wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
946396d9c4
gecko/caps/src/nsScriptSecurityManager.cpp

3690 lines
120 KiB
C++
Raw Normal View History

Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
Bug 716478 - update licence to MPL 2.
2012-05-21 04:12:37 -07:00
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
Bug 693469 - Implement mozilla::ArrayLength and mozilla::ArrayEnd, and replace uses of NS_ARRAY_LENGTH whenever possible. (Exceptions: assigning to static initializers, use in static assertions, as template parameters, etc. These will go away when the relevant compilers have C++11 constexpr support.) r=cjones --HG-- extra : rebase_source : b4bae9a0f85abf2feb828609b50e756916b99a6f
2011-10-10 22:50:08 -07:00
#include "mozilla/Util.h"
Fix for bug 560199 (Link XPConnect and caps into layout). r=jst. --HG-- extra : rebase_source : 5141822e9d560019ffc1e0cb0264782aa8aa7a99
2010-04-11 06:55:24 -07:00
#include "xpcprivate.h"
Bug 754968 - Part c: Make BindingUtils.h not require private xpconnect headers; r=bholley
2012-05-18 01:29:40 -07:00
#include "XPCWrapper.h"
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
#include "nsScriptSecurityManager.h"
#include "nsIServiceManager.h"
#include "nsIScriptObjectPrincipal.h"
#include "nsIScriptContext.h"
#include "nsIURL.h"
#include "nsINestedURI.h"
#include "nspr.h"
#include "nsJSPrincipals.h"
#include "nsSystemPrincipal.h"
#include "nsPrincipal.h"
#include "nsNullPrincipal.h"
#include "nsXPIDLString.h"
#include "nsCRT.h"
#include "nsCRTGlue.h"
#include "nsIJSContextStack.h"
#include "nsDOMError.h"
#include "nsDOMCID.h"
#include "jsdbgapi.h"
#include "nsIXPConnect.h"
#include "nsIXPCSecurityManager.h"
#include "nsTextFormatter.h"
#include "nsIStringBundle.h"
#include "nsNetUtil.h"
#include "nsIProperties.h"
#include "nsDirectoryServiceDefs.h"
#include "nsIFile.h"
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 00:02:57 -07:00
#include "nsIFileURL.h"
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
#include "nsIZipReader.h"
#include "nsIXPConnect.h"
#include "nsIScriptGlobalObject.h"
#include "nsPIDOMWindow.h"
#include "nsIDocShell.h"
#include "nsIDocShellTreeItem.h"
#include "nsIPrompt.h"
#include "nsIWindowWatcher.h"
#include "nsIConsoleService.h"
#include "nsISecurityCheckedComponent.h"
#include "nsIJSRuntimeService.h"
#include "nsIObserverService.h"
#include "nsIContent.h"
#include "nsAutoPtr.h"
#include "nsDOMJSUtils.h"
#include "nsAboutProtocolUtils.h"
#include "nsIClassInfo.h"
#include "nsIURIFixup.h"
#include "nsCDefaultURIFixup.h"
bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner
2008-04-12 14:26:19 -07:00
#include "nsIChromeRegistry.h"
bug 515443 CSP no-eval support. r=mrbkap,brendan
2010-03-08 00:24:50 -08:00
#include "nsIContentSecurityPolicy.h"
Bug 546606 - Make redirect API async - part 2; r=honzab.moz,cbiesinger,bjarne,jst sr=jst
2010-08-04 19:15:55 -07:00
#include "nsIAsyncVerifyRedirectCallback.h"
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
#include "mozilla/Preferences.h"
Bug 742217. Reduce the use of nested namespaces in our binding code. r=peterv,bent In the new setup, all per-interface DOM binding files are exported into mozilla/dom. General files not specific to an interface are also exported into mozilla/dom. In terms of namespaces, most things now live in mozilla::dom. Each interface Foo that has generated code has a mozilla::dom::FooBinding namespace for said generated code (and possibly a mozilla::bindings::FooBinding_workers if there's separate codegen for workers). IDL enums are a bit weird: since the name of the enum and the names of its entries all end up in the same namespace, we still generate a C++ namespace with the name of the IDL enum type with "Values" appended to it, with a ::valuelist inside for the actual C++ enum. We then typedef EnumFooValues::valuelist to EnumFoo. That makes it a bit more difficult to refer to the values, but means that values from different enums don't collide with each other. The enums with the proto and constructor IDs in them now live under the mozilla::dom::prototypes and mozilla::dom::constructors namespaces respectively. Again, this lets us deal sanely with the whole "enum value names are flattened into the namespace the enum is in" deal. The main benefit of this setup (and the reason "Binding" got appended to the per-interface namespaces) is that this way "using mozilla::dom" should Just Work for consumers and still allow C++ code to sanely use the IDL interface names for concrete classes, which is fairly desirable. --HG-- rename : dom/bindings/Utils.cpp => dom/bindings/BindingUtils.cpp rename : dom/bindings/Utils.h => dom/bindings/BindingUtils.h
2012-05-02 21:35:38 -07:00
#include "mozilla/dom/BindingUtils.h"
Bug 740688 - Use uintptr_t instead of PRUword, and intptr_t instead of PRWord. r=jwalden --HG-- extra : rebase_source : 648a581323d2c2893df780f71fe34dadcc4bbaab
2012-04-11 17:17:44 -07:00
#include "mozilla/StandardInteger.h"
Bug 766173 - Hold a strong ref to nsScriptSecurityManager, instead of hoping that it won't get addref'ed or released. r=bsmedberg --HG-- rename : mobile/android/base/resources/drawable/tabs_button_contracted.xml => mobile/android/base/resources/drawable/tabs_button.xml extra : rebase_source : 8f861c2298fd053a0e1f6deb6f9945040ea8db90
2012-06-19 10:20:34 -07:00
#include "mozilla/ClearOnShutdown.h"
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
using namespace mozilla;
Fix for bug 740069 (Generate JS bindings in C++ with a python script for DOM objects on the main thread and in workers. Infrastructure and new bindings for XMLHttpRequest). Patch by bent/bz/bholley/jst/khuey/peterv, r=bent/bz/bholley/jlebar/khuey/peterv/sicking/smaug. --HG-- rename : js/xpconnect/tests/mochitest/test_bug462428.html => dom/bindings/test/test_lookupGetter.html
2012-03-30 21:42:20 -07:00
using namespace mozilla::dom;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
nsIIOService *nsScriptSecurityManager::sIOService = nsnull;
nsIXPConnect *nsScriptSecurityManager::sXPConnect = nsnull;
Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap
2008-10-14 07:16:25 -07:00
nsIThreadJSContextStack *nsScriptSecurityManager::sJSContextStack = nsnull;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsIStringBundle *nsScriptSecurityManager::sStrBundle = nsnull;
JSRuntime *nsScriptSecurityManager::sRuntime = 0;
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool nsScriptSecurityManager::sStrictFileOriginPolicy = true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
///////////////////////////
// Convenience Functions //
///////////////////////////
// Result of this function should not be freed.
static inline const PRUnichar *
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
IDToString(JSContext *cx, jsid id)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
if (JSID_IS_STRING(id))
Bug 609440, part 3 - remove fallible public APIs, update mozilla (r=bent,jst,mrbkap,waldo,sdwilsh)
2010-12-03 00:24:17 -08:00
return JS_GetInternedStringChars(JSID_TO_STRING(id));
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
JSAutoRequest ar(cx);
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
jsval idval;
if (!JS_IdToValue(cx, id, &idval))
return nsnull;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
JSString *str = JS_ValueToString(cx, idval);
if(!str)
return nsnull;
Bug 609440, part 3 - remove fallible public APIs, update mozilla (r=bent,jst,mrbkap,waldo,sdwilsh)
2010-12-03 00:24:17 -08:00
return JS_GetStringCharsZ(cx, str);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
Bug 493495. Protect against recursive attempts to report a security exception in cases when the URI objects involved can't be accessed due to being implemented as a JS component. r+sr=mrbkap
2009-05-20 18:49:42 -07:00
class nsAutoInPrincipalDomainOriginSetter {
public:
nsAutoInPrincipalDomainOriginSetter() {
++sInPrincipalDomainOrigin;
}
~nsAutoInPrincipalDomainOriginSetter() {
--sInPrincipalDomainOrigin;
}
static PRUint32 sInPrincipalDomainOrigin;
};
PRUint32 nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin;
Bug 434522 follow-up bustage fix.
2008-07-28 23:37:58 -07:00
static
nsresult
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 18:27:33 -07:00
GetOriginFromURI(nsIURI* aURI, nsACString& aOrigin)
Bug 434522 follow-up bustage fix.
2008-07-28 23:37:58 -07:00
{
Bug 493495 followup. Just cut off the recursion if it gets too deep. r+sr=mrbkap
2009-05-21 12:46:05 -07:00
if (nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin > 1) {
// Allow a single recursive call to GetPrincipalDomainOrigin, since that
// might be happening on a different principal from the first call. But
// after that, cut off the recursion; it just indicates that something
// we're doing in this method causes us to reenter a security check here.
return NS_ERROR_NOT_AVAILABLE;
}
Bug 493495. Protect against recursive attempts to report a security exception in cases when the URI objects involved can't be accessed due to being implemented as a JS component. r+sr=mrbkap
2009-05-20 18:49:42 -07:00
nsAutoInPrincipalDomainOriginSetter autoSetter;
Bug 434522 follow-up bustage fix.
2008-07-28 23:37:58 -07:00
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 18:27:33 -07:00
nsCOMPtr<nsIURI> uri = NS_GetInnermostURI(aURI);
Bug 434522 follow-up bustage fix.
2008-07-28 23:37:58 -07:00
NS_ENSURE_TRUE(uri, NS_ERROR_UNEXPECTED);
nsCAutoString hostPort;
nsresult rv = uri->GetHostPort(hostPort);
if (NS_SUCCEEDED(rv)) {
nsCAutoString scheme;
rv = uri->GetScheme(scheme);
NS_ENSURE_SUCCESS(rv, rv);
aOrigin = scheme + NS_LITERAL_CSTRING("://") + hostPort;
}
else {
// Some URIs (e.g., nsSimpleURI) don't support host. Just
// get the full spec.
rv = uri->GetSpec(aOrigin);
NS_ENSURE_SUCCESS(rv, rv);
}
return NS_OK;
}
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 18:27:33 -07:00
static
nsresult
GetPrincipalDomainOrigin(nsIPrincipal* aPrincipal,
nsACString& aOrigin)
{
nsCOMPtr<nsIURI> uri;
aPrincipal->GetDomain(getter_AddRefs(uri));
if (!uri) {
aPrincipal->GetURI(getter_AddRefs(uri));
}
NS_ENSURE_TRUE(uri, NS_ERROR_UNEXPECTED);
return GetOriginFromURI(uri, aOrigin);
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
static nsIScriptContext *
GetScriptContext(JSContext *cx)
{
return GetScriptContextFromJSContext(cx);
}
inline void SetPendingException(JSContext *cx, const char *aMsg)
{
JSAutoRequest ar(cx);
Bug 246699: report better errors (with stacks) for security denials. r+sr=jst, a=mconnor.
2008-03-20 01:19:15 -07:00
JS_ReportError(cx, "%s", aMsg);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
inline void SetPendingException(JSContext *cx, const PRUnichar *aMsg)
{
JSAutoRequest ar(cx);
Bug 246699: report better errors (with stacks) for security denials. r+sr=jst, a=mconnor.
2008-03-20 01:19:15 -07:00
JS_ReportError(cx, "%hs", aMsg);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
// DomainPolicy members
#ifdef DEBUG_CAPS_DomainPolicyLifeCycle
PRUint32 DomainPolicy::sObjects=0;
void DomainPolicy::_printPopulationInfo()
{
printf("CAPS.DomainPolicy: Gen. %d, %d DomainPolicy objects.\n",
sGeneration, sObjects);
}
#endif
PRUint32 DomainPolicy::sGeneration = 0;
// Helper class to get stuff from the ClassInfo and not waste extra time with
// virtual method calls for things it has already gotten
class ClassInfoData
{
public:
ClassInfoData(nsIClassInfo *aClassInfo, const char *aName)
: mClassInfo(aClassInfo),
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
mName(const_cast<char *>(aName)),
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
mDidGetFlags(false),
mMustFreeName(false)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
}
~ClassInfoData()
{
if (mMustFreeName)
nsMemory::Free(mName);
}
PRUint32 GetFlags()
{
if (!mDidGetFlags) {
if (mClassInfo) {
nsresult rv = mClassInfo->GetFlags(&mFlags);
if (NS_FAILED(rv)) {
mFlags = 0;
}
} else {
mFlags = 0;
}
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
mDidGetFlags = true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
return mFlags;
}
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool IsDOMClass()
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
Bug 398574:Prbool fixes r=bz a=release drivers
2007-11-12 13:47:11 -08:00
return !!(GetFlags() & nsIClassInfo::DOM_OBJECT);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
const char* GetName()
{
if (!mName) {
if (mClassInfo) {
mClassInfo->GetClassDescription(&mName);
}
if (mName) {
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
mMustFreeName = true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
} else {
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
mName = const_cast<char *>("UnnamedClass");
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
}
return mName;
}
private:
nsIClassInfo *mClassInfo; // WEAK
PRUint32 mFlags;
char *mName;
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool mDidGetFlags;
bool mMustFreeName;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
};
Bug 457299 - nsScriptSecurityManager doesn't suspend the request on the current context when it starts using the safe context. r+sr=bzbarsky
2008-10-08 15:05:25 -07:00
class AutoCxPusher {
public:
AutoCxPusher(nsIJSContextStack *aStack, JSContext *cx)
: mStack(aStack), mContext(cx)
{
if (NS_FAILED(mStack->Push(mContext))) {
mStack = nsnull;
}
}
~AutoCxPusher()
{
if (mStack) {
mStack->Pop(nsnull);
}
}
private:
nsCOMPtr<nsIJSContextStack> mStack;
JSContext *mContext;
};
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
JSContext *
nsScriptSecurityManager::GetCurrentJSContext()
{
// Get JSContext from stack.
JSContext *cx;
Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap
2008-10-14 07:16:25 -07:00
if (NS_FAILED(sJSContextStack->Peek(&cx)))
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return nsnull;
return cx;
}
JSContext *
nsScriptSecurityManager::GetSafeJSContext()
{
// Get JSContext from stack.
Bug 741245 - Remove nsresult return value from nsXPConnect::GetSafeJSContext(); r=bholley
2012-05-05 02:00:05 -07:00
return sJSContextStack->GetSafeJSContext();
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv
2008-02-26 19:45:29 -08:00
/* static */
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsScriptSecurityManager::SecurityCompareURIs(nsIURI* aSourceURI,
nsIURI* aTargetURI)
{
Bug 442812: Implement the application cache selection algorithm. r+sr=bz
2008-08-27 18:15:32 -07:00
return NS_SecurityCompareURIs(aSourceURI, aTargetURI, sStrictFileOriginPolicy);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky
2008-10-08 06:16:27 -07:00
// SecurityHashURI is consistent with SecurityCompareURIs because NS_SecurityHashURI
// is consistent with NS_SecurityCompareURIs. See nsNetUtil.h.
PRUint32
nsScriptSecurityManager::SecurityHashURI(nsIURI* aURI)
{
return NS_SecurityHashURI(aURI);
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
NS_IMETHODIMP
nsScriptSecurityManager::GetChannelPrincipal(nsIChannel* aChannel,
nsIPrincipal** aPrincipal)
{
NS_PRECONDITION(aChannel, "Must have channel!");
nsCOMPtr<nsISupports> owner;
aChannel->GetOwner(getter_AddRefs(owner));
if (owner) {
CallQueryInterface(owner, aPrincipal);
if (*aPrincipal) {
return NS_OK;
}
}
// OK, get the principal from the URI. Make sure this does the same thing
// as nsDocument::Reset and nsXULDocument::StartDocumentLoad.
nsCOMPtr<nsIURI> uri;
Make the "href" property of stylesheets reflect the original URI that was reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore
2007-10-23 14:56:41 -07:00
nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
NS_ENSURE_SUCCESS(rv, rv);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return GetCodebasePrincipal(uri, aPrincipal);
}
Make security manager API more useful from script. Make more things scriptable, and add a scriptable method for testing whether a given principal is the system principal. Bug 383783, r=dveditz, sr=jst
2007-06-18 08:12:09 -07:00
NS_IMETHODIMP
nsScriptSecurityManager::IsSystemPrincipal(nsIPrincipal* aPrincipal,
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool* aIsSystem)
Make security manager API more useful from script. Make more things scriptable, and add a scriptable method for testing whether a given principal is the system principal. Bug 383783, r=dveditz, sr=jst
2007-06-18 08:12:09 -07:00
{
*aIsSystem = (aPrincipal == mSystemPrincipal);
return NS_OK;
}
Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com
2008-01-04 15:59:12 -08:00
NS_IMETHODIMP_(nsIPrincipal *)
nsScriptSecurityManager::GetCxSubjectPrincipal(JSContext *cx)
{
NS_ASSERTION(cx == GetCurrentJSContext(),
"Uh, cx is not the current JS context!");
nsresult rv = NS_ERROR_FAILURE;
nsIPrincipal *principal = GetSubjectPrincipal(cx, &rv);
if (NS_FAILED(rv))
return nsnull;
return principal;
}
Bug 396851 - Check to see if we're UniversalXPConnect-enabled to allow privileged web pages to unwrap XOWs. r+sr=bzbarsky
2008-10-22 13:15:22 -07:00
NS_IMETHODIMP_(nsIPrincipal *)
nsScriptSecurityManager::GetCxSubjectPrincipalAndFrame(JSContext *cx, JSStackFrame **fp)
{
NS_ASSERTION(cx == GetCurrentJSContext(),
"Uh, cx is not the current JS context!");
nsresult rv = NS_ERROR_FAILURE;
nsIPrincipal *principal = GetPrincipalAndFrame(cx, fp, &rv);
if (NS_FAILED(rv))
return nsnull;
return principal;
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
////////////////////
// Policy Storage //
////////////////////
// Table of security levels
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
static bool
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
DeleteCapability(nsHashKey *aKey, void *aData, void* closure)
{
NS_Free(aData);
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
return true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
//-- Per-Domain Policy - applies to one or more protocols or hosts
struct DomainEntry
{
DomainEntry(const char* aOrigin,
DomainPolicy* aDomainPolicy) : mOrigin(aOrigin),
mDomainPolicy(aDomainPolicy),
mNext(nsnull)
{
mDomainPolicy->Hold();
}
~DomainEntry()
{
mDomainPolicy->Drop();
}
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool Matches(const char *anOrigin)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
int len = strlen(anOrigin);
int thisLen = mOrigin.Length();
if (len < thisLen)
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
return false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (mOrigin.RFindChar(':', thisLen-1, 1) != -1)
//-- Policy applies to all URLs of this scheme, compare scheme only
return mOrigin.EqualsIgnoreCase(anOrigin, thisLen);
//-- Policy applies to a particular host; compare domains
if (!mOrigin.Equals(anOrigin + (len - thisLen)))
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
return false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (len == thisLen)
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
return true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
char charBefore = anOrigin[len-thisLen-1];
return (charBefore == '.' || charBefore == ':' || charBefore == '/');
}
nsCString mOrigin;
DomainPolicy* mDomainPolicy;
DomainEntry* mNext;
#if defined(DEBUG) || defined(DEBUG_CAPS_HACKER)
nsCString mPolicyName_DEBUG;
#endif
};
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
static bool
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
DeleteDomainEntry(nsHashKey *aKey, void *aData, void* closure)
{
DomainEntry *entry = (DomainEntry*) aData;
do
{
DomainEntry *next = entry->mNext;
delete entry;
entry = next;
} while (entry);
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
return true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
/////////////////////////////
// nsScriptSecurityManager //
/////////////////////////////
////////////////////////////////////
// Methods implementing ISupports //
////////////////////////////////////
Bug 564048 - Nix security checks in nsPrefBranch. r=sicking, sr=jst
2010-06-08 16:43:54 -07:00
NS_IMPL_ISUPPORTS4(nsScriptSecurityManager,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsIScriptSecurityManager,
nsIXPCSecurityManager,
nsIChannelEventSink,
nsIObserver)
///////////////////////////////////////////////////
// Methods implementing nsIScriptSecurityManager //
///////////////////////////////////////////////////
///////////////// Security Checks /////////////////
bug 728250 - remove JSPrincipals::codebase. r=:luke,:bz In just 2 cases where JSPrincipals::codebase is used it can be reconstructed from the values stored in the associated nsJSPrincipal. In addition the patch makes nsJSprincipals to inherit both from nsIPrincipal and JSPrincipals allowing to use static_cast to convert between nsIPrincipal and JSPrincipals pointers and to drop many cases of manual JSPrincipal reference counting.
2012-03-09 01:48:50 -08:00
/* static */ JSPrincipals *
nsScriptSecurityManager::ObjectPrincipalFinder(JSObject *aObj)
{
return nsJSPrincipals::get(doGetObjectPrincipal(aObj));
}
bug 515443 CSP no-eval support. r=mrbkap,brendan
2010-03-08 00:24:50 -08:00
JSBool
nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(JSContext *cx)
{
// Get the security manager
nsScriptSecurityManager *ssm =
nsScriptSecurityManager::GetScriptSecurityManager();
NS_ASSERTION(ssm, "Failed to get security manager service");
if (!ssm)
return JS_FALSE;
nsresult rv;
nsIPrincipal* subjectPrincipal = ssm->GetSubjectPrincipal(cx, &rv);
NS_ASSERTION(NS_SUCCEEDED(rv), "CSP: Failed to get nsIPrincipal from js context");
if (NS_FAILED(rv))
return JS_FALSE; // Not just absence of principal, but failure.
Bug 553448 - nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction should return JS_TRUE when no subjectPrincipal exists. r=mrbkap sr=dveditz --HG-- extra : rebase_source : c47d6d55063c115921ee89114c4439444883c37d
2010-03-18 17:27:39 -07:00
if (!subjectPrincipal) {
// See bug 553448 for discussion of this case.
bug 728250 - remove JSPrincipals::codebase. r=:luke,:bz In just 2 cases where JSPrincipals::codebase is used it can be reconstructed from the values stored in the associated nsJSPrincipal. In addition the patch makes nsJSprincipals to inherit both from nsIPrincipal and JSPrincipals allowing to use static_cast to convert between nsIPrincipal and JSPrincipals pointers and to drop many cases of manual JSPrincipal reference counting.
2012-03-09 01:48:50 -08:00
NS_ASSERTION(!JS_GetSecurityCallbacks(js::GetRuntime(cx))->findObjectPrincipals,
Bug 553448 - nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction should return JS_TRUE when no subjectPrincipal exists. r=mrbkap sr=dveditz --HG-- extra : rebase_source : c47d6d55063c115921ee89114c4439444883c37d
2010-03-18 17:27:39 -07:00
"CSP: Should have been able to find subject principal. "
"Reluctantly granting access.");
return JS_TRUE;
}
bug 515443 CSP no-eval support. r=mrbkap,brendan
2010-03-08 00:24:50 -08:00
nsCOMPtr<nsIContentSecurityPolicy> csp;
rv = subjectPrincipal->GetCsp(getter_AddRefs(csp));
NS_ASSERTION(NS_SUCCEEDED(rv), "CSP: Failed to get CSP from principal.");
// don't do anything unless there's a CSP
if (!csp)
return JS_TRUE;
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool evalOK = true;
bug 515443 CSP no-eval support. r=mrbkap,brendan
2010-03-08 00:24:50 -08:00
rv = csp->GetAllowsEval(&evalOK);
if (NS_FAILED(rv))
{
NS_WARNING("CSP: failed to get allowsEval");
return JS_TRUE; // fail open to not break sites.
}
Bug 600584 - add more detail to CSP violation report logging, r=jst, a=LegNeato
2011-01-31 10:09:44 -08:00
if (!evalOK) {
// get the script filename, script sample, and line number
// to log with the violation
nsAutoString fileName;
Remove simple JS_FrameIterator use from content, DOM, and caps (bug 744617, r=mrbkap). --HG-- extra : rebase_source : 003a5285b549845d47c9298606d737620db5bb3d
2012-04-16 12:30:00 -07:00
unsigned lineNum = 0;
Bug 600584 - add more detail to CSP violation report logging, r=jst, a=LegNeato
2011-01-31 10:09:44 -08:00
NS_NAMED_LITERAL_STRING(scriptSample, "call to eval() or related function blocked by CSP");
Remove simple JS_FrameIterator use from content, DOM, and caps (bug 744617, r=mrbkap). --HG-- extra : rebase_source : 003a5285b549845d47c9298606d737620db5bb3d
2012-04-16 12:30:00 -07:00
JSScript *script;
if (JS_DescribeScriptedCaller(cx, &script, &lineNum)) {
if (const char *file = JS_GetScriptFilename(cx, script)) {
CopyUTF8toUTF16(nsDependentCString(file), fileName);
Bug 600584 - add more detail to CSP violation report logging, r=jst, a=LegNeato
2011-01-31 10:09:44 -08:00
}
}
csp->LogViolationDetails(nsIContentSecurityPolicy::VIOLATION_TYPE_EVAL,
fileName,
scriptSample,
lineNum);
}
bug 515443 CSP no-eval support. r=mrbkap,brendan
2010-03-08 00:24:50 -08:00
return evalOK;
}
Bug 398946 - Remove JS_STATIC_DLL_CALLBACK and JS_DLL_CALLBACK from the tree; r=(benjamin + bent.mozilla)
2008-09-06 15:21:43 -07:00
JSBool
Use handles in API object hooks where possible, bug 750733. r=billm
2012-05-19 15:03:45 -07:00
nsScriptSecurityManager::CheckObjectAccess(JSContext *cx, JSHandleObject obj,
JSHandleId id, JSAccessMode mode,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
jsval *vp)
{
// Get the security manager
nsScriptSecurityManager *ssm =
nsScriptSecurityManager::GetScriptSecurityManager();
NS_ASSERTION(ssm, "Failed to get security manager service");
if (!ssm)
return JS_FALSE;
// Get the object being accessed. We protect these cases:
// 1. The Function.prototype.caller property's value, which might lead
// an attacker up a call-stack to a function or another object from
// a different trust domain.
// 2. A user-defined getter or setter function accessible on another
// trust domain's window or document object.
// *vp can be a primitive, in that case, we use obj as the target
// object.
JSObject* target = JSVAL_IS_PRIMITIVE(*vp) ? obj : JSVAL_TO_OBJECT(*vp);
// Do the same-origin check -- this sets a JS exception if the check fails.
// Pass the parent object's class name, as we have no class-info for it.
Bug 304048 - Backing out patch due to TXUL regression.
2007-08-30 17:52:58 -07:00
nsresult rv =
Remove jsobj.h from installed headers, bug 690943. r=luke
2011-10-04 07:06:54 -07:00
ssm->CheckPropertyAccess(cx, target, js::GetObjectClass(obj)->name, id,
Bug 304048 - Backing out patch due to TXUL regression.
2007-08-30 17:52:58 -07:00
(mode & JSACC_WRITE) ?
Bug 457299 - nsScriptSecurityManager doesn't suspend the request on the current context when it starts using the safe context. r+sr=bzbarsky
2008-10-08 15:05:25 -07:00
(PRInt32)nsIXPCSecurityManager::ACCESS_SET_PROPERTY :
(PRInt32)nsIXPCSecurityManager::ACCESS_GET_PROPERTY);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_FAILED(rv))
return JS_FALSE; // Security check failed (XXX was an error reported?)
return JS_TRUE;
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckPropertyAccess(JSContext* cx,
JSObject* aJSObject,
const char* aClassName,
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
jsid aProperty,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
PRUint32 aAction)
{
return CheckPropertyAccessImpl(aAction, nsnull, cx, aJSObject,
Bug 774585: Remove unused argument in nsScriptSecurityManager. r=mrbkap
2012-07-17 22:28:47 -07:00
nsnull, nsnull,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
aClassName, aProperty, nsnull);
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckSameOrigin(JSContext* cx,
nsIURI* aTargetURI)
{
nsresult rv;
// Get a context if necessary
if (!cx)
{
cx = GetCurrentJSContext();
if (!cx)
return NS_OK; // No JS context, so allow access
}
// Get a principal from the context
nsIPrincipal* sourcePrincipal = GetSubjectPrincipal(cx, &rv);
if (NS_FAILED(rv))
return rv;
if (!sourcePrincipal)
{
NS_WARNING("CheckSameOrigin called on script w/o principals; should this happen?");
return NS_OK;
}
if (sourcePrincipal == mSystemPrincipal)
{
// This is a system (chrome) script, so allow access
return NS_OK;
}
// Get the original URI from the source principal.
// This has the effect of ignoring any change to document.domain
// which must be done to avoid DNS spoofing (bug 154930)
nsCOMPtr<nsIURI> sourceURI;
sourcePrincipal->GetDomain(getter_AddRefs(sourceURI));
if (!sourceURI) {
sourcePrincipal->GetURI(getter_AddRefs(sourceURI));
NS_ENSURE_TRUE(sourceURI, NS_ERROR_FAILURE);
}
// Compare origins
if (!SecurityCompareURIs(sourceURI, aTargetURI))
{
ReportError(cx, NS_LITERAL_STRING("CheckSameOriginError"), sourceURI, aTargetURI);
Back out bug 246699 to fix bug 423375, per shaver
2008-03-17 07:10:48 -07:00
return NS_ERROR_DOM_BAD_URI;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckSameOriginURI(nsIURI* aSourceURI,
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
2007-10-26 18:46:09 -07:00
nsIURI* aTargetURI,
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool reportError)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
if (!SecurityCompareURIs(aSourceURI, aTargetURI))
{
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
2007-10-26 18:46:09 -07:00
if (reportError) {
ReportError(nsnull, NS_LITERAL_STRING("CheckSameOriginError"),
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
aSourceURI, aTargetURI);
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
2007-10-26 18:46:09 -07:00
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return NS_ERROR_DOM_BAD_URI;
}
return NS_OK;
}
nsresult
nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep
2008-01-15 07:50:57 -08:00
nsAXPCNativeCallContext* aCallContext,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
JSContext* cx, JSObject* aJSObject,
Bug 774585: Remove unused argument in nsScriptSecurityManager. r=mrbkap
2012-07-17 22:28:47 -07:00
nsISupports* aObj,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsIClassInfo* aClassInfo,
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
const char* aClassName, jsid aProperty,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
void** aCachedClassPolicy)
{
nsresult rv;
nsIPrincipal* subjectPrincipal = GetSubjectPrincipal(cx, &rv);
if (NS_FAILED(rv))
return rv;
if (!subjectPrincipal || subjectPrincipal == mSystemPrincipal)
// We have native code or the system principal: just allow access
return NS_OK;
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
nsCOMPtr<nsIPrincipal> objectPrincipal;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
// Hold the class info data here so we don't have to go back to virtual
// methods all the time
ClassInfoData classInfoData(aClassInfo, aClassName);
#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
nsCAutoString propertyName;
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
propertyName.AssignWithConversion((PRUnichar*)IDToString(cx, aProperty));
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
printf("### CanAccess(%s.%s, %i) ", classInfoData.GetName(),
propertyName.get(), aAction);
#endif
//-- Look up the security policy for this class and subject domain
SecurityLevel securityLevel;
rv = LookupPolicy(subjectPrincipal, classInfoData, aProperty, aAction,
(ClassPolicy**)aCachedClassPolicy, &securityLevel);
if (NS_FAILED(rv))
return rv;
if (securityLevel.level == SCRIPT_SECURITY_UNDEFINED_ACCESS)
{
// No policy found for this property so use the default of last resort.
// If we were called from somewhere other than XPConnect
// (no XPC call context), assume this is a DOM class. Otherwise,
// ask the ClassInfo.
if (!aCallContext || classInfoData.IsDOMClass())
securityLevel.level = SCRIPT_SECURITY_SAME_ORIGIN_ACCESS;
else
securityLevel.level = SCRIPT_SECURITY_NO_ACCESS;
}
if (SECURITY_ACCESS_LEVEL_FLAG(securityLevel))
// This flag means securityLevel is allAccess, noAccess, or sameOrigin
{
switch (securityLevel.level)
{
case SCRIPT_SECURITY_NO_ACCESS:
#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
printf("noAccess ");
#endif
rv = NS_ERROR_DOM_PROP_ACCESS_DENIED;
break;
case SCRIPT_SECURITY_ALL_ACCESS:
#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
printf("allAccess ");
#endif
rv = NS_OK;
break;
case SCRIPT_SECURITY_SAME_ORIGIN_ACCESS:
{
#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
printf("sameOrigin ");
#endif
Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc
2008-01-16 16:32:26 -08:00
nsCOMPtr<nsIPrincipal> principalHolder;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if(aJSObject)
{
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 12:51:01 -08:00
objectPrincipal = doGetObjectPrincipal(aJSObject);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (!objectPrincipal)
Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst
2008-01-04 17:32:23 -08:00
rv = NS_ERROR_DOM_SECURITY_ERR;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
else
{
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 10:35:55 -07:00
NS_ERROR("CheckPropertyAccessImpl called without a target object or URL");
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return NS_ERROR_FAILURE;
}
Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst
2008-01-04 17:32:23 -08:00
if(NS_SUCCEEDED(rv))
rv = CheckSameOriginDOMProp(subjectPrincipal, objectPrincipal,
Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap
2010-02-02 02:29:15 -08:00
aAction);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
break;
}
default:
#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
printf("ERROR ");
#endif
NS_ERROR("Bad Security Level Value");
return NS_ERROR_FAILURE;
}
}
else // if SECURITY_ACCESS_LEVEL_FLAG is false, securityLevel is a capability
{
#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
printf("Cap:%s ", securityLevel.capability);
#endif
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool capabilityEnabled = false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
rv = IsCapabilityEnabled(securityLevel.capability, &capabilityEnabled);
if (NS_FAILED(rv) || !capabilityEnabled)
rv = NS_ERROR_DOM_SECURITY_ERR;
else
rv = NS_OK;
}
if (NS_SUCCEEDED(rv))
{
#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
printf(" GRANTED.\n");
#endif
return rv;
}
//--See if the object advertises a non-default level of access
// using nsISecurityCheckedComponent
nsCOMPtr<nsISecurityCheckedComponent> checkedComponent =
do_QueryInterface(aObj);
nsXPIDLCString objectSecurityLevel;
if (checkedComponent)
{
Bug 304048 - Backing out patch due to TXUL regression.
2007-08-30 17:52:58 -07:00
nsCOMPtr<nsIXPConnectWrappedNative> wrapper;
nsCOMPtr<nsIInterfaceInfo> interfaceInfo;
Bug 371694 - Protect ourselves against null values. r=dveditz
2010-03-22 15:50:04 -07:00
const nsIID* objIID = nsnull;
Bug 304048 - Backing out patch due to TXUL regression.
2007-08-30 17:52:58 -07:00
rv = aCallContext->GetCalleeWrapper(getter_AddRefs(wrapper));
Bug 371694 - Protect ourselves against null values. r=dveditz
2010-03-22 15:50:04 -07:00
if (NS_SUCCEEDED(rv) && wrapper)
Bug 304048 - Backing out patch due to TXUL regression.
2007-08-30 17:52:58 -07:00
rv = wrapper->FindInterfaceWithMember(aProperty, getter_AddRefs(interfaceInfo));
Bug 371694 - Protect ourselves against null values. r=dveditz
2010-03-22 15:50:04 -07:00
if (NS_SUCCEEDED(rv) && interfaceInfo)
Bug 304048 - Backing out patch due to TXUL regression.
2007-08-30 17:52:58 -07:00
rv = interfaceInfo->GetIIDShared(&objIID);
Bug 371694 - Protect ourselves against null values. r=dveditz
2010-03-22 15:50:04 -07:00
if (NS_SUCCEEDED(rv) && objIID)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
switch (aAction)
{
case nsIXPCSecurityManager::ACCESS_GET_PROPERTY:
checkedComponent->CanGetProperty(objIID,
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
IDToString(cx, aProperty),
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
getter_Copies(objectSecurityLevel));
break;
case nsIXPCSecurityManager::ACCESS_SET_PROPERTY:
checkedComponent->CanSetProperty(objIID,
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
IDToString(cx, aProperty),
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
getter_Copies(objectSecurityLevel));
break;
case nsIXPCSecurityManager::ACCESS_CALL_METHOD:
checkedComponent->CanCallMethod(objIID,
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
IDToString(cx, aProperty),
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
getter_Copies(objectSecurityLevel));
}
}
}
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
rv = CheckXPCPermissions(cx, aObj, aJSObject, subjectPrincipal,
Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky
2009-05-13 15:01:01 -07:00
objectSecurityLevel);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
if(NS_SUCCEEDED(rv))
printf("CheckXPCPerms GRANTED.\n");
else
printf("CheckXPCPerms DENIED.\n");
#endif
if (NS_FAILED(rv)) //-- Security tests failed, access is denied, report error
{
nsAutoString stringName;
switch(aAction)
{
case nsIXPCSecurityManager::ACCESS_GET_PROPERTY:
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
stringName.AssignLiteral("GetPropertyDeniedOrigins");
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
break;
case nsIXPCSecurityManager::ACCESS_SET_PROPERTY:
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
stringName.AssignLiteral("SetPropertyDeniedOrigins");
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
break;
case nsIXPCSecurityManager::ACCESS_CALL_METHOD:
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
stringName.AssignLiteral("CallMethodDeniedOrigins");
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
Bug 549459. Don't show information about the object principal in the error string. r=mrbkap a=blocker
2010-12-22 16:55:42 -08:00
// Null out objectPrincipal for now, so we don't leak information about
// it. Whenever we can report different error strings to content and
// the UI we can take this out again.
objectPrincipal = nsnull;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
NS_ConvertUTF8toUTF16 className(classInfoData.GetName());
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
nsCAutoString subjectOrigin;
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 18:27:33 -07:00
nsCAutoString subjectDomain;
Bug 493495. Protect against recursive attempts to report a security exception in cases when the URI objects involved can't be accessed due to being implemented as a JS component. r+sr=mrbkap
2009-05-20 18:49:42 -07:00
if (!nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin) {
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 18:27:33 -07:00
nsCOMPtr<nsIURI> uri, domain;
subjectPrincipal->GetURI(getter_AddRefs(uri));
// Subject can't be system if we failed the security
// check, so |uri| is non-null.
NS_ASSERTION(uri, "How did that happen?");
GetOriginFromURI(uri, subjectOrigin);
subjectPrincipal->GetDomain(getter_AddRefs(domain));
if (domain) {
GetOriginFromURI(domain, subjectDomain);
}
Bug 493495. Protect against recursive attempts to report a security exception in cases when the URI objects involved can't be accessed due to being implemented as a JS component. r+sr=mrbkap
2009-05-20 18:49:42 -07:00
} else {
subjectOrigin.AssignLiteral("the security manager");
}
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
NS_ConvertUTF8toUTF16 subjectOriginUnicode(subjectOrigin);
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 18:27:33 -07:00
NS_ConvertUTF8toUTF16 subjectDomainUnicode(subjectDomain);
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
nsCAutoString objectOrigin;
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 18:27:33 -07:00
nsCAutoString objectDomain;
Bug 493495. Protect against recursive attempts to report a security exception in cases when the URI objects involved can't be accessed due to being implemented as a JS component. r+sr=mrbkap
2009-05-20 18:49:42 -07:00
if (!nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin &&
objectPrincipal) {
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 18:27:33 -07:00
nsCOMPtr<nsIURI> uri, domain;
objectPrincipal->GetURI(getter_AddRefs(uri));
if (uri) { // Object principal might be system
GetOriginFromURI(uri, objectOrigin);
}
objectPrincipal->GetDomain(getter_AddRefs(domain));
if (domain) {
GetOriginFromURI(domain, objectDomain);
}
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
}
NS_ConvertUTF8toUTF16 objectOriginUnicode(objectOrigin);
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 18:27:33 -07:00
NS_ConvertUTF8toUTF16 objectDomainUnicode(objectDomain);
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
nsXPIDLString errorMsg;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
const PRUnichar *formatStrings[] =
{
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
subjectOriginUnicode.get(),
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
className.get(),
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
IDToString(cx, aProperty),
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 18:27:33 -07:00
objectOriginUnicode.get(),
subjectDomainUnicode.get(),
objectDomainUnicode.get()
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
};
Bug 693469 - Implement mozilla::ArrayLength and mozilla::ArrayEnd, and replace uses of NS_ARRAY_LENGTH whenever possible. (Exceptions: assigning to static initializers, use in static assertions, as template parameters, etc. These will go away when the relevant compilers have C++11 constexpr support.) r=cjones --HG-- extra : rebase_source : b4bae9a0f85abf2feb828609b50e756916b99a6f
2011-10-10 22:50:08 -07:00
PRUint32 length = ArrayLength(formatStrings);
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 18:27:33 -07:00
// XXXbz Our localization system is stupid and can't handle not showing
// some strings that get passed in. Which means that we have to get
// our length precisely right: it has to be exactly the number of
// strings our format string wants. This means we'll have to move
// strings in the array as needed, sadly...
Bug 493495. Protect against recursive attempts to report a security exception in cases when the URI objects involved can't be accessed due to being implemented as a JS component. r+sr=mrbkap
2009-05-20 18:49:42 -07:00
if (nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin ||
!objectPrincipal) {
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
stringName.AppendLiteral("OnlySubject");
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 18:27:33 -07:00
length -= 3;
} else {
// default to a length that doesn't include the domains, then
// increase it as needed.
length -= 2;
if (!subjectDomainUnicode.IsEmpty()) {
stringName.AppendLiteral("SubjectDomain");
length += 1;
}
if (!objectDomainUnicode.IsEmpty()) {
stringName.AppendLiteral("ObjectDomain");
length += 1;
Bug 693469 - Implement mozilla::ArrayLength and mozilla::ArrayEnd, and replace uses of NS_ARRAY_LENGTH whenever possible. (Exceptions: assigning to static initializers, use in static assertions, as template parameters, etc. These will go away when the relevant compilers have C++11 constexpr support.) r=cjones --HG-- extra : rebase_source : b4bae9a0f85abf2feb828609b50e756916b99a6f
2011-10-10 22:50:08 -07:00
if (length != ArrayLength(formatStrings)) {
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 18:27:33 -07:00
// We have an object domain but not a subject domain.
// Scoot our string over one slot. See the XXX comment
// above for why we need to do this.
formatStrings[length-1] = formatStrings[length];
}
}
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
// We need to keep our existing failure rv and not override it
// with a likely success code from the following string bundle
// call in order to throw the correct security exception later.
nsresult rv2 = sStrBundle->FormatStringFromName(stringName.get(),
formatStrings,
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
length,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
getter_Copies(errorMsg));
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
if (NS_FAILED(rv2)) {
// Might just be missing the string... Do our best
errorMsg = stringName;
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
SetPendingException(cx, errorMsg.get());
}
return rv;
}
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 14:14:49 -07:00
/* static */
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsresult
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 14:14:49 -07:00
nsScriptSecurityManager::CheckSameOriginPrincipal(nsIPrincipal* aSubject,
Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap
2010-02-02 02:29:15 -08:00
nsIPrincipal* aObject)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
/*
** Get origin of subject and object and compare.
*/
if (aSubject == aObject)
return NS_OK;
Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap
2010-02-02 02:29:15 -08:00
// Default to false, and change if that turns out wrong.
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool subjectSetDomain = false;
bool objectSetDomain = false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsCOMPtr<nsIURI> subjectURI;
nsCOMPtr<nsIURI> objectURI;
Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap
2010-02-02 02:29:15 -08:00
aSubject->GetDomain(getter_AddRefs(subjectURI));
if (!subjectURI) {
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
aSubject->GetURI(getter_AddRefs(subjectURI));
Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap
2010-02-02 02:29:15 -08:00
} else {
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
subjectSetDomain = true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap
2010-02-02 02:29:15 -08:00
aObject->GetDomain(getter_AddRefs(objectURI));
if (!objectURI) {
aObject->GetURI(getter_AddRefs(objectURI));
} else {
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
objectSetDomain = true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
if (SecurityCompareURIs(subjectURI, objectURI))
{ // If either the subject or the object has changed its principal by
// explicitly setting document.domain then the other must also have
// done so in order to be considered the same origin. This prevents
// DNS spoofing based on document.domain (154930)
// If both or neither explicitly set their domain, allow the access
if (subjectSetDomain == objectSetDomain)
return NS_OK;
}
/*
** Access tests failed, so now report error.
*/
return NS_ERROR_DOM_PROP_ACCESS_DENIED;
}
Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky
2008-10-08 06:16:27 -07:00
// It's important that
//
Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap
2010-02-02 02:29:15 -08:00
// CheckSameOriginPrincipal(A, B) == NS_OK
Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky
2008-10-08 06:16:27 -07:00
//
// imply
//
// HashPrincipalByOrigin(A) == HashPrincipalByOrigin(B)
//
// if principals A and B could ever be used as keys in a hashtable.
// Violation of this invariant leads to spurious failures of hashtable
// lookups. See bug 454850.
/*static*/ PRUint32
nsScriptSecurityManager::HashPrincipalByOrigin(nsIPrincipal* aPrincipal)
{
nsCOMPtr<nsIURI> uri;
aPrincipal->GetDomain(getter_AddRefs(uri));
if (!uri)
aPrincipal->GetURI(getter_AddRefs(uri));
return SecurityHashURI(uri);
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsresult
nsScriptSecurityManager::CheckSameOriginDOMProp(nsIPrincipal* aSubject,
nsIPrincipal* aObject,
Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap
2010-02-02 02:29:15 -08:00
PRUint32 aAction)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 14:14:49 -07:00
nsresult rv;
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool subsumes;
Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap
2010-02-02 02:29:15 -08:00
rv = aSubject->Subsumes(aObject, &subsumes);
if (NS_SUCCEEDED(rv) && !subsumes) {
rv = NS_ERROR_DOM_PROP_ACCESS_DENIED;
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 14:14:49 -07:00
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_SUCCEEDED(rv))
return NS_OK;
/*
* Content can't ever touch chrome (we check for UniversalXPConnect later)
*/
if (aObject == mSystemPrincipal)
return NS_ERROR_DOM_PROP_ACCESS_DENIED;
/*
** Access tests failed, so now report error.
*/
return NS_ERROR_DOM_PROP_ACCESS_DENIED;
}
nsresult
nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
ClassInfoData& aClassData,
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
jsid aProperty,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
PRUint32 aAction,
ClassPolicy** aCachedClassPolicy,
SecurityLevel* result)
{
nsresult rv;
result->level = SCRIPT_SECURITY_UNDEFINED_ACCESS;
DomainPolicy* dpolicy = nsnull;
//-- Initialize policies if necessary
if (mPolicyPrefsChanged)
{
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
if (!mPrefInitialized) {
Bug 412743 nsScriptSecurityManager::Init shouldn't treat failure of InitPrefs as fatal r=mrbkap sr=dveditz
2009-01-07 20:42:15 -08:00
rv = InitPrefs();
NS_ENSURE_SUCCESS(rv, rv);
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
rv = InitPolicies();
if (NS_FAILED(rv))
return rv;
}
else
{
aPrincipal->GetSecurityPolicy((void**)&dpolicy);
}
if (!dpolicy && mOriginToPolicyMap)
{
//-- Look up the relevant domain policy, if any
#ifdef DEBUG_CAPS_LookupPolicy
printf("DomainLookup ");
#endif
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-18 17:27:56 -07:00
nsCAutoString origin;
rv = GetPrincipalDomainOrigin(aPrincipal, origin);
NS_ENSURE_SUCCESS(rv, rv);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
char *start = origin.BeginWriting();
const char *nextToLastDot = nsnull;
const char *lastDot = nsnull;
const char *colon = nsnull;
char *p = start;
//-- search domain (stop at the end of the string or at the 3rd slash)
for (PRUint32 slashes=0; *p; p++)
{
if (*p == '/' && ++slashes == 3)
{
*p = '\0'; // truncate at 3rd slash
break;
}
if (*p == '.')
{
nextToLastDot = lastDot;
lastDot = p;
}
else if (!colon && *p == ':')
colon = p;
}
nsCStringKey key(nextToLastDot ? nextToLastDot+1 : start);
DomainEntry *de = (DomainEntry*) mOriginToPolicyMap->Get(&key);
if (!de)
{
nsCAutoString scheme(start, colon-start+1);
nsCStringKey schemeKey(scheme);
de = (DomainEntry*) mOriginToPolicyMap->Get(&schemeKey);
}
while (de)
{
if (de->Matches(start))
{
dpolicy = de->mDomainPolicy;
break;
}
de = de->mNext;
}
if (!dpolicy)
dpolicy = mDefaultPolicy;
aPrincipal->SetSecurityPolicy((void*)dpolicy);
}
ClassPolicy* cpolicy = nsnull;
if ((dpolicy == mDefaultPolicy) && aCachedClassPolicy)
{
// No per-domain policy for this principal (the more common case)
// so look for a cached class policy from the object wrapper
cpolicy = *aCachedClassPolicy;
}
if (!cpolicy)
{ //-- No cached policy for this class, need to look it up
#ifdef DEBUG_CAPS_LookupPolicy
printf("ClassLookup ");
#endif
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
cpolicy = static_cast<ClassPolicy*>
(PL_DHashTableOperate(dpolicy,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
aClassData.GetName(),
PL_DHASH_LOOKUP));
if (PL_DHASH_ENTRY_IS_FREE(cpolicy))
cpolicy = NO_POLICY_FOR_CLASS;
if ((dpolicy == mDefaultPolicy) && aCachedClassPolicy)
*aCachedClassPolicy = cpolicy;
}
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
NS_ASSERTION(JSID_IS_INT(aProperty) || JSID_IS_OBJECT(aProperty) ||
JSID_IS_STRING(aProperty), "Property must be a valid id");
// Only atomized strings are stored in the policies' hash tables.
if (!JSID_IS_STRING(aProperty))
return NS_OK;
JSString *propertyKey = JSID_TO_STRING(aProperty);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
// We look for a PropertyPolicy in the following places:
// 1) The ClassPolicy for our class we got from our DomainPolicy
// 2) The mWildcardPolicy of our DomainPolicy
// 3) The ClassPolicy for our class we got from mDefaultPolicy
// 4) The mWildcardPolicy of our mDefaultPolicy
PropertyPolicy* ppolicy = nsnull;
if (cpolicy != NO_POLICY_FOR_CLASS)
{
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
ppolicy = static_cast<PropertyPolicy*>
(PL_DHashTableOperate(cpolicy->mPolicy,
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
propertyKey,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
PL_DHASH_LOOKUP));
}
// If there is no class policy for this property, and we have a wildcard
// policy, try that.
if (dpolicy->mWildcardPolicy &&
(!ppolicy || PL_DHASH_ENTRY_IS_FREE(ppolicy)))
{
ppolicy =
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
static_cast<PropertyPolicy*>
(PL_DHashTableOperate(dpolicy->mWildcardPolicy->mPolicy,
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
propertyKey,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
PL_DHASH_LOOKUP));
}
// If dpolicy is not the defauly policy and there's no class or wildcard
// policy for this property, check the default policy for this class and
// the default wildcard policy
if (dpolicy != mDefaultPolicy &&
(!ppolicy || PL_DHASH_ENTRY_IS_FREE(ppolicy)))
{
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
cpolicy = static_cast<ClassPolicy*>
(PL_DHashTableOperate(mDefaultPolicy,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
aClassData.GetName(),
PL_DHASH_LOOKUP));
if (PL_DHASH_ENTRY_IS_BUSY(cpolicy))
{
ppolicy =
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
static_cast<PropertyPolicy*>
(PL_DHashTableOperate(cpolicy->mPolicy,
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
propertyKey,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
PL_DHASH_LOOKUP));
}
if ((!ppolicy || PL_DHASH_ENTRY_IS_FREE(ppolicy)) &&
mDefaultPolicy->mWildcardPolicy)
{
ppolicy =
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
static_cast<PropertyPolicy*>
(PL_DHashTableOperate(mDefaultPolicy->mWildcardPolicy->mPolicy,
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
propertyKey,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
PL_DHASH_LOOKUP));
}
}
if (!ppolicy || PL_DHASH_ENTRY_IS_FREE(ppolicy))
return NS_OK;
// Get the correct security level from the property policy
if (aAction == nsIXPCSecurityManager::ACCESS_SET_PROPERTY)
*result = ppolicy->mSet;
else
*result = ppolicy->mGet;
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckLoadURIFromScript(JSContext *cx, nsIURI *aURI)
{
// Get principal of currently executing script.
nsresult rv;
nsIPrincipal* principal = GetSubjectPrincipal(cx, &rv);
if (NS_FAILED(rv))
return rv;
// Native code can load all URIs.
if (!principal)
return NS_OK;
rv = CheckLoadURIWithPrincipal(principal, aURI,
nsIScriptSecurityManager::STANDARD);
if (NS_SUCCEEDED(rv)) {
// OK to load
return NS_OK;
}
// See if we're attempting to load a file: URI. If so, let a
Bug 713747 - Remove UniversalFoo from caps (and thus, the tree). r=bz
2011-12-30 09:35:52 -08:00
// UniversalXPConnect capability trump the above check.
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool isFile = false;
bool isRes = false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_FAILED(aURI->SchemeIs("file", &isFile)) ||
NS_FAILED(aURI->SchemeIs("resource", &isRes)))
return NS_ERROR_FAILURE;
if (isFile || isRes)
{
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool enabled;
Bug 713747 - Remove UniversalFoo from caps (and thus, the tree). r=bz
2011-12-30 09:35:52 -08:00
if (NS_FAILED(IsCapabilityEnabled("UniversalXPConnect", &enabled)))
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return NS_ERROR_FAILURE;
if (enabled)
return NS_OK;
}
// Report error.
nsCAutoString spec;
if (NS_FAILED(aURI->GetAsciiSpec(spec)))
return NS_ERROR_FAILURE;
Bug 410486. Fix test failures due to the exception message getting truncated.
2009-05-19 21:57:37 -07:00
nsCAutoString msg("Access to '");
msg.Append(spec);
msg.AppendLiteral("' from script denied");
SetPendingException(cx, msg.get());
Back out bug 246699 to fix bug 423375, per shaver
2008-03-17 07:10:48 -07:00
return NS_ERROR_DOM_BAD_URI;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
/**
* Helper method to handle cases where a flag passed to
* CheckLoadURIWithPrincipal means denying loading if the given URI has certain
* nsIProtocolHandler flags set.
* @return if success, access is allowed. Otherwise, deny access
*/
static nsresult
DenyAccessIfURIHasFlags(nsIURI* aURI, PRUint32 aURIFlags)
{
NS_PRECONDITION(aURI, "Must have URI!");
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool uriHasFlags;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsresult rv =
NS_URIChainHasFlags(aURI, aURIFlags, &uriHasFlags);
NS_ENSURE_SUCCESS(rv, rv);
if (uriHasFlags) {
return NS_ERROR_DOM_BAD_URI;
}
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
nsIURI *aTargetURI,
PRUint32 aFlags)
{
NS_PRECONDITION(aPrincipal, "CheckLoadURIWithPrincipal must have a principal");
// If someone passes a flag that we don't understand, we should
// fail, because they may need a security check that we don't
// provide.
NS_ENSURE_FALSE(aFlags & ~(nsIScriptSecurityManager::LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT |
nsIScriptSecurityManager::ALLOW_CHROME |
nsIScriptSecurityManager::DISALLOW_SCRIPT |
nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL),
NS_ERROR_UNEXPECTED);
NS_ENSURE_ARG_POINTER(aPrincipal);
Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz, sr=dveditz
2009-01-01 15:45:23 -08:00
NS_ENSURE_ARG_POINTER(aTargetURI);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
Bug 732413: make DISALLOW_INHERIT_PRINCIPAL flag passed to checkLoadURI effective even when the source principal is the system principal, r=bz --HG-- rename : caps/tests/mochitest/test_bug470804.html => caps/tests/mochitest/test_disallowInheritPrincipal.html extra : transplant_source : %CD%A3%DD%8Aa%DC%1F%BE%F8%0DB%BE%86%3FQ%D8%95%88%9E%CA
2012-03-14 11:55:47 -07:00
// If DISALLOW_INHERIT_PRINCIPAL is set, we prevent loading of URIs which
// would do such inheriting. That would be URIs that do not have their own
// security context. We do this even for the system principal.
if (aFlags & nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL) {
nsresult rv =
DenyAccessIfURIHasFlags(aTargetURI,
nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT);
NS_ENSURE_SUCCESS(rv, rv);
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (aPrincipal == mSystemPrincipal) {
// Allow access
return NS_OK;
}
Bug 732413: make DISALLOW_INHERIT_PRINCIPAL flag passed to checkLoadURI effective even when the source principal is the system principal, r=bz --HG-- rename : caps/tests/mochitest/test_bug470804.html => caps/tests/mochitest/test_disallowInheritPrincipal.html extra : transplant_source : %CD%A3%DD%8Aa%DC%1F%BE%F8%0DB%BE%86%3FQ%D8%95%88%9E%CA
2012-03-14 11:55:47 -07:00
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsCOMPtr<nsIURI> sourceURI;
aPrincipal->GetURI(getter_AddRefs(sourceURI));
Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst
2007-08-06 19:09:16 -07:00
if (!sourceURI) {
Revert c39d36167b99 due to a horribly munged backout.
2012-06-10 16:44:50 -07:00
nsCOMPtr<nsIExpandedPrincipal> expanded = do_QueryInterface(aPrincipal);
if (expanded) {
nsTArray< nsCOMPtr<nsIPrincipal> > *whiteList;
expanded->GetWhiteList(&whiteList);
for (uint32_t i = 0; i < whiteList->Length(); ++i) {
nsresult rv = CheckLoadURIWithPrincipal((*whiteList)[i],
aTargetURI,
aFlags);
if (NS_SUCCEEDED(rv)) {
// Allow access if it succeeded with one of the white listed principals
return NS_OK;
}
}
return NS_OK;
}
NS_ERROR("Non-system principals or expanded principal passed to CheckLoadURIWithPrincipal "
Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst
2007-08-06 19:09:16 -07:00
"must have a URI!");
return NS_ERROR_UNEXPECTED;
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
// Automatic loads are not allowed from certain protocols.
if (aFlags & nsIScriptSecurityManager::LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT) {
nsresult rv =
DenyAccessIfURIHasFlags(sourceURI,
nsIProtocolHandler::URI_FORBIDS_AUTOMATIC_DOCUMENT_REPLACEMENT);
NS_ENSURE_SUCCESS(rv, rv);
}
// If either URI is a nested URI, get the base URI
nsCOMPtr<nsIURI> sourceBaseURI = NS_GetInnermostURI(sourceURI);
nsCOMPtr<nsIURI> targetBaseURI = NS_GetInnermostURI(aTargetURI);
//-- get the target scheme
nsCAutoString targetScheme;
nsresult rv = targetBaseURI->GetScheme(targetScheme);
if (NS_FAILED(rv)) return rv;
//-- Some callers do not allow loading javascript:
if ((aFlags & nsIScriptSecurityManager::DISALLOW_SCRIPT) &&
targetScheme.EqualsLiteral("javascript"))
{
return NS_ERROR_DOM_BAD_URI;
}
Bug 543870: Implement File.url. r=bz sr=jst
2010-03-02 23:51:09 -08:00
NS_NAMED_LITERAL_STRING(errorTag, "CheckLoadURIError");
// Check for uris that are only loadable by principals that subsume them
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool hasFlags;
Bug 543870: Implement File.url. r=bz sr=jst
2010-03-02 23:51:09 -08:00
rv = NS_URIChainHasFlags(targetBaseURI,
nsIProtocolHandler::URI_LOADABLE_BY_SUBSUMERS,
&hasFlags);
NS_ENSURE_SUCCESS(rv, rv);
if (hasFlags) {
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
return aPrincipal->CheckMayLoad(targetBaseURI, true);
Bug 543870: Implement File.url. r=bz sr=jst
2010-03-02 23:51:09 -08:00
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
//-- get the source scheme
nsCAutoString sourceScheme;
rv = sourceBaseURI->GetScheme(sourceScheme);
if (NS_FAILED(rv)) return rv;
Fix bug 421228. r+sr=sicking
2008-03-27 20:46:15 -07:00
if (sourceScheme.LowerCaseEqualsLiteral(NS_NULLPRINCIPAL_SCHEME)) {
// A null principal can target its own URI.
if (sourceURI == aTargetURI) {
return NS_OK;
}
}
else if (targetScheme.Equals(sourceScheme,
nsCaseInsensitiveCStringComparator()))
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
// every scheme can access another URI from the same scheme,
// as long as they don't represent null principals.
return NS_OK;
}
// If the schemes don't match, the policy is specified by the protocol
// flags on the target URI. Note that the order of policy checks here is
// very important! We start from most restrictive and work our way down.
// Note that since we're working with the innermost URI, we can just use
// the methods that work on chains of nested URIs and they will only look
// at the flags for our one URI.
// Check for system target URI
rv = DenyAccessIfURIHasFlags(targetBaseURI,
nsIProtocolHandler::URI_DANGEROUS_TO_LOAD);
if (NS_FAILED(rv)) {
// Deny access, since the origin principal is not system
ReportError(nsnull, errorTag, sourceURI, aTargetURI);
return rv;
}
// Check for chrome target URI
rv = NS_URIChainHasFlags(targetBaseURI,
nsIProtocolHandler::URI_IS_UI_RESOURCE,
&hasFlags);
NS_ENSURE_SUCCESS(rv, rv);
if (hasFlags) {
if (aFlags & nsIScriptSecurityManager::ALLOW_CHROME) {
bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner
2008-04-12 14:26:19 -07:00
if (!targetScheme.EqualsLiteral("chrome")) {
// for now don't change behavior for resource: or moz-icon:
return NS_OK;
}
// allow load only if chrome package is whitelisted
nsCOMPtr<nsIXULChromeRegistry> reg(do_GetService(
NS_CHROMEREGISTRY_CONTRACTID));
if (reg) {
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool accessAllowed = false;
bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner
2008-04-12 14:26:19 -07:00
reg->AllowContentToAccess(targetBaseURI, &accessAllowed);
if (accessAllowed) {
return NS_OK;
}
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
// resource: and chrome: are equivalent, securitywise
// That's bogus!! Fix this. But watch out for
// the view-source stylesheet?
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool sourceIsChrome;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
rv = NS_URIChainHasFlags(sourceBaseURI,
nsIProtocolHandler::URI_IS_UI_RESOURCE,
&sourceIsChrome);
NS_ENSURE_SUCCESS(rv, rv);
if (sourceIsChrome) {
return NS_OK;
}
ReportError(nsnull, errorTag, sourceURI, aTargetURI);
return NS_ERROR_DOM_BAD_URI;
}
// Check for target URI pointing to a file
rv = NS_URIChainHasFlags(targetBaseURI,
nsIProtocolHandler::URI_IS_LOCAL_FILE,
&hasFlags);
NS_ENSURE_SUCCESS(rv, rv);
if (hasFlags) {
// resource: and chrome: are equivalent, securitywise
// That's bogus!! Fix this. But watch out for
// the view-source stylesheet?
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool sourceIsChrome;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
rv = NS_URIChainHasFlags(sourceURI,
nsIProtocolHandler::URI_IS_UI_RESOURCE,
&sourceIsChrome);
NS_ENSURE_SUCCESS(rv, rv);
if (sourceIsChrome) {
return NS_OK;
}
// Now check capability policies
static const char loadURIPrefGroup[] = "checkloaduri";
ClassInfoData nameData(nsnull, loadURIPrefGroup);
SecurityLevel secLevel;
rv = LookupPolicy(aPrincipal, nameData, sEnabledID,
nsIXPCSecurityManager::ACCESS_GET_PROPERTY,
nsnull, &secLevel);
if (NS_SUCCEEDED(rv) && secLevel.level == SCRIPT_SECURITY_ALL_ACCESS)
{
// OK for this site!
return NS_OK;
}
ReportError(nsnull, errorTag, sourceURI, aTargetURI);
return NS_ERROR_DOM_BAD_URI;
}
// OK, everyone is allowed to load this, since unflagged handlers are
// deprecated but treated as URI_LOADABLE_BY_ANYONE. But check whether we
// need to warn. At some point we'll want to make this warning into an
// error and treat unflagged handlers as URI_DANGEROUS_TO_LOAD.
rv = NS_URIChainHasFlags(targetBaseURI,
nsIProtocolHandler::URI_LOADABLE_BY_ANYONE,
&hasFlags);
NS_ENSURE_SUCCESS(rv, rv);
if (!hasFlags) {
nsXPIDLString message;
NS_ConvertASCIItoUTF16 ucsTargetScheme(targetScheme);
const PRUnichar* formatStrings[] = { ucsTargetScheme.get() };
rv = sStrBundle->
FormatStringFromName(NS_LITERAL_STRING("ProtocolFlagError").get(),
formatStrings,
Bug 693469 - Implement mozilla::ArrayLength and mozilla::ArrayEnd, and replace uses of NS_ARRAY_LENGTH whenever possible. (Exceptions: assigning to static initializers, use in static assertions, as template parameters, etc. These will go away when the relevant compilers have C++11 constexpr support.) r=cjones --HG-- extra : rebase_source : b4bae9a0f85abf2feb828609b50e756916b99a6f
2011-10-10 22:50:08 -07:00
ArrayLength(formatStrings),
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
getter_Copies(message));
if (NS_SUCCEEDED(rv)) {
nsCOMPtr<nsIConsoleService> console(
do_GetService("@mozilla.org/consoleservice;1"));
NS_ENSURE_TRUE(console, NS_ERROR_FAILURE);
console->LogStringMessage(message.get());
#ifdef DEBUG
fprintf(stderr, "%s\n", NS_ConvertUTF16toUTF8(message).get());
#endif
}
}
return NS_OK;
}
nsresult
nsScriptSecurityManager::ReportError(JSContext* cx, const nsAString& messageTag,
nsIURI* aSource, nsIURI* aTarget)
{
nsresult rv;
NS_ENSURE_TRUE(aSource && aTarget, NS_ERROR_NULL_POINTER);
// Get the source URL spec
nsCAutoString sourceSpec;
rv = aSource->GetAsciiSpec(sourceSpec);
NS_ENSURE_SUCCESS(rv, rv);
// Get the target URL spec
nsCAutoString targetSpec;
rv = aTarget->GetAsciiSpec(targetSpec);
NS_ENSURE_SUCCESS(rv, rv);
// Localize the error message
nsXPIDLString message;
NS_ConvertASCIItoUTF16 ucsSourceSpec(sourceSpec);
NS_ConvertASCIItoUTF16 ucsTargetSpec(targetSpec);
const PRUnichar *formatStrings[] = { ucsSourceSpec.get(), ucsTargetSpec.get() };
rv = sStrBundle->FormatStringFromName(PromiseFlatString(messageTag).get(),
formatStrings,
Bug 693469 - Implement mozilla::ArrayLength and mozilla::ArrayEnd, and replace uses of NS_ARRAY_LENGTH whenever possible. (Exceptions: assigning to static initializers, use in static assertions, as template parameters, etc. These will go away when the relevant compilers have C++11 constexpr support.) r=cjones --HG-- extra : rebase_source : b4bae9a0f85abf2feb828609b50e756916b99a6f
2011-10-10 22:50:08 -07:00
ArrayLength(formatStrings),
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
getter_Copies(message));
NS_ENSURE_SUCCESS(rv, rv);
// If a JS context was passed in, set a JS exception.
// Otherwise, print the error message directly to the JS console
// and to standard output
if (cx)
{
SetPendingException(cx, message.get());
}
else // Print directly to the console
{
nsCOMPtr<nsIConsoleService> console(
do_GetService("@mozilla.org/consoleservice;1"));
NS_ENSURE_TRUE(console, NS_ERROR_FAILURE);
console->LogStringMessage(message.get());
#ifdef DEBUG
fprintf(stderr, "%s\n", NS_LossyConvertUTF16toASCII(message).get());
#endif
}
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckLoadURIStrWithPrincipal(nsIPrincipal* aPrincipal,
const nsACString& aTargetURIStr,
PRUint32 aFlags)
{
nsresult rv;
nsCOMPtr<nsIURI> target;
rv = NS_NewURI(getter_AddRefs(target), aTargetURIStr,
nsnull, nsnull, sIOService);
NS_ENSURE_SUCCESS(rv, rv);
rv = CheckLoadURIWithPrincipal(aPrincipal, target, aFlags);
NS_ENSURE_SUCCESS(rv, rv);
// Now start testing fixup -- since aTargetURIStr is a string, not
// an nsIURI, we may well end up fixing it up before loading.
// Note: This needs to stay in sync with the nsIURIFixup api.
nsCOMPtr<nsIURIFixup> fixup = do_GetService(NS_URIFIXUP_CONTRACTID);
if (!fixup) {
return rv;
}
PRUint32 flags[] = {
nsIURIFixup::FIXUP_FLAG_NONE,
nsIURIFixup::FIXUP_FLAG_ALLOW_KEYWORD_LOOKUP,
nsIURIFixup::FIXUP_FLAGS_MAKE_ALTERNATE_URI,
nsIURIFixup::FIXUP_FLAG_ALLOW_KEYWORD_LOOKUP |
nsIURIFixup::FIXUP_FLAGS_MAKE_ALTERNATE_URI
};
Bug 693469 - Implement mozilla::ArrayLength and mozilla::ArrayEnd, and replace uses of NS_ARRAY_LENGTH whenever possible. (Exceptions: assigning to static initializers, use in static assertions, as template parameters, etc. These will go away when the relevant compilers have C++11 constexpr support.) r=cjones --HG-- extra : rebase_source : b4bae9a0f85abf2feb828609b50e756916b99a6f
2011-10-10 22:50:08 -07:00
for (PRUint32 i = 0; i < ArrayLength(flags); ++i) {
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
rv = fixup->CreateFixupURI(aTargetURIStr, flags[i],
getter_AddRefs(target));
NS_ENSURE_SUCCESS(rv, rv);
rv = CheckLoadURIWithPrincipal(aPrincipal, target, aFlags);
NS_ENSURE_SUCCESS(rv, rv);
}
return rv;
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckFunctionAccess(JSContext *aCx, void *aFunObj,
void *aTargetObj)
{
// This check is called for event handlers
nsresult rv;
nsIPrincipal* subject =
GetFunctionObjectPrincipal(aCx, (JSObject *)aFunObj, nsnull, &rv);
// If subject is null, get a principal from the function object's scope.
if (NS_SUCCEEDED(rv) && !subject)
{
#ifdef DEBUG
{
Bug 679879 - Change JSFunction macros to methods. Part 1, remove the macro uses from caps. r=mrbkap.
2011-08-18 10:34:20 -07:00
JS_ASSERT(JS_ObjectIsFunction(aCx, (JSObject *)aFunObj));
Fix test failures, bug 693754.
2011-10-12 08:32:42 -07:00
JSFunction *fun = JS_GetObjectFunction((JSObject *)aFunObj);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
JSScript *script = JS_GetFunctionScript(aCx, fun);
NS_ASSERTION(!script, "Null principal for non-native function!");
}
#endif
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 12:51:01 -08:00
subject = doGetObjectPrincipal((JSObject*)aFunObj);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
if (!subject)
return NS_ERROR_FAILURE;
if (subject == mSystemPrincipal)
// This is the system principal: just allow access
return NS_OK;
// Check if the principal the function was compiled under is
// allowed to execute scripts.
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool result;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
rv = CanExecuteScripts(aCx, subject, &result);
if (NS_FAILED(rv))
return rv;
if (!result)
return NS_ERROR_DOM_SECURITY_ERR;
/*
** Get origin of subject and object and compare.
*/
JSObject* obj = (JSObject*)aTargetObj;
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 12:51:01 -08:00
nsIPrincipal* object = doGetObjectPrincipal(obj);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (!object)
return NS_ERROR_FAILURE;
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool subsumes;
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 14:14:49 -07:00
rv = subject->Subsumes(object, &subsumes);
if (NS_SUCCEEDED(rv) && !subsumes) {
rv = NS_ERROR_DOM_PROP_ACCESS_DENIED;
}
return rv;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
NS_IMETHODIMP
nsScriptSecurityManager::CanExecuteScripts(JSContext* cx,
nsIPrincipal *aPrincipal,
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool *result)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
*result = false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (aPrincipal == mSystemPrincipal)
{
// Even if JavaScript is disabled, we must still execute system scripts
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
*result = true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return NS_OK;
}
//-- See if the current window allows JS execution
nsIScriptContext *scriptContext = GetScriptContext(cx);
if (!scriptContext) return NS_ERROR_FAILURE;
if (!scriptContext->GetScriptsEnabled()) {
// No scripting on this context, folks
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
*result = false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return NS_OK;
}
nsIScriptGlobalObject *sgo = scriptContext->GetGlobalObject();
if (!sgo) {
return NS_ERROR_FAILURE;
}
// window can be null here if we're running with a non-DOM window
// as the script global (i.e. a XUL prototype document).
nsCOMPtr<nsPIDOMWindow> window = do_QueryInterface(sgo);
nsCOMPtr<nsIDocShell> docshell;
nsresult rv;
if (window) {
docshell = window->GetDocShell();
}
Bug 519928 - IFRAME inside designMode disables JavaScript, breaking current clickjacking defenses; r=Olli.Pettay --HG-- extra : rebase_source : 7d01d90f59e60b63e64b96bb655937fe0d0c879a
2010-06-04 14:03:50 -07:00
if (docshell) {
rv = docshell->GetCanExecuteScripts(result);
if (NS_FAILED(rv)) return rv;
if (!*result) return NS_OK;
Backed out changeset d1cbe16de6bf to fix oranges
2010-06-28 12:29:30 -07:00
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
// OK, the docshell doesn't have script execution explicitly disabled.
// Check whether our URI is an "about:" URI that allows scripts. If it is,
// we need to allow JS to run. In this case, don't apply the JS enabled
// pref or policies. On failures, just press on and don't do this special
// case.
nsCOMPtr<nsIURI> principalURI;
aPrincipal->GetURI(getter_AddRefs(principalURI));
Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst
2007-08-06 19:09:16 -07:00
if (!principalURI) {
// Broken principal of some sort. Disallow.
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
*result = false;
Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst
2007-08-06 19:09:16 -07:00
return NS_ERROR_UNEXPECTED;
}
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool isAbout;
Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst
2007-08-06 19:09:16 -07:00
rv = principalURI->SchemeIs("about", &isAbout);
if (NS_SUCCEEDED(rv) && isAbout) {
nsCOMPtr<nsIAboutModule> module;
rv = NS_GetAboutModule(principalURI, getter_AddRefs(module));
if (NS_SUCCEEDED(rv)) {
PRUint32 flags;
rv = module->GetURIFlags(principalURI, &flags);
if (NS_SUCCEEDED(rv) &&
(flags & nsIAboutModule::ALLOW_SCRIPT)) {
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
*result = true;
Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst
2007-08-06 19:09:16 -07:00
return NS_OK;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
}
}
*result = mIsJavaScriptEnabled;
if (!*result)
return NS_OK; // Do not run scripts
//-- Check for a per-site policy
static const char jsPrefGroupName[] = "javascript";
ClassInfoData nameData(nsnull, jsPrefGroupName);
SecurityLevel secLevel;
rv = LookupPolicy(aPrincipal, nameData, sEnabledID,
nsIXPCSecurityManager::ACCESS_GET_PROPERTY,
nsnull, &secLevel);
if (NS_FAILED(rv) || secLevel.level == SCRIPT_SECURITY_NO_ACCESS)
{
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
*result = false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return rv;
}
//-- Nobody vetoed, so allow the JS to run.
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
*result = true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return NS_OK;
}
///////////////// Principals ///////////////////////
NS_IMETHODIMP
nsScriptSecurityManager::GetSubjectPrincipal(nsIPrincipal **aSubjectPrincipal)
{
nsresult rv;
*aSubjectPrincipal = doGetSubjectPrincipal(&rv);
if (NS_SUCCEEDED(rv))
NS_IF_ADDREF(*aSubjectPrincipal);
return rv;
}
nsIPrincipal*
nsScriptSecurityManager::doGetSubjectPrincipal(nsresult* rv)
{
NS_PRECONDITION(rv, "Null out param");
JSContext *cx = GetCurrentJSContext();
if (!cx)
{
*rv = NS_OK;
return nsnull;
}
return GetSubjectPrincipal(cx, rv);
}
NS_IMETHODIMP
nsScriptSecurityManager::GetSystemPrincipal(nsIPrincipal **result)
{
NS_ADDREF(*result = mSystemPrincipal);
return NS_OK;
}
NS_IMETHODIMP
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
nsScriptSecurityManager::SubjectPrincipalIsSystem(bool* aIsSystem)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
NS_ENSURE_ARG_POINTER(aIsSystem);
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
*aIsSystem = false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (!mSystemPrincipal)
return NS_OK;
nsCOMPtr<nsIPrincipal> subject;
nsresult rv = GetSubjectPrincipal(getter_AddRefs(subject));
if (NS_FAILED(rv))
return rv;
if(!subject)
{
// No subject principal means no JS is running;
// this is the equivalent of system principal code
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
*aIsSystem = true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return NS_OK;
}
return mSystemPrincipal->Equals(subject, aIsSystem);
}
NS_IMETHODIMP
nsScriptSecurityManager::GetCertificatePrincipal(const nsACString& aCertFingerprint,
const nsACString& aSubjectName,
const nsACString& aPrettyName,
nsISupports* aCertificate,
nsIURI* aURI,
nsIPrincipal **result)
{
*result = nsnull;
NS_ENSURE_ARG(!aCertFingerprint.IsEmpty() &&
!aSubjectName.IsEmpty() &&
aCertificate);
return DoGetCertificatePrincipal(aCertFingerprint, aSubjectName,
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
aPrettyName, aCertificate, aURI, true,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
result);
}
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsresult
nsScriptSecurityManager::DoGetCertificatePrincipal(const nsACString& aCertFingerprint,
const nsACString& aSubjectName,
const nsACString& aPrettyName,
nsISupports* aCertificate,
nsIURI* aURI,
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool aModifyTable,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsIPrincipal **result)
{
NS_ENSURE_ARG(!aCertFingerprint.IsEmpty());
// Create a certificate principal out of the certificate ID
// and URI given to us. We will use this principal to test
// equality when doing our hashtable lookups below.
nsRefPtr<nsPrincipal> certificate = new nsPrincipal();
if (!certificate)
return NS_ERROR_OUT_OF_MEMORY;
nsresult rv = certificate->Init(aCertFingerprint, aSubjectName,
Bug 758258 - part 3 - Add extendedOrigin, appStatus and appId to nsIPrincipal. r=bholley sr=sicking
2012-07-19 22:44:03 -07:00
aPrettyName, aCertificate, aURI,
UNKNOWN_APP_ID, false);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
NS_ENSURE_SUCCESS(rv, rv);
// Check to see if we already have this principal.
nsCOMPtr<nsIPrincipal> fromTable;
mPrincipals.Get(certificate, getter_AddRefs(fromTable));
if (fromTable) {
// Bingo. We found the certificate in the table, which means
// that it has escalated privileges.
if (aModifyTable) {
// Make sure this principal has names, so if we ever go to save it
// we'll save them. If we get a name mismatch here we'll throw,
// but that's desirable.
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
rv = static_cast<nsPrincipal*>
(static_cast<nsIPrincipal*>(fromTable))
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
->EnsureCertData(aSubjectName, aPrettyName, aCertificate);
if (NS_FAILED(rv)) {
// We have a subject name mismatch for the same cert id.
// Hand back the |certificate| object we created and don't give
// it any rights from the table.
NS_ADDREF(*result = certificate);
return NS_OK;
}
}
if (!aURI) {
// We were asked to just get the base certificate, so output
// what we have in the table.
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
certificate = static_cast<nsPrincipal*>
(static_cast<nsIPrincipal*>
(fromTable));
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
} else {
// We found a certificate and now need to install a codebase
// on it. We don't want to modify the principal in the hash
// table, so create a new principal and clone the pertinent
// things.
nsXPIDLCString prefName;
nsXPIDLCString id;
nsXPIDLCString subjectName;
nsXPIDLCString granted;
nsXPIDLCString denied;
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool isTrusted;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
rv = fromTable->GetPreferences(getter_Copies(prefName),
getter_Copies(id),
getter_Copies(subjectName),
getter_Copies(granted),
getter_Copies(denied),
&isTrusted);
// XXXbz assert something about subjectName and aSubjectName here?
if (NS_SUCCEEDED(rv)) {
NS_ASSERTION(!isTrusted, "Shouldn't have isTrusted true here");
certificate = new nsPrincipal();
if (!certificate)
return NS_ERROR_OUT_OF_MEMORY;
rv = certificate->InitFromPersistent(prefName, id,
subjectName, aPrettyName,
granted, denied,
aCertificate,
Bug 758258 - part 3 - Add extendedOrigin, appStatus and appId to nsIPrincipal. r=bholley sr=sicking
2012-07-19 22:44:03 -07:00
true, false,
UNKNOWN_APP_ID, false);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_FAILED(rv))
return rv;
certificate->SetURI(aURI);
}
}
}
NS_ADDREF(*result = certificate);
return rv;
}
nsresult
nsScriptSecurityManager::CreateCodebasePrincipal(nsIURI* aURI, nsIPrincipal **result)
{
// I _think_ it's safe to not create null principals here based on aURI.
// At least all the callers would do the right thing in those cases, as far
// as I can tell. --bz
Bug 543870: Implement File.url. r=bz sr=jst
2010-03-02 23:51:09 -08:00
nsCOMPtr<nsIURIWithPrincipal> uriPrinc = do_QueryInterface(aURI);
if (uriPrinc) {
nsCOMPtr<nsIPrincipal> principal;
uriPrinc->GetPrincipal(getter_AddRefs(principal));
if (!principal || principal == mSystemPrincipal) {
return CallCreateInstance(NS_NULLPRINCIPAL_CONTRACTID, result);
}
principal.forget(result);
return NS_OK;
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsRefPtr<nsPrincipal> codebase = new nsPrincipal();
if (!codebase)
return NS_ERROR_OUT_OF_MEMORY;
nsresult rv = codebase->Init(EmptyCString(), EmptyCString(),
Bug 758258 - part 3 - Add extendedOrigin, appStatus and appId to nsIPrincipal. r=bholley sr=sicking
2012-07-19 22:44:03 -07:00
EmptyCString(), nsnull, aURI,
nsIScriptSecurityManager::NO_APP_ID, false);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_FAILED(rv))
return rv;
NS_ADDREF(*result = codebase);
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::GetCodebasePrincipal(nsIURI *aURI,
nsIPrincipal **result)
{
Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst
2007-08-06 19:09:16 -07:00
NS_ENSURE_ARG(aURI);
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool inheritsPrincipal;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsresult rv =
NS_URIChainHasFlags(aURI,
nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
&inheritsPrincipal);
if (NS_FAILED(rv) || inheritsPrincipal) {
return CallCreateInstance(NS_NULLPRINCIPAL_CONTRACTID, result);
}
nsCOMPtr<nsIPrincipal> principal;
rv = CreateCodebasePrincipal(aURI, getter_AddRefs(principal));
if (NS_FAILED(rv)) return rv;
if (mPrincipals.Count() > 0)
{
//-- Check to see if we already have this principal.
nsCOMPtr<nsIPrincipal> fromTable;
mPrincipals.Get(principal, getter_AddRefs(fromTable));
if (fromTable) {
// We found an existing codebase principal. But it might have a
// generic codebase for this origin on it. Install our particular
// codebase.
// XXXbz this is kinda similar to the code in
// GetCertificatePrincipal, but just ever so slightly different.
// Oh, well.
nsXPIDLCString prefName;
nsXPIDLCString id;
nsXPIDLCString subjectName;
nsXPIDLCString granted;
nsXPIDLCString denied;
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool isTrusted;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
rv = fromTable->GetPreferences(getter_Copies(prefName),
getter_Copies(id),
getter_Copies(subjectName),
getter_Copies(granted),
getter_Copies(denied),
&isTrusted);
if (NS_SUCCEEDED(rv)) {
nsRefPtr<nsPrincipal> codebase = new nsPrincipal();
if (!codebase)
return NS_ERROR_OUT_OF_MEMORY;
rv = codebase->InitFromPersistent(prefName, id,
subjectName, EmptyCString(),
granted, denied,
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
nsnull, false,
Bug 758258 - part 3 - Add extendedOrigin, appStatus and appId to nsIPrincipal. r=bholley sr=sicking
2012-07-19 22:44:03 -07:00
isTrusted,
nsIScriptSecurityManager::NO_APP_ID,
false);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_FAILED(rv))
return rv;
codebase->SetURI(aURI);
principal = codebase;
}
}
}
NS_IF_ADDREF(*result = principal);
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::GetPrincipalFromContext(JSContext *cx,
nsIPrincipal **result)
{
*result = nsnull;
Bug 549682 - Port the message-manager API to mozilla-central, r=jst
2010-05-18 05:28:37 -07:00
nsIScriptContextPrincipal* scp =
GetScriptContextPrincipalFromJSContext(cx);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
Bug 549682 - Port the message-manager API to mozilla-central, r=jst
2010-05-18 05:28:37 -07:00
if (!scp)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
return NS_ERROR_FAILURE;
}
Bug 549682 - Port the message-manager API to mozilla-central, r=jst
2010-05-18 05:28:37 -07:00
nsIScriptObjectPrincipal* globalData = scp->GetObjectPrincipal();
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (globalData)
NS_IF_ADDREF(*result = globalData->GetPrincipal());
return NS_OK;
}
// static
nsIPrincipal*
bug 730221 - delegating serialization of script principals to the embedding. r=:luke,:bz Currently to serialize principals stored in JSScript we have a rather complex schema. First there is the transcode callback that the embedding must provide to transcode principals using XDR API. Second we use rather complex glue code to implement that callback in terms of writing/reading nsIObjectOutputStream/ nsIObjectInputStream. This glue code is duplicated in 3 places. All this can be avoided if we simply delegate transcoding of principals to the caller. In addition, at least in the case of the cached startup scripts we do not even need to transcode the principals as the the cached scripts always have the system principal so we can skip all the transcode complexity there. The patch implemnts this idea. In particular, the code in JS engine responsible for transcoding of principals is replaced by the single API function JS_XDRSetPrincipals that the embedding can use to set principals for decoded scripts and functions. Then the startup cache uses this to set the principals for the decoded script to the system principals. The other two places in nsJSContext::Serialize and XBL_SerializeFunction that need to serialize principals together with a function or script now uses common utilities in nsXPConnect so the serialization complexity resides in the single place.
2012-02-13 05:10:04 -08:00
nsScriptSecurityManager::GetScriptPrincipal(JSScript *script,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsresult* rv)
{
NS_PRECONDITION(rv, "Null out param");
*rv = NS_OK;
if (!script)
{
return nsnull;
}
bug 730221 - delegating serialization of script principals to the embedding. r=:luke,:bz Currently to serialize principals stored in JSScript we have a rather complex schema. First there is the transcode callback that the embedding must provide to transcode principals using XDR API. Second we use rather complex glue code to implement that callback in terms of writing/reading nsIObjectOutputStream/ nsIObjectInputStream. This glue code is duplicated in 3 places. All this can be avoided if we simply delegate transcoding of principals to the caller. In addition, at least in the case of the cached startup scripts we do not even need to transcode the principals as the the cached scripts always have the system principal so we can skip all the transcode complexity there. The patch implemnts this idea. In particular, the code in JS engine responsible for transcoding of principals is replaced by the single API function JS_XDRSetPrincipals that the embedding can use to set principals for decoded scripts and functions. Then the startup cache uses this to set the principals for the decoded script to the system principals. The other two places in nsJSContext::Serialize and XBL_SerializeFunction that need to serialize principals together with a function or script now uses common utilities in nsXPConnect so the serialization complexity resides in the single place.
2012-02-13 05:10:04 -08:00
JSPrincipals *jsp = JS_GetScriptPrincipals(script);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (!jsp) {
*rv = NS_ERROR_FAILURE;
Bug 453720 - "Caps should assert when scripts do not contain principals". r+sr=mrbkap.
2008-09-04 15:52:20 -07:00
NS_ERROR("Script compiled without principals!");
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return nsnull;
}
bug 728250 - remove JSPrincipals::codebase. r=:luke,:bz In just 2 cases where JSPrincipals::codebase is used it can be reconstructed from the values stored in the associated nsJSPrincipal. In addition the patch makes nsJSprincipals to inherit both from nsIPrincipal and JSPrincipals allowing to use static_cast to convert between nsIPrincipal and JSPrincipals pointers and to drop many cases of manual JSPrincipal reference counting.
2012-03-09 01:48:50 -08:00
return nsJSPrincipals::get(jsp);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
// static
nsIPrincipal*
nsScriptSecurityManager::GetFunctionObjectPrincipal(JSContext *cx,
JSObject *obj,
JSStackFrame *fp,
nsresult *rv)
{
NS_PRECONDITION(rv, "Null out param");
Bug 616412: Fix use-before-init bug. r=mrbkap a=a
2011-01-04 08:40:54 -08:00
*rv = NS_OK;
Bug 441714 - Protect caps against SJOWs. r+sr=dveditz
2009-06-12 14:38:05 -07:00
if (!JS_ObjectIsFunction(cx, obj))
{
// Protect against pseudo-functions (like SJOWs).
nsIPrincipal *result = doGetObjectPrincipal(obj);
if (!result)
*rv = NS_ERROR_FAILURE;
return result;
}
Fix test failures, bug 693754.
2011-10-12 08:32:42 -07:00
JSFunction *fun = JS_GetObjectFunction(obj);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
JSScript *script = JS_GetFunctionScript(cx, fun);
if (!script)
{
// A native function: skip it in order to find its scripted caller.
return nsnull;
}
JSScript *frameScript = fp ? JS_GetFrameScript(cx, fp) : nsnull;
if (frameScript && frameScript != script)
{
// There is a frame script, and it's different from the
// function script. In this case we're dealing with either
// an eval or a Script object, and in these cases the
// principal we want is in the frame's script, not in the
// function's script. The function's script is where the
// eval-calling code came from, not where the eval or new
// Script object came from, and we want the principal of
// the eval function object or new Script object.
[bug 424376] backing out - too much compatibility problems.
2008-03-28 15:27:36 -07:00
script = frameScript;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
Add JSScript::function, bug 693754.
2011-10-21 14:31:01 -07:00
else if (!js::IsOriginalScriptFunction(fun))
[bug 424376] backing out - too much compatibility problems.
2008-03-28 15:27:36 -07:00
{
// Here, obj is a cloned function object. In this case, the
// clone's prototype may have been precompiled from brutally
// shared chrome, or else it is a lambda or nested function.
// The general case here is a function compiled against a
// different scope than the one it is parented by at runtime,
// hence the creation of a clone to carry the correct scope
// chain linkage.
//
// Since principals follow scope, we must get the object
// principal from the clone's scope chain. There are no
// reliable principals compiled into the function itself.
nsIPrincipal *result = doGetObjectPrincipal(obj);
if (!result)
*rv = NS_ERROR_FAILURE;
return result;
}
bug 730221 - delegating serialization of script principals to the embedding. r=:luke,:bz Currently to serialize principals stored in JSScript we have a rather complex schema. First there is the transcode callback that the embedding must provide to transcode principals using XDR API. Second we use rather complex glue code to implement that callback in terms of writing/reading nsIObjectOutputStream/ nsIObjectInputStream. This glue code is duplicated in 3 places. All this can be avoided if we simply delegate transcoding of principals to the caller. In addition, at least in the case of the cached startup scripts we do not even need to transcode the principals as the the cached scripts always have the system principal so we can skip all the transcode complexity there. The patch implemnts this idea. In particular, the code in JS engine responsible for transcoding of principals is replaced by the single API function JS_XDRSetPrincipals that the embedding can use to set principals for decoded scripts and functions. Then the startup cache uses this to set the principals for the decoded script to the system principals. The other two places in nsJSContext::Serialize and XBL_SerializeFunction that need to serialize principals together with a function or script now uses common utilities in nsXPConnect so the serialization complexity resides in the single place.
2012-02-13 05:10:04 -08:00
return GetScriptPrincipal(script, rv);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
nsIPrincipal*
nsScriptSecurityManager::GetFramePrincipal(JSContext *cx,
JSStackFrame *fp,
nsresult *rv)
{
NS_PRECONDITION(rv, "Null out param");
JSObject *obj = JS_GetFrameFunctionObject(cx, fp);
if (!obj)
{
// Must be in a top-level script. Get principal from the script.
JSScript *script = JS_GetFrameScript(cx, fp);
bug 730221 - delegating serialization of script principals to the embedding. r=:luke,:bz Currently to serialize principals stored in JSScript we have a rather complex schema. First there is the transcode callback that the embedding must provide to transcode principals using XDR API. Second we use rather complex glue code to implement that callback in terms of writing/reading nsIObjectOutputStream/ nsIObjectInputStream. This glue code is duplicated in 3 places. All this can be avoided if we simply delegate transcoding of principals to the caller. In addition, at least in the case of the cached startup scripts we do not even need to transcode the principals as the the cached scripts always have the system principal so we can skip all the transcode complexity there. The patch implemnts this idea. In particular, the code in JS engine responsible for transcoding of principals is replaced by the single API function JS_XDRSetPrincipals that the embedding can use to set principals for decoded scripts and functions. Then the startup cache uses this to set the principals for the decoded script to the system principals. The other two places in nsJSContext::Serialize and XBL_SerializeFunction that need to serialize principals together with a function or script now uses common utilities in nsXPConnect so the serialization complexity resides in the single place.
2012-02-13 05:10:04 -08:00
return GetScriptPrincipal(script, rv);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
nsIPrincipal* result = GetFunctionObjectPrincipal(cx, obj, fp, rv);
#ifdef DEBUG
if (NS_SUCCEEDED(*rv) && !result)
{
Fix test failures, bug 693754.
2011-10-12 08:32:42 -07:00
JSFunction *fun = JS_GetObjectFunction(obj);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
JSScript *script = JS_GetFunctionScript(cx, fun);
NS_ASSERTION(!script, "Null principal for non-native function!");
}
#endif
return result;
}
nsIPrincipal*
nsScriptSecurityManager::GetPrincipalAndFrame(JSContext *cx,
JSStackFrame **frameResult,
nsresult* rv)
{
Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz
2009-08-21 18:20:20 -07:00
NS_PRECONDITION(rv, "Null out param");
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
//-- If there's no principal on the stack, look at the global object
// and return the innermost frame for annotations.
*rv = NS_OK;
Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz
2009-08-21 18:20:20 -07:00
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (cx)
{
Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz
2009-08-21 18:20:20 -07:00
// Get principals from innermost JavaScript frame.
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
JSStackFrame *fp = nsnull; // tell JS_FrameIterator to start at innermost
for (fp = JS_FrameIterator(cx, &fp); fp; fp = JS_FrameIterator(cx, &fp))
{
nsIPrincipal* result = GetFramePrincipal(cx, fp, rv);
if (result)
{
NS_ASSERTION(NS_SUCCEEDED(*rv), "Weird return");
*frameResult = fp;
return result;
}
}
Bug 549682 - Port the message-manager API to mozilla-central, r=jst
2010-05-18 05:28:37 -07:00
nsIScriptContextPrincipal* scp =
GetScriptContextPrincipalFromJSContext(cx);
if (scp)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
Bug 549682 - Port the message-manager API to mozilla-central, r=jst
2010-05-18 05:28:37 -07:00
nsIScriptObjectPrincipal* globalData = scp->GetObjectPrincipal();
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (!globalData)
{
*rv = NS_ERROR_FAILURE;
return nsnull;
}
// Note that we're not in a loop or anything, and nothing comes
// after this point in the function, so we can just return here.
nsIPrincipal* result = globalData->GetPrincipal();
if (result)
{
JSStackFrame *inner = nsnull;
*frameResult = JS_FrameIterator(cx, &inner);
return result;
}
}
}
return nsnull;
}
nsIPrincipal*
nsScriptSecurityManager::GetSubjectPrincipal(JSContext *cx,
nsresult* rv)
{
Bug 754202 - Pull subject principals directly off the compartment. r=mrbkap It would be nice to check these principals against the principals acquired using the old mechanism. Unfortunately, they often differ. Because CAPS uses JS stack frames, any time we enter a compartment and do an operation (even throwing an Access-Denied exception) without running any JS code, we'll end up with a different principal. Our security story is pretty darn tied to compartments at this point, so let's just pull the trigger.
2012-06-28 14:47:55 -07:00
*rv = NS_OK;
JSCompartment *compartment = js::GetContextCompartment(cx);
// The context should always be in a compartment, either one it has entered
// or the one associated with its global.
MOZ_ASSERT(!!compartment);
JSPrincipals *principals = JS_GetCompartmentPrincipals(compartment);
return nsJSPrincipals::get(principals);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
NS_IMETHODIMP
nsScriptSecurityManager::GetObjectPrincipal(JSContext *aCx, JSObject *aObj,
nsIPrincipal **result)
{
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 12:51:01 -08:00
*result = doGetObjectPrincipal(aObj);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (!*result)
return NS_ERROR_FAILURE;
NS_ADDREF(*result);
return NS_OK;
}
// static
nsIPrincipal*
Bug 754202 - Pull object principals directly off the compartment and assert that behavior doesn't change. r=bz
2012-06-28 14:47:55 -07:00
nsScriptSecurityManager::doGetObjectPrincipal(JSObject *aObj)
{
JSCompartment *compartment = js::GetObjectCompartment(aObj);
JSPrincipals *principals = JS_GetCompartmentPrincipals(compartment);
nsIPrincipal *principal = nsJSPrincipals::get(principals);
// We leave the old code in for a little while to make sure that pulling
// object principals directly off the compartment always gives an equivalent
// result (from a security perspective).
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
#ifdef DEBUG
Bug 754202 - Pull object principals directly off the compartment and assert that behavior doesn't change. r=bz
2012-06-28 14:47:55 -07:00
nsIPrincipal *old = old_doGetObjectPrincipal(aObj);
MOZ_ASSERT(NS_SUCCEEDED(CheckSameOriginPrincipal(principal, old)));
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
#endif
Bug 754202 - Pull object principals directly off the compartment and assert that behavior doesn't change. r=bz
2012-06-28 14:47:55 -07:00
return principal;
}
#ifdef DEBUG
// static
nsIPrincipal*
nsScriptSecurityManager::old_doGetObjectPrincipal(JSObject *aObj,
bool aAllowShortCircuit)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
Fixing bustage.
2008-01-29 13:11:24 -08:00
NS_ASSERTION(aObj, "Bad call to doGetObjectPrincipal()!");
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsIPrincipal* result = nsnull;
JSObject* origObj = aObj;
Remove jsobj.h from installed headers, bug 690943. r=luke
2011-10-04 07:06:54 -07:00
js::Class *jsClass = js::GetObjectClass(aObj);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
// A common case seen in this code is that we enter this function
// with aObj being a Function object, whose parent is a Call
// object. Neither of those have object principals, so we can skip
// those objects here before we enter the below loop. That way we
// avoid wasting time checking properties of their classes etc in
// the loop.
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
Bug 684110 - Clean JSObject::clasp usage (r=pbiggar)
2011-09-02 17:23:26 -07:00
if (jsClass == &js::FunctionClass) {
Remove jsobj.h from installed headers, bug 690943. r=luke
2011-10-04 07:06:54 -07:00
aObj = js::GetObjectParent(aObj);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
if (!aObj)
return nsnull;
Remove jsobj.h from installed headers, bug 690943. r=luke
2011-10-04 07:06:54 -07:00
jsClass = js::GetObjectClass(aObj);
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
Bug 684110 - Clean JSObject::clasp usage (r=pbiggar)
2011-09-02 17:23:26 -07:00
if (jsClass == &js::CallClass) {
Move scope chains of scope objects to reserved slots, bug 694247.
2011-10-12 22:29:43 -07:00
aObj = js::GetObjectParentMaybeScope(aObj);
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
if (!aObj)
return nsnull;
Remove jsobj.h from installed headers, bug 690943. r=luke
2011-10-04 07:06:54 -07:00
jsClass = js::GetObjectClass(aObj);
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
}
}
do {
// Note: jsClass is set before this loop, and also at the
// *end* of this loop.
Fix for bug 482788 (Lightweight DOM wrappers). r=jst, sr=mrbkap.
2009-05-12 13:20:42 -07:00
Fix for bug 590612 (Speed up js-wrapping in classinfo when we already have a wrapper). r=bz, a=jst.
2010-08-28 01:04:25 -07:00
if (IS_WRAPPER_CLASS(jsClass)) {
Fix for bug 482788 (Lightweight DOM wrappers). r=jst, sr=mrbkap.
2009-05-12 13:20:42 -07:00
result = sXPConnect->GetPrincipal(aObj,
Bug 754202 - Pull object principals directly off the compartment and assert that behavior doesn't change. r=bz
2012-06-28 14:47:55 -07:00
aAllowShortCircuit);
Fix for bug 482788 (Lightweight DOM wrappers). r=jst, sr=mrbkap.
2009-05-12 13:20:42 -07:00
if (result) {
break;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
Fix for bug 740069 (Generate JS bindings in C++ with a python script for DOM objects on the main thread and in workers. Infrastructure and new bindings for XMLHttpRequest). Patch by bent/bz/bholley/jst/khuey/peterv, r=bent/bz/bholley/jlebar/khuey/peterv/sicking/smaug. --HG-- rename : js/xpconnect/tests/mochitest/test_bug462428.html => dom/bindings/test/test_lookupGetter.html
2012-03-30 21:42:20 -07:00
} else {
nsISupports *priv;
if (!(~jsClass->flags & (JSCLASS_HAS_PRIVATE |
JSCLASS_PRIVATE_IS_NSISUPPORTS))) {
priv = (nsISupports *) js::GetObjectPrivate(aObj);
Bug 761707 part 2. Drop the vestigial jsclass argument to UnwrapDOMObject. r=bholley
2012-06-06 12:59:46 -07:00
} else if (IsDOMClass(jsClass) &&
Bug 742217. Reduce the use of nested namespaces in our binding code. r=peterv,bent In the new setup, all per-interface DOM binding files are exported into mozilla/dom. General files not specific to an interface are also exported into mozilla/dom. In terms of namespaces, most things now live in mozilla::dom. Each interface Foo that has generated code has a mozilla::dom::FooBinding namespace for said generated code (and possibly a mozilla::bindings::FooBinding_workers if there's separate codegen for workers). IDL enums are a bit weird: since the name of the enum and the names of its entries all end up in the same namespace, we still generate a C++ namespace with the name of the IDL enum type with "Values" appended to it, with a ::valuelist inside for the actual C++ enum. We then typedef EnumFooValues::valuelist to EnumFoo. That makes it a bit more difficult to refer to the values, but means that values from different enums don't collide with each other. The enums with the proto and constructor IDs in them now live under the mozilla::dom::prototypes and mozilla::dom::constructors namespaces respectively. Again, this lets us deal sanely with the whole "enum value names are flattened into the namespace the enum is in" deal. The main benefit of this setup (and the reason "Binding" got appended to the per-interface namespaces) is that this way "using mozilla::dom" should Just Work for consumers and still allow C++ code to sanely use the IDL interface names for concrete classes, which is fairly desirable. --HG-- rename : dom/bindings/Utils.cpp => dom/bindings/BindingUtils.cpp rename : dom/bindings/Utils.h => dom/bindings/BindingUtils.h
2012-05-02 21:35:38 -07:00
DOMJSClass::FromJSClass(jsClass)->mDOMObjectIsISupports) {
Bug 761707 part 2. Drop the vestigial jsclass argument to UnwrapDOMObject. r=bholley
2012-06-06 12:59:46 -07:00
priv = UnwrapDOMObject<nsISupports>(aObj);
Fix for bug 740069 (Generate JS bindings in C++ with a python script for DOM objects on the main thread and in workers. Infrastructure and new bindings for XMLHttpRequest). Patch by bent/bz/bholley/jst/khuey/peterv, r=bent/bz/bholley/jlebar/khuey/peterv/sicking/smaug. --HG-- rename : js/xpconnect/tests/mochitest/test_bug462428.html => dom/bindings/test/test_lookupGetter.html
2012-03-30 21:42:20 -07:00
} else {
priv = nsnull;
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
if (aAllowShortCircuit) {
nsCOMPtr<nsIXPConnectWrappedNative> xpcWrapper =
do_QueryInterface(priv);
XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner
2007-12-21 11:06:29 -08:00
NS_ASSERTION(!xpcWrapper ||
!strcmp(jsClass->name, "XPCNativeWrapper"),
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
"Uh, an nsIXPConnectWrappedNative with the "
"wrong JSClass or getObjectOps hooks!");
}
nsCOMPtr<nsIScriptObjectPrincipal> objPrin =
do_QueryInterface(priv);
if (objPrin) {
result = objPrin->GetPrincipal();
if (result) {
break;
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
}
Move scope chains of scope objects to reserved slots, bug 694247.
2011-10-12 22:29:43 -07:00
aObj = js::GetObjectParentMaybeScope(aObj);
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
if (!aObj)
break;
Remove jsobj.h from installed headers, bug 690943. r=luke
2011-10-04 07:06:54 -07:00
jsClass = js::GetObjectClass(aObj);
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
} while (1);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
Bug 580128 - Always wrap Location objects in wrappers, even for same origin. r=mrbkap/gal
2010-09-29 10:00:52 -07:00
if (aAllowShortCircuit) {
Bug 754202 - Pull object principals directly off the compartment and assert that behavior doesn't change. r=bz
2012-06-28 14:47:55 -07:00
nsIPrincipal *principal = old_doGetObjectPrincipal(origObj, false);
Bug 580128 - Always wrap Location objects in wrappers, even for same origin. r=mrbkap/gal
2010-09-29 10:00:52 -07:00
Bug 700561 - Relax short-circuit principal checks on account of inner window reuse. r=bz
2012-02-18 08:55:28 -08:00
// Because of inner window reuse, we can have objects with one principal
// living in a scope with a different (but same-origin) principal. So
// just check same-origin here.
NS_ASSERTION(NS_SUCCEEDED(CheckSameOriginPrincipal(result, principal)),
Bug 580128 - Always wrap Location objects in wrappers, even for same origin. r=mrbkap/gal
2010-09-29 10:00:52 -07:00
"Principal mismatch. Not good");
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return result;
}
Bug 754202 - Pull object principals directly off the compartment and assert that behavior doesn't change. r=bz
2012-06-28 14:47:55 -07:00
#endif /* DEBUG */
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
///////////////// Capabilities API /////////////////////
NS_IMETHODIMP
nsScriptSecurityManager::IsCapabilityEnabled(const char *capability,
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool *result)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
nsresult rv;
JSStackFrame *fp = nsnull;
JSContext *cx = GetCurrentJSContext();
fp = cx ? JS_FrameIterator(cx, &fp) : nsnull;
Fix bug 614151. r=jst@mozilla.com, a=blocker
2010-12-28 11:21:30 -08:00
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (!fp)
{
Bug 754202 - Check principal in IsCapabilityEnabled when there's no code on the stack. r=mrbkap
2012-06-28 14:47:55 -07:00
// No script code on stack. Allow access if and only if the subject
// principal is system.
nsresult ignored;
nsIPrincipal *subjectPrin = doGetSubjectPrincipal(&ignored);
*result = (!subjectPrin || subjectPrin == mSystemPrincipal);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return NS_OK;
}
Fix bug 614151. r=jst@mozilla.com, a=blocker
2010-12-28 11:21:30 -08:00
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
*result = false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsIPrincipal* previousPrincipal = nsnull;
do
{
nsIPrincipal* principal = GetFramePrincipal(cx, fp, &rv);
if (NS_FAILED(rv))
return rv;
if (!principal)
continue;
// If caller has a different principal, stop looking up the stack.
if(previousPrincipal)
{
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool isEqual = false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if(NS_FAILED(previousPrincipal->Equals(principal, &isEqual)) || !isEqual)
break;
}
else
previousPrincipal = principal;
// First check if the principal is even able to enable the
// given capability. If not, don't look any further.
PRInt16 canEnable;
rv = principal->CanEnableCapability(capability, &canEnable);
if (NS_FAILED(rv)) return rv;
if (canEnable != nsIPrincipal::ENABLE_GRANTED &&
canEnable != nsIPrincipal::ENABLE_WITH_USER_PERMISSION)
return NS_OK;
// Now see if the capability is enabled.
void *annotation = JS_GetFrameAnnotation(cx, fp);
rv = principal->IsCapabilityEnabled(capability, annotation, result);
if (NS_FAILED(rv)) return rv;
if (*result)
return NS_OK;
Bug 645160 - jsdIStackFrame is incorrectly truncated at indirect eval calls. r=mrbkap.
2011-05-11 09:11:40 -07:00
// Capabilities do not extend to calls into C/C++ and then back into
// the JS engine via JS_EvaluateScript or similar APIs.
if (JS_IsGlobalFrame(cx, fp))
break;
Bug 754202 - Remove mContextPrincipal usage from within nsScriptSecurityManager. r=mrbkap
2012-06-28 14:47:55 -07:00
} while ((fp = JS_FrameIterator(cx, &fp)) != nsnull);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (!previousPrincipal)
{
// No principals on the stack, all native code. Allow
// execution if the subject principal is the system principal.
return SubjectPrincipalIsSystem(result);
}
return NS_OK;
}
void
nsScriptSecurityManager::FormatCapabilityString(nsAString& aCapability)
{
nsAutoString newcaps;
nsAutoString rawcap;
NS_NAMED_LITERAL_STRING(capdesc, "capdesc.");
PRInt32 pos;
PRInt32 index = kNotFound;
nsresult rv;
NS_ASSERTION(kNotFound == -1, "Basic constant changed, algorithm broken!");
do {
pos = index+1;
index = aCapability.FindChar(' ', pos);
rawcap = Substring(aCapability, pos,
(index == kNotFound) ? index : index - pos);
nsXPIDLString capstr;
rv = sStrBundle->GetStringFromName(
nsPromiseFlatString(capdesc+rawcap).get(),
getter_Copies(capstr));
if (NS_SUCCEEDED(rv))
newcaps += capstr;
else
{
nsXPIDLString extensionCap;
const PRUnichar* formatArgs[] = { rawcap.get() };
rv = sStrBundle->FormatStringFromName(
NS_LITERAL_STRING("ExtensionCapability").get(),
formatArgs,
Bug 693469 - Implement mozilla::ArrayLength and mozilla::ArrayEnd, and replace uses of NS_ARRAY_LENGTH whenever possible. (Exceptions: assigning to static initializers, use in static assertions, as template parameters, etc. These will go away when the relevant compilers have C++11 constexpr support.) r=cjones --HG-- extra : rebase_source : b4bae9a0f85abf2feb828609b50e756916b99a6f
2011-10-10 22:50:08 -07:00
ArrayLength(formatArgs),
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
getter_Copies(extensionCap));
if (NS_SUCCEEDED(rv))
newcaps += extensionCap;
else
newcaps += rawcap;
}
newcaps += NS_LITERAL_STRING("\n");
} while (index != kNotFound);
aCapability = newcaps;
}
NS_IMETHODIMP
nsScriptSecurityManager::RequestCapability(nsIPrincipal* aPrincipal,
const char *capability, PRInt16* canEnable)
{
if (NS_FAILED(aPrincipal->CanEnableCapability(capability, canEnable)))
return NS_ERROR_FAILURE;
Bug 750859 - Kill the CAPS confirm dialog. r=bz This will break addons using enablePrivilege, but that's going away too. We've been warning for many releases now, so it's time to bite the bullet.
2012-05-02 14:57:34 -07:00
// The confirm dialog is no longer supported. All of this stuff is going away
// real soon now anyhow.
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (*canEnable == nsIPrincipal::ENABLE_WITH_USER_PERMISSION)
Bug 750859 - Kill the CAPS confirm dialog. r=bz This will break addons using enablePrivilege, but that's going away too. We've been warning for many releases now, so it's time to bite the bullet.
2012-05-02 14:57:34 -07:00
*canEnable = nsIPrincipal::ENABLE_DENIED;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::EnableCapability(const char *capability)
{
JSContext *cx = GetCurrentJSContext();
JSStackFrame *fp;
//-- Error checks for capability string length (200)
if(PL_strlen(capability)>200)
{
static const char msg[] = "Capability name too long";
SetPendingException(cx, msg);
return NS_ERROR_FAILURE;
}
//-- Check capability string for valid characters
//
// Logically we might have wanted this in nsPrincipal, but performance
// worries dictate it can't go in IsCapabilityEnabled() and we may have
// to show the capability on a dialog before we call the principal's
// EnableCapability().
//
// We don't need to validate the capability string on the other APIs
// available to web content. Without the ability to enable junk then
// isPrivilegeEnabled, disablePrivilege, and revertPrivilege all do
// the right thing (effectively nothing) when passed unallowed chars.
for (const char *ch = capability; *ch; ++ch)
{
if (!NS_IS_ALPHA(*ch) && *ch != ' ' && !NS_IS_DIGIT(*ch)
&& *ch != '_' && *ch != '-' && *ch != '.')
{
static const char msg[] = "Invalid character in capability name";
SetPendingException(cx, msg);
return NS_ERROR_FAILURE;
}
}
nsresult rv;
nsIPrincipal* principal = GetPrincipalAndFrame(cx, &fp, &rv);
if (NS_FAILED(rv))
return rv;
if (!principal)
return NS_ERROR_NOT_AVAILABLE;
void *annotation = JS_GetFrameAnnotation(cx, fp);
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool enabled;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_FAILED(principal->IsCapabilityEnabled(capability, annotation,
&enabled)))
return NS_ERROR_FAILURE;
if (enabled)
return NS_OK;
PRInt16 canEnable;
if (NS_FAILED(RequestCapability(principal, capability, &canEnable)))
return NS_ERROR_FAILURE;
if (canEnable != nsIPrincipal::ENABLE_GRANTED)
{
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-18 17:27:56 -07:00
nsCAutoString val;
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool hasCert;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsresult rv;
principal->GetHasCertificate(&hasCert);
if (hasCert)
rv = principal->GetPrettyName(val);
else
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-18 17:27:56 -07:00
rv = GetPrincipalDomainOrigin(principal, val);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_FAILED(rv))
return rv;
NS_ConvertUTF8toUTF16 location(val);
NS_ConvertUTF8toUTF16 cap(capability);
const PRUnichar *formatStrings[] = { location.get(), cap.get() };
nsXPIDLString message;
rv = sStrBundle->FormatStringFromName(NS_LITERAL_STRING("EnableCapabilityDenied").get(),
formatStrings,
Bug 693469 - Implement mozilla::ArrayLength and mozilla::ArrayEnd, and replace uses of NS_ARRAY_LENGTH whenever possible. (Exceptions: assigning to static initializers, use in static assertions, as template parameters, etc. These will go away when the relevant compilers have C++11 constexpr support.) r=cjones --HG-- extra : rebase_source : b4bae9a0f85abf2feb828609b50e756916b99a6f
2011-10-10 22:50:08 -07:00
ArrayLength(formatStrings),
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
getter_Copies(message));
if (NS_FAILED(rv))
return rv;
SetPendingException(cx, message.get());
return NS_ERROR_FAILURE; // XXX better error code?
}
if (NS_FAILED(principal->EnableCapability(capability, &annotation)))
return NS_ERROR_FAILURE;
JS_SetFrameAnnotation(cx, fp, annotation);
return NS_OK;
}
////////////////////////////////////////////////
// Methods implementing nsIXPCSecurityManager //
////////////////////////////////////////////////
NS_IMETHODIMP
nsScriptSecurityManager::CanCreateWrapper(JSContext *cx,
const nsIID &aIID,
nsISupports *aObj,
nsIClassInfo *aClassInfo,
void **aPolicy)
{
#ifdef DEBUG_CAPS_CanCreateWrapper
char* iidStr = aIID.ToString();
printf("### CanCreateWrapper(%s) ", iidStr);
Bug 392526. Some callers of nsID::ToString use a mismatched allocator to free the string. r=bsmedberg
2009-07-29 10:54:44 -07:00
NS_Free(iidStr);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
#endif
// XXX Special case for nsIXPCException ?
ClassInfoData objClassInfo = ClassInfoData(aClassInfo, nsnull);
if (objClassInfo.IsDOMClass())
{
#ifdef DEBUG_CAPS_CanCreateWrapper
printf("DOM class - GRANTED.\n");
#endif
return NS_OK;
}
//--See if the object advertises a non-default level of access
// using nsISecurityCheckedComponent
nsCOMPtr<nsISecurityCheckedComponent> checkedComponent =
do_QueryInterface(aObj);
nsXPIDLCString objectSecurityLevel;
if (checkedComponent)
checkedComponent->CanCreateWrapper((nsIID *)&aIID, getter_Copies(objectSecurityLevel));
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
nsresult rv = CheckXPCPermissions(cx, aObj, nsnull, nsnull, objectSecurityLevel);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_FAILED(rv))
{
//-- Access denied, report an error
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
NS_ConvertUTF8toUTF16 strName("CreateWrapperDenied");
nsCAutoString origin;
nsresult rv2;
nsIPrincipal* subjectPrincipal = doGetSubjectPrincipal(&rv2);
if (NS_SUCCEEDED(rv2) && subjectPrincipal) {
GetPrincipalDomainOrigin(subjectPrincipal, origin);
}
NS_ConvertUTF8toUTF16 originUnicode(origin);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
NS_ConvertUTF8toUTF16 className(objClassInfo.GetName());
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
const PRUnichar* formatStrings[] = {
className.get(),
originUnicode.get()
};
Bug 693469 - Implement mozilla::ArrayLength and mozilla::ArrayEnd, and replace uses of NS_ARRAY_LENGTH whenever possible. (Exceptions: assigning to static initializers, use in static assertions, as template parameters, etc. These will go away when the relevant compilers have C++11 constexpr support.) r=cjones --HG-- extra : rebase_source : b4bae9a0f85abf2feb828609b50e756916b99a6f
2011-10-10 22:50:08 -07:00
PRUint32 length = ArrayLength(formatStrings);
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
if (originUnicode.IsEmpty()) {
--length;
} else {
strName.AppendLiteral("ForOrigin");
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsXPIDLString errorMsg;
// We need to keep our existing failure rv and not override it
// with a likely success code from the following string bundle
// call in order to throw the correct security exception later.
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
rv2 = sStrBundle->FormatStringFromName(strName.get(),
formatStrings,
length,
getter_Copies(errorMsg));
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
NS_ENSURE_SUCCESS(rv2, rv2);
SetPendingException(cx, errorMsg.get());
#ifdef DEBUG_CAPS_CanCreateWrapper
printf("DENIED.\n");
}
else
{
printf("GRANTED.\n");
#endif
}
return rv;
}
NS_IMETHODIMP
nsScriptSecurityManager::CanCreateInstance(JSContext *cx,
const nsCID &aCID)
{
#ifdef DEBUG_CAPS_CanCreateInstance
char* cidStr = aCID.ToString();
printf("### CanCreateInstance(%s) ", cidStr);
Bug 392526. Some callers of nsID::ToString use a mismatched allocator to free the string. r=bsmedberg
2009-07-29 10:54:44 -07:00
NS_Free(cidStr);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
#endif
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
nsresult rv = CheckXPCPermissions(nsnull, nsnull, nsnull, nsnull, nsnull);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_FAILED(rv))
{
//-- Access denied, report an error
nsCAutoString errorMsg("Permission denied to create instance of class. CID=");
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-11 20:30:42 -08:00
char cidStr[NSID_LENGTH];
aCID.ToProvidedString(cidStr);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
errorMsg.Append(cidStr);
SetPendingException(cx, errorMsg.get());
#ifdef DEBUG_CAPS_CanCreateInstance
printf("DENIED\n");
}
else
{
printf("GRANTED\n");
#endif
}
return rv;
}
NS_IMETHODIMP
nsScriptSecurityManager::CanGetService(JSContext *cx,
const nsCID &aCID)
{
#ifdef DEBUG_CAPS_CanGetService
char* cidStr = aCID.ToString();
printf("### CanGetService(%s) ", cidStr);
Bug 392526. Some callers of nsID::ToString use a mismatched allocator to free the string. r=bsmedberg
2009-07-29 10:54:44 -07:00
NS_Free(cidStr);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
#endif
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
nsresult rv = CheckXPCPermissions(nsnull, nsnull, nsnull, nsnull, nsnull);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_FAILED(rv))
{
//-- Access denied, report an error
nsCAutoString errorMsg("Permission denied to get service. CID=");
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-11 20:30:42 -08:00
char cidStr[NSID_LENGTH];
aCID.ToProvidedString(cidStr);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
errorMsg.Append(cidStr);
SetPendingException(cx, errorMsg.get());
#ifdef DEBUG_CAPS_CanGetService
printf("DENIED\n");
}
else
{
printf("GRANTED\n");
#endif
}
return rv;
}
NS_IMETHODIMP
nsScriptSecurityManager::CanAccess(PRUint32 aAction,
Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep
2008-01-15 07:50:57 -08:00
nsAXPCNativeCallContext* aCallContext,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
JSContext* cx,
JSObject* aJSObject,
nsISupports* aObj,
nsIClassInfo* aClassInfo,
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
jsid aPropertyName,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
void** aPolicy)
{
return CheckPropertyAccessImpl(aAction, aCallContext, cx,
Bug 774585: Remove unused argument in nsScriptSecurityManager. r=mrbkap
2012-07-17 22:28:47 -07:00
aJSObject, aObj, aClassInfo,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsnull, aPropertyName, aPolicy);
}
nsresult
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
nsScriptSecurityManager::CheckXPCPermissions(JSContext* cx,
nsISupports* aObj, JSObject* aJSObject,
Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky
2009-05-13 15:01:01 -07:00
nsIPrincipal* aSubjectPrincipal,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
const char* aObjectSecurityLevel)
{
//-- Check for the all-powerful UniversalXPConnect privilege
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool ok = false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_SUCCEEDED(IsCapabilityEnabled("UniversalXPConnect", &ok)) && ok)
return NS_OK;
//-- If the object implements nsISecurityCheckedComponent, it has a non-default policy.
if (aObjectSecurityLevel)
{
if (PL_strcasecmp(aObjectSecurityLevel, "allAccess") == 0)
return NS_OK;
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
if (cx && PL_strcasecmp(aObjectSecurityLevel, "sameOrigin") == 0)
Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky
2009-05-13 15:01:01 -07:00
{
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
nsresult rv;
if (!aJSObject)
{
nsCOMPtr<nsIXPConnectWrappedJS> xpcwrappedjs =
do_QueryInterface(aObj);
if (xpcwrappedjs)
{
rv = xpcwrappedjs->GetJSObject(&aJSObject);
NS_ENSURE_SUCCESS(rv, rv);
}
}
Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky
2009-05-13 15:01:01 -07:00
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
if (!aSubjectPrincipal)
Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky
2009-05-13 15:01:01 -07:00
{
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
// No subject principal passed in. Compute it.
aSubjectPrincipal = GetSubjectPrincipal(cx, &rv);
Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky
2009-05-13 15:01:01 -07:00
NS_ENSURE_SUCCESS(rv, rv);
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
}
if (aSubjectPrincipal && aJSObject)
{
nsIPrincipal* objectPrincipal = doGetObjectPrincipal(aJSObject);
// Only do anything if we have both a subject and object
// principal.
if (objectPrincipal)
{
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool subsumes;
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
rv = aSubjectPrincipal->Subsumes(objectPrincipal, &subsumes);
NS_ENSURE_SUCCESS(rv, rv);
if (subsumes)
return NS_OK;
}
Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky
2009-05-13 15:01:01 -07:00
}
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
else if (PL_strcasecmp(aObjectSecurityLevel, "noAccess") != 0)
{
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool canAccess = false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_SUCCEEDED(IsCapabilityEnabled(aObjectSecurityLevel, &canAccess)) &&
canAccess)
return NS_OK;
}
}
//-- Access tests failed
return NS_ERROR_DOM_XPCONNECT_ACCESS_DENIED;
}
/////////////////////////////////////////////
// Method implementing nsIChannelEventSink //
/////////////////////////////////////////////
NS_IMETHODIMP
Bug 546606 - Make redirect API async - part 2; r=honzab.moz,cbiesinger,bjarne,jst sr=jst
2010-08-04 19:15:55 -07:00
nsScriptSecurityManager::AsyncOnChannelRedirect(nsIChannel* oldChannel,
nsIChannel* newChannel,
PRUint32 redirFlags,
nsIAsyncVerifyRedirectCallback *cb)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
nsCOMPtr<nsIPrincipal> oldPrincipal;
GetChannelPrincipal(oldChannel, getter_AddRefs(oldPrincipal));
nsCOMPtr<nsIURI> newURI;
newChannel->GetURI(getter_AddRefs(newURI));
Bug 460425. Do better security checks during redirection. r=sicking,biesi, sr=sicking
2008-11-25 17:50:04 -08:00
nsCOMPtr<nsIURI> newOriginalURI;
newChannel->GetOriginalURI(getter_AddRefs(newOriginalURI));
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
Bug 460425. Do better security checks during redirection. r=sicking,biesi, sr=sicking
2008-11-25 17:50:04 -08:00
NS_ENSURE_STATE(oldPrincipal && newURI && newOriginalURI);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
const PRUint32 flags =
nsIScriptSecurityManager::LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT |
nsIScriptSecurityManager::DISALLOW_SCRIPT;
Bug 460425. Do better security checks during redirection. r=sicking,biesi, sr=sicking
2008-11-25 17:50:04 -08:00
nsresult rv = CheckLoadURIWithPrincipal(oldPrincipal, newURI, flags);
if (NS_SUCCEEDED(rv) && newOriginalURI != newURI) {
rv = CheckLoadURIWithPrincipal(oldPrincipal, newOriginalURI, flags);
}
Bug 546606 - Make redirect API async - part 2; r=honzab.moz,cbiesinger,bjarne,jst sr=jst
2010-08-04 19:15:55 -07:00
if (NS_FAILED(rv))
return rv;
cb->OnRedirectVerifyCallback(NS_OK);
return NS_OK;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
/////////////////////////////////////
// Method implementing nsIObserver //
/////////////////////////////////////
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
const char sJSEnabledPrefName[] = "javascript.enabled";
const char sFileOriginPolicyPrefName[] =
"security.fileuri.strict_origin_policy";
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
static const char sPrincipalPrefix[] = "capability.principal";
static const char sPolicyPrefix[] = "capability.policy.";
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
static const char* kObservedPrefs[] = {
sJSEnabledPrefName,
sFileOriginPolicyPrefName,
sPolicyPrefix,
sPrincipalPrefix,
nsnull
};
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
NS_IMETHODIMP
nsScriptSecurityManager::Observe(nsISupports* aObject, const char* aTopic,
const PRUnichar* aMessage)
{
nsresult rv = NS_OK;
NS_ConvertUTF16toUTF8 messageStr(aMessage);
const char *message = messageStr.get();
static const char jsPrefix[] = "javascript.";
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 00:02:57 -07:00
static const char securityPrefix[] = "security.";
if ((PL_strncmp(message, jsPrefix, sizeof(jsPrefix)-1) == 0) ||
(PL_strncmp(message, securityPrefix, sizeof(securityPrefix)-1) == 0) )
{
ScriptSecurityPrefChanged();
}
else if (PL_strncmp(message, sPolicyPrefix, sizeof(sPolicyPrefix)-1) == 0)
{
// This will force re-initialization of the pref table
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
mPolicyPrefsChanged = true;
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 00:02:57 -07:00
}
else if ((PL_strncmp(message, sPrincipalPrefix, sizeof(sPrincipalPrefix)-1) == 0) &&
!mIsWritingPrefs)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
static const char id[] = "id";
char* lastDot = PL_strrchr(message, '.');
//-- This check makes sure the string copy below doesn't overwrite its bounds
if(PL_strlen(lastDot) >= sizeof(id))
{
PL_strcpy(lastDot + 1, id);
const char** idPrefArray = (const char**)&message;
Bug 564048 - Nix security checks in nsPrefBranch. r=sicking, sr=jst
2010-06-08 16:43:54 -07:00
rv = InitPrincipals(1, idPrefArray);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
}
return rv;
}
/////////////////////////////////////////////
// Constructor, Destructor, Initialization //
/////////////////////////////////////////////
nsScriptSecurityManager::nsScriptSecurityManager(void)
: mOriginToPolicyMap(nsnull),
mDefaultPolicy(nsnull),
mCapabilities(nsnull),
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
mPrefInitialized(false),
mIsJavaScriptEnabled(false),
mIsWritingPrefs(false),
mPolicyPrefsChanged(true)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
Bug 740688 - Use uintptr_t instead of PRUword, and intptr_t instead of PRWord. r=jwalden --HG-- extra : rebase_source : 648a581323d2c2893df780f71fe34dadcc4bbaab
2012-04-11 17:17:44 -07:00
MOZ_STATIC_ASSERT(sizeof(intptr_t) == sizeof(void*),
"intptr_t and void* have different lengths on this platform. "
"This may cause a security failure with the SecurityLevel union.");
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
mPrincipals.Init(31);
}
nsresult nsScriptSecurityManager::Init()
{
Fix for bug 560199 (Link XPConnect and caps into layout). r=jst. --HG-- extra : rebase_source : 5141822e9d560019ffc1e0cb0264782aa8aa7a99
2010-04-11 06:55:24 -07:00
nsXPConnect* xpconnect = nsXPConnect::GetXPConnect();
if (!xpconnect)
return NS_ERROR_FAILURE;
Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap
2008-10-14 07:16:25 -07:00
Fix for bug 560199 (Link XPConnect and caps into layout). r=jst. --HG-- extra : rebase_source : 5141822e9d560019ffc1e0cb0264782aa8aa7a99
2010-04-11 06:55:24 -07:00
NS_ADDREF(sXPConnect = xpconnect);
NS_ADDREF(sJSContextStack = xpconnect);
Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap
2008-10-14 07:16:25 -07:00
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
JSContext* cx = GetSafeJSContext();
if (!cx) return NS_ERROR_FAILURE; // this can happen of xpt loading fails
::JS_BeginRequest(cx);
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
if (sEnabledID == JSID_VOID)
Bug 654301: Better interned string API, take 2. (r=Waldo)
2011-05-17 12:15:12 -07:00
sEnabledID = INTERNED_STRING_TO_JSID(cx, ::JS_InternString(cx, "enabled"));
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
::JS_EndRequest(cx);
Bug 412743 nsScriptSecurityManager::Init shouldn't treat failure of InitPrefs as fatal r=mrbkap sr=dveditz
2009-01-07 20:42:15 -08:00
InitPrefs();
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
Fix for bug 560199 (Link XPConnect and caps into layout). r=jst. --HG-- extra : rebase_source : 5141822e9d560019ffc1e0cb0264782aa8aa7a99
2010-04-11 06:55:24 -07:00
nsresult rv = CallGetService(NS_IOSERVICE_CONTRACTID, &sIOService);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
NS_ENSURE_SUCCESS(rv, rv);
Bug 564950 - Make more use of mozilla::services, r=surkov, jst, neil, smontagu, roc, joshmoz, gavin, shaver
2010-05-14 02:24:41 -07:00
nsCOMPtr<nsIStringBundleService> bundleService =
mozilla::services::GetStringBundleService();
if (!bundleService)
return NS_ERROR_FAILURE;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
rv = bundleService->CreateBundle("chrome://global/locale/security/caps.properties", &sStrBundle);
NS_ENSURE_SUCCESS(rv, rv);
// Create our system principal singleton
nsRefPtr<nsSystemPrincipal> system = new nsSystemPrincipal();
NS_ENSURE_TRUE(system, NS_ERROR_OUT_OF_MEMORY);
mSystemPrincipal = system;
//-- Register security check callback in the JS engine
// Currently this is used to control access to function.caller
nsCOMPtr<nsIJSRuntimeService> runtimeService =
Fix for bug 560199 (Link XPConnect and caps into layout). r=jst. --HG-- extra : rebase_source : 5141822e9d560019ffc1e0cb0264782aa8aa7a99
2010-04-11 06:55:24 -07:00
do_QueryInterface(sXPConnect, &rv);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
NS_ENSURE_SUCCESS(rv, rv);
rv = runtimeService->GetRuntime(&sRuntime);
NS_ENSURE_SUCCESS(rv, rv);
bug 728250 - remove JSPrincipals::codebase. r=:luke,:bz In just 2 cases where JSPrincipals::codebase is used it can be reconstructed from the values stored in the associated nsJSPrincipal. In addition the patch makes nsJSprincipals to inherit both from nsIPrincipal and JSPrincipals allowing to use static_cast to convert between nsIPrincipal and JSPrincipals pointers and to drop many cases of manual JSPrincipal reference counting.
2012-03-09 01:48:50 -08:00
static const JSSecurityCallbacks securityCallbacks = {
bug 515443 CSP no-eval support. r=mrbkap,brendan
2010-03-08 00:24:50 -08:00
CheckObjectAccess,
bug 728250 - remove JSPrincipals::codebase. r=:luke,:bz In just 2 cases where JSPrincipals::codebase is used it can be reconstructed from the values stored in the associated nsJSPrincipal. In addition the patch makes nsJSprincipals to inherit both from nsIPrincipal and JSPrincipals allowing to use static_cast to convert between nsIPrincipal and JSPrincipals pointers and to drop many cases of manual JSPrincipal reference counting.
2012-03-09 01:48:50 -08:00
nsJSPrincipals::Subsume,
ObjectPrincipalFinder,
Bug 754202 - Remove context pushing/popping API. r=mrbkap Each one of these uses grabs the principal off of an object for pushing, but also enters the compartment of that object. So we shouldn't need this anymore. Can I get a 'hell yeah'?
2012-06-28 14:47:55 -07:00
ContentSecurityPolicyPermitsJSAction
Bug 451731 - "Update caps, dom, xpconnect for Bug 451729 (checkObjectAccess moving to the JSContext)". r+sr=jst.
2008-09-05 16:26:04 -07:00
};
bug 728250 - remove JSPrincipals::codebase. r=:luke,:bz In just 2 cases where JSPrincipals::codebase is used it can be reconstructed from the values stored in the associated nsJSPrincipal. In addition the patch makes nsJSprincipals to inherit both from nsIPrincipal and JSPrincipals allowing to use static_cast to convert between nsIPrincipal and JSPrincipals pointers and to drop many cases of manual JSPrincipal reference counting.
2012-03-09 01:48:50 -08:00
MOZ_ASSERT(!JS_GetSecurityCallbacks(sRuntime));
JS_SetSecurityCallbacks(sRuntime, &securityCallbacks);
JS_InitDestroyPrincipalsCallback(sRuntime, nsJSPrincipals::Destroy);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
bug 728250 - remove JSPrincipals::codebase. r=:luke,:bz In just 2 cases where JSPrincipals::codebase is used it can be reconstructed from the values stored in the associated nsJSPrincipal. In addition the patch makes nsJSprincipals to inherit both from nsIPrincipal and JSPrincipals allowing to use static_cast to convert between nsIPrincipal and JSPrincipals pointers and to drop many cases of manual JSPrincipal reference counting.
2012-03-09 01:48:50 -08:00
JS_SetTrustedPrincipals(sRuntime, system);
Bug 667915 - Don't let content JS consume all the stack and cause chrome JS to OOM (r=waldo,mrbkap)
2011-06-30 09:26:56 -07:00
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return NS_OK;
}
Bug 766173 - Hold a strong ref to nsScriptSecurityManager, instead of hoping that it won't get addref'ed or released. r=bsmedberg --HG-- rename : mobile/android/base/resources/drawable/tabs_button_contracted.xml => mobile/android/base/resources/drawable/tabs_button.xml extra : rebase_source : 8f861c2298fd053a0e1f6deb6f9945040ea8db90
2012-06-19 10:20:34 -07:00
static nsRefPtr<nsScriptSecurityManager> gScriptSecMan;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
jsid nsScriptSecurityManager::sEnabledID = JSID_VOID;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsScriptSecurityManager::~nsScriptSecurityManager(void)
{
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
Preferences::RemoveObservers(this, kObservedPrefs);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
delete mOriginToPolicyMap;
if(mDefaultPolicy)
mDefaultPolicy->Drop();
delete mCapabilities;
}
void
nsScriptSecurityManager::Shutdown()
{
if (sRuntime) {
bug 728250 - remove JSPrincipals::codebase. r=:luke,:bz In just 2 cases where JSPrincipals::codebase is used it can be reconstructed from the values stored in the associated nsJSPrincipal. In addition the patch makes nsJSprincipals to inherit both from nsIPrincipal and JSPrincipals allowing to use static_cast to convert between nsIPrincipal and JSPrincipals pointers and to drop many cases of manual JSPrincipal reference counting.
2012-03-09 01:48:50 -08:00
JS_SetSecurityCallbacks(sRuntime, NULL);
Bug 667915 - Don't let content JS consume all the stack and cause chrome JS to OOM (r=waldo,mrbkap)
2011-06-30 09:26:56 -07:00
JS_SetTrustedPrincipals(sRuntime, NULL);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
sRuntime = nsnull;
}
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
sEnabledID = JSID_VOID;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
NS_IF_RELEASE(sIOService);
NS_IF_RELEASE(sXPConnect);
Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap
2008-10-14 07:16:25 -07:00
NS_IF_RELEASE(sJSContextStack);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
NS_IF_RELEASE(sStrBundle);
}
nsScriptSecurityManager *
nsScriptSecurityManager::GetScriptSecurityManager()
{
if (!gScriptSecMan)
{
Bug 766173 - Hold a strong ref to nsScriptSecurityManager, instead of hoping that it won't get addref'ed or released. r=bsmedberg --HG-- rename : mobile/android/base/resources/drawable/tabs_button_contracted.xml => mobile/android/base/resources/drawable/tabs_button.xml extra : rebase_source : 8f861c2298fd053a0e1f6deb6f9945040ea8db90
2012-06-19 10:20:34 -07:00
nsRefPtr<nsScriptSecurityManager> ssManager = new nsScriptSecurityManager();
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsresult rv;
rv = ssManager->Init();
NS_ASSERTION(NS_SUCCEEDED(rv), "Failed to initialize nsScriptSecurityManager");
if (NS_FAILED(rv)) {
return nsnull;
}
rv = sXPConnect->SetDefaultSecurityManager(ssManager,
nsIXPCSecurityManager::HOOK_ALL);
if (NS_FAILED(rv)) {
NS_WARNING("Failed to install xpconnect security manager!");
return nsnull;
}
Bug 766173 - Hold a strong ref to nsScriptSecurityManager, instead of hoping that it won't get addref'ed or released. r=bsmedberg --HG-- rename : mobile/android/base/resources/drawable/tabs_button_contracted.xml => mobile/android/base/resources/drawable/tabs_button.xml extra : rebase_source : 8f861c2298fd053a0e1f6deb6f9945040ea8db90
2012-06-19 10:20:34 -07:00
ClearOnShutdown(&gScriptSecMan);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
gScriptSecMan = ssManager;
}
return gScriptSecMan;
}
// Currently this nsGenericFactory constructor is used only from FastLoad
// (XPCOM object deserialization) code, when "creating" the system principal
// singleton.
nsSystemPrincipal *
nsScriptSecurityManager::SystemPrincipalSingletonConstructor()
{
nsIPrincipal *sysprin = nsnull;
if (gScriptSecMan)
NS_ADDREF(sysprin = gScriptSecMan->mSystemPrincipal);
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
return static_cast<nsSystemPrincipal*>(sysprin);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
nsresult
nsScriptSecurityManager::InitPolicies()
{
// Clear any policies cached on XPConnect wrappers
NS_ENSURE_STATE(sXPConnect);
nsresult rv = sXPConnect->ClearAllWrappedNativeSecurityPolicies();
if (NS_FAILED(rv)) return rv;
//-- Clear mOriginToPolicyMap: delete mapped DomainEntry items,
//-- whose dtor decrements refcount of stored DomainPolicy object
delete mOriginToPolicyMap;
//-- Marks all the survivor DomainPolicy objects (those cached
//-- by nsPrincipal objects) as invalid: they will be released
//-- on first nsPrincipal::GetSecurityPolicy() attempt.
DomainPolicy::InvalidateAll();
//-- Release old default policy
if(mDefaultPolicy) {
mDefaultPolicy->Drop();
mDefaultPolicy = nsnull;
}
//-- Initialize a new mOriginToPolicyMap
mOriginToPolicyMap =
new nsObjectHashtable(nsnull, nsnull, DeleteDomainEntry, nsnull);
if (!mOriginToPolicyMap)
return NS_ERROR_OUT_OF_MEMORY;
//-- Create, refcount and initialize a new default policy
mDefaultPolicy = new DomainPolicy();
if (!mDefaultPolicy)
return NS_ERROR_OUT_OF_MEMORY;
mDefaultPolicy->Hold();
if (!mDefaultPolicy->Init())
return NS_ERROR_UNEXPECTED;
//-- Initialize the table of security levels
if (!mCapabilities)
{
mCapabilities =
new nsObjectHashtable(nsnull, nsnull, DeleteCapability, nsnull);
if (!mCapabilities)
return NS_ERROR_OUT_OF_MEMORY;
}
// Get a JS context - we need it to create internalized strings later.
JSContext* cx = GetSafeJSContext();
NS_ASSERTION(cx, "failed to get JS context");
Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap
2008-10-14 07:16:25 -07:00
AutoCxPusher autoPusher(sJSContextStack, cx);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
rv = InitDomainPolicy(cx, "default", mDefaultPolicy);
NS_ENSURE_SUCCESS(rv, rv);
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
nsAdoptingCString policyNames =
Preferences::GetCString("capability.policy.policynames");
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
nsAdoptingCString defaultPolicyNames =
Preferences::GetCString("capability.policy.default_policynames");
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
policyNames += NS_LITERAL_CSTRING(" ") + defaultPolicyNames;
//-- Initialize domain policies
char* policyCurrent = policyNames.BeginWriting();
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool morePolicies = true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
while (morePolicies)
{
while(*policyCurrent == ' ' || *policyCurrent == ',')
policyCurrent++;
if (*policyCurrent == '\0')
break;
char* nameBegin = policyCurrent;
while(*policyCurrent != '\0' && *policyCurrent != ' ' && *policyCurrent != ',')
policyCurrent++;
morePolicies = (*policyCurrent != '\0');
*policyCurrent = '\0';
policyCurrent++;
nsCAutoString sitesPrefName(
NS_LITERAL_CSTRING(sPolicyPrefix) +
Bug 457299 - nsScriptSecurityManager doesn't suspend the request on the current context when it starts using the safe context. r+sr=bzbarsky
2008-10-08 15:05:25 -07:00
nsDependentCString(nameBegin) +
NS_LITERAL_CSTRING(".sites"));
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
nsAdoptingCString domainList =
Preferences::GetCString(sitesPrefName.get());
if (!domainList) {
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
continue;
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
DomainPolicy* domainPolicy = new DomainPolicy();
if (!domainPolicy)
return NS_ERROR_OUT_OF_MEMORY;
if (!domainPolicy->Init())
{
delete domainPolicy;
return NS_ERROR_UNEXPECTED;
}
domainPolicy->Hold();
//-- Parse list of sites and create an entry in mOriginToPolicyMap for each
char* domainStart = domainList.BeginWriting();
char* domainCurrent = domainStart;
char* lastDot = nsnull;
char* nextToLastDot = nsnull;
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool moreDomains = true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
while (moreDomains)
{
if (*domainCurrent == ' ' || *domainCurrent == '\0')
{
moreDomains = (*domainCurrent != '\0');
*domainCurrent = '\0';
nsCStringKey key(nextToLastDot ? nextToLastDot+1 : domainStart);
DomainEntry *newEntry = new DomainEntry(domainStart, domainPolicy);
if (!newEntry)
{
domainPolicy->Drop();
return NS_ERROR_OUT_OF_MEMORY;
}
#ifdef DEBUG
newEntry->mPolicyName_DEBUG = nameBegin;
#endif
DomainEntry *existingEntry = (DomainEntry *)
mOriginToPolicyMap->Get(&key);
if (!existingEntry)
mOriginToPolicyMap->Put(&key, newEntry);
else
{
if (existingEntry->Matches(domainStart))
{
newEntry->mNext = existingEntry;
mOriginToPolicyMap->Put(&key, newEntry);
}
else
{
while (existingEntry->mNext)
{
if (existingEntry->mNext->Matches(domainStart))
{
newEntry->mNext = existingEntry->mNext;
existingEntry->mNext = newEntry;
break;
}
existingEntry = existingEntry->mNext;
}
if (!existingEntry->mNext)
existingEntry->mNext = newEntry;
}
}
domainStart = domainCurrent + 1;
lastDot = nextToLastDot = nsnull;
}
else if (*domainCurrent == '.')
{
nextToLastDot = lastDot;
lastDot = domainCurrent;
}
domainCurrent++;
}
rv = InitDomainPolicy(cx, nameBegin, domainPolicy);
domainPolicy->Drop();
if (NS_FAILED(rv))
return rv;
}
// Reset the "dirty" flag
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
mPolicyPrefsChanged = false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
#ifdef DEBUG_CAPS_HACKER
PrintPolicyDB();
#endif
return NS_OK;
}
nsresult
nsScriptSecurityManager::InitDomainPolicy(JSContext* cx,
const char* aPolicyName,
DomainPolicy* aDomainPolicy)
{
nsresult rv;
nsCAutoString policyPrefix(NS_LITERAL_CSTRING(sPolicyPrefix) +
nsDependentCString(aPolicyName) +
NS_LITERAL_CSTRING("."));
PRUint32 prefixLength = policyPrefix.Length() - 1; // subtract the '.'
PRUint32 prefCount;
char** prefNames;
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
nsIPrefBranch* branch = Preferences::GetRootBranch();
NS_ASSERTION(branch, "failed to get the root pref branch");
rv = branch->GetChildList(policyPrefix.get(), &prefCount, &prefNames);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_FAILED(rv)) return rv;
if (prefCount == 0)
return NS_OK;
//-- Populate the policy
PRUint32 currentPref = 0;
for (; currentPref < prefCount; currentPref++)
{
// Get the class name
const char* start = prefNames[currentPref] + prefixLength + 1;
char* end = PL_strchr(start, '.');
if (!end) // malformed pref, bail on this one
continue;
static const char sitesStr[] = "sites";
// We dealt with "sites" in InitPolicies(), so no need to do
// that again...
if (PL_strncmp(start, sitesStr, sizeof(sitesStr)-1) == 0)
continue;
// Get the pref value
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
nsAdoptingCString prefValue =
Preferences::GetCString(prefNames[currentPref]);
if (!prefValue) {
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
continue;
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
SecurityLevel secLevel;
if (PL_strcasecmp(prefValue, "noAccess") == 0)
secLevel.level = SCRIPT_SECURITY_NO_ACCESS;
else if (PL_strcasecmp(prefValue, "allAccess") == 0)
secLevel.level = SCRIPT_SECURITY_ALL_ACCESS;
else if (PL_strcasecmp(prefValue, "sameOrigin") == 0)
secLevel.level = SCRIPT_SECURITY_SAME_ORIGIN_ACCESS;
else
{ //-- pref value is the name of a capability
nsCStringKey secLevelKey(prefValue);
secLevel.capability =
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
reinterpret_cast<char*>(mCapabilities->Get(&secLevelKey));
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (!secLevel.capability)
{
secLevel.capability = NS_strdup(prefValue);
if (!secLevel.capability)
break;
mCapabilities->Put(&secLevelKey,
secLevel.capability);
}
}
*end = '\0';
// Find or store this class in the classes table
ClassPolicy* cpolicy =
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
static_cast<ClassPolicy*>
(PL_DHashTableOperate(aDomainPolicy, start,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
PL_DHASH_ADD));
if (!cpolicy)
break;
// If this is the wildcard class (class '*'), save it in mWildcardPolicy
// (we leave it stored in the hashtable too to take care of the cleanup)
if ((*start == '*') && (end == start + 1)) {
aDomainPolicy->mWildcardPolicy = cpolicy;
// Make sure that cpolicy knows about aDomainPolicy so it can reset
// the mWildcardPolicy pointer as needed if it gets moved in the
// hashtable.
cpolicy->mDomainWeAreWildcardFor = aDomainPolicy;
}
// Get the property name
start = end + 1;
end = PL_strchr(start, '.');
if (end)
*end = '\0';
JSAutoRequest ar(cx);
JSString* propertyKey = ::JS_InternString(cx, start);
if (!propertyKey)
return NS_ERROR_OUT_OF_MEMORY;
// Store this property in the class policy
PropertyPolicy* ppolicy =
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
static_cast<PropertyPolicy*>
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
(PL_DHashTableOperate(cpolicy->mPolicy, propertyKey,
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
PL_DHASH_ADD));
if (!ppolicy)
break;
if (end) // The pref specifies an access mode
{
start = end + 1;
if (PL_strcasecmp(start, "set") == 0)
ppolicy->mSet = secLevel;
else
ppolicy->mGet = secLevel;
}
else
{
if (ppolicy->mGet.level == SCRIPT_SECURITY_UNDEFINED_ACCESS)
ppolicy->mGet = secLevel;
if (ppolicy->mSet.level == SCRIPT_SECURITY_UNDEFINED_ACCESS)
ppolicy->mSet = secLevel;
}
}
NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(prefCount, prefNames);
if (currentPref < prefCount) // Loop exited early because of out-of-memory error
return NS_ERROR_OUT_OF_MEMORY;
return NS_OK;
}
// XXXbz We should really just get a prefbranch to handle this...
nsresult
nsScriptSecurityManager::GetPrincipalPrefNames(const char* prefBase,
nsCString& grantedPref,
nsCString& deniedPref,
nsCString& subjectNamePref)
{
char* lastDot = PL_strrchr(prefBase, '.');
if (!lastDot) return NS_ERROR_FAILURE;
PRInt32 prefLen = lastDot - prefBase + 1;
grantedPref.Assign(prefBase, prefLen);
deniedPref.Assign(prefBase, prefLen);
subjectNamePref.Assign(prefBase, prefLen);
#define GRANTED "granted"
#define DENIED "denied"
#define SUBJECTNAME "subjectName"
grantedPref.AppendLiteral(GRANTED);
if (grantedPref.Length() != prefLen + sizeof(GRANTED) - 1) {
return NS_ERROR_OUT_OF_MEMORY;
}
deniedPref.AppendLiteral(DENIED);
if (deniedPref.Length() != prefLen + sizeof(DENIED) - 1) {
return NS_ERROR_OUT_OF_MEMORY;
}
subjectNamePref.AppendLiteral(SUBJECTNAME);
if (subjectNamePref.Length() != prefLen + sizeof(SUBJECTNAME) - 1) {
return NS_ERROR_OUT_OF_MEMORY;
}
#undef SUBJECTNAME
#undef DENIED
#undef GRANTED
return NS_OK;
}
nsresult
Bug 564048 - Nix security checks in nsPrefBranch. r=sicking, sr=jst
2010-06-08 16:43:54 -07:00
nsScriptSecurityManager::InitPrincipals(PRUint32 aPrefCount, const char** aPrefNames)
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
/* This is the principal preference syntax:
* capability.principal.[codebase|codebaseTrusted|certificate].<name>.[id|granted|denied]
* For example:
* user_pref("capability.principal.certificate.p1.id","12:34:AB:CD");
* user_pref("capability.principal.certificate.p1.granted","Capability1 Capability2");
* user_pref("capability.principal.certificate.p1.denied","Capability3");
*/
/* codebaseTrusted means a codebase principal that can enable capabilities even if
* codebase principals are disabled. Don't use trustedCodebase except with unspoofable
* URLs such as HTTPS URLs.
*/
static const char idSuffix[] = ".id";
for (PRUint32 c = 0; c < aPrefCount; c++)
{
PRInt32 prefNameLen = PL_strlen(aPrefNames[c]) -
Bug 693469 - Implement mozilla::ArrayLength and mozilla::ArrayEnd, and replace uses of NS_ARRAY_LENGTH whenever possible. (Exceptions: assigning to static initializers, use in static assertions, as template parameters, etc. These will go away when the relevant compilers have C++11 constexpr support.) r=cjones --HG-- extra : rebase_source : b4bae9a0f85abf2feb828609b50e756916b99a6f
2011-10-10 22:50:08 -07:00
(ArrayLength(idSuffix) - 1);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (PL_strcasecmp(aPrefNames[c] + prefNameLen, idSuffix) != 0)
continue;
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
nsAdoptingCString id = Preferences::GetCString(aPrefNames[c]);
if (!id) {
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
return NS_ERROR_FAILURE;
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
nsCAutoString grantedPrefName;
nsCAutoString deniedPrefName;
nsCAutoString subjectNamePrefName;
nsresult rv = GetPrincipalPrefNames(aPrefNames[c],
grantedPrefName,
deniedPrefName,
subjectNamePrefName);
if (rv == NS_ERROR_OUT_OF_MEMORY)
return rv;
if (NS_FAILED(rv))
continue;
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
nsAdoptingCString grantedList =
Preferences::GetCString(grantedPrefName.get());
nsAdoptingCString deniedList =
Preferences::GetCString(deniedPrefName.get());
nsAdoptingCString subjectName =
Preferences::GetCString(subjectNamePrefName.get());
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
//-- Delete prefs if their value is the empty string
if (id.IsEmpty() || (grantedList.IsEmpty() && deniedList.IsEmpty()))
{
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
Preferences::ClearUser(aPrefNames[c]);
Preferences::ClearUser(grantedPrefName.get());
Preferences::ClearUser(deniedPrefName.get());
Preferences::ClearUser(subjectNamePrefName.get());
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
continue;
}
//-- Create a principal based on the prefs
static const char certificateName[] = "capability.principal.certificate";
static const char codebaseName[] = "capability.principal.codebase";
static const char codebaseTrustedName[] = "capability.principal.codebaseTrusted";
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
bool isCert = false;
bool isTrusted = false;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (PL_strncmp(aPrefNames[c], certificateName,
sizeof(certificateName) - 1) == 0)
{
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
isCert = true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
else if (PL_strncmp(aPrefNames[c], codebaseName,
sizeof(codebaseName) - 1) == 0)
{
isTrusted = (PL_strncmp(aPrefNames[c], codebaseTrustedName,
sizeof(codebaseTrustedName) - 1) == 0);
}
else
{
NS_ERROR("Not a codebase or a certificate?!");
}
nsRefPtr<nsPrincipal> newPrincipal = new nsPrincipal();
if (!newPrincipal)
return NS_ERROR_OUT_OF_MEMORY;
rv = newPrincipal->InitFromPersistent(aPrefNames[c], id, subjectName,
EmptyCString(),
grantedList, deniedList, nsnull,
Bug 758258 - part 3 - Add extendedOrigin, appStatus and appId to nsIPrincipal. r=bholley sr=sicking
2012-07-19 22:44:03 -07:00
isCert, isTrusted, UNKNOWN_APP_ID,
false);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_SUCCEEDED(rv))
mPrincipals.Put(newPrincipal, newPrincipal);
}
return NS_OK;
}
inline void
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 00:02:57 -07:00
nsScriptSecurityManager::ScriptSecurityPrefChanged()
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
{
// JavaScript defaults to enabled in failure cases.
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
mIsJavaScriptEnabled = true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
sStrictFileOriginPolicy = true;
Bug 412743 nsScriptSecurityManager::Init shouldn't treat failure of InitPrefs as fatal r=mrbkap sr=dveditz
2009-01-07 20:42:15 -08:00
nsresult rv;
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
if (!mPrefInitialized) {
Bug 412743 nsScriptSecurityManager::Init shouldn't treat failure of InitPrefs as fatal r=mrbkap sr=dveditz
2009-01-07 20:42:15 -08:00
rv = InitPrefs();
if (NS_FAILED(rv))
return;
}
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
mIsJavaScriptEnabled =
Preferences::GetBool(sJSEnabledPrefName, mIsJavaScriptEnabled);
Bug 412743 nsScriptSecurityManager::Init shouldn't treat failure of InitPrefs as fatal r=mrbkap sr=dveditz
2009-01-07 20:42:15 -08:00
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
sStrictFileOriginPolicy =
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
Preferences::GetBool(sFileOriginPolicyPrefName, false);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
nsresult
nsScriptSecurityManager::InitPrefs()
{
nsresult rv;
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
nsIPrefBranch* branch = Preferences::GetRootBranch();
NS_ENSURE_TRUE(branch, NS_ERROR_FAILURE);
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
mPrefInitialized = true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
// Set the initial value of the "javascript.enabled" prefs
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 00:02:57 -07:00
ScriptSecurityPrefChanged();
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
// set observer callbacks in case the value of the prefs change
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
Preferences::AddStrongObservers(this, kObservedPrefs);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
PRUint32 prefCount;
char** prefNames;
//-- Initialize the principals database from prefs
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-19 20:00:16 -07:00
rv = branch->GetChildList(sPrincipalPrefix, &prefCount, &prefNames);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
if (NS_SUCCEEDED(rv) && prefCount > 0)
{
Bug 564048 - Nix security checks in nsPrefBranch. r=sicking, sr=jst
2010-06-08 16:43:54 -07:00
rv = InitPrincipals(prefCount, (const char**)prefNames);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(prefCount, prefNames);
NS_ENSURE_SUCCESS(rv, rv);
}
return NS_OK;
}
Bug 758258 - part 3 - Add extendedOrigin, appStatus and appId to nsIPrincipal. r=bholley sr=sicking
2012-07-19 22:44:03 -07:00
namespace mozilla {
void
GetExtendedOrigin(nsIURI* aURI, PRUint32 aAppId, bool aInMozBrowser,
nsACString& aExtendedOrigin)
Bug 758258 - Part 2 - Add GetExtendedOrigin(), NO_APP_ID and UNKNOWN_APP_ID. r=sicking
2012-07-18 21:25:19 -07:00
{
MOZ_ASSERT(aURI);
Bug 758258 - part 3 - Add extendedOrigin, appStatus and appId to nsIPrincipal. r=bholley sr=sicking
2012-07-19 22:44:03 -07:00
MOZ_ASSERT(aAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID);
Bug 758258 - Part 2 - Add GetExtendedOrigin(), NO_APP_ID and UNKNOWN_APP_ID. r=sicking
2012-07-18 21:25:19 -07:00
Bug 758258 - part 3 - Add extendedOrigin, appStatus and appId to nsIPrincipal. r=bholley sr=sicking
2012-07-19 22:44:03 -07:00
if (aAppId == nsIScriptSecurityManager::UNKNOWN_APP_ID) {
aAppId = nsIScriptSecurityManager::NO_APP_ID;
Bug 758258 - Part 2 - Add GetExtendedOrigin(), NO_APP_ID and UNKNOWN_APP_ID. r=sicking
2012-07-18 21:25:19 -07:00
}
Bug 758258 - part 3 - Add extendedOrigin, appStatus and appId to nsIPrincipal. r=bholley sr=sicking
2012-07-19 22:44:03 -07:00
nsCAutoString origin;
nsPrincipal::GetOriginForURI(aURI, getter_Copies(origin));
Bug 758258 - Part 2 - Add GetExtendedOrigin(), NO_APP_ID and UNKNOWN_APP_ID. r=sicking
2012-07-18 21:25:19 -07:00
// Fallback.
if (aAppId == nsIScriptSecurityManager::NO_APP_ID && !aInMozBrowser) {
aExtendedOrigin.Assign(origin);
Bug 758258 - part 3 - Add extendedOrigin, appStatus and appId to nsIPrincipal. r=bholley sr=sicking
2012-07-19 22:44:03 -07:00
return;
Bug 758258 - Part 2 - Add GetExtendedOrigin(), NO_APP_ID and UNKNOWN_APP_ID. r=sicking
2012-07-18 21:25:19 -07:00
}
Bug 758258 - part 3 - Add extendedOrigin, appStatus and appId to nsIPrincipal. r=bholley sr=sicking
2012-07-19 22:44:03 -07:00
// aExtendedOrigin = origin + "@" + aAppId + { 't', 'f' }
Bug 758258 - Part 2 - Add GetExtendedOrigin(), NO_APP_ID and UNKNOWN_APP_ID. r=sicking
2012-07-18 21:25:19 -07:00
aExtendedOrigin.Assign(origin + NS_LITERAL_CSTRING("@"));
aExtendedOrigin.AppendInt(aAppId);
aExtendedOrigin.Append(aInMozBrowser ? NS_LITERAL_CSTRING("t")
: NS_LITERAL_CSTRING("f"));
Bug 758258 - part 3 - Add extendedOrigin, appStatus and appId to nsIPrincipal. r=bholley sr=sicking
2012-07-19 22:44:03 -07:00
return;
}
} // namespace mozilla
NS_IMETHODIMP
nsScriptSecurityManager::GetExtendedOrigin(nsIURI* aURI,
PRUint32 aAppId,
bool aInMozBrowser,
nsACString& aExtendedOrigin)
{
MOZ_ASSERT(aAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID);
mozilla::GetExtendedOrigin(aURI, aAppId, aInMozBrowser, aExtendedOrigin);
Bug 758258 - Part 2 - Add GetExtendedOrigin(), NO_APP_ID and UNKNOWN_APP_ID. r=sicking
2012-07-18 21:25:19 -07:00
return NS_OK;
}
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
///////////////////////////////////////////////////////////////////////////////
// The following code prints the contents of the policy DB to the console.
#ifdef DEBUG_CAPS_HACKER
//typedef PLDHashOperator
Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan
2008-10-10 08:04:34 -07:00
//(* PLDHashEnumerator)(PLDHashTable *table, PLDHashEntryHdr *hdr,
// PRUint32 number, void *arg);
static PLDHashOperator
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
PrintPropertyPolicy(PLDHashTable *table, PLDHashEntryHdr *entry,
PRUint32 number, void *arg)
{
PropertyPolicy* pp = (PropertyPolicy*)entry;
nsCAutoString prop(" ");
JSContext* cx = (JSContext*)arg;
prop.AppendInt((PRUint32)pp->key);
prop += ' ';
Bug 769533 - Part 1. Replace AppendWithConversion with others. r=jlebar
2012-07-06 02:43:28 -07:00
LossyAppendUTF16toASCII((PRUnichar*)JS_GetStringChars(pp->key), prop);
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
prop += ": Get=";
if (SECURITY_ACCESS_LEVEL_FLAG(pp->mGet))
prop.AppendInt(pp->mGet.level);
else
prop += pp->mGet.capability;
prop += " Set=";
if (SECURITY_ACCESS_LEVEL_FLAG(pp->mSet))
prop.AppendInt(pp->mSet.level);
else
prop += pp->mSet.capability;
printf("%s.\n", prop.get());
return PL_DHASH_NEXT;
}
Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan
2008-10-10 08:04:34 -07:00
static PLDHashOperator
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
PrintClassPolicy(PLDHashTable *table, PLDHashEntryHdr *entry,
PRUint32 number, void *arg)
{
ClassPolicy* cp = (ClassPolicy*)entry;
printf(" %s\n", cp->key);
PL_DHashTableEnumerate(cp->mPolicy, PrintPropertyPolicy, arg);
return PL_DHASH_NEXT;
}
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
// typedef bool
Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan
2008-10-10 08:04:34 -07:00
// (* nsHashtableEnumFunc)(nsHashKey *aKey, void *aData, void* aClosure);
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
static bool
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
PrintDomainPolicy(nsHashKey *aKey, void *aData, void* aClosure)
{
DomainEntry* de = (DomainEntry*)aData;
printf("----------------------------\n");
printf("Domain: %s Policy Name: %s.\n", de->mOrigin.get(),
de->mPolicyName_DEBUG.get());
PL_DHashTableEnumerate(de->mDomainPolicy, PrintClassPolicy, aClosure);
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
return true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones --HG-- rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
static bool
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
PrintCapability(nsHashKey *aKey, void *aData, void* aClosure)
{
char* cap = (char*)aData;
printf(" %s.\n", cap);
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron Landing on a CLOSED TREE
2011-10-17 07:59:28 -07:00
return true;
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
}
void
nsScriptSecurityManager::PrintPolicyDB()
{
printf("############## Security Policies ###############\n");
if(mOriginToPolicyMap)
{
JSContext* cx = GetCurrentJSContext();
if (!cx)
cx = GetSafeJSContext();
printf("----------------------------\n");
printf("Domain: Default.\n");
PL_DHashTableEnumerate(mDefaultPolicy, PrintClassPolicy, (void*)cx);
mOriginToPolicyMap->Enumerate(PrintDomainPolicy, (void*)cx);
}
printf("############ End Security Policies #############\n\n");
printf("############## Capabilities ###############\n");
mCapabilities->Enumerate(PrintCapability);
printf("############## End Capabilities ###############\n");
}
#endif
Reference in New Issue Copy Permalink