diff --git a/js/public/Class.h b/js/public/Class.h index a665c3b881c..04815f8137d 100644 --- a/js/public/Class.h +++ b/js/public/Class.h @@ -265,12 +265,6 @@ struct JSStringFinalizer { void (*finalize)(const JSStringFinalizer *fin, jschar *chars); }; -// Return whether the first principal subsumes the second. The exact meaning of -// 'subsumes' is left up to the browser. Subsumption is checked inside the JS -// engine when determining, e.g., which stack frames to display in a backtrace. -typedef bool -(* JSSubsumesOp)(JSPrincipals *first, JSPrincipals *second); - // Check whether v is an instance of obj. Return false on error or exception, // true on success with true in *bp if v is an instance of obj, false in // *bp otherwise. diff --git a/js/public/Principals.h b/js/public/Principals.h new file mode 100644 index 00000000000..78d8c7e8931 --- /dev/null +++ b/js/public/Principals.h @@ -0,0 +1,100 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * vim: set ts=8 sts=4 et sw=4 tw=99: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* JSPrincipals and related interfaces. */ + +#ifndef js_Principals_h +#define js_Principals_h + +#include "mozilla/Atomics.h" + +#include + +#include "jspubtd.h" + +struct JSPrincipals { + /* Don't call "destroy"; use reference counting macros below. */ +#ifdef JS_THREADSAFE + mozilla::Atomic refcount; +#else + int32_t refcount; +#endif + +#ifdef JS_DEBUG + /* A helper to facilitate principals debugging. */ + uint32_t debugToken; +#endif + + void setDebugToken(uint32_t token) { +# ifdef JS_DEBUG + debugToken = token; +# endif + } + + /* + * This is not defined by the JS engine but should be provided by the + * embedding. + */ + JS_PUBLIC_API(void) dump(); +}; + +extern JS_PUBLIC_API(void) +JS_HoldPrincipals(JSPrincipals *principals); + +extern JS_PUBLIC_API(void) +JS_DropPrincipals(JSRuntime *rt, JSPrincipals *principals); + +// Return whether the first principal subsumes the second. The exact meaning of +// 'subsumes' is left up to the browser. Subsumption is checked inside the JS +// engine when determining, e.g., which stack frames to display in a backtrace. +typedef bool +(* JSSubsumesOp)(JSPrincipals *first, JSPrincipals *second); + +/* + * Used to check if a CSP instance wants to disable eval() and friends. + * See js_CheckCSPPermitsJSAction() in jsobj. + */ +typedef bool +(* JSCSPEvalChecker)(JSContext *cx); + +struct JSSecurityCallbacks { + JSCSPEvalChecker contentSecurityPolicyAllows; + JSSubsumesOp subsumes; +}; + +extern JS_PUBLIC_API(void) +JS_SetSecurityCallbacks(JSRuntime *rt, const JSSecurityCallbacks *callbacks); + +extern JS_PUBLIC_API(const JSSecurityCallbacks *) +JS_GetSecurityCallbacks(JSRuntime *rt); + +/* + * Code running with "trusted" principals will be given a deeper stack + * allocation than ordinary scripts. This allows trusted script to run after + * untrusted script has exhausted the stack. This function sets the + * runtime-wide trusted principal. + * + * This principals is not held (via JS_HoldPrincipals/JS_DropPrincipals) since + * there is no available JSContext. Instead, the caller must ensure that the + * given principals stays valid for as long as 'rt' may point to it. If the + * principals would be destroyed before 'rt', JS_SetTrustedPrincipals must be + * called again, passing nullptr for 'prin'. + */ +extern JS_PUBLIC_API(void) +JS_SetTrustedPrincipals(JSRuntime *rt, const JSPrincipals *prin); + +typedef void +(* JSDestroyPrincipalsOp)(JSPrincipals *principals); + +/* + * Initialize the callback that is called to destroy JSPrincipals instance + * when its reference counter drops to zero. The initialization can be done + * only once per JS runtime. + */ +extern JS_PUBLIC_API(void) +JS_InitDestroyPrincipalsCallback(JSRuntime *rt, JSDestroyPrincipalsOp destroyPrincipals); + +#endif /* js_Principals_h */ diff --git a/js/src/jsapi.h b/js/src/jsapi.h index 26a5f49ba0e..0fe51abbc41 100644 --- a/js/src/jsapi.h +++ b/js/src/jsapi.h @@ -9,7 +9,6 @@ #ifndef jsapi_h #define jsapi_h -#include "mozilla/Atomics.h" #include "mozilla/FloatingPoint.h" #include "mozilla/MemoryReporting.h" #include "mozilla/RangedPtr.h" @@ -26,6 +25,7 @@ #include "js/Class.h" #include "js/HashTable.h" #include "js/Id.h" +#include "js/Principals.h" #include "js/RootingAPI.h" #include "js/Utility.h" #include "js/Value.h" @@ -779,20 +779,6 @@ typedef bool typedef bool (* JSLocaleToUnicode)(JSContext *cx, const char *src, JS::MutableHandleValue rval); -/* - * Security protocol types. - */ - -typedef void -(* JSDestroyPrincipalsOp)(JSPrincipals *principals); - -/* - * Used to check if a CSP instance wants to disable eval() and friends. - * See js_CheckCSPPermitsJSAction() in jsobj. - */ -typedef bool -(* JSCSPEvalChecker)(JSContext *cx); - /* * Callback used to ask the embedding for the cross compartment wrapper handler * that implements the desired prolicy for this kind of object in the @@ -3202,77 +3188,6 @@ JS_SetReservedSlot(JSObject *obj, uint32_t index, jsval v); /************************************************************************/ -/* - * Security protocol. - */ -struct JSPrincipals { - /* Don't call "destroy"; use reference counting macros below. */ -#ifdef JS_THREADSAFE - mozilla::Atomic refcount; -#else - int32_t refcount; -#endif - -#ifdef JS_DEBUG - /* A helper to facilitate principals debugging. */ - uint32_t debugToken; -#endif - - void setDebugToken(uint32_t token) { -# ifdef JS_DEBUG - debugToken = token; -# endif - } - - /* - * This is not defined by the JS engine but should be provided by the - * embedding. - */ - JS_PUBLIC_API(void) dump(); -}; - -extern JS_PUBLIC_API(void) -JS_HoldPrincipals(JSPrincipals *principals); - -extern JS_PUBLIC_API(void) -JS_DropPrincipals(JSRuntime *rt, JSPrincipals *principals); - -struct JSSecurityCallbacks { - JSCSPEvalChecker contentSecurityPolicyAllows; - JSSubsumesOp subsumes; -}; - -extern JS_PUBLIC_API(void) -JS_SetSecurityCallbacks(JSRuntime *rt, const JSSecurityCallbacks *callbacks); - -extern JS_PUBLIC_API(const JSSecurityCallbacks *) -JS_GetSecurityCallbacks(JSRuntime *rt); - -/* - * Code running with "trusted" principals will be given a deeper stack - * allocation than ordinary scripts. This allows trusted script to run after - * untrusted script has exhausted the stack. This function sets the - * runtime-wide trusted principal. - * - * This principals is not held (via JS_HoldPrincipals/JS_DropPrincipals) since - * there is no available JSContext. Instead, the caller must ensure that the - * given principals stays valid for as long as 'rt' may point to it. If the - * principals would be destroyed before 'rt', JS_SetTrustedPrincipals must be - * called again, passing nullptr for 'prin'. - */ -extern JS_PUBLIC_API(void) -JS_SetTrustedPrincipals(JSRuntime *rt, const JSPrincipals *prin); - -/* - * Initialize the callback that is called to destroy JSPrincipals instance - * when its reference counter drops to zero. The initialization can be done - * only once per JS runtime. - */ -extern JS_PUBLIC_API(void) -JS_InitDestroyPrincipalsCallback(JSRuntime *rt, JSDestroyPrincipalsOp destroyPrincipals); - -/************************************************************************/ - /* * Functions and scripts. */ diff --git a/js/src/moz.build b/js/src/moz.build index 450c8018042..5561034f49e 100644 --- a/js/src/moz.build +++ b/js/src/moz.build @@ -77,6 +77,7 @@ EXPORTS.js += [ '../public/LegacyIntTypes.h', '../public/MemoryMetrics.h', '../public/OldDebugAPI.h', + '../public/Principals.h', '../public/ProfilingStack.h', '../public/PropertyKey.h', '../public/RequiredDefines.h',