js/public/Principals.h@97036ab72558
js/public/Principals.h
Tue, 06 Jan 2015 21:39:09 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Tue, 06 Jan 2015 21:39:09 +0100
- branch
- TOR_BUG_9701
- changeset 8
- 97036ab72558
- permissions
- -rw-r--r--
Conditionally force memory storage according to privacy.thirdparty.isolate;
This solves Tor bug #9701, complying with disk avoidance documented in
https://www.torproject.org/projects/torbrowser/design/#disk-avoidance.
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: set ts=8 sts=4 et sw=4 tw=99:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /* JSPrincipals and related interfaces. */
9 #ifndef js_Principals_h
10 #define js_Principals_h
12 #include "mozilla/Atomics.h"
14 #include <stdint.h>
16 #include "jspubtd.h"
18 struct JSPrincipals {
19 /* Don't call "destroy"; use reference counting macros below. */
20 #ifdef JS_THREADSAFE
21 mozilla::Atomic<int32_t> refcount;
22 #else
23 int32_t refcount;
24 #endif
26 #ifdef JS_DEBUG
27 /* A helper to facilitate principals debugging. */
28 uint32_t debugToken;
29 #endif
31 void setDebugToken(uint32_t token) {
32 # ifdef JS_DEBUG
33 debugToken = token;
34 # endif
35 }
37 /*
38 * This is not defined by the JS engine but should be provided by the
39 * embedding.
40 */
41 JS_PUBLIC_API(void) dump();
42 };
44 extern JS_PUBLIC_API(void)
45 JS_HoldPrincipals(JSPrincipals *principals);
47 extern JS_PUBLIC_API(void)
48 JS_DropPrincipals(JSRuntime *rt, JSPrincipals *principals);
50 // Return whether the first principal subsumes the second. The exact meaning of
51 // 'subsumes' is left up to the browser. Subsumption is checked inside the JS
52 // engine when determining, e.g., which stack frames to display in a backtrace.
53 typedef bool
54 (* JSSubsumesOp)(JSPrincipals *first, JSPrincipals *second);
56 /*
57 * Used to check if a CSP instance wants to disable eval() and friends.
58 * See js_CheckCSPPermitsJSAction() in jsobj.
59 */
60 typedef bool
61 (* JSCSPEvalChecker)(JSContext *cx);
63 struct JSSecurityCallbacks {
64 JSCSPEvalChecker contentSecurityPolicyAllows;
65 JSSubsumesOp subsumes;
66 };
68 extern JS_PUBLIC_API(void)
69 JS_SetSecurityCallbacks(JSRuntime *rt, const JSSecurityCallbacks *callbacks);
71 extern JS_PUBLIC_API(const JSSecurityCallbacks *)
72 JS_GetSecurityCallbacks(JSRuntime *rt);
74 /*
75 * Code running with "trusted" principals will be given a deeper stack
76 * allocation than ordinary scripts. This allows trusted script to run after
77 * untrusted script has exhausted the stack. This function sets the
78 * runtime-wide trusted principal.
79 *
80 * This principals is not held (via JS_HoldPrincipals/JS_DropPrincipals) since
81 * there is no available JSContext. Instead, the caller must ensure that the
82 * given principals stays valid for as long as 'rt' may point to it. If the
83 * principals would be destroyed before 'rt', JS_SetTrustedPrincipals must be
84 * called again, passing nullptr for 'prin'.
85 */
86 extern JS_PUBLIC_API(void)
87 JS_SetTrustedPrincipals(JSRuntime *rt, const JSPrincipals *prin);
89 typedef void
90 (* JSDestroyPrincipalsOp)(JSPrincipals *principals);
92 /*
93 * Initialize the callback that is called to destroy JSPrincipals instance
94 * when its reference counter drops to zero. The initialization can be done
95 * only once per JS runtime.
96 */
97 extern JS_PUBLIC_API(void)
98 JS_InitDestroyPrincipalsCallback(JSRuntime *rt, JSDestroyPrincipalsOp destroyPrincipals);
100 #endif /* js_Principals_h */
