ExposedPropertiesOnly::check should leave the chrome compartment before checking UniversalXPConnect

RESOLVED FIXED in mozilla16

Status

()

defect
RESOLVED FIXED
7 years ago
4 months ago

People

(Reporter: bholley, Assigned: bholley)

Tracking

unspecified
mozilla16
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

This isn't a problem on trunk, because we don't base CAPS security decision on the context compartment. But with bug 754202, we do. Let's fix this.
Adding to the mess of the NodePrincipal (et al) check isn't great, but I'm refactoring that in bug 761704.
Attachment #632213 - Flags: review?(mrbkap)
Comment on attachment 632212 [details] [diff] [review]
Part 1 - Clarify compartment semantics for ExposedPropertiesOnly. v2

Review of attachment 632212 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/xpconnect/wrappers/AccessCheck.cpp
@@ +447,5 @@
>      }
> +
> +    // Double-check that the subject principal according to CAPS is a content
> +    // principal rather than the system principal. If it is, this check is
> +    // meaningless.

If it is or if it is not?
Attachment #632212 - Flags: review?(mrbkap) → review+
Attachment #632213 - Flags: review?(mrbkap) → review+
https://hg.mozilla.org/mozilla-central/rev/9523d286839d
https://hg.mozilla.org/mozilla-central/rev/256b856c0da6
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla16
You need to log in before you can comment on or make changes to this bug.