michael@0: /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- michael@0: * vim: sw=2 ts=8 et : michael@0: */ michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this file, michael@0: * You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef mozilla_AppProcessChecker_h michael@0: #define mozilla_AppProcessChecker_h michael@0: michael@0: #include michael@0: michael@0: class nsIPrincipal; michael@0: michael@0: namespace mozilla { michael@0: michael@0: namespace dom { michael@0: class PBrowserParent; michael@0: class PContentParent; michael@0: } michael@0: michael@0: namespace hal_sandbox { michael@0: class PHalParent; michael@0: } michael@0: michael@0: enum AssertAppProcessType { michael@0: ASSERT_APP_PROCESS_PERMISSION, michael@0: ASSERT_APP_PROCESS_MANIFEST_URL, michael@0: ASSERT_APP_HAS_PERMISSION michael@0: }; michael@0: michael@0: /** michael@0: * Return true if the specified browser has the specified capability. michael@0: * If this returns false, the browser didn't have the capability and michael@0: * will be killed. michael@0: */ michael@0: bool michael@0: AssertAppProcess(mozilla::dom::PBrowserParent* aActor, michael@0: AssertAppProcessType aType, michael@0: const char* aCapability); michael@0: michael@0: /** michael@0: * Return true if the specified app has the specified status. michael@0: * If this returns false, the browser will be killed. michael@0: */ michael@0: bool michael@0: AssertAppStatus(mozilla::dom::PBrowserParent* aActor, michael@0: unsigned short aStatus); michael@0: michael@0: /** michael@0: * Return true if any of the PBrowsers loaded in this content process michael@0: * has the specified capability. If this returns false, the process michael@0: * didn't have the capability and will be killed. michael@0: */ michael@0: bool michael@0: AssertAppProcess(mozilla::dom::PContentParent* aActor, michael@0: AssertAppProcessType aType, michael@0: const char* aCapability); michael@0: michael@0: /** michael@0: * Return true if any of the PBrowsers loaded in this content process michael@0: * has an app with the specified status. If this returns false, the process michael@0: * didn't have the status and will be killed. michael@0: */ michael@0: bool michael@0: AssertAppStatus(mozilla::dom::PContentParent* aActor, michael@0: unsigned short aStatus); michael@0: michael@0: bool michael@0: AssertAppProcess(mozilla::hal_sandbox::PHalParent* aActor, michael@0: AssertAppProcessType aType, michael@0: const char* aCapability); michael@0: michael@0: // NB: when adding capability checks for other IPDL actors, please add michael@0: // them to this file and have them delegate to the two functions above michael@0: // as appropriate. For example, michael@0: // michael@0: // bool AppProcessHasCapability(PNeckoParent* aActor, AssertAppProcessType aType) { michael@0: // return AssertAppProcess(aActor->Manager(), aType); michael@0: // } michael@0: michael@0: bool michael@0: AssertAppPrincipal(mozilla::dom::PContentParent* aParent, michael@0: nsIPrincipal* aPrincipal); michael@0: michael@0: /** michael@0: * Check if the specified principal is valid, and return the saved permission michael@0: * value for permission `aPermission' on that principal. michael@0: * See nsIPermissionManager.idl for possible return values. michael@0: * michael@0: * nsIPermissionManager::UNKNOWN_ACTION is retuned if the principal is invalid. michael@0: */ michael@0: uint32_t michael@0: CheckPermission(mozilla::dom::PContentParent* aParent, michael@0: nsIPrincipal* aPrincipal, const char* aPermission); michael@0: michael@0: /** michael@0: * Inline function for asserting the process's permission. michael@0: */ michael@0: template michael@0: inline bool michael@0: AssertAppProcessPermission(T* aActor, michael@0: const char* aPermission) { michael@0: return AssertAppProcess(aActor, michael@0: ASSERT_APP_PROCESS_PERMISSION, michael@0: aPermission); michael@0: } michael@0: michael@0: /** michael@0: * Inline function for asserting the process's manifest URL. michael@0: */ michael@0: template michael@0: inline bool michael@0: AssertAppProcessManifestURL(T* aActor, michael@0: const char* aManifestURL) { michael@0: return AssertAppProcess(aActor, michael@0: ASSERT_APP_PROCESS_MANIFEST_URL, michael@0: aManifestURL); michael@0: } michael@0: michael@0: /** michael@0: * Inline function for asserting the process's manifest URL. michael@0: */ michael@0: template michael@0: inline bool michael@0: AssertAppHasPermission(T* aActor, michael@0: const char* aPermission) { michael@0: return AssertAppProcess(aActor, michael@0: ASSERT_APP_HAS_PERMISSION, michael@0: aPermission); michael@0: } michael@0: michael@0: template michael@0: inline bool michael@0: AssertAppHasStatus(T* aActor, michael@0: unsigned short aStatus) { michael@0: return AssertAppStatus(aActor, aStatus); michael@0: } michael@0: michael@0: } // namespace mozilla michael@0: michael@0: #endif // mozilla_AppProcessChecker_h