ExposedPropertiesOnly::check should leave the chrome compartment before checking UniversalXPConnect

RESOLVED FIXED in mozilla16

Status

()

Core
XPConnect
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: bholley, Assigned: bholley)

Tracking

(Blocks: 1 bug)

unspecified
mozilla16
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

This isn't a problem on trunk, because we don't base CAPS security decision on the context compartment. But with bug 754202, we do. Let's fix this.
Created attachment 632212 [details] [diff] [review]
Part 1 - Clarify compartment semantics for ExposedPropertiesOnly. v2
Attachment #632212 - Flags: review?(mrbkap)
Created attachment 632213 [details] [diff] [review]
Part 2 - Clarify compartment situation in Xray wrapper. v1

Adding to the mess of the NodePrincipal (et al) check isn't great, but I'm refactoring that in bug 761704.
Attachment #632213 - Flags: review?(mrbkap)
Comment on attachment 632212 [details] [diff] [review]
Part 1 - Clarify compartment semantics for ExposedPropertiesOnly. v2

Review of attachment 632212 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/xpconnect/wrappers/AccessCheck.cpp
@@ +447,5 @@
>      }
> +
> +    // Double-check that the subject principal according to CAPS is a content
> +    // principal rather than the system principal. If it is, this check is
> +    // meaningless.

If it is or if it is not?

Updated

5 years ago
Attachment #632212 - Flags: review?(mrbkap) → review+

Updated

5 years ago
Attachment #632213 - Flags: review?(mrbkap) → review+
Pushed to try: https://tbpl.mozilla.org/?tree=Try&rev=0eb257679869
Pushed to m-i:

http://hg.mozilla.org/integration/mozilla-inbound/rev/256b856c0da6
http://hg.mozilla.org/integration/mozilla-inbound/rev/9523d286839d

Comment 6

5 years ago
https://hg.mozilla.org/mozilla-central/rev/9523d286839d
https://hg.mozilla.org/mozilla-central/rev/256b856c0da6
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla16
Blocks: 766641
You need to log in before you can comment on or make changes to this bug.