mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-26 14:22:01 +00:00
Bug 951948 - Remove Components wrappers. r=mrbkap
We fix up the tests here to test the new behavior, and fix some bugs in the test while we're at it.
This commit is contained in:
Bobby Holley
parent
55527375b8
commit
78a5768df9
@ -1709,10 +1709,6 @@ XPCWrappedNative::GetSameCompartmentSecurityWrapper(JSContext *cx)
|
||||
wrapper = xpc::WrapperFactory::WrapSOWObject(cx, flat);
|
||||
if (!wrapper)
|
||||
return nullptr;
|
||||
} else if (xpc::WrapperFactory::IsComponentsObject(flat)) {
|
||||
wrapper = xpc::WrapperFactory::WrapComponentsObject(cx, flat);
|
||||
if (!wrapper)
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
// If we made a wrapper, cache it and return it.
|
||||
|
||||
@ -18,15 +18,23 @@ function run_test() {
|
||||
checkThrows("C.classes", sb1);
|
||||
|
||||
// non-chrome accessing own Components
|
||||
checkThrows("Components.utils", sb1);
|
||||
checkThrows("Components.classes", sb1);
|
||||
do_check_eq(Cu.evalInSandbox("typeof Components.interfaces", sb1), 'object');
|
||||
do_check_eq(Cu.evalInSandbox("typeof Components.utils", sb1), 'undefined');
|
||||
do_check_eq(Cu.evalInSandbox("typeof Components.classes", sb1), 'undefined');
|
||||
|
||||
// Make sure an unprivileged Components is benign.
|
||||
var C2 = Cu.evalInSandbox("Components", sb2);
|
||||
var whitelist = ['interfaces', 'interfacesByID', 'results', 'isSuccessCode', 'QueryInterface'];
|
||||
for (var prop in Components) {
|
||||
do_print("Checking " + prop);
|
||||
do_check_eq((prop in C2), whitelist.indexOf(prop) != -1);
|
||||
}
|
||||
|
||||
// non-chrome same origin
|
||||
var C2 = Cu.evalInSandbox("Components", sb2);
|
||||
do_check_neq(rv, C2.utils);
|
||||
sb1.C2 = C2;
|
||||
checkThrows("C2.utils", sb1);
|
||||
checkThrows("C2.classes", sb1);
|
||||
do_check_eq(Cu.evalInSandbox("typeof C2.interfaces", sb1), 'object');
|
||||
do_check_eq(Cu.evalInSandbox("typeof C2.utils", sb1), 'undefined');
|
||||
do_check_eq(Cu.evalInSandbox("typeof C2.classes", sb1), 'undefined');
|
||||
|
||||
// chrome accessing chrome
|
||||
sb3.C = Components;
|
||||
@ -35,8 +43,9 @@ function run_test() {
|
||||
|
||||
// non-chrome cross origin
|
||||
sb4.C2 = C2;
|
||||
checkThrows("C2.utils", sb1);
|
||||
checkThrows("C2.classes", sb1);
|
||||
checkThrows("C2.interfaces", sb4);
|
||||
checkThrows("C2.utils", sb4);
|
||||
checkThrows("C2.classes", sb4);
|
||||
}
|
||||
|
||||
function checkThrows(expression, sb) {
|
||||
|
||||
@ -401,33 +401,4 @@ ExposedPropertiesOnly::allowNativeCall(JSContext *cx, JS::IsAcceptableThis test,
|
||||
return js::IsReadOnlyDateMethod(test, impl) || js::IsTypedArrayThisCheck(test);
|
||||
}
|
||||
|
||||
bool
|
||||
ComponentsObjectPolicy::check(JSContext *cx, JSObject *wrapperArg, jsid idArg, Wrapper::Action act)
|
||||
{
|
||||
RootedObject wrapper(cx, wrapperArg);
|
||||
RootedId id(cx, idArg);
|
||||
JSAutoCompartment ac(cx, wrapper);
|
||||
|
||||
if (JSID_IS_STRING(id) && act == Wrapper::GET) {
|
||||
JSFlatString *flatId = JSID_TO_FLAT_STRING(id);
|
||||
if (JS_FlatStringEqualsAscii(flatId, "isSuccessCode") ||
|
||||
JS_FlatStringEqualsAscii(flatId, "lookupMethod") ||
|
||||
JS_FlatStringEqualsAscii(flatId, "interfaces") ||
|
||||
JS_FlatStringEqualsAscii(flatId, "interfacesByID") ||
|
||||
JS_FlatStringEqualsAscii(flatId, "results"))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
// We don't have any way to recompute same-compartment Components wrappers,
|
||||
// so we need this dynamic check. This can go away when we expose Components
|
||||
// as SpecialPowers.wrap(Components) during automation.
|
||||
if (xpc::IsUniversalXPConnectEnabled(cx)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -98,18 +98,6 @@ struct ExposedPropertiesOnly : public Policy {
|
||||
static bool allowNativeCall(JSContext *cx, JS::IsAcceptableThis test, JS::NativeImpl impl);
|
||||
};
|
||||
|
||||
// Components specific policy
|
||||
struct ComponentsObjectPolicy : public Policy {
|
||||
static bool check(JSContext *cx, JSObject *wrapper, jsid id, js::Wrapper::Action act);
|
||||
|
||||
static bool deny(js::Wrapper::Action act, JS::HandleId id) {
|
||||
return false;
|
||||
}
|
||||
static bool allowNativeCall(JSContext *cx, JS::IsAcceptableThis test, JS::NativeImpl impl) {
|
||||
return false;
|
||||
}
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
#endif /* __AccessCheck_h__ */
|
||||
|
||||
@ -194,17 +194,12 @@ FilteringWrapper<Base, Policy>::enter(JSContext *cx, HandleObject wrapper,
|
||||
#define XOW FilteringWrapper<SecurityXrayXPCWN, CrossOriginAccessiblePropertiesOnly>
|
||||
#define DXOW FilteringWrapper<SecurityXrayDOM, CrossOriginAccessiblePropertiesOnly>
|
||||
#define NNXOW FilteringWrapper<CrossCompartmentSecurityWrapper, Opaque>
|
||||
#define CW FilteringWrapper<SameCompartmentSecurityWrapper, ComponentsObjectPolicy>
|
||||
#define XCW FilteringWrapper<CrossCompartmentSecurityWrapper, ComponentsObjectPolicy>
|
||||
#define GO FilteringWrapper<CrossCompartmentSecurityWrapper, GentlyOpaque>
|
||||
template<> SCSOW SCSOW::singleton(0);
|
||||
template<> XOW XOW::singleton(0);
|
||||
template<> DXOW DXOW::singleton(0);
|
||||
template<> NNXOW NNXOW::singleton(0);
|
||||
|
||||
template<> CW CW::singleton(0);
|
||||
template<> XCW XCW::singleton(0);
|
||||
|
||||
template<> GO GO::singleton(0);
|
||||
|
||||
template class XOW;
|
||||
|
||||
@ -316,9 +316,6 @@ DEBUG_CheckUnwrapSafety(HandleObject obj, js::Wrapper *handler,
|
||||
if (AccessCheck::isChrome(target) || xpc::IsUniversalXPConnectEnabled(target)) {
|
||||
// If the caller is chrome (or effectively so), unwrap should always be allowed.
|
||||
MOZ_ASSERT(handler->isSafeToUnwrap());
|
||||
} else if (WrapperFactory::IsComponentsObject(obj)) {
|
||||
// The Components object that is restricted regardless of origin.
|
||||
MOZ_ASSERT(!handler->isSafeToUnwrap());
|
||||
} else if (AccessCheck::needsSystemOnlyWrapper(obj)) {
|
||||
// The rules for SOWs are complicated enough. Just skip double-checking them here.
|
||||
} else if (handler == &FilteringWrapper<CrossCompartmentSecurityWrapper, GentlyOpaque>::singleton) {
|
||||
@ -412,12 +409,9 @@ WrapperFactory::Rewrap(JSContext *cx, HandleObject existing, HandleObject obj,
|
||||
} else if (originIsChrome && !targetIsChrome && xrayType == NotXray) {
|
||||
wrapper = &ChromeObjectWrapper::singleton;
|
||||
|
||||
// If content is accessing a Components object or NAC, we need a special filter,
|
||||
// even if the object is same origin. Note that we allow access to NAC for
|
||||
// remote-XUL whitelisted domains, since they don't have XBL scopes.
|
||||
} else if (IsComponentsObject(obj) && !AccessCheck::isChrome(target)) {
|
||||
wrapper = &FilteringWrapper<CrossCompartmentSecurityWrapper,
|
||||
ComponentsObjectPolicy>::singleton;
|
||||
// If content is accessing NAC, we need a special filter, even if the
|
||||
// object is same origin. Note that we allow access to NAC for remote-XUL
|
||||
// whitelisted domains, since they don't have XBL scopes.
|
||||
} else if (AccessCheck::needsSystemOnlyWrapper(obj) &&
|
||||
xpc::AllowXBLScope(target) &&
|
||||
!(targetIsChrome || (targetSubsumesOrigin && nsContentUtils::IsCallerXBL())))
|
||||
@ -516,8 +510,6 @@ WrapperFactory::WrapForSameCompartment(JSContext *cx, HandleObject objArg)
|
||||
|
||||
// The WN knows what to do.
|
||||
RootedObject wrapper(cx, wn->GetSameCompartmentSecurityWrapper(cx));
|
||||
MOZ_ASSERT_IF(wrapper != obj && IsComponentsObject(js::UncheckedUnwrap(obj)),
|
||||
!Wrapper::wrapperHandler(wrapper)->isSafeToUnwrap());
|
||||
return wrapper;
|
||||
}
|
||||
|
||||
@ -586,23 +578,6 @@ WrapperFactory::WrapSOWObject(JSContext *cx, JSObject *objArg)
|
||||
return wrapperObj;
|
||||
}
|
||||
|
||||
bool
|
||||
WrapperFactory::IsComponentsObject(JSObject *obj)
|
||||
{
|
||||
const char *name = js::GetObjectClass(obj)->name;
|
||||
return name[0] == 'n' && !strcmp(name, "nsXPCComponents");
|
||||
}
|
||||
|
||||
JSObject *
|
||||
WrapperFactory::WrapComponentsObject(JSContext *cx, HandleObject obj)
|
||||
{
|
||||
JSObject *wrapperObj =
|
||||
Wrapper::New(cx, obj, JS_GetGlobalForObject(cx, obj),
|
||||
&FilteringWrapper<SameCompartmentSecurityWrapper, ComponentsObjectPolicy>::singleton);
|
||||
|
||||
return wrapperObj;
|
||||
}
|
||||
|
||||
bool
|
||||
WrapperFactory::XrayWrapperNotShadowing(JSObject *wrapper, jsid id)
|
||||
{
|
||||
|
||||
@ -69,12 +69,6 @@ class WrapperFactory {
|
||||
// Wrap a (same compartment) object in a SOW.
|
||||
static JSObject *WrapSOWObject(JSContext *cx, JSObject *obj);
|
||||
|
||||
// Return true if this is a Components object.
|
||||
static bool IsComponentsObject(JSObject *obj);
|
||||
|
||||
// Wrap a (same compartment) Components object.
|
||||
static JSObject *WrapComponentsObject(JSContext *cx, JS::HandleObject obj);
|
||||
|
||||
// Returns true if the wrapper is in not shadowing mode for the id.
|
||||
static bool XrayWrapperNotShadowing(JSObject *wrapper, jsid id);
|
||||
};
|
||||
|
||||
Loading…
Reference in New Issue
Block a user