Bug 127938 - chrome scripts should be exempt from the security check put in for

bug 105050, on access to the opener property when the opener is a mail window. r=pavlov, sr=jst, a=leaf.
2024-10-08 10:44:56 +00:00 · 2002-02-28 00:22:59 +00:00 · 2002-02-28 00:22:59 +00:00 · 18c8067fae
commit 18c8067fae
parent 3b2cd6327b
3 changed files with 43 additions and 1 deletions
--- a/caps/idl/nsIScriptSecurityManager.idl
+++ b/caps/idl/nsIScriptSecurityManager.idl
@ -198,6 +198,12 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
    [noscript] nsIPrincipal getObjectPrincipal(in JSContextPtr cx,
                                               in JSObjectPtr obj);

+    /**
+     * Returns true if the principal of the currently running script is the
+     * system principal, false otherwise.
+     */
+    boolean subjectPrincipalIsSystem();
+
    /**
     * Forget all currently stored security policies and reread from prefs.
     * This must be called after any capability.policy prefs have changed.
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@ -1248,6 +1248,31 @@ nsScriptSecurityManager::GetSystemPrincipal(nsIPrincipal **result)
    return NS_OK;
 }

+NS_IMETHODIMP
+nsScriptSecurityManager::SubjectPrincipalIsSystem(PRBool* aIsSystem)
+{
+    NS_ENSURE_ARG_POINTER(aIsSystem);
+    *aIsSystem = PR_FALSE;
+
+    if (!mSystemPrincipal)
+        return NS_OK;
+
+    nsCOMPtr<nsIPrincipal> subject;
+    nsresult rv = GetSubjectPrincipal(getter_AddRefs(subject));
+    if (NS_FAILED(rv))
+        return rv;
+
+    if(!subject)
+    {
+        // No subject principal means no JS is running;
+        // this is the equivalent of system principal code
+        *aIsSystem = PR_TRUE;
+        return NS_OK;
+    }
+
+    return mSystemPrincipal->Equals(subject, aIsSystem);
+}
+
 NS_IMETHODIMP
 nsScriptSecurityManager::GetCertificatePrincipal(const char* aCertID,
                                                 nsIPrincipal **result)
@ -2708,7 +2733,6 @@ nsScriptSecurityManager::InitPrefs()
    PRUint32 prefCount;
    char** prefNames;

-    //-- Set a callback for policy changes
    // Registering the security manager as an observer to the
    // profile-after-change topic. We will build up the policy table
    // after the initial profile loads and after profile switches.
--- a/dom/src/base/nsGlobalWindow.cpp
+++ b/dom/src/base/nsGlobalWindow.cpp
@ -1194,6 +1194,18 @@ NS_IMETHODIMP
 GlobalWindowImpl::GetOpener(nsIDOMWindowInternal** aOpener)
 {
  *aOpener = nsnull;
+  // First, check if we were called from a privileged chrome script
+  nsCOMPtr<nsIScriptSecurityManager> secMan(
+      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
+  NS_ENSURE_TRUE(secMan, NS_ERROR_FAILURE);
+  PRBool inChrome;
+  nsresult rv = secMan->SubjectPrincipalIsSystem(&inChrome);
+  if (NS_SUCCEEDED(rv) && inChrome) {
+    *aOpener = mOpener;
+    NS_IF_ADDREF(*aOpener);
+    return NS_OK;
+  }
+
  // We don't want to reveal the opener if the opener is a mail window,
  // because opener can be used to spoof the contents of a message (bug 105050).
  // So, we look in the opener's root docshell to see if it's a mail window.