Bug 1182357 - Add an API to mint nsExpandedPrincipals. r=mrbkap

2024-09-13 09:24:08 -07:00 · 2015-07-11 00:22:14 -04:00 · 2015-07-11 00:22:14 -04:00 · 1dd2d827e6
commit 1dd2d827e6
parent 416fd0e0a6
3 changed files with 32 additions and 3 deletions
--- a/caps/nsIScriptSecurityManager.idl
+++ b/caps/nsIScriptSecurityManager.idl
@ -26,7 +26,7 @@ class DomainPolicyClone;
 [ptr] native JSObjectPtr(JSObject);
 [ptr] native DomainPolicyClonePtr(mozilla::dom::DomainPolicyClone);

-[scriptable, uuid(f4c578b8-5bac-4ba1-9582-f1140e09a3b4)]
+[scriptable, uuid(50418f5c-b0d8-42c3-ba5d-efffb6927e1c)]
 interface nsIScriptSecurityManager : nsISupports
 {
    /**
@ -201,6 +201,20 @@ interface nsIScriptSecurityManager : nsISupports
    [implicit_jscontext]
    nsIPrincipal createNullPrincipal(in jsval originAttributes);

+    /**
+     * Creates an expanded principal whose capabilities are the union of the
+     * given principals. An expanded principal has an asymmetric privilege
+     * relationship with its sub-principals (that is to say, it subsumes the
+     * sub-principals, but the sub-principals do not subsume it), even if
+     * there's only one. This presents a legitimate use-case for making an
+     * expanded principal around a single sub-principal, which we do frequently.
+     *
+     * Expanded principals cannot have origin attributes themselves, but rather
+     * have them through their sub-principals - so we don't accept them here.
+     */
+    nsIPrincipal createExpandedPrincipal([array, size_is(aLength)] in nsIPrincipal aPrincipalArray,
+                                         [optional] in unsigned long aLength);
+
    /**
     * Returns OK if aSourceURI and target have the same "origin"
     * (scheme, host, and port).
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@ -1,5 +1,5 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* vim: set ts=4 et sw=4 tw=80: */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
@ -1027,6 +1027,21 @@ nsScriptSecurityManager::CreateNullPrincipal(JS::Handle<JS::Value> aOriginAttrib
  return NS_OK;
 }

+NS_IMETHODIMP
+nsScriptSecurityManager::CreateExpandedPrincipal(nsIPrincipal** aPrincipalArray, uint32_t aLength,
+                                                 nsIPrincipal** aResult)
+{
+  nsTArray<nsCOMPtr<nsIPrincipal>> principals;
+  principals.SetCapacity(aLength);
+  for (uint32_t i = 0; i < aLength; ++i) {
+    principals.AppendElement(aPrincipalArray[i]);
+  }
+
+  nsCOMPtr<nsIPrincipal> p = new nsExpandedPrincipal(principals);
+  p.forget(aResult);
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 nsScriptSecurityManager::GetAppCodebasePrincipal(nsIURI* aURI,
                                                 uint32_t aAppId,
--- a/caps/tests/unit/test_origin.js
+++ b/caps/tests/unit/test_origin.js
@ -47,7 +47,7 @@ function run_test() {
  var nullPrin = Cu.getObjectPrincipal(new Cu.Sandbox(null));
  do_check_true(/^moz-nullprincipal:\{([0-9]|[a-z]|\-){36}\}$/.test(nullPrin.origin));
  checkOriginAttributes(nullPrin);
-  var ep = Cu.getObjectPrincipal(new Cu.Sandbox([exampleCom, nullPrin, exampleOrg]));
+  var ep = ssm.createExpandedPrincipal([exampleCom, nullPrin, exampleOrg]);
  checkOriginAttributes(ep);
  checkCrossOrigin(exampleCom, exampleOrg);
  checkCrossOrigin(exampleOrg, nullPrin);