canmove, Confirmed users
1,220
edits
Security/Reviews/Gaia/SystemMessageHandler: Difference between revisions
Security/Reviews/Gaia/SystemMessageHandler (view source)
Revision as of 23:09, 25 March 2013
, 25 March 2013Undo revision 641301 by Ptheriault (talk)
Ptheriault (talk | contribs) (Undo revision 641301 by Ptheriault (talk)) |
|||
| (16 intermediate revisions by 2 users not shown) | |||
| Line 10: | Line 10: | ||
=== Overview === | === Overview === | ||
=== Random Notes To Be Edited === | |||
Random notes, restructure: | Random notes, restructure: | ||
This is tied to WebActivities. Should we cover that or should we limit this review to just the message passing/handling. | This is tied to WebActivities. Should we cover that or should we limit this review to just the message passing/handling. | ||
Permission checking is done in dom/messages/SystemMessagePermissionsChecker.jsm | |||
Who/what decides what messages a specific app is allowed to listen for? | |||
Threads: | Threads: | ||
| Line 23: | Line 27: | ||
* Exploit faulty permission checks so that normal apps can send or receive messages | * Exploit faulty permission checks so that normal apps can send or receive messages | ||
* Force a part of the software to emit messages | * Force a part of the software to emit messages | ||
In Gecko, components can send system messages as follows: | |||
dom/bluetooth/BluetoothUtils.cpp | |||
105 nsCOMPtr<nsISystemMessagesInternal> systemMessenger = | |||
106 do_GetService("@mozilla.org/system-message-internal;1"); | |||
107 | |||
108 if (!systemMessenger) { | |||
109 NS_WARNING("Failed to get SystemMessenger service!"); | |||
110 return false; | |||
111 } | |||
112 | |||
113 systemMessenger->BroadcastMessage(aType, OBJECT_TO_JSVAL(obj)); | |||
=== Architecture === | === Architecture === | ||
| Line 28: | Line 46: | ||
====Components==== | ====Components==== | ||
The following | The following API is exposed internally in Gecko to send messages: | ||
interface nsISystemMessagesInternal : nsISupports { | |||
void sendMessage(in DOMString type, in jsval message, in nsIURI pageURI, in nsIURI manifestURI); | |||
void broadcastMessage(in DOMString type, in jsval message); | |||
void registerPage(in DOMString type, in nsIURI pageURI, in nsIURI manifestURI); | |||
}; | |||
TODO There is also the following, but I do not know why that it used: | |||
interface nsISystemMessagesWrapper: nsISupports { | |||
/* | |||
* Wrap a message and gives back any kind of object. | |||
* @param message The json blob to wrap. | |||
*/ | |||
jsval wrapMessage(in jsval message, in nsIDOMWindow window); | |||
}; | |||
The following DOM API is exposed to *message receivers*: | |||
interface nsIDOMSystemMessageCallback : nsISupports { | interface nsIDOMSystemMessageCallback : nsISupports { | ||
| Line 89: | Line 126: | ||
* gecko/dom/Makefile.in | * gecko/dom/Makefile.in | ||
* gecko/toolkit/toolkit-makefiles.sh | * gecko/toolkit/toolkit-makefiles.sh | ||
==== Message Sources ==== | |||
{| | |||
|b2g/chrome/content/shell.js || notification || AlertsHelper || - | |||
|- | |||
|b2g/chrome/content/shell.js || headset-button || AlertsHelper || broadcast | |||
|- | |||
|b2g/components/AlertsService.js || notification || AlertsService || - | |||
|- | |||
|b2g/chrome/content/dbg-webapps-actors.js || Webapps:Install:Return:OK || WebappsActor._registerApp() || broadcast | |||
|- | |||
|b2g/chrome/content/dbg-webapps-actors.js || Webapps:AddApp || filterHardwareKeys() || broadcast | |||
|- | |||
|gecko/dom/system/gonk/RadioInterfaceLayer.js || telephony-*, sms-*, ussd-received, icc-stkcommand || Radio Interface || broadcast | |||
|} | |||
==== Message Receivers ==== | |||
The following applications use System Messages, other than <code>activity</code>. | |||
{| | |||
| gaia/apps/calendar || alarm | |||
|- | |||
| gaia/apps/clock || alarm | |||
|- | |||
| gaia/apps/communications || alarm, bluetooth-dialer-command, headset-button, notification, telephony-new-call, ussd-received | |||
|- | |||
| gaia/apps/costcontrol || sms-received, alarm, sms-sent, telephony-call-ended, notification | |||
|- | |||
| gaia/apps/email || alarm | |||
|- | |||
| gaia/apps/settings || bluetooth-requestconfirmation, bluetooth-requestpasskey, bluetooth-requestpincode, bluetooth-authorize, bluetooth-cancel, bluetooth-pairedstatuschanged, bluetooth-hfp-status-changed | |||
|- | |||
| gaia/apps/sms || sms-received, notification | |||
|- | |||
| gaia/apps/system || alarm, bluetooth-opp-{transfer-complete,update-progress,receiving-file-confirmation,transfer-start}, icc-stkcommand, bluetooth-hfp-status-changed | |||
|} | |||
===Code Review Notes=== | ===Code Review Notes=== | ||