1215426 - [Presentation WebAPI] Grant access to browser receiving pages

Status: RESOLVED FIXED

(Firefox OS Graveyard :: General, defect)

Description

[Sean Lin [:seanlin] (inactive from Mar 2016)]

When the receiving context opens a page, especially for the one with an http/https URL, we need to grant "presentation" permission to that page, so that it's able to access |navigator.presentation|. (When opening an app page with app protocol, the receiver app may already declare "presentation" permission in its app manifest. So the opening page will automatically have the permission to use Presentation API.)

Comment 1

[Sean Lin [:seanlin] (inactive from Mar 2016)]

Attachment: Patch, v1

Grant "presentation" permission to the OOP process if it's for browser receiving pages.

Comment 2

[Olli Pettay [:smaug][bugs@pettay.fi]]

Hmm, why can't we change
partial interface Navigator {
  [Throws, Pref="dom.presentation.enabled", CheckAnyPermissions="presentation", SameObject]
  readonly attribute Presentation? presentation;
};
so that it would use Func, which then the relevant function checks pref, permission or if we're receiver?
Playing with codebase principal and what not looks hackish

Comment 3

[Olli Pettay [:smaug][bugs@pettay.fi]]

Comment on attachment 8676091 [details] [diff] [review]
Patch, v1

...but if you think this approach should be taken, please explain and as review again.

Comment 4

[Sean Lin [:seanlin] (inactive from Mar 2016)]

Attachment: Patch, v2

Using |Func| for access control.

Comment 5

[Olli Pettay [:smaug][bugs@pettay.fi]]

Comment on attachment 8676658 [details] [diff] [review]
Patch, v2

>+
>+  nsAutoString sessionId;
>+  nsresult rv = presentationService->GetExistentSessionIdAtLaunch(win->WindowID(),
>+                                                                  sessionId);
>+  if (NS_WARN_IF(NS_FAILED(rv))) {
>+    return false;
>+  }
>+

I wonder how this all should work in iframes. Do we want to allow also same origin iframes to access the presentation?





If yes, something like the following, instead of testing win, could be done in a followup patch (+ some tests)

nsCOMPtr<nsIDOMWindow> top = win->GetTop();
nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(win);
nsCOMPtr<nsIScriptObjectPrincipal> topSop = do_QueryInterface(top);
if (!sop || !topSop) {
  return false;
}

nsIPrincipal* principal = sop->GetPrincipal();
nsIPrincipal* topPrincipal = topSop->GetPrincipal();
if (!principal || !topPrincipal || !principal->Subsumes(topPrincipal)) {
  return false;
}

nsCOMPtr<nsPIDOMWindow> piTop = do_QueryInterface(top);
if (!piTop || !(piTop = piTop->GetCurrentInnerWindow())) {
  return false;
}

nsAutoString sessionId;
presentationService->GetExistentSessionIdAtLaunch(piTop->WindowID(), sessionId);
return !sessionId.IsEmpty();

Comment 6

[Sean Lin [:seanlin] (inactive from Mar 2016)]

Attachment: Patch, v3

Updating based on r+ comments.

Comment 7

[Sean Lin [:seanlin] (inactive from Mar 2016)]

The latest try-run. FYI.
https://treeherder.mozilla.org/#/jobs?repo=try&revision=ebb1cae6efbe

Comment 8

[Sean Lin [:seanlin] (inactive from Mar 2016)]

Attachment: Patch, v3

Comment 9

[Pulsebot]

https://hg.mozilla.org/integration/b2g-inbound/rev/baebc49c4e48

Comment 10

[Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)]

https://hg.mozilla.org/mozilla-central/rev/baebc49c4e48