From 09c4068fa0567d10cd0fdcaa5767bc23daeb713d Mon Sep 17 00:00:00 2001
From: Jan de Mooij <jdemooij@mozilla.com>
Date: Thu, 31 May 2018 11:28:48 +0200
Subject: [PATCH] Bug 1464134 part 1 - Fix various places to use Realm instead
 of JSCompartment. r=luke

---
 dom/base/nsContentUtils.cpp      | 20 ++++++++++----------
 dom/base/nsGlobalWindowOuter.cpp |  8 ++++----
 dom/bindings/BindingUtils.cpp    |  6 +++---
 dom/bindings/Exceptions.cpp      |  2 +-
 dom/script/ScriptSettings.cpp    |  2 +-
 js/public/RootingAPI.h           | 10 ++++++++--
 js/src/jsfriendapi.cpp           |  9 ++++++++-
 js/src/jsfriendapi.h             | 11 +++++++----
 js/src/jspubtd.h                 |  1 +
 9 files changed, 43 insertions(+), 26 deletions(-)

diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp
index 5300bd8ea298..11af871d2460 100644
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -3085,12 +3085,12 @@ nsContentUtils::SubjectPrincipal(JSContext* aCx)
   MOZ_ASSERT(NS_IsMainThread());
 
   // As opposed to SubjectPrincipal(), we do in fact assume that
-  // we're in a compartment here; anyone who calls this function
-  // in situations where that's not the case is doing it wrong.
-  JSCompartment* compartment = js::GetContextCompartment(aCx);
-  MOZ_ASSERT(compartment);
+  // we're in a realm here; anyone who calls this function in
+  // situations where that's not the case is doing it wrong.
+  JS::Realm* realm = js::GetContextRealm(aCx);
+  MOZ_ASSERT(realm);
 
-  JSPrincipals* principals = JS_GetCompartmentPrincipals(compartment);
+  JSPrincipals* principals = JS::GetRealmPrincipals(realm);
   return nsJSPrincipals::get(principals);
 }
 
@@ -3105,9 +3105,9 @@ nsContentUtils::SubjectPrincipal()
     MOZ_CRASH("Accessing the Subject Principal without an AutoJSAPI on the stack is forbidden");
   }
 
-  JSCompartment *compartment = js::GetContextCompartment(cx);
+  JS::Realm* realm = js::GetContextRealm(cx);
 
-  // When an AutoJSAPI is instantiated, we are in a null compartment until the
+  // When an AutoJSAPI is instantiated, we are in a null realm until the
   // first JSAutoRealm, which is kind of a purgatory as far as permissions
   // go. It would be nice to just hard-abort if somebody does a security check
   // in this purgatory zone, but that would be too fragile, since it could be
@@ -3125,9 +3125,9 @@ nsContentUtils::SubjectPrincipal()
   //
   // So we use a singleton null principal. To avoid it being accidentally
   // inherited and becoming a "real" subject or object principal, we do a
-  // release-mode assert during compartment creation against using this
-  // principal on an actual global.
-  if (!compartment) {
+  // release-mode assert during realm creation against using this principal on
+  // an actual global.
+  if (!realm) {
     return sNullSubjectPrincipal;
   }
 
diff --git a/dom/base/nsGlobalWindowOuter.cpp b/dom/base/nsGlobalWindowOuter.cpp
index 989bd38ba5de..325bcd7b888f 100644
--- a/dom/base/nsGlobalWindowOuter.cpp
+++ b/dom/base/nsGlobalWindowOuter.cpp
@@ -1980,13 +1980,13 @@ nsGlobalWindowOuter::SetNewDocument(nsIDocument* aDocument,
   currentInner = nullptr;
 
   // Ask the JS engine to assert that it's valid to access our DocGroup whenever
-  // it runs JS code for this compartment. We skip the check if this window is
-  // for chrome JS or an add-on.
+  // it runs JS code for this realm. We skip the check if this window is for
+  // chrome JS or an add-on.
   nsCOMPtr<nsIPrincipal> principal = mDoc->NodePrincipal();
   if (GetDocGroup() && !nsContentUtils::IsSystemPrincipal(principal) &&
       !BasePrincipal::Cast(principal)->AddonPolicy()) {
-    js::SetCompartmentValidAccessPtr(cx, newInnerGlobal,
-                                     newInnerWindow->GetDocGroup()->GetValidAccessPtr());
+    js::SetRealmValidAccessPtr(cx, newInnerGlobal,
+                               newInnerWindow->GetDocGroup()->GetValidAccessPtr());
   }
 
   kungFuDeathGrip->DidInitializeContext();
diff --git a/dom/bindings/BindingUtils.cpp b/dom/bindings/BindingUtils.cpp
index 21b700984045..6ef7a5187611 100644
--- a/dom/bindings/BindingUtils.cpp
+++ b/dom/bindings/BindingUtils.cpp
@@ -2462,9 +2462,9 @@ GlobalObject::GetSubjectPrincipal() const
     return nullptr;
   }
 
-  JSCompartment* compartment = js::GetContextCompartment(mCx);
-  MOZ_ASSERT(compartment);
-  JSPrincipals* principals = JS_GetCompartmentPrincipals(compartment);
+  JS::Realm* realm = js::GetContextRealm(mCx);
+  MOZ_ASSERT(realm);
+  JSPrincipals* principals = JS::GetRealmPrincipals(realm);
   return nsJSPrincipals::get(principals);
 }
 
diff --git a/dom/bindings/Exceptions.cpp b/dom/bindings/Exceptions.cpp
index 2a64ef000ffd..69a5e8cc494a 100644
--- a/dom/bindings/Exceptions.cpp
+++ b/dom/bindings/Exceptions.cpp
@@ -189,7 +189,7 @@ GetCurrentJSStack(int32_t aMaxDepth)
   // is there a current context available?
   JSContext* cx = nsContentUtils::GetCurrentJSContext();
 
-  if (!cx || !js::GetContextCompartment(cx)) {
+  if (!cx || !js::GetContextRealm(cx)) {
     return nullptr;
   }
 
diff --git a/dom/script/ScriptSettings.cpp b/dom/script/ScriptSettings.cpp
index 975c0a026a90..a8832b5cd735 100644
--- a/dom/script/ScriptSettings.cpp
+++ b/dom/script/ScriptSettings.cpp
@@ -618,7 +618,7 @@ AutoJSAPI::PeekException(JS::MutableHandle<JS::Value> aVal)
 {
   MOZ_ASSERT_IF(mIsMainThread, IsStackTop());
   MOZ_ASSERT(HasException());
-  MOZ_ASSERT(js::GetContextCompartment(cx()));
+  MOZ_ASSERT(js::GetContextRealm(cx()));
   if (!JS_GetPendingException(cx(), aVal)) {
     return false;
   }
diff --git a/js/public/RootingAPI.h b/js/public/RootingAPI.h
index c0b035951ae9..9a4029423733 100644
--- a/js/public/RootingAPI.h
+++ b/js/public/RootingAPI.h
@@ -884,7 +884,7 @@ class RootingContext
         return reinterpret_cast<RootingContext*>(cx);
     }
 
-    friend JSCompartment* js::GetContextCompartment(const JSContext* cx);
+    friend JS::Realm* js::GetContextRealm(const JSContext* cx);
     friend JS::Zone* js::GetContextZone(const JSContext* cx);
 };
 
@@ -1054,10 +1054,16 @@ namespace js {
  *   usable without resorting to jsfriendapi.h, and when JSContext is an
  *   incomplete type.
  */
+inline JS::Realm*
+GetContextRealm(const JSContext* cx)
+{
+    return JS::RootingContext::get(cx)->realm_;
+}
+
 inline JSCompartment*
 GetContextCompartment(const JSContext* cx)
 {
-    return GetCompartmentForRealm(JS::RootingContext::get(cx)->realm_);
+    return GetCompartmentForRealm(GetContextRealm(cx));
 }
 
 inline JS::Zone*
diff --git a/js/src/jsfriendapi.cpp b/js/src/jsfriendapi.cpp
index 60aa8ed05dde..caacbb5cfe8b 100644
--- a/js/src/jsfriendapi.cpp
+++ b/js/src/jsfriendapi.cpp
@@ -162,6 +162,12 @@ JS_GetCompartmentPrincipals(JSCompartment* compartment)
     return realm->principals();
 }
 
+JS_FRIEND_API(JSPrincipals*)
+JS::GetRealmPrincipals(JS::Realm* realm)
+{
+    return realm->principals();
+}
+
 JS_FRIEND_API(void)
 JS_SetCompartmentPrincipals(JSCompartment* compartment, JSPrincipals* principals)
 {
@@ -1543,8 +1549,9 @@ js::EnableAccessValidation(JSContext* cx, bool enabled)
 }
 
 JS_FRIEND_API(void)
-js::SetCompartmentValidAccessPtr(JSContext* cx, JS::HandleObject global, bool* accessp)
+js::SetRealmValidAccessPtr(JSContext* cx, JS::HandleObject global, bool* accessp)
 {
+    MOZ_ASSERT(global->is<GlobalObject>());
     global->realm()->setValidAccessPtr(accessp);
 }
 
diff --git a/js/src/jsfriendapi.h b/js/src/jsfriendapi.h
index 4d1d9943dd8c..2f2b758a464e 100644
--- a/js/src/jsfriendapi.h
+++ b/js/src/jsfriendapi.h
@@ -325,6 +325,9 @@ ForceLexicalInitialization(JSContext *cx, HandleObject obj);
 extern JS_FRIEND_API(int)
 IsGCPoisoning();
 
+extern JS_FRIEND_API(JSPrincipals*)
+GetRealmPrincipals(JS::Realm* realm);
+
 } // namespace JS
 
 /**
@@ -3093,9 +3096,9 @@ class MOZ_STACK_CLASS JS_FRIEND_API(AutoAssertNoContentJS)
 };
 
 // Turn on assertions so that we assert that
-//     !comp->validAccessPtr || *comp->validAccessPtr
-// is true for every |comp| that we run JS code in. The compartment's validAccessPtr
-// is set via SetCompartmentValidAccessPtr.
+//     !realm->validAccessPtr || *realm->validAccessPtr
+// is true for every |realm| that we run JS code in. The realm's validAccessPtr
+// is set via SetRealmValidAccessPtr.
 extern JS_FRIEND_API(void)
 EnableAccessValidation(JSContext* cx, bool enabled);
 
@@ -3104,7 +3107,7 @@ EnableAccessValidation(JSContext* cx, bool enabled);
 // threads that are allowed to run code on |global|, so all changes to *accessp
 // should be made from whichever thread owns |global| at a given time.
 extern JS_FRIEND_API(void)
-SetCompartmentValidAccessPtr(JSContext* cx, JS::HandleObject global, bool* accessp);
+SetRealmValidAccessPtr(JSContext* cx, JS::HandleObject global, bool* accessp);
 
 // Returns true if the system zone is available (i.e., if no cooperative contexts
 // are using it now).
diff --git a/js/src/jspubtd.h b/js/src/jspubtd.h
index d373e326cda0..80956717d598 100644
--- a/js/src/jspubtd.h
+++ b/js/src/jspubtd.h
@@ -85,6 +85,7 @@ typedef JSConstScalarSpec<int32_t> JSConstIntegerSpec;
 
 namespace js {
 
+inline JS::Realm* GetContextRealm(const JSContext* cx);
 inline JSCompartment* GetContextCompartment(const JSContext* cx);
 inline JS::Zone* GetContextZone(const JSContext* cx);