is updated
--- a/dom/indexedDB/ActorsParent.cpp
+++ b/dom/indexedDB/ActorsParent.cpp
@@ -20278,35 +20278,19 @@ FactoryOp::CheckPermission(ContentParent
!isApp) {
return NS_ERROR_DOM_INDEXEDDB_NOT_ALLOWED_ERR;
}
#endif
PermissionRequestBase::PermissionValue permission;
if (QuotaManager::IsFirstPromptRequired(persistenceType, origin, isApp)) {
-#ifdef MOZ_CHILD_PERMISSIONS
- if (aContentParent) {
- if (NS_WARN_IF(!AssertAppPrincipal(aContentParent, principal))) {
- IDB_REPORT_INTERNAL_ERR();
- return NS_ERROR_DOM_INDEXEDDB_UNKNOWN_ERR;
- }
-
- uint32_t intPermission =
- mozilla::CheckPermission(aContentParent, principal, IDB_PREFIX);
-
- permission =
- PermissionRequestBase::PermissionValueForIntPermission(intPermission);
- } else
-#endif // MOZ_CHILD_PERMISSIONS
- {
- rv = PermissionRequestBase::GetCurrentPermission(principal, &permission);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return rv;
- }
+ rv = PermissionRequestBase::GetCurrentPermission(principal, &permission);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
}
} else {
permission = PermissionRequestBase::kPermissionAllowed;
}
if (permission != PermissionRequestBase::kPermissionDenied &&
State::Initial == mState) {
mSuffix = suffix;
@@ -20375,75 +20359,17 @@ FactoryOp::SendVersionChangeMessages(Dat
bool
FactoryOp::CheckAtLeastOneAppHasPermission(ContentParent* aContentParent,
const nsACString& aPermissionString)
{
MOZ_ASSERT(NS_IsMainThread());
MOZ_ASSERT(aContentParent);
MOZ_ASSERT(!aPermissionString.IsEmpty());
-#ifdef MOZ_CHILD_PERMISSIONS
- const ManagedContainer<PBrowserParent>& browsers =
- aContentParent->ManagedPBrowserParent();
-
- if (!browsers.IsEmpty()) {
- nsCOMPtr<nsIAppsService> appsService =
- do_GetService(APPS_SERVICE_CONTRACTID);
- if (NS_WARN_IF(!appsService)) {
- return false;
- }
-
- nsCOMPtr<nsIIOService> ioService = do_GetIOService();
- if (NS_WARN_IF(!ioService)) {
- return false;
- }
-
- nsCOMPtr<nsIPermissionManager> permMan =
- mozilla::services::GetPermissionManager();
- if (NS_WARN_IF(!permMan)) {
- return false;
- }
-
- const nsPromiseFlatCString permissionString =
- PromiseFlatCString(aPermissionString);
-
- for (auto iter = browsers.ConstIter(); !iter.Done(); iter.Next()) {
- uint32_t appId =
- TabParent::GetFrom(iter.Get()->GetKey())->OwnOrContainingAppId();
- MOZ_ASSERT(appId != nsIScriptSecurityManager::UNKNOWN_APP_ID &&
- appId != nsIScriptSecurityManager::NO_APP_ID);
-
- nsCOMPtr<mozIApplication> app;
- nsresult rv = appsService->GetAppByLocalId(appId, getter_AddRefs(app));
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return false;
- }
-
- nsCOMPtr<nsIPrincipal> principal;
- app->GetPrincipal(getter_AddRefs(principal));
- NS_ENSURE_TRUE(principal, false);
-
- uint32_t permission;
- rv = permMan->TestExactPermissionFromPrincipal(principal,
- permissionString.get(),
- &permission);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return false;
- }
-
- if (permission == nsIPermissionManager::ALLOW_ACTION) {
- return true;
- }
- }
- }
-
- return false;
-#else
- return true;
-#endif // MOZ_CHILD_PERMISSIONS
+ return true;
}
nsresult
FactoryOp::FinishOpen()
{
AssertIsOnOwningThread();
MOZ_ASSERT(mState == State::FinishOpen);
MOZ_ASSERT(!mContentParent);
--- a/dom/inputmethod/MozKeyboard.js
+++ b/dom/inputmethod/MozKeyboard.js
@@ -690,21 +690,30 @@ MozInputMethod.prototype = {
'indexes': indexes
});
},
removeFocus: function() {
cpmm.sendAsyncMessage('System:RemoveFocus', {});
},
+ // Only the system app needs that, so instead of testing a permission which
+ // is allowed for all chrome:// url, we explicitly test that this is the
+ // system app's start URL.
_hasInputManagePerm: function(win) {
- let principal = win.document.nodePrincipal;
- let perm = Services.perms.testExactPermissionFromPrincipal(principal,
- "input-manage");
- return (perm === Ci.nsIPermissionManager.ALLOW_ACTION);
+ let url = win.location.href;
+ let systemAppIndex;
+ try {
+ systemAppIndex = Services.prefs.getCharPref('b2g.system_startup_url');
+ } catch(e) {
+ dump('MozKeyboard.jsm: no system app startup url set (pref is b2g.system_startup_url)');
+ }
+
+ dump(`MozKeyboard.jsm expecting ${systemAppIndex}\n`);
+ return url == systemAppIndex;
}
};
/**
* ==============================================
* InputContextDOMRequestIpcHelper
* ==============================================
*/
--- a/dom/inputmethod/mochitest/mochitest.ini
+++ b/dom/inputmethod/mochitest/mochitest.ini
@@ -1,11 +1,11 @@
[DEFAULT]
-# Not supported on Android, bug 983015 for B2G emulator
-skip-if = (toolkit == 'android' || toolkit == 'gonk') || e10s
+# dom/inputmethod only makes sense on B2G
+run-if = (buildapp == 'b2g' && toolkit != 'gonk') || buildapp == 'mulet'
support-files =
inputmethod_common.js
file_inputmethod.html
file_blank.html
file_test_app.html
file_test_sendkey_cancel.html
file_test_sms_app.html
file_test_sms_app_1066515.html
--- a/dom/ipc/AppProcessChecker.cpp
+++ b/dom/ipc/AppProcessChecker.cpp
@@ -1,361 +1,33 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "AppProcessChecker.h"
#include "nsIPermissionManager.h"
-#ifdef MOZ_CHILD_PERMISSIONS
-#include "ContentParent.h"
-#include "mozIApplication.h"
-#include "mozilla/hal_sandbox/PHalParent.h"
-#include "nsIAppsService.h"
-#include "nsIPrincipal.h"
-#include "nsPrintfCString.h"
-#include "nsIURI.h"
-#include "nsContentUtils.h"
-#include "nsNetUtil.h"
-#include "nsServiceManagerUtils.h"
-#include "TabParent.h"
-#include <algorithm>
-
-using namespace mozilla::dom;
-using namespace mozilla::hal_sandbox;
-using namespace mozilla::services;
-#else
namespace mozilla {
namespace dom {
class PContentParent;
} // namespace dom
} // namespace mozilla
class nsIPrincipal;
-#endif
namespace mozilla {
#if DEBUG
#define LOG(...) printf_stderr(__VA_ARGS__)
#else
#define LOG(...)
#endif
-#ifdef MOZ_CHILD_PERMISSIONS
-
-static bool
-CheckAppTypeHelper(mozIApplication* aApp,
- AssertAppProcessType aType,
- const char* aCapability,
- bool aIsBrowserElement)
-{
- bool aValid = false;
-
- // isBrowser frames inherit their app descriptor to identify their
- // data storage, but they don't inherit the capability associated
- // with that descriptor.
- if (aApp && (aType == ASSERT_APP_HAS_PERMISSION || !aIsBrowserElement)) {
- switch (aType) {
- case ASSERT_APP_HAS_PERMISSION:
- case ASSERT_APP_PROCESS_PERMISSION:
- if (!NS_SUCCEEDED(aApp->HasPermission(aCapability, &aValid))) {
- aValid = false;
- }
- break;
- case ASSERT_APP_PROCESS_MANIFEST_URL: {
- nsAutoString manifestURL;
- if (NS_SUCCEEDED(aApp->GetManifestURL(manifestURL)) &&
- manifestURL.EqualsASCII(aCapability)) {
- aValid = true;
- }
- break;
- }
- default:
- break;
- }
- }
- return aValid;
-}
-
-bool
-AssertAppProcess(PBrowserParent* aActor,
- AssertAppProcessType aType,
- const char* aCapability)
-{
- if (!aActor) {
- NS_WARNING("Testing process capability for null actor");
- return false;
- }
-
- TabParent* tab = TabParent::GetFrom(aActor);
- nsCOMPtr<mozIApplication> app = tab->GetOwnOrContainingApp();
-
- return CheckAppTypeHelper(app, aType, aCapability, tab->IsMozBrowserElement());
-}
-
-static bool
-CheckAppStatusHelper(mozIApplication* aApp,
- unsigned short aStatus)
-{
- bool valid = false;
-
- if (aApp) {
- unsigned short appStatus = 0;
- if (NS_SUCCEEDED(aApp->GetAppStatus(&appStatus))) {
- valid = appStatus == aStatus;
- }
- }
-
- return valid;
-}
-
-bool
-AssertAppStatus(PBrowserParent* aActor,
- unsigned short aStatus)
-{
- if (!aActor) {
- NS_WARNING("Testing process capability for null actor");
- return false;
- }
-
- TabParent* tab = TabParent::GetFrom(aActor);
- nsCOMPtr<mozIApplication> app = tab->GetOwnOrContainingApp();
-
- return CheckAppStatusHelper(app, aStatus);
-}
-
-// A general purpose helper function to check permission against the origin
-// rather than mozIApplication.
-static bool
-CheckOriginPermission(const nsACString& aOrigin, const char* aPermission)
-{
- LOG("CheckOriginPermission: %s, %s\n", nsCString(aOrigin).get(), aPermission);
-
- nsIScriptSecurityManager *securityManager =
- nsContentUtils::GetSecurityManager();
-
- nsCOMPtr<nsIPrincipal> principal;
- securityManager->CreateCodebasePrincipalFromOrigin(aOrigin,
- getter_AddRefs(principal));
-
- nsCOMPtr<nsIPermissionManager> permMgr = services::GetPermissionManager();
- NS_ENSURE_TRUE(permMgr, false);
-
- uint32_t perm;
- nsresult rv = permMgr->TestExactPermissionFromPrincipal(principal, aPermission, &perm);
- NS_ENSURE_SUCCESS(rv, false);
-
- LOG("Permission %s for %s: %d\n", aPermission, nsCString(aOrigin).get(), perm);
- return nsIPermissionManager::ALLOW_ACTION == perm;
-}
-
-bool
-AssertAppProcess(TabContext& aContext,
- AssertAppProcessType aType,
- const char* aCapability)
-{
- const mozilla::DocShellOriginAttributes& attr = aContext.OriginAttributesRef();
- nsCString suffix;
- attr.CreateSuffix(suffix);
-
- if (!aContext.SignedPkgOriginNoSuffix().IsEmpty()) {
- LOG("TabContext owning signed package origin: %s, originAttr; %s\n",
- nsCString(aContext.SignedPkgOriginNoSuffix()).get(),
- suffix.get());
- }
-
- // Do a origin-based permission check if the TabContext owns a signed package.
- if (!aContext.SignedPkgOriginNoSuffix().IsEmpty() &&
- (ASSERT_APP_HAS_PERMISSION == aType || ASSERT_APP_PROCESS_PERMISSION == aType)) {
- nsCString origin = aContext.SignedPkgOriginNoSuffix() + suffix;
- return CheckOriginPermission(origin, aCapability);
- }
-
- nsCOMPtr<mozIApplication> app = aContext.GetOwnOrContainingApp();
- return CheckAppTypeHelper(app, aType, aCapability, aContext.IsMozBrowserElement());
-}
-
-bool
-AssertAppStatus(TabContext& aContext,
- unsigned short aStatus)
-{
-
- nsCOMPtr<mozIApplication> app = aContext.GetOwnOrContainingApp();
- return CheckAppStatusHelper(app, aStatus);
-}
-
-bool
-AssertAppProcess(PContentParent* aActor,
- AssertAppProcessType aType,
- const char* aCapability)
-{
- nsTArray<TabContext> contextArray =
- static_cast<ContentParent*>(aActor)->GetManagedTabContext();
- for (uint32_t i = 0; i < contextArray.Length(); ++i) {
- if (AssertAppProcess(contextArray[i], aType, aCapability)) {
- return true;
- }
- }
-
- NS_ERROR(
- nsPrintfCString(
- "Security problem: Content process does not have `%s'. It will be killed.\n",
- aCapability).get());
-
- static_cast<ContentParent*>(aActor)->KillHard("AssertAppProcess");
-
- return false;
-}
-
-bool
-AssertAppStatus(PContentParent* aActor,
- unsigned short aStatus)
-{
- nsTArray<TabContext> contextArray =
- static_cast<ContentParent*>(aActor)->GetManagedTabContext();
- for (uint32_t i = 0; i < contextArray.Length(); ++i) {
- if (AssertAppStatus(contextArray[i], aStatus)) {
- return true;
- }
- }
-
- NS_ERROR(
- nsPrintfCString(
- "Security problem: Content process does not have `%d' status. It will be killed.",
- aStatus).get());
-
- static_cast<ContentParent*>(aActor)->KillHard("AssertAppStatus");
-
- return false;
-}
-
-bool
-AssertAppProcess(PHalParent* aActor,
- AssertAppProcessType aType,
- const char* aCapability)
-{
- return AssertAppProcess(aActor->Manager(), aType, aCapability);
-}
-
-bool
-AssertAppPrincipal(PContentParent* aActor,
- nsIPrincipal* aPrincipal)
-{
- if (!aPrincipal) {
- NS_WARNING("Principal is invalid, killing app process");
- static_cast<ContentParent*>(aActor)->KillHard("AssertAppPrincipal");
- return false;
- }
-
- uint32_t principalAppId = aPrincipal->GetAppId();
- bool inIsolatedBrowser = aPrincipal->GetIsInIsolatedMozBrowserElement();
-
- // Check if the permission's appId matches a child we manage.
- nsTArray<TabContext> contextArray =
- static_cast<ContentParent*>(aActor)->GetManagedTabContext();
- for (uint32_t i = 0; i < contextArray.Length(); ++i) {
- if (contextArray[i].OwnOrContainingAppId() == principalAppId) {
- // If the child only runs isolated browser content and the principal
- // claims it's not in an isolated browser element, it's lying.
- if (!contextArray[i].IsIsolatedMozBrowserElement() || inIsolatedBrowser) {
- return true;
- }
- break;
- }
- }
-
- NS_WARNING("Principal is invalid, killing app process");
- static_cast<ContentParent*>(aActor)->KillHard("AssertAppPrincipal");
- return false;
-}
-
-already_AddRefed<nsIPrincipal>
-GetAppPrincipal(uint32_t aAppId)
-{
- nsCOMPtr<nsIAppsService> appsService = do_GetService(APPS_SERVICE_CONTRACTID);
-
- nsCOMPtr<mozIApplication> app;
- nsresult rv = appsService->GetAppByLocalId(aAppId, getter_AddRefs(app));
- NS_ENSURE_SUCCESS(rv, nullptr);
-
- nsCOMPtr<nsIPrincipal> principal;
- app->GetPrincipal(getter_AddRefs(principal));
-
- return principal.forget();
-}
-
-uint32_t
-CheckPermission(PContentParent* aActor,
- nsIPrincipal* aPrincipal,
- const char* aPermission)
-{
- if (!AssertAppPrincipal(aActor, aPrincipal)) {
- return nsIPermissionManager::DENY_ACTION;
- }
-
- nsCOMPtr<nsIPermissionManager> pm =
- services::GetPermissionManager();
- NS_ENSURE_TRUE(pm, nsIPermissionManager::DENY_ACTION);
-
- // Make sure that `aPermission' is an app permission before checking the origin.
- nsCOMPtr<nsIPrincipal> appPrincipal = GetAppPrincipal(aPrincipal->GetAppId());
- uint32_t appPerm = nsIPermissionManager::UNKNOWN_ACTION;
- nsresult rv = pm->TestExactPermissionFromPrincipal(appPrincipal, aPermission, &appPerm);
- NS_ENSURE_SUCCESS(rv, nsIPermissionManager::UNKNOWN_ACTION);
- // Setting to "deny" in the settings UI should deny everywhere.
- if (appPerm == nsIPermissionManager::UNKNOWN_ACTION ||
- appPerm == nsIPermissionManager::DENY_ACTION) {
- return appPerm;
- }
-
- uint32_t permission = nsIPermissionManager::UNKNOWN_ACTION;
- rv = pm->TestExactPermissionFromPrincipal(aPrincipal, aPermission, &permission);
- NS_ENSURE_SUCCESS(rv, nsIPermissionManager::UNKNOWN_ACTION);
- if (permission == nsIPermissionManager::UNKNOWN_ACTION ||
- permission == nsIPermissionManager::DENY_ACTION) {
- return permission;
- }
-
- // For browser content (and if the app hasn't explicitly denied this),
- // consider the requesting origin, not the app.
- // After bug 1238160, the principal no longer knows how to answer "is this a
- // browser element", which is really what this code path wants. Currently,
- // desktop is the only platform where we intend to disable isolation on a
- // browser frame, so non-desktop should be able to assume that
- // inIsolatedMozBrowser is true for all mozbrowser frames. This code path is
- // currently unused on desktop, since MOZ_CHILD_PERMISSIONS is only set for
- // MOZ_B2G. We use a release assertion in
- // nsFrameLoader::OwnerIsIsolatedMozBrowserFrame so that platforms with apps
- // can assume inIsolatedMozBrowser is true for all mozbrowser frames.
- if (appPerm == nsIPermissionManager::PROMPT_ACTION &&
- aPrincipal->GetIsInIsolatedMozBrowserElement()) {
- return permission;
- }
-
- // Setting to "prompt" in the settings UI should prompt everywhere in
- // non-browser content.
- if (appPerm == nsIPermissionManager::PROMPT_ACTION ||
- permission == nsIPermissionManager::PROMPT_ACTION) {
- return nsIPermissionManager::PROMPT_ACTION;
- }
-
- if (appPerm == nsIPermissionManager::ALLOW_ACTION ||
- permission == nsIPermissionManager::ALLOW_ACTION) {
- return nsIPermissionManager::ALLOW_ACTION;
- }
-
- NS_RUNTIMEABORT("Invalid permission value");
- return nsIPermissionManager::DENY_ACTION;
-}
-
-#else
-
bool
AssertAppProcess(mozilla::dom::PBrowserParent* aActor,
AssertAppProcessType aType,
const char* aCapability)
{
return true;
}
@@ -415,11 +87,9 @@ AssertAppPrincipal(mozilla::dom::PConten
uint32_t
CheckPermission(mozilla::dom::PContentParent* aActor,
nsIPrincipal* aPrincipal,
const char* aPermission)
{
return nsIPermissionManager::ALLOW_ACTION;
}
-#endif
-
} // namespace mozilla
--- a/dom/ipc/Blob.cpp
+++ b/dom/ipc/Blob.cpp
@@ -4359,23 +4359,16 @@ BlobParent::RecvGetFilePath(nsString* aF
{
AssertIsOnOwningThread();
MOZ_ASSERT(mBlobImpl);
MOZ_ASSERT(!mRemoteBlobImpl);
MOZ_ASSERT(mOwnsBlobImpl);
// In desktop e10s the file picker code sends this message.
-#if defined(MOZ_CHILD_PERMISSIONS) && !defined(MOZ_GRAPHENE)
- if (NS_WARN_IF(!IndexedDatabaseManager::InTestingMode())) {
- ASSERT_UNLESS_FUZZING();
- return false;
- }
-#endif
-
nsString filePath;
ErrorResult rv;
mBlobImpl->GetMozFullPathInternal(filePath, rv);
if (NS_WARN_IF(rv.Failed())) {
return false;
}
*aFilePath = filePath;
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -4327,24 +4327,16 @@ ContentParent::RecvExtProtocolChannelCon
parent->SetParentListener(nullptr);
return true;
}
bool
ContentParent::HasNotificationPermission(const IPC::Principal& aPrincipal)
{
-#ifdef MOZ_CHILD_PERMISSIONS
- uint32_t permission = mozilla::CheckPermission(this, aPrincipal,
- "desktop-notification");
- if (permission != nsIPermissionManager::ALLOW_ACTION) {
- return false;
- }
-#endif /* MOZ_CHILD_PERMISSIONS */
-
return true;
}
bool
ContentParent::RecvShowAlert(const AlertNotificationType& aAlert)
{
nsCOMPtr<nsIAlertNotification> alert(dont_AddRef(aAlert));
if (NS_WARN_IF(!alert)) {
@@ -4469,26 +4461,16 @@ AddGeolocationListener(nsIDOMGeoPosition
geo->WatchPosition(watcher, errorCallBack, options, &retval);
return retval;
}
bool
ContentParent::RecvAddGeolocationListener(const IPC::Principal& aPrincipal,
const bool& aHighAccuracy)
{
-#ifdef MOZ_CHILD_PERMISSIONS
- if (!ContentParent::IgnoreIPCPrincipal()) {
- uint32_t permission = mozilla::CheckPermission(this, aPrincipal,
- "geolocation");
- if (permission != nsIPermissionManager::ALLOW_ACTION) {
- return true;
- }
- }
-#endif /* MOZ_CHILD_PERMISSIONS */
-
// To ensure no geolocation updates are skipped, we always force the
// creation of a new listener.
RecvRemoveGeolocationListener();
mGeolocationWatchID = AddGeolocationListener(this, this, aHighAccuracy);
return true;
}
bool
--- a/old-configure.in
+++ b/old-configure.in
@@ -3798,29 +3798,16 @@ MOZ_ARG_DISABLE_BOOL(permissions,
)
AC_SUBST(MOZ_PERMISSIONS)
if test -n "$MOZ_PERMISSIONS"; then
AC_DEFINE(MOZ_PERMISSIONS)
fi
dnl ========================================================
-dnl Child permissions, currently only used for b2g
-dnl ========================================================
-if test -n "$MOZ_B2G"; then
- if test -n "$MOZ_PERMISSIONS"; then
- MOZ_CHILD_PERMISSIONS=1
- AC_DEFINE(MOZ_CHILD_PERMISSIONS)
- else
- AC_MSG_ERROR([You need to enable MOZ_PERMISSIONS for MOZ_CHILD_PERMISSIONS])
- fi
-fi
-AC_SUBST(MOZ_CHILD_PERMISSIONS)
-
-dnl ========================================================
dnl NegotiateAuth
dnl ========================================================
MOZ_ARG_DISABLE_BOOL(negotiateauth,
[ --disable-negotiateauth Disable GSS-API negotiation ],
MOZ_AUTH_EXTENSION=,
MOZ_AUTH_EXTENSION=1 )