Bug 950745 - Flag when we're processing urgent messages and disallow certain activities (r=bsmedberg,luke)

js/ipc/JavaScriptChild.cpp

@@ -8,10 +8,12 @@
 #include "JavaScriptChild.h"
 #include "mozilla/dom/ContentChild.h"
 #include "mozilla/dom/BindingUtils.h"
+#include "mozilla/ipc/MessageChannel.h"
 #include "nsContentUtils.h"
 #include "xpcprivate.h"
 #include "jsfriendapi.h"
 #include "nsCxPusher.h"
+#include "AccessCheck.h"
 
 using namespace JS;
 using namespace mozilla;
@@ -19,6 +21,17 @@ using namespace mozilla::jsipc;
 
 using mozilla::AutoSafeJSContext;
 
+#ifdef NIGHTLY_BUILD
+static void
+UrgentMessageCheck(JSContext *cx, HandleScript script)
+{
+    // We're only allowed to enter chrome JS code while processing urgent
+    // messages.
+    if (ipc::ProcessingUrgentMessages())
+        MOZ_RELEASE_ASSERT(xpc::AccessCheck::isChrome(js::GetContextCompartment(cx)));
+}
+#endif
+
 static void
 FinalizeChild(JSFreeOp *fop, JSFinalizeStatus status, bool isCompartment, void *data)
 {
@@ -31,6 +44,9 @@ JavaScriptChild::JavaScriptChild(JSRuntime *rt)
   : JavaScriptShared(rt),
     JavaScriptBase<PJavaScriptChild>(rt)
 {
+#ifdef NIGHTLY_BUILD
+    js::SetAssertOnScriptEntryHook(rt, UrgentMessageCheck);
+#endif
 }
 
 JavaScriptChild::~JavaScriptChild()