1 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 : * vim: set ts=4 sw=4 et tw=99 ft=cpp:
3 : *
4 : * ***** BEGIN LICENSE BLOCK *****
5 : * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 : *
7 : * The contents of this file are subject to the Mozilla Public License Version
8 : * 1.1 (the "License"); you may not use this file except in compliance with
9 : * the License. You may obtain a copy of the License at
10 : * http://www.mozilla.org/MPL/
11 : *
12 : * Software distributed under the License is distributed on an "AS IS" basis,
13 : * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
14 : * for the specific language governing rights and limitations under the
15 : * License.
16 : *
17 : * The Original Code is mozilla.org code, released
18 : * June 24, 2010.
19 : *
20 : * The Initial Developer of the Original Code is
21 : * The Mozilla Foundation
22 : *
23 : * Contributor(s):
24 : * Andreas Gal <gal@mozilla.com>
25 : *
26 : * Alternatively, the contents of this file may be used under the terms of
27 : * either of the GNU General Public License Version 2 or later (the "GPL"),
28 : * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
29 : * in which case the provisions of the GPL or the LGPL are applicable instead
30 : * of those above. If you wish to allow use of your version of this file only
31 : * under the terms of either the GPL or the LGPL, and not to allow others to
32 : * use your version of this file under the terms of the MPL, indicate your
33 : * decision by deleting the provisions above and replace them with the notice
34 : * and other provisions required by the GPL or the LGPL. If you do not delete
35 : * the provisions above, a recipient may use your version of this file under
36 : * the terms of any one of the MPL, the GPL or the LGPL.
37 : *
38 : * ***** END LICENSE BLOCK ***** */
39 :
40 : #include "jsapi.h"
41 : #include "jswrapper.h"
42 :
43 : class nsIPrincipal;
44 :
45 : namespace xpc {
46 :
47 : nsIPrincipal *
48 : GetCompartmentPrincipal(JSCompartment *compartment);
49 :
50 : class AccessCheck {
51 : public:
52 : static bool isSameOrigin(JSCompartment *a, JSCompartment *b);
53 : static bool isChrome(JSCompartment *compartment);
54 : static nsIPrincipal *getPrincipal(JSCompartment *compartment);
55 : static bool isCrossOriginAccessPermitted(JSContext *cx, JSObject *obj, jsid id,
56 : js::Wrapper::Action act);
57 : static bool isSystemOnlyAccessPermitted(JSContext *cx);
58 : static bool isLocationObjectSameOrigin(JSContext *cx, JSObject *wrapper);
59 : static bool documentDomainMakesSameOrigin(JSContext *cx, JSObject *obj);
60 :
61 : static bool needsSystemOnlyWrapper(JSObject *obj);
62 :
63 : static bool isScriptAccessOnly(JSContext *cx, JSObject *wrapper);
64 :
65 : static void deny(JSContext *cx, jsid id);
66 : };
67 :
68 : struct Policy {
69 : typedef js::Wrapper::Permission Permission;
70 :
71 : static const Permission PermitObjectAccess = js::Wrapper::PermitObjectAccess;
72 : static const Permission PermitPropertyAccess = js::Wrapper::PermitPropertyAccess;
73 : static const Permission DenyAccess = js::Wrapper::DenyAccess;
74 : };
75 :
76 : // This policy permits access to all properties.
77 : struct Permissive : public Policy {
78 : static bool check(JSContext *cx, JSObject *wrapper, jsid id, js::Wrapper::Action act,
79 : Permission &perm) {
80 : perm = PermitObjectAccess;
81 : return true;
82 : }
83 : };
84 :
85 : // This policy only permits access to the object if the subject can touch
86 : // system objects.
87 : struct OnlyIfSubjectIsSystem : public Policy {
88 0 : static bool check(JSContext *cx, JSObject *wrapper, jsid id, js::Wrapper::Action act,
89 : Permission &perm) {
90 0 : if (AccessCheck::isSystemOnlyAccessPermitted(cx)) {
91 0 : perm = PermitObjectAccess;
92 0 : return true;
93 : }
94 0 : perm = DenyAccess;
95 0 : JSAutoEnterCompartment ac;
96 0 : if (!ac.enter(cx, wrapper))
97 0 : return false;
98 0 : AccessCheck::deny(cx, id);
99 0 : return false;
100 : }
101 : };
102 :
103 : // This policy only permits access to properties that are safe to be used
104 : // across origins.
105 : struct CrossOriginAccessiblePropertiesOnly : public Policy {
106 0 : static bool check(JSContext *cx, JSObject *wrapper, jsid id, js::Wrapper::Action act,
107 : Permission &perm) {
108 0 : if (AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act)) {
109 0 : perm = PermitPropertyAccess;
110 0 : return true;
111 : }
112 0 : perm = DenyAccess;
113 0 : JSAutoEnterCompartment ac;
114 0 : if (!ac.enter(cx, wrapper))
115 0 : return false;
116 0 : AccessCheck::deny(cx, id);
117 0 : return false;
118 : }
119 : };
120 :
121 : // This policy only permits access to properties that are safe to be used
122 : // across origins.
123 : struct SameOriginOrCrossOriginAccessiblePropertiesOnly : public Policy {
124 0 : static bool check(JSContext *cx, JSObject *wrapper, jsid id, js::Wrapper::Action act,
125 : Permission &perm) {
126 0 : if (AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act) ||
127 0 : AccessCheck::isLocationObjectSameOrigin(cx, wrapper)) {
128 0 : perm = PermitPropertyAccess;
129 0 : return true;
130 : }
131 0 : perm = DenyAccess;
132 0 : JSAutoEnterCompartment ac;
133 0 : if (!ac.enter(cx, wrapper))
134 0 : return false;
135 0 : AccessCheck::deny(cx, id);
136 0 : return false;
137 : }
138 : };
139 :
140 : // This policy only permits access to properties if they appear in the
141 : // objects exposed properties list.
142 : struct ExposedPropertiesOnly : public Policy {
143 : static bool check(JSContext *cx, JSObject *wrapper, jsid id, js::Wrapper::Action act,
144 : Permission &perm);
145 : };
146 :
147 : }
|