Bug 332285 - nsGlobalWindow.cpp and nsCommandManager.cpp should use nsContentUtils::IsCallerChrome, r+sr=roc

2025-02-12 02:31:41 +00:00 · 2006-04-03 22:05:40 +00:00 · 2006-04-03 22:05:40 +00:00 · 689935cd5a
commit 689935cd5a
parent 33319ef269
1 changed files with 40 additions and 73 deletions
--- a/dom/src/base/nsGlobalWindow.cpp
+++ b/dom/src/base/nsGlobalWindow.cpp
@ -174,7 +174,6 @@
 static PRLogModuleInfo* gDOMLeakPRLog;
 #endif

-nsIScriptSecurityManager *nsGlobalWindow::sSecMan      = nsnull;
 nsIFactory *nsGlobalWindow::sComputedDOMStyleFactory   = nsnull;

 static nsIEntropyCollector *gEntropyCollector          = nsnull;
@ -348,9 +347,6 @@ nsGlobalWindow::nsGlobalWindow(nsGlobalWindow *aOuterWindow)
           ("DOMWINDOW %p created outer=%p", this, aOuterWindow));
 #endif

-  if (!sSecMan) {
-    CallGetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &sSecMan);
-  }
 }

 nsGlobalWindow::~nsGlobalWindow()
@ -413,7 +409,6 @@ nsGlobalWindow::~nsGlobalWindow()
 void
 nsGlobalWindow::ShutDown()
 {
-  NS_IF_RELEASE(sSecMan);
  NS_IF_RELEASE(sComputedDOMStyleFactory);
 }

@ -632,9 +627,10 @@ nsGlobalWindow::WouldReuseInnerWindow(nsIDocument *aNewDocument)
    return PR_TRUE;
  }

-  if (mOpenerScriptPrincipal && sSecMan &&
-      NS_SUCCEEDED(sSecMan->CheckSameOriginPrincipal(mOpenerScriptPrincipal,
-                                                     newPrincipal))) {
+  if (mOpenerScriptPrincipal && nsContentUtils::GetSecurityManager() &&
+      NS_SUCCEEDED(nsContentUtils::GetSecurityManager()->
+        CheckSameOriginPrincipal(mOpenerScriptPrincipal,
+                                 newPrincipal))) {
    // The origin is the same.
    return PR_TRUE;
  }
@ -956,7 +952,8 @@ nsGlobalWindow::SetNewDocument(nsIDocument* aDocument,
    rv = NS_ERROR_FAILURE;

    if (newPrincipal) {
-      rv = sSecMan->CheckSameOriginPrincipal(oldPrincipal, newPrincipal);
+      rv = nsContentUtils::GetSecurityManager()->
+             CheckSameOriginPrincipal(oldPrincipal, newPrincipal);
    }

    if (NS_FAILED(rv)) {
@ -1876,7 +1873,7 @@ nsGlobalWindow::GetContent(nsIDOMWindow** aContent)

  nsCOMPtr<nsIDocShellTreeItem> primaryContent;

-  if (!IsCallerChrome()) {
+  if (!nsContentUtils::IsCallerChrome()) {
    // If we're called by non-chrome code, make sure we don't return
    // the primary content window if the calling tab is hidden. In
    // such a case we return the same-type root in the hidden tab,
@ -2168,7 +2165,7 @@ nsGlobalWindow::GetOpener(nsIDOMWindowInternal** aOpener)
  *aOpener = nsnull;
  // First, check if we were called from a privileged chrome script

-  if (IsCallerChrome()) {
+  if (nsContentUtils::IsCallerTrustedForRead()) {
    *aOpener = mOpener;
    NS_IF_ADDREF(*aOpener);
    return NS_OK;
@ -2204,7 +2201,7 @@ nsGlobalWindow::SetOpener(nsIDOMWindowInternal* aOpener)
 {
  // check if we were called from a privileged chrome script.
  // If not, opener is settable only to null.
-  if (aOpener && !IsCallerChrome()) {
+  if (aOpener && !nsContentUtils::IsCallerTrustedForWrite()) {
    return NS_OK;
  }

@ -2614,13 +2611,7 @@ nsGlobalWindow::CheckSecurityWidthAndHeight(PRInt32* aWidth, PRInt32* aHeight)
  if ((aWidth && *aWidth < 100) || (aHeight && *aHeight < 100)) {
    // Check security state for use in determing window dimensions

-    NS_ENSURE_TRUE(sSecMan, NS_ERROR_FAILURE);
-
-    PRBool enabled;
-    nsresult res = sSecMan->IsCapabilityEnabled("UniversalBrowserWrite",
-                                                &enabled);
-
-    if (NS_FAILED(res) || !enabled) {
+    if (!nsContentUtils::IsCallerTrustedForWrite()) {
      //sec check failed
      if (aWidth && *aWidth < 100) {
        *aWidth = 100;
@ -2641,16 +2632,7 @@ nsGlobalWindow::CheckSecurityLeftAndTop(PRInt32* aLeft, PRInt32* aTop)

  // Check security state for use in determing window dimensions

-  NS_ENSURE_TRUE(sSecMan, NS_ERROR_FAILURE);
-
-  PRBool enabled;
-  nsresult res = sSecMan->IsCapabilityEnabled("UniversalBrowserWrite",
-                                              &enabled);
-  if (NS_FAILED(res)) {
-    enabled = PR_FALSE;
-  }
-
-  if (!enabled) {
+  if (!nsContentUtils::IsCallerTrustedForWrite()) {
    PRInt32 screenLeft, screenTop, screenWidth, screenHeight;
    PRInt32 winLeft, winTop, winWidth, winHeight;

@ -2924,7 +2906,8 @@ nsGlobalWindow::SetFullScreen(PRBool aFullScreen)
  FORWARD_TO_OUTER(SetFullScreen, (aFullScreen), NS_ERROR_NOT_INITIALIZED);

  // Only chrome can change our fullScreen mode.
-  if (aFullScreen == mFullScreen || !IsCallerChrome()) {
+  if (aFullScreen == mFullScreen || 
+      !nsContentUtils::IsCallerTrustedForWrite()) {
    return NS_OK;
  }

@ -3066,18 +3049,6 @@ nsGlobalWindow::SetTextZoom(float aZoom)
  return NS_ERROR_FAILURE;
 }

-// static
-PRBool
-nsGlobalWindow::IsCallerChrome()
-{
-  NS_ENSURE_TRUE(sSecMan, PR_FALSE);
-
-  PRBool isChrome = PR_FALSE;
-  nsresult rv = sSecMan->SubjectPrincipalIsSystem(&isChrome);
-
-  return NS_SUCCEEDED(rv) ? isChrome : PR_FALSE;
-}
-
 // static
 void
 nsGlobalWindow::MakeScriptDialogTitle(const nsAString &aInTitle,
@ -3089,10 +3060,12 @@ nsGlobalWindow::MakeScriptDialogTitle(const nsAString &aInTitle,
  // right thing for javascript: and data: documents.

  nsresult rv = NS_OK;
-  NS_ASSERTION(sSecMan, "Global Window has no security manager!");
-  if (sSecMan) {
+  NS_ASSERTION(nsContentUtils::GetSecurityManager(),
+    "Global Window has no security manager!");
+  if (nsContentUtils::GetSecurityManager()) {
    nsCOMPtr<nsIPrincipal> principal;
-    rv = sSecMan->GetSubjectPrincipal(getter_AddRefs(principal));
+    rv = nsContentUtils::GetSecurityManager()->
+      GetSubjectPrincipal(getter_AddRefs(principal));

    if (NS_SUCCEEDED(rv) && principal) {
      nsCOMPtr<nsIURI> uri;
@ -3938,7 +3911,7 @@ PRBool
 nsGlobalWindow::CanSetProperty(const char *aPrefName)
 {
  // Chrome can set any property.
-  if (IsCallerChrome()) {
+  if (nsContentUtils::IsCallerTrustedForWrite()) {
    return PR_TRUE;
  }

@ -4150,7 +4123,7 @@ nsGlobalWindow::OpenDialog(const nsAString& aUrl, const nsAString& aName,
 NS_IMETHODIMP
 nsGlobalWindow::OpenDialog(nsIDOMWindow** _retval)
 {
-  if (!IsCallerChrome()) {
+  if (!nsContentUtils::IsCallerTrustedForWrite()) {
    return NS_ERROR_DOM_SECURITY_ERR;
  }

@ -4275,15 +4248,8 @@ nsGlobalWindow::Close()
  // that were not opened by script
  nsresult rv = NS_OK;
  if (!mHadOriginalOpener) {
-    PRBool allowClose = PR_FALSE;
-
-    // UniversalBrowserWrite will be enabled if it's been explicitly
-    // enabled, or if we're called from chrome.
-    rv = sSecMan->IsCapabilityEnabled("UniversalBrowserWrite",
-                                      &allowClose);
-
-    if (NS_SUCCEEDED(rv) && !allowClose) {
-      allowClose =
+    if (nsContentUtils::IsCallerTrustedForWrite()) {
+      PRBool allowClose =
        nsContentUtils::GetBoolPref("dom.allow_scripts_to_close_windows",
                                    PR_TRUE);
      if (!allowClose) {
@ -4377,7 +4343,7 @@ nsGlobalWindow::Close()
  // frames, we crash. So, if we are called from Javascript, post an event
  // to really close the window.
  rv = NS_ERROR_FAILURE;
-  if (!IsCallerChrome()) {
+  if (!nsContentUtils::IsCallerChrome()) {
    nsCloseEvent *ev = new nsCloseEvent(this);

    if (ev) {
@ -5616,13 +5582,15 @@ nsGlobalWindow::OpenInternal(const nsAString& aUrl, const nsAString& aName,
  if (domReturn) {
    // Save the principal of the calling script
    // We need it to decide whether to clear the scope in SetNewDocument
-    NS_ASSERTION(sSecMan, "No Security Manager Found!");
+    NS_ASSERTION(nsContentUtils::GetSecurityManager(),
+                 "No Security Manager Found!");
    // Note that the opener script principal is not relevant for openDialog
    // callers, since those already have chrome privileges.  So we
    // only want to do this when aDoJSFixups is true.
-    if (aDoJSFixups && sSecMan) {
+    if (aDoJSFixups && nsContentUtils::GetSecurityManager()) {
      nsCOMPtr<nsIPrincipal> principal;
-      sSecMan->GetSubjectPrincipal(getter_AddRefs(principal));
+      nsContentUtils::GetSecurityManager()->
+        GetSubjectPrincipal(getter_AddRefs(principal));
      if (principal) {
        nsCOMPtr<nsPIDOMWindow> domReturnPrivate(do_QueryInterface(domReturn));
        domReturnPrivate->SetOpenerScriptPrincipal(principal);
@ -5872,7 +5840,8 @@ nsGlobalWindow::SetTimeoutOrInterval(PRBool aIsInterval, PRInt32 *aReturn)
  // to avoid running script in elevated principals.

  nsCOMPtr<nsIPrincipal> subjectPrincipal;
-  rv = sSecMan->GetSubjectPrincipal(getter_AddRefs(subjectPrincipal));
+  rv = nsContentUtils::GetSecurityManager()->
+    GetSubjectPrincipal(getter_AddRefs(subjectPrincipal));
  if (NS_FAILED(rv)) {
    timeout->Release(scx);

@ -5897,7 +5866,8 @@ nsGlobalWindow::SetTimeoutOrInterval(PRBool aIsInterval, PRInt32 *aReturn)
    // Subsumes does a very strict equality test. Allow sites of the same origin
    // to set timeouts on each other.

-    rv = sSecMan->CheckSameOriginPrincipal(subjectPrincipal, ourPrincipal);
+    rv = nsContentUtils::GetSecurityManager()->
+      CheckSameOriginPrincipal(subjectPrincipal, ourPrincipal);
    timeout->mPrincipal = NS_SUCCEEDED(rv) ? subjectPrincipal : ourPrincipal;
    rv = NS_OK;
  }
@ -6604,7 +6574,7 @@ nsGlobalWindow::BuildURIfromBase(const char *aURL, nsIURI **aBuiltURI,
  nsCOMPtr<nsIDOMChromeWindow> chrome_win =
    do_QueryInterface(NS_STATIC_CAST(nsIDOMWindow *, this));

-  if (IsCallerChrome() && !chrome_win) {
+  if (nsContentUtils::IsCallerChrome() && !chrome_win) {
    // If open() is called from chrome on a non-chrome window, we'll
    // use the context from the window on which open() is being called
    // to prevent giving chrome priveleges to new windows opened in
@ -6663,7 +6633,8 @@ nsGlobalWindow::SecurityCheckURL(const char *aURL)
  if (NS_FAILED(BuildURIfromBase(aURL, getter_AddRefs(uri), &freePass, &cx)))
    return NS_ERROR_FAILURE;

-  if (!freePass && NS_FAILED(sSecMan->CheckLoadURIFromScript(cx, uri)))
+  if (!freePass && NS_FAILED(nsContentUtils::GetSecurityManager()->
+        CheckLoadURIFromScript(cx, uri)))
    return NS_ERROR_FAILURE;

  return NS_OK;
@ -7233,7 +7204,7 @@ nsNavigator::GetAppCodeName(nsAString& aAppCodeName)
 NS_IMETHODIMP
 nsNavigator::GetAppVersion(nsAString& aAppVersion)
 {
-  if (!nsGlobalWindow::IsCallerChrome()) {
+  if (!nsContentUtils::IsCallerTrustedForRead()) {
    const nsAdoptingCString& override = 
      nsContentUtils::GetCharPref("general.appversion.override");

@ -7277,7 +7248,7 @@ nsNavigator::GetAppVersion(nsAString& aAppVersion)
 NS_IMETHODIMP
 nsNavigator::GetAppName(nsAString& aAppName)
 {
-  if (!nsGlobalWindow::IsCallerChrome()) {
+  if (!nsContentUtils::IsCallerTrustedForRead()) {
    const nsAdoptingCString& override =
      nsContentUtils::GetCharPref("general.appname.override");

@ -7309,7 +7280,7 @@ nsNavigator::GetLanguage(nsAString& aLanguage)
 NS_IMETHODIMP
 nsNavigator::GetPlatform(nsAString& aPlatform)
 {
-  if (!nsGlobalWindow::IsCallerChrome()) {
+  if (!nsContentUtils::IsCallerTrustedForRead()) {
    const nsAdoptingCString& override =
      nsContentUtils::GetCharPref("general.platform.override");

@ -7571,12 +7542,8 @@ nsNavigator::Preference()
      action = nsIXPCSecurityManager::ACCESS_SET_PROPERTY;
  }

-  nsCOMPtr<nsIScriptSecurityManager> secMan =
-      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  rv = secMan->CheckPropertyAccess(cx, nsnull, "Navigator", sPrefInternal_id,
-                                   action);
+  rv = nsContentUtils::GetSecurityManager()->
+    CheckPropertyAccess(cx, nsnull, "Navigator", sPrefInternal_id, action);
  if (NS_FAILED(rv)) {
    return NS_OK;
  }