mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 958326 - Remove same-compartment security wrapper machinery. r=mrbkap
This commit is contained in:
Bobby Holley
parent
f0116ff0f0
commit
681c4916bf
@ -512,12 +512,6 @@ CouldBeDOMBinding(nsWrapperCache* aCache)
|
||||
return aCache->IsDOMBinding();
|
||||
}
|
||||
|
||||
inline bool
|
||||
GetSameCompartmentWrapperForDOMBinding(JSObject*& obj)
|
||||
{
|
||||
return IsDOMObject(obj);
|
||||
}
|
||||
|
||||
// Make sure to wrap the given string value into the right compartment, as
|
||||
// needed.
|
||||
MOZ_ALWAYS_INLINE
|
||||
@ -540,15 +534,14 @@ MaybeWrapObjectValue(JSContext* cx, JS::MutableHandle<JS::Value> rval)
|
||||
{
|
||||
MOZ_ASSERT(rval.isObject());
|
||||
|
||||
// Cross-compartment always requires wrapping.
|
||||
JSObject* obj = &rval.toObject();
|
||||
if (js::GetObjectCompartment(obj) != js::GetContextCompartment(cx)) {
|
||||
return JS_WrapValue(cx, rval);
|
||||
}
|
||||
|
||||
// We're same-compartment, but even then we might need to wrap
|
||||
// objects specially. Check for that.
|
||||
if (GetSameCompartmentWrapperForDOMBinding(obj)) {
|
||||
// We're a new-binding object, and "obj" now points to the right thing
|
||||
// We're same-compartment. If we're a WebIDL object, we're done.
|
||||
if (IsDOMObject(obj)) {
|
||||
rval.set(JS::ObjectValue(*obj));
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -38,13 +38,6 @@ wrap(JSContext *cx, JS::HandleObject toWrap, JS::HandleObject target)
|
||||
return wrapper;
|
||||
}
|
||||
|
||||
static JSObject *
|
||||
SameCompartmentWrap(JSContext *cx, JS::HandleObject obj)
|
||||
{
|
||||
JS_GC(JS_GetRuntime(cx));
|
||||
return obj;
|
||||
}
|
||||
|
||||
static JSObject *
|
||||
PreWrap(JSContext *cx, JS::HandleObject scope, JS::HandleObject obj, unsigned flags)
|
||||
{
|
||||
@ -61,7 +54,6 @@ Wrap(JSContext *cx, JS::HandleObject existing, JS::HandleObject obj,
|
||||
|
||||
static const JSWrapObjectCallbacks WrapObjectCallbacks = {
|
||||
Wrap,
|
||||
SameCompartmentWrap,
|
||||
PreWrap
|
||||
};
|
||||
|
||||
|
||||
@ -802,23 +802,9 @@ typedef JSObject *
|
||||
(* JSPreWrapCallback)(JSContext *cx, JS::HandleObject scope, JS::HandleObject obj,
|
||||
unsigned flags);
|
||||
|
||||
/*
|
||||
* Callback used when wrapping determines that the underlying object is already
|
||||
* in the compartment for which it is being wrapped. This allows consumers to
|
||||
* maintain same-compartment wrapping invariants.
|
||||
*
|
||||
* |obj| is guaranteed to be same-compartment as |cx|, but it may (or may not)
|
||||
* be a security or cross-compartment wrapper. This is an unfortunate contract,
|
||||
* but is important for to avoid unnecessarily recomputing every cross-
|
||||
* compartment wrapper that gets passed to wrap.
|
||||
*/
|
||||
typedef JSObject *
|
||||
(* JSSameCompartmentWrapObjectCallback)(JSContext *cx, JS::HandleObject obj);
|
||||
|
||||
struct JSWrapObjectCallbacks
|
||||
{
|
||||
JSWrapObjectCallback wrap;
|
||||
JSSameCompartmentWrapObjectCallback sameCompartmentWrap;
|
||||
JSPreWrapCallback preWrap;
|
||||
};
|
||||
|
||||
|
||||
@ -182,20 +182,6 @@ JSCompartment::ensureJitCompartmentExists(JSContext *cx)
|
||||
}
|
||||
#endif
|
||||
|
||||
static bool
|
||||
WrapForSameCompartment(JSContext *cx, MutableHandleObject obj, const JSWrapObjectCallbacks *cb)
|
||||
{
|
||||
JS_ASSERT(cx->compartment() == obj->compartment());
|
||||
if (!cb->sameCompartmentWrap)
|
||||
return true;
|
||||
|
||||
RootedObject wrapped(cx, cb->sameCompartmentWrap(cx, obj));
|
||||
if (!wrapped)
|
||||
return false;
|
||||
obj.set(wrapped);
|
||||
return true;
|
||||
}
|
||||
|
||||
#ifdef JSGC_GENERATIONAL
|
||||
|
||||
/*
|
||||
@ -363,8 +349,10 @@ JSCompartment::wrap(JSContext *cx, MutableHandleObject obj, HandleObject existin
|
||||
|
||||
const JSWrapObjectCallbacks *cb = cx->runtime()->wrapObjectCallbacks;
|
||||
|
||||
if (obj->compartment() == this)
|
||||
return WrapForSameCompartment(cx, obj, cb);
|
||||
if (obj->compartment() == this) {
|
||||
obj.set(GetOuterObject(cx, obj));
|
||||
return true;
|
||||
}
|
||||
|
||||
// If we have a cross-compartment wrapper, make sure that the cx isn't
|
||||
// associated with the self-hosting global. We don't want to create
|
||||
@ -377,8 +365,10 @@ JSCompartment::wrap(JSContext *cx, MutableHandleObject obj, HandleObject existin
|
||||
unsigned flags = 0;
|
||||
obj.set(UncheckedUnwrap(obj, /* stopAtOuter = */ true, &flags));
|
||||
|
||||
if (obj->compartment() == this)
|
||||
return WrapForSameCompartment(cx, obj, cb);
|
||||
if (obj->compartment() == this) {
|
||||
MOZ_ASSERT(obj == GetOuterObject(cx, obj));
|
||||
return true;
|
||||
}
|
||||
|
||||
// Translate StopIteration singleton.
|
||||
if (obj->is<StopIterationObject>()) {
|
||||
@ -399,16 +389,11 @@ JSCompartment::wrap(JSContext *cx, MutableHandleObject obj, HandleObject existin
|
||||
if (!obj)
|
||||
return false;
|
||||
}
|
||||
MOZ_ASSERT(obj == GetOuterObject(cx, obj));
|
||||
|
||||
if (obj->compartment() == this)
|
||||
return WrapForSameCompartment(cx, obj, cb);
|
||||
return true;
|
||||
|
||||
#ifdef DEBUG
|
||||
{
|
||||
JSObject *outer = GetOuterObject(cx, obj);
|
||||
JS_ASSERT(outer && outer == obj);
|
||||
}
|
||||
#endif
|
||||
|
||||
// If we already have a wrapper for this value, use it.
|
||||
RootedValue key(cx, ObjectValue(*obj));
|
||||
|
||||
@ -105,7 +105,6 @@ PerThreadData::init()
|
||||
|
||||
static const JSWrapObjectCallbacks DefaultWrapObjectCallbacks = {
|
||||
TransparentObjectWrapper,
|
||||
nullptr,
|
||||
nullptr
|
||||
};
|
||||
|
||||
|
||||
@ -2993,7 +2993,6 @@ class XPCJSSourceHook: public js::SourceHook {
|
||||
|
||||
static const JSWrapObjectCallbacks WrapObjectCallbacks = {
|
||||
xpc::WrapperFactory::Rewrap,
|
||||
xpc::WrapperFactory::WrapForSameCompartment,
|
||||
xpc::WrapperFactory::PrepareForWrapping
|
||||
};
|
||||
|
||||
|
||||
@ -489,26 +489,6 @@ WrapperFactory::Rewrap(JSContext *cx, HandleObject existing, HandleObject obj,
|
||||
return Wrapper::New(cx, obj, parent, wrapper);
|
||||
}
|
||||
|
||||
JSObject *
|
||||
WrapperFactory::WrapForSameCompartment(JSContext *cx, HandleObject objArg)
|
||||
{
|
||||
RootedObject obj(cx, objArg);
|
||||
MOZ_ASSERT(js::IsObjectInContextCompartment(obj, cx));
|
||||
|
||||
// NB: The contract of WrapForSameCompartment says that |obj| may or may not
|
||||
// be a security wrapper. These checks implicitly handle the security
|
||||
// wrapper case.
|
||||
|
||||
// Outerize if necessary. This, in combination with the check in
|
||||
// PrepareForUnwrapping, means that calling JS_Wrap* always outerizes.
|
||||
obj = JS_ObjectToOuterObject(cx, obj);
|
||||
NS_ENSURE_TRUE(obj, nullptr);
|
||||
|
||||
// The method below is a no-op for non-DOM objects.
|
||||
dom::GetSameCompartmentWrapperForDOMBinding(*obj.address());
|
||||
return obj;
|
||||
}
|
||||
|
||||
// Call WaiveXrayAndWrap when you have a JS object that you don't want to be
|
||||
// wrapped in an Xray wrapper. cx->compartment is the compartment that will be
|
||||
// using the returned object. If the object to be wrapped is already in the
|
||||
|
||||
@ -58,10 +58,6 @@ class WrapperFactory {
|
||||
JS::HandleObject parent,
|
||||
unsigned flags);
|
||||
|
||||
// Wrap an object for same-compartment access.
|
||||
static JSObject *WrapForSameCompartment(JSContext *cx,
|
||||
JS::HandleObject obj);
|
||||
|
||||
// Wrap wrapped object into a waiver wrapper and then re-wrap it.
|
||||
static bool WaiveXrayAndWrap(JSContext *cx, JS::MutableHandleValue vp);
|
||||
static bool WaiveXrayAndWrap(JSContext *cx, JS::MutableHandleObject object);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user