From 0a5fb33d0a97f9a586272345672f5b1095731b62 Mon Sep 17 00:00:00 2001 From: Bobby Holley Date: Tue, 6 May 2014 15:43:03 -0700 Subject: [PATCH] Bug 997987 - Remove usage of nsIScriptSecurityManager::GetSubjectPrincipal. r=Ms2ger --- caps/src/nsScriptSecurityManager.cpp | 92 ++++-------------- content/base/src/DOMParser.cpp | 43 +-------- content/base/src/nsContentUtils.cpp | 30 +----- content/base/src/nsDocument.cpp | 24 ++--- content/html/document/src/nsHTMLDocument.cpp | 23 +---- docshell/base/nsDocShell.cpp | 32 ++----- dom/base/nsGlobalWindow.cpp | 95 +++++++------------ dom/events/DataTransfer.cpp | 39 ++------ dom/events/DataTransfer.h | 3 - dom/src/storage/DOMStorage.cpp | 12 +-- dom/xslt/xslt/txMozillaXSLTProcessor.cpp | 11 +-- .../components/find/src/nsWebBrowserFind.cpp | 18 +--- .../windowwatcher/src/nsWindowWatcher.cpp | 17 ++-- layout/style/nsCSSStyleSheet.cpp | 49 ++++------ security/manager/ssl/src/nsCrypto.cpp | 23 +---- xpfe/appshell/src/nsWebShellWindow.cpp | 12 +-- 16 files changed, 120 insertions(+), 403 deletions(-) diff --git a/caps/src/nsScriptSecurityManager.cpp b/caps/src/nsScriptSecurityManager.cpp index bc0eebd03ee..f8fc6303351 100644 --- a/caps/src/nsScriptSecurityManager.cpp +++ b/caps/src/nsScriptSecurityManager.cpp @@ -340,26 +340,10 @@ NS_IMPL_ISUPPORTS(nsScriptSecurityManager, bool nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction(JSContext *cx) { - // Get the security manager - nsScriptSecurityManager *ssm = - nsScriptSecurityManager::GetScriptSecurityManager(); - - NS_ASSERTION(ssm, "Failed to get security manager service"); - if (!ssm) - return false; - - nsresult rv; - nsIPrincipal* subjectPrincipal = ssm->GetSubjectPrincipal(cx, &rv); - - NS_ASSERTION(NS_SUCCEEDED(rv), "CSP: Failed to get nsIPrincipal from js context"); - if (NS_FAILED(rv)) - return false; // Not just absence of principal, but failure. - - if (!subjectPrincipal) - return true; - + MOZ_ASSERT(cx == nsContentUtils::GetCurrentJSContext()); + nsCOMPtr subjectPrincipal = nsContentUtils::GetSubjectPrincipal(); nsCOMPtr csp; - rv = subjectPrincipal->GetCsp(getter_AddRefs(csp)); + nsresult rv = subjectPrincipal->GetCsp(getter_AddRefs(csp)); NS_ASSERTION(NS_SUCCEEDED(rv), "CSP: Failed to get CSP from principal."); // don't do anything unless there's a CSP @@ -410,27 +394,10 @@ NS_IMETHODIMP nsScriptSecurityManager::CheckSameOrigin(JSContext* cx, nsIURI* aTargetURI) { - nsresult rv; - - // Get a context if necessary - if (!cx) - { - cx = GetCurrentJSContext(); - if (!cx) - return NS_OK; // No JS context, so allow access - } + MOZ_ASSERT_IF(cx, cx == nsContentUtils::GetCurrentJSContext()); // Get a principal from the context - nsIPrincipal* sourcePrincipal = GetSubjectPrincipal(cx, &rv); - if (NS_FAILED(rv)) - return rv; - - if (!sourcePrincipal) - { - NS_WARNING("CheckSameOrigin called on script w/o principals; should this happen?"); - return NS_OK; - } - + nsIPrincipal* sourcePrincipal = nsContentUtils::GetSubjectPrincipal(); if (sourcePrincipal == mSystemPrincipal) { // This is a system (chrome) script, so allow access @@ -506,17 +473,10 @@ NS_IMETHODIMP nsScriptSecurityManager::CheckLoadURIFromScript(JSContext *cx, nsIURI *aURI) { // Get principal of currently executing script. - nsresult rv; - nsIPrincipal* principal = GetSubjectPrincipal(cx, &rv); - if (NS_FAILED(rv)) - return rv; - - // Native code can load all URIs. - if (!principal) - return NS_OK; - - rv = CheckLoadURIWithPrincipal(principal, aURI, - nsIScriptSecurityManager::STANDARD); + MOZ_ASSERT(cx == nsContentUtils::GetCurrentJSContext()); + nsIPrincipal* principal = nsContentUtils::GetSubjectPrincipal(); + nsresult rv = CheckLoadURIWithPrincipal(principal, aURI, + nsIScriptSecurityManager::STANDARD); if (NS_SUCCEEDED(rv)) { // OK to load return NS_OK; @@ -965,19 +925,7 @@ nsScriptSecurityManager::SubjectPrincipalIsSystem(bool* aIsSystem) if (!mSystemPrincipal) return NS_OK; - nsCOMPtr subject; - nsresult rv = GetSubjectPrincipal(getter_AddRefs(subject)); - if (NS_FAILED(rv)) - return rv; - - if(!subject) - { - // No subject principal means no JS is running; - // this is the equivalent of system principal code - *aIsSystem = true; - return NS_OK; - } - + nsCOMPtr subject = nsContentUtils::GetSubjectPrincipal(); return mSystemPrincipal->Equals(subject, aIsSystem); } @@ -1144,11 +1092,8 @@ nsScriptSecurityManager::CanCreateWrapper(JSContext *cx, //-- Access denied, report an error NS_ConvertUTF8toUTF16 strName("CreateWrapperDenied"); nsAutoCString origin; - nsresult rv2; - nsIPrincipal* subjectPrincipal = doGetSubjectPrincipal(&rv2); - if (NS_SUCCEEDED(rv2) && subjectPrincipal) { - GetPrincipalDomainOrigin(subjectPrincipal, origin); - } + nsIPrincipal* subjectPrincipal = nsContentUtils::GetSubjectPrincipal(); + GetPrincipalDomainOrigin(subjectPrincipal, origin); NS_ConvertUTF8toUTF16 originUnicode(origin); NS_ConvertUTF8toUTF16 classInfoName(objClassInfo.GetName()); const char16_t* formatStrings[] = { @@ -1162,14 +1107,11 @@ nsScriptSecurityManager::CanCreateWrapper(JSContext *cx, strName.AppendLiteral("ForOrigin"); } nsXPIDLString errorMsg; - // We need to keep our existing failure rv and not override it - // with a likely success code from the following string bundle - // call in order to throw the correct security exception later. - rv2 = sStrBundle->FormatStringFromName(strName.get(), - formatStrings, - length, - getter_Copies(errorMsg)); - NS_ENSURE_SUCCESS(rv2, rv2); + nsresult rv = sStrBundle->FormatStringFromName(strName.get(), + formatStrings, + length, + getter_Copies(errorMsg)); + NS_ENSURE_SUCCESS(rv, rv); SetPendingException(cx, errorMsg.get()); return NS_ERROR_DOM_XPCONNECT_ACCESS_DENIED; diff --git a/content/base/src/DOMParser.cpp b/content/base/src/DOMParser.cpp index 98908733ddd..bf6a9488b1a 100644 --- a/content/base/src/DOMParser.cpp +++ b/content/base/src/DOMParser.cpp @@ -386,29 +386,10 @@ DOMParser::Constructor(const GlobalObject& aOwner, DOMParser::Constructor(const GlobalObject& aOwner, ErrorResult& rv) { - nsCOMPtr prin; - nsCOMPtr documentURI; - nsCOMPtr baseURI; - // No arguments; use the subject principal - nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager(); - if (!secMan) { - rv.Throw(NS_ERROR_UNEXPECTED); - return nullptr; - } - - rv = secMan->GetSubjectPrincipal(getter_AddRefs(prin)); - if (rv.Failed()) { - return nullptr; - } - - // We're called from JS; there better be a subject principal, really. - if (!prin) { - rv.Throw(NS_ERROR_UNEXPECTED); - return nullptr; - } - nsRefPtr domParser = new DOMParser(aOwner.GetAsSupports()); - rv = domParser->InitInternal(aOwner.GetAsSupports(), prin, documentURI, baseURI); + rv = domParser->InitInternal(aOwner.GetAsSupports(), + nsContentUtils::GetSubjectPrincipal(), + nullptr, nullptr); if (rv.Failed()) { return nullptr; } @@ -464,24 +445,8 @@ DOMParser::Init(nsIPrincipal* aPrincipal, nsIURI* aDocumentURI, nsIScriptContext* scriptContext = GetScriptContextFromJSContext(cx); nsCOMPtr principal = aPrincipal; - if (!principal && !aDocumentURI) { - nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager(); - if (!secMan) { - rv.Throw(NS_ERROR_UNEXPECTED); - return; - } - - rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal)); - if (rv.Failed()) { - return; - } - - // We're called from JS; there better be a subject principal, really. - if (!principal) { - rv.Throw(NS_ERROR_UNEXPECTED); - return; - } + principal = nsContentUtils::GetSubjectPrincipal(); } rv = Init(principal, aDocumentURI, aBaseURI, diff --git a/content/base/src/nsContentUtils.cpp b/content/base/src/nsContentUtils.cpp index c35ea8cae3f..acab4a7f0e0 100644 --- a/content/base/src/nsContentUtils.cpp +++ b/content/base/src/nsContentUtils.cpp @@ -1578,45 +1578,19 @@ nsContentUtils::CanCallerAccess(nsIDOMNode *aNode) bool nsContentUtils::CanCallerAccess(nsINode* aNode) { - // XXXbz why not check the IsCapabilityEnabled thing up front, and not bother - // with the system principal games? But really, there should be a simpler - // API here, dammit. - nsCOMPtr subjectPrincipal; - nsresult rv = sSecurityManager->GetSubjectPrincipal(getter_AddRefs(subjectPrincipal)); - NS_ENSURE_SUCCESS(rv, false); - - if (!subjectPrincipal) { - // we're running as system, grant access to the node. - - return true; - } - - return CanCallerAccess(subjectPrincipal, aNode->NodePrincipal()); + return CanCallerAccess(GetSubjectPrincipal(), aNode->NodePrincipal()); } // static bool nsContentUtils::CanCallerAccess(nsPIDOMWindow* aWindow) { - // XXXbz why not check the IsCapabilityEnabled thing up front, and not bother - // with the system principal games? But really, there should be a simpler - // API here, dammit. - nsCOMPtr subjectPrincipal; - nsresult rv = sSecurityManager->GetSubjectPrincipal(getter_AddRefs(subjectPrincipal)); - NS_ENSURE_SUCCESS(rv, false); - - if (!subjectPrincipal) { - // we're running as system, grant access to the node. - - return true; - } - nsCOMPtr scriptObject = do_QueryInterface(aWindow->IsOuterWindow() ? aWindow->GetCurrentInnerWindow() : aWindow); NS_ENSURE_TRUE(scriptObject, false); - return CanCallerAccess(subjectPrincipal, scriptObject->GetPrincipal()); + return CanCallerAccess(GetSubjectPrincipal(), scriptObject->GetPrincipal()); } //static diff --git a/content/base/src/nsDocument.cpp b/content/base/src/nsDocument.cpp index 7faf7ea35ed..40bfa635e8d 100644 --- a/content/base/src/nsDocument.cpp +++ b/content/base/src/nsDocument.cpp @@ -6335,23 +6335,13 @@ nsIDocument::LoadBindingDocument(const nsAString& aURI, ErrorResult& rv) return; } - // Figure out the right principal to use - nsCOMPtr subject; - nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager(); - if (secMan) { - rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject)); - if (rv.Failed()) { - return; - } - } - - if (!subject) { - // Fall back to our principal. Or should we fall back to the null - // principal? The latter would just mean no binding loads.... - subject = NodePrincipal(); - } - - BindingManager()->LoadBindingDocument(this, uri, subject); + // Note - This computation of subjectPrincipal isn't necessarily sensical. + // It's just designed to preserve the old semantics during a mass-conversion + // patch. + nsCOMPtr subjectPrincipal = + nsContentUtils::GetCurrentJSContext() ? nsContentUtils::GetSubjectPrincipal() + : NodePrincipal(); + BindingManager()->LoadBindingDocument(this, uri, subjectPrincipal); } NS_IMETHODIMP diff --git a/content/html/document/src/nsHTMLDocument.cpp b/content/html/document/src/nsHTMLDocument.cpp index 8e45fa249e8..f049b108edd 100644 --- a/content/html/document/src/nsHTMLDocument.cpp +++ b/content/html/document/src/nsHTMLDocument.cpp @@ -2849,27 +2849,10 @@ nsHTMLDocument::SetDesignMode(const nsAString & aDesignMode) void nsHTMLDocument::SetDesignMode(const nsAString& aDesignMode, ErrorResult& rv) { - if (!nsContentUtils::IsCallerChrome()) { - nsCOMPtr subject; - nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager(); - rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject)); - if (rv.Failed()) { - return; - } - if (subject) { - bool subsumes; - rv = subject->Subsumes(NodePrincipal(), &subsumes); - if (rv.Failed()) { - return; - } - - if (!subsumes) { - rv.Throw(NS_ERROR_DOM_PROP_ACCESS_DENIED); - return; - } - } + if (!nsContentUtils::GetSubjectPrincipal()->Subsumes(NodePrincipal())) { + rv.Throw(NS_ERROR_DOM_PROP_ACCESS_DENIED); + return; } - bool editableMode = HasFlag(NODE_IS_EDITABLE); if (aDesignMode.LowerCaseEqualsASCII(editableMode ? "off" : "on")) { SetEditableFlag(!editableMode); diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index 76ed4567e26..30993ca2136 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -8645,7 +8645,7 @@ nsDocShell::CheckLoadingPermissions() // frames in the new window through window.frames[] (which is // allAccess for historic reasons), so we still need to do this // check on load. - nsresult rv = NS_OK, sameOrigin = NS_OK; + nsresult rv = NS_OK; if (!gValidateOrigin || !IsFrame()) { // Origin validation was turned off, or we're not a frame. @@ -8654,16 +8654,10 @@ nsDocShell::CheckLoadingPermissions() return rv; } - nsCOMPtr securityManager = - do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); - NS_ENSURE_SUCCESS(rv, rv); - - // We're a frame. Check that the caller has write permission to - // the parent before allowing it to load anything into this - // docshell. - nsCOMPtr subjPrincipal; - rv = securityManager->GetSubjectPrincipal(getter_AddRefs(subjPrincipal)); - NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && subjPrincipal, rv); + // Note - The check for a current JSContext here isn't necessarily sensical. + // It's just designed to preserve the old semantics during a mass-conversion + // patch. + NS_ENSURE_TRUE(nsContentUtils::GetCurrentJSContext(), NS_OK); // Check if the caller is from the same origin as this docshell, // or any of its ancestors. @@ -8677,17 +8671,9 @@ nsDocShell::CheckLoadingPermissions() return NS_ERROR_UNEXPECTED; } - // Compare origins - bool subsumes; - sameOrigin = subjPrincipal->Subsumes(p, &subsumes); - if (NS_SUCCEEDED(sameOrigin)) { - if (subsumes) { - // Same origin, permit load - - return sameOrigin; - } - - sameOrigin = NS_ERROR_DOM_PROP_ACCESS_DENIED; + if (nsContentUtils::GetSubjectPrincipal()->Subsumes(p)) { + // Same origin, permit load + return NS_OK; } nsCOMPtr tmp; @@ -8695,7 +8681,7 @@ nsDocShell::CheckLoadingPermissions() item.swap(tmp); } while (item); - return sameOrigin; + return NS_ERROR_DOM_PROP_ACCESS_DENIED; } //***************************************************************************** diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp index a9e1f502a88..a0c8162a330 100644 --- a/dom/base/nsGlobalWindow.cpp +++ b/dom/base/nsGlobalWindow.cpp @@ -2014,9 +2014,6 @@ nsGlobalWindow::SetInitialPrincipalToSubject() // First, grab the subject principal. nsCOMPtr newWindowPrincipal = nsContentUtils::GetSubjectPrincipal(); - if (!newWindowPrincipal) { - newWindowPrincipal = nsContentUtils::GetSystemPrincipal(); - } // Now, if we're about to use the system principal or an nsExpandedPrincipal, // make sure we're not using it for a content docshell. @@ -6055,53 +6052,42 @@ nsGlobalWindow::MakeScriptDialogTitle(nsAString &aOutTitle) // Try to get a host from the running principal -- this will do the // right thing for javascript: and data: documents. - nsresult rv = NS_OK; - NS_ASSERTION(nsContentUtils::GetSecurityManager(), - "Global Window has no security manager!"); - if (nsContentUtils::GetSecurityManager()) { - nsCOMPtr principal; - rv = nsContentUtils::GetSecurityManager()-> - GetSubjectPrincipal(getter_AddRefs(principal)); + nsCOMPtr principal = nsContentUtils::GetSubjectPrincipal(); + nsCOMPtr uri; + nsresult rv = principal->GetURI(getter_AddRefs(uri)); + // Note - The check for the current JSContext here isn't necessarily sensical. + // It's just designed to preserve existing behavior during a mass-conversion + // patch. + if (NS_SUCCEEDED(rv) && uri && nsContentUtils::GetCurrentJSContext()) { + // remove user:pass for privacy and spoof prevention - if (NS_SUCCEEDED(rv) && principal) { - nsCOMPtr uri; - rv = principal->GetURI(getter_AddRefs(uri)); + nsCOMPtr fixup(do_GetService(NS_URIFIXUP_CONTRACTID)); + if (fixup) { + nsCOMPtr fixedURI; + rv = fixup->CreateExposableURI(uri, getter_AddRefs(fixedURI)); + if (NS_SUCCEEDED(rv) && fixedURI) { + nsAutoCString host; + fixedURI->GetHost(host); - if (NS_SUCCEEDED(rv) && uri) { - // remove user:pass for privacy and spoof prevention + if (!host.IsEmpty()) { + // if this URI has a host we'll show it. For other + // schemes (e.g. file:) we fall back to the localized + // generic string - nsCOMPtr fixup(do_GetService(NS_URIFIXUP_CONTRACTID)); - if (fixup) { - nsCOMPtr fixedURI; - rv = fixup->CreateExposableURI(uri, getter_AddRefs(fixedURI)); - if (NS_SUCCEEDED(rv) && fixedURI) { - nsAutoCString host; - fixedURI->GetHost(host); + nsAutoCString prepath; + fixedURI->GetPrePath(prepath); - if (!host.IsEmpty()) { - // if this URI has a host we'll show it. For other - // schemes (e.g. file:) we fall back to the localized - // generic string - - nsAutoCString prepath; - fixedURI->GetPrePath(prepath); - - NS_ConvertUTF8toUTF16 ucsPrePath(prepath); - const char16_t *formatStrings[] = { ucsPrePath.get() }; - nsXPIDLString tempString; - nsContentUtils::FormatLocalizedString(nsContentUtils::eCOMMON_DIALOG_PROPERTIES, - "ScriptDlgHeading", - formatStrings, - tempString); - aOutTitle = tempString; - } - } + NS_ConvertUTF8toUTF16 ucsPrePath(prepath); + const char16_t *formatStrings[] = { ucsPrePath.get() }; + nsXPIDLString tempString; + nsContentUtils::FormatLocalizedString(nsContentUtils::eCOMMON_DIALOG_PROPERTIES, + "ScriptDlgHeading", + formatStrings, + tempString); + aOutTitle = tempString; } } } - else { // failed to get subject principal - NS_WARNING("No script principal? Who is calling alert/confirm/prompt?!"); - } } if (aOutTitle.IsEmpty()) { @@ -11693,28 +11679,14 @@ nsGlobalWindow::SetTimeoutOrInterval(nsIScriptTimeoutHandler *aHandler, // If our principals subsume the subject principal then use the subject // principal. Otherwise, use our principal to avoid running script in // elevated principals. - - nsCOMPtr subjectPrincipal; - nsresult rv; - rv = nsContentUtils::GetSecurityManager()-> - GetSubjectPrincipal(getter_AddRefs(subjectPrincipal)); - if (NS_FAILED(rv)) { - return NS_ERROR_FAILURE; - } - - bool subsumes = false; - nsCOMPtr ourPrincipal = GetPrincipal(); - + // // Note the direction of this test: We don't allow setTimeouts running with // chrome privileges on content windows, but we do allow setTimeouts running // with content privileges on chrome windows (where they can't do very much, // of course). - rv = ourPrincipal->Subsumes(subjectPrincipal, &subsumes); - if (NS_FAILED(rv)) { - return NS_ERROR_FAILURE; - } - - if (subsumes) { + nsCOMPtr subjectPrincipal = nsContentUtils::GetSubjectPrincipal(); + nsCOMPtr ourPrincipal = GetPrincipal(); + if (ourPrincipal->Subsumes(subjectPrincipal)) { timeout->mPrincipal = subjectPrincipal; } else { timeout->mPrincipal = ourPrincipal; @@ -11730,6 +11702,7 @@ nsGlobalWindow::SetTimeoutOrInterval(nsIScriptTimeoutHandler *aHandler, timeout->mWhen = TimeStamp::Now() + delta; + nsresult rv; timeout->mTimer = do_CreateInstance("@mozilla.org/timer;1", &rv); if (NS_FAILED(rv)) { return rv; diff --git a/dom/events/DataTransfer.cpp b/dom/events/DataTransfer.cpp index 4576c8461eb..bfc820d00a9 100644 --- a/dom/events/DataTransfer.cpp +++ b/dom/events/DataTransfer.cpp @@ -594,9 +594,7 @@ DataTransfer::MozGetDataAt(const nsAString& aFormat, uint32_t aIndex, (mEventType != NS_DRAGDROP_DROP && mEventType != NS_DRAGDROP_DRAGDROP && mEventType != NS_PASTE && !nsContentUtils::IsCallerChrome())) { - nsresult rv = NS_OK; - principal = GetCurrentPrincipal(&rv); - NS_ENSURE_SUCCESS(rv, rv); + principal = nsContentUtils::GetSubjectPrincipal(); } uint32_t count = item.Length(); @@ -625,9 +623,9 @@ DataTransfer::MozGetDataAt(const nsAString& aFormat, uint32_t aIndex, MOZ_ASSERT(sp, "This cannot fail on the main thread."); nsIPrincipal* dataPrincipal = sp->GetPrincipal(); NS_ENSURE_TRUE(dataPrincipal, NS_ERROR_DOM_SECURITY_ERR); - NS_ENSURE_TRUE(principal || (principal = GetCurrentPrincipal(&rv)), - NS_ERROR_DOM_SECURITY_ERR); - NS_ENSURE_SUCCESS(rv, rv); + if (!principal) { + principal = nsContentUtils::GetSubjectPrincipal(); + } bool equals = false; NS_ENSURE_TRUE(NS_SUCCEEDED(principal->Equals(dataPrincipal, &equals)) && equals, NS_ERROR_DOM_SECURITY_ERR); @@ -697,11 +695,8 @@ DataTransfer::MozSetDataAt(const nsAString& aFormat, nsIVariant* aData, return NS_ERROR_DOM_SECURITY_ERR; } - nsresult rv = NS_OK; - nsIPrincipal* principal = GetCurrentPrincipal(&rv); - NS_ENSURE_SUCCESS(rv, rv); - - return SetDataWithPrincipal(aFormat, aData, aIndex, principal); + return SetDataWithPrincipal(aFormat, aData, aIndex, + nsContentUtils::GetSubjectPrincipal()); } void @@ -754,12 +749,7 @@ DataTransfer::MozClearDataAtHelper(const nsAString& aFormat, uint32_t aIndex, nsAutoString format; GetRealFormat(aFormat, format); - nsresult rv = NS_OK; - nsIPrincipal* principal = GetCurrentPrincipal(&rv); - if (NS_FAILED(rv)) { - aRv = rv; - return; - } + nsIPrincipal* principal = nsContentUtils::GetSubjectPrincipal(); // if the format is empty, clear all formats bool clearall = format.IsEmpty(); @@ -1089,21 +1079,6 @@ DataTransfer::SetDataWithPrincipal(const nsAString& aFormat, return NS_OK; } -nsIPrincipal* -DataTransfer::GetCurrentPrincipal(nsresult* rv) -{ - nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager(); - - nsCOMPtr currentPrincipal; - *rv = ssm->GetSubjectPrincipal(getter_AddRefs(currentPrincipal)); - NS_ENSURE_SUCCESS(*rv, nullptr); - - if (!currentPrincipal) - ssm->GetSystemPrincipal(getter_AddRefs(currentPrincipal)); - - return currentPrincipal.get(); -} - void DataTransfer::GetRealFormat(const nsAString& aInFormat, nsAString& aOutFormat) { diff --git a/dom/events/DataTransfer.h b/dom/events/DataTransfer.h index 82d9de41b68..f76d1362911 100644 --- a/dom/events/DataTransfer.h +++ b/dom/events/DataTransfer.h @@ -219,9 +219,6 @@ public: protected: - // returns a weak reference to the current principal - nsIPrincipal* GetCurrentPrincipal(nsresult* rv); - // converts some formats used for compatibility in aInFormat into aOutFormat. // Text and text/unicode become text/plain, and URL becomes text/uri-list void GetRealFormat(const nsAString& aInFormat, nsAString& aOutFormat); diff --git a/dom/src/storage/DOMStorage.cpp b/dom/src/storage/DOMStorage.cpp index 0d527d7082e..3a0623a56ce 100644 --- a/dom/src/storage/DOMStorage.cpp +++ b/dom/src/storage/DOMStorage.cpp @@ -241,18 +241,12 @@ DOMStorage::CanUseStorage(DOMStorage* aStorage) } // chrome can always use aStorage regardless of permission preferences - if (nsContentUtils::IsCallerChrome()) { + nsCOMPtr subjectPrincipal = + nsContentUtils::GetSubjectPrincipal(); + if (nsContentUtils::IsSystemPrincipal(subjectPrincipal)) { return true; } - nsCOMPtr subjectPrincipal; - nsresult rv = nsContentUtils::GetSecurityManager()-> - GetSubjectPrincipal(getter_AddRefs(subjectPrincipal)); - NS_ENSURE_SUCCESS(rv, false); - - // if subjectPrincipal were null we'd have returned after - // IsCallerChrome(). - nsCOMPtr permissionManager = services::GetPermissionManager(); if (!permissionManager) { diff --git a/dom/xslt/xslt/txMozillaXSLTProcessor.cpp b/dom/xslt/xslt/txMozillaXSLTProcessor.cpp index ddd48006046..07d49cfe425 100644 --- a/dom/xslt/xslt/txMozillaXSLTProcessor.cpp +++ b/dom/xslt/xslt/txMozillaXSLTProcessor.cpp @@ -1252,15 +1252,8 @@ NS_IMETHODIMP txMozillaXSLTProcessor::Initialize(nsISupports* aOwner, JSContext* cx, JSObject* obj, const JS::CallArgs& args) { - nsCOMPtr prin; - nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager(); - NS_ENSURE_TRUE(secMan, NS_ERROR_UNEXPECTED); - - nsresult rv = secMan->GetSubjectPrincipal(getter_AddRefs(prin)); - NS_ENSURE_SUCCESS(rv, rv); - NS_ENSURE_TRUE(prin, NS_ERROR_UNEXPECTED); - - return Init(prin); + MOZ_ASSERT(nsContentUtils::GetCurrentJSContext()); + return Init(nsContentUtils::GetSubjectPrincipal()); } NS_IMETHODIMP diff --git a/embedding/components/find/src/nsWebBrowserFind.cpp b/embedding/components/find/src/nsWebBrowserFind.cpp index 2fb01808b9a..d25f4965f65 100644 --- a/embedding/components/find/src/nsWebBrowserFind.cpp +++ b/embedding/components/find/src/nsWebBrowserFind.cpp @@ -39,6 +39,7 @@ #include "mozilla/Services.h" #include "mozilla/dom/Element.h" #include "nsISimpleEnumerator.h" +#include "nsContentUtils.h" #if DEBUG #include "nsIWebNavigation.h" @@ -660,21 +661,8 @@ nsresult nsWebBrowserFind::SearchInFrame(nsIDOMWindow* aWindow, nsCOMPtr theDoc = do_QueryInterface(domDoc); if (!theDoc) return NS_ERROR_FAILURE; - nsCOMPtr secMan = - do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); - NS_ENSURE_SUCCESS(rv, rv); - - nsCOMPtr subject; - rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject)); - NS_ENSURE_SUCCESS(rv, rv); - - if (subject) { - bool subsumes; - rv = subject->Subsumes(theDoc->NodePrincipal(), &subsumes); - NS_ENSURE_SUCCESS(rv, rv); - if (!subsumes) { - return NS_ERROR_DOM_PROP_ACCESS_DENIED; - } + if (!nsContentUtils::GetSubjectPrincipal()->Subsumes(theDoc->NodePrincipal())) { + return NS_ERROR_DOM_PROP_ACCESS_DENIED; } nsCOMPtr find = do_CreateInstance(NS_FIND_CONTRACTID, &rv); diff --git a/embedding/components/windowwatcher/src/nsWindowWatcher.cpp b/embedding/components/windowwatcher/src/nsWindowWatcher.cpp index 0868150e530..2b04912ef14 100644 --- a/embedding/components/windowwatcher/src/nsWindowWatcher.cpp +++ b/embedding/components/windowwatcher/src/nsWindowWatcher.cpp @@ -785,15 +785,14 @@ nsWindowWatcher::OpenWindowInternal(nsIDOMWindow *aParent, // Now we have to set the right opener principal on the new window. Note // that we have to do this _before_ starting any URI loads, thanks to the - // sync nature of javascript: loads. Since this is the only place where we - // set said opener principal, we need to do it for all URIs, including - // chrome ones. So to deal with the mess that is bug 79775, just press on in - // a reasonable way even if GetSubjectPrincipal fails. In that case, just - // use a null subjectPrincipal. - nsCOMPtr subjectPrincipal; - if (NS_FAILED(sm->GetSubjectPrincipal(getter_AddRefs(subjectPrincipal)))) { - subjectPrincipal = nullptr; - } + // sync nature of javascript: loads. + // + // Note: The check for the current JSContext isn't necessarily sensical. + // It's just designed to preserve old semantics during a mass-conversion + // patch. + nsCOMPtr subjectPrincipal = + nsContentUtils::GetCurrentJSContext() ? nsContentUtils::GetSubjectPrincipal() + : nullptr; if (windowIsNew) { // Now set the opener principal on the new window. Note that we need to do diff --git a/layout/style/nsCSSStyleSheet.cpp b/layout/style/nsCSSStyleSheet.cpp index 7a984c1a440..4bc9d279146 100644 --- a/layout/style/nsCSSStyleSheet.cpp +++ b/layout/style/nsCSSStyleSheet.cpp @@ -1615,47 +1615,30 @@ nsCSSStyleSheet::DidDirty() nsresult nsCSSStyleSheet::SubjectSubsumesInnerPrincipal() { - // Get the security manager and do the subsumes check - nsIScriptSecurityManager *securityManager = - nsContentUtils::GetSecurityManager(); + nsCOMPtr subjectPrincipal = nsContentUtils::GetSubjectPrincipal(); + if (subjectPrincipal->Subsumes(mInner->mPrincipal)) { + return NS_OK; + } - nsCOMPtr subjectPrincipal; - nsresult rv = securityManager->GetSubjectPrincipal(getter_AddRefs(subjectPrincipal)); - NS_ENSURE_SUCCESS(rv, rv); - - if (!subjectPrincipal) { + // Allow access only if CORS mode is not NONE + if (GetCORSMode() == CORS_NONE) { return NS_ERROR_DOM_SECURITY_ERR; } - bool subsumes; - rv = subjectPrincipal->Subsumes(mInner->mPrincipal, &subsumes); - NS_ENSURE_SUCCESS(rv, rv); - - if (subsumes) { - return NS_OK; + // Now make sure we set the principal of our inner to the + // subjectPrincipal. That means we need a unique inner, of + // course. But we don't want to do that if we're not complete + // yet. Luckily, all the callers of this method throw anyway if + // not complete, so we can just do that here too. + if (!mInner->mComplete) { + return NS_ERROR_DOM_INVALID_ACCESS_ERR; } - - if (!nsContentUtils::IsCallerChrome()) { - // Allow access only if CORS mode is not NONE - if (GetCORSMode() == CORS_NONE) { - return NS_ERROR_DOM_SECURITY_ERR; - } - // Now make sure we set the principal of our inner to the - // subjectPrincipal. That means we need a unique inner, of - // course. But we don't want to do that if we're not complete - // yet. Luckily, all the callers of this method throw anyway if - // not complete, so we can just do that here too. - if (!mInner->mComplete) { - return NS_ERROR_DOM_INVALID_ACCESS_ERR; - } + WillDirty(); - WillDirty(); + mInner->mPrincipal = subjectPrincipal; - mInner->mPrincipal = subjectPrincipal; - - DidDirty(); - } + DidDirty(); return NS_OK; } diff --git a/security/manager/ssl/src/nsCrypto.cpp b/security/manager/ssl/src/nsCrypto.cpp index 9745b9b0f28..c603bdfc48b 100644 --- a/security/manager/ssl/src/nsCrypto.cpp +++ b/security/manager/ssl/src/nsCrypto.cpp @@ -172,7 +172,6 @@ public: nsCOMPtr m_kungFuDeathGrip; JSContext *m_cx; JS::PersistentRooted m_scope; - nsCOMPtr m_principals; nsXPIDLCString m_jsCallback; NS_DECL_ISUPPORTS }; @@ -2037,24 +2036,7 @@ nsCrypto::GenerateCRMFRequest(JSContext* aContext, // when the request has been generated. // - nsCOMPtr secMan = - do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID); - if (MOZ_UNLIKELY(!secMan)) { - aRv.Throw(NS_ERROR_UNEXPECTED); - return nullptr; - } - - nsCOMPtr principals; - nsresult rv = secMan->GetSubjectPrincipal(getter_AddRefs(principals)); - if (NS_FAILED(nrv)) { - aRv.Throw(nrv); - return nullptr; - } - if (MOZ_UNLIKELY(!principals)) { - aRv.Throw(NS_ERROR_UNEXPECTED); - return nullptr; - } - + MOZ_ASSERT(nsContentUtils::GetCurrentJSContext()); nsCryptoRunArgs *args = new nsCryptoRunArgs(aContext); args->m_kungFuDeathGrip = GetISupportsFromContext(aContext); @@ -2062,11 +2044,10 @@ nsCrypto::GenerateCRMFRequest(JSContext* aContext, if (!aJsCallback.IsVoid()) { args->m_jsCallback = aJsCallback; } - args->m_principals = principals; nsCryptoRunnable *cryptoRunnable = new nsCryptoRunnable(args); - rv = NS_DispatchToMainThread(cryptoRunnable); + nsresult rv = NS_DispatchToMainThread(cryptoRunnable); if (NS_FAILED(rv)) { aRv.Throw(rv); delete cryptoRunnable; diff --git a/xpfe/appshell/src/nsWebShellWindow.cpp b/xpfe/appshell/src/nsWebShellWindow.cpp index 72ffcacc1a7..5781ee8e692 100644 --- a/xpfe/appshell/src/nsWebShellWindow.cpp +++ b/xpfe/appshell/src/nsWebShellWindow.cpp @@ -19,6 +19,7 @@ #include "nsIStringBundle.h" #include "nsReadableUtils.h" +#include "nsContentUtils.h" #include "nsEscape.h" #include "nsPIDOMWindow.h" #include "nsIWebNavigation.h" @@ -208,15 +209,8 @@ nsresult nsWebShellWindow::Initialize(nsIXULWindow* aParent, // SetInitialPrincipalToSubject. This avoids creating the about:blank document // and then blowing it away with a second one, which can cause problems for the // top-level chrome window case. See bug 789773. - nsCOMPtr ssm = - do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); - if (ssm) { // Sometimes this happens really early See bug 793370. - nsCOMPtr principal; - ssm->GetSubjectPrincipal(getter_AddRefs(principal)); - if (!principal) { - ssm->GetSystemPrincipal(getter_AddRefs(principal)); - } - rv = mDocShell->CreateAboutBlankContentViewer(principal); + if (nsContentUtils::IsInitialized()) { // Sometimes this happens really early See bug 793370. + rv = mDocShell->CreateAboutBlankContentViewer(nsContentUtils::GetSubjectPrincipal()); NS_ENSURE_SUCCESS(rv, rv); nsCOMPtr doc = do_GetInterface(mDocShell); NS_ENSURE_TRUE(!!doc, NS_ERROR_FAILURE);