Security/Reviews/Gaia/SystemMessageHandler: Difference between revisions

Security/Reviews/Gaia/SystemMessageHandler (view source)

624 bytes added , 25 March 2013

Undo revision 641301 by Ptheriault (talk)

canmove, Confirmed users

1,220

edits

@@ Line 10: / Line 10: @@
 === Overview ===
+=== Random Notes To Be Edited ===
 Random notes, restructure:
 This is tied to WebActivities. Should we cover that or should we limit this review to just the message passing/handling.
+Permission checking is done in dom/messages/SystemMessagePermissionsChecker.jsm
+Who/what decides what messages a specific app is allowed to listen for?
 Threads:
@@ Line 23: / Line 27: @@
 * Exploit faulty permission checks so that normal apps can send or receive messages
 * Force a part of the software to emit messages
+In Gecko, components can send system messages as follows:
+ dom/bluetooth/BluetoothUtils.cpp
+   nsCOMPtr<nsISystemMessagesInternal> systemMessenger =
+     do_GetService("@mozilla.org/system-message-internal;1");
+   if (!systemMessenger) {
+     NS_WARNING("Failed to get SystemMessenger service!");
+     return false;
+   }
+   systemMessenger->BroadcastMessage(aType, OBJECT_TO_JSVAL(obj));
 === Architecture ===
@@ Line 122: / Line 140: @@
 |b2g/chrome/content/dbg-webapps-actors.js || Webapps:AddApp || filterHardwareKeys() || broadcast
 |-
-|dom/system/gonk/RadioInterfaceLayer.js || telephony-*, sms-*, ussd-received, icc-stkcommand || Radio Interface || broadcast
+|gecko/dom/system/gonk/RadioInterfaceLayer.js || telephony-*, sms-*, ussd-received, icc-stkcommand || Radio Interface || broadcast
 |}