diff options
Diffstat (limited to 'dom/plugins')
| -rw-r--r-- | dom/plugins/base/PluginPRLibrary.cpp | 6 | ||||
| -rw-r--r-- | dom/plugins/base/PluginPRLibrary.h | 2 | ||||
| -rw-r--r-- | dom/plugins/base/nsNPAPIPlugin.cpp | 1 | ||||
| -rw-r--r-- | dom/plugins/base/nsPluginInstanceOwner.cpp | 28 | ||||
| -rw-r--r-- | dom/plugins/base/nsPluginTags.cpp | 25 | ||||
| -rw-r--r-- | dom/plugins/base/nsPluginTags.h | 1 | ||||
| -rw-r--r-- | dom/plugins/ipc/PluginLibrary.h | 2 | ||||
| -rwxr-xr-x | dom/plugins/ipc/PluginModuleParent.cpp | 4 | ||||
| -rw-r--r-- | dom/plugins/ipc/PluginModuleParent.h | 4 | ||||
| -rw-r--r-- | dom/plugins/ipc/PluginProcessChild.cpp | 10 | ||||
| -rw-r--r-- | dom/plugins/ipc/PluginProcessParent.cpp | 85 | ||||
| -rw-r--r-- | dom/plugins/ipc/moz.build | 6 | ||||
| -rw-r--r-- | dom/plugins/test/mochitest/test_bug813906.html | 22 | ||||
| -rw-r--r-- | dom/plugins/test/mochitest/test_pluginstream_err.html | 8 |
14 files changed, 48 insertions, 156 deletions
diff --git a/dom/plugins/base/PluginPRLibrary.cpp b/dom/plugins/base/PluginPRLibrary.cpp index a7ad76ea4..ecc55d455 100644 --- a/dom/plugins/base/PluginPRLibrary.cpp +++ b/dom/plugins/base/PluginPRLibrary.cpp @@ -57,12 +57,6 @@ PluginPRLibrary::NP_Initialize(NPNetscapeFuncs* bFuncs, mNPP_GetSitesWithData = pFuncs->getsiteswithdata; return NS_OK; } -#elif defined(MOZ_WIDGET_GONK) -nsresult -PluginPRLibrary::NP_Initialize(NPNetscapeFuncs* bFuncs, NPError* error) -{ - return NS_OK; -} #elif defined(XP_UNIX) && !defined(XP_MACOSX) nsresult PluginPRLibrary::NP_Initialize(NPNetscapeFuncs* bFuncs, diff --git a/dom/plugins/base/PluginPRLibrary.h b/dom/plugins/base/PluginPRLibrary.h index 602ad8cf8..ffd3de934 100644 --- a/dom/plugins/base/PluginPRLibrary.h +++ b/dom/plugins/base/PluginPRLibrary.h @@ -81,7 +81,7 @@ public: return true; } -#if defined(XP_UNIX) && !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK) +#if defined(XP_UNIX) && !defined(XP_MACOSX) virtual nsresult NP_Initialize(NPNetscapeFuncs* aNetscapeFuncs, NPPluginFuncs* aFuncs, NPError* aError) override; #else diff --git a/dom/plugins/base/nsNPAPIPlugin.cpp b/dom/plugins/base/nsNPAPIPlugin.cpp index 1bea269cd..697bfacd4 100644 --- a/dom/plugins/base/nsNPAPIPlugin.cpp +++ b/dom/plugins/base/nsNPAPIPlugin.cpp @@ -320,7 +320,6 @@ nsNPAPIPlugin::CreatePlugin(nsPluginTag *aPluginTag, nsNPAPIPlugin** aResult) if (rv != NS_OK || pluginCallError != NPERR_NO_ERROR) { return NS_ERROR_FAILURE; } -#elif defined(MOZ_WIDGET_GONK) #else NPError pluginCallError; nsresult rv = pluginLib->NP_Initialize(&sBrowserFuncs, &plugin->mPluginFuncs, &pluginCallError); diff --git a/dom/plugins/base/nsPluginInstanceOwner.cpp b/dom/plugins/base/nsPluginInstanceOwner.cpp index b7651be1a..d5b1eb9ea 100644 --- a/dom/plugins/base/nsPluginInstanceOwner.cpp +++ b/dom/plugins/base/nsPluginInstanceOwner.cpp @@ -535,16 +535,6 @@ NS_IMETHODIMP nsPluginInstanceOwner::GetURL(const char *aURL, nsresult rv = NS_NewURI(getter_AddRefs(uri), aURL, baseURI); NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE); - if (aDoCheckLoadURIChecks) { - nsCOMPtr<nsIScriptSecurityManager> secMan( - do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv)); - NS_ENSURE_TRUE(secMan, NS_ERROR_FAILURE); - - rv = secMan->CheckLoadURIWithPrincipal(content->NodePrincipal(), uri, - nsIScriptSecurityManager::STANDARD); - NS_ENSURE_SUCCESS(rv, rv); - } - nsCOMPtr<nsIInputStream> headersDataStream; if (aPostStream && aHeadersData) { if (!aHeadersDataLen) @@ -563,8 +553,21 @@ NS_IMETHODIMP nsPluginInstanceOwner::GetURL(const char *aURL, Preferences::GetInt("privacy.popups.disable_from_plugins"); nsAutoPopupStatePusher popupStatePusher((PopupControlState)blockPopups); + + // if security checks (in particular CheckLoadURIWithPrincipal) needs + // to be skipped we are creating a codebasePrincipal to make sure + // that security check succeeds. Please note that we do not want to + // fall back to using the systemPrincipal, because that would also + // bypass ContentPolicy checks which should still be enforced. + nsCOMPtr<nsIPrincipal> triggeringPrincipal; + if (!aDoCheckLoadURIChecks) { + mozilla::PrincipalOriginAttributes attrs = + BasePrincipal::Cast(content->NodePrincipal())->OriginAttributesRef(); + triggeringPrincipal = BasePrincipal::CreateCodebasePrincipal(uri, attrs); + } + rv = lh->OnLinkClick(content, uri, unitarget.get(), NullString(), - aPostStream, headersDataStream, true); + aPostStream, headersDataStream, true, triggeringPrincipal); return rv; } @@ -2532,6 +2535,7 @@ nsEventStatus nsPluginInstanceOwner::ProcessEvent(const WidgetGUIEvent& anEvent) NS_ASSERTION(anEvent.mMessage == eMouseDown || anEvent.mMessage == eMouseUp || anEvent.mMessage == eMouseDoubleClick || + anEvent.mMessage == eMouseAuxClick || anEvent.mMessage == eMouseOver || anEvent.mMessage == eMouseOut || anEvent.mMessage == eMouseMove || @@ -2594,6 +2598,7 @@ nsEventStatus nsPluginInstanceOwner::ProcessEvent(const WidgetGUIEvent& anEvent) switch (anEvent.mMessage) { case eMouseClick: case eMouseDoubleClick: + case eMouseAuxClick: // Button up/down events sent instead. return rv; default: @@ -2797,6 +2802,7 @@ nsEventStatus nsPluginInstanceOwner::ProcessEvent(const WidgetGUIEvent& anEvent) switch (anEvent.mMessage) { case eMouseClick: case eMouseDoubleClick: + case eMouseAuxClick: // Button up/down events sent instead. return rv; default: diff --git a/dom/plugins/base/nsPluginTags.cpp b/dom/plugins/base/nsPluginTags.cpp index ddc3968fd..a794c416c 100644 --- a/dom/plugins/base/nsPluginTags.cpp +++ b/dom/plugins/base/nsPluginTags.cpp @@ -248,7 +248,6 @@ nsPluginTag::nsPluginTag(nsPluginInfo* aPluginInfo, aPluginInfo->fMimeDescriptionArray, aPluginInfo->fExtensionArray, aPluginInfo->fVariantCount); - InitSandboxLevel(); EnsureMembersAreUTF8(); FixupVersion(); } @@ -283,7 +282,6 @@ nsPluginTag::nsPluginTag(const char* aName, { InitMime(aMimeTypes, aMimeDescriptions, aExtensions, static_cast<uint32_t>(aVariants)); - InitSandboxLevel(); if (!aArgsAreUTF8) EnsureMembersAreUTF8(); FixupVersion(); @@ -424,29 +422,6 @@ void nsPluginTag::InitMime(const char* const* aMimeTypes, } } -void -nsPluginTag::InitSandboxLevel() -{ -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - nsAutoCString sandboxPref("dom.ipc.plugins.sandbox-level."); - sandboxPref.Append(GetNiceFileName()); - if (NS_FAILED(Preferences::GetInt(sandboxPref.get(), &mSandboxLevel))) { - mSandboxLevel = Preferences::GetInt("dom.ipc.plugins.sandbox-level.default" -); - } - -#if defined(_AMD64_) - // As level 2 is now the default NPAPI sandbox level for 64-bit flash, we - // don't want to allow a lower setting unless this environment variable is - // set. This should be changed if the firefox.js pref file is changed. - if (mIsFlashPlugin && - !PR_GetEnv("MOZ_ALLOW_WEAKER_SANDBOX") && mSandboxLevel < 2) { - mSandboxLevel = 2; - } -#endif -#endif -} - #if !defined(XP_WIN) && !defined(XP_MACOSX) static nsresult ConvertToUTF8(nsIUnicodeDecoder *aUnicodeDecoder, nsAFlatCString& aString) diff --git a/dom/plugins/base/nsPluginTags.h b/dom/plugins/base/nsPluginTags.h index f1f03169b..9686d7e7a 100644 --- a/dom/plugins/base/nsPluginTags.h +++ b/dom/plugins/base/nsPluginTags.h @@ -190,7 +190,6 @@ private: const char* const* aMimeDescriptions, const char* const* aExtensions, uint32_t aVariantCount); - void InitSandboxLevel(); nsresult EnsureMembersAreUTF8(); void FixupVersion(); diff --git a/dom/plugins/ipc/PluginLibrary.h b/dom/plugins/ipc/PluginLibrary.h index c9499ee0d..2f9a3f81b 100644 --- a/dom/plugins/ipc/PluginLibrary.h +++ b/dom/plugins/ipc/PluginLibrary.h @@ -57,7 +57,7 @@ public: virtual bool HasRequiredFunctions() = 0; -#if defined(XP_UNIX) && !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK) +#if defined(XP_UNIX) && !defined(XP_MACOSX) virtual nsresult NP_Initialize(NPNetscapeFuncs* bFuncs, NPPluginFuncs* pFuncs, NPError* error) = 0; #else virtual nsresult NP_Initialize(NPNetscapeFuncs* bFuncs, NPError* error) = 0; diff --git a/dom/plugins/ipc/PluginModuleParent.cpp b/dom/plugins/ipc/PluginModuleParent.cpp index 73f9c1025..ae6da8787 100755 --- a/dom/plugins/ipc/PluginModuleParent.cpp +++ b/dom/plugins/ipc/PluginModuleParent.cpp @@ -529,7 +529,7 @@ PluginModuleChromeParent::OnProcessLaunched(const bool aSucceeded) if (NS_SUCCEEDED(mAsyncInitRv)) #endif { -#if defined(XP_UNIX) && !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK) +#if defined(XP_UNIX) && !defined(XP_MACOSX) mAsyncInitRv = NP_Initialize(mNPNIface, mNPPIface, &mAsyncInitError); @@ -1745,7 +1745,7 @@ PluginModuleChromeParent::CachedSettingChanged(const char* aPref, void* aModule) module->CachedSettingChanged(); } -#if defined(XP_UNIX) && !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK) +#if defined(XP_UNIX) && !defined(XP_MACOSX) nsresult PluginModuleParent::NP_Initialize(NPNetscapeFuncs* bFuncs, NPPluginFuncs* pFuncs, NPError* error) { diff --git a/dom/plugins/ipc/PluginModuleParent.h b/dom/plugins/ipc/PluginModuleParent.h index 946d4c236..d00a01401 100644 --- a/dom/plugins/ipc/PluginModuleParent.h +++ b/dom/plugins/ipc/PluginModuleParent.h @@ -267,7 +267,7 @@ protected: const mozilla::NativeEventData& aNativeKeyData, bool aIsConsumed) override; -#if defined(XP_UNIX) && !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK) +#if defined(XP_UNIX) && !defined(XP_MACOSX) virtual nsresult NP_Initialize(NPNetscapeFuncs* bFuncs, NPPluginFuncs* pFuncs, NPError* error) override; #else virtual nsresult NP_Initialize(NPNetscapeFuncs* bFuncs, NPError* error) override; @@ -517,7 +517,7 @@ private: PluginProcessParent* Process() const { return mSubprocess; } base::ProcessHandle ChildProcessHandle() { return mSubprocess->GetChildProcessHandle(); } -#if defined(XP_UNIX) && !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GONK) +#if defined(XP_UNIX) && !defined(XP_MACOSX) virtual nsresult NP_Initialize(NPNetscapeFuncs* bFuncs, NPPluginFuncs* pFuncs, NPError* error) override; #else virtual nsresult NP_Initialize(NPNetscapeFuncs* bFuncs, NPError* error) override; diff --git a/dom/plugins/ipc/PluginProcessChild.cpp b/dom/plugins/ipc/PluginProcessChild.cpp index eb698e8af..32bf06215 100644 --- a/dom/plugins/ipc/PluginProcessChild.cpp +++ b/dom/plugins/ipc/PluginProcessChild.cpp @@ -22,10 +22,6 @@ extern "C" CGError CGSSetDebugOptions(int options); #ifdef XP_WIN bool ShouldProtectPluginCurrentDirectory(char16ptr_t pluginFilePath); -#if defined(MOZ_SANDBOX) -#define TARGET_SANDBOX_EXPORTS -#include "mozilla/sandboxTarget.h" -#endif #endif using mozilla::ipc::IOThreadChild; @@ -107,12 +103,6 @@ PluginProcessChild::Init() pluginFilename = WideToUTF8(values[0]); -#if defined(MOZ_SANDBOX) - // This is probably the earliest we would want to start the sandbox. - // As we attempt to tighten the sandbox, we may need to consider moving this - // to later in the plugin initialization. - mozilla::SandboxTarget::Instance()->StartSandbox(); -#endif #else # error Sorry #endif diff --git a/dom/plugins/ipc/PluginProcessParent.cpp b/dom/plugins/ipc/PluginProcessParent.cpp index 2a73bce51..fb0e18246 100644 --- a/dom/plugins/ipc/PluginProcessParent.cpp +++ b/dom/plugins/ipc/PluginProcessParent.cpp @@ -14,10 +14,6 @@ #include "mozilla/Telemetry.h" #include "nsThreadUtils.h" -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -#include "nsDirectoryServiceDefs.h" -#endif - using std::vector; using std::string; @@ -40,95 +36,14 @@ PluginProcessParent::~PluginProcessParent() { } -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -static void -AddSandboxAllowedFile(vector<std::wstring>& aAllowedFiles, nsIProperties* aDirSvc, - const char* aDir, const nsAString& aSuffix = EmptyString()) -{ - nsCOMPtr<nsIFile> userDir; - nsresult rv = aDirSvc->Get(aDir, NS_GET_IID(nsIFile), getter_AddRefs(userDir)); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - - nsAutoString userDirPath; - rv = userDir->GetPath(userDirPath); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - - if (!aSuffix.IsEmpty()) { - userDirPath.Append(aSuffix); - } - aAllowedFiles.push_back(std::wstring(userDirPath.get())); - return; -} - -static void -AddSandboxAllowedFiles(int32_t aSandboxLevel, - vector<std::wstring>& aAllowedFilesRead, - vector<std::wstring>& aAllowedFilesReadWrite, - vector<std::wstring>& aAllowedDirectories) -{ - if (aSandboxLevel < 2) { - return; - } - - nsresult rv; - nsCOMPtr<nsIProperties> dirSvc = - do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - - // Higher than level 2 currently removes the users own rights. - if (aSandboxLevel > 2) { - AddSandboxAllowedFile(aAllowedFilesRead, dirSvc, NS_WIN_HOME_DIR); - AddSandboxAllowedFile(aAllowedFilesRead, dirSvc, NS_WIN_HOME_DIR, - NS_LITERAL_STRING("\\*")); - } - - // Level 2 and above is now using low integrity, so we need to give write - // access to the Flash directories. - // This should be made Flash specific (Bug 1171396). - AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*")); - AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_LOCAL_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*")); - AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Adobe\\Flash Player\\*")); - - // Access also has to be given to create the parent directories as they may - // not exist. - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia\\Flash Player")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_LOCAL_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_LOCAL_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia\\Flash Player")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Adobe")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Adobe\\Flash Player")); -} -#endif - bool PluginProcessParent::Launch(mozilla::UniquePtr<LaunchCompleteTask> aLaunchCompleteTask, int32_t aSandboxLevel) { -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - mSandboxLevel = aSandboxLevel; - AddSandboxAllowedFiles(mSandboxLevel, mAllowedFilesRead, - mAllowedFilesReadWrite, mAllowedDirectories); -#else if (aSandboxLevel != 0) { MOZ_ASSERT(false, "Can't enable an NPAPI process sandbox for platform/build."); } -#endif ProcessArchitecture currentArchitecture = base::GetCurrentProcessArchitecture(); uint32_t containerArchitectures = GetSupportedArchitecturesForProcessType(GeckoProcessType_Plugin); diff --git a/dom/plugins/ipc/moz.build b/dom/plugins/ipc/moz.build index b569aeb4c..15ed6410d 100644 --- a/dom/plugins/ipc/moz.build +++ b/dom/plugins/ipc/moz.build @@ -125,12 +125,6 @@ LOCAL_INCLUDES += [ '/xpcom/base/', ] -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT': - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - ] - DEFINES['FORCE_PR_LOG'] = True if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'gtk3': diff --git a/dom/plugins/test/mochitest/test_bug813906.html b/dom/plugins/test/mochitest/test_bug813906.html index 04c34daaf..d18dbbff2 100644 --- a/dom/plugins/test/mochitest/test_bug813906.html +++ b/dom/plugins/test/mochitest/test_bug813906.html @@ -18,21 +18,35 @@ function f() { </script> <script type="application/javascript"> +SimpleTest.requestFlakyTimeout( + "Blocking an iframe does not cause the onerror event to be fired"); + SimpleTest.waitForExplicitFinish(); setTestPluginEnabledState(SpecialPowers.Ci.nsIPluginTag.STATE_ENABLED); var frameLoadCount = 0; + +function frameNavBlocked() { + isnot(SpecialPowers.wrap(window.frame1).location.href.indexOf('chrome://'), + 0, 'plugin shouldnt be able to cause navigation to chrome URLs'); + SimpleTest.finish(); +} + function frameLoaded() { frameLoadCount++; if (frameLoadCount == 1) { document.getElementsByTagName("object")[0].type = "application/x-test"; document.getElementsByTagName("use")[0].setAttributeNS("http://www.w3.org/1999/xlink", "href", location.href + "#a"); - } else if (frameLoadCount == 2) { - isnot(SpecialPowers.wrap(window.frame1).location.href.indexOf('chrome://'), - 0, 'plugin shouldnt be able to cause navigation to chrome URLs'); - SimpleTest.finish(); + + // wait two seconds and verify that frame navigation did not succeed + setTimeout(frameNavBlocked, 2000); + return; } + // we should never get here, but just in case, make sure the test fails in that case. + ok(false, "onload() event should not fire for blocked navigation"); + SimpleTest.finish(); } + </script> <!-- Note that <svg:use> ends up creating an anonymous subtree, which means that the plugin diff --git a/dom/plugins/test/mochitest/test_pluginstream_err.html b/dom/plugins/test/mochitest/test_pluginstream_err.html index 0ac2a5efc..79f06154c 100644 --- a/dom/plugins/test/mochitest/test_pluginstream_err.html +++ b/dom/plugins/test/mochitest/test_pluginstream_err.html @@ -13,7 +13,7 @@ Tests for plugin stream error conditions. <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> </head> -<body onload="runNextTest()"> +<body onload="startTests()"> <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=517078"> Mozilla Bug 517078</a> - Plugin Stream Error Tests <p id="display"></p> @@ -158,6 +158,12 @@ function continueTest() { index++; } +function startTests() { + SpecialPowers.pushPrefEnv({"set": [ + ["security.data_uri.block_toplevel_data_uri_navigations", false], + ]}, runNextTest); +} + </script> </div> </body> |