LCOV - code coverage report
Current view: directory - caps/include - nsScriptSecurityManager.h (source / functions) Found Hit Coverage
Test: app.info Lines: 78 57 73.1 %
Date: 2012-06-02 Functions: 20 14 70.0 %

       1                 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
       2                 : /* ***** BEGIN LICENSE BLOCK *****
       3                 :  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
       4                 :  *
       5                 :  * The contents of this file are subject to the Mozilla Public License Version
       6                 :  * 1.1 (the "License"); you may not use this file except in compliance with
       7                 :  * the License. You may obtain a copy of the License at
       8                 :  * http://www.mozilla.org/MPL/
       9                 :  *
      10                 :  * Software distributed under the License is distributed on an "AS IS" basis,
      11                 :  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
      12                 :  * for the specific language governing rights and limitations under the
      13                 :  * License.
      14                 :  *
      15                 :  * The Original Code is mozilla.org code.
      16                 :  *
      17                 :  * The Initial Developer of the Original Code is
      18                 :  * Netscape Communications Corporation.
      19                 :  * Portions created by the Initial Developer are Copyright (C) 1998-2000
      20                 :  * the Initial Developer. All Rights Reserved.
      21                 :  *
      22                 :  * Contributor(s):
      23                 :  *   Norris Boyd  <nboyd@atg.com>
      24                 :  *   Mitch Stoltz <mstoltz@netscape.com>
      25                 :  *   Christopher A. Aillon <christopher@aillon.com>
      26                 :  *   Giorgio Maone <g.maone@informaction.com>
      27                 :  *
      28                 :  * Alternatively, the contents of this file may be used under the terms of
      29                 :  * either of the GNU General Public License Version 2 or later (the "GPL"),
      30                 :  * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
      31                 :  * in which case the provisions of the GPL or the LGPL are applicable instead
      32                 :  * of those above. If you wish to allow use of your version of this file only
      33                 :  * under the terms of either the GPL or the LGPL, and not to allow others to
      34                 :  * use your version of this file under the terms of the MPL, indicate your
      35                 :  * decision by deleting the provisions above and replace them with the notice
      36                 :  * and other provisions required by the GPL or the LGPL. If you do not delete
      37                 :  * the provisions above, a recipient may use your version of this file under
      38                 :  * the terms of any one of the MPL, the GPL or the LGPL.
      39                 :  *
      40                 :  * ***** END LICENSE BLOCK ***** */
      41                 : 
      42                 : #ifndef nsScriptSecurityManager_h__
      43                 : #define nsScriptSecurityManager_h__
      44                 : 
      45                 : #include "nsIScriptSecurityManager.h"
      46                 : #include "nsIPrincipal.h"
      47                 : #include "jsapi.h"
      48                 : #include "jsdbgapi.h"
      49                 : #include "nsIXPCSecurityManager.h"
      50                 : #include "nsInterfaceHashtable.h"
      51                 : #include "nsHashtable.h"
      52                 : #include "nsCOMPtr.h"
      53                 : #include "nsIChannelEventSink.h"
      54                 : #include "nsIJSContextStack.h"
      55                 : #include "nsIObserver.h"
      56                 : #include "pldhash.h"
      57                 : #include "plstr.h"
      58                 : #include "nsIScriptExternalNameSet.h"
      59                 : 
      60                 : class nsIDocShell;
      61                 : class nsString;
      62                 : class nsIClassInfo;
      63                 : class nsIIOService;
      64                 : class nsIXPConnect;
      65                 : class nsIStringBundle;
      66                 : class nsSystemPrincipal;
      67                 : struct ClassPolicy;
      68                 : class ClassInfoData;
      69                 : class DomainPolicy;
      70                 : 
      71                 : #if defined(DEBUG_mstoltz) || defined(DEBUG_caillon)
      72                 : #define DEBUG_CAPS_HACKER
      73                 : #endif
      74                 : 
      75                 : #ifdef DEBUG_CAPS_HACKER
      76                 : #define DEBUG_CAPS_CheckPropertyAccessImpl
      77                 : #define DEBUG_CAPS_LookupPolicy
      78                 : #define DEBUG_CAPS_CheckComponentPermissions
      79                 : #endif
      80                 : 
      81                 : #if 0
      82                 : #define DEBUG_CAPS_CanCreateWrapper
      83                 : #define DEBUG_CAPS_CanCreateInstance
      84                 : #define DEBUG_CAPS_CanGetService
      85                 : #define DEBUG_CAPS_DomainPolicyLifeCycle
      86                 : #endif
      87                 : 
      88                 : /////////////////////
      89                 : // PrincipalKey //
      90                 : /////////////////////
      91                 : 
      92                 : class PrincipalKey : public PLDHashEntryHdr
      93                 : {
      94                 : public:
      95                 :     typedef const nsIPrincipal* KeyType;
      96                 :     typedef const nsIPrincipal* KeyTypePointer;
      97                 : 
      98               0 :     PrincipalKey(const nsIPrincipal* key)
      99               0 :       : mKey(const_cast<nsIPrincipal*>(key))
     100                 :     {
     101               0 :     }
     102                 : 
     103                 :     PrincipalKey(const PrincipalKey& toCopy)
     104                 :       : mKey(toCopy.mKey)
     105                 :     {
     106                 :     } 
     107                 : 
     108               0 :     ~PrincipalKey()
     109               0 :     {
     110               0 :     }
     111                 : 
     112                 :     KeyType GetKey() const
     113                 :     {
     114                 :         return mKey;
     115                 :     }
     116                 : 
     117               0 :     bool KeyEquals(KeyTypePointer aKey) const
     118                 :     {
     119                 :         bool eq;
     120               0 :         mKey->Equals(const_cast<nsIPrincipal*>(aKey),
     121               0 :                      &eq);
     122               0 :         return eq;
     123                 :     }
     124                 : 
     125               0 :     static KeyTypePointer KeyToPointer(KeyType aKey)
     126                 :     {
     127               0 :         return aKey;
     128                 :     }
     129                 : 
     130               0 :     static PLDHashNumber HashKey(KeyTypePointer aKey)
     131                 :     {
     132                 :         PRUint32 hash;
     133               0 :         const_cast<nsIPrincipal*>(aKey)->GetHashValue(&hash);
     134               0 :         return PLDHashNumber(hash);
     135                 :     }
     136                 : 
     137                 :     enum { ALLOW_MEMMOVE = true };
     138                 : 
     139                 : private:
     140                 :     nsCOMPtr<nsIPrincipal> mKey;
     141                 : };
     142                 : 
     143                 : ////////////////////
     144                 : // Policy Storage //
     145                 : ////////////////////
     146                 : 
     147                 : // Property Policy
     148                 : union SecurityLevel
     149                 : {
     150                 :     PRWord   level;
     151                 :     char*    capability;
     152                 : };
     153                 : 
     154                 : // Security levels
     155                 : // These values all have the low bit set (except UNDEFINED_ACCESS)
     156                 : // to distinguish them from pointer values, because no pointer
     157                 : // to allocated memory ever has the low bit set. A SecurityLevel
     158                 : // contains either one of these constants or a pointer to a string
     159                 : // representing the name of a capability.
     160                 : 
     161                 : #define SCRIPT_SECURITY_UNDEFINED_ACCESS 0
     162                 : #define SCRIPT_SECURITY_ACCESS_IS_SET_BIT 1
     163                 : #define SCRIPT_SECURITY_NO_ACCESS \
     164                 :   ((1 << 0) | SCRIPT_SECURITY_ACCESS_IS_SET_BIT)
     165                 : #define SCRIPT_SECURITY_SAME_ORIGIN_ACCESS \
     166                 :   ((1 << 1) | SCRIPT_SECURITY_ACCESS_IS_SET_BIT)
     167                 : #define SCRIPT_SECURITY_ALL_ACCESS \
     168                 :   ((1 << 2) | SCRIPT_SECURITY_ACCESS_IS_SET_BIT)
     169                 : 
     170                 : #define SECURITY_ACCESS_LEVEL_FLAG(_sl) \
     171                 :            ((_sl.level == 0) || \
     172                 :             (_sl.level & SCRIPT_SECURITY_ACCESS_IS_SET_BIT))
     173                 : 
     174                 : 
     175                 : struct PropertyPolicy : public PLDHashEntryHdr
     176                 : {
     177                 :     JSString       *key;  // interned string
     178                 :     SecurityLevel  mGet;
     179                 :     SecurityLevel  mSet;
     180                 : };
     181                 : 
     182                 : static bool
     183             149 : InitPropertyPolicyEntry(PLDHashTable *table,
     184                 :                      PLDHashEntryHdr *entry,
     185                 :                      const void *key)
     186                 : {
     187             149 :     PropertyPolicy* pp = (PropertyPolicy*)entry;
     188             149 :     pp->key = (JSString *)key;
     189             149 :     pp->mGet.level = SCRIPT_SECURITY_UNDEFINED_ACCESS;
     190             149 :     pp->mSet.level = SCRIPT_SECURITY_UNDEFINED_ACCESS;
     191             149 :     return true;
     192                 : }
     193                 : 
     194                 : static void
     195             149 : ClearPropertyPolicyEntry(PLDHashTable *table, PLDHashEntryHdr *entry)
     196                 : {
     197             149 :     PropertyPolicy* pp = (PropertyPolicy*)entry;
     198             149 :     pp->key = NULL;
     199             149 : }
     200                 : 
     201                 : // Class Policy
     202                 : #define NO_POLICY_FOR_CLASS (ClassPolicy*)1
     203                 : 
     204                 : struct ClassPolicy : public PLDHashEntryHdr
     205                 : {
     206                 :     char* key;
     207                 :     PLDHashTable* mPolicy;
     208                 : 
     209                 :     // Note: the DomainPolicy owns us, so if if dies we will too.  Hence no
     210                 :     // need to refcount it here (and in fact, we'd probably leak if we tried).
     211                 :     DomainPolicy* mDomainWeAreWildcardFor;
     212                 : };
     213                 : 
     214                 : static void
     215              30 : ClearClassPolicyEntry(PLDHashTable *table, PLDHashEntryHdr *entry)
     216                 : {
     217              30 :     ClassPolicy* cp = (ClassPolicy *)entry;
     218              30 :     if (cp->key)
     219                 :     {
     220              30 :         PL_strfree(cp->key);
     221              30 :         cp->key = nsnull;
     222                 :     }
     223              30 :     PL_DHashTableDestroy(cp->mPolicy);
     224              30 : }
     225                 : 
     226                 : // Note: actual impl is going to be after the DomainPolicy class definition,
     227                 : // since we need to access members of DomainPolicy in the impl
     228                 : static void
     229                 : MoveClassPolicyEntry(PLDHashTable *table,
     230                 :                      const PLDHashEntryHdr *from,
     231                 :                      PLDHashEntryHdr *to);
     232                 : 
     233                 : static bool
     234              30 : InitClassPolicyEntry(PLDHashTable *table,
     235                 :                      PLDHashEntryHdr *entry,
     236                 :                      const void *key)
     237                 : {
     238                 :     static PLDHashTableOps classPolicyOps =
     239                 :     {
     240                 :         PL_DHashAllocTable,
     241                 :         PL_DHashFreeTable,
     242                 :         PL_DHashVoidPtrKeyStub,
     243                 :         PL_DHashMatchEntryStub,
     244                 :         PL_DHashMoveEntryStub,
     245                 :         ClearPropertyPolicyEntry,
     246                 :         PL_DHashFinalizeStub,
     247                 :         InitPropertyPolicyEntry
     248                 :     };
     249                 : 
     250              30 :     ClassPolicy* cp = (ClassPolicy*)entry;
     251              30 :     cp->mDomainWeAreWildcardFor = nsnull;
     252              30 :     cp->key = PL_strdup((const char*)key);
     253              30 :     if (!cp->key)
     254               0 :         return false;
     255                 :     cp->mPolicy = PL_NewDHashTable(&classPolicyOps, nsnull,
     256              30 :                                    sizeof(PropertyPolicy), 16);
     257              30 :     if (!cp->mPolicy) {
     258               0 :         PL_strfree(cp->key);
     259               0 :         cp->key = nsnull;
     260               0 :         return false;
     261                 :     }
     262              30 :     return true;
     263                 : }
     264                 : 
     265                 : // Domain Policy
     266                 : class DomainPolicy : public PLDHashTable
     267                 : {
     268                 : public:
     269               2 :     DomainPolicy() : mWildcardPolicy(nsnull),
     270               2 :                      mRefCount(0)
     271                 :     {
     272               2 :         mGeneration = sGeneration;
     273                 : 
     274                 : #ifdef DEBUG_CAPS_DomainPolicyLifeCycle
     275                 :         ++sObjects;
     276                 :         _printPopulationInfo();
     277                 : #endif
     278                 : 
     279               2 :     }
     280                 : 
     281               2 :     bool Init()
     282                 :     {
     283                 :         static const PLDHashTableOps domainPolicyOps =
     284                 :         {
     285                 :             PL_DHashAllocTable,
     286                 :             PL_DHashFreeTable,
     287                 :             PL_DHashStringKey,
     288                 :             PL_DHashMatchStringKey,
     289                 :             MoveClassPolicyEntry,
     290                 :             ClearClassPolicyEntry,
     291                 :             PL_DHashFinalizeStub,
     292                 :             InitClassPolicyEntry
     293                 :         };
     294                 : 
     295                 :         return PL_DHashTableInit(this, &domainPolicyOps, nsnull,
     296               2 :                                  sizeof(ClassPolicy), 16);
     297                 :     }
     298                 : 
     299               2 :     ~DomainPolicy()
     300                 :     {
     301               2 :         PL_DHashTableFinish(this);
     302               2 :         NS_ASSERTION(mRefCount == 0, "Wrong refcount in DomainPolicy dtor");
     303                 : #ifdef DEBUG_CAPS_DomainPolicyLifeCycle
     304                 :         printf("DomainPolicy deleted with mRefCount = %d\n", mRefCount);
     305                 :         --sObjects;
     306                 :         _printPopulationInfo();
     307                 : #endif
     308                 : 
     309               2 :     }
     310                 : 
     311               6 :     void Hold()
     312                 :     {
     313               6 :         mRefCount++;
     314               6 :     }
     315                 : 
     316               6 :     void Drop()
     317                 :     {
     318               6 :         if (--mRefCount == 0)
     319               2 :             delete this;
     320               6 :     }
     321                 :     
     322               1 :     static void InvalidateAll()
     323                 :     {
     324               1 :         sGeneration++;
     325               1 :     }
     326                 :     
     327               0 :     bool IsInvalid()
     328                 :     {
     329               0 :         return mGeneration != sGeneration; 
     330                 :     }
     331                 :     
     332                 :     ClassPolicy* mWildcardPolicy;
     333                 : 
     334                 : private:
     335                 :     PRUint32 mRefCount;
     336                 :     PRUint32 mGeneration;
     337                 :     static PRUint32 sGeneration;
     338                 :     
     339                 : #ifdef DEBUG_CAPS_DomainPolicyLifeCycle
     340                 :     static PRUint32 sObjects;
     341                 :     static void _printPopulationInfo();
     342                 : #endif
     343                 : 
     344                 : };
     345                 : 
     346                 : static void
     347              12 : MoveClassPolicyEntry(PLDHashTable *table,
     348                 :                      const PLDHashEntryHdr *from,
     349                 :                      PLDHashEntryHdr *to)
     350                 : {
     351              12 :     memcpy(to, from, table->entrySize);
     352                 : 
     353                 :     // Now update the mDefaultPolicy pointer that points to us, if any.
     354              12 :     ClassPolicy* cp = static_cast<ClassPolicy*>(to);
     355              12 :     if (cp->mDomainWeAreWildcardFor) {
     356               1 :         NS_ASSERTION(cp->mDomainWeAreWildcardFor->mWildcardPolicy ==
     357                 :                      static_cast<const ClassPolicy*>(from),
     358                 :                      "Unexpected wildcard policy on mDomainWeAreWildcardFor");
     359               1 :         cp->mDomainWeAreWildcardFor->mWildcardPolicy = cp;
     360                 :     }
     361              12 : }
     362                 : 
     363                 : /////////////////////////////
     364                 : // nsScriptSecurityManager //
     365                 : /////////////////////////////
     366                 : #define NS_SCRIPTSECURITYMANAGER_CID \
     367                 : { 0x7ee2a4c0, 0x4b93, 0x17d3, \
     368                 : { 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
     369                 : 
     370                 : class nsScriptSecurityManager : public nsIScriptSecurityManager,
     371                 :                                 public nsIChannelEventSink,
     372                 :                                 public nsIObserver
     373                 : {
     374                 : public:
     375                 :     static void Shutdown();
     376                 :     
     377                 :     NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
     378                 :         
     379                 :     NS_DECL_ISUPPORTS
     380                 :     NS_DECL_NSISCRIPTSECURITYMANAGER
     381                 :     NS_DECL_NSIXPCSECURITYMANAGER
     382                 :     NS_DECL_NSICHANNELEVENTSINK
     383                 :     NS_DECL_NSIOBSERVER
     384                 : 
     385                 :     static nsScriptSecurityManager*
     386                 :     GetScriptSecurityManager();
     387                 : 
     388                 :     static nsSystemPrincipal*
     389                 :     SystemPrincipalSingletonConstructor();
     390                 : 
     391                 :     JSContext* GetCurrentJSContext();
     392                 : 
     393                 :     JSContext* GetSafeJSContext();
     394                 : 
     395                 :     /**
     396                 :      * Utility method for comparing two URIs.  For security purposes, two URIs
     397                 :      * are equivalent if their schemes, hosts, and ports (if any) match.  This
     398                 :      * method returns true if aSubjectURI and aObjectURI have the same origin,
     399                 :      * false otherwise.
     400                 :      */
     401                 :     static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
     402                 :     static PRUint32 SecurityHashURI(nsIURI* aURI);
     403                 : 
     404                 :     static nsresult 
     405                 :     ReportError(JSContext* cx, const nsAString& messageTag,
     406                 :                 nsIURI* aSource, nsIURI* aTarget);
     407                 : 
     408                 :     static nsresult
     409                 :     CheckSameOriginPrincipal(nsIPrincipal* aSubject,
     410                 :                              nsIPrincipal* aObject);
     411                 :     static PRUint32
     412                 :     HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
     413                 : 
     414                 :     static bool
     415               1 :     GetStrictFileOriginPolicy()
     416                 :     {
     417               1 :         return sStrictFileOriginPolicy;
     418                 :     }
     419                 : 
     420                 : private:
     421                 : 
     422                 :     // GetScriptSecurityManager is the only call that can make one
     423                 :     nsScriptSecurityManager();
     424                 :     virtual ~nsScriptSecurityManager();
     425                 : 
     426                 :     static JSBool
     427                 :     CheckObjectAccess(JSContext *cx, JSObject *obj,
     428                 :                       jsid id, JSAccessMode mode,
     429                 :                       jsval *vp);
     430                 : 
     431                 :     static JSPrincipals *
     432                 :     ObjectPrincipalFinder(JSObject *obj);
     433                 :     
     434                 :     // Decides, based on CSP, whether or not eval() and stuff can be executed.
     435                 :     static JSBool
     436                 :     ContentSecurityPolicyPermitsJSAction(JSContext *cx);
     437                 : 
     438                 :     // Returns null if a principal cannot be found; generally callers
     439                 :     // should error out at that point.
     440                 :     static nsIPrincipal*
     441                 :     doGetObjectPrincipal(JSObject *obj
     442                 : #ifdef DEBUG
     443                 :                          , bool aAllowShortCircuit = true
     444                 : #endif
     445                 :                          );
     446                 : 
     447                 :     // Returns null if a principal cannot be found.  Note that rv can be NS_OK
     448                 :     // when this happens -- this means that there was no JS running.
     449                 :     nsIPrincipal*
     450                 :     doGetSubjectPrincipal(nsresult* rv);
     451                 :     
     452                 :     nsresult
     453                 :     CheckPropertyAccessImpl(PRUint32 aAction,
     454                 :                             nsAXPCNativeCallContext* aCallContext,
     455                 :                             JSContext* cx, JSObject* aJSObject,
     456                 :                             nsISupports* aObj, nsIURI* aTargetURI,
     457                 :                             nsIClassInfo* aClassInfo,
     458                 :                             const char* aClassName, jsid aProperty,
     459                 :                             void** aCachedClassPolicy);
     460                 : 
     461                 :     nsresult
     462                 :     CheckSameOriginDOMProp(nsIPrincipal* aSubject, 
     463                 :                            nsIPrincipal* aObject,
     464                 :                            PRUint32 aAction);
     465                 : 
     466                 :     nsresult
     467                 :     LookupPolicy(nsIPrincipal* principal,
     468                 :                  ClassInfoData& aClassData, jsid aProperty,
     469                 :                  PRUint32 aAction,
     470                 :                  ClassPolicy** aCachedClassPolicy,
     471                 :                  SecurityLevel* result);
     472                 : 
     473                 :     nsresult
     474                 :     CreateCodebasePrincipal(nsIURI* aURI, nsIPrincipal** result);
     475                 : 
     476                 :     // This is just like the API method, but it doesn't check that the subject
     477                 :     // name is non-empty or aCertificate is non-null, and it doesn't change the
     478                 :     // certificate in the table (if any) in any way if aModifyTable is false.
     479                 :     nsresult
     480                 :     DoGetCertificatePrincipal(const nsACString& aCertFingerprint,
     481                 :                               const nsACString& aSubjectName,
     482                 :                               const nsACString& aPrettyName,
     483                 :                               nsISupports* aCertificate,
     484                 :                               nsIURI* aURI,
     485                 :                               bool aModifyTable,
     486                 :                               nsIPrincipal **result);
     487                 : 
     488                 :     // Returns null if a principal cannot be found.  Note that rv can be NS_OK
     489                 :     // when this happens -- this means that there was no script for the
     490                 :     // context.  Callers MUST pass in a non-null rv here.
     491                 :     nsIPrincipal*
     492                 :     GetSubjectPrincipal(JSContext* cx, nsresult* rv);
     493                 : 
     494                 :     // Returns null if a principal cannot be found.  Note that rv can be NS_OK
     495                 :     // when this happens -- this means that there was no script for the frame.
     496                 :     // Callers MUST pass in a non-null rv here.
     497                 :     nsIPrincipal*
     498                 :     GetFramePrincipal(JSContext* cx, JSStackFrame* fp, nsresult* rv);
     499                 : 
     500                 :     // Returns null if a principal cannot be found.  Note that rv can be NS_OK
     501                 :     // when this happens -- this means that there was no script.  Callers MUST
     502                 :     // pass in a non-null rv here.
     503                 :     static nsIPrincipal*
     504                 :     GetScriptPrincipal(JSContext* cx, JSScript* script, nsresult* rv);
     505                 : 
     506                 :     // Returns null if a principal cannot be found.  Note that rv can be NS_OK
     507                 :     // when this happens -- this means that there was no script associated
     508                 :     // with the function object, and no global object associated with the scope
     509                 :     // of obj (the last object on its parent chain).  If the caller is walking
     510                 :     // the JS stack, fp must point to the current frame in the stack iteration.
     511                 :     // Callers MUST pass in a non-null rv here.
     512                 :     static nsIPrincipal*
     513                 :     GetFunctionObjectPrincipal(JSContext* cx, JSObject* obj, JSStackFrame *fp,
     514                 :                                nsresult* rv);
     515                 : 
     516                 :     // Returns null if a principal cannot be found.  Note that rv can be NS_OK
     517                 :     // when this happens -- this means that there was no script
     518                 :     // running.  Callers MUST pass in a non-null rv here.
     519                 :     nsIPrincipal*
     520                 :     GetPrincipalAndFrame(JSContext *cx,
     521                 :                          JSStackFrame** frameResult,
     522                 :                          nsresult* rv);
     523                 : 
     524                 :     static bool
     525                 :     CheckConfirmDialog(JSContext* cx, nsIPrincipal* aPrincipal,
     526                 :                        const char* aCapability, bool *checkValue);
     527                 : 
     528                 :     static void
     529                 :     FormatCapabilityString(nsAString& aCapability);
     530                 : 
     531                 :     nsresult
     532                 :     SavePrincipal(nsIPrincipal* aToSave);
     533                 : 
     534                 :     /**
     535                 :      * Check capability levels for an |aObj| that implements
     536                 :      * nsISecurityCheckedComponent.
     537                 :      *
     538                 :      * NB: This function also checks to see if aObj is a plugin and the user
     539                 :      * has set the "security.xpconnect.plugin.unrestricted" pref to allow
     540                 :      * anybody to script plugin objects from anywhere.
     541                 :      *
     542                 :      * @param cx The context we're running on.
     543                 :      *           NB: If null, "sameOrigin" does not have any effect.
     544                 :      * @param aObj The nsISupports representation of the object in question
     545                 :      *             object, possibly null.
     546                 :      * @param aJSObject The JSObject representation of the object in question
     547                 :      *                  if |cx| is non-null and |aObjectSecurityLevel| is
     548                 :      *                  "sameOrigin". If null will be calculated from aObj (if
     549                 :      *                  non-null) if and only if aObj is an XPCWrappedJS. The
     550                 :      *                  rationale behind this is that if we're creating a JS
     551                 :      *                  wrapper for an XPCWrappedJS, this object definitely
     552                 :      *                  expects to be exposed to JS.
     553                 :      * @param aSubjectPrincipal The nominal subject principal used when
     554                 :      *                          aObjectSecurityLevel is "sameOrigin". If null,
     555                 :      *                          this is calculated if it's needed.
     556                 :      * @param aObjectSecurityLevel Can be one of three values:
     557                 :      *                  - allAccess: Allow access no matter what.
     558                 :      *                  - noAccess: Deny access no matter what.
     559                 :      *                  - sameOrigin: If |cx| is null, behave like noAccess.
     560                 :      *                                Otherwise, possibly compute a subject
     561                 :      *                                and object principal and return true if
     562                 :      *                                and only if the subject has greater than
     563                 :      *                                or equal privileges to the object.
     564                 :      */
     565                 :     nsresult
     566                 :     CheckXPCPermissions(JSContext* cx,
     567                 :                         nsISupports* aObj, JSObject* aJSObject,
     568                 :                         nsIPrincipal* aSubjectPrincipal,
     569                 :                         const char* aObjectSecurityLevel);
     570                 : 
     571                 :     nsresult
     572                 :     Init();
     573                 : 
     574                 :     nsresult
     575                 :     InitPrefs();
     576                 : 
     577                 :     static nsresult 
     578                 :     GetPrincipalPrefNames(const char* prefBase,
     579                 :                           nsCString& grantedPref,
     580                 :                           nsCString& deniedPref,
     581                 :                           nsCString& subjectNamePref);
     582                 : 
     583                 :     nsresult
     584                 :     InitPolicies();
     585                 : 
     586                 :     nsresult
     587                 :     InitDomainPolicy(JSContext* cx, const char* aPolicyName,
     588                 :                      DomainPolicy* aDomainPolicy);
     589                 : 
     590                 :     nsresult
     591                 :     InitPrincipals(PRUint32 prefCount, const char** prefNames);
     592                 : 
     593                 : #ifdef DEBUG_CAPS_HACKER
     594                 :     void
     595                 :     PrintPolicyDB();
     596                 : #endif
     597                 : 
     598         1225909 :     struct ContextPrincipal {
     599         1225909 :         ContextPrincipal(ContextPrincipal *next, JSContext *cx,
     600                 :                          JSStackFrame *fp, nsIPrincipal *principal)
     601         1225909 :             : mNext(next), mCx(cx), mFp(fp), mPrincipal(principal) {}
     602                 : 
     603                 :         ContextPrincipal *mNext;
     604                 :         JSContext *mCx;
     605                 :         JSStackFrame *mFp;
     606                 :         nsCOMPtr<nsIPrincipal> mPrincipal;
     607                 :     };
     608                 : 
     609                 :     // JS strings we need to clean up on shutdown
     610                 :     static jsid sEnabledID;
     611                 : 
     612                 :     inline void
     613                 :     ScriptSecurityPrefChanged();
     614                 : 
     615                 :     nsObjectHashtable* mOriginToPolicyMap;
     616                 :     DomainPolicy* mDefaultPolicy;
     617                 :     nsObjectHashtable* mCapabilities;
     618                 : 
     619                 :     nsCOMPtr<nsIPrincipal> mSystemPrincipal;
     620                 :     nsCOMPtr<nsIPrincipal> mSystemCertificate;
     621                 :     ContextPrincipal *mContextPrincipals;
     622                 :     nsInterfaceHashtable<PrincipalKey, nsIPrincipal> mPrincipals;
     623                 :     bool mPrefInitialized;
     624                 :     bool mIsJavaScriptEnabled;
     625                 :     bool mIsWritingPrefs;
     626                 :     bool mPolicyPrefsChanged;
     627                 : 
     628                 :     static bool sStrictFileOriginPolicy;
     629                 : 
     630                 :     static nsIIOService    *sIOService;
     631                 :     static nsIXPConnect    *sXPConnect;
     632                 :     static nsIThreadJSContextStack* sJSContextStack;
     633                 :     static nsIStringBundle *sStrBundle;
     634                 :     static JSRuntime       *sRuntime;
     635                 : };
     636                 : 
     637                 : #define NS_SECURITYNAMESET_CID \
     638                 :  { 0x7c02eadc, 0x76, 0x4d03, \
     639                 :  { 0x99, 0x8d, 0x80, 0xd7, 0x79, 0xc4, 0x85, 0x89 } }
     640                 : #define NS_SECURITYNAMESET_CONTRACTID "@mozilla.org/security/script/nameset;1"
     641                 : 
     642                 : class nsSecurityNameSet : public nsIScriptExternalNameSet 
     643                 : {
     644                 : public:
     645                 :     nsSecurityNameSet();
     646                 :     virtual ~nsSecurityNameSet();
     647                 :     
     648                 :     NS_DECL_ISUPPORTS
     649                 : 
     650                 :     NS_IMETHOD InitializeNameSet(nsIScriptContext* aScriptContext);
     651                 : };
     652                 : 
     653                 : #endif // nsScriptSecurityManager_h__

Generated by: LCOV version 1.7