Commit b33ce66d authored by Brindusan Cristian's avatar Brindusan Cristian
Browse files

Backed out changeset 2ade9dd19ad1 (bug 1688800) for build bustages at... 

Backed out changeset 2ade9dd19ad1 (bug 1688800) for build bustages at nsContentSecurityUtils.cpp. CLOSED TREE
parent 44072640

browser/app/profile/firefox.js

+3 −1
Original line number Diff line number Diff line
@@ -578,7 +578,9 @@ pref("browser.tabs.tooltipsShowPidAndActiveness", false); 
pref("security.allow_eval_with_system_principal", false);

pref("security.allow_eval_in_parent_process", false);



#if defined(NIGHTLY_BUILD)

  pref("security.allow_parent_unrestricted_js_loads", false);

#endif



// Unload tabs when available memory is running low

pref("browser.tabs.unloadOnLowMemory", false);

dom/security/nsContentSecurityManager.cpp

+0 −6
Original line number Diff line number Diff line
@@ -36,7 +36,6 @@ 
#include "mozilla/dom/Document.h"

#include "mozilla/Components.h"

#include "mozilla/Logging.h"

#include "mozilla/Maybe.h"

#include "mozilla/Preferences.h"

#include "mozilla/StaticPrefs_dom.h"

#include "mozilla/StaticPrefs_security.h"
@@ -57,11 +56,6 @@ NS_IMPL_ISUPPORTS(nsContentSecurityManager, nsIContentSecurityManager, 


mozilla::LazyLogModule sCSMLog("CSMLog");



// These first two are used for off-the-main-thread checks of

// general.config.filename

//   (which can't be checked off-main-thread).

Atomic<bool, mozilla::Relaxed> sJSHacksChecked(false);

Atomic<bool, mozilla::Relaxed> sJSHacksPresent(false);

Atomic<bool, mozilla::Relaxed> sTelemetryEventEnabled(false);



/* static */

dom/security/nsContentSecurityUtils.cpp

+35 −58
Original line number Diff line number Diff line
@@ -49,8 +49,6 @@ using namespace mozilla::dom; 
using namespace mozilla::Telemetry;



extern mozilla::LazyLogModule sCSMLog;

extern Atomic<bool, mozilla::Relaxed> sJSHacksChecked;

extern Atomic<bool, mozilla::Relaxed> sJSHacksPresent;

extern Atomic<bool, mozilla::Relaxed> sTelemetryEventEnabled;



// Helper function for IsConsideredSameOriginForUIR which makes
@@ -476,12 +474,16 @@ bool nsContentSecurityUtils::IsEvalAllowed(JSContext* cx, 
    return true;

  }



  // We can only perform the check of this preference on the Main Thread

  // We only perform a check of this preference on the Main Thread

  // (because a String-based preference check is only safe on Main Thread.)

  // In theory, it would be possible that a separate thread could get here

  // before the main thread, resulting in the other thread not being able to

  // perform this check, but the odds of that are small (and probably zero.)

  if (MOZ_UNLIKELY(!sJSHacksChecked) && NS_IsMainThread()) {

  // The consequence of this is that if a user is using userChromeJS _and_

  // the scripts they use start a worker and that worker uses eval - we will

  // enter this function, skip over this pref check that would normally cause

  // us to allow the eval usage - and we will block it.

  // While not ideal, we do not officially support userChromeJS, and hopefully

  // the usage of workers and eval in workers is even lower that userChromeJS

  // usage.

  if (NS_IsMainThread()) {

    // This preference is a file used for autoconfiguration of Firefox

    // by administrators. It has also been (ab)used by the userChromeJS

    // project to run legacy-style 'extensions', some of which use eval,
@@ -489,29 +491,14 @@ bool nsContentSecurityUtils::IsEvalAllowed(JSContext* cx, 
    nsAutoString jsConfigPref;

    Preferences::GetString("general.config.filename", jsConfigPref);

    if (!jsConfigPref.IsEmpty()) {

      sJSHacksPresent = true;

    }



    // This preference is required by bootstrapLoader.xpi, which is an

    // alternate way to load legacy-style extensions. It only works on

    // DevEdition/Nightly.

    bool xpinstallSignatures;

    Preferences::GetBool("xpinstall.signatures.required", &xpinstallSignatures);

    if (xpinstallSignatures) {

      sJSHacksPresent = true;

    }



    sJSHacksChecked = true;

  }



  if (MOZ_UNLIKELY(sJSHacksPresent)) {

    MOZ_LOG(

        sCSMLog, LogLevel::Debug,

        ("Allowing eval() %s because some "

         "JS hacks may be present.",

         (aIsSystemPrincipal ? "with System Principal" : "in parent process")));

      MOZ_LOG(sCSMLog, LogLevel::Debug,

              ("Allowing eval() %s because of "

               "general.config.filename",

               (aIsSystemPrincipal ? "with System Principal"

                                   : "in parent process")));

      return true;

    }

  }



  if (XRE_IsE10sParentProcess() &&

      !StaticPrefs::extensions_webextensions_remote()) {
@@ -1001,41 +988,31 @@ bool nsContentSecurityUtils::ValidateScriptFilename(const char* aFilename, 
    return true;

  }



  // We can only perform the check of this preference on the Main Thread

  // We only perform a check of this preference on the Main Thread

  // (because a String-based preference check is only safe on Main Thread.)

  // In theory, it would be possible that a separate thread could get here

  // before the main thread, resulting in the other thread not being able to

  // perform this check, but the odds of that are small (and probably zero.)

  if (MOZ_UNLIKELY(!sJSHacksChecked) && NS_IsMainThread()) {

  // The consequence of this is that if a user is using userChromeJS _and_

  // the scripts they use start a worker - we will enter this function,

  // skip over this pref check that would normally cause us to allow the

  // load - and we will block it.

  // While not ideal, we do not officially support userChromeJS, and hopefully

  // the usage of workers is even lower than userChromeJS usage.

  if (NS_IsMainThread()) {

    // This preference is a file used for autoconfiguration of Firefox

    // by administrators. It has also been (ab)used by the userChromeJS

    // project to run legacy-style 'extensions', some of which use eval,

    // all of which run in the System Principal context.

    // by administrators. It will also run in the parent process and throw

    // assumptions about what can run where out of the window.

    if (!sGeneralConfigFilenameSet.isSome()) {

      nsAutoString jsConfigPref;

      Preferences::GetString("general.config.filename", jsConfigPref);

    if (!jsConfigPref.IsEmpty()) {

      sJSHacksPresent = true;

      sGeneralConfigFilenameSet.emplace(!jsConfigPref.IsEmpty());

    }



    // This preference is required by bootstrapLoader.xpi, which is an

    // alternate way to load legacy-style extensions. It only works on

    // DevEdition/Nightly.

    bool xpinstallSignatures;

    Preferences::GetBool("xpinstall.signatures.required", &xpinstallSignatures);

    if (xpinstallSignatures) {

      sJSHacksPresent = true;

    }



    sJSHacksChecked = true;

  }



  if (MOZ_UNLIKELY(sJSHacksPresent)) {

    if (sGeneralConfigFilenameSet.value()) {

      MOZ_LOG(sCSMLog, LogLevel::Debug,

              ("Allowing a javascript load of %s because "

             "some JS hacks may be present",

               "general.config.filename is set",

               aFilename));

      return true;

    }

  }



  if (XRE_IsE10sParentProcess() &&

      !StaticPrefs::extensions_webextensions_remote()) {