Bug 1491342 - Ignore document.domain in ShouldWaiveXray. r=bholley

We want to get rid of JS_GetCompartmentPrincipals. The origin stored in CompartmentPrivate does not account for document.domain changes because that's a per-realm thing. Fortunately we should not have waivers in any cases that involve document.domain. Differential Revision: https://phabricator.services.mozilla.com/D6035 --HG-- extra : moz-landing-system : lando
dothq · Sep 21, 2018 · 4a02cf5 · 4a02cf5
1 parent 53a8a14
commit 4a02cf5
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 6 deletions.
diff --git a/caps/BasePrincipal.h b/caps/BasePrincipal.h
@@ -162,6 +162,7 @@ class BasePrincipal : public nsJSPrincipals
   inline bool FastEqualsConsideringDomain(nsIPrincipal* aOther);
   inline bool FastSubsumes(nsIPrincipal* aOther);
   inline bool FastSubsumesConsideringDomain(nsIPrincipal* aOther);
+  inline bool FastSubsumesIgnoringFPD(nsIPrincipal* aOther);
   inline bool FastSubsumesConsideringDomainIgnoringFPD(nsIPrincipal* aOther);
 
   // Returns the principal to inherit when a caller with this principal loads
@@ -234,6 +235,9 @@ class BasePrincipal : public nsJSPrincipals
   CreateCodebasePrincipal(nsIURI* aURI, const OriginAttributes& aAttrs,
                           const nsACString& aOriginNoSuffix);
 
+  inline bool FastSubsumesIgnoringFPD(nsIPrincipal* aOther,
+                                      DocumentDomainConsideration aConsideration);
+
   RefPtr<nsAtom> mOriginNoSuffix;
   RefPtr<nsAtom> mOriginSuffix;
 
@@ -317,15 +321,28 @@ BasePrincipal::FastSubsumesConsideringDomain(nsIPrincipal* aOther)
 }
 
 inline bool
-BasePrincipal::FastSubsumesConsideringDomainIgnoringFPD(nsIPrincipal* aOther)
+BasePrincipal::FastSubsumesIgnoringFPD(nsIPrincipal* aOther,
+                                       DocumentDomainConsideration aConsideration)
 {
   if (Kind() == eCodebasePrincipal &&
       !dom::ChromeUtils::IsOriginAttributesEqualIgnoringFPD(
             mOriginAttributes, Cast(aOther)->mOriginAttributes)) {
     return false;
   }
 
- return SubsumesInternal(aOther, ConsiderDocumentDomain);
+  return SubsumesInternal(aOther, aConsideration);
+}
+
+inline bool
+BasePrincipal::FastSubsumesIgnoringFPD(nsIPrincipal* aOther)
+{
+  return FastSubsumesIgnoringFPD(aOther, DontConsiderDocumentDomain);
+}
+
+inline bool
+BasePrincipal::FastSubsumesConsideringDomainIgnoringFPD(nsIPrincipal* aOther)
+{
+  return FastSubsumesIgnoringFPD(aOther, ConsiderDocumentDomain);
 }
 
 } // namespace mozilla

diff --git a/js/xpconnect/src/XPCJSRuntime.cpp b/js/xpconnect/src/XPCJSRuntime.cpp
@@ -606,6 +606,16 @@ CompartmentOriginInfo::Subsumes(JS::Compartment* aCompA, JS::Compartment* aCompB
     return apriv->originInfo.mOrigin->FastSubsumes(bpriv->originInfo.mOrigin);
 }
 
+/* static */ bool
+CompartmentOriginInfo::SubsumesIgnoringFPD(JS::Compartment* aCompA, JS::Compartment* aCompB)
+{
+    CompartmentPrivate* apriv = CompartmentPrivate::Get(aCompA);
+    CompartmentPrivate* bpriv = CompartmentPrivate::Get(aCompB);
+    MOZ_ASSERT(apriv);
+    MOZ_ASSERT(bpriv);
+    return apriv->originInfo.mOrigin->FastSubsumesIgnoringFPD(bpriv->originInfo.mOrigin);
+}
+
 void
 SetCompartmentChangedDocumentDomain(JS::Compartment* compartment)
 {

diff --git a/js/xpconnect/src/xpcprivate.h b/js/xpconnect/src/xpcprivate.h
@@ -2934,6 +2934,7 @@ class CompartmentOriginInfo
 
     // Does the principal of compartment a subsume the principal of compartment b?
     static bool Subsumes(JS::Compartment* aCompA, JS::Compartment* aCompB);
+    static bool SubsumesIgnoringFPD(JS::Compartment* aCompA, JS::Compartment* aCompB);
 
     bool MightBeWebContent() const;
 

diff --git a/js/xpconnect/wrappers/WrapperFactory.cpp b/js/xpconnect/wrappers/WrapperFactory.cpp
@@ -147,12 +147,12 @@ ShouldWaiveXray(JSContext* cx, JSObject* originalObj)
     bool sameOrigin = false;
     if (OriginAttributes::IsRestrictOpenerAccessForFPI()) {
         sameOrigin =
-            AccessCheck::subsumesConsideringDomain(oldCompartment, newCompartment) &&
-            AccessCheck::subsumesConsideringDomain(newCompartment, oldCompartment);
+            CompartmentOriginInfo::Subsumes(oldCompartment, newCompartment) &&
+            CompartmentOriginInfo::Subsumes(newCompartment, oldCompartment);
     } else {
         sameOrigin =
-            AccessCheck::subsumesConsideringDomainIgnoringFPD(oldCompartment, newCompartment) &&
-            AccessCheck::subsumesConsideringDomainIgnoringFPD(newCompartment, oldCompartment);
+            CompartmentOriginInfo::SubsumesIgnoringFPD(oldCompartment, newCompartment) &&
+            CompartmentOriginInfo::SubsumesIgnoringFPD(newCompartment, oldCompartment);
     }
     return sameOrigin;
 }