commit 15c537925974c16446184bd366462c4e8f7e498c
parent eb3b82005828ac063913d3de6ba897beb64b06d7
Author: Tom Schuster <tschuster@mozilla.com>
Date: Fri, 17 Oct 2025 11:32:00 +0000
Bug 1994973 - Actually detect privileged eval usage on Android. r=freddyb
Differential Revision: https://phabricator.services.mozilla.com/D269029
Diffstat:
3 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/caps/nsScriptSecurityManager.cpp b/caps/nsScriptSecurityManager.cpp
@@ -493,10 +493,6 @@ bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(
// Check if Eval is allowed per firefox hardening policy
bool contextForbidsEval =
(subjectPrincipal->IsSystemPrincipal() || XRE_IsE10sParentProcess());
-#if defined(ANDROID)
- contextForbidsEval = false;
-#endif
-
if (contextForbidsEval) {
nsAutoJSString scriptSample;
if (aKind == JS::RuntimeCode::JS &&
diff --git a/dom/security/CSPEvalChecker.cpp b/dom/security/CSPEvalChecker.cpp
@@ -35,14 +35,12 @@ nsresult CheckInternal(nsIContentSecurityPolicy* aCSP,
*aAllowed = false;
// This is the non-CSP check for gating eval() use in the SystemPrincipal
-#if !defined(ANDROID)
JSContext* cx = nsContentUtils::GetCurrentJSContext();
if (!nsContentSecurityUtils::IsEvalAllowed(
cx, aSubjectPrincipal->IsSystemPrincipal(), aExpression)) {
*aAllowed = false;
return NS_OK;
}
-#endif
if (!aCSP) {
*aAllowed = true;
diff --git a/dom/security/nsContentSecurityUtils.cpp b/dom/security/nsContentSecurityUtils.cpp
@@ -750,7 +750,11 @@ bool nsContentSecurityUtils::IsEvalAllowed(JSContext* cx,
MOZ_CRASH_UNSAFE_PRINTF("%s", crashString.get());
#endif
+#ifdef ANDROID
+ return true;
+#else
return false;
+#endif
}
/* static */
