mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-26 14:18:48 +00:00
roytam1
4270b0ce16
- Bug 1265133 - Adds s-expr comments support for wasmTextToBinary. r=sunfish (85ff83eb37)
- Bug 1263203: Ensure we don't have Phi values in wasm; r=luke (165667b0b2)
- Bug 676828 - Initialize AudioSession on xpcshell. r=jmathies (684b071278)
- Bug 676828 - Use RAII for AudioSession instead. r=bholley (d17dc48e35)
- Bug 1256992: Initialize Windows sandbox BrokerServices before any child processes are created. r=aklotz, r=bholley (145949d5ea)
- Bug 1255934 - Start collecting telemetry data on the usage of remote JAR protocol in the wild; r=mcmanus (d2f43908e0)
- Bug 1237198 - Block SWFs on the content blocking list hosted on the Shavar service. r=francois (cb2d850412)
- Bug 1242644 - HTML swapFrameLoaders. r=bz (1d899b3e19)
- Bug 1259877 - Remove the unused JSObject::callMethod. r=jorendorff (624bb62f38)
- Bug 1259877 - Remove jsarray.cpp's now-unused SortComparatorFunction. r=mrrrgn (66c84d0d64)
- Bug 1259877 - Update function-calling JSAPI methods to use js::Call. r=sfink (a9fe2995ae)
- Bug 1259877 - Update Reflect.parse callback code to work with InvokeArgs and js::Call. r=arai (d4acd08f45)
- Bug 1259877 - Rename FastInvokeGuard to FastCallGuard and make it not depend on CallArgs::set{Callee,This}, and remove js::Invoke. r=shu (adb4f46944)
- Bug 1259877 - Adjust Promise code to use Call instead of Invoke. r=till (161a451182)
- Bug 1259877 - Update ScriptedDirectProxyHandler code to use js::Call and FixedInvokeArgs. r=evilpie (bd20c77152)
- Bug 1259877 - Update various builtins to use js::Call, not js::Invoke. r=efaust (1a49365f0a)
- Bug 1246091 - patch 1/7 - Add some NS_WARN_IF in Console.cpp, r=ejpbruel (1d5db4511c)
- Bug 1246091 - patch 2/7 - Propagate initialization error in Console.cpp, r=ejpbruel (ea081b0835)
- Bug 1246091 - patch 3/7 - Console API should store ConsoleCallData internally, r=ejpbruel (c9a5e71c0b)
- Bug 1246091 - patch 4/7 - Expose ConsoleCallData to WorkerDebuggerGlobalScope, r=ejpbruel (0209ec651e)
- Bug 1246091 - patch 5/7 - Remove data when memory pressure notification is received, r=ejpbruel (8d07cc4755)
- Bug 1246091 - patch 6/7 - Tests, r=ejpbruel (7e8e20083e)
- Bug 1246091 - patch 7/7 - Correct use of JSCompartment in Console.cpp, r=bz (fcac2da17e)
- Followup for bug 1246091 to fix the naming for PopulateConsoleNotificationInTheTargetScope, r=me (dd942dde21)
- Followup for bug 1246091 to fix the rooting hazard, get us closer to reopening the CLOSED TREE, and reduce philor's blood pressure. (6ef49eaf20)
- Bug 1247953 - Increase the number of stored ConsoleEvent objects, r=bgrinstead (139304e4c6)
- Bug 1211665 - Save originAttributes in the console event messages. r=baku (068697a29f)
- Bug 1263392 - Console should reset the state of ConsoleCallData if the worker runnables are not correctly dispatched, r=smaug (04c3a73423)
- Bug 1246153 part 1. Restrict initialization of dictionaries from JSON to dictionaries that can actually be represented in JSON. r=bholley (2b9c4b98d9)
- Bug 1260414 - WorkerDebuggerGlobalScope.setConsoleEventHandler should be able to receive a null param, r=bz (0b91b09796)
- Bug 1259338 P1 Ensure that AllowWindowInteractionHandler is released on worker thread. r=khuey (28e058999a)
- Bug 1258034 - Fix ServiceWorkerPrivate.cpp build error on b2g r=khuey (1ba0edcc64)
- Bug 1260439 - workerdebuggersandbox_moved needs to update the wrappercache;r=bz (be656ef346)
- Bug 1253777 P1 Ensure buffered copying when reading body in service worker respondWith(). r=jdm (fe61b4f1b3)
- Bug 1253777 P2 Test passing a file-backed blob to FetchEvent.respondWith(). r=jdm (930bf780b0)
- Bug 1226384 - Reject the promise returned from ServiceWorkerRegistration.update() if the registration is being uninstalled; r=bkelly (209e034384)
- Bug 1230030 Don't replace active worker unnecessarly after saving registration in e10s mode. r=ehsan (5582d7ea04)
- Bug 1229795 - P1. Remove scriptSpec from registration data. r=baku, bkelly (f83b7862ec)
- Bug 1229795 - P2. Remove waitingCacheName from registartion data. r=baku (f9279c4ded)
- Bug 1229795 - P3. Migrate service worker registrar data between version 2 and version 3. r=baku (27a53f3d96)
- bit of Bug 1237831 (4b21cec952)
- Bug 1256411 Simplify and cleanup ServiceWorkerInfo. r=ehsan (947166b5e2)
- Bug 1240013 - Crash in nsNavBookmarks::OnVisit by setting long locatiÂĤon.hash. r=Yoric (e9f722434d)
- Bug 1250363 - Speed up history removals through a simulated per-statement trigger. r=yoric (f57235e806)
- Bug 1259294: Part 2 - Use MOZ_ALWAYS_SUCCEEDS. r=froydnj (7624e0a821)
- Bug 548685 - Avoid null pointer deref in nsURIHashKey r=mcmanus (913c7bf0b9)
- Bug 1246153 part 2. Create a way to ask for a clean new global that works on both mainthread and workers. r=bholley (35532ec302)
- Bug 1246153 part 3. Use the new clean global setup for doing from-JSON creation of dictionaries. r=bholley (0cf844641c)
- Bug 1242482 - Propagate Service worker unregistration to the parent process. r=bkelly (b7f44defbe)
- Bug 1247436 Ensure service worker registration is persisted if its resurrected from a pending uninstall. r=baku (d74fc996f1)
- Bug 1242482 P2 Don't SendUnregister() if registration is already removed. r=baku (a0768d2a1c)
- Bug 1242482 P3 Don't send unregister messages when triggered from a PropagateUnregister(). r=baku (b12a3b7ad5)
- Bug 1242482 P4 Don't call SendUnregister() a second time when SW registration is finally removed. r=baku (b0249dd442)
- Bug 1253738 P1 Require an explicit principal when looking up a service worker registration. r=baku (cdb980236a)
- Bug 1253738 P2 Consistently use "scope key" terminology in ServiceWorkerManager. r=baku (e8ae328a83)
- Bug 1253738 P3 Use origin the ServiceWorkerManager scope key. r=baku (e555aba315)
- Bug 1252290 - load xpcom services registered with the category manager as being able to handle push notifications before delivering them. r=kitcambridge (3ade504ad7)
- Bug 1246341 - Report push event errors and rejections to the Push service. r=baku (436943501c)
- Bug 1251113 - Change PushService state to PUSH_SERVICE_UNINIT in the state change process queue. r=dragana (1bacbbb72b)
- Bug 1263311: Part 1 - Change the nsICancelableRunnable interface. r=froydnj (599db8f7d0)
- Bug 1263311: Part 2 - Remove a non-existent CancelableRunnable. r=froydnj (a077efc319)
- Bug 1165052 - Part 8: Use ArraySpeciesCreate in Array.prototype.concat. r=efaust (c421e8e87c)
- Bug 1120715 - Part 3: Connect the Necko level cache mode parameter with the Request cache mode variable; r=bkelly (9a813c0e04)
223 lines
6.5 KiB
C++
223 lines
6.5 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "mozilla/dom/cache/PrincipalVerifier.h"
|
|
|
|
#include "mozilla/AppProcessChecker.h"
|
|
#include "mozilla/dom/ContentParent.h"
|
|
#include "mozilla/dom/cache/ManagerId.h"
|
|
#include "mozilla/ipc/BackgroundParent.h"
|
|
#include "mozilla/ipc/PBackgroundParent.h"
|
|
#include "mozilla/ipc/BackgroundUtils.h"
|
|
#include "nsContentUtils.h"
|
|
#include "nsIPrincipal.h"
|
|
#include "nsIScriptSecurityManager.h"
|
|
#include "nsNetUtil.h"
|
|
|
|
namespace mozilla {
|
|
namespace dom {
|
|
namespace cache {
|
|
|
|
using mozilla::ipc::AssertIsOnBackgroundThread;
|
|
using mozilla::ipc::BackgroundParent;
|
|
using mozilla::ipc::PBackgroundParent;
|
|
using mozilla::ipc::PrincipalInfo;
|
|
using mozilla::ipc::PrincipalInfoToPrincipal;
|
|
|
|
// static
|
|
already_AddRefed<PrincipalVerifier>
|
|
PrincipalVerifier::CreateAndDispatch(Listener* aListener,
|
|
PBackgroundParent* aActor,
|
|
const PrincipalInfo& aPrincipalInfo)
|
|
{
|
|
// We must get the ContentParent actor from the PBackgroundParent. This
|
|
// only works on the PBackground thread.
|
|
AssertIsOnBackgroundThread();
|
|
|
|
RefPtr<PrincipalVerifier> verifier = new PrincipalVerifier(aListener,
|
|
aActor,
|
|
aPrincipalInfo);
|
|
|
|
MOZ_ALWAYS_SUCCEEDS(NS_DispatchToMainThread(verifier));
|
|
|
|
return verifier.forget();
|
|
}
|
|
|
|
void
|
|
PrincipalVerifier::AddListener(Listener* aListener)
|
|
{
|
|
AssertIsOnBackgroundThread();
|
|
MOZ_ASSERT(aListener);
|
|
MOZ_ASSERT(!mListenerList.Contains(aListener));
|
|
mListenerList.AppendElement(aListener);
|
|
}
|
|
|
|
void
|
|
PrincipalVerifier::RemoveListener(Listener* aListener)
|
|
{
|
|
AssertIsOnBackgroundThread();
|
|
MOZ_ASSERT(aListener);
|
|
MOZ_ALWAYS_TRUE(mListenerList.RemoveElement(aListener));
|
|
}
|
|
|
|
PrincipalVerifier::PrincipalVerifier(Listener* aListener,
|
|
PBackgroundParent* aActor,
|
|
const PrincipalInfo& aPrincipalInfo)
|
|
: mActor(BackgroundParent::GetContentParent(aActor))
|
|
, mPrincipalInfo(aPrincipalInfo)
|
|
, mInitiatingThread(NS_GetCurrentThread())
|
|
, mResult(NS_OK)
|
|
{
|
|
AssertIsOnBackgroundThread();
|
|
MOZ_ASSERT(mInitiatingThread);
|
|
MOZ_ASSERT(aListener);
|
|
|
|
mListenerList.AppendElement(aListener);
|
|
}
|
|
|
|
PrincipalVerifier::~PrincipalVerifier()
|
|
{
|
|
// Since the PrincipalVerifier is a Runnable that executes on multiple
|
|
// threads, its a race to see which thread de-refs us last. Therefore
|
|
// we cannot guarantee which thread we destruct on.
|
|
|
|
MOZ_ASSERT(mListenerList.IsEmpty());
|
|
|
|
// We should always be able to explicitly release the actor on the main
|
|
// thread.
|
|
MOZ_ASSERT(!mActor);
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
PrincipalVerifier::Run()
|
|
{
|
|
// Executed twice. First, on the main thread and then back on the
|
|
// originating thread.
|
|
|
|
if (NS_IsMainThread()) {
|
|
VerifyOnMainThread();
|
|
return NS_OK;
|
|
}
|
|
|
|
CompleteOnInitiatingThread();
|
|
return NS_OK;
|
|
}
|
|
|
|
void
|
|
PrincipalVerifier::VerifyOnMainThread()
|
|
{
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
// No matter what happens, we need to release the actor before leaving
|
|
// this method.
|
|
RefPtr<ContentParent> actor;
|
|
actor.swap(mActor);
|
|
|
|
nsresult rv;
|
|
RefPtr<nsIPrincipal> principal = PrincipalInfoToPrincipal(mPrincipalInfo,
|
|
&rv);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
DispatchToInitiatingThread(rv);
|
|
return;
|
|
}
|
|
|
|
// We disallow null principal and unknown app IDs on the client side, but
|
|
// double-check here.
|
|
if (NS_WARN_IF(principal->GetIsNullPrincipal() ||
|
|
principal->GetUnknownAppId())) {
|
|
DispatchToInitiatingThread(NS_ERROR_FAILURE);
|
|
return;
|
|
}
|
|
|
|
nsCOMPtr<nsIScriptSecurityManager> ssm = nsContentUtils::GetSecurityManager();
|
|
if (NS_WARN_IF(!ssm)) {
|
|
DispatchToInitiatingThread(NS_ERROR_ILLEGAL_DURING_SHUTDOWN);
|
|
return;
|
|
}
|
|
|
|
// Verify if a child process uses system principal, which is not allowed
|
|
// to prevent system principal is spoofed.
|
|
if (NS_WARN_IF(actor && ssm->IsSystemPrincipal(principal))) {
|
|
DispatchToInitiatingThread(NS_ERROR_FAILURE);
|
|
return;
|
|
}
|
|
|
|
// Verify that a child process claims to own the app for this principal
|
|
if (NS_WARN_IF(actor && !AssertAppPrincipal(actor, principal))) {
|
|
DispatchToInitiatingThread(NS_ERROR_FAILURE);
|
|
return;
|
|
}
|
|
actor = nullptr;
|
|
|
|
#ifdef DEBUG
|
|
// Sanity check principal origin by using it to construct a URI and security
|
|
// checking it. Don't do this for the system principal, though, as its origin
|
|
// is a synthetic [System Principal] string.
|
|
if (!ssm->IsSystemPrincipal(principal)) {
|
|
nsAutoCString origin;
|
|
rv = principal->GetOrigin(origin);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
DispatchToInitiatingThread(rv);
|
|
return;
|
|
}
|
|
nsCOMPtr<nsIURI> uri;
|
|
rv = NS_NewURI(getter_AddRefs(uri), origin);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
DispatchToInitiatingThread(rv);
|
|
return;
|
|
}
|
|
rv = principal->CheckMayLoad(uri, false, false);
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
DispatchToInitiatingThread(rv);
|
|
return;
|
|
}
|
|
}
|
|
#endif
|
|
|
|
rv = ManagerId::Create(principal, getter_AddRefs(mManagerId));
|
|
if (NS_WARN_IF(NS_FAILED(rv))) {
|
|
DispatchToInitiatingThread(rv);
|
|
return;
|
|
}
|
|
|
|
DispatchToInitiatingThread(NS_OK);
|
|
}
|
|
|
|
void
|
|
PrincipalVerifier::CompleteOnInitiatingThread()
|
|
{
|
|
AssertIsOnBackgroundThread();
|
|
ListenerList::ForwardIterator iter(mListenerList);
|
|
while (iter.HasMore()) {
|
|
iter.GetNext()->OnPrincipalVerified(mResult, mManagerId);
|
|
}
|
|
|
|
// The listener must clear its reference in OnPrincipalVerified()
|
|
MOZ_ASSERT(mListenerList.IsEmpty());
|
|
}
|
|
|
|
void
|
|
PrincipalVerifier::DispatchToInitiatingThread(nsresult aRv)
|
|
{
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
mResult = aRv;
|
|
|
|
// The Cache ShutdownObserver does not track all principal verifiers, so we
|
|
// cannot ensure this always succeeds. Instead, simply warn on failures.
|
|
// This will result in a new CacheStorage object delaying operations until
|
|
// shutdown completes and the browser goes away. This is as graceful as
|
|
// we can get here.
|
|
nsresult rv = mInitiatingThread->Dispatch(this, nsIThread::DISPATCH_NORMAL);
|
|
if (NS_FAILED(rv)) {
|
|
NS_WARNING("Cache unable to complete principal verification due to shutdown.");
|
|
}
|
|
}
|
|
|
|
} // namespace cache
|
|
} // namespace dom
|
|
} // namespace mozilla
|