Closed
Bug 1235667
Opened 9 years ago
Closed 9 years ago
PermissionsUtils.jsm needs to stop using createCodebasePrincipalFromOrigin
Categories
(Firefox :: Security, defect)
Firefox
Security
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: huseby, Assigned: timhuang)
References
Details
(Whiteboard: [OA])
Attachments
(1 file)
In the file toolkit/modules/PermissionUtils.jsm there's this code:
> 29 for (let origin of origins) {
> 30 let principals = [];
> 31 try {
> 32 principals = [ Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(origin) ];
Since is related to preferences, which we're not going to isolate by user context id (yet), the solution is to populate an origin attribute from the origin, then create a GlobalContextOriginAttribute to force the user context id to 0, then call createCodebasePrincipal with the origin and the origin attributes instead.
Assignee | ||
Updated•9 years ago
|
Assignee: huseby → tihuang
Assignee | ||
Comment 1•9 years ago
|
||
Attachment #8733793 -
Flags: review?(huseby)
Reporter | ||
Comment 2•9 years ago
|
||
So this patch is no longer needed, for the same reasons I stated here: https://bugzilla.mozilla.org/show_bug.cgi?id=1240853#c2
This code is meant to import permissions from a pref. We don't isolate permissions on user context so propagating origin attributes is not necessary. The call to:
> Services.perms.addFromPrincipal(principal, aPermission, aAction);
here: http://mzl.la/1UpVFVh ultimately calls nsPermissionManager::AddInternal() (http://mzl.la/1PtZobU) which uses a PermissionKey object to get the hashed string value for isolating the permission. PermissionKey only uses the origin and not the origin attributes, so there is no reason to add any code for handling the origin attributes.
The bug should be RESOLVED, WON'T FIX
Reporter | ||
Comment 3•9 years ago
|
||
Comment on attachment 8733793 [details] [diff] [review]
Fix the PermissionsUtils.jsm for using createCodebasePrincipal instead of createCodebasePrincipalFromOrigin.
Review of attachment 8733793 [details] [diff] [review]:
-----------------------------------------------------------------
See https://bugzilla.mozilla.org/show_bug.cgi?id=1235667#c2
Attachment #8733793 -
Flags: review?(huseby) → review-
Reporter | ||
Comment 4•9 years ago
|
||
As I pointed out in comment 2, this patch is not needed.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Reporter | ||
Updated•9 years ago
|
Whiteboard: [OA]
You need to log in
before you can comment on or make changes to this bug.
Description
•