The Tor Browser / file revision

caps/include/nsScriptSecurityManager.h@ac0c01689b40

caps/include/nsScriptSecurityManager.h

Thu, 15 Jan 2015 15:59:08 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 15 Jan 2015 15:59:08 +0100
branch
TOR_BUG_9701
changeset 10
ac0c01689b40
permissions
-rw-r--r--

Implement a real Private Browsing Mode condition by changing the API/ABI;
This solves Tor bug #9701, complying with disk avoidance documented in
https://www.torproject.org/projects/torbrowser/design/#disk-avoidance.

     1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */

     2 /* vim: set ts=4 et sw=4 tw=80: */

     3 /* This Source Code Form is subject to the terms of the Mozilla Public

     4  * License, v. 2.0. If a copy of the MPL was not distributed with this

     5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     6 

     7 #ifndef nsScriptSecurityManager_h__

     8 #define nsScriptSecurityManager_h__

     9 

    10 #include "nsIScriptSecurityManager.h"

    11 #include "nsIPrincipal.h"

    12 #include "nsIXPCSecurityManager.h"

    13 #include "nsCOMPtr.h"

    14 #include "nsIChannelEventSink.h"

    15 #include "nsIObserver.h"

    16 #include "plstr.h"

    17 #include "nsIScriptExternalNameSet.h"

    18 #include "js/TypeDecls.h"

    19 

    20 #include <stdint.h>

    21 

    22 class nsIDocShell;

    23 class nsCString;

    24 class nsIClassInfo;

    25 class nsIIOService;

    26 class nsIStringBundle;

    27 class nsSystemPrincipal;

    28 class ClassInfoData;

    29 

    30 /////////////////////////////

    31 // nsScriptSecurityManager //

    32 /////////////////////////////

    33 #define NS_SCRIPTSECURITYMANAGER_CID \

    34 { 0x7ee2a4c0, 0x4b93, 0x17d3, \

    35 { 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}

    36 

    37 class nsScriptSecurityManager : public nsIScriptSecurityManager,

    38                                 public nsIChannelEventSink,

    39                                 public nsIObserver

    40 {

    41 public:

    42     static void Shutdown();

    43     

    44     NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)

    45         

    46     NS_DECL_ISUPPORTS

    47     NS_DECL_NSISCRIPTSECURITYMANAGER

    48     NS_DECL_NSIXPCSECURITYMANAGER

    49     NS_DECL_NSICHANNELEVENTSINK

    50     NS_DECL_NSIOBSERVER

    51 

    52     static nsScriptSecurityManager*

    53     GetScriptSecurityManager();

    54 

    55     static nsSystemPrincipal*

    56     SystemPrincipalSingletonConstructor();

    57 

    58     JSContext* GetCurrentJSContext();

    59 

    60     JSContext* GetSafeJSContext();

    61 

    62     /**

    63      * Utility method for comparing two URIs.  For security purposes, two URIs

    64      * are equivalent if their schemes, hosts, and ports (if any) match.  This

    65      * method returns true if aSubjectURI and aObjectURI have the same origin,

    66      * false otherwise.

    67      */

    68     static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);

    69     static uint32_t SecurityHashURI(nsIURI* aURI);

    70 

    71     static nsresult 

    72     ReportError(JSContext* cx, const nsAString& messageTag,

    73                 nsIURI* aSource, nsIURI* aTarget);

    74 

    75     static uint32_t

    76     HashPrincipalByOrigin(nsIPrincipal* aPrincipal);

    77 

    78     static bool

    79     GetStrictFileOriginPolicy()

    80     {

    81         return sStrictFileOriginPolicy;

    82     }

    83 

    84     /**

    85      * Returns true if the two principals share the same app attributes.

    86      *

    87      * App attributes are appId and the inBrowserElement flag.

    88      * Two principals have the same app attributes if those information are

    89      * equals.

    90      * This method helps keeping principals from different apps isolated from

    91      * each other. Also, it helps making sure mozbrowser (web views) and their

    92      * parent are isolated from each other. All those entities do not share the

    93      * same data (cookies, IndexedDB, localStorage, etc.) so we shouldn't allow

    94      * violating that principle.

    95      */

    96     static bool

    97     AppAttributesEqual(nsIPrincipal* aFirst,

    98                        nsIPrincipal* aSecond);

    99 

   100     void DeactivateDomainPolicy();

   101 

   102 private:

   103 

   104     // GetScriptSecurityManager is the only call that can make one

   105     nsScriptSecurityManager();

   106     virtual ~nsScriptSecurityManager();

   107 

   108     bool SubjectIsPrivileged();

   109 

   110     // Decides, based on CSP, whether or not eval() and stuff can be executed.

   111     static bool

   112     ContentSecurityPolicyPermitsJSAction(JSContext *cx);

   113 

   114     static bool

   115     JSPrincipalsSubsume(JSPrincipals *first, JSPrincipals *second);

   116 

   117     // Returns null if a principal cannot be found; generally callers

   118     // should error out at that point.

   119     static nsIPrincipal* doGetObjectPrincipal(JSObject* obj);

   120 

   121     // Returns null if a principal cannot be found.  Note that rv can be NS_OK

   122     // when this happens -- this means that there was no JS running.

   123     nsIPrincipal*

   124     doGetSubjectPrincipal(nsresult* rv);

   125 

   126     nsresult

   127     GetCodebasePrincipalInternal(nsIURI* aURI, uint32_t aAppId,

   128                                  bool aInMozBrowser,

   129                                  nsIPrincipal** result);

   130 

   131     nsresult

   132     CreateCodebasePrincipal(nsIURI* aURI, uint32_t aAppId, bool aInMozBrowser,

   133                             nsIPrincipal** result);

   134 

   135     // Returns null if a principal cannot be found.  Note that rv can be NS_OK

   136     // when this happens -- this means that there was no script for the

   137     // context.  Callers MUST pass in a non-null rv here.

   138     nsIPrincipal*

   139     GetSubjectPrincipal(JSContext* cx, nsresult* rv);

   140 

   141     nsresult

   142     Init();

   143 

   144     nsresult

   145     InitPrefs();

   146 

   147     inline void

   148     ScriptSecurityPrefChanged();

   149 

   150     inline void

   151     AddSitesToFileURIWhitelist(const nsCString& aSiteList);

   152 

   153     nsCOMPtr<nsIPrincipal> mSystemPrincipal;

   154     bool mPrefInitialized;

   155     bool mIsJavaScriptEnabled;

   156     nsTArray<nsCOMPtr<nsIURI>> mFileURIWhitelist;

   157 

   158     // This machinery controls new-style domain policies. The old-style

   159     // policy machinery will be removed soon.

   160     nsCOMPtr<nsIDomainPolicy> mDomainPolicy;

   161 

   162     static bool sStrictFileOriginPolicy;

   163 

   164     static nsIIOService    *sIOService;

   165     static nsIStringBundle *sStrBundle;

   166     static JSRuntime       *sRuntime;

   167 };

   168 

   169 #define NS_SECURITYNAMESET_CID \

   170  { 0x7c02eadc, 0x76, 0x4d03, \

   171  { 0x99, 0x8d, 0x80, 0xd7, 0x79, 0xc4, 0x85, 0x89 } }

   172 #define NS_SECURITYNAMESET_CONTRACTID "@mozilla.org/security/script/nameset;1"

   173 

   174 class nsSecurityNameSet : public nsIScriptExternalNameSet 

   175 {

   176 public:

   177     nsSecurityNameSet();

   178     virtual ~nsSecurityNameSet();

   179     

   180     NS_DECL_ISUPPORTS

   181 

   182     NS_IMETHOD InitializeNameSet(nsIScriptContext* aScriptContext);

   183 };

   184 

   185 namespace mozilla {

   186 

   187 void

   188 GetJarPrefix(uint32_t aAppid,

   189              bool aInMozBrowser,

   190              nsACString& aJarPrefix);

   191 

   192 } // namespace mozilla

   193 

   194 #endif // nsScriptSecurityManager_h__

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial