Bug 1464134 part 1 - Fix various places to use Realm instead of JSCompartment. r=luke

This commit is contained in:
Jan de Mooij 2018-05-31 11:28:48 +02:00
parent a20465acbc
commit 09c4068fa0
9 changed files with 43 additions and 26 deletions

View File

@ -3085,12 +3085,12 @@ nsContentUtils::SubjectPrincipal(JSContext* aCx)
MOZ_ASSERT(NS_IsMainThread());
// As opposed to SubjectPrincipal(), we do in fact assume that
// we're in a compartment here; anyone who calls this function
// in situations where that's not the case is doing it wrong.
JSCompartment* compartment = js::GetContextCompartment(aCx);
MOZ_ASSERT(compartment);
// we're in a realm here; anyone who calls this function in
// situations where that's not the case is doing it wrong.
JS::Realm* realm = js::GetContextRealm(aCx);
MOZ_ASSERT(realm);
JSPrincipals* principals = JS_GetCompartmentPrincipals(compartment);
JSPrincipals* principals = JS::GetRealmPrincipals(realm);
return nsJSPrincipals::get(principals);
}
@ -3105,9 +3105,9 @@ nsContentUtils::SubjectPrincipal()
MOZ_CRASH("Accessing the Subject Principal without an AutoJSAPI on the stack is forbidden");
}
JSCompartment *compartment = js::GetContextCompartment(cx);
JS::Realm* realm = js::GetContextRealm(cx);
// When an AutoJSAPI is instantiated, we are in a null compartment until the
// When an AutoJSAPI is instantiated, we are in a null realm until the
// first JSAutoRealm, which is kind of a purgatory as far as permissions
// go. It would be nice to just hard-abort if somebody does a security check
// in this purgatory zone, but that would be too fragile, since it could be
@ -3125,9 +3125,9 @@ nsContentUtils::SubjectPrincipal()
//
// So we use a singleton null principal. To avoid it being accidentally
// inherited and becoming a "real" subject or object principal, we do a
// release-mode assert during compartment creation against using this
// principal on an actual global.
if (!compartment) {
// release-mode assert during realm creation against using this principal on
// an actual global.
if (!realm) {
return sNullSubjectPrincipal;
}

View File

@ -1980,12 +1980,12 @@ nsGlobalWindowOuter::SetNewDocument(nsIDocument* aDocument,
currentInner = nullptr;
// Ask the JS engine to assert that it's valid to access our DocGroup whenever
// it runs JS code for this compartment. We skip the check if this window is
// for chrome JS or an add-on.
// it runs JS code for this realm. We skip the check if this window is for
// chrome JS or an add-on.
nsCOMPtr<nsIPrincipal> principal = mDoc->NodePrincipal();
if (GetDocGroup() && !nsContentUtils::IsSystemPrincipal(principal) &&
!BasePrincipal::Cast(principal)->AddonPolicy()) {
js::SetCompartmentValidAccessPtr(cx, newInnerGlobal,
js::SetRealmValidAccessPtr(cx, newInnerGlobal,
newInnerWindow->GetDocGroup()->GetValidAccessPtr());
}

View File

@ -2462,9 +2462,9 @@ GlobalObject::GetSubjectPrincipal() const
return nullptr;
}
JSCompartment* compartment = js::GetContextCompartment(mCx);
MOZ_ASSERT(compartment);
JSPrincipals* principals = JS_GetCompartmentPrincipals(compartment);
JS::Realm* realm = js::GetContextRealm(mCx);
MOZ_ASSERT(realm);
JSPrincipals* principals = JS::GetRealmPrincipals(realm);
return nsJSPrincipals::get(principals);
}

View File

@ -189,7 +189,7 @@ GetCurrentJSStack(int32_t aMaxDepth)
// is there a current context available?
JSContext* cx = nsContentUtils::GetCurrentJSContext();
if (!cx || !js::GetContextCompartment(cx)) {
if (!cx || !js::GetContextRealm(cx)) {
return nullptr;
}

View File

@ -618,7 +618,7 @@ AutoJSAPI::PeekException(JS::MutableHandle<JS::Value> aVal)
{
MOZ_ASSERT_IF(mIsMainThread, IsStackTop());
MOZ_ASSERT(HasException());
MOZ_ASSERT(js::GetContextCompartment(cx()));
MOZ_ASSERT(js::GetContextRealm(cx()));
if (!JS_GetPendingException(cx(), aVal)) {
return false;
}

View File

@ -884,7 +884,7 @@ class RootingContext
return reinterpret_cast<RootingContext*>(cx);
}
friend JSCompartment* js::GetContextCompartment(const JSContext* cx);
friend JS::Realm* js::GetContextRealm(const JSContext* cx);
friend JS::Zone* js::GetContextZone(const JSContext* cx);
};
@ -1054,10 +1054,16 @@ namespace js {
* usable without resorting to jsfriendapi.h, and when JSContext is an
* incomplete type.
*/
inline JS::Realm*
GetContextRealm(const JSContext* cx)
{
return JS::RootingContext::get(cx)->realm_;
}
inline JSCompartment*
GetContextCompartment(const JSContext* cx)
{
return GetCompartmentForRealm(JS::RootingContext::get(cx)->realm_);
return GetCompartmentForRealm(GetContextRealm(cx));
}
inline JS::Zone*

View File

@ -162,6 +162,12 @@ JS_GetCompartmentPrincipals(JSCompartment* compartment)
return realm->principals();
}
JS_FRIEND_API(JSPrincipals*)
JS::GetRealmPrincipals(JS::Realm* realm)
{
return realm->principals();
}
JS_FRIEND_API(void)
JS_SetCompartmentPrincipals(JSCompartment* compartment, JSPrincipals* principals)
{
@ -1543,8 +1549,9 @@ js::EnableAccessValidation(JSContext* cx, bool enabled)
}
JS_FRIEND_API(void)
js::SetCompartmentValidAccessPtr(JSContext* cx, JS::HandleObject global, bool* accessp)
js::SetRealmValidAccessPtr(JSContext* cx, JS::HandleObject global, bool* accessp)
{
MOZ_ASSERT(global->is<GlobalObject>());
global->realm()->setValidAccessPtr(accessp);
}

View File

@ -325,6 +325,9 @@ ForceLexicalInitialization(JSContext *cx, HandleObject obj);
extern JS_FRIEND_API(int)
IsGCPoisoning();
extern JS_FRIEND_API(JSPrincipals*)
GetRealmPrincipals(JS::Realm* realm);
} // namespace JS
/**
@ -3093,9 +3096,9 @@ class MOZ_STACK_CLASS JS_FRIEND_API(AutoAssertNoContentJS)
};
// Turn on assertions so that we assert that
// !comp->validAccessPtr || *comp->validAccessPtr
// is true for every |comp| that we run JS code in. The compartment's validAccessPtr
// is set via SetCompartmentValidAccessPtr.
// !realm->validAccessPtr || *realm->validAccessPtr
// is true for every |realm| that we run JS code in. The realm's validAccessPtr
// is set via SetRealmValidAccessPtr.
extern JS_FRIEND_API(void)
EnableAccessValidation(JSContext* cx, bool enabled);
@ -3104,7 +3107,7 @@ EnableAccessValidation(JSContext* cx, bool enabled);
// threads that are allowed to run code on |global|, so all changes to *accessp
// should be made from whichever thread owns |global| at a given time.
extern JS_FRIEND_API(void)
SetCompartmentValidAccessPtr(JSContext* cx, JS::HandleObject global, bool* accessp);
SetRealmValidAccessPtr(JSContext* cx, JS::HandleObject global, bool* accessp);
// Returns true if the system zone is available (i.e., if no cooperative contexts
// are using it now).

View File

@ -85,6 +85,7 @@ typedef JSConstScalarSpec<int32_t> JSConstIntegerSpec;
namespace js {
inline JS::Realm* GetContextRealm(const JSContext* cx);
inline JSCompartment* GetContextCompartment(const JSContext* cx);
inline JS::Zone* GetContextZone(const JSContext* cx);