Closed Bug 1396449 Opened 7 years ago Closed 7 years ago

DeCOMtaminate extension principals

Categories

(Core :: Security: CAPS, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla57
Tracking Status
firefox57 --- fixed

People

(Reporter: kmag, Assigned: kmag)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

I've been meaning to do this since I started on bug 1322235. In that bug, we made some parts of extension security checks much faster, but there's still a lot of needless COM overhead in the code path that CAPS uses to access the extension policy service.

At this point, there's a completely devirtualized API that we should be using instead, rather than doing expensive string-based lookups through COM layers every time we need to test something.
Comment on attachment 8904091 [details]
Bug 1396449: Part 1 - Use WebExtensionPolicy objects in extension content principals.

https://reviewboard.mozilla.org/r/175844/#review181312

Makes sense to me.

::: caps/BasePrincipal.cpp:456
(Diff revision 2)
> -  nsAutoString addonId;
> -  NS_ENSURE_SUCCESS(GetAddonId(addonId), false);
> +  auto policy = AddonPolicy();
> +  if (policy) {

Nit: I'd prefer these two lines (here and above) to be merged... not that important if you prefer it this way though...

::: caps/nsIPrincipal.idl:17
(Diff revision 2)
> +namespace extensions {
> +class WebExtensionPolicy;
> +}

What do you need this for here?
Attachment #8904091 - Flags: review?(gkrizsanits) → review+
Comment on attachment 8904092 [details]
Bug 1396449: Part 2 - Use atoms to test WebExtension permissions.

https://reviewboard.mozilla.org/r/175846/#review181320

\o/
Attachment #8904092 - Flags: review?(gkrizsanits) → review+
Comment on attachment 8904091 [details]
Bug 1396449: Part 1 - Use WebExtensionPolicy objects in extension content principals.

https://reviewboard.mozilla.org/r/175844/#review181312

> What do you need this for here?

Oops. I initially added the native version of AddonPolicy() to the IDL, but that required it to be virtual, which I wanted to avoid. I forgot to remove this afterwards.
https://hg.mozilla.org/integration/mozilla-inbound/rev/c105574f5739c8582a8bfdd12b2cb945bff288d6
Bug 1396449: Part 1 - Use WebExtensionPolicy objects in extension content principals. r=krizsa

https://hg.mozilla.org/integration/mozilla-inbound/rev/3923d2a0cf1f5dab3ea467c6956e2d2c7ea2ba43
Bug 1396449: Part 2 - Use atoms to test WebExtension permissions. r=krizsa
Depends on: 1448604
You need to log in before you can comment on or make changes to this bug.