1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/dom/ipc/PTabContext.ipdlh Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,77 @@
1.4 +/* -*- Mode: C++; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 8 -*- */
1.5 +/* vim: set sw=4 ts=8 et tw=80 ft=cpp : */
1.6 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.7 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.8 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.9 +
1.10 +include protocol PBrowser;
1.11 +
1.12 +
1.13 +using mozilla::layout::ScrollingBehavior from "mozilla/layout/RenderFrameUtils.h";
1.14 +
1.15 +namespace mozilla {
1.16 +namespace dom {
1.17 +
1.18 +// An IPCTabContext which corresponds to a PBrowser opened by a child when it
1.19 +// receives window.open().
1.20 +//
1.21 +// If isBrowserElement is false, this PopupIPCTabContext corresponds to an app
1.22 +// frame, and the frame's app-id and app-frame-owner-app-id will be equal to the
1.23 +// opener's values.
1.24 +//
1.25 +// If isBrowserElement is true, the frame's browserFrameOwnerAppId will be equal
1.26 +// to the opener's app-id.
1.27 +//
1.28 +// It's an error to set isBrowserElement == false if opener is a browser
1.29 +// element. Such a PopupIPCTabContext should be rejected by code which receives
1.30 +// it.
1.31 +struct PopupIPCTabContext
1.32 +{
1.33 + PBrowser opener;
1.34 + bool isBrowserElement;
1.35 +};
1.36 +
1.37 +// An IPCTabContext which corresponds to an app frame.
1.38 +struct AppFrameIPCTabContext
1.39 +{
1.40 + // The ID of the app this frame corresponds to. May be NO_APP_ID.
1.41 + uint32_t ownAppId;
1.42 +
1.43 + // The ID of the app containing this frame. May be NO_APP_ID.
1.44 + uint32_t appFrameOwnerAppId;
1.45 +};
1.46 +
1.47 +// An IPCTabContext which corresponds to a browser frame.
1.48 +struct BrowserFrameIPCTabContext
1.49 +{
1.50 + // The ID of the app which contains this browser frame. May be NO_APP_ID.
1.51 + uint32_t browserFrameOwnerAppId;
1.52 +};
1.53 +
1.54 +// This is equivalent to AppFrameIPCTabContext with all fields set to NO_APP_ID.
1.55 +struct VanillaFrameIPCTabContext
1.56 +{};
1.57 +
1.58 +// IPCTabContext is an analog to mozilla::dom::TabContext. Both specify an
1.59 +// iframe/PBrowser's own and containing app-ids and tell you whether the
1.60 +// iframe/PBrowser is a browser frame. But only IPCTabContext is allowed to
1.61 +// travel over IPC.
1.62 +//
1.63 +// We need IPCTabContext (specifically, PopupIPCTabContext) to prevent a
1.64 +// privilege escalation attack by a compromised child process. See the comment
1.65 +// on AllocPBrowser for details.
1.66 +union IPCTabAppBrowserContext
1.67 +{
1.68 + PopupIPCTabContext;
1.69 + AppFrameIPCTabContext;
1.70 + BrowserFrameIPCTabContext;
1.71 + VanillaFrameIPCTabContext;
1.72 +};
1.73 +
1.74 +struct IPCTabContext {
1.75 + IPCTabAppBrowserContext appBrowserContext;
1.76 + ScrollingBehavior scrollingBehavior;
1.77 +};
1.78 +
1.79 +}
1.80 +}
