Closed Bug 1235655 Opened 9 years ago Closed 9 years ago

add chromeutils for JS manipulation of origin attributes

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: huseby, Assigned: huseby)

References

Details

Attachments

(2 files, 5 obsolete files)

Bug_1235655.patch
(deleted), patch
Details | Diff | Splinter Review
Bug_1235655_Tests.patch
(deleted), patch
Details | Diff | Splinter Review
in the file browsers/components/preferences/translation.js there are two callsites that use the createCodebasePrincipalFromOrigin: > 213 onSiteDeleted: function() { > 214 let removedSites = this._siteTree.getSelectedItems(); > 215 for (let origin of removedSites) { > 216 let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(origin); > 217 Services.perms.removeFromPrincipal(principal, kPermissionType); > 218 } > 219 }, and > 221 onAllSitesDeleted: function() { > 222 if (this._siteTree.isEmpty) > 223 return; > 224 > 225 let removedSites = this._sites.splice(0, this._sites.length); > 226 this._siteTree.boxObject.rowCountChanged(0, -removedSites.length); > 227 > 228 for (let origin of removedSites) { > 229 let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(origin); > 230 Services.perms.removeFromPrincipal(principal, kPermissionType); > 231 } > 232 > 233 this.onSiteSelected(); > 234 }, this removes the translate permission from the principal. this creates a principal from an origin, then internally the origin is pulled back out of the principal when creating the premission object that needs to be removed. since we are not isolating on user context id for permissions, the fix is, create an origin attributes from the origin (e.g. populateFromOrigin), then create a GlobalContextOriginAttributes from that to force user context id to 0, then call createCodebasePrincipal with the origin and origin attributes.
Assignee: huseby → amarchesini
Attached patch part 1 - createGlobalContextOriginAttributes (obsolete) (deleted) — Splinter Review
Attachment #8703790 - Flags: review?(huseby)
Attached patch part 2 - translation.js (obsolete) (deleted) — Splinter Review
Attachment #8703791 - Flags: review?(huseby)
Comment on attachment 8703790 [details] [diff] [review] part 1 - createGlobalContextOriginAttributes Review of attachment 8703790 [details] [diff] [review]: ----------------------------------------------------------------- This part isn't needed, I already made the change in: https://bugzilla.mozilla.org/attachment.cgi?id=8704392&action=diff#a/dom/base/ChromeUtils.cpp_sec2 although i should add your tests to my patch.
Attachment #8703790 - Flags: review?(huseby) → review-
Comment on attachment 8703790 [details] [diff] [review] part 1 - createGlobalContextOriginAttributes Review of attachment 8703790 [details] [diff] [review]: ----------------------------------------------------------------- oops on my previous review, i see you're creating an origin attributes object from an origin and user context id. my other function makes an origin attribute from another one. this is still a - because we should call it CreateDefaultContextOriginAttributes and createDefaultContextOriginAttributes respectively.
Comment on attachment 8703791 [details] [diff] [review] part 2 - translation.js Review of attachment 8703791 [details] [diff] [review]: ----------------------------------------------------------------- createGlobalContextOriginAttributes -> createDefaultContextOriginAttributes
Attachment #8703791 - Flags: review?(huseby) → review-
Attached patch part 1 - createGlobalContextOriginAttributes (obsolete) (deleted) — Splinter Review
Attachment #8703790 - Attachment is obsolete: true
Attachment #8704558 - Flags: review?(huseby)
Attached patch part 1 - createDefaultContextOriginAttributes (obsolete) (deleted) — Splinter Review
Attachment #8704558 - Attachment is obsolete: true
Attachment #8704558 - Flags: review?(huseby)
Attachment #8704561 - Flags: review?(huseby)
Attached patch part 2 - translation.js (obsolete) (deleted) — Splinter Review
Attachment #8703791 - Attachment is obsolete: true
Attachment #8704562 - Flags: review?(huseby)
Attachment #8704561 - Flags: review?(huseby) → review+
Attachment #8704562 - Flags: review?(huseby) → review+
Blocks: 1237475
Depends on: 1229222
Blocks: 1237911
Blocks: 1240853
this bug is now just for the changes to ChromeUtils.
Attached patch Bug_1235655.patch (deleted) — Splinter Review
changes to ChromeUtils to support userContextId/origin attributes.
Attachment #8704561 - Attachment is obsolete: true
Attachment #8704562 - Attachment is obsolete: true
Attachment #8709583 - Flags: review?(jonas)
Assignee: amarchesini → huseby
Attached patch Bug_1235655_Tests.patch (deleted) — Splinter Review
tests.
Attachment #8709584 - Flags: review?(jonas)
Attachment #8709583 - Flags: review?(jonas)
Attachment #8709584 - Flags: review?(jonas)
Summary: fixup createCodebasePrincipalFromOrigin to use origin attributes in translation permission handling → add chromeutils for JS manipulation of origin attributes
see Bug 1229222. it covers these cases now.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: