Bug 1129315 - require app processes update permissions after forked f…

…rom nuwa. r=jdm
iaxat · Mar 12, 2015 · e1ed327 · e1ed327
1 parent 508cfb0
commit e1ed327
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 22 deletions.
diff --git a/dom/ipc/ContentChild.cpp b/dom/ipc/ContentChild.cpp
@@ -531,6 +531,14 @@ InitOnContentProcessCreated()
         return;
     }
     PostForkPreload();
+
+    nsCOMPtr<nsIPermissionManager> permManager =
+        services::GetPermissionManager();
+    MOZ_ASSERT(permManager, "Unable to get permission manager");
+    nsresult rv = permManager->RefreshPermission();
+    if (NS_FAILED(rv)) {
+        MOZ_ASSERT(false, "Failed updating permission in child process");
+    }
 #endif
 
     nsCOMPtr<nsISystemMessageCache> smc =

diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
@@ -419,28 +419,8 @@ nsPermissionManager::Init()
   }
 
   if (IsChildProcess()) {
-    // Get the permissions from the parent process
-    InfallibleTArray<IPC::Permission> perms;
-    ChildProcess()->SendReadPermissions(&perms);
-
-    for (uint32_t i = 0; i < perms.Length(); i++) {
-      const IPC::Permission &perm = perms[i];
-
-      nsCOMPtr<nsIPrincipal> principal;
-      rv = GetPrincipal(perm.host, perm.appId, perm.isInBrowserElement, getter_AddRefs(principal));
-      NS_ENSURE_SUCCESS(rv, rv);
-
-      // The child process doesn't care about modification times - it neither
-      // reads nor writes, nor removes them based on the date - so 0 (which
-      // will end up as now()) is fine.
-      uint64_t modificationTime = 0;
-      AddInternal(principal, perm.type, perm.capability, 0, perm.expireType,
-                  perm.expireTime, modificationTime, eNotify, eNoDBOperation,
-                  true /* ignoreSessionPermissions */);
-    }
-
     // Stop here; we don't need the DB in the child process
-    return NS_OK;
+    return FetchPermissions();
   }
 
   // ignore failure here, since it's non-fatal (we can run fine without
@@ -451,6 +431,18 @@ nsPermissionManager::Init()
   return NS_OK;
 }
 
+NS_IMETHODIMP
+nsPermissionManager::RefreshPermission() {
+  NS_ENSURE_TRUE(IsChildProcess(), NS_ERROR_FAILURE);
+
+  nsresult rv = RemoveAllFromMemory();
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = FetchPermissions();
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  return NS_OK;
+}
+
 nsresult
 nsPermissionManager::InitDB(bool aRemoveFile)
 {
@@ -2214,3 +2206,29 @@ nsPermissionManager::UpdateExpireTime(nsIPrincipal* aPrincipal,
   }
   return NS_OK;
 }
+
+nsresult
+nsPermissionManager::FetchPermissions() {
+  MOZ_ASSERT(IsChildProcess(), "FetchPermissions can only be invoked in child process");
+  // Get the permissions from the parent process
+  InfallibleTArray<IPC::Permission> perms;
+  ChildProcess()->SendReadPermissions(&perms);
+
+  for (uint32_t i = 0; i < perms.Length(); i++) {
+    const IPC::Permission &perm = perms[i];
+
+    nsCOMPtr<nsIPrincipal> principal;
+    nsresult rv = GetPrincipal(perm.host, perm.appId,
+                               perm.isInBrowserElement, getter_AddRefs(principal));
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    // The child process doesn't care about modification times - it neither
+    // reads nor writes, nor removes them based on the date - so 0 (which
+    // will end up as now()) is fine.
+    uint64_t modificationTime = 0;
+    AddInternal(principal, perm.type, perm.capability, 0, perm.expireType,
+                perm.expireTime, modificationTime, eNotify, eNoDBOperation,
+                true /* ignoreSessionPermissions */);
+  }
+  return NS_OK;
+}
diff --git a/extensions/cookie/nsPermissionManager.h b/extensions/cookie/nsPermissionManager.h
@@ -312,6 +312,12 @@ class nsPermissionManager MOZ_FINAL : public nsIPermissionManager,
   nsresult
   RemoveAllModifiedSince(int64_t aModificationTime);
 
+  /**
+   * Retrieve permissions from chrome process.
+   */
+  nsresult
+  FetchPermissions();
+
   nsCOMPtr<nsIObserverService> mObserverService;
   nsCOMPtr<nsIIDNService>      mIDNService;
 

diff --git a/netwerk/base/nsIPermissionManager.idl b/netwerk/base/nsIPermissionManager.idl
@@ -37,7 +37,7 @@ interface nsIDOMWindow;
 interface nsIPermission;
 interface nsISimpleEnumerator;
 
-[scriptable, uuid(620d9b61-8997-4d13-aa64-ec03341dd75b)]
+[scriptable, uuid(93a156f8-bcc8-4568-a214-389b073332dd)]
 interface nsIPermissionManager : nsISupports
 {
   /**
@@ -255,6 +255,12 @@ interface nsIPermissionManager : nsISupports
                         in boolean exactHost,
                         in uint64_t sessionExpireTime,
                         in uint64_t persistentExpireTime);
+
+  /**
+   * Remove all current permission settings and get permission settings from
+   * chrome process.
+   */
+  void refreshPermission();
 };
 
 %{ C++