From 4db38f2b209749bc651efebce70f989295b73a38 Mon Sep 17 00:00:00 2001
From: Ben Kelly <ben@wanderview.com>
Date: Wed, 20 Sep 2017 09:24:07 -0700
Subject: [PATCH] Bug 1336364 P9 Block storage denied windows from
 ServiceWorker.postMessage() and clients.matchAll(). r=asuth

---
 dom/workers/ServiceWorker.cpp        |  6 ++++++
 dom/workers/ServiceWorkerManager.cpp | 20 ++++++++++++++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/dom/workers/ServiceWorker.cpp b/dom/workers/ServiceWorker.cpp
index 35cdd1e3b8d3..0f0ec02eb684 100644
--- a/dom/workers/ServiceWorker.cpp
+++ b/dom/workers/ServiceWorker.cpp
@@ -93,6 +93,12 @@ ServiceWorker::PostMessage(JSContext* aCx, JS::Handle<JS::Value> aMessage,
     return;
   }
 
+  auto storageAllowed = nsContentUtils::StorageAllowedForWindow(window);
+  if (storageAllowed != nsContentUtils::StorageAccess::eAllow) {
+    aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
+    return;
+  }
+
   UniquePtr<ServiceWorkerClientInfo> clientInfo(new ServiceWorkerClientInfo(window->GetExtantDoc()));
   ServiceWorkerPrivate* workerPrivate = mInfo->WorkerPrivate();
   aRv = workerPrivate->SendMessageEvent(aCx, aMessage, aTransferable, Move(clientInfo));
diff --git a/dom/workers/ServiceWorkerManager.cpp b/dom/workers/ServiceWorkerManager.cpp
index d9f1e7c1076b..547d6bed4b8d 100644
--- a/dom/workers/ServiceWorkerManager.cpp
+++ b/dom/workers/ServiceWorkerManager.cpp
@@ -3310,7 +3310,7 @@ ServiceWorkerManager::GetClient(nsIPrincipal* aPrincipal,
   nsCOMPtr<nsISupports> ptr;
   ifptr->GetData(getter_AddRefs(ptr));
   nsCOMPtr<nsIDocument> doc = do_QueryInterface(ptr);
-  if (NS_WARN_IF(!doc)) {
+  if (NS_WARN_IF(!doc || !doc->GetInnerWindow())) {
     return clientInfo;
   }
 
@@ -3325,6 +3325,14 @@ ServiceWorkerManager::GetClient(nsIPrincipal* aPrincipal,
     return clientInfo;
   }
 
+  // Don't let service worker see 3rd party iframes that are denied storage
+  // access.  We don't want these to communicate.
+  auto storageAccess =
+    nsContentUtils::StorageAllowedForWindow(doc->GetInnerWindow());
+  if (storageAccess != nsContentUtils::StorageAccess::eAllow) {
+    return clientInfo;
+  }
+
   clientInfo.reset(new ServiceWorkerClientInfo(doc));
   return clientInfo;
 }
@@ -3369,7 +3377,7 @@ ServiceWorkerManager::GetAllClients(nsIPrincipal* aPrincipal,
     }
 
     nsCOMPtr<nsIDocument> doc = do_QueryInterface(ptr);
-    if (!doc || !doc->GetWindow()) {
+    if (!doc || !doc->GetWindow() || !doc->GetInnerWindow()) {
       continue;
     }
 
@@ -3387,6 +3395,14 @@ ServiceWorkerManager::GetAllClients(nsIPrincipal* aPrincipal,
       continue;
     }
 
+    // Don't let service worker find 3rd party iframes that are denied storage
+    // access.  We don't want these to communicate.
+    auto storageAccess =
+      nsContentUtils::StorageAllowedForWindow(doc->GetInnerWindow());
+    if (storageAccess != nsContentUtils::StorageAccess::eAllow) {
+      continue;
+    }
+
     // If we are only returning controlled Clients then skip any documents
     // that are for different registrations.  We also skip service workers
     // that don't match the ID of our calling service worker.  We should