Bug 805807 - Make Components wrapper throw on denial. r=mrbkap

There's really no reason to use the wishy-washy static COW Deny() here. Also, note that the xpcshell-test wasn't testing what it thought it was - interfaces is accessible from content code.
iaxat · Nov 2, 2012 · 829f4e3 · 829f4e3
1 parent 18805a0
commit 829f4e3
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 21 deletions.
diff --git a/editor/libeditor/html/tests/test_bug468353.html b/editor/libeditor/html/tests/test_bug468353.html
@@ -42,7 +42,6 @@
 
 function runTest() {
   const Ci = SpecialPowers.Ci;
-  const Cc = SpecialPowers.Components.classes;
 
   /** Found while fixing bug 440614 **/
   var editframe = window.frames[0];

diff --git a/js/xpconnect/tests/unit/test_components.js b/js/xpconnect/tests/unit/test_components.js
@@ -1,5 +1,6 @@
+const Cu = Components.utils;
+
 function run_test() {
-  var Cu = Components.utils;
   var sb1 = Cu.Sandbox("http://www.blah.com");
   var sb2 = Cu.Sandbox("http://www.blah.com");
   var sb3 = Cu.Sandbox(this);
@@ -13,25 +14,19 @@ function run_test() {
 
   // non-chrome accessing chrome Components
   sb1.C = Components;
-  rv = Cu.evalInSandbox("C.utils", sb1);
-  do_check_eq(rv, undefined);  
-  rv = Cu.evalInSandbox("C.interfaces", sb1);
-  do_check_neq(rv, undefined);
+  checkThrows("C.utils", sb1);
+  checkThrows("C.classes", sb1);
 
   // non-chrome accessing own Components
-  rv = Cu.evalInSandbox("Components.utils", sb1);
-  do_check_eq(rv, undefined);
-  rv = Cu.evalInSandbox("Components.interfaces", sb1);
-  do_check_neq(rv, undefined); 
+  checkThrows("Components.utils", sb1);
+  checkThrows("Components.classes", sb1);
 
   // non-chrome same origin
   var C2 = Cu.evalInSandbox("Components", sb2);
-  do_check_neq(rv, C2.utils); 
+  do_check_neq(rv, C2.utils);
   sb1.C2 = C2;
-  rv = Cu.evalInSandbox("C2.utils", sb1);
-  do_check_eq(rv, undefined);
-  rv = Cu.evalInSandbox("C2.interfaces", sb1);
-  do_check_neq(rv, undefined);
+  checkThrows("C2.utils", sb1);
+  checkThrows("C2.classes", sb1);
 
   // chrome accessing chrome
   sb3.C = Components;
@@ -40,9 +35,11 @@ function run_test() {
 
   // non-chrome cross origin
   sb4.C2 = C2;
-  rv = Cu.evalInSandbox("C2.interfaces", sb1);
-  do_check_neq(rv, undefined);
-  rv = Cu.evalInSandbox("C2.utils", sb1);
-  do_check_eq(rv, undefined);
+  checkThrows("C2.utils", sb1);
+  checkThrows("C2.classes", sb1);
+}
 
+function checkThrows(expression, sb) {
+  var result = Cu.evalInSandbox('(function() { try { ' + expression + '; return "allowed"; } catch (e) { return e.toString(); }})();', sb);
+  do_check_true(!!/denied/.exec(result));
 }
diff --git a/js/xpconnect/wrappers/AccessCheck.cpp b/js/xpconnect/wrappers/AccessCheck.cpp
@@ -523,7 +523,8 @@ ComponentsObjectPolicy::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper
         return true;
     }
 
-    return Deny(cx, id, act);
+    AccessCheck::deny(cx, id);
+    return false;
 }
 
 }
diff --git a/toolkit/identity/tests/chrome/sandbox_content_perms.html b/toolkit/identity/tests/chrome/sandbox_content_perms.html
@@ -18,6 +18,15 @@
         return false;
       }
 
+      function CcDenied() {
+        try {
+          Components.classes;
+          return false;
+        } catch (e) {
+          return !!/denied/.exec(e);
+        }
+      }
+
       // Build an object with test results (true = pass)
       let results = {
         windowTop: window.top == window,
@@ -28,7 +37,7 @@
                                .docCharsetIsForced;
         }),
 
-        ccAccess: SpecialPowers.Components.classes == null,
+        ccAccess: !!CcDenied(),
       };
 
       let resultsJSON = JSON.stringify(results);