michael@0: /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- michael@0: * vim: set ts=8 sts=4 et sw=4 tw=99: michael@0: * This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: /* JSPrincipals and related interfaces. */ michael@0: michael@0: #ifndef js_Principals_h michael@0: #define js_Principals_h michael@0: michael@0: #include "mozilla/Atomics.h" michael@0: michael@0: #include michael@0: michael@0: #include "jspubtd.h" michael@0: michael@0: struct JSPrincipals { michael@0: /* Don't call "destroy"; use reference counting macros below. */ michael@0: #ifdef JS_THREADSAFE michael@0: mozilla::Atomic refcount; michael@0: #else michael@0: int32_t refcount; michael@0: #endif michael@0: michael@0: #ifdef JS_DEBUG michael@0: /* A helper to facilitate principals debugging. */ michael@0: uint32_t debugToken; michael@0: #endif michael@0: michael@0: void setDebugToken(uint32_t token) { michael@0: # ifdef JS_DEBUG michael@0: debugToken = token; michael@0: # endif michael@0: } michael@0: michael@0: /* michael@0: * This is not defined by the JS engine but should be provided by the michael@0: * embedding. michael@0: */ michael@0: JS_PUBLIC_API(void) dump(); michael@0: }; michael@0: michael@0: extern JS_PUBLIC_API(void) michael@0: JS_HoldPrincipals(JSPrincipals *principals); michael@0: michael@0: extern JS_PUBLIC_API(void) michael@0: JS_DropPrincipals(JSRuntime *rt, JSPrincipals *principals); michael@0: michael@0: // Return whether the first principal subsumes the second. The exact meaning of michael@0: // 'subsumes' is left up to the browser. Subsumption is checked inside the JS michael@0: // engine when determining, e.g., which stack frames to display in a backtrace. michael@0: typedef bool michael@0: (* JSSubsumesOp)(JSPrincipals *first, JSPrincipals *second); michael@0: michael@0: /* michael@0: * Used to check if a CSP instance wants to disable eval() and friends. michael@0: * See js_CheckCSPPermitsJSAction() in jsobj. michael@0: */ michael@0: typedef bool michael@0: (* JSCSPEvalChecker)(JSContext *cx); michael@0: michael@0: struct JSSecurityCallbacks { michael@0: JSCSPEvalChecker contentSecurityPolicyAllows; michael@0: JSSubsumesOp subsumes; michael@0: }; michael@0: michael@0: extern JS_PUBLIC_API(void) michael@0: JS_SetSecurityCallbacks(JSRuntime *rt, const JSSecurityCallbacks *callbacks); michael@0: michael@0: extern JS_PUBLIC_API(const JSSecurityCallbacks *) michael@0: JS_GetSecurityCallbacks(JSRuntime *rt); michael@0: michael@0: /* michael@0: * Code running with "trusted" principals will be given a deeper stack michael@0: * allocation than ordinary scripts. This allows trusted script to run after michael@0: * untrusted script has exhausted the stack. This function sets the michael@0: * runtime-wide trusted principal. michael@0: * michael@0: * This principals is not held (via JS_HoldPrincipals/JS_DropPrincipals) since michael@0: * there is no available JSContext. Instead, the caller must ensure that the michael@0: * given principals stays valid for as long as 'rt' may point to it. If the michael@0: * principals would be destroyed before 'rt', JS_SetTrustedPrincipals must be michael@0: * called again, passing nullptr for 'prin'. michael@0: */ michael@0: extern JS_PUBLIC_API(void) michael@0: JS_SetTrustedPrincipals(JSRuntime *rt, const JSPrincipals *prin); michael@0: michael@0: typedef void michael@0: (* JSDestroyPrincipalsOp)(JSPrincipals *principals); michael@0: michael@0: /* michael@0: * Initialize the callback that is called to destroy JSPrincipals instance michael@0: * when its reference counter drops to zero. The initialization can be done michael@0: * only once per JS runtime. michael@0: */ michael@0: extern JS_PUBLIC_API(void) michael@0: JS_InitDestroyPrincipalsCallback(JSRuntime *rt, JSDestroyPrincipalsOp destroyPrincipals); michael@0: michael@0: #endif /* js_Principals_h */