LCOV - code coverage report
Current view: directory - js/xpconnect/wrappers - AccessCheck.h (source / functions) Found Hit Coverage
Test: app.info Lines: 31 0 0.0 %
Date: 2012-06-02 Functions: 3 0 0.0 %

       1                 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
       2                 :  * vim: set ts=4 sw=4 et tw=99 ft=cpp:
       3                 :  *
       4                 :  * ***** BEGIN LICENSE BLOCK *****
       5                 :  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
       6                 :  *
       7                 :  * The contents of this file are subject to the Mozilla Public License Version
       8                 :  * 1.1 (the "License"); you may not use this file except in compliance with
       9                 :  * the License. You may obtain a copy of the License at
      10                 :  * http://www.mozilla.org/MPL/
      11                 :  *
      12                 :  * Software distributed under the License is distributed on an "AS IS" basis,
      13                 :  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
      14                 :  * for the specific language governing rights and limitations under the
      15                 :  * License.
      16                 :  *
      17                 :  * The Original Code is mozilla.org code, released
      18                 :  * June 24, 2010.
      19                 :  *
      20                 :  * The Initial Developer of the Original Code is
      21                 :  *    The Mozilla Foundation
      22                 :  *
      23                 :  * Contributor(s):
      24                 :  *    Andreas Gal <gal@mozilla.com>
      25                 :  *
      26                 :  * Alternatively, the contents of this file may be used under the terms of
      27                 :  * either of the GNU General Public License Version 2 or later (the "GPL"),
      28                 :  * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
      29                 :  * in which case the provisions of the GPL or the LGPL are applicable instead
      30                 :  * of those above. If you wish to allow use of your version of this file only
      31                 :  * under the terms of either the GPL or the LGPL, and not to allow others to
      32                 :  * use your version of this file under the terms of the MPL, indicate your
      33                 :  * decision by deleting the provisions above and replace them with the notice
      34                 :  * and other provisions required by the GPL or the LGPL. If you do not delete
      35                 :  * the provisions above, a recipient may use your version of this file under
      36                 :  * the terms of any one of the MPL, the GPL or the LGPL.
      37                 :  *
      38                 :  * ***** END LICENSE BLOCK ***** */
      39                 : 
      40                 : #include "jsapi.h"
      41                 : #include "jswrapper.h"
      42                 : 
      43                 : class nsIPrincipal;
      44                 : 
      45                 : namespace xpc {
      46                 : 
      47                 : nsIPrincipal *
      48                 : GetCompartmentPrincipal(JSCompartment *compartment);
      49                 : 
      50                 : class AccessCheck {
      51                 :   public:
      52                 :     static bool isSameOrigin(JSCompartment *a, JSCompartment *b);
      53                 :     static bool isChrome(JSCompartment *compartment);
      54                 :     static nsIPrincipal *getPrincipal(JSCompartment *compartment);
      55                 :     static bool isCrossOriginAccessPermitted(JSContext *cx, JSObject *obj, jsid id,
      56                 :                                              js::Wrapper::Action act);
      57                 :     static bool isSystemOnlyAccessPermitted(JSContext *cx);
      58                 :     static bool isLocationObjectSameOrigin(JSContext *cx, JSObject *wrapper);
      59                 :     static bool documentDomainMakesSameOrigin(JSContext *cx, JSObject *obj);
      60                 : 
      61                 :     static bool needsSystemOnlyWrapper(JSObject *obj);
      62                 : 
      63                 :     static bool isScriptAccessOnly(JSContext *cx, JSObject *wrapper);
      64                 : 
      65                 :     static void deny(JSContext *cx, jsid id);
      66                 : };
      67                 : 
      68                 : struct Policy {
      69                 :     typedef js::Wrapper::Permission Permission;
      70                 : 
      71                 :     static const Permission PermitObjectAccess = js::Wrapper::PermitObjectAccess;
      72                 :     static const Permission PermitPropertyAccess = js::Wrapper::PermitPropertyAccess;
      73                 :     static const Permission DenyAccess = js::Wrapper::DenyAccess;
      74                 : };
      75                 : 
      76                 : // This policy permits access to all properties.
      77                 : struct Permissive : public Policy {
      78                 :     static bool check(JSContext *cx, JSObject *wrapper, jsid id, js::Wrapper::Action act,
      79                 :                       Permission &perm) {
      80                 :         perm = PermitObjectAccess;
      81                 :         return true;
      82                 :     }
      83                 : };
      84                 : 
      85                 : // This policy only permits access to the object if the subject can touch
      86                 : // system objects.
      87                 : struct OnlyIfSubjectIsSystem : public Policy {
      88               0 :     static bool check(JSContext *cx, JSObject *wrapper, jsid id, js::Wrapper::Action act,
      89                 :                       Permission &perm) {
      90               0 :         if (AccessCheck::isSystemOnlyAccessPermitted(cx)) {
      91               0 :             perm = PermitObjectAccess;
      92               0 :             return true;
      93                 :         }
      94               0 :         perm = DenyAccess;
      95               0 :         JSAutoEnterCompartment ac;
      96               0 :         if (!ac.enter(cx, wrapper))
      97               0 :             return false;
      98               0 :         AccessCheck::deny(cx, id);
      99               0 :         return false;
     100                 :     }
     101                 : };
     102                 : 
     103                 : // This policy only permits access to properties that are safe to be used
     104                 : // across origins.
     105                 : struct CrossOriginAccessiblePropertiesOnly : public Policy {
     106               0 :     static bool check(JSContext *cx, JSObject *wrapper, jsid id, js::Wrapper::Action act,
     107                 :                       Permission &perm) {
     108               0 :         if (AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act)) {
     109               0 :             perm = PermitPropertyAccess;
     110               0 :             return true;
     111                 :         }
     112               0 :         perm = DenyAccess;
     113               0 :         JSAutoEnterCompartment ac;
     114               0 :         if (!ac.enter(cx, wrapper))
     115               0 :             return false;
     116               0 :         AccessCheck::deny(cx, id);
     117               0 :         return false;
     118                 :     }
     119                 : };
     120                 : 
     121                 : // This policy only permits access to properties that are safe to be used
     122                 : // across origins.
     123                 : struct SameOriginOrCrossOriginAccessiblePropertiesOnly : public Policy {
     124               0 :     static bool check(JSContext *cx, JSObject *wrapper, jsid id, js::Wrapper::Action act,
     125                 :                       Permission &perm) {
     126               0 :         if (AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act) ||
     127               0 :             AccessCheck::isLocationObjectSameOrigin(cx, wrapper)) {
     128               0 :             perm = PermitPropertyAccess;
     129               0 :             return true;
     130                 :         }
     131               0 :         perm = DenyAccess;
     132               0 :         JSAutoEnterCompartment ac;
     133               0 :         if (!ac.enter(cx, wrapper))
     134               0 :             return false;
     135               0 :         AccessCheck::deny(cx, id);
     136               0 :         return false;
     137                 :     }
     138                 : };
     139                 : 
     140                 : // This policy only permits access to properties if they appear in the
     141                 : // objects exposed properties list.
     142                 : struct ExposedPropertiesOnly : public Policy {
     143                 :     static bool check(JSContext *cx, JSObject *wrapper, jsid id, js::Wrapper::Action act,
     144                 :                       Permission &perm);
     145                 : };
     146                 : 
     147                 : }

Generated by: LCOV version 1.7