Closed Bug 814211 Opened 12 years ago Closed 12 years ago

Need additional security checks for the "fmradio" permission

Categories

(Core :: DOM: Device Interfaces, defect, P1)

Product:
Core
Component:
DOM: Device Interfaces
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla20
Project Flags:
blocking-basecamp +
Tracking Flags:
Tracking Status
firefox18 --- fixed
firefox19 --- fixed
firefox20 --- fixed

People

(Reporter: bent.mozilla, Assigned: gwagner)

References

Details

Attachments

(1 file)

patch
(deleted), patch
bent.mozilla
: review+
Details | Diff | Splinter Review 
It looks like the "fmradio" permission is not properly checked. A few problems:

1. In the child process we throw an exception if the fmradio permission isn't granted. Most DOM APIs just return null instead of throwing.

2. The child process communicates with the parent via the message manager, but the parent message manager doesn't ever check the fmradio permission in DOMFMRadioParent.jsm.

3. Once we're in the parent process the HAL security checks are skipped.
blocking-basecamp: ? → +
Gregor, Doug said you should be the lucky owner of this bug.  Congrats!  :)
Assignee: nobody → anygregor
Attached patch patch (deleted) — Splinter Review 

    
    

    
  
Setting priority based on triage discussions.  Feel free to decrease priority if you disagree.
Priority: -- → P1

    
  

        Attachment #686871 -
        Flags: review?(bent.mozilla)

        Attachment #686871 -
        Flags: review?(bent.mozilla) → review+

    
    

    
  
There is still one point left: 
3. Once we're in the parent process the HAL security checks are skipped.

bent suggested
a) remove the hal remoting entirely and rely only on messagemanager
b) leave both in place and add additional checks to HalParent

cjones any preferences for this?
Flags: needinfo?(jones.chris.g)
Component: DOM → DOM: Device Interfaces

    
    

    
  
I don't know why we remoted both the hal:: api and the dom api.  At this point, option (1) seems to make more sense, since the hal:: remoting should all be dead code.
Flags: needinfo?(jones.chris.g)

    
    

    
  
(In reply to Chris Jones [:cjones] [:warhammer] from comment #5)
> I don't know why we remoted both the hal:: api and the dom api.  At this
> point, option (1) seems to make more sense, since the hal:: remoting should
> all be dead code.

slee: can you file a followup and fix this?

    
    

    
  
(In reply to Gregor Wagner [:gwagner] from comment #6)
> (In reply to Chris Jones [:cjones] [:warhammer] from comment #5)
> > I don't know why we remoted both the hal:: api and the dom api.  At this
> > point, option (1) seems to make more sense, since the hal:: remoting should
> > all be dead code.
> 
> slee: can you file a followup and fix this?

Sure, I will file a bug fixing this.

    
  
Depends on: 817919

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/b298c038c661
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: