gecko-dev/dom/ipc/JSWindowActorParent.cpp
Kris Maglione ae31355192 Bug 1541557: Part 1 - Use correct globals for JSWindowActors not in the shared JSM global. r=nika
The current JSWindowActor code assumes that all actors will be created in the
shared JSM global. This has a few problems:

1) For actors in other scopes, it enters the wrong compartment before decoding
messages, which leads to a compartment checker error when trying to call
message handlers. That could be fixed by just wrapping the result for the
caller, but that would lead to other problems. Aside from the efficiency
concerns of having to deal with cross-compartment wrappers, SpecialPowers in
particular would not be able to pass the resulting objects to unprivileged
scopes, since only SpecialPowers compartments have permissive CCWs enabled.

2) It also leads to the prototype objects for the actor instances being
created in the shared JSM scope, even when the actors themselves are defined
in other compartments. Again, aside from CCW efficiency issues, this prevents
the SpecialPowers instances from being accessed by the unprivileged scopes
that they're exposed to, since the prototype objects live in privileged scopes
which don't have permissive CCWs enabled.

This patch changes child actors to always create their objects in the global
of their constructors.

The parent objects are still created in the shared JSM global, but they now
wrap values for the appropriate compartment before trying to call message
handlers.

Differential Revision: https://phabricator.services.mozilla.com/D35051

--HG--
extra : rebase_source : 436ce516080812680d1433bf3ecbd12f91d88165
extra : source : 61fa2745733f3631488a3ecccc144823683b7b6d
2019-06-12 16:06:40 -07:00

128 lines
4.0 KiB
C++

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim:set ts=2 sw=2 sts=2 et cindent: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "mozilla/dom/JSWindowActorBinding.h"
#include "mozilla/dom/JSWindowActorParent.h"
#include "mozilla/dom/WindowGlobalParent.h"
#include "mozilla/dom/MessageManagerBinding.h"
namespace mozilla {
namespace dom {
JSWindowActorParent::~JSWindowActorParent() { MOZ_ASSERT(!mManager); }
nsIGlobalObject* JSWindowActorParent::GetParentObject() const {
return xpc::NativeGlobal(xpc::PrivilegedJunkScope());
}
JSObject* JSWindowActorParent::WrapObject(JSContext* aCx,
JS::Handle<JSObject*> aGivenProto) {
return JSWindowActorParent_Binding::Wrap(aCx, this, aGivenProto);
}
WindowGlobalParent* JSWindowActorParent::GetManager() const { return mManager; }
void JSWindowActorParent::Init(const nsAString& aName,
WindowGlobalParent* aManager) {
MOZ_ASSERT(!mManager, "Cannot Init() a JSWindowActorParent twice!");
SetName(aName);
mManager = aManager;
}
namespace {
class AsyncMessageToChild : public Runnable {
public:
AsyncMessageToChild(const JSWindowActorMessageMeta& aMetadata,
ipc::StructuredCloneData&& aData,
WindowGlobalParent* aManager)
: mozilla::Runnable("WindowGlobalChild::HandleAsyncMessage"),
mMetadata(aMetadata),
mData(std::move(aData)),
mManager(aManager) {}
NS_IMETHOD Run() override {
MOZ_ASSERT(NS_IsMainThread(), "Should be called on the main thread.");
RefPtr<WindowGlobalChild> child = mManager->GetChildActor();
if (child) {
child->ReceiveRawMessage(mMetadata, std::move(mData));
}
return NS_OK;
}
private:
JSWindowActorMessageMeta mMetadata;
ipc::StructuredCloneData mData;
RefPtr<WindowGlobalParent> mManager;
};
} // anonymous namespace
void JSWindowActorParent::SendRawMessage(const JSWindowActorMessageMeta& aMeta,
ipc::StructuredCloneData&& aData,
ErrorResult& aRv) {
if (NS_WARN_IF(!mCanSend || !mManager || mManager->IsClosed())) {
aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
return;
}
if (mManager->IsInProcess()) {
nsCOMPtr<nsIRunnable> runnable =
new AsyncMessageToChild(aMeta, std::move(aData), mManager);
NS_DispatchToMainThread(runnable.forget());
return;
}
// Cross-process case - send data over WindowGlobalParent to other side.
ClonedMessageData msgData;
RefPtr<BrowserParent> browserParent = mManager->GetBrowserParent();
ContentParent* cp = browserParent->Manager();
if (NS_WARN_IF(!aData.BuildClonedMessageDataForParent(cp, msgData))) {
aRv.Throw(NS_ERROR_DOM_DATA_CLONE_ERR);
return;
}
if (NS_WARN_IF(!mManager->SendRawMessage(aMeta, msgData))) {
aRv.Throw(NS_ERROR_UNEXPECTED);
return;
}
}
CanonicalBrowsingContext* JSWindowActorParent::GetBrowsingContext(
ErrorResult& aRv) {
if (!mManager) {
aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
return nullptr;
}
return mManager->BrowsingContext();
}
void JSWindowActorParent::StartDestroy() {
JSWindowActor::StartDestroy();
mCanSend = false;
}
void JSWindowActorParent::AfterDestroy() {
JSWindowActor::AfterDestroy();
mManager = nullptr;
}
NS_IMPL_CYCLE_COLLECTION_INHERITED(JSWindowActorParent, JSWindowActor, mManager)
NS_IMPL_CYCLE_COLLECTION_TRACE_BEGIN_INHERITED(JSWindowActorParent,
JSWindowActor)
NS_IMPL_CYCLE_COLLECTION_TRACE_END
NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(JSWindowActorParent)
NS_INTERFACE_MAP_END_INHERITING(JSWindowActor)
NS_IMPL_ADDREF_INHERITED(JSWindowActorParent, JSWindowActor)
NS_IMPL_RELEASE_INHERITED(JSWindowActorParent, JSWindowActor)
} // namespace dom
} // namespace mozilla