Bug 767134 - Stuff the source principal into nsIContentPolicy (r=bz, sr=jst)

This commit is contained in:
Devdatta Akhawe 2012-07-02 16:16:11 -07:00
parent 653c98d763
commit 7a3e5d2a07
10 changed files with 44 additions and 17 deletions

View File

@ -125,14 +125,16 @@ NS_CP_ContentTypeName(PRUint32 contentType)
return NS_ERROR_FAILURE; \ return NS_ERROR_FAILURE; \
\ \
return policy-> action (contentType, contentLocation, requestOrigin, \ return policy-> action (contentType, contentLocation, requestOrigin, \
context, mimeType, extra, decision); \ context, mimeType, extra, originPrincipal, \
decision); \
PR_END_MACRO PR_END_MACRO
/* Passes on parameters from its "caller"'s context. */ /* Passes on parameters from its "caller"'s context. */
#define CHECK_CONTENT_POLICY_WITH_SERVICE(action, _policy) \ #define CHECK_CONTENT_POLICY_WITH_SERVICE(action, _policy) \
PR_BEGIN_MACRO \ PR_BEGIN_MACRO \
return _policy-> action (contentType, contentLocation, requestOrigin, \ return _policy-> action (contentType, contentLocation, requestOrigin, \
context, mimeType, extra, decision); \ context, mimeType, extra, originPrincipal, \
decision); \
PR_END_MACRO PR_END_MACRO
/** /**

View File

@ -5,6 +5,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl" #include "nsISupports.idl"
#include "nsIPrincipal.idl"
interface nsIURI; interface nsIURI;
interface nsIDOMNode; interface nsIDOMNode;
@ -18,7 +19,7 @@ interface nsIDOMNode;
* by launching a dialog to prompt the user for something). * by launching a dialog to prompt the user for something).
*/ */
[scriptable,uuid(344f9cb0-9a17-44c5-ab96-ee707884266c)] [scriptable,uuid(e590e74f-bac7-4876-8c58-54dde92befb2)]
interface nsIContentPolicy : nsISupports interface nsIContentPolicy : nsISupports
{ {
const unsigned long TYPE_OTHER = 1; const unsigned long TYPE_OTHER = 1;
@ -209,7 +210,8 @@ interface nsIContentPolicy : nsISupports
in nsIURI aRequestOrigin, in nsIURI aRequestOrigin,
in nsISupports aContext, in nsISupports aContext,
in ACString aMimeTypeGuess, in ACString aMimeTypeGuess,
in nsISupports aExtra); in nsISupports aExtra,
[optional] in nsIPrincipal aRequestPrincipal);
/** /**
* Should the resource be processed? * Should the resource be processed?
@ -251,6 +253,7 @@ interface nsIContentPolicy : nsISupports
in nsIURI aRequestOrigin, in nsIURI aRequestOrigin,
in nsISupports aContext, in nsISupports aContext,
in ACString aMimeType, in ACString aMimeType,
in nsISupports aExtra); in nsISupports aExtra,
[optional] in nsIPrincipal aRequestPrincipal);
}; };

View File

@ -57,6 +57,7 @@ CSPService::ShouldLoad(PRUint32 aContentType,
nsISupports *aRequestContext, nsISupports *aRequestContext,
const nsACString &aMimeTypeGuess, const nsACString &aMimeTypeGuess,
nsISupports *aExtra, nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
PRInt16 *aDecision) PRInt16 *aDecision)
{ {
if (!aContentLocation) if (!aContentLocation)
@ -123,6 +124,7 @@ CSPService::ShouldProcess(PRUint32 aContentType,
nsISupports *aRequestContext, nsISupports *aRequestContext,
const nsACString &aMimeTypeGuess, const nsACString &aMimeTypeGuess,
nsISupports *aExtra, nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
PRInt16 *aDecision) PRInt16 *aDecision)
{ {
if (!aContentLocation) if (!aContentLocation)

View File

@ -76,6 +76,7 @@ nsContentPolicy::CheckPolicy(CPMethod policyMethod,
nsISupports *requestingContext, nsISupports *requestingContext,
const nsACString &mimeType, const nsACString &mimeType,
nsISupports *extra, nsISupports *extra,
nsIPrincipal *requestPrincipal,
PRInt16 *decision) PRInt16 *decision)
{ {
//sanity-check passed-through parameters //sanity-check passed-through parameters
@ -122,7 +123,8 @@ nsContentPolicy::CheckPolicy(CPMethod policyMethod,
/* check the appropriate policy */ /* check the appropriate policy */
rv = (entries[i]->*policyMethod)(contentType, contentLocation, rv = (entries[i]->*policyMethod)(contentType, contentLocation,
requestingLocation, requestingContext, requestingLocation, requestingContext,
mimeType, extra, decision); mimeType, extra, requestPrincipal,
decision);
if (NS_SUCCEEDED(rv) && NS_CP_REJECTED(*decision)) { if (NS_SUCCEEDED(rv) && NS_CP_REJECTED(*decision)) {
/* policy says no, no point continuing to check */ /* policy says no, no point continuing to check */
@ -177,13 +179,15 @@ nsContentPolicy::ShouldLoad(PRUint32 contentType,
nsISupports *requestingContext, nsISupports *requestingContext,
const nsACString &mimeType, const nsACString &mimeType,
nsISupports *extra, nsISupports *extra,
nsIPrincipal *requestPrincipal,
PRInt16 *decision) PRInt16 *decision)
{ {
// ShouldProcess does not need a content location, but we do // ShouldProcess does not need a content location, but we do
NS_PRECONDITION(contentLocation, "Must provide request location"); NS_PRECONDITION(contentLocation, "Must provide request location");
nsresult rv = CheckPolicy(&nsIContentPolicy::ShouldLoad, contentType, nsresult rv = CheckPolicy(&nsIContentPolicy::ShouldLoad, contentType,
contentLocation, requestingLocation, contentLocation, requestingLocation,
requestingContext, mimeType, extra, decision); requestingContext, mimeType, extra,
requestPrincipal, decision);
LOG_CHECK("ShouldLoad"); LOG_CHECK("ShouldLoad");
return rv; return rv;
@ -196,11 +200,13 @@ nsContentPolicy::ShouldProcess(PRUint32 contentType,
nsISupports *requestingContext, nsISupports *requestingContext,
const nsACString &mimeType, const nsACString &mimeType,
nsISupports *extra, nsISupports *extra,
nsIPrincipal *requestPrincipal,
PRInt16 *decision) PRInt16 *decision)
{ {
nsresult rv = CheckPolicy(&nsIContentPolicy::ShouldProcess, contentType, nsresult rv = CheckPolicy(&nsIContentPolicy::ShouldProcess, contentType,
contentLocation, requestingLocation, contentLocation, requestingLocation,
requestingContext, mimeType, extra, decision); requestingContext, mimeType, extra,
requestPrincipal, decision);
LOG_CHECK("ShouldProcess"); LOG_CHECK("ShouldProcess");
return rv; return rv;

View File

@ -31,7 +31,8 @@ class nsContentPolicy : public nsIContentPolicy
NS_STDCALL_FUNCPROTO(nsresult, CPMethod, nsIContentPolicy, NS_STDCALL_FUNCPROTO(nsresult, CPMethod, nsIContentPolicy,
ShouldProcess, ShouldProcess,
(PRUint32, nsIURI*, nsIURI*, nsISupports*, (PRUint32, nsIURI*, nsIURI*, nsISupports*,
const nsACString &, nsISupports*, PRInt16*)); const nsACString &, nsISupports*, nsIPrincipal*,
PRInt16*));
//Helper method that applies policyMethod across all policies in mPolicies //Helper method that applies policyMethod across all policies in mPolicies
// with the given parameters // with the given parameters
@ -39,6 +40,7 @@ class nsContentPolicy : public nsIContentPolicy
nsIURI *aURI, nsIURI *origURI, nsIURI *aURI, nsIURI *origURI,
nsISupports *requestingContext, nsISupports *requestingContext,
const nsACString &mimeGuess, nsISupports *extra, const nsACString &mimeGuess, nsISupports *extra,
nsIPrincipal *requestPrincipal,
PRInt16 *decision); PRInt16 *decision);
}; };

View File

@ -37,6 +37,7 @@ nsDataDocumentContentPolicy::ShouldLoad(PRUint32 aContentType,
nsISupports *aRequestingContext, nsISupports *aRequestingContext,
const nsACString &aMimeGuess, const nsACString &aMimeGuess,
nsISupports *aExtra, nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
PRInt16 *aDecision) PRInt16 *aDecision)
{ {
*aDecision = nsIContentPolicy::ACCEPT; *aDecision = nsIContentPolicy::ACCEPT;
@ -129,8 +130,10 @@ nsDataDocumentContentPolicy::ShouldProcess(PRUint32 aContentType,
nsISupports *aRequestingContext, nsISupports *aRequestingContext,
const nsACString &aMimeGuess, const nsACString &aMimeGuess,
nsISupports *aExtra, nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
PRInt16 *aDecision) PRInt16 *aDecision)
{ {
return ShouldLoad(aContentType, aContentLocation, aRequestingLocation, return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
aRequestingContext, aMimeGuess, aExtra, aDecision); aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
aDecision);
} }

View File

@ -26,6 +26,7 @@ nsNoDataProtocolContentPolicy::ShouldLoad(PRUint32 aContentType,
nsISupports *aRequestingContext, nsISupports *aRequestingContext,
const nsACString &aMimeGuess, const nsACString &aMimeGuess,
nsISupports *aExtra, nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
PRInt16 *aDecision) PRInt16 *aDecision)
{ {
*aDecision = nsIContentPolicy::ACCEPT; *aDecision = nsIContentPolicy::ACCEPT;
@ -70,8 +71,10 @@ nsNoDataProtocolContentPolicy::ShouldProcess(PRUint32 aContentType,
nsISupports *aRequestingContext, nsISupports *aRequestingContext,
const nsACString &aMimeGuess, const nsACString &aMimeGuess,
nsISupports *aExtra, nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
PRInt16 *aDecision) PRInt16 *aDecision)
{ {
return ShouldLoad(aContentType, aContentLocation, aRequestingLocation, return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
aRequestingContext, aMimeGuess, aExtra, aDecision); aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
aDecision);
} }

View File

@ -8162,8 +8162,8 @@ nsDocShell::InternalLoad(nsIURI * aURI,
} }
// XXXbz would be nice to know the loading principal here... but we don't // XXXbz would be nice to know the loading principal here... but we don't
nsCOMPtr<nsIPrincipal> loadingPrincipal; nsCOMPtr<nsIPrincipal> loadingPrincipal = do_QueryInterface(aOwner);
if (aReferrer) { if (!loadingPrincipal && aReferrer) {
nsCOMPtr<nsIScriptSecurityManager> secMan = nsCOMPtr<nsIScriptSecurityManager> secMan =
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
@ -8171,7 +8171,7 @@ nsDocShell::InternalLoad(nsIURI * aURI,
rv = secMan->GetCodebasePrincipal(aReferrer, rv = secMan->GetCodebasePrincipal(aReferrer,
getter_AddRefs(loadingPrincipal)); getter_AddRefs(loadingPrincipal));
} }
rv = NS_CheckContentLoadPolicy(contentType, rv = NS_CheckContentLoadPolicy(contentType,
aURI, aURI,
loadingPrincipal, loadingPrincipal,

View File

@ -75,6 +75,7 @@ nsWebBrowserContentPolicy::ShouldLoad(PRUint32 contentType,
nsISupports *requestingContext, nsISupports *requestingContext,
const nsACString &mimeGuess, const nsACString &mimeGuess,
nsISupports *extra, nsISupports *extra,
nsIPrincipal *requestPrincipal,
PRInt16 *shouldLoad) PRInt16 *shouldLoad)
{ {
return PerformPolicyCheck(contentType, requestingContext, shouldLoad); return PerformPolicyCheck(contentType, requestingContext, shouldLoad);
@ -87,6 +88,7 @@ nsWebBrowserContentPolicy::ShouldProcess(PRUint32 contentType,
nsISupports *requestingContext, nsISupports *requestingContext,
const nsACString &mimeGuess, const nsACString &mimeGuess,
nsISupports *extra, nsISupports *extra,
nsIPrincipal *requestPrincipal,
PRInt16 *shouldProcess) PRInt16 *shouldProcess)
{ {
*shouldProcess = nsIContentPolicy::ACCEPT; *shouldProcess = nsIContentPolicy::ACCEPT;

View File

@ -127,6 +127,7 @@ nsContentBlocker::ShouldLoad(PRUint32 aContentType,
nsISupports *aRequestingContext, nsISupports *aRequestingContext,
const nsACString &aMimeGuess, const nsACString &aMimeGuess,
nsISupports *aExtra, nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
PRInt16 *aDecision) PRInt16 *aDecision)
{ {
*aDecision = nsIContentPolicy::ACCEPT; *aDecision = nsIContentPolicy::ACCEPT;
@ -188,12 +189,13 @@ nsContentBlocker::ShouldLoad(PRUint32 aContentType,
} }
NS_ASSERTION(aContentType != nsIContentPolicy::TYPE_OBJECT, NS_ASSERTION(aContentType != nsIContentPolicy::TYPE_OBJECT,
"Shouldn't happen. Infinite loops are bad!"); "Shouldn't happen. Infinite loops are bad!");
// Found a type that tells us more about what we're loading. Try // Found a type that tells us more about what we're loading. Try
// the permissions check again! // the permissions check again!
return ShouldLoad(aContentType, aContentLocation, aRequestingLocation, return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
aRequestingContext, aMimeGuess, aExtra, aDecision); aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
aDecision);
} }
NS_IMETHODIMP NS_IMETHODIMP
@ -203,6 +205,7 @@ nsContentBlocker::ShouldProcess(PRUint32 aContentType,
nsISupports *aRequestingContext, nsISupports *aRequestingContext,
const nsACString &aMimeGuess, const nsACString &aMimeGuess,
nsISupports *aExtra, nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
PRInt16 *aDecision) PRInt16 *aDecision)
{ {
// For loads where aRequestingContext is chrome, we should just // For loads where aRequestingContext is chrome, we should just
@ -223,7 +226,8 @@ nsContentBlocker::ShouldProcess(PRUint32 aContentType,
// This isn't a load from chrome. Just do a ShouldLoad() check -- // This isn't a load from chrome. Just do a ShouldLoad() check --
// we want the same answer here // we want the same answer here
return ShouldLoad(aContentType, aContentLocation, aRequestingLocation, return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
aRequestingContext, aMimeGuess, aExtra, aDecision); aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
aDecision);
} }
nsresult nsresult