The Tor Browser / annotate

caps/src/nsSecurityManagerFactory.cpp@97036ab72558 (annotated)

caps/src/nsSecurityManagerFactory.cpp

Tue, 06 Jan 2015 21:39:09 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Tue, 06 Jan 2015 21:39:09 +0100
branch
TOR_BUG_9701
changeset 8
97036ab72558
permissions
-rw-r--r--

Conditionally force memory storage according to privacy.thirdparty.isolate;
This solves Tor bug #9701, complying with disk avoidance documented in
https://www.torproject.org/projects/torbrowser/design/#disk-avoidance.

michael@0 1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
michael@0 2 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 3 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 5 /*Factory for internal browser security resource managers*/
michael@0 6
michael@0 7 #include "nsCOMPtr.h"
michael@0 8 #include "nsIScriptSecurityManager.h"
michael@0 9 #include "nsScriptSecurityManager.h"
michael@0 10 #include "nsIPrincipal.h"
michael@0 11 #include "nsPrincipal.h"
michael@0 12 #include "nsSystemPrincipal.h"
michael@0 13 #include "nsNullPrincipal.h"
michael@0 14 #include "nsIScriptNameSpaceManager.h"
michael@0 15 #include "nsIScriptContext.h"
michael@0 16 #include "nsICategoryManager.h"
michael@0 17 #include "nsXPIDLString.h"
michael@0 18 #include "nsCOMPtr.h"
michael@0 19 #include "nsIServiceManager.h"
michael@0 20 #include "nsString.h"
michael@0 21 #include "nsNetCID.h"
michael@0 22 #include "nsIClassInfoImpl.h"
michael@0 23 #include "nsJSUtils.h"
michael@0 24 #include "nsPIDOMWindow.h"
michael@0 25 #include "nsIScriptGlobalObject.h"
michael@0 26 #include "nsIDocument.h"
michael@0 27 #include "jsfriendapi.h"
michael@0 28 #include "xpcprivate.h"
michael@0 29 #include "nsCxPusher.h"
michael@0 30 #include "mozilla/Preferences.h"
michael@0 31 #include "mozilla/Telemetry.h"
michael@0 32
michael@0 33 using namespace mozilla;
michael@0 34
michael@0 35 ///////////////////////
michael@0 36 // nsSecurityNameSet //
michael@0 37 ///////////////////////
michael@0 38
michael@0 39 nsSecurityNameSet::nsSecurityNameSet()
michael@0 40 {
michael@0 41 }
michael@0 42
michael@0 43 nsSecurityNameSet::~nsSecurityNameSet()
michael@0 44 {
michael@0 45 }
michael@0 46
michael@0 47 NS_IMPL_ISUPPORTS(nsSecurityNameSet, nsIScriptExternalNameSet)
michael@0 48
michael@0 49 static bool
michael@0 50 netscape_security_enablePrivilege(JSContext *cx, unsigned argc, JS::Value *vp)
michael@0 51 {
michael@0 52 Telemetry::Accumulate(Telemetry::ENABLE_PRIVILEGE_EVER_CALLED, true);
michael@0 53 return xpc::EnableUniversalXPConnect(cx);
michael@0 54 }
michael@0 55
michael@0 56 static const JSFunctionSpec PrivilegeManager_static_methods[] = {
michael@0 57 JS_FS("enablePrivilege", netscape_security_enablePrivilege, 1, 0),
michael@0 58 JS_FS_END
michael@0 59 };
michael@0 60
michael@0 61 /*
michael@0 62 * "Steal" calls to netscape.security.PrivilegeManager.enablePrivilege,
michael@0 63 * et al. so that code that worked with 4.0 can still work.
michael@0 64 */
michael@0 65 NS_IMETHODIMP
michael@0 66 nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext)
michael@0 67 {
michael@0 68 AutoJSContext cx;
michael@0 69 JS::Rooted<JSObject*> global(cx, aScriptContext->GetWindowProxy());
michael@0 70 JSAutoCompartment ac(cx, global);
michael@0 71
michael@0 72 /*
michael@0 73 * Find Object.prototype's class by walking up the global object's
michael@0 74 * prototype chain.
michael@0 75 */
michael@0 76 JS::Rooted<JSObject*> obj(cx, global);
michael@0 77 JS::Rooted<JSObject*> proto(cx);
michael@0 78 for (;;) {
michael@0 79 MOZ_ALWAYS_TRUE(JS_GetPrototype(cx, obj, &proto));
michael@0 80 if (!proto)
michael@0 81 break;
michael@0 82 obj = proto;
michael@0 83 }
michael@0 84 const JSClass *objectClass = JS_GetClass(obj);
michael@0 85
michael@0 86 JS::Rooted<JS::Value> v(cx);
michael@0 87 if (!JS_GetProperty(cx, global, "netscape", &v))
michael@0 88 return NS_ERROR_FAILURE;
michael@0 89
michael@0 90 JS::Rooted<JSObject*> securityObj(cx);
michael@0 91 if (v.isObject()) {
michael@0 92 /*
michael@0 93 * "netscape" property of window object exists; get the
michael@0 94 * "security" property.
michael@0 95 */
michael@0 96 obj = &v.toObject();
michael@0 97 if (!JS_GetProperty(cx, obj, "security", &v) || !v.isObject())
michael@0 98 return NS_ERROR_FAILURE;
michael@0 99 securityObj = &v.toObject();
michael@0 100 } else {
michael@0 101 /* define netscape.security object */
michael@0 102 obj = JS_DefineObject(cx, global, "netscape", objectClass, nullptr, 0);
michael@0 103 if (obj == nullptr)
michael@0 104 return NS_ERROR_FAILURE;
michael@0 105 securityObj = JS_DefineObject(cx, obj, "security", objectClass,
michael@0 106 nullptr, 0);
michael@0 107 if (securityObj == nullptr)
michael@0 108 return NS_ERROR_FAILURE;
michael@0 109 }
michael@0 110
michael@0 111 // We hide enablePrivilege behind a pref because it has been altered in a
michael@0 112 // way that makes it fundamentally insecure to use in production. Mozilla
michael@0 113 // uses this pref during automated testing to support legacy test code that
michael@0 114 // uses enablePrivilege. If you're not doing test automation, you _must_ not
michael@0 115 // flip this pref, or you will be exposing all your users to security
michael@0 116 // vulnerabilities.
michael@0 117 if (!Preferences::GetBool("security.turn_off_all_security_so_that_viruses_can_take_over_this_computer"))
michael@0 118 return NS_OK;
michael@0 119
michael@0 120 /* Define PrivilegeManager object with the necessary "static" methods. */
michael@0 121 obj = JS_DefineObject(cx, securityObj, "PrivilegeManager", objectClass,
michael@0 122 nullptr, 0);
michael@0 123 if (obj == nullptr)
michael@0 124 return NS_ERROR_FAILURE;
michael@0 125
michael@0 126 return JS_DefineFunctions(cx, obj, PrivilegeManager_static_methods)
michael@0 127 ? NS_OK
michael@0 128 : NS_ERROR_FAILURE;
michael@0 129 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial