diff -r 000000000000 -r 6474c204b198 caps/include/nsScriptSecurityManager.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/caps/include/nsScriptSecurityManager.h Wed Dec 31 06:09:35 2014 +0100 @@ -0,0 +1,194 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* vim: set ts=4 et sw=4 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsScriptSecurityManager_h__ +#define nsScriptSecurityManager_h__ + +#include "nsIScriptSecurityManager.h" +#include "nsIPrincipal.h" +#include "nsIXPCSecurityManager.h" +#include "nsCOMPtr.h" +#include "nsIChannelEventSink.h" +#include "nsIObserver.h" +#include "plstr.h" +#include "nsIScriptExternalNameSet.h" +#include "js/TypeDecls.h" + +#include + +class nsIDocShell; +class nsCString; +class nsIClassInfo; +class nsIIOService; +class nsIStringBundle; +class nsSystemPrincipal; +class ClassInfoData; + +///////////////////////////// +// nsScriptSecurityManager // +///////////////////////////// +#define NS_SCRIPTSECURITYMANAGER_CID \ +{ 0x7ee2a4c0, 0x4b93, 0x17d3, \ +{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }} + +class nsScriptSecurityManager : public nsIScriptSecurityManager, + public nsIChannelEventSink, + public nsIObserver +{ +public: + static void Shutdown(); + + NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID) + + NS_DECL_ISUPPORTS + NS_DECL_NSISCRIPTSECURITYMANAGER + NS_DECL_NSIXPCSECURITYMANAGER + NS_DECL_NSICHANNELEVENTSINK + NS_DECL_NSIOBSERVER + + static nsScriptSecurityManager* + GetScriptSecurityManager(); + + static nsSystemPrincipal* + SystemPrincipalSingletonConstructor(); + + JSContext* GetCurrentJSContext(); + + JSContext* GetSafeJSContext(); + + /** + * Utility method for comparing two URIs. For security purposes, two URIs + * are equivalent if their schemes, hosts, and ports (if any) match. This + * method returns true if aSubjectURI and aObjectURI have the same origin, + * false otherwise. + */ + static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI); + static uint32_t SecurityHashURI(nsIURI* aURI); + + static nsresult + ReportError(JSContext* cx, const nsAString& messageTag, + nsIURI* aSource, nsIURI* aTarget); + + static uint32_t + HashPrincipalByOrigin(nsIPrincipal* aPrincipal); + + static bool + GetStrictFileOriginPolicy() + { + return sStrictFileOriginPolicy; + } + + /** + * Returns true if the two principals share the same app attributes. + * + * App attributes are appId and the inBrowserElement flag. + * Two principals have the same app attributes if those information are + * equals. + * This method helps keeping principals from different apps isolated from + * each other. Also, it helps making sure mozbrowser (web views) and their + * parent are isolated from each other. All those entities do not share the + * same data (cookies, IndexedDB, localStorage, etc.) so we shouldn't allow + * violating that principle. + */ + static bool + AppAttributesEqual(nsIPrincipal* aFirst, + nsIPrincipal* aSecond); + + void DeactivateDomainPolicy(); + +private: + + // GetScriptSecurityManager is the only call that can make one + nsScriptSecurityManager(); + virtual ~nsScriptSecurityManager(); + + bool SubjectIsPrivileged(); + + // Decides, based on CSP, whether or not eval() and stuff can be executed. + static bool + ContentSecurityPolicyPermitsJSAction(JSContext *cx); + + static bool + JSPrincipalsSubsume(JSPrincipals *first, JSPrincipals *second); + + // Returns null if a principal cannot be found; generally callers + // should error out at that point. + static nsIPrincipal* doGetObjectPrincipal(JSObject* obj); + + // Returns null if a principal cannot be found. Note that rv can be NS_OK + // when this happens -- this means that there was no JS running. + nsIPrincipal* + doGetSubjectPrincipal(nsresult* rv); + + nsresult + GetCodebasePrincipalInternal(nsIURI* aURI, uint32_t aAppId, + bool aInMozBrowser, + nsIPrincipal** result); + + nsresult + CreateCodebasePrincipal(nsIURI* aURI, uint32_t aAppId, bool aInMozBrowser, + nsIPrincipal** result); + + // Returns null if a principal cannot be found. Note that rv can be NS_OK + // when this happens -- this means that there was no script for the + // context. Callers MUST pass in a non-null rv here. + nsIPrincipal* + GetSubjectPrincipal(JSContext* cx, nsresult* rv); + + nsresult + Init(); + + nsresult + InitPrefs(); + + inline void + ScriptSecurityPrefChanged(); + + inline void + AddSitesToFileURIWhitelist(const nsCString& aSiteList); + + nsCOMPtr mSystemPrincipal; + bool mPrefInitialized; + bool mIsJavaScriptEnabled; + nsTArray> mFileURIWhitelist; + + // This machinery controls new-style domain policies. The old-style + // policy machinery will be removed soon. + nsCOMPtr mDomainPolicy; + + static bool sStrictFileOriginPolicy; + + static nsIIOService *sIOService; + static nsIStringBundle *sStrBundle; + static JSRuntime *sRuntime; +}; + +#define NS_SECURITYNAMESET_CID \ + { 0x7c02eadc, 0x76, 0x4d03, \ + { 0x99, 0x8d, 0x80, 0xd7, 0x79, 0xc4, 0x85, 0x89 } } +#define NS_SECURITYNAMESET_CONTRACTID "@mozilla.org/security/script/nameset;1" + +class nsSecurityNameSet : public nsIScriptExternalNameSet +{ +public: + nsSecurityNameSet(); + virtual ~nsSecurityNameSet(); + + NS_DECL_ISUPPORTS + + NS_IMETHOD InitializeNameSet(nsIScriptContext* aScriptContext); +}; + +namespace mozilla { + +void +GetJarPrefix(uint32_t aAppid, + bool aInMozBrowser, + nsACString& aJarPrefix); + +} // namespace mozilla + +#endif // nsScriptSecurityManager_h__