Bug 813994 - Alarm API - Need additional security checks for the "alarms" permission. r=bent

This commit is contained in:
Gene Lian 2012-11-28 19:13:58 +08:00
parent 143c323c27
commit da6c06fca4
2 changed files with 13 additions and 8 deletions

View File

@ -84,6 +84,16 @@ this.AlarmService = {
receiveMessage: function receiveMessage(aMessage) {
debug("receiveMessage(): " + aMessage.name);
// To prevent hacked child processes from sending commands to parent
// to schedule alarms, we need to check their installed permissions.
if (["AlarmsManager:GetAll", "AlarmsManager:Add", "AlarmsManager:Remove"]
.indexOf(aMessage.name) != -1) {
if (!aMessage.target.assertPermission("alarms")) {
debug("Got message from a child process with no 'alarms' permission.");
return null;
}
}
let mm = aMessage.target.QueryInterface(Ci.nsIMessageSender);
let json = aMessage.json;
switch (aMessage.name) {

View File

@ -141,15 +141,10 @@ AlarmsManager.prototype = {
if (!Services.prefs.getBoolPref("dom.mozAlarms.enabled"))
return null;
let principal = aWindow.document.nodePrincipal;
let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(Ci.nsIScriptSecurityManager);
let perm = Services.perms.testExactPermissionFromPrincipal(principal, "alarms");
// Only pages with perm set can use the alarms.
this.hasPrivileges = perm == Ci.nsIPermissionManager.ALLOW_ACTION;
if (!this.hasPrivileges)
let principal = aWindow.document.nodePrincipal;
let perm = Services.perms.testExactPermissionFromPrincipal(principal, "alarms");
if (perm != Ci.nsIPermissionManager.ALLOW_ACTION)
return null;
this._cpmm = Cc["@mozilla.org/childprocessmessagemanager;1"].getService(Ci.nsISyncMessageSender);