1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/js/public/Principals.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,100 @@
1.4 +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
1.5 + * vim: set ts=8 sts=4 et sw=4 tw=99:
1.6 + * This Source Code Form is subject to the terms of the Mozilla Public
1.7 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.8 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.9 +
1.10 +/* JSPrincipals and related interfaces. */
1.11 +
1.12 +#ifndef js_Principals_h
1.13 +#define js_Principals_h
1.14 +
1.15 +#include "mozilla/Atomics.h"
1.16 +
1.17 +#include <stdint.h>
1.18 +
1.19 +#include "jspubtd.h"
1.20 +
1.21 +struct JSPrincipals {
1.22 + /* Don't call "destroy"; use reference counting macros below. */
1.23 +#ifdef JS_THREADSAFE
1.24 + mozilla::Atomic<int32_t> refcount;
1.25 +#else
1.26 + int32_t refcount;
1.27 +#endif
1.28 +
1.29 +#ifdef JS_DEBUG
1.30 + /* A helper to facilitate principals debugging. */
1.31 + uint32_t debugToken;
1.32 +#endif
1.33 +
1.34 + void setDebugToken(uint32_t token) {
1.35 +# ifdef JS_DEBUG
1.36 + debugToken = token;
1.37 +# endif
1.38 + }
1.39 +
1.40 + /*
1.41 + * This is not defined by the JS engine but should be provided by the
1.42 + * embedding.
1.43 + */
1.44 + JS_PUBLIC_API(void) dump();
1.45 +};
1.46 +
1.47 +extern JS_PUBLIC_API(void)
1.48 +JS_HoldPrincipals(JSPrincipals *principals);
1.49 +
1.50 +extern JS_PUBLIC_API(void)
1.51 +JS_DropPrincipals(JSRuntime *rt, JSPrincipals *principals);
1.52 +
1.53 +// Return whether the first principal subsumes the second. The exact meaning of
1.54 +// 'subsumes' is left up to the browser. Subsumption is checked inside the JS
1.55 +// engine when determining, e.g., which stack frames to display in a backtrace.
1.56 +typedef bool
1.57 +(* JSSubsumesOp)(JSPrincipals *first, JSPrincipals *second);
1.58 +
1.59 +/*
1.60 + * Used to check if a CSP instance wants to disable eval() and friends.
1.61 + * See js_CheckCSPPermitsJSAction() in jsobj.
1.62 + */
1.63 +typedef bool
1.64 +(* JSCSPEvalChecker)(JSContext *cx);
1.65 +
1.66 +struct JSSecurityCallbacks {
1.67 + JSCSPEvalChecker contentSecurityPolicyAllows;
1.68 + JSSubsumesOp subsumes;
1.69 +};
1.70 +
1.71 +extern JS_PUBLIC_API(void)
1.72 +JS_SetSecurityCallbacks(JSRuntime *rt, const JSSecurityCallbacks *callbacks);
1.73 +
1.74 +extern JS_PUBLIC_API(const JSSecurityCallbacks *)
1.75 +JS_GetSecurityCallbacks(JSRuntime *rt);
1.76 +
1.77 +/*
1.78 + * Code running with "trusted" principals will be given a deeper stack
1.79 + * allocation than ordinary scripts. This allows trusted script to run after
1.80 + * untrusted script has exhausted the stack. This function sets the
1.81 + * runtime-wide trusted principal.
1.82 + *
1.83 + * This principals is not held (via JS_HoldPrincipals/JS_DropPrincipals) since
1.84 + * there is no available JSContext. Instead, the caller must ensure that the
1.85 + * given principals stays valid for as long as 'rt' may point to it. If the
1.86 + * principals would be destroyed before 'rt', JS_SetTrustedPrincipals must be
1.87 + * called again, passing nullptr for 'prin'.
1.88 + */
1.89 +extern JS_PUBLIC_API(void)
1.90 +JS_SetTrustedPrincipals(JSRuntime *rt, const JSPrincipals *prin);
1.91 +
1.92 +typedef void
1.93 +(* JSDestroyPrincipalsOp)(JSPrincipals *principals);
1.94 +
1.95 +/*
1.96 + * Initialize the callback that is called to destroy JSPrincipals instance
1.97 + * when its reference counter drops to zero. The initialization can be done
1.98 + * only once per JS runtime.
1.99 + */
1.100 +extern JS_PUBLIC_API(void)
1.101 +JS_InitDestroyPrincipalsCallback(JSRuntime *rt, JSDestroyPrincipalsOp destroyPrincipals);
1.102 +
1.103 +#endif /* js_Principals_h */
