From 000f2df47f4e8d98180a803a6596218263b936ab Mon Sep 17 00:00:00 2001
From: Tom Schuster <evilpies@gmail.com>
Date: Fri, 8 Jun 2018 00:00:54 +0200
Subject: [PATCH] Bug 1465911 - Disable CPOWs outside of test mode. r=mrbkap

--HG--
extra : rebase_source : e15c4cf8faf95eea5b2ed7a31e47377692ea8146
---
 js/ipc/JavaScriptParent.cpp | 37 +++++++++++++++++++++++--------------
 1 file changed, 23 insertions(+), 14 deletions(-)

diff --git a/js/ipc/JavaScriptParent.cpp b/js/ipc/JavaScriptParent.cpp
index 6fc87e2b2d9f..ee6829992bca 100644
--- a/js/ipc/JavaScriptParent.cpp
+++ b/js/ipc/JavaScriptParent.cpp
@@ -61,36 +61,45 @@ ForbidUnsafeBrowserCPOWs()
 bool
 JavaScriptParent::allowMessage(JSContext* cx)
 {
-    // If we're running browser code, then we allow all safe CPOWs and forbid
-    // unsafe CPOWs based on a pref (which defaults to forbidden). We also allow
-    // CPOWs unconditionally in selected globals (based on
+    MOZ_ASSERT(cx);
+
+    // If we're running browser code while running tests (in automation),
+    // then we allow all safe CPOWs and forbid unsafe CPOWs
+    // based on a pref (which defaults to forbidden).
+    // We also allow CPOWs unconditionally in selected globals (based on
     // Cu.permitCPOWsInScope).
+    // A normal (release) browser build will never allow CPOWs,
+    // excecpt as a token to pass round.
+
+    if (!xpc::IsInAutomation()) {
+        JS_ReportErrorASCII(cx, "CPOW usage forbidden");
+        return false;
+    }
 
     MessageChannel* channel = GetIPCChannel();
     bool isSafe = channel->IsInTransaction();
 
-    bool warn = !isSafe;
+    if (isSafe)
+        return true;
+
     nsIGlobalObject* global = dom::GetIncumbentGlobal();
     JS::Rooted<JSObject*> jsGlobal(cx, global ? global->GetGlobalJSObject() : nullptr);
     if (jsGlobal) {
         JSAutoRealm ar(cx, jsGlobal);
 
-        if (!xpc::CompartmentPrivate::Get(jsGlobal)->allowCPOWs) {
-            if (ForbidUnsafeBrowserCPOWs() && !isSafe) {
-                Telemetry::Accumulate(Telemetry::BROWSER_SHIM_USAGE_BLOCKED, 1);
-                JS_ReportErrorASCII(cx, "unsafe CPOW usage forbidden");
-                return false;
-            }
+        if (!xpc::CompartmentPrivate::Get(jsGlobal)->allowCPOWs &&
+            ForbidUnsafeBrowserCPOWs())
+        {
+            Telemetry::Accumulate(Telemetry::BROWSER_SHIM_USAGE_BLOCKED, 1);
+            JS_ReportErrorASCII(cx, "unsafe CPOW usage forbidden");
+            return false;
         }
     }
 
-    if (!warn)
-        return true;
-
     static bool disableUnsafeCPOWWarnings = PR_GetEnv("DISABLE_UNSAFE_CPOW_WARNINGS");
     if (!disableUnsafeCPOWWarnings) {
         nsCOMPtr<nsIConsoleService> console(do_GetService(NS_CONSOLESERVICE_CONTRACTID));
-        if (console && cx) {
+        if (console) {
             nsAutoString filename;
             uint32_t lineno = 0, column = 0;
             nsJSUtils::GetCallingLocation(cx, filename, &lineno, &column);