Closed Bug 1139131 Opened 9 years ago Closed 9 years ago

inter-app communication (IAC) system messages don't require a permission

Categories

(Core :: DOM: Device Interfaces, defect)

Product:
Core
Component:
DOM: Device Interfaces
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: freddy, Unassigned)

References

Details

(Keywords: sec-moderate) 

++ cloned and copy/pasted parts of the bug description from bug 1138808 +++

I'm not sure but, it seems like the permission check for IAC messages isn't complete.

The implementation (https://dxr.mozilla.org/mozilla-central/source/dom/apps/Webapps.jsm#942) refers to the SystemMessagePermissionsChecker (https://dxr.mozilla.org/mozilla-central/source/dom/messages/SystemMessagePermissionsChecker.jsm#65), but the entry for said message mention no permission.

Unless I'm mistaken, that means any app could work with these system messages.
Group: core-security
On reflection I think this is actually ok. Connection system messages are sent from here:

https://dxr.mozilla.org/mozilla-central/source/dom/apps/InterAppCommService.jsm#445

Part of sending this system message is finding all the apps that are registered to recieve this specific connection, so in this case the system message is not just broadcast to all apps, and rather sent only to the apps which have the appropriate "connections" in their manifest. 

Looking a bit further up, we see that apps need to be certified to be able to register a connection.

https://dxr.mozilla.org/mozilla-central/source/dom/apps/InterAppCommService.jsm#355

Note that the message is sent to specific apps using .sendMessage(...) rather than .broadcastMessage(...)
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
Group: core-security
You need to log in before you can comment on or make changes to this bug.