Bug 1305012 - Downgrade a new channel's principal to NullPrincipal. r=smaug

2024-10-08 10:44:56 +00:00 · 2016-10-05 21:19:51 +02:00 · 2016-10-05 21:19:51 +02:00 · fb07f658e3
commit fb07f658e3
parent b95c840429
3 changed files with 80 additions and 3 deletions
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@ -334,6 +334,13 @@ nsScriptSecurityManager::GetChannelResultPrincipal(nsIChannel* aChannel,
                                                   bool aIgnoreSandboxing)
 {
    NS_PRECONDITION(aChannel, "Must have channel!");
+    // Check whether we have an nsILoadInfo that says what we should do.
+    nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
+    if (loadInfo && loadInfo->GetForceInheritPrincipalOverruleOwner()) {
+      NS_ADDREF(*aPrincipal = loadInfo->PrincipalToInherit());
+      return NS_OK;
+    }
+
    nsCOMPtr<nsISupports> owner;
    aChannel->GetOwner(getter_AddRefs(owner));
    if (owner) {
@ -343,9 +350,6 @@ nsScriptSecurityManager::GetChannelResultPrincipal(nsIChannel* aChannel,
        }
    }

-    // Check whether we have an nsILoadInfo that says what we should do.
-    nsCOMPtr<nsILoadInfo> loadInfo;
-    aChannel->GetLoadInfo(getter_AddRefs(loadInfo));
    if (loadInfo) {
        if (!aIgnoreSandboxing && loadInfo->GetLoadingSandboxed()) {
            RefPtr<nsNullPrincipal> prin;
--- a/netwerk/base/LoadInfo.cpp
+++ b/netwerk/base/LoadInfo.cpp
@ -21,6 +21,7 @@
 #include "nsContentUtils.h"
 #include "nsDocShell.h"
 #include "nsGlobalWindow.h"
+#include "nsNullPrincipal.h"

 using namespace mozilla::dom;

@ -543,6 +544,14 @@ LoadInfo::GetForceInheritPrincipal(bool* aInheritPrincipal)
  return NS_OK;
 }

+NS_IMETHODIMP
+LoadInfo::GetForceInheritPrincipalOverruleOwner(bool* aInheritPrincipal)
+{
+  *aInheritPrincipal =
+    (mSecurityFlags & nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER);
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 LoadInfo::GetLoadingSandboxed(bool* aLoadingSandboxed)
 {
@ -686,6 +695,34 @@ LoadInfo::GetScriptableOriginAttributes(JSContext* aCx,
  return NS_OK;
 }

+NS_IMETHODIMP
+LoadInfo::ResetPrincipalsToNullPrincipal()
+{
+  // take the originAttributes from the LoadInfo and create
+  // a new NullPrincipal using those origin attributes.
+  PrincipalOriginAttributes pAttrs;
+  pAttrs.InheritFromNecko(mOriginAttributes);
+  nsCOMPtr<nsIPrincipal> newNullPrincipal = nsNullPrincipal::Create(pAttrs);
+
+  MOZ_ASSERT(mInternalContentPolicyType != nsIContentPolicy::TYPE_DOCUMENT ||
+             !mLoadingPrincipal,
+             "LoadingPrincipal should be null for toplevel loads");
+
+  // the loadingPrincipal for toplevel loads is always a nullptr;
+  if (mInternalContentPolicyType != nsIContentPolicy::TYPE_DOCUMENT) {
+    mLoadingPrincipal = newNullPrincipal;
+  }
+  mTriggeringPrincipal = newNullPrincipal;
+  mPrincipalToInherit = newNullPrincipal;
+
+  // setting SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER will overrule
+  // any non null owner set on the channel and will return the principal
+  // form the loadinfo instead.
+  mSecurityFlags |= SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER;
+
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 LoadInfo::SetScriptableOriginAttributes(JSContext* aCx,
  JS::Handle<JS::Value> aOriginAttributes)
--- a/netwerk/base/nsILoadInfo.idl
+++ b/netwerk/base/nsILoadInfo.idl
@ -180,6 +180,18 @@ interface nsILoadInfo : nsISupports
   */
  const unsigned long SEC_LOAD_ERROR_PAGE = (1<<13);

+  /**
+   * Force inheriting of the principalToInherit, overruling any owner
+   * that might be set on the channel. (Please note that channel.owner
+   * is deprecated and will be removed within Bug 1286838).
+   * Setting this flag will cause GetChannelResultPrincipal to return the
+   * principalToInherit set in the loadInfo.
+   *
+   * This will happen independently of the scheme of the URI that the
+   * channel is loading.
+   */
+  const unsigned long SEC_FORCE_INHERIT_PRINCIPAL_OVERRULE_OWNER = (1<<14);
+
  /**
   * This is the principal of the network request's caller/requester where
   * the resulting resource will be used. I.e. it is the principal which
@ -352,6 +364,14 @@ interface nsILoadInfo : nsISupports
   */
  [infallible] readonly attribute boolean forceInheritPrincipal;

+  /**
+   * If forceInheritPrincipalOverruleOwner is true, the data coming from the
+   * channel should use principalToInherit for its principal, even when the
+   * data is loaded over http:// or another protocol that would normally use
+   * a URI-based principal.
+   */
+  [infallible] readonly attribute boolean forceInheritPrincipalOverruleOwner;
+
  /**
   * If loadingSandboxed is true, the data coming from the channel is
   * being loaded sandboxed, so it should have a nonce origin and
@ -477,6 +497,22 @@ interface nsILoadInfo : nsISupports
   */
  [infallible] readonly attribute unsigned long long frameOuterWindowID;

+  /**
+   * For all loads of none TYPE_DOUCMENT this function resets the 
+   * LoadingPrincipal, the TriggeringPrincipal and the
+   * PrincipalToInherit to a freshly created NullPrincipal which inherits
+   * the current origin attributes from the loadinfo.
+   * For loads of TYPE_DOCUMENT this function resets only the
+   * TriggeringPrincipal as well as the PrincipalToInherit to a freshly
+   * created NullPrincipal which inherits the origin attributes from
+   * the loadInfo. (Please note that the LoadingPrincipal for TYPE_DOCUMENT
+   * loads is always null.)
+   *
+   * WARNING: Please only use that function if you know exactly what
+   * you are doing!!!
+   */
+  void resetPrincipalsToNullPrincipal();
+
  /**
   * Customized NeckoOriginAttributes within LoadInfo to allow overwriting of the
   * default originAttributes from the loadingPrincipal.