diff -r 000000000000 -r 6474c204b198 dom/ipc/PTabContext.ipdlh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dom/ipc/PTabContext.ipdlh Wed Dec 31 06:09:35 2014 +0100 @@ -0,0 +1,77 @@ +/* -*- Mode: C++; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 8 -*- */ +/* vim: set sw=4 ts=8 et tw=80 ft=cpp : */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +include protocol PBrowser; + + +using mozilla::layout::ScrollingBehavior from "mozilla/layout/RenderFrameUtils.h"; + +namespace mozilla { +namespace dom { + +// An IPCTabContext which corresponds to a PBrowser opened by a child when it +// receives window.open(). +// +// If isBrowserElement is false, this PopupIPCTabContext corresponds to an app +// frame, and the frame's app-id and app-frame-owner-app-id will be equal to the +// opener's values. +// +// If isBrowserElement is true, the frame's browserFrameOwnerAppId will be equal +// to the opener's app-id. +// +// It's an error to set isBrowserElement == false if opener is a browser +// element. Such a PopupIPCTabContext should be rejected by code which receives +// it. +struct PopupIPCTabContext +{ + PBrowser opener; + bool isBrowserElement; +}; + +// An IPCTabContext which corresponds to an app frame. +struct AppFrameIPCTabContext +{ + // The ID of the app this frame corresponds to. May be NO_APP_ID. + uint32_t ownAppId; + + // The ID of the app containing this frame. May be NO_APP_ID. + uint32_t appFrameOwnerAppId; +}; + +// An IPCTabContext which corresponds to a browser frame. +struct BrowserFrameIPCTabContext +{ + // The ID of the app which contains this browser frame. May be NO_APP_ID. + uint32_t browserFrameOwnerAppId; +}; + +// This is equivalent to AppFrameIPCTabContext with all fields set to NO_APP_ID. +struct VanillaFrameIPCTabContext +{}; + +// IPCTabContext is an analog to mozilla::dom::TabContext. Both specify an +// iframe/PBrowser's own and containing app-ids and tell you whether the +// iframe/PBrowser is a browser frame. But only IPCTabContext is allowed to +// travel over IPC. +// +// We need IPCTabContext (specifically, PopupIPCTabContext) to prevent a +// privilege escalation attack by a compromised child process. See the comment +// on AllocPBrowser for details. +union IPCTabAppBrowserContext +{ + PopupIPCTabContext; + AppFrameIPCTabContext; + BrowserFrameIPCTabContext; + VanillaFrameIPCTabContext; +}; + +struct IPCTabContext { + IPCTabAppBrowserContext appBrowserContext; + ScrollingBehavior scrollingBehavior; +}; + +} +}