Closed Bug 985652 Opened 10 years ago Closed 10 years ago

Refactor preference actor permissions check

Categories

(DevTools Graveyard :: WebIDE, defect)

Product:
DevTools Graveyard
Component:
WebIDE
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox29 unaffected, firefox30 fixed, firefox31 fixed)

Status:
RESOLVED FIXED
Milestone:
Firefox 31
Tracking Flags:
Tracking Status
firefox29 --- unaffected
firefox30 --- fixed
firefox31 --- fixed

People

(Reporter: jryans, Assigned: jryans)

References

Details

Attachments

(1 file, 2 obsolete files)

Only register pref actor on b2g if certified is allowed (v3) (ochameau: r+)
7.83 KB, patch
jryans
: review+
lsblakk
: approval-mozilla-aurora+
Details | Diff | Splinter Review 
At the moment, the preference actor from bug 943251 guards all of its calls to ensure you have the proper pref set.

It's probably simpler to remove all these guards in the actor itself, and then just not list it at all in the "restricted" set[1] of global actors.

[1]: http://dxr.mozilla.org/mozilla-central/source/b2g/chrome/content/shell.js#1153
When reviewing bug 943251, I forgot about the outer block list we have on b2g.

So, this removes all the checks inside the actor, and just removes the actor entirely when we forbid certified.
Attachment #8395925 - Flags: review?(poirot.alex)
Forgot to update the test...

Try: https://tbpl.mozilla.org/?tree=Try&rev=8e6a651e96c3
Attachment #8395925 - Attachment is obsolete: true
Attachment #8395925 - Flags: review?(poirot.alex)
Attachment #8396031 - Flags: review?(poirot.alex)
Comment on attachment 8396031 [details] [diff] [review]
Only register pref actor on b2g if certified is allowed (v2)

Review of attachment 8396031 [details] [diff] [review]:
-----------------------------------------------------------------

::: b2g/chrome/content/shell.js
@@ -1153,5 @@
>            // unexpected actors
>            globalActorFactories: restrictPrivileges ? {
>              webappsActor: DebuggerServer.globalActorFactories.webappsActor,
>              deviceActor: DebuggerServer.globalActorFactories.deviceActor,
> -            preferenceActor: DebuggerServer.globalActorFactories.preferenceActor,

I know it is kind of duplicate effort to also not register the actor from main.js,
but I would be at ease if we also explicitely prevent it from being registered over here:
  http://mxr.mozilla.org/mozilla-central/source/toolkit/devtools/server/main.js#365
Attachment #8396031 - Flags: review?(poirot.alex) → review+
(In reply to Alexandre Poirot (:ochameau) from comment #4)
> Comment on attachment 8396031 [details] [diff] [review]
> Only register pref actor on b2g if certified is allowed (v2)
> 
> Review of attachment 8396031 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> ::: b2g/chrome/content/shell.js
> @@ -1153,5 @@
> >            // unexpected actors
> >            globalActorFactories: restrictPrivileges ? {
> >              webappsActor: DebuggerServer.globalActorFactories.webappsActor,
> >              deviceActor: DebuggerServer.globalActorFactories.deviceActor,
> > -            preferenceActor: DebuggerServer.globalActorFactories.preferenceActor,
> 
> I know it is kind of duplicate effort to also not register the actor from
> main.js,
> but I would be at ease if we also explicitely prevent it from being
> registered over here:
>  
> http://mxr.mozilla.org/mozilla-central/source/toolkit/devtools/server/main.
> js#365

Well, there has been talk of using this in the browser too (see bug 986855), so we'd need to register it somewhere, right?
(In reply to J. Ryan Stinnett [:jryans] from comment #5)
> Well, there has been talk of using this in the browser too (see bug 986855),
> so we'd need to register it somewhere, right?

Sure thing, I'm just suggesting to respect the restrictPrivileges variable:

-  this.registerModule("devtools/server/actors/preference");
+  if (!restrictPrivileges) {
+    this.registerModule("devtools/server/actors/preference");
+  }
(In reply to Alexandre Poirot (:ochameau) from comment #6)
> (In reply to J. Ryan Stinnett [:jryans] from comment #5)
> > Well, there has been talk of using this in the browser too (see bug 986855),
> > so we'd need to register it somewhere, right?
> 
> Sure thing, I'm just suggesting to respect the restrictPrivileges variable:
> 
> -  this.registerModule("devtools/server/actors/preference");
> +  if (!restrictPrivileges) {
> +    this.registerModule("devtools/server/actors/preference");
> +  }

Oh!  Yeah, that makes total sense! :)
https://hg.mozilla.org/mozilla-central/rev/14b1f8d4496d
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Whiteboard: [fixed-in-fx-team]
Target Milestone: --- → Firefox 31
Comment on attachment 8396687 [details] [diff] [review]
Only register pref actor on b2g if certified is allowed (v3) (ochameau: r+)

[Approval Request Comment]
Bug caused by (feature/regressing bug #): bug 943251
User impact if declined: No direct user impact, but we won't have a consistent interface for accessing prefs if this is left out of B2G 1.4 / Gecko 30.
Testing completed (on m-c, etc.): m-c
Risk to taking this patch (and alternatives if risky): none
String or IDL/UUID changes made by this patch: none
Attachment #8396687 - Flags: approval-mozilla-aurora?
Attachment #8396687 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Product: Firefox → DevTools
Product: DevTools → DevTools Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: